From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.9 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B64BAC433DB for ; Tue, 19 Jan 2021 10:36:21 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2C27820867 for ; Tue, 19 Jan 2021 10:36:21 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2C27820867 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=z5QkWxKWGmzmw1mxySbstyDR0b+TY3PvyGteJOlnSUI=; b=FkHV33tX0jkLZrPueNLY4EdLx uTseYfNKgSRcLlWzhY10ZQo/G9m2rK0SIJYVASPdiQ41EAFnx5CZG8/7TtPNJqVMQyaqB2WfWqgYx SjgSkD8ggErXEH43M6wilMwE8bYKlbW9aAV6nsVkgAt+PuaCw9YxKcPHbt2exboIip6kY/3L6CQZF esw3VwZKQRdXH/3r3EKA0Ve+F4Lo6UHI/bYyksajlzvQxvxsnRSPQHKuKRvIEKuGaMTyUKbMMAbOP 4Vbj/zjCFl4OMPZPmF/MNWLHC3uK0eAQsi6D1nY7NFwWSVxz0msXFL76NplcerMK4Z/4qVGWDaETG BumisiKZw==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1l1oLd-0006Yk-9X; Tue, 19 Jan 2021 10:34:53 +0000 Received: from mail-qv1-xf31.google.com ([2607:f8b0:4864:20::f31]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1l1oLX-0006Wz-Go for linux-arm-kernel@lists.infradead.org; Tue, 19 Jan 2021 10:34:51 +0000 Received: by mail-qv1-xf31.google.com with SMTP id az16so8874143qvb.5 for ; Tue, 19 Jan 2021 02:34:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=h3iQBw02U3HK4o1t6TxZRf77V1pC/EfgMTHkB2XUWaY=; b=BXidqSOo3DarDzuETpH/tI5SKIapVJSodR/aK/0P3Mb5ZNY7WD6aRIs6m4HsrDZH72 +EKeBCXr/Igt2H4kP8lvafUZRKzfU9Fvh7XhLr4cWaKv85UI00J0KVo9y848cWNJdn9B UOMtb7zVDhlGFGwPTaTSRPGizzDIQ3APV2J4KYqlfNoUuiTlPkbu/n0WmNVNoMZCZWgd AEkbILF/V1Bli1Ke8+8jXK4IthkL8jiZbHtNNggTCqzyCgMR29s7jmOCXNo3QqOEDlKD +bT4Q5XIu1E2RKKU6ghSm9fBuuYR1FAnyi50sj42EdoR4oB3FaW7hob7P8XEmabNxARY hZtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=h3iQBw02U3HK4o1t6TxZRf77V1pC/EfgMTHkB2XUWaY=; b=L8E+Cb/aZ2Tei7SdwH24WiV1MWSdxr70rISwlTe135qHwzoPIZBbF60CuBBZKuW/ib dvikrlogRdERp8j1auH4rc6buyXkCLXWgMXqPVTU6hV7kX01rLUwbP90r1ygWoM6D+/p Yix1d3AjxeCSpi5djSb+35O7FZ97wXKoyS7az1mEMUa3l7cB0Qm1eBshQNdRHD6nwuA6 0qI+GeAacNDoh+616xNpfSCg7GcEz1Pi9U96kujw+PZAhjVoAuzr1291um88gd27tFKG qbGqTq1zCLyfjTvo81vEG0VoGasRjM37L90csFn1yj1EYppxeBIyEg+WGWATsiB3xw5p TFGg== X-Gm-Message-State: AOAM532+AWyEMRN7sT2P6B3LkVS5Jm0v3UtKC74wJ55vnhPKh+fMcxOC aTRzYvZ7jTwSDbkQCo30GZy2a7/CJf+duojf3Ew3VQ== X-Google-Smtp-Source: ABdhPJzJTmtzgKLSvjj7Ma6lKpgyR2u8d3ItoE696Fl4lEY1rGdDt9OY4B/ek8WTiBMf+s8Hvkcx+ps2vEubkVv2HZw= X-Received: by 2002:a0c:99c8:: with SMTP id y8mr3423970qve.35.1611052485553; Tue, 19 Jan 2021 02:34:45 -0800 (PST) MIME-Version: 1.0 References: <20210119100355.GA21435@C02TD0UTHF1T.local> In-Reply-To: <20210119100355.GA21435@C02TD0UTHF1T.local> From: Dmitry Vyukov Date: Tue, 19 Jan 2021 11:34:33 +0100 Message-ID: Subject: Re: Arm + KASAN + syzbot To: Mark Rutland X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210119_053447_633337_FE11BB60 X-CRM114-Status: GOOD ( 27.44 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Arnd Bergmann , Linus Walleij , Russell King - ARM Linux , kasan-dev , syzkaller , Krzysztof Kozlowski , Hailong Liu , Linux ARM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Jan 19, 2021 at 11:04 AM Mark Rutland wrote: > > Hi Dmitry, > > On Mon, Jan 18, 2021 at 05:31:36PM +0100, 'Dmitry Vyukov' via syzkaller wrote: > > 2. I see KASAN has just become supported for Arm, which is very > > useful, but I can't boot a kernel with KASAN enabled. I am using > > v5.11-rc4 and this config without KASAN boots fine: > > https://gist.githubusercontent.com/dvyukov/12de2905f9479ba2ebdcc603c2fec79b/raw/c8fd3f5e8328259fe760ce9a57f3e6c6f5a95c8f/gistfile1.txt > > using the following qemu command line: > > qemu-system-arm \ > > -machine vexpress-a15 -cpu max -smp 2 -m 2G \ > > It might be best to use `-machine virt` here instead; that way QEMU > won't need to emulate any of the real vexpress HW, and the kernel won't > need to waste any time poking it. Hi Mark, The whole point of setting up an Arm instance is getting as much coverage we can't get on x86_64 instances as possible. The instance will use qemu emulation (extremely slow) and limited capacity. I see some drivers and associated hardware support as one of the main such areas. That's why I tried to use vexpress-a15. And it boots without KASAN, so presumably it can be used in general. > IIUC with that, you also wouldn't need to provide a DTB explicitly as > QEMU will generate one... > > > -device virtio-blk-device,drive=hd0 \ > > -drive if=none,format=raw,id=hd0,file=image-arm -snapshot \ > > -kernel arch/arm/boot/zImage \ > > -dtb arch/arm/boot/dts/vexpress-v2p-ca15-tc1.dtb \ > > ... so this line could go, too. > > > -nographic \ > > -netdev user,host=10.0.2.10,hostfwd=tcp::10022-:22,id=net0 -device > > virtio-net-device,netdev=net0 \ > > -append "root=/dev/vda earlycon earlyprintk=serial console=ttyAMA0 > > oops=panic panic_on_warn=1 panic=86400 vmalloc=512M" > > [...] > > > 3. CONFIG_KCOV does not seem to fully work. > > It seems to work except for when the kernel crashes, and that's the > > most interesting scenario for us. When the kernel crashes for other > > reasons, crash handlers re-crashe in KCOV making all crashes > > unactionable and indistinguishable. > > Here are some samples (search for __sanitizer_cov_trace): > > https://gist.githubusercontent.com/dvyukov/c8a7ff1c00a5223c5143fd90073f5bc4/raw/c0f4ac7fd7faad7253843584fed8620ac6006338/gistfile1.txt > > Most of those are all small offsets from 0, which suggests an offset is > being added to a NULL pointer somewhere, which I suspect means > task_struct::kcov_area is NULL. We could hack-in a check for that, and > see if that's the case (though I can't see how from a quick scan of the > kcov code). My first guess would be is that current itself if NULL. Accesses to current->kcov* are well tested on other arches, including using KCOV in interrupts, etc. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel