| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Oct 2022 08:48:31 +0000
From: Hrutvik Kanabar <hrkanabar@...il.com>
To: Hrutvik Kanabar <hrutvik@...gle.com>
Cc: Marco Elver <elver@...gle.com>,
Aleksandr Nogikh <nogikh@...gle.com>,
kasan-dev@...glegroups.com,
Alexander Viro <viro@...iv.linux.org.uk>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
Theodore Ts'o <tytso@....edu>,
Andreas Dilger <adilger.kernel@...ger.ca>,
linux-ext4@...r.kernel.org, Chris Mason <clm@...com>,
Josef Bacik <josef@...icpanda.com>,
David Sterba <dsterba@...e.com>, linux-btrfs@...r.kernel.org,
Jaegeuk Kim <jaegeuk@...nel.org>, Chao Yu <chao@...nel.org>,
linux-f2fs-devel@...ts.sourceforge.net,
"Darrick J . Wong" <djwong@...nel.org>, linux-xfs@...r.kernel.org,
Namjae Jeon <linkinjeon@...nel.org>,
Sungjong Seo <sj1557.seo@...sung.com>,
Anton Altaparmakov <anton@...era.com>,
linux-ntfs-dev@...ts.sourceforge.net
Subject: [PATCH RFC 1/7] fs: create `DISABLE_FS_CSUM_VERIFICATION` config option
From: Hrutvik Kanabar <hrutvik@...gle.com>
When implemented and enabled, this should circumvent all redundant
checksum verification in filesystem code. However, setting of checksums
is not affected.
The aim is to aid fuzzing efforts which randomly mutate disk images and
so invalidate checksums. Checksum verification often rejects these
mutated disk images, hindering fuzzer coverage of deep code paths. By
disabling checksum verification, all mutated images are considered valid
and so exploration of interesting code paths can continue.
This option requires the `DEBUG_KERNEL` option, and is not intended to
be used on production systems.
Signed-off-by: Hrutvik Kanabar <hrutvik@...gle.com>
---
fs/Kconfig.debug | 20 ++++++++++++++++++++
lib/Kconfig.debug | 6 ++++++
2 files changed, 26 insertions(+)
create mode 100644 fs/Kconfig.debug
diff --git a/fs/Kconfig.debug b/fs/Kconfig.debug
new file mode 100644
index 000000000000..bc1018e3d580
--- /dev/null
+++ b/fs/Kconfig.debug
@@ -0,0 +1,20 @@
+# SPDX-License-Identifier: GPL-2.0-only
+
+config DISABLE_FS_CSUM_VERIFICATION
+ bool "Disable redundant checksum verification for filesystems"
+ depends on DEBUG_KERNEL
+ help
+ Disable filesystem checksum verification for checksums which can be
+ trivially recomputed from the on-disk data (i.e. no encryption).
+ Note that this does not affect setting of checksums.
+
+ This option is useful for filesystem testing. For example, fuzzing
+ with randomly mutated disk images can uncover bugs exploitable by
+ specially-crafted disks. Redundant checksums are orthogonal to these
+ exploits, as they can be recomputed for crafted disks. However, for
+ testing it is more reliable to disable checksums within the kernel
+ than to maintain image generators which faithfully reimplement
+ per-filesystem checksum recomputation.
+
+ Say N if you are unsure. Disable this for production systems!
+
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 73178b0e43a4..4689ae527993 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -979,6 +979,12 @@ source "lib/Kconfig.kmsan"
endmenu # "Memory Debugging"
+menu "Filesystem Debugging"
+
+source "fs/Kconfig.debug"
+
+endmenu # "Filesystem Debugging"
+
config DEBUG_SHIRQ
bool "Debug shared IRQ handlers"
depends on DEBUG_KERNEL
--
2.38.0.413.g74048e4d9e-goog
Powered by blists - more mailing lists