lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 3 Dec 2020 10:20:26 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Alexey Kardashevskiy <aik@...abs.ru>
Cc:     syzkaller <syzkaller@...glegroups.com>,
        Michael Ellerman <mpe@...erman.id.au>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: WARN_ON_ONCE

On Thu, Dec 3, 2020 at 10:19 AM Dmitry Vyukov <dvyukov@...gle.com> wrote:
>
> On Thu, Dec 3, 2020 at 10:10 AM Alexey Kardashevskiy <aik@...abs.ru> wrote:
> >
> > Hi!
> >
> > Syzkaller triggered WARN_ON_ONCE at
> >
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/kernel/tracepoint.c?h=v5.10-rc6#n266
> >
> >
> > ===
> > static int tracepoint_add_func(struct tracepoint *tp,
> >                                struct tracepoint_func *func, int prio)
> > {
> >         struct tracepoint_func *old, *tp_funcs;
> >         int ret;
> >
> >         if (tp->regfunc && !static_key_enabled(&tp->key)) {
> >                 ret = tp->regfunc();
> >                 if (ret < 0)
> >                         return ret;
> >         }
> >
> >         tp_funcs = rcu_dereference_protected(tp->funcs,
> >                         lockdep_is_held(&tracepoints_mutex));
> >         old = func_add(&tp_funcs, func, prio);
> >         if (IS_ERR(old)) {
> >                 WARN_ON_ONCE(PTR_ERR(old) != -ENOMEM);
> >                 return PTR_ERR(old);
> >         }
> >
> > ===
> >
> > What is the common approach here? Syzkaller reacts on this as if it was
> > a bug but WARN_ON_ONCE here seems intentional. Do we still push for
> > removing such warnings?
>
> +LKML

+LKML for real

> Hi Alexey,
>
> Yes, see the guidelines here:
> https://elixir.bootlin.com/linux/v5.10-rc6/source/include/asm-generic/bug.h#L67
>
> Without a criteria for kernel but/not a kernel bug no kernel testing
> is possible.
>
> But this may be a real bug as well. The code seems to assume that
> ENOMEM is the only possible error here, which is not the case in
> reality.
>
>
> > Another example is:
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/linux/tracepoint.h?h=v5.10-rc6#n313
> >
> > My VMs crash on dereferencing it_func_ptr which is easily fixable by:
> >
> > @@ -307,9 +307,11 @@ static inline struct tracepoint
> > *tracepoint_ptr_deref(tracepoint_ptr_t *p)
> >                                                                          \
> >                  it_func_ptr =                                           \
> >
> > rcu_dereference_raw((&__tracepoint_##_name)->funcs); \
> > +               if (it_func_ptr)                                        \
> >                  do {                                                    \
> >                          it_func = (it_func_ptr)->func;                  \
> >                          __data = (it_func_ptr)->data;                   \
> >
> >
> > But - this only happens when OOM killer starts killing syzkaller
> > processes (I do not give it much memory so it is quite artificial
> > environment). Do we push these?
> >
> > Are there guidelines of some sort? Thanks,
> >
> >
> > --
> > Alexey
> >
> > --
> > You received this message because you are subscribed to the Google Groups "syzkaller" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+unsubscribe@...glegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/87f443cf-26c0-6302-edee-556045bca18a%40ozlabs.ru.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ