From: Dmitry Vyukov <dvyukov@google.com>
To: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Andrey Konovalov <andreyknvl@google.com>
Cc: Andi Kleen <ak@linux.intel.com>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Petr Mladek <pmladek@suse.com>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Arnd Bergmann <arnd@arndb.de>, Jiri Slaby <jslaby@suse.com>,
Steven Rostedt <rostedt@goodmis.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] kconfig: Add kernel config option for fuzz testing.
Date: Thu, 19 Dec 2019 18:21:31 +0100 [thread overview]
Message-ID: <CACT4Y+aRqZ7r-XedUS6P51Dpf+GRAuZABH6FuKDU19UepE6KCw@mail.gmail.com> (raw)
In-Reply-To: <cca315b2-d2c0-0bcb-35d9-f830b028fb4d@i-love.sakura.ne.jp>
On Wed, Dec 18, 2019 at 11:30 AM Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
>
> On 2019/12/17 17:36, Dmitry Vyukov wrote:
> > FWIW we've just disabled sysrq entirely:
> > https://github.com/google/syzkaller/blob/master/dashboard/config/bits-syzbot.config#L182
> > because random packets over usb can trigger a panic sysrq (again
> > almost impossible to reliably filter these out on fuzzer side).
>
> Excuse me, but CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0 helps only if show_state() etc. are
> called via the __handle_sysrq() handler in drivers/tty/sysrq.c .
>
> static void sysrq_handle_showstate(int key)
> {
> show_state();
> show_workqueue_state();
> }
> static struct sysrq_key_op sysrq_showstate_op = {
> .handler = sysrq_handle_showstate,
> .help_msg = "show-task-states(t)",
> .action_msg = "Show State",
> .enable_mask = SYSRQ_ENABLE_DUMP,
> };
>
> The k_spec() handler in drivers/tty/vt/keyboard.c calls show_state() etc. without
> evaluating sysrq_enabled value.
>
> #define FN_HANDLERS\
> fn_null, fn_enter, fn_show_ptregs, fn_show_mem,\
> fn_show_state, fn_send_intr, fn_lastcons, fn_caps_toggle,\
> fn_num, fn_hold, fn_scroll_forw, fn_scroll_back,\
> fn_boot_it, fn_caps_on, fn_compose, fn_SAK,\
> fn_dec_console, fn_inc_console, fn_spawn_con, fn_bare_num
>
> typedef void (fn_handler_fn)(struct vc_data *vc);
> static fn_handler_fn FN_HANDLERS;
> static fn_handler_fn *fn_handler[] = { FN_HANDLERS };
>
> static void fn_show_state(struct vc_data *vc)
> {
> show_state();
> }
>
> static void k_spec(struct vc_data *vc, unsigned char value, char up_flag)
> {
> if (up_flag)
> return;
> if (value >= ARRAY_SIZE(fn_handler))
> return;
> if ((kbd->kbdmode == VC_RAW ||
> kbd->kbdmode == VC_MEDIUMRAW ||
> kbd->kbdmode == VC_OFF) &&
> value != KVAL(K_SAK))
> return; /* SAK is allowed even in raw mode */
> fn_handler[value](vc);
> }
>
> Therefore, we need to guard at either callee side (e.g. show_state_filter())
> or caller side (e.g. k_spec()) using kernel config (or something equivalent)
> in order to avoid forever calling show_state() from timer function.
+Andrey, please take a look if CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE
covers everything we need, or we need to disable sysrq entirely.
next prev parent reply other threads:[~2019-12-19 17:21 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-16 9:59 [PATCH] kconfig: Add kernel config option for fuzz testing Tetsuo Handa
2019-12-16 11:46 ` Greg Kroah-Hartman
2019-12-16 15:35 ` Tetsuo Handa
2019-12-16 16:31 ` Greg Kroah-Hartman
2019-12-16 20:18 ` Theodore Y. Ts'o
2019-12-16 21:06 ` Tetsuo Handa
2019-12-17 8:36 ` Dmitry Vyukov
2019-12-17 8:53 ` Dmitry Vyukov
2020-01-02 19:57 ` Matthew Garrett
2020-02-18 10:54 ` Tetsuo Handa
2020-02-27 22:10 ` Tetsuo Handa
2020-02-27 22:15 ` Matthew Garrett
2019-12-17 15:52 ` Theodore Y. Ts'o
2019-12-19 17:43 ` Dmitry Vyukov
2019-12-19 21:18 ` Theodore Y. Ts'o
2019-12-18 10:29 ` Tetsuo Handa
2019-12-19 17:21 ` Dmitry Vyukov [this message]
2019-12-16 18:34 ` Andi Kleen
2019-12-16 18:47 ` Greg Kroah-Hartman
2019-12-17 5:12 ` Sergey Senozhatsky
2019-12-17 7:54 ` Dmitry Vyukov
2019-12-17 8:24 ` Sergey Senozhatsky
2019-12-17 8:38 ` Dmitry Vyukov
2019-12-17 5:42 ` Masahiro Yamada
2019-12-17 8:41 ` Dmitry Vyukov
2019-12-17 12:54 ` Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACT4Y+aRqZ7r-XedUS6P51Dpf+GRAuZABH6FuKDU19UepE6KCw@mail.gmail.com \
--to=dvyukov@google.com \
--cc=ak@linux.intel.com \
--cc=andreyknvl@google.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=jslaby@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sergey.senozhatsky@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.