lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230704170144.GB1851@sol.localdomain>
Date:   Tue, 4 Jul 2023 10:01:44 -0700
From:   Eric Biggers <ebiggers@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        syzbot <syzbot+6cf44e127903fdf9d929@...kaller.appspotmail.com>,
        linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [mm?] WARNING in __gup_longterm_locked

On Tue, Jul 04, 2023 at 09:39:48AM -0700, Linus Torvalds wrote:
> On Tue, 4 Jul 2023 at 09:24, Andrew Morton <akpm@...ux-foundation.org> wrote:
> >
> > Thanks.  This is the temporary warning which was added by Linus's
> > a425ac5365f6cb3cc4 ("gup: add warning if some caller would seem to want
> > stack expansion").
> 
> Yes, and the randomizer system calls aren't very interesting for that warning.
> 
> I don't have any good idea for how to distinguish "this is a
> randomizer that is just doing crazy things by its very nature and is
> passing in nonsensical system call arguments" from "this is a real
> application that is doing crazy things that we will sadly have to try
> to be backwards compatible with".
> 
> And at the same time, I _really_ don't want that warning to then
> perhaps hide some *other* more real warning from the test automation.
> 
> End result: I'd love for that warning to trigger on real applications
> (including ones run by any cloud test infrastructure, although I doubt
> that infrastructure necessarily runs very interesting loads), but not
> on things like syzbot and trinity that just randomize system calls.
> 
> Does anybody have any ideas how to tell them apart? Maybe syzbot
> already sets some flag for this purpose that I just haven't thought
> of?
> 

syzkaller just makes system calls.

Unless you want to do the crazy thing of checking if current->comm begins with
"syz", I don't think there is a way to distinguish.

In the past there's been some discussion of adding a kconfig option like
CONFIG_FUZZ_TESTING that would be expected to be enabled in order to run a
kernel fuzzer, and changing behavior in certain cases based on that.  Changing
behavior in production vs. test is problematic, though...

- Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ