| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250411085355.118180b4@gandalf.local.home>
Date: Fri, 11 Apr 2025 08:53:55 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: LKML <linux-kernel@...r.kernel.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Greg Kroah-Hartman
<gregkh@...uxfoundation.org>, Akinobu Mita <akinobu.mita@...il.com>, Andrew
Morton <akpm@...ux-foundation.org>, Peter Zijlstra <peterz@...radead.org>,
Petr Mladek <pmladek@...e.com>, Dmitry Vyukov <dvyukov@...gle.com>, Thomas
Gleixner <tglx@...utronix.de>
Subject: [PATCH] panic: lib: Add TAINT for FAULT_INJECTION
From: Steven Rostedt <rostedt@...dmis.org>
There's been several times where syzbot reports a bug that was caused by a
fault injection, but it doesn't report this fact in its email reports.
The bug report could happen in code that wasn't involved with the fault
injection due to the code that faulted not cleaning up things properly,
leading to an unstable kernel, which in turn can trigger issues elsewhere
that doesn't have a bug (much like a proprietary module could do).
It would be very useful if the syzbot report notified the developer that
the test had injected faults into the kernel.
Introduce a new taint flag 'V' that gets set when a fault injection takes
place. (Note, there's not many taint flags left, so 'V' looked as good as
any other value).
This will let the syzbot see that the kernel had a fault injection during
the test and can report that it happened when sending out its emails.
It may also be useful for other bug reports.
Link: https://lore.kernel.org/all/67f67726.050a0220.25d1c8.0004.GAE@google.com/
Link: https://github.com/google/syzkaller/issues/5621
Signed-off-by: Steven Rostedt (Google) <rostedt@...dmis.org>
---
Changes since RFC: https://lore.kernel.org/20250410144359.526476bc@gandalf.local.home
- Add if () around pr_notice_once() to only set taint once using the logic
of the print once. (Andrew Morton)
include/linux/panic.h | 3 ++-
kernel/panic.c | 1 +
lib/fault-inject.c | 3 +++
3 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/include/linux/panic.h b/include/linux/panic.h
index 2494d51707ef..2d9048af6f89 100644
--- a/include/linux/panic.h
+++ b/include/linux/panic.h
@@ -75,7 +75,8 @@ static inline void set_arch_panic_timeout(int timeout, int arch_default_timeout)
#define TAINT_RANDSTRUCT 17
#define TAINT_TEST 18
#define TAINT_FWCTL 19
-#define TAINT_FLAGS_COUNT 20
+#define TAINT_FAULT_INJECTION 20
+#define TAINT_FLAGS_COUNT 21
#define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1)
struct taint_flag {
diff --git a/kernel/panic.c b/kernel/panic.c
index a3889f38153d..fec561f07ca7 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
@@ -512,6 +512,7 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = {
TAINT_FLAG(RANDSTRUCT, 'T', ' ', true),
TAINT_FLAG(TEST, 'N', ' ', true),
TAINT_FLAG(FWCTL, 'J', ' ', true),
+ TAINT_FLAG(FAULT_INJECTION, 'V', ' ', false),
};
#undef TAINT_FLAG
diff --git a/lib/fault-inject.c b/lib/fault-inject.c
index 999053fa133e..cc551ee9c125 100644
--- a/lib/fault-inject.c
+++ b/lib/fault-inject.c
@@ -176,6 +176,9 @@ bool should_fail_ex(struct fault_attr *attr, ssize_t size, int flags)
if (atomic_read(&attr->times) != -1)
atomic_dec_not_zero(&attr->times);
+ if (pr_notice_once("Tainting kernel with TAINT_FAULT_INJECTION\n"))
+ add_taint(TAINT_FAULT_INJECTION, LOCKDEP_STILL_OK);
+
return true;
}
--
2.47.2
Powered by blists - more mailing lists