From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.9 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B1151C433DB for ; Tue, 19 Jan 2021 10:05:48 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 51B9422241 for ; Tue, 19 Jan 2021 10:05:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 51B9422241 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=PJOtWW4z3YRAGiZHDmCNicCkOKkrAjz99SARtvJzit8=; b=IwYVhXqZ00OF8RV7WyczA8tSO mu2tj6cK8A+Cs+Nzkz3cgKlxl3EeVcXW67kY7AXMkBic0pjU3sNpXdLZ1g3I7uCXTex1Ddk+GGDFz 41HRIOZDU9r5suXWNvo9S66K4aTyWjivAaArLqrVdP6naCR/2S7CDiwvuguK2f92DkEozt2PfzOuH O8Mrae7sGh+dMwf0bUG/R/yK0nHsKgdQhv5m6tLi5g5RxBq26/FZyCHtp9p+0El7WdWKXhKaLn+MP 89V0i6RtbxanR7Dr1ea4DkNvDaKETnu0TIWLA0Xw3KKjw4biER7bqO0g+AFOgWEUDh6Xk3/zKVSHu +UGio97nw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1l1ns0-0002WU-Rh; Tue, 19 Jan 2021 10:04:16 +0000 Received: from foss.arm.com ([217.140.110.172]) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1l1nrv-0002W4-PU for linux-arm-kernel@lists.infradead.org; Tue, 19 Jan 2021 10:04:15 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0E0301FB; Tue, 19 Jan 2021 02:04:04 -0800 (PST) Received: from C02TD0UTHF1T.local (unknown [10.57.41.250]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D814E3F66E; Tue, 19 Jan 2021 02:04:01 -0800 (PST) Date: Tue, 19 Jan 2021 10:03:55 +0000 From: Mark Rutland To: Dmitry Vyukov Subject: Re: Arm + KASAN + syzbot Message-ID: <20210119100355.GA21435@C02TD0UTHF1T.local> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210119_050411_867507_004AB1F9 X-CRM114-Status: GOOD ( 18.55 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Arnd Bergmann , Linus Walleij , Russell King - ARM Linux , kasan-dev , syzkaller , Krzysztof Kozlowski , liu.hailong6@zte.com.cn, Linux ARM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi Dmitry, On Mon, Jan 18, 2021 at 05:31:36PM +0100, 'Dmitry Vyukov' via syzkaller wrote: > 2. I see KASAN has just become supported for Arm, which is very > useful, but I can't boot a kernel with KASAN enabled. I am using > v5.11-rc4 and this config without KASAN boots fine: > https://gist.githubusercontent.com/dvyukov/12de2905f9479ba2ebdcc603c2fec79b/raw/c8fd3f5e8328259fe760ce9a57f3e6c6f5a95c8f/gistfile1.txt > using the following qemu command line: > qemu-system-arm \ > -machine vexpress-a15 -cpu max -smp 2 -m 2G \ It might be best to use `-machine virt` here instead; that way QEMU won't need to emulate any of the real vexpress HW, and the kernel won't need to waste any time poking it. IIUC with that, you also wouldn't need to provide a DTB explicitly as QEMU will generate one... > -device virtio-blk-device,drive=hd0 \ > -drive if=none,format=raw,id=hd0,file=image-arm -snapshot \ > -kernel arch/arm/boot/zImage \ > -dtb arch/arm/boot/dts/vexpress-v2p-ca15-tc1.dtb \ ... so this line could go, too. > -nographic \ > -netdev user,host=10.0.2.10,hostfwd=tcp::10022-:22,id=net0 -device > virtio-net-device,netdev=net0 \ > -append "root=/dev/vda earlycon earlyprintk=serial console=ttyAMA0 > oops=panic panic_on_warn=1 panic=86400 vmalloc=512M" [...] > 3. CONFIG_KCOV does not seem to fully work. > It seems to work except for when the kernel crashes, and that's the > most interesting scenario for us. When the kernel crashes for other > reasons, crash handlers re-crashe in KCOV making all crashes > unactionable and indistinguishable. > Here are some samples (search for __sanitizer_cov_trace): > https://gist.githubusercontent.com/dvyukov/c8a7ff1c00a5223c5143fd90073f5bc4/raw/c0f4ac7fd7faad7253843584fed8620ac6006338/gistfile1.txt Most of those are all small offsets from 0, which suggests an offset is being added to a NULL pointer somewhere, which I suspect means task_struct::kcov_area is NULL. We could hack-in a check for that, and see if that's the case (though I can't see how from a quick scan of the kcov code). Thanks, Mark. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel