* NULL pointer dereference when writing fuzzed data to /dev/uhid
@ 2019-01-04 12:32 Anatoly Trosinenko
2019-01-04 13:25 ` Benjamin Tissoires
0 siblings, 1 reply; 10+ messages in thread
From: Anatoly Trosinenko @ 2019-01-04 12:32 UTC (permalink / raw)
To: Jiri Kosina, Benjamin Tissoires; +Cc: linux-kernel, linux-input
[-- Attachment #1: Type: text/plain, Size: 11626 bytes --]
Hello,
When writing the attached file to /dev/uhid, a NULL dereference occurs
in kernel. As I understand, the problem is not UHID-specific, but is
related to HID subsystem.
How to reproduce:
1) Checkout the fresh master branch of the Linux kernel (tested on
commit 96d4f267e)
2) Compile it with the attached config (kvm-xfstests capable)
3) Take one of reproducers and execute
cat /vtmp/repro > /dev/uhid
What happens:
For chicony.bin:
root@kvm-xfstests:~# cat /vtmp/chicony.bin > /dev/uhid
[ 19.072703] BUG: unable to handle kernel NULL pointer dereference
at 0000000000000002
[ 19.073371] #PF error: [normal kernel read fault]
[ 19.073755] PGD 8000000078b2c067 P4D 8000000078b2c067 PUD 0
[ 19.074223] Oops: 0000 [#1] SMP PTI
[ 19.074809] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted
4.20.0-xfstests-10979-g96d4f267e40 #1
[ 19.075965] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.11.1-1ubuntu1 04/01/2014
[ 19.077599] Workqueue: events uhid_device_add_worker
[ 19.078019] RIP: 0010:ch_switch12_report_fixup+0x13/0x70
[ 19.078462] Code: 49 8b 00 3e 80 60 20 df b8 01 00 00 00 c3 66 0f
1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 8f 48 19 00 00 48 89 f0 48
8b 49 d8 <80> 79 02 01 74 01 c3 81 7f 3c 21 14 00 00 75 f6 83 3a 7f 76
f1 80
[ 19.080103] RSP: 0018:ffffa1d880367c48 EFLAGS: 00010286
[ 19.080541] RAX: ffff9b653d27b180 RBX: ffff9b653a6fb948 RCX: 0000000000000000
[ 19.081133] RDX: ffffa1d880367c5c RSI: ffff9b653d27b180 RDI: ffff9b653a6fa000
[ 19.081780] RBP: ffff9b653d27b180 R08: 000000064992eed0 R09: 0000000000000000
[ 19.082409] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9b653a6fa000
[ 19.083017] R13: ffffffff83f14510 R14: ffffffff83f14440 R15: 0000000000000000
[ 19.083619] FS: 0000000000000000(0000) GS:ffff9b653fc00000(0000)
knlGS:0000000000000000
[ 19.084362] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 19.085164] CR2: 0000000000000002 CR3: 00000000788b8004 CR4: 0000000000360ef0
[ 19.085789] Call Trace:
[ 19.086011] hid_open_report+0x81/0x2c0
[ 19.086341] hid_device_probe+0x135/0x160
[ 19.086754] ? __driver_attach+0x110/0x110
[ 19.087109] really_probe+0xe0/0x390
[ 19.087411] ? __driver_attach+0x110/0x110
[ 19.087782] bus_for_each_drv+0x78/0xc0
[ 19.088134] __device_attach+0xcc/0x130
[ 19.088477] bus_probe_device+0x9f/0xb0
[ 19.088832] device_add+0x422/0x680
[ 19.089144] ? __debugfs_create_file+0xb5/0xf0
[ 19.089536] hid_add_device+0xec/0x280
[ 19.089880] uhid_device_add_worker+0x15/0x60
[ 19.090270] process_one_work+0x238/0x5d0
[ 19.090627] worker_thread+0x3d/0x390
[ 19.090959] ? process_one_work+0x5d0/0x5d0
[ 19.091331] kthread+0x121/0x140
[ 19.096732] ? __kthread_create_on_node+0x1a0/0x1a0
[ 19.097164] ret_from_fork+0x3a/0x50
[ 19.097483] CR2: 0000000000000002
[ 19.097779] ---[ end trace 1b547acaae113039 ]---
[ 19.098186] RIP: 0010:ch_switch12_report_fixup+0x13/0x70
[ 19.098621] Code: 49 8b 00 3e 80 60 20 df b8 01 00 00 00 c3 66 0f
1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 8f 48 19 00 00 48 89 f0 48
8b 49 d8 <80> 79 02 01 74 01 c3 81 7f 3c 21 14 00 00 75 f6 83 3a 7f 76
f1 80
[ 19.100251] RSP: 0018:ffffa1d880367c48 EFLAGS: 00010286
[ 19.100707] RAX: ffff9b653d27b180 RBX: ffff9b653a6fb948 RCX: 0000000000000000
[ 19.101321] RDX: ffffa1d880367c5c RSI: ffff9b653d27b180 RDI: ffff9b653a6fa000
[ 19.102448] RBP: ffff9b653d27b180 R08: 000000064992eed0 R09: 0000000000000000
[ 19.103029] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9b653a6fa000
[ 19.103601] R13: ffffffff83f14510 R14: ffffffff83f14440 R15: 0000000000000000
[ 19.104173] FS: 0000000000000000(0000) GS:ffff9b653fc00000(0000)
knlGS:0000000000000000
[ 19.104823] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 19.105289] CR2: 0000000000000002 CR3: 00000000788b8004 CR4: 0000000000360ef0
[ 19.105864] BUG: sleeping function called from invalid context at
include/linux/percpu-rwsem.h:34
[ 19.106578] in_atomic(): 0, irqs_disabled(): 1, pid: 5, name: kworker/0:0
[ 19.107671] INFO: lockdep is turned off.
[ 19.108384] irq event stamp: 3576
[ 19.108976] hardirqs last enabled at (3575): [<ffffffff82e01ed5>]
__kmalloc_track_caller+0x185/0x310
[ 19.112970] hardirqs last disabled at (3576): [<ffffffff82c015f4>]
trace_hardirqs_off_thunk+0x1a/0x1c
[ 19.114557] softirqs last enabled at (3504): [<ffffffff834002b1>]
peernet2id+0x51/0x80
[ 19.115897] softirqs last disabled at (3502): [<ffffffff83400292>]
peernet2id+0x32/0x80
[ 19.117319] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G D
4.20.0-xfstests-10979-g96d4f267e40 #1
[ 19.118739] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.11.1-1ubuntu1 04/01/2014
[ 19.120049] Workqueue: events uhid_device_add_worker
[ 19.120767] Call Trace:
[ 19.121127] dump_stack+0x67/0x90
[ 19.121622] ___might_sleep.cold.13+0x9f/0xaf
[ 19.122278] exit_signals+0x1c/0x200
[ 19.122792] do_exit+0xac/0xaf0
[ 19.123619] ? process_one_work+0x5d0/0x5d0
[ 19.124520] ? kthread+0x121/0x140
[ 19.125050] rewind_stack_do_exit+0x17/0x20
For sony.bin:
root@kvm-xfstests:~# cat /vtmp/sony.bin > /dev/uhid
[ 16.891931] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.892432] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.892894] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.893362] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.893844] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.895389] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.898165] sony 0003:054C:1000.0001: ignoring exceeding usage max
[ 16.901190] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.903797] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.906401] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.908957] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.911449] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.913936] sony 0003:054C:1000.0001: unknown main item tag 0x1
[ 16.916551] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.918454] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.919743] sony 0003:054C:1000.0001: unknown main item tag 0x4
[ 16.920834] sony 0003:054C:1000.0001: unknown main item tag 0xe
[ 16.921904] sony 0003:054C:1000.0001: unknown main item tag 0xe
[ 16.923006] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.924082] sony 0003:054C:1000.0001: unknown main item tag 0x2
[ 16.925195] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.926289] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.927400] sony 0003:054C:1000.0001: unknown main item tag 0x0
[ 16.928546] BUG: unable to handle kernel NULL pointer dereference
at 0000000000000028
[ 16.929951] #PF error: [normal kernel read fault]
[ 16.930884] PGD 800000007a52b067 P4D 800000007a52b067 PUD 0
[ 16.931836] Oops: 0000 [#1] SMP PTI
[ 16.932437] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted
4.20.0-xfstests-10979-g96d4f267e40 #1
[ 16.933752] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.11.1-1ubuntu1 04/01/2014
[ 16.935372] Workqueue: events uhid_device_add_worker
[ 16.936321] RIP: 0010:hid_validate_values+0x48/0x110
[ 16.937690] Code: 4c 69 ce 03 01 00 00 4a 8d 44 08 0c 48 8b 44 c7
08 48 85 c0 0f 84 a9 00 00 00 39 88 30 08 00 00 76 53 41 89 c9 4e 8b
4c c8 30 <45> 39 41 28 72 69 48 83 c4 08 c3 89 f6 48 69 c6 18 08 00 00
48 8b
[ 16.941067] RSP: 0018:ffffb2c880367ab0 EFLAGS: 00010286
[ 16.941935] RAX: ffff8d54b881c870 RBX: ffff8d54b881dd08 RCX: 0000000000000000
[ 16.943203] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8d54b881c000
[ 16.945406] RBP: ffff8d54bacb3580 R08: 0000000000000007 R09: 0000000000000000
[ 16.946590] R10: 0000000000000000 R11: ffff8d54b80293e6 R12: ffff8d54b881c000
[ 16.947668] R13: dead000000000100 R14: ffff8d54b881c000 R15: ffff8d54ba4fb818
[ 16.948765] FS: 0000000000000000(0000) GS:ffff8d54bfc00000(0000)
knlGS:0000000000000000
[ 16.949838] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 16.950663] CR2: 0000000000000028 CR3: 000000007a4e8002 CR4: 0000000000360ef0
[ 16.951513] Call Trace:
[ 16.951870] sony_input_configured+0xd6d/0x1060
[ 16.952608] ? kobject_set_name_vargs+0x6f/0x90
[ 16.953257] ? dev_set_name+0x57/0x70
[ 16.953783] ? init_timer_key+0xed/0x120
[ 16.954353] hidinput_connect+0x2fb/0x89b
[ 16.954974] hid_connect+0x2f3/0x370
[ 16.955489] hid_hw_start+0x38/0x60
[ 16.956052] sony_probe+0xba/0x160
[ 16.956541] hid_device_probe+0xf7/0x160
[ 16.957103] ? __driver_attach+0x110/0x110
[ 16.957689] really_probe+0xe0/0x390
[ 16.958206] ? __driver_attach+0x110/0x110
[ 16.958797] bus_for_each_drv+0x78/0xc0
[ 16.959290] __device_attach+0xcc/0x130
[ 16.959832] bus_probe_device+0x9f/0xb0
[ 16.960407] device_add+0x422/0x680
[ 16.960772] ? __debugfs_create_file+0xb5/0xf0
[ 16.962459] hid_add_device+0xec/0x280
[ 16.963517] uhid_device_add_worker+0x15/0x60
[ 16.964304] process_one_work+0x238/0x5d0
[ 16.965062] worker_thread+0x3d/0x390
[ 16.965737] ? process_one_work+0x5d0/0x5d0
[ 16.966499] kthread+0x121/0x140
[ 16.967089] ? __kthread_create_on_node+0x1a0/0x1a0
[ 16.967988] ret_from_fork+0x3a/0x50
[ 16.968742] CR2: 0000000000000028
[ 16.969394] ---[ end trace bc79f619177a8c3e ]---
[ 16.970267] RIP: 0010:hid_validate_values+0x48/0x110
[ 16.971167] Code: 4c 69 ce 03 01 00 00 4a 8d 44 08 0c 48 8b 44 c7
08 48 85 c0 0f 84 a9 00 00 00 39 88 30 08 00 00 76 53 41 89 c9 4e 8b
4c c8 30 <45> 39 41 28 72 69 48 83 c4 08 c3 89 f6 48 69 c6 18 08 00 00
48 8b
[ 16.974023] RSP: 0018:ffffb2c880367ab0 EFLAGS: 00010286
[ 16.974805] RAX: ffff8d54b881c870 RBX: ffff8d54b881dd08 RCX: 0000000000000000
[ 16.975925] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8d54b881c000
[ 16.977035] RBP: ffff8d54bacb3580 R08: 0000000000000007 R09: 0000000000000000
[ 16.978269] R10: 0000000000000000 R11: ffff8d54b80293e6 R12: ffff8d54b881c000
[ 16.979446] R13: dead000000000100 R14: ffff8d54b881c000 R15: ffff8d54ba4fb818
[ 16.980503] FS: 0000000000000000(0000) GS:ffff8d54bfc00000(0000)
knlGS:0000000000000000
[ 16.981675] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 16.982566] CR2: 0000000000000028 CR3: 000000007a4e8002 CR4: 0000000000360ef0
[ 16.983712] BUG: sleeping function called from invalid context at
include/linux/percpu-rwsem.h:34
[ 16.985362] in_atomic(): 0, irqs_disabled(): 1, pid: 5, name: kworker/0:0
[ 16.985947] INFO: lockdep is turned off.
[ 16.986296] irq event stamp: 4040
[ 16.986584] hardirqs last enabled at (4039): [<ffffffffab201ed5>]
__kmalloc_track_caller+0x185/0x310
[ 16.987354] hardirqs last disabled at (4040): [<ffffffffab0015f4>]
trace_hardirqs_off_thunk+0x1a/0x1c
[ 16.988522] softirqs last enabled at (3962): [<ffffffffabc0032f>]
__do_softirq+0x32f/0x440
[ 16.989788] softirqs last disabled at (3955): [<ffffffffab0b32f6>]
irq_exit+0xa6/0xe0
[ 16.992028] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G D
4.20.0-xfstests-10979-g96d4f267e40 #1
[ 16.993354] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.11.1-1ubuntu1 04/01/2014
[ 16.994960] Workqueue: events uhid_device_add_worker
[ 16.996048] Call Trace:
[ 16.996593] dump_stack+0x67/0x90
[ 16.997203] ___might_sleep.cold.13+0x9f/0xaf
[ 16.998004] exit_signals+0x1c/0x200
[ 16.998660] do_exit+0xac/0xaf0
[ 16.999232] ? process_one_work+0x5d0/0x5d0
[ 16.999987] ? kthread+0x121/0x140
[ 17.000709] rewind_stack_do_exit+0x17/0x20
Best regards
Anatoly
[-- Attachment #2: uhid_config --]
[-- Type: application/octet-stream, Size: 69630 bytes --]
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 4.20.0 Kernel Configuration
#
#
# Compiler: gcc (Ubuntu 8.2.0-7ubuntu1) 8.2.0
#
CONFIG_CC_IS_GCC=y
CONFIG_GCC_VERSION=80200
CONFIG_CLANG_VERSION=0
CONFIG_IRQ_WORK=y
CONFIG_BUILDTIME_EXTABLE_SORT=y
CONFIG_THREAD_INFO_IN_TASK=y
#
# General setup
#
CONFIG_INIT_ENV_ARG_LIMIT=32
# CONFIG_COMPILE_TEST is not set
CONFIG_LOCALVERSION="-xfstests"
CONFIG_LOCALVERSION_AUTO=y
CONFIG_BUILD_SALT=""
CONFIG_HAVE_KERNEL_GZIP=y
CONFIG_HAVE_KERNEL_BZIP2=y
CONFIG_HAVE_KERNEL_LZMA=y
CONFIG_HAVE_KERNEL_XZ=y
CONFIG_HAVE_KERNEL_LZO=y
CONFIG_HAVE_KERNEL_LZ4=y
CONFIG_KERNEL_GZIP=y
# CONFIG_KERNEL_BZIP2 is not set
# CONFIG_KERNEL_LZMA is not set
# CONFIG_KERNEL_XZ is not set
# CONFIG_KERNEL_LZO is not set
# CONFIG_KERNEL_LZ4 is not set
CONFIG_DEFAULT_HOSTNAME="(none)"
CONFIG_SWAP=y
CONFIG_SYSVIPC=y
CONFIG_SYSVIPC_SYSCTL=y
CONFIG_POSIX_MQUEUE=y
CONFIG_POSIX_MQUEUE_SYSCTL=y
CONFIG_CROSS_MEMORY_ATTACH=y
CONFIG_USELIB=y
# CONFIG_AUDIT is not set
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
#
# IRQ subsystem
#
CONFIG_GENERIC_IRQ_PROBE=y
CONFIG_GENERIC_IRQ_SHOW=y
CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y
CONFIG_GENERIC_PENDING_IRQ=y
CONFIG_GENERIC_IRQ_MIGRATION=y
CONFIG_IRQ_DOMAIN=y
CONFIG_IRQ_DOMAIN_HIERARCHY=y
CONFIG_GENERIC_MSI_IRQ=y
CONFIG_GENERIC_MSI_IRQ_DOMAIN=y
CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y
CONFIG_GENERIC_IRQ_RESERVATION_MODE=y
CONFIG_IRQ_FORCED_THREADING=y
CONFIG_SPARSE_IRQ=y
# CONFIG_GENERIC_IRQ_DEBUGFS is not set
CONFIG_CLOCKSOURCE_WATCHDOG=y
CONFIG_ARCH_CLOCKSOURCE_DATA=y
CONFIG_ARCH_CLOCKSOURCE_INIT=y
CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y
CONFIG_GENERIC_TIME_VSYSCALL=y
CONFIG_GENERIC_CLOCKEVENTS=y
CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y
CONFIG_GENERIC_CMOS_UPDATE=y
#
# Timers subsystem
#
CONFIG_TICK_ONESHOT=y
CONFIG_NO_HZ_COMMON=y
# CONFIG_HZ_PERIODIC is not set
CONFIG_NO_HZ_IDLE=y
# CONFIG_NO_HZ_FULL is not set
CONFIG_NO_HZ=y
CONFIG_HIGH_RES_TIMERS=y
CONFIG_PREEMPT_NONE=y
# CONFIG_PREEMPT_VOLUNTARY is not set
# CONFIG_PREEMPT is not set
CONFIG_PREEMPT_COUNT=y
#
# CPU/Task time and stats accounting
#
CONFIG_TICK_CPU_ACCOUNTING=y
# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
# CONFIG_IRQ_TIME_ACCOUNTING is not set
CONFIG_HAVE_SCHED_AVG_IRQ=y
# CONFIG_BSD_PROCESS_ACCT is not set
# CONFIG_TASKSTATS is not set
# CONFIG_PSI is not set
CONFIG_CPU_ISOLATION=y
#
# RCU Subsystem
#
CONFIG_TREE_RCU=y
# CONFIG_RCU_EXPERT is not set
CONFIG_SRCU=y
CONFIG_TREE_SRCU=y
CONFIG_RCU_STALL_COMMON=y
CONFIG_RCU_NEED_SEGCBLIST=y
CONFIG_BUILD_BIN2C=y
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
CONFIG_LOG_BUF_SHIFT=17
CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13
CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y
CONFIG_ARCH_SUPPORTS_INT128=y
# CONFIG_NUMA_BALANCING is not set
CONFIG_CGROUPS=y
# CONFIG_MEMCG is not set
# CONFIG_BLK_CGROUP is not set
# CONFIG_CGROUP_SCHED is not set
# CONFIG_CGROUP_PIDS is not set
# CONFIG_CGROUP_RDMA is not set
# CONFIG_CGROUP_FREEZER is not set
# CONFIG_CPUSETS is not set
# CONFIG_CGROUP_DEVICE is not set
# CONFIG_CGROUP_CPUACCT is not set
# CONFIG_CGROUP_PERF is not set
# CONFIG_CGROUP_DEBUG is not set
CONFIG_NAMESPACES=y
CONFIG_UTS_NS=y
CONFIG_IPC_NS=y
CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
# CONFIG_CHECKPOINT_RESTORE is not set
# CONFIG_SCHED_AUTOGROUP is not set
# CONFIG_SYSFS_DEPRECATED is not set
CONFIG_RELAY=y
CONFIG_BLK_DEV_INITRD=y
CONFIG_INITRAMFS_SOURCE=""
CONFIG_RD_GZIP=y
CONFIG_RD_BZIP2=y
CONFIG_RD_LZMA=y
CONFIG_RD_XZ=y
CONFIG_RD_LZO=y
CONFIG_RD_LZ4=y
CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y
# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set
CONFIG_SYSCTL=y
CONFIG_ANON_INODES=y
CONFIG_HAVE_UID16=y
CONFIG_SYSCTL_EXCEPTION_TRACE=y
CONFIG_HAVE_PCSPKR_PLATFORM=y
CONFIG_BPF=y
# CONFIG_EXPERT is not set
CONFIG_UID16=y
CONFIG_MULTIUSER=y
CONFIG_SGETMASK_SYSCALL=y
CONFIG_SYSFS_SYSCALL=y
CONFIG_FHANDLE=y
CONFIG_POSIX_TIMERS=y
CONFIG_PRINTK=y
CONFIG_PRINTK_NMI=y
CONFIG_BUG=y
CONFIG_ELF_CORE=y
CONFIG_PCSPKR_PLATFORM=y
CONFIG_BASE_FULL=y
CONFIG_FUTEX=y
CONFIG_FUTEX_PI=y
CONFIG_EPOLL=y
CONFIG_SIGNALFD=y
CONFIG_TIMERFD=y
CONFIG_EVENTFD=y
CONFIG_SHMEM=y
CONFIG_AIO=y
CONFIG_ADVISE_SYSCALLS=y
CONFIG_MEMBARRIER=y
CONFIG_KALLSYMS=y
CONFIG_KALLSYMS_ALL=y
CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y
CONFIG_KALLSYMS_BASE_RELATIVE=y
# CONFIG_BPF_SYSCALL is not set
# CONFIG_USERFAULTFD is not set
CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
CONFIG_RSEQ=y
# CONFIG_EMBEDDED is not set
CONFIG_HAVE_PERF_EVENTS=y
#
# Kernel Performance Events And Counters
#
CONFIG_PERF_EVENTS=y
# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
CONFIG_VM_EVENT_COUNTERS=y
# CONFIG_COMPAT_BRK is not set
CONFIG_SLAB=y
# CONFIG_SLUB is not set
CONFIG_SLAB_MERGE_DEFAULT=y
# CONFIG_SLAB_FREELIST_RANDOM is not set
# CONFIG_PROFILING is not set
CONFIG_TRACEPOINTS=y
CONFIG_64BIT=y
CONFIG_X86_64=y
CONFIG_X86=y
CONFIG_INSTRUCTION_DECODER=y
CONFIG_OUTPUT_FORMAT="elf64-x86-64"
CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
CONFIG_LOCKDEP_SUPPORT=y
CONFIG_STACKTRACE_SUPPORT=y
CONFIG_MMU=y
CONFIG_ARCH_MMAP_RND_BITS_MIN=28
CONFIG_ARCH_MMAP_RND_BITS_MAX=32
CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8
CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16
CONFIG_GENERIC_ISA_DMA=y
CONFIG_GENERIC_BUG=y
CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
CONFIG_GENERIC_HWEIGHT=y
CONFIG_ARCH_MAY_HAVE_PC_FDC=y
CONFIG_RWSEM_XCHGADD_ALGORITHM=y
CONFIG_GENERIC_CALIBRATE_DELAY=y
CONFIG_ARCH_HAS_CPU_RELAX=y
CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
CONFIG_ARCH_HAS_FILTER_PGPROT=y
CONFIG_HAVE_SETUP_PER_CPU_AREA=y
CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
CONFIG_ARCH_HIBERNATION_POSSIBLE=y
CONFIG_ARCH_SUSPEND_POSSIBLE=y
CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y
CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
CONFIG_ZONE_DMA32=y
CONFIG_AUDIT_ARCH=y
CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
CONFIG_X86_64_SMP=y
CONFIG_ARCH_SUPPORTS_UPROBES=y
CONFIG_FIX_EARLYCON_MEM=y
CONFIG_PGTABLE_LEVELS=4
CONFIG_CC_HAS_SANE_STACKPROTECTOR=y
#
# Processor type and features
#
CONFIG_ZONE_DMA=y
CONFIG_SMP=y
CONFIG_X86_FEATURE_NAMES=y
CONFIG_X86_X2APIC=y
CONFIG_X86_MPPARSE=y
# CONFIG_GOLDFISH is not set
CONFIG_RETPOLINE=y
# CONFIG_RESCTRL is not set
# CONFIG_X86_EXTENDED_PLATFORM is not set
# CONFIG_X86_INTEL_LPSS is not set
# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
# CONFIG_IOSF_MBI is not set
CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y
CONFIG_SCHED_OMIT_FRAME_POINTER=y
CONFIG_HYPERVISOR_GUEST=y
CONFIG_PARAVIRT=y
# CONFIG_PARAVIRT_DEBUG is not set
CONFIG_PARAVIRT_SPINLOCKS=y
# CONFIG_QUEUED_LOCK_STAT is not set
# CONFIG_XEN is not set
CONFIG_KVM_GUEST=y
# CONFIG_PVH is not set
# CONFIG_KVM_DEBUG_FS is not set
CONFIG_PARAVIRT_TIME_ACCOUNTING=y
CONFIG_PARAVIRT_CLOCK=y
# CONFIG_JAILHOUSE_GUEST is not set
# CONFIG_MK8 is not set
# CONFIG_MPSC is not set
CONFIG_MCORE2=y
# CONFIG_MATOM is not set
# CONFIG_GENERIC_CPU is not set
CONFIG_X86_INTERNODE_CACHE_SHIFT=6
CONFIG_X86_L1_CACHE_SHIFT=6
CONFIG_X86_INTEL_USERCOPY=y
CONFIG_X86_USE_PPRO_CHECKSUM=y
CONFIG_X86_P6_NOP=y
CONFIG_X86_TSC=y
CONFIG_X86_CMPXCHG64=y
CONFIG_X86_CMOV=y
CONFIG_X86_MINIMUM_CPU_FAMILY=64
CONFIG_X86_DEBUGCTLMSR=y
CONFIG_CPU_SUP_INTEL=y
CONFIG_CPU_SUP_AMD=y
CONFIG_CPU_SUP_HYGON=y
CONFIG_CPU_SUP_CENTAUR=y
CONFIG_HPET_TIMER=y
CONFIG_DMI=y
# CONFIG_GART_IOMMU is not set
# CONFIG_CALGARY_IOMMU is not set
# CONFIG_MAXSMP is not set
CONFIG_NR_CPUS_RANGE_BEGIN=2
CONFIG_NR_CPUS_RANGE_END=512
CONFIG_NR_CPUS_DEFAULT=64
CONFIG_NR_CPUS=48
CONFIG_SCHED_SMT=y
CONFIG_SCHED_MC=y
CONFIG_SCHED_MC_PRIO=y
CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
CONFIG_X86_MCE=y
# CONFIG_X86_MCELOG_LEGACY is not set
CONFIG_X86_MCE_INTEL=y
# CONFIG_X86_MCE_AMD is not set
CONFIG_X86_MCE_THRESHOLD=y
# CONFIG_X86_MCE_INJECT is not set
CONFIG_X86_THERMAL_VECTOR=y
#
# Performance monitoring
#
CONFIG_PERF_EVENTS_INTEL_UNCORE=y
CONFIG_PERF_EVENTS_INTEL_RAPL=y
CONFIG_PERF_EVENTS_INTEL_CSTATE=y
# CONFIG_PERF_EVENTS_AMD_POWER is not set
CONFIG_X86_16BIT=y
CONFIG_X86_ESPFIX64=y
CONFIG_X86_VSYSCALL_EMULATION=y
# CONFIG_I8K is not set
# CONFIG_MICROCODE is not set
# CONFIG_X86_MSR is not set
# CONFIG_X86_CPUID is not set
# CONFIG_X86_5LEVEL is not set
# CONFIG_X86_CPA_STATISTICS is not set
CONFIG_ARCH_HAS_MEM_ENCRYPT=y
# CONFIG_AMD_MEM_ENCRYPT is not set
CONFIG_NUMA=y
# CONFIG_AMD_NUMA is not set
CONFIG_X86_64_ACPI_NUMA=y
CONFIG_NODES_SPAN_OTHER_NODES=y
# CONFIG_NUMA_EMU is not set
CONFIG_NODES_SHIFT=6
CONFIG_ARCH_SPARSEMEM_ENABLE=y
CONFIG_ARCH_SPARSEMEM_DEFAULT=y
CONFIG_ARCH_SELECT_MEMORY_MODEL=y
CONFIG_ARCH_PROC_KCORE_TEXT=y
CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
CONFIG_X86_PMEM_LEGACY_DEVICE=y
CONFIG_X86_PMEM_LEGACY=y
CONFIG_X86_CHECK_BIOS_CORRUPTION=y
CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK=y
CONFIG_X86_RESERVE_LOW=64
CONFIG_MTRR=y
CONFIG_MTRR_SANITIZER=y
CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
CONFIG_X86_PAT=y
CONFIG_ARCH_USES_PG_UNCACHED=y
CONFIG_ARCH_RANDOM=y
CONFIG_X86_SMAP=y
CONFIG_X86_INTEL_UMIP=y
# CONFIG_X86_INTEL_MPX is not set
CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
# CONFIG_EFI is not set
CONFIG_SECCOMP=y
# CONFIG_HZ_100 is not set
# CONFIG_HZ_250 is not set
CONFIG_HZ_300=y
# CONFIG_HZ_1000 is not set
CONFIG_HZ=300
CONFIG_SCHED_HRTICK=y
CONFIG_KEXEC=y
# CONFIG_KEXEC_FILE is not set
# CONFIG_CRASH_DUMP is not set
CONFIG_PHYSICAL_START=0x1000000
CONFIG_RELOCATABLE=y
CONFIG_RANDOMIZE_BASE=y
CONFIG_X86_NEED_RELOCS=y
CONFIG_PHYSICAL_ALIGN=0x200000
CONFIG_DYNAMIC_MEMORY_LAYOUT=y
CONFIG_RANDOMIZE_MEMORY=y
CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x0
# CONFIG_HOTPLUG_CPU is not set
# CONFIG_COMPAT_VDSO is not set
CONFIG_LEGACY_VSYSCALL_EMULATE=y
# CONFIG_LEGACY_VSYSCALL_NONE is not set
# CONFIG_CMDLINE_BOOL is not set
CONFIG_MODIFY_LDT_SYSCALL=y
CONFIG_HAVE_LIVEPATCH=y
CONFIG_ARCH_HAS_ADD_PAGES=y
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
CONFIG_USE_PERCPU_NUMA_NODE_ID=y
CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
#
# Power management and ACPI options
#
# CONFIG_SUSPEND is not set
# CONFIG_HIBERNATION is not set
# CONFIG_PM is not set
# CONFIG_ENERGY_MODEL is not set
CONFIG_ARCH_SUPPORTS_ACPI=y
CONFIG_ACPI=y
CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y
CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y
# CONFIG_ACPI_DEBUGGER is not set
CONFIG_ACPI_SPCR_TABLE=y
CONFIG_ACPI_LPIT=y
# CONFIG_ACPI_PROCFS_POWER is not set
# CONFIG_ACPI_REV_OVERRIDE_POSSIBLE is not set
# CONFIG_ACPI_EC_DEBUGFS is not set
CONFIG_ACPI_AC=y
CONFIG_ACPI_BATTERY=y
CONFIG_ACPI_BUTTON=y
CONFIG_ACPI_FAN=y
# CONFIG_ACPI_DOCK is not set
CONFIG_ACPI_CPU_FREQ_PSS=y
CONFIG_ACPI_PROCESSOR_CSTATE=y
CONFIG_ACPI_PROCESSOR_IDLE=y
CONFIG_ACPI_CPPC_LIB=y
CONFIG_ACPI_PROCESSOR=y
# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
CONFIG_ACPI_THERMAL=y
CONFIG_ACPI_NUMA=y
CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y
# CONFIG_ACPI_TABLE_UPGRADE is not set
# CONFIG_ACPI_DEBUG is not set
# CONFIG_ACPI_PCI_SLOT is not set
# CONFIG_ACPI_CONTAINER is not set
CONFIG_ACPI_HOTPLUG_IOAPIC=y
# CONFIG_ACPI_SBS is not set
# CONFIG_ACPI_HED is not set
# CONFIG_ACPI_CUSTOM_METHOD is not set
# CONFIG_ACPI_NFIT is not set
CONFIG_HAVE_ACPI_APEI=y
CONFIG_HAVE_ACPI_APEI_NMI=y
# CONFIG_ACPI_APEI is not set
# CONFIG_DPTF_POWER is not set
# CONFIG_PMIC_OPREGION is not set
# CONFIG_ACPI_CONFIGFS is not set
CONFIG_X86_PM_TIMER=y
# CONFIG_SFI is not set
#
# CPU Frequency scaling
#
CONFIG_CPU_FREQ=y
# CONFIG_CPU_FREQ_STAT is not set
CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL is not set
CONFIG_CPU_FREQ_GOV_PERFORMANCE=y
# CONFIG_CPU_FREQ_GOV_POWERSAVE is not set
# CONFIG_CPU_FREQ_GOV_USERSPACE is not set
# CONFIG_CPU_FREQ_GOV_ONDEMAND is not set
# CONFIG_CPU_FREQ_GOV_CONSERVATIVE is not set
# CONFIG_CPU_FREQ_GOV_SCHEDUTIL is not set
#
# CPU frequency scaling drivers
#
CONFIG_X86_INTEL_PSTATE=y
# CONFIG_X86_PCC_CPUFREQ is not set
# CONFIG_X86_ACPI_CPUFREQ is not set
# CONFIG_X86_SPEEDSTEP_CENTRINO is not set
# CONFIG_X86_P4_CLOCKMOD is not set
#
# shared options
#
#
# CPU Idle
#
CONFIG_CPU_IDLE=y
# CONFIG_CPU_IDLE_GOV_LADDER is not set
CONFIG_CPU_IDLE_GOV_MENU=y
# CONFIG_INTEL_IDLE is not set
#
# Bus options (PCI etc.)
#
CONFIG_PCI_DIRECT=y
CONFIG_PCI_MMCONFIG=y
CONFIG_MMCONF_FAM10H=y
CONFIG_ISA_DMA_API=y
CONFIG_AMD_NB=y
# CONFIG_X86_SYSFB is not set
#
# Binary Emulations
#
CONFIG_IA32_EMULATION=y
# CONFIG_IA32_AOUT is not set
# CONFIG_X86_X32 is not set
CONFIG_COMPAT_32=y
CONFIG_COMPAT=y
CONFIG_COMPAT_FOR_U64_ALIGNMENT=y
CONFIG_SYSVIPC_COMPAT=y
CONFIG_X86_DEV_DMA_OPS=y
CONFIG_HAVE_GENERIC_GUP=y
#
# Firmware Drivers
#
# CONFIG_EDD is not set
CONFIG_FIRMWARE_MEMMAP=y
# CONFIG_DMIID is not set
# CONFIG_DMI_SYSFS is not set
CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
# CONFIG_ISCSI_IBFT_FIND is not set
# CONFIG_FW_CFG_SYSFS is not set
# CONFIG_GOOGLE_FIRMWARE is not set
#
# Tegra firmware driver
#
CONFIG_HAVE_KVM=y
CONFIG_VIRTUALIZATION=y
# CONFIG_KVM is not set
# CONFIG_VHOST_NET is not set
# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set
#
# General architecture-dependent options
#
CONFIG_CRASH_CORE=y
CONFIG_KEXEC_CORE=y
CONFIG_HOTPLUG_SMT=y
CONFIG_HAVE_OPROFILE=y
CONFIG_OPROFILE_NMI_TIMER=y
CONFIG_JUMP_LABEL=y
# CONFIG_STATIC_KEYS_SELFTEST is not set
CONFIG_UPROBES=y
CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
CONFIG_ARCH_USE_BUILTIN_BSWAP=y
CONFIG_HAVE_IOREMAP_PROT=y
CONFIG_HAVE_KPROBES=y
CONFIG_HAVE_KRETPROBES=y
CONFIG_HAVE_OPTPROBES=y
CONFIG_HAVE_KPROBES_ON_FTRACE=y
CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y
CONFIG_HAVE_NMI=y
CONFIG_HAVE_ARCH_TRACEHOOK=y
CONFIG_HAVE_DMA_CONTIGUOUS=y
CONFIG_GENERIC_SMP_IDLE_THREAD=y
CONFIG_ARCH_HAS_FORTIFY_SOURCE=y
CONFIG_ARCH_HAS_SET_MEMORY=y
CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y
CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y
CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
CONFIG_HAVE_RSEQ=y
CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y
CONFIG_HAVE_CLK=y
CONFIG_HAVE_HW_BREAKPOINT=y
CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
CONFIG_HAVE_USER_RETURN_NOTIFIER=y
CONFIG_HAVE_PERF_EVENTS_NMI=y
CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y
CONFIG_HAVE_PERF_REGS=y
CONFIG_HAVE_PERF_USER_STACK_DUMP=y
CONFIG_HAVE_ARCH_JUMP_LABEL=y
CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y
CONFIG_HAVE_RCU_TABLE_FREE=y
CONFIG_HAVE_RCU_TABLE_INVALIDATE=y
CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y
CONFIG_HAVE_CMPXCHG_LOCAL=y
CONFIG_HAVE_CMPXCHG_DOUBLE=y
CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y
CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y
CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
CONFIG_SECCOMP_FILTER=y
CONFIG_HAVE_ARCH_STACKLEAK=y
CONFIG_HAVE_STACKPROTECTOR=y
CONFIG_CC_HAS_STACKPROTECTOR_NONE=y
CONFIG_STACKPROTECTOR=y
CONFIG_STACKPROTECTOR_STRONG=y
CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y
CONFIG_HAVE_CONTEXT_TRACKING=y
CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y
CONFIG_HAVE_ARCH_HUGE_VMAP=y
CONFIG_HAVE_ARCH_SOFT_DIRTY=y
CONFIG_HAVE_MOD_ARCH_SPECIFIC=y
CONFIG_MODULES_USE_ELF_RELA=y
CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y
CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
CONFIG_HAVE_ARCH_MMAP_RND_BITS=y
CONFIG_HAVE_EXIT_THREAD=y
CONFIG_ARCH_MMAP_RND_BITS=28
CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y
CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8
CONFIG_HAVE_ARCH_COMPAT_MMAP_BASES=y
CONFIG_HAVE_COPY_THREAD_TLS=y
CONFIG_HAVE_STACK_VALIDATION=y
CONFIG_HAVE_RELIABLE_STACKTRACE=y
CONFIG_OLD_SIGSUSPEND3=y
CONFIG_COMPAT_OLD_SIGACTION=y
CONFIG_COMPAT_32BIT_TIME=y
CONFIG_HAVE_ARCH_VMAP_STACK=y
CONFIG_VMAP_STACK=y
CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
CONFIG_STRICT_KERNEL_RWX=y
CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
CONFIG_ARCH_HAS_REFCOUNT=y
CONFIG_REFCOUNT_FULL=y
CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y
#
# GCOV-based kernel profiling
#
# CONFIG_GCOV_KERNEL is not set
CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
CONFIG_PLUGIN_HOSTCC=""
CONFIG_HAVE_GCC_PLUGINS=y
CONFIG_RT_MUTEXES=y
CONFIG_BASE_SMALL=0
# CONFIG_MODULES is not set
CONFIG_MODULES_TREE_LOOKUP=y
CONFIG_BLOCK=y
CONFIG_BLK_SCSI_REQUEST=y
CONFIG_BLK_DEV_BSG=y
# CONFIG_BLK_DEV_BSGLIB is not set
# CONFIG_BLK_DEV_INTEGRITY is not set
# CONFIG_BLK_DEV_ZONED is not set
# CONFIG_BLK_CMDLINE_PARSER is not set
# CONFIG_BLK_WBT is not set
CONFIG_BLK_DEBUG_FS=y
# CONFIG_BLK_SED_OPAL is not set
#
# Partition Types
#
# CONFIG_PARTITION_ADVANCED is not set
CONFIG_MSDOS_PARTITION=y
CONFIG_EFI_PARTITION=y
CONFIG_BLOCK_COMPAT=y
CONFIG_BLK_MQ_PCI=y
CONFIG_BLK_MQ_VIRTIO=y
#
# IO Schedulers
#
CONFIG_MQ_IOSCHED_DEADLINE=y
CONFIG_MQ_IOSCHED_KYBER=y
# CONFIG_IOSCHED_BFQ is not set
CONFIG_UNINLINE_SPIN_UNLOCK=y
CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y
CONFIG_MUTEX_SPIN_ON_OWNER=y
CONFIG_RWSEM_SPIN_ON_OWNER=y
CONFIG_LOCK_SPIN_ON_OWNER=y
CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y
CONFIG_QUEUED_SPINLOCKS=y
CONFIG_ARCH_USE_QUEUED_RWLOCKS=y
CONFIG_QUEUED_RWLOCKS=y
CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y
CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y
#
# Executable file formats
#
CONFIG_BINFMT_ELF=y
CONFIG_COMPAT_BINFMT_ELF=y
CONFIG_ELFCORE=y
CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y
CONFIG_BINFMT_SCRIPT=y
# CONFIG_BINFMT_MISC is not set
CONFIG_COREDUMP=y
#
# Memory Management options
#
CONFIG_SELECT_MEMORY_MODEL=y
CONFIG_SPARSEMEM_MANUAL=y
CONFIG_SPARSEMEM=y
CONFIG_NEED_MULTIPLE_NODES=y
CONFIG_HAVE_MEMORY_PRESENT=y
CONFIG_SPARSEMEM_EXTREME=y
CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
CONFIG_SPARSEMEM_VMEMMAP=y
CONFIG_HAVE_MEMBLOCK_NODE_MAP=y
CONFIG_ARCH_DISCARD_MEMBLOCK=y
# CONFIG_MEMORY_HOTPLUG is not set
CONFIG_SPLIT_PTLOCK_CPUS=4
CONFIG_MEMORY_BALLOON=y
CONFIG_BALLOON_COMPACTION=y
CONFIG_COMPACTION=y
CONFIG_MIGRATION=y
CONFIG_PHYS_ADDR_T_64BIT=y
CONFIG_BOUNCE=y
CONFIG_VIRT_TO_BUS=y
# CONFIG_KSM is not set
CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
# CONFIG_MEMORY_FAILURE is not set
# CONFIG_TRANSPARENT_HUGEPAGE is not set
CONFIG_ARCH_WANTS_THP_SWAP=y
# CONFIG_CLEANCACHE is not set
# CONFIG_FRONTSWAP is not set
# CONFIG_CMA is not set
# CONFIG_ZPOOL is not set
# CONFIG_ZBUD is not set
# CONFIG_ZSMALLOC is not set
CONFIG_GENERIC_EARLY_IOREMAP=y
# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set
# CONFIG_IDLE_PAGE_TRACKING is not set
CONFIG_ARCH_HAS_ZONE_DEVICE=y
CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y
CONFIG_ARCH_HAS_PKEYS=y
# CONFIG_PERCPU_STATS is not set
# CONFIG_GUP_BENCHMARK is not set
CONFIG_ARCH_HAS_PTE_SPECIAL=y
CONFIG_NET=y
#
# Networking options
#
CONFIG_PACKET=y
CONFIG_PACKET_DIAG=y
CONFIG_UNIX=y
CONFIG_UNIX_DIAG=y
# CONFIG_TLS is not set
# CONFIG_XFRM_USER is not set
# CONFIG_NET_KEY is not set
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE_DEMUX is not set
CONFIG_NET_IP_TUNNEL=y
CONFIG_SYN_COOKIES=y
# CONFIG_NET_FOU is not set
# CONFIG_NET_FOU_IP_TUNNELS is not set
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
CONFIG_INET_TUNNEL=y
# CONFIG_INET_XFRM_MODE_TRANSPORT is not set
# CONFIG_INET_XFRM_MODE_TUNNEL is not set
# CONFIG_INET_XFRM_MODE_BEET is not set
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
CONFIG_INET_UDP_DIAG=y
# CONFIG_INET_RAW_DIAG is not set
# CONFIG_INET_DIAG_DESTROY is not set
# CONFIG_TCP_CONG_ADVANCED is not set
CONFIG_TCP_CONG_CUBIC=y
CONFIG_DEFAULT_TCP_CONG="cubic"
# CONFIG_TCP_MD5SIG is not set
CONFIG_IPV6=y
# CONFIG_IPV6_ROUTER_PREF is not set
# CONFIG_IPV6_OPTIMISTIC_DAD is not set
# CONFIG_INET6_AH is not set
# CONFIG_INET6_ESP is not set
# CONFIG_INET6_IPCOMP is not set
# CONFIG_IPV6_MIP6 is not set
# CONFIG_INET6_XFRM_MODE_TRANSPORT is not set
# CONFIG_INET6_XFRM_MODE_TUNNEL is not set
# CONFIG_INET6_XFRM_MODE_BEET is not set
# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
CONFIG_IPV6_SIT=y
# CONFIG_IPV6_SIT_6RD is not set
CONFIG_IPV6_NDISC_NODETYPE=y
# CONFIG_IPV6_TUNNEL is not set
# CONFIG_IPV6_MULTIPLE_TABLES is not set
# CONFIG_IPV6_MROUTE is not set
# CONFIG_IPV6_SEG6_LWTUNNEL is not set
# CONFIG_IPV6_SEG6_HMAC is not set
# CONFIG_NETLABEL is not set
# CONFIG_NETWORK_SECMARK is not set
# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
# CONFIG_NETFILTER is not set
# CONFIG_BPFILTER is not set
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set
# CONFIG_RDS is not set
# CONFIG_TIPC is not set
# CONFIG_ATM is not set
# CONFIG_L2TP is not set
# CONFIG_BRIDGE is not set
CONFIG_HAVE_NET_DSA=y
# CONFIG_NET_DSA is not set
# CONFIG_VLAN_8021Q is not set
# CONFIG_DECNET is not set
# CONFIG_LLC2 is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_PHONET is not set
# CONFIG_6LOWPAN is not set
# CONFIG_IEEE802154 is not set
# CONFIG_NET_SCHED is not set
# CONFIG_DCB is not set
# CONFIG_DNS_RESOLVER is not set
# CONFIG_BATMAN_ADV is not set
# CONFIG_OPENVSWITCH is not set
# CONFIG_VSOCKETS is not set
CONFIG_NETLINK_DIAG=y
# CONFIG_MPLS is not set
# CONFIG_NET_NSH is not set
# CONFIG_HSR is not set
# CONFIG_NET_SWITCHDEV is not set
# CONFIG_NET_L3_MASTER_DEV is not set
# CONFIG_NET_NCSI is not set
CONFIG_RPS=y
CONFIG_RFS_ACCEL=y
CONFIG_XPS=y
# CONFIG_CGROUP_NET_PRIO is not set
# CONFIG_CGROUP_NET_CLASSID is not set
CONFIG_NET_RX_BUSY_POLL=y
CONFIG_BQL=y
CONFIG_NET_FLOW_LIMIT=y
#
# Network testing
#
# CONFIG_NET_PKTGEN is not set
# CONFIG_NET_DROP_MONITOR is not set
# CONFIG_HAMRADIO is not set
# CONFIG_CAN is not set
# CONFIG_BT is not set
# CONFIG_AF_RXRPC is not set
# CONFIG_AF_KCM is not set
# CONFIG_WIRELESS is not set
# CONFIG_WIMAX is not set
# CONFIG_RFKILL is not set
CONFIG_NET_9P=y
CONFIG_NET_9P_VIRTIO=y
# CONFIG_NET_9P_DEBUG is not set
# CONFIG_CAIF is not set
# CONFIG_CEPH_LIB is not set
# CONFIG_NFC is not set
# CONFIG_PSAMPLE is not set
# CONFIG_NET_IFE is not set
# CONFIG_LWTUNNEL is not set
CONFIG_DST_CACHE=y
CONFIG_GRO_CELLS=y
# CONFIG_NET_DEVLINK is not set
CONFIG_MAY_USE_DEVLINK=y
CONFIG_FAILOVER=y
CONFIG_HAVE_EBPF_JIT=y
#
# Device Drivers
#
CONFIG_HAVE_EISA=y
# CONFIG_EISA is not set
CONFIG_HAVE_PCI=y
CONFIG_PCI=y
CONFIG_PCI_DOMAINS=y
# CONFIG_PCIEPORTBUS is not set
CONFIG_PCI_MSI=y
CONFIG_PCI_MSI_IRQ_DOMAIN=y
CONFIG_PCI_QUIRKS=y
# CONFIG_PCI_DEBUG is not set
# CONFIG_PCI_STUB is not set
CONFIG_PCI_LOCKLESS_CONFIG=y
# CONFIG_PCI_IOV is not set
# CONFIG_PCI_PRI is not set
# CONFIG_PCI_PASID is not set
CONFIG_PCI_LABEL=y
# CONFIG_HOTPLUG_PCI is not set
#
# PCI controller drivers
#
#
# Cadence PCIe controllers support
#
# CONFIG_VMD is not set
#
# DesignWare PCI Core Support
#
# CONFIG_PCIE_DW_PLAT_HOST is not set
#
# PCI Endpoint
#
# CONFIG_PCI_ENDPOINT is not set
#
# PCI switch controller drivers
#
# CONFIG_PCI_SW_SWITCHTEC is not set
# CONFIG_PCCARD is not set
# CONFIG_RAPIDIO is not set
#
# Generic Driver Options
#
CONFIG_UEVENT_HELPER=y
CONFIG_UEVENT_HELPER_PATH=""
CONFIG_DEVTMPFS=y
# CONFIG_DEVTMPFS_MOUNT is not set
CONFIG_STANDALONE=y
CONFIG_PREVENT_FIRMWARE_BUILD=y
#
# Firmware loader
#
CONFIG_FW_LOADER=y
CONFIG_EXTRA_FIRMWARE=""
# CONFIG_FW_LOADER_USER_HELPER is not set
CONFIG_ALLOW_DEV_COREDUMP=y
# CONFIG_DEBUG_DRIVER is not set
# CONFIG_DEBUG_DEVRES is not set
# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
CONFIG_GENERIC_CPU_AUTOPROBE=y
CONFIG_GENERIC_CPU_VULNERABILITIES=y
#
# Bus devices
#
# CONFIG_CONNECTOR is not set
# CONFIG_GNSS is not set
CONFIG_MTD=y
# CONFIG_MTD_CMDLINE_PARTS is not set
# CONFIG_MTD_AR7_PARTS is not set
#
# Partition parsers
#
# CONFIG_MTD_REDBOOT_PARTS is not set
#
# User Modules And Translation Layers
#
# CONFIG_MTD_BLOCK is not set
# CONFIG_MTD_BLOCK_RO is not set
# CONFIG_FTL is not set
# CONFIG_NFTL is not set
# CONFIG_INFTL is not set
# CONFIG_RFD_FTL is not set
# CONFIG_SSFDC is not set
# CONFIG_SM_FTL is not set
# CONFIG_MTD_OOPS is not set
# CONFIG_MTD_SWAP is not set
# CONFIG_MTD_PARTITIONED_MASTER is not set
#
# RAM/ROM/Flash chip drivers
#
# CONFIG_MTD_CFI is not set
# CONFIG_MTD_JEDECPROBE is not set
CONFIG_MTD_MAP_BANK_WIDTH_1=y
CONFIG_MTD_MAP_BANK_WIDTH_2=y
CONFIG_MTD_MAP_BANK_WIDTH_4=y
CONFIG_MTD_CFI_I1=y
CONFIG_MTD_CFI_I2=y
# CONFIG_MTD_RAM is not set
# CONFIG_MTD_ROM is not set
# CONFIG_MTD_ABSENT is not set
#
# Mapping drivers for chip access
#
# CONFIG_MTD_COMPLEX_MAPPINGS is not set
# CONFIG_MTD_INTEL_VR_NOR is not set
# CONFIG_MTD_PLATRAM is not set
#
# Self-contained MTD device drivers
#
# CONFIG_MTD_PMC551 is not set
# CONFIG_MTD_SLRAM is not set
# CONFIG_MTD_PHRAM is not set
# CONFIG_MTD_MTDRAM is not set
CONFIG_MTD_BLOCK2MTD=y
#
# Disk-On-Chip Device Drivers
#
# CONFIG_MTD_DOCG3 is not set
# CONFIG_MTD_ONENAND is not set
# CONFIG_MTD_NAND is not set
#
# LPDDR & LPDDR2 PCM memory drivers
#
# CONFIG_MTD_LPDDR is not set
# CONFIG_MTD_SPI_NOR is not set
CONFIG_MTD_UBI=y
CONFIG_MTD_UBI_WL_THRESHOLD=4096
CONFIG_MTD_UBI_BEB_LIMIT=20
# CONFIG_MTD_UBI_FASTMAP is not set
# CONFIG_MTD_UBI_GLUEBI is not set
# CONFIG_MTD_UBI_BLOCK is not set
# CONFIG_OF is not set
CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
# CONFIG_PARPORT is not set
CONFIG_PNP=y
CONFIG_PNP_DEBUG_MESSAGES=y
#
# Protocols
#
CONFIG_PNPACPI=y
CONFIG_BLK_DEV=y
# CONFIG_BLK_DEV_NULL_BLK is not set
# CONFIG_BLK_DEV_FD is not set
# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set
# CONFIG_BLK_DEV_UMEM is not set
CONFIG_BLK_DEV_LOOP=y
CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
# CONFIG_BLK_DEV_CRYPTOLOOP is not set
# CONFIG_BLK_DEV_DRBD is not set
# CONFIG_BLK_DEV_NBD is not set
# CONFIG_BLK_DEV_SKD is not set
# CONFIG_BLK_DEV_SX8 is not set
# CONFIG_BLK_DEV_RAM is not set
# CONFIG_CDROM_PKTCDVD is not set
# CONFIG_ATA_OVER_ETH is not set
CONFIG_VIRTIO_BLK=y
# CONFIG_VIRTIO_BLK_SCSI is not set
# CONFIG_BLK_DEV_RBD is not set
# CONFIG_BLK_DEV_RSXX is not set
#
# NVME Support
#
# CONFIG_BLK_DEV_NVME is not set
# CONFIG_NVME_FC is not set
#
# Misc devices
#
# CONFIG_DUMMY_IRQ is not set
# CONFIG_IBM_ASM is not set
# CONFIG_PHANTOM is not set
# CONFIG_SGI_IOC4 is not set
# CONFIG_TIFM_CORE is not set
# CONFIG_ENCLOSURE_SERVICES is not set
# CONFIG_HP_ILO is not set
# CONFIG_SRAM is not set
# CONFIG_PCI_ENDPOINT_TEST is not set
# CONFIG_PVPANIC is not set
# CONFIG_C2PORT is not set
#
# EEPROM support
#
# CONFIG_EEPROM_93CX6 is not set
# CONFIG_CB710_CORE is not set
#
# Texas Instruments shared transport line discipline
#
#
# Altera FPGA firmware download module (requires I2C)
#
# CONFIG_INTEL_MEI is not set
# CONFIG_INTEL_MEI_ME is not set
# CONFIG_INTEL_MEI_TXE is not set
# CONFIG_VMWARE_VMCI is not set
#
# Intel MIC & related support
#
#
# Intel MIC Bus Driver
#
# CONFIG_INTEL_MIC_BUS is not set
#
# SCIF Bus Driver
#
# CONFIG_SCIF_BUS is not set
#
# VOP Bus Driver
#
# CONFIG_VOP_BUS is not set
#
# Intel MIC Host Driver
#
#
# Intel MIC Card Driver
#
#
# SCIF Driver
#
#
# Intel MIC Coprocessor State Management (COSM) Drivers
#
#
# VOP Driver
#
# CONFIG_GENWQE is not set
# CONFIG_ECHO is not set
# CONFIG_MISC_ALCOR_PCI is not set
# CONFIG_MISC_RTSX_PCI is not set
# CONFIG_MISC_RTSX_USB is not set
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set
#
# SCSI device support
#
CONFIG_SCSI_MOD=y
# CONFIG_RAID_ATTRS is not set
CONFIG_SCSI=y
CONFIG_SCSI_DMA=y
# CONFIG_SCSI_PROC_FS is not set
#
# SCSI support type (disk, tape, CD-ROM)
#
CONFIG_BLK_DEV_SD=y
# CONFIG_CHR_DEV_ST is not set
# CONFIG_CHR_DEV_OSST is not set
# CONFIG_BLK_DEV_SR is not set
# CONFIG_CHR_DEV_SG is not set
# CONFIG_CHR_DEV_SCH is not set
# CONFIG_SCSI_CONSTANTS is not set
# CONFIG_SCSI_LOGGING is not set
# CONFIG_SCSI_SCAN_ASYNC is not set
#
# SCSI Transports
#
# CONFIG_SCSI_SPI_ATTRS is not set
# CONFIG_SCSI_FC_ATTRS is not set
# CONFIG_SCSI_ISCSI_ATTRS is not set
# CONFIG_SCSI_SAS_ATTRS is not set
# CONFIG_SCSI_SAS_LIBSAS is not set
# CONFIG_SCSI_SRP_ATTRS is not set
CONFIG_SCSI_LOWLEVEL=y
# CONFIG_ISCSI_TCP is not set
# CONFIG_ISCSI_BOOT_SYSFS is not set
# CONFIG_SCSI_CXGB3_ISCSI is not set
# CONFIG_SCSI_BNX2_ISCSI is not set
# CONFIG_BE2ISCSI is not set
# CONFIG_BLK_DEV_3W_XXXX_RAID is not set
# CONFIG_SCSI_HPSA is not set
# CONFIG_SCSI_3W_9XXX is not set
# CONFIG_SCSI_3W_SAS is not set
# CONFIG_SCSI_ACARD is not set
# CONFIG_SCSI_AACRAID is not set
# CONFIG_SCSI_AIC7XXX is not set
# CONFIG_SCSI_AIC79XX is not set
# CONFIG_SCSI_AIC94XX is not set
# CONFIG_SCSI_MVSAS is not set
# CONFIG_SCSI_MVUMI is not set
# CONFIG_SCSI_DPT_I2O is not set
# CONFIG_SCSI_ADVANSYS is not set
# CONFIG_SCSI_ARCMSR is not set
# CONFIG_SCSI_ESAS2R is not set
# CONFIG_MEGARAID_NEWGEN is not set
# CONFIG_MEGARAID_LEGACY is not set
# CONFIG_MEGARAID_SAS is not set
# CONFIG_SCSI_MPT3SAS is not set
# CONFIG_SCSI_MPT2SAS is not set
# CONFIG_SCSI_SMARTPQI is not set
# CONFIG_SCSI_UFSHCD is not set
# CONFIG_SCSI_HPTIOP is not set
# CONFIG_SCSI_BUSLOGIC is not set
# CONFIG_SCSI_MYRB is not set
# CONFIG_SCSI_MYRS is not set
# CONFIG_VMWARE_PVSCSI is not set
# CONFIG_SCSI_SNIC is not set
# CONFIG_SCSI_DMX3191D is not set
# CONFIG_SCSI_GDTH is not set
# CONFIG_SCSI_ISCI is not set
# CONFIG_SCSI_IPS is not set
# CONFIG_SCSI_INITIO is not set
# CONFIG_SCSI_INIA100 is not set
# CONFIG_SCSI_STEX is not set
# CONFIG_SCSI_SYM53C8XX_2 is not set
# CONFIG_SCSI_QLOGIC_1280 is not set
# CONFIG_SCSI_QLA_ISCSI is not set
# CONFIG_SCSI_DC395x is not set
# CONFIG_SCSI_AM53C974 is not set
# CONFIG_SCSI_WD719X is not set
# CONFIG_SCSI_DEBUG is not set
# CONFIG_SCSI_PMCRAID is not set
# CONFIG_SCSI_PM8001 is not set
CONFIG_SCSI_VIRTIO=y
# CONFIG_SCSI_DH is not set
# CONFIG_SCSI_OSD_INITIATOR is not set
# CONFIG_ATA is not set
CONFIG_MD=y
# CONFIG_BLK_DEV_MD is not set
# CONFIG_BCACHE is not set
CONFIG_BLK_DEV_DM_BUILTIN=y
CONFIG_BLK_DEV_DM=y
# CONFIG_DM_DEBUG is not set
CONFIG_DM_BUFIO=y
# CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING is not set
CONFIG_DM_BIO_PRISON=y
CONFIG_DM_PERSISTENT_DATA=y
# CONFIG_DM_UNSTRIPED is not set
# CONFIG_DM_CRYPT is not set
CONFIG_DM_SNAPSHOT=y
CONFIG_DM_THIN_PROVISIONING=y
# CONFIG_DM_CACHE is not set
# CONFIG_DM_WRITECACHE is not set
# CONFIG_DM_ERA is not set
# CONFIG_DM_MIRROR is not set
# CONFIG_DM_RAID is not set
CONFIG_DM_ZERO=y
# CONFIG_DM_MULTIPATH is not set
# CONFIG_DM_DELAY is not set
# CONFIG_DM_UEVENT is not set
CONFIG_DM_FLAKEY=y
# CONFIG_DM_VERITY is not set
# CONFIG_DM_SWITCH is not set
# CONFIG_DM_LOG_WRITES is not set
# CONFIG_DM_INTEGRITY is not set
# CONFIG_TARGET_CORE is not set
# CONFIG_FUSION is not set
#
# IEEE 1394 (FireWire) support
#
# CONFIG_FIREWIRE is not set
# CONFIG_FIREWIRE_NOSY is not set
# CONFIG_MACINTOSH_DRIVERS is not set
CONFIG_NETDEVICES=y
CONFIG_NET_CORE=y
# CONFIG_BONDING is not set
# CONFIG_DUMMY is not set
# CONFIG_EQUALIZER is not set
# CONFIG_NET_FC is not set
# CONFIG_NET_TEAM is not set
# CONFIG_MACVLAN is not set
# CONFIG_VXLAN is not set
# CONFIG_MACSEC is not set
# CONFIG_NETCONSOLE is not set
# CONFIG_TUN is not set
# CONFIG_TUN_VNET_CROSS_LE is not set
# CONFIG_VETH is not set
CONFIG_VIRTIO_NET=y
# CONFIG_NLMON is not set
# CONFIG_ARCNET is not set
#
# CAIF transport drivers
#
#
# Distributed Switch Architecture drivers
#
# CONFIG_ETHERNET is not set
# CONFIG_FDDI is not set
# CONFIG_HIPPI is not set
# CONFIG_NET_SB1000 is not set
# CONFIG_MDIO_DEVICE is not set
# CONFIG_PHYLIB is not set
# CONFIG_PPP is not set
# CONFIG_SLIP is not set
CONFIG_USB_NET_DRIVERS=y
# CONFIG_USB_CATC is not set
# CONFIG_USB_KAWETH is not set
# CONFIG_USB_PEGASUS is not set
# CONFIG_USB_RTL8150 is not set
# CONFIG_USB_RTL8152 is not set
# CONFIG_USB_LAN78XX is not set
# CONFIG_USB_USBNET is not set
# CONFIG_USB_IPHETH is not set
# CONFIG_WLAN is not set
#
# Enable WiMAX (Networking options) to see the WiMAX drivers
#
# CONFIG_WAN is not set
# CONFIG_VMXNET3 is not set
# CONFIG_FUJITSU_ES is not set
# CONFIG_NETDEVSIM is not set
CONFIG_NET_FAILOVER=y
# CONFIG_ISDN is not set
# CONFIG_NVM is not set
#
# Input device support
#
CONFIG_INPUT=y
CONFIG_INPUT_LEDS=y
CONFIG_INPUT_FF_MEMLESS=y
# CONFIG_INPUT_POLLDEV is not set
# CONFIG_INPUT_SPARSEKMAP is not set
# CONFIG_INPUT_MATRIXKMAP is not set
#
# Userland interfaces
#
CONFIG_INPUT_MOUSEDEV=y
# CONFIG_INPUT_MOUSEDEV_PSAUX is not set
CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
CONFIG_INPUT_JOYDEV=y
CONFIG_INPUT_EVDEV=y
CONFIG_INPUT_EVBUG=y
#
# Input Device Drivers
#
CONFIG_INPUT_KEYBOARD=y
CONFIG_KEYBOARD_ATKBD=y
# CONFIG_KEYBOARD_LKKBD is not set
# CONFIG_KEYBOARD_NEWTON is not set
# CONFIG_KEYBOARD_OPENCORES is not set
# CONFIG_KEYBOARD_SAMSUNG is not set
# CONFIG_KEYBOARD_STOWAWAY is not set
# CONFIG_KEYBOARD_SUNKBD is not set
# CONFIG_KEYBOARD_XTKBD is not set
# CONFIG_INPUT_MOUSE is not set
# CONFIG_INPUT_JOYSTICK is not set
# CONFIG_INPUT_TABLET is not set
# CONFIG_INPUT_TOUCHSCREEN is not set
# CONFIG_INPUT_MISC is not set
CONFIG_RMI4_CORE=y
CONFIG_RMI4_F03=y
CONFIG_RMI4_F03_SERIO=y
CONFIG_RMI4_2D_SENSOR=y
CONFIG_RMI4_F11=y
CONFIG_RMI4_F12=y
CONFIG_RMI4_F30=y
# CONFIG_RMI4_F34 is not set
# CONFIG_RMI4_F55 is not set
#
# Hardware I/O ports
#
CONFIG_SERIO=y
CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y
CONFIG_SERIO_I8042=y
# CONFIG_SERIO_SERPORT is not set
# CONFIG_SERIO_CT82C710 is not set
# CONFIG_SERIO_PCIPS2 is not set
CONFIG_SERIO_LIBPS2=y
# CONFIG_SERIO_RAW is not set
# CONFIG_SERIO_ALTERA_PS2 is not set
# CONFIG_SERIO_PS2MULT is not set
# CONFIG_SERIO_ARC_PS2 is not set
# CONFIG_SERIO_OLPC_APSP is not set
# CONFIG_USERIO is not set
# CONFIG_GAMEPORT is not set
#
# Character devices
#
CONFIG_TTY=y
CONFIG_VT=y
CONFIG_CONSOLE_TRANSLATIONS=y
CONFIG_VT_CONSOLE=y
CONFIG_HW_CONSOLE=y
# CONFIG_VT_HW_CONSOLE_BINDING is not set
CONFIG_UNIX98_PTYS=y
# CONFIG_LEGACY_PTYS is not set
# CONFIG_SERIAL_NONSTANDARD is not set
# CONFIG_NOZOMI is not set
# CONFIG_N_GSM is not set
# CONFIG_TRACE_SINK is not set
CONFIG_DEVMEM=y
# CONFIG_DEVKMEM is not set
#
# Serial drivers
#
CONFIG_SERIAL_EARLYCON=y
CONFIG_SERIAL_8250=y
# CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set
CONFIG_SERIAL_8250_PNP=y
# CONFIG_SERIAL_8250_FINTEK is not set
CONFIG_SERIAL_8250_CONSOLE=y
CONFIG_SERIAL_8250_PCI=y
CONFIG_SERIAL_8250_EXAR=y
CONFIG_SERIAL_8250_NR_UARTS=32
CONFIG_SERIAL_8250_RUNTIME_UARTS=32
# CONFIG_SERIAL_8250_EXTENDED is not set
# CONFIG_SERIAL_8250_DW is not set
# CONFIG_SERIAL_8250_RT288X is not set
CONFIG_SERIAL_8250_LPSS=y
CONFIG_SERIAL_8250_MID=y
# CONFIG_SERIAL_8250_MOXA is not set
#
# Non-8250 serial port support
#
# CONFIG_SERIAL_UARTLITE is not set
CONFIG_SERIAL_CORE=y
CONFIG_SERIAL_CORE_CONSOLE=y
# CONFIG_SERIAL_JSM is not set
# CONFIG_SERIAL_SCCNXP is not set
# CONFIG_SERIAL_ALTERA_JTAGUART is not set
# CONFIG_SERIAL_ALTERA_UART is not set
# CONFIG_SERIAL_ARC is not set
# CONFIG_SERIAL_RP2 is not set
# CONFIG_SERIAL_FSL_LPUART is not set
# CONFIG_SERIAL_DEV_BUS is not set
# CONFIG_VIRTIO_CONSOLE is not set
# CONFIG_IPMI_HANDLER is not set
CONFIG_HW_RANDOM=y
# CONFIG_HW_RANDOM_TIMERIOMEM is not set
# CONFIG_HW_RANDOM_INTEL is not set
# CONFIG_HW_RANDOM_AMD is not set
# CONFIG_HW_RANDOM_VIA is not set
CONFIG_HW_RANDOM_VIRTIO=y
# CONFIG_NVRAM is not set
# CONFIG_R3964 is not set
# CONFIG_APPLICOM is not set
# CONFIG_MWAVE is not set
# CONFIG_RAW_DRIVER is not set
# CONFIG_HPET is not set
# CONFIG_HANGCHECK_TIMER is not set
CONFIG_TCG_TPM=y
CONFIG_HW_RANDOM_TPM=y
CONFIG_TCG_TIS_CORE=y
CONFIG_TCG_TIS=y
# CONFIG_TCG_NSC is not set
# CONFIG_TCG_ATMEL is not set
# CONFIG_TCG_INFINEON is not set
CONFIG_TCG_CRB=y
# CONFIG_TCG_VTPM_PROXY is not set
# CONFIG_TELCLOCK is not set
CONFIG_DEVPORT=y
# CONFIG_XILLYBUS is not set
# CONFIG_RANDOM_TRUST_CPU is not set
#
# I2C support
#
# CONFIG_I2C is not set
# CONFIG_I3C is not set
# CONFIG_SPI is not set
# CONFIG_SPMI is not set
# CONFIG_HSI is not set
# CONFIG_PPS is not set
#
# PTP clock support
#
# CONFIG_PTP_1588_CLOCK is not set
#
# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks.
#
# CONFIG_PINCTRL is not set
# CONFIG_GPIOLIB is not set
# CONFIG_W1 is not set
# CONFIG_POWER_AVS is not set
# CONFIG_POWER_RESET is not set
CONFIG_POWER_SUPPLY=y
# CONFIG_POWER_SUPPLY_DEBUG is not set
# CONFIG_PDA_POWER is not set
# CONFIG_TEST_POWER is not set
# CONFIG_BATTERY_DS2780 is not set
# CONFIG_BATTERY_DS2781 is not set
# CONFIG_BATTERY_BQ27XXX is not set
# CONFIG_CHARGER_MAX8903 is not set
# CONFIG_HWMON is not set
CONFIG_THERMAL=y
# CONFIG_THERMAL_STATISTICS is not set
CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0
# CONFIG_THERMAL_WRITABLE_TRIPS is not set
CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set
# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set
# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set
# CONFIG_THERMAL_GOV_FAIR_SHARE is not set
CONFIG_THERMAL_GOV_STEP_WISE=y
# CONFIG_THERMAL_GOV_BANG_BANG is not set
# CONFIG_THERMAL_GOV_USER_SPACE is not set
# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set
# CONFIG_THERMAL_EMULATION is not set
# CONFIG_INTEL_POWERCLAMP is not set
# CONFIG_X86_PKG_TEMP_THERMAL is not set
# CONFIG_INTEL_SOC_DTS_THERMAL is not set
#
# ACPI INT340X thermal drivers
#
# CONFIG_INT340X_THERMAL is not set
# CONFIG_INTEL_PCH_THERMAL is not set
# CONFIG_WATCHDOG is not set
CONFIG_SSB_POSSIBLE=y
# CONFIG_SSB is not set
CONFIG_BCMA_POSSIBLE=y
# CONFIG_BCMA is not set
#
# Multifunction device drivers
#
CONFIG_MFD_CORE=y
# CONFIG_MFD_AT91_USART is not set
# CONFIG_MFD_CROS_EC is not set
# CONFIG_MFD_MADERA is not set
# CONFIG_MFD_DLN2 is not set
# CONFIG_HTC_PASIC3 is not set
# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set
# CONFIG_LPC_ICH is not set
# CONFIG_LPC_SCH is not set
# CONFIG_MFD_INTEL_LPSS_ACPI is not set
# CONFIG_MFD_INTEL_LPSS_PCI is not set
# CONFIG_MFD_JANZ_CMODIO is not set
# CONFIG_MFD_KEMPLD is not set
# CONFIG_MFD_MT6397 is not set
# CONFIG_MFD_VIPERBOARD is not set
# CONFIG_MFD_RDC321X is not set
# CONFIG_MFD_SM501 is not set
# CONFIG_ABX500_CORE is not set
# CONFIG_MFD_SYSCON is not set
# CONFIG_MFD_TI_AM335X_TSCADC is not set
# CONFIG_MFD_VX855 is not set
# CONFIG_REGULATOR is not set
# CONFIG_RC_CORE is not set
# CONFIG_MEDIA_SUPPORT is not set
#
# Graphics support
#
# CONFIG_AGP is not set
CONFIG_VGA_ARB=y
CONFIG_VGA_ARB_MAX_GPUS=16
# CONFIG_VGA_SWITCHEROO is not set
# CONFIG_DRM is not set
# CONFIG_DRM_DP_CEC is not set
#
# ACP (Audio CoProcessor) Configuration
#
#
# AMD Library routines
#
#
# Frame buffer Devices
#
# CONFIG_FB is not set
# CONFIG_BACKLIGHT_LCD_SUPPORT is not set
#
# Console display driver support
#
CONFIG_VGA_CONSOLE=y
# CONFIG_VGACON_SOFT_SCROLLBACK is not set
CONFIG_DUMMY_CONSOLE=y
CONFIG_DUMMY_CONSOLE_COLUMNS=80
CONFIG_DUMMY_CONSOLE_ROWS=25
# CONFIG_SOUND is not set
#
# HID support
#
CONFIG_HID=y
# CONFIG_HID_BATTERY_STRENGTH is not set
# CONFIG_HIDRAW is not set
CONFIG_UHID=y
CONFIG_HID_GENERIC=y
#
# Special HID drivers
#
CONFIG_HID_A4TECH=y
CONFIG_HID_ACCUTOUCH=y
CONFIG_HID_ACRUX=y
CONFIG_HID_ACRUX_FF=y
CONFIG_HID_APPLE=y
CONFIG_HID_APPLEIR=y
CONFIG_HID_ASUS=y
CONFIG_HID_AUREAL=y
CONFIG_HID_BELKIN=y
CONFIG_HID_BETOP_FF=y
CONFIG_HID_BIGBEN_FF=y
CONFIG_HID_CHERRY=y
CONFIG_HID_CHICONY=y
CONFIG_HID_CORSAIR=y
CONFIG_HID_COUGAR=y
CONFIG_HID_CMEDIA=y
CONFIG_HID_CYPRESS=y
CONFIG_HID_DRAGONRISE=y
CONFIG_DRAGONRISE_FF=y
CONFIG_HID_EMS_FF=y
CONFIG_HID_ELAN=y
CONFIG_HID_ELECOM=y
CONFIG_HID_ELO=y
CONFIG_HID_EZKEY=y
CONFIG_HID_GEMBIRD=y
CONFIG_HID_GFRM=y
CONFIG_HID_HOLTEK=y
CONFIG_HOLTEK_FF=y
CONFIG_HID_GT683R=y
CONFIG_HID_KEYTOUCH=y
CONFIG_HID_KYE=y
CONFIG_HID_UCLOGIC=y
CONFIG_HID_WALTOP=y
CONFIG_HID_GYRATION=y
CONFIG_HID_ICADE=y
CONFIG_HID_ITE=y
CONFIG_HID_JABRA=y
CONFIG_HID_TWINHAN=y
CONFIG_HID_KENSINGTON=y
CONFIG_HID_LCPOWER=y
CONFIG_HID_LED=y
CONFIG_HID_LENOVO=y
CONFIG_HID_LOGITECH=y
CONFIG_HID_LOGITECH_HIDPP=y
CONFIG_LOGITECH_FF=y
CONFIG_LOGIRUMBLEPAD2_FF=y
CONFIG_LOGIG940_FF=y
CONFIG_LOGIWHEELS_FF=y
CONFIG_HID_MAGICMOUSE=y
CONFIG_HID_MAYFLASH=y
CONFIG_HID_REDRAGON=y
CONFIG_HID_MICROSOFT=y
CONFIG_HID_MONTEREY=y
CONFIG_HID_MULTITOUCH=y
CONFIG_HID_NTI=y
CONFIG_HID_NTRIG=y
CONFIG_HID_ORTEK=y
CONFIG_HID_PANTHERLORD=y
CONFIG_PANTHERLORD_FF=y
CONFIG_HID_PENMOUNT=y
CONFIG_HID_PETALYNX=y
CONFIG_HID_PICOLCD=y
CONFIG_HID_PICOLCD_LEDS=y
CONFIG_HID_PLANTRONICS=y
CONFIG_HID_PRIMAX=y
CONFIG_HID_RETRODE=y
CONFIG_HID_ROCCAT=y
CONFIG_HID_SAITEK=y
CONFIG_HID_SAMSUNG=y
CONFIG_HID_SONY=y
CONFIG_SONY_FF=y
CONFIG_HID_SPEEDLINK=y
CONFIG_HID_STEAM=y
CONFIG_HID_STEELSERIES=y
CONFIG_HID_SUNPLUS=y
CONFIG_HID_RMI=y
CONFIG_HID_GREENASIA=y
CONFIG_GREENASIA_FF=y
CONFIG_HID_SMARTJOYPLUS=y
CONFIG_SMARTJOYPLUS_FF=y
CONFIG_HID_TIVO=y
CONFIG_HID_TOPSEED=y
CONFIG_HID_THINGM=y
CONFIG_HID_THRUSTMASTER=y
CONFIG_THRUSTMASTER_FF=y
CONFIG_HID_UDRAW_PS3=y
CONFIG_HID_WACOM=y
CONFIG_HID_WIIMOTE=y
CONFIG_HID_XINMO=y
CONFIG_HID_ZEROPLUS=y
CONFIG_ZEROPLUS_FF=y
CONFIG_HID_ZYDACRON=y
CONFIG_HID_SENSOR_HUB=y
CONFIG_HID_SENSOR_CUSTOM_SENSOR=y
CONFIG_HID_ALPS=y
#
# USB HID support
#
CONFIG_USB_HID=y
# CONFIG_HID_PID is not set
# CONFIG_USB_HIDDEV is not set
#
# Intel ISH HID support
#
# CONFIG_INTEL_ISH_HID is not set
CONFIG_USB_OHCI_LITTLE_ENDIAN=y
CONFIG_USB_SUPPORT=y
CONFIG_USB_COMMON=y
CONFIG_USB_ARCH_HAS_HCD=y
CONFIG_USB=y
CONFIG_USB_PCI=y
# CONFIG_USB_ANNOUNCE_NEW_DEVICES is not set
#
# Miscellaneous USB options
#
CONFIG_USB_DEFAULT_PERSIST=y
# CONFIG_USB_DYNAMIC_MINORS is not set
# CONFIG_USB_OTG_WHITELIST is not set
# CONFIG_USB_LEDS_TRIGGER_USBPORT is not set
# CONFIG_USB_MON is not set
# CONFIG_USB_WUSB_CBAF is not set
#
# USB Host Controller Drivers
#
# CONFIG_USB_C67X00_HCD is not set
# CONFIG_USB_XHCI_HCD is not set
# CONFIG_USB_EHCI_HCD is not set
# CONFIG_USB_OXU210HP_HCD is not set
# CONFIG_USB_ISP116X_HCD is not set
# CONFIG_USB_FOTG210_HCD is not set
# CONFIG_USB_OHCI_HCD is not set
# CONFIG_USB_UHCI_HCD is not set
# CONFIG_USB_SL811_HCD is not set
# CONFIG_USB_R8A66597_HCD is not set
# CONFIG_USB_HCD_TEST_MODE is not set
#
# USB Device Class drivers
#
# CONFIG_USB_ACM is not set
# CONFIG_USB_PRINTER is not set
# CONFIG_USB_WDM is not set
# CONFIG_USB_TMC is not set
#
# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may
#
#
# also be needed; see USB_STORAGE Help for more info
#
# CONFIG_USB_STORAGE is not set
#
# USB Imaging devices
#
# CONFIG_USB_MDC800 is not set
# CONFIG_USB_MICROTEK is not set
# CONFIG_USBIP_CORE is not set
# CONFIG_USB_MUSB_HDRC is not set
# CONFIG_USB_DWC3 is not set
# CONFIG_USB_DWC2 is not set
# CONFIG_USB_ISP1760 is not set
#
# USB port drivers
#
# CONFIG_USB_SERIAL is not set
#
# USB Miscellaneous drivers
#
# CONFIG_USB_EMI62 is not set
# CONFIG_USB_EMI26 is not set
# CONFIG_USB_ADUTUX is not set
# CONFIG_USB_SEVSEG is not set
# CONFIG_USB_RIO500 is not set
# CONFIG_USB_LEGOTOWER is not set
# CONFIG_USB_LCD is not set
# CONFIG_USB_CYPRESS_CY7C63 is not set
# CONFIG_USB_CYTHERM is not set
# CONFIG_USB_IDMOUSE is not set
# CONFIG_USB_FTDI_ELAN is not set
# CONFIG_USB_APPLEDISPLAY is not set
# CONFIG_USB_LD is not set
# CONFIG_USB_TRANCEVIBRATOR is not set
# CONFIG_USB_IOWARRIOR is not set
# CONFIG_USB_TEST is not set
# CONFIG_USB_EHSET_TEST_FIXTURE is not set
# CONFIG_USB_ISIGHTFW is not set
# CONFIG_USB_YUREX is not set
# CONFIG_USB_EZUSB_FX2 is not set
# CONFIG_USB_LINK_LAYER_TEST is not set
# CONFIG_USB_CHAOSKEY is not set
#
# USB Physical Layer drivers
#
# CONFIG_NOP_USB_XCEIV is not set
# CONFIG_USB_GADGET is not set
# CONFIG_TYPEC is not set
# CONFIG_USB_ROLE_SWITCH is not set
# CONFIG_USB_LED_TRIG is not set
# CONFIG_USB_ULPI_BUS is not set
# CONFIG_UWB is not set
# CONFIG_MMC is not set
# CONFIG_MEMSTICK is not set
CONFIG_NEW_LEDS=y
CONFIG_LEDS_CLASS=y
# CONFIG_LEDS_CLASS_FLASH is not set
# CONFIG_LEDS_BRIGHTNESS_HW_CHANGED is not set
#
# LED drivers
#
# CONFIG_LEDS_APU is not set
# CONFIG_LEDS_CLEVO_MAIL is not set
# CONFIG_LEDS_INTEL_SS4200 is not set
#
# LED driver for blink(1) USB RGB LED is under Special HID drivers (HID_THINGM)
#
# CONFIG_LEDS_MLXCPLD is not set
# CONFIG_LEDS_MLXREG is not set
# CONFIG_LEDS_USER is not set
# CONFIG_LEDS_NIC78BX is not set
#
# LED Triggers
#
CONFIG_LEDS_TRIGGERS=y
# CONFIG_LEDS_TRIGGER_TIMER is not set
# CONFIG_LEDS_TRIGGER_ONESHOT is not set
# CONFIG_LEDS_TRIGGER_MTD is not set
# CONFIG_LEDS_TRIGGER_HEARTBEAT is not set
# CONFIG_LEDS_TRIGGER_BACKLIGHT is not set
# CONFIG_LEDS_TRIGGER_CPU is not set
# CONFIG_LEDS_TRIGGER_ACTIVITY is not set
# CONFIG_LEDS_TRIGGER_DEFAULT_ON is not set
#
# iptables trigger is under Netfilter config (LED target)
#
# CONFIG_LEDS_TRIGGER_TRANSIENT is not set
# CONFIG_LEDS_TRIGGER_CAMERA is not set
# CONFIG_LEDS_TRIGGER_PANIC is not set
# CONFIG_LEDS_TRIGGER_NETDEV is not set
# CONFIG_LEDS_TRIGGER_PATTERN is not set
# CONFIG_LEDS_TRIGGER_AUDIO is not set
# CONFIG_ACCESSIBILITY is not set
# CONFIG_INFINIBAND is not set
CONFIG_EDAC_ATOMIC_SCRUB=y
CONFIG_EDAC_SUPPORT=y
CONFIG_RTC_LIB=y
CONFIG_RTC_MC146818_LIB=y
CONFIG_RTC_CLASS=y
CONFIG_RTC_HCTOSYS=y
CONFIG_RTC_HCTOSYS_DEVICE="rtc0"
CONFIG_RTC_SYSTOHC=y
CONFIG_RTC_SYSTOHC_DEVICE="rtc0"
# CONFIG_RTC_DEBUG is not set
CONFIG_RTC_NVMEM=y
#
# RTC interfaces
#
CONFIG_RTC_INTF_SYSFS=y
CONFIG_RTC_INTF_PROC=y
CONFIG_RTC_INTF_DEV=y
# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set
# CONFIG_RTC_DRV_TEST is not set
#
# I2C RTC drivers
#
#
# SPI RTC drivers
#
#
# SPI and I2C RTC drivers
#
#
# Platform RTC drivers
#
# CONFIG_RTC_DRV_CMOS is not set
# CONFIG_RTC_DRV_DS1286 is not set
# CONFIG_RTC_DRV_DS1511 is not set
# CONFIG_RTC_DRV_DS1553 is not set
# CONFIG_RTC_DRV_DS1685_FAMILY is not set
# CONFIG_RTC_DRV_DS1742 is not set
# CONFIG_RTC_DRV_DS2404 is not set
# CONFIG_RTC_DRV_STK17TA8 is not set
# CONFIG_RTC_DRV_M48T86 is not set
# CONFIG_RTC_DRV_M48T35 is not set
# CONFIG_RTC_DRV_M48T59 is not set
# CONFIG_RTC_DRV_MSM6242 is not set
# CONFIG_RTC_DRV_BQ4802 is not set
# CONFIG_RTC_DRV_RP5C01 is not set
# CONFIG_RTC_DRV_V3020 is not set
#
# on-CPU RTC drivers
#
# CONFIG_RTC_DRV_FTRTC010 is not set
#
# HID Sensor RTC drivers
#
# CONFIG_RTC_DRV_HID_SENSOR_TIME is not set
# CONFIG_DMADEVICES is not set
#
# DMABUF options
#
# CONFIG_SYNC_FILE is not set
# CONFIG_AUXDISPLAY is not set
# CONFIG_UIO is not set
CONFIG_VIRT_DRIVERS=y
# CONFIG_VBOXGUEST is not set
CONFIG_VIRTIO=y
CONFIG_VIRTIO_MENU=y
CONFIG_VIRTIO_PCI=y
CONFIG_VIRTIO_PCI_LEGACY=y
CONFIG_VIRTIO_BALLOON=y
# CONFIG_VIRTIO_INPUT is not set
# CONFIG_VIRTIO_MMIO is not set
#
# Microsoft Hyper-V guest support
#
# CONFIG_HYPERV is not set
# CONFIG_STAGING is not set
# CONFIG_X86_PLATFORM_DEVICES is not set
CONFIG_PMC_ATOM=y
# CONFIG_CHROME_PLATFORMS is not set
# CONFIG_MELLANOX_PLATFORM is not set
CONFIG_CLKDEV_LOOKUP=y
CONFIG_HAVE_CLK_PREPARE=y
CONFIG_COMMON_CLK=y
#
# Common Clock Framework
#
# CONFIG_HWSPINLOCK is not set
#
# Clock Source drivers
#
CONFIG_CLKEVT_I8253=y
CONFIG_I8253_LOCK=y
CONFIG_CLKBLD_I8253=y
CONFIG_MAILBOX=y
CONFIG_PCC=y
# CONFIG_ALTERA_MBOX is not set
# CONFIG_IOMMU_SUPPORT is not set
#
# Remoteproc drivers
#
# CONFIG_REMOTEPROC is not set
#
# Rpmsg drivers
#
# CONFIG_RPMSG_QCOM_GLINK_RPM is not set
# CONFIG_RPMSG_VIRTIO is not set
# CONFIG_SOUNDWIRE is not set
#
# SOC (System On Chip) specific Drivers
#
#
# Amlogic SoC drivers
#
#
# Broadcom SoC drivers
#
#
# NXP/Freescale QorIQ SoC drivers
#
#
# i.MX SoC drivers
#
#
# Qualcomm SoC drivers
#
# CONFIG_SOC_TI is not set
#
# Xilinx SoC drivers
#
# CONFIG_XILINX_VCU is not set
# CONFIG_PM_DEVFREQ is not set
# CONFIG_EXTCON is not set
# CONFIG_MEMORY is not set
# CONFIG_IIO is not set
# CONFIG_NTB is not set
# CONFIG_VME_BUS is not set
# CONFIG_PWM is not set
#
# IRQ chip support
#
CONFIG_ARM_GIC_MAX_NR=1
# CONFIG_IPACK_BUS is not set
# CONFIG_RESET_CONTROLLER is not set
# CONFIG_FMC is not set
#
# PHY Subsystem
#
# CONFIG_GENERIC_PHY is not set
# CONFIG_BCM_KONA_USB2_PHY is not set
# CONFIG_PHY_PXA_28NM_HSIC is not set
# CONFIG_PHY_PXA_28NM_USB2 is not set
# CONFIG_POWERCAP is not set
# CONFIG_MCB is not set
#
# Performance monitor support
#
# CONFIG_RAS is not set
# CONFIG_THUNDERBOLT is not set
#
# Android
#
# CONFIG_ANDROID is not set
CONFIG_LIBNVDIMM=y
CONFIG_BLK_DEV_PMEM=y
CONFIG_ND_BLK=y
CONFIG_ND_CLAIM=y
CONFIG_ND_BTT=y
CONFIG_BTT=y
CONFIG_NVDIMM_KEYS=y
CONFIG_DAX_DRIVER=y
CONFIG_DAX=y
CONFIG_NVMEM=y
#
# HW tracing support
#
# CONFIG_STM is not set
# CONFIG_INTEL_TH is not set
# CONFIG_FPGA is not set
# CONFIG_UNISYS_VISORBUS is not set
# CONFIG_SIOX is not set
# CONFIG_SLIMBUS is not set
#
# File systems
#
CONFIG_DCACHE_WORD_ACCESS=y
CONFIG_FS_IOMAP=y
CONFIG_EXT2_FS=y
CONFIG_EXT2_FS_XATTR=y
CONFIG_EXT2_FS_POSIX_ACL=y
CONFIG_EXT2_FS_SECURITY=y
# CONFIG_EXT3_FS is not set
CONFIG_EXT4_FS=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_EXT4_FS_SECURITY=y
CONFIG_EXT4_ENCRYPTION=y
CONFIG_EXT4_FS_ENCRYPTION=y
CONFIG_EXT4_DEBUG=y
CONFIG_JBD2=y
CONFIG_JBD2_DEBUG=y
CONFIG_FS_MBCACHE=y
# CONFIG_REISERFS_FS is not set
# CONFIG_JFS_FS is not set
CONFIG_XFS_FS=y
CONFIG_XFS_QUOTA=y
CONFIG_XFS_POSIX_ACL=y
CONFIG_XFS_RT=y
# CONFIG_XFS_ONLINE_SCRUB is not set
# CONFIG_XFS_WARN is not set
# CONFIG_XFS_DEBUG is not set
# CONFIG_GFS2_FS is not set
CONFIG_BTRFS_FS=y
CONFIG_BTRFS_FS_POSIX_ACL=y
# CONFIG_BTRFS_FS_CHECK_INTEGRITY is not set
# CONFIG_BTRFS_FS_RUN_SANITY_TESTS is not set
CONFIG_BTRFS_DEBUG=y
CONFIG_BTRFS_ASSERT=y
# CONFIG_BTRFS_FS_REF_VERIFY is not set
# CONFIG_NILFS2_FS is not set
CONFIG_F2FS_FS=y
CONFIG_F2FS_STAT_FS=y
CONFIG_F2FS_FS_XATTR=y
CONFIG_F2FS_FS_POSIX_ACL=y
CONFIG_F2FS_FS_SECURITY=y
CONFIG_F2FS_CHECK_FS=y
CONFIG_F2FS_FS_ENCRYPTION=y
# CONFIG_F2FS_IO_TRACE is not set
# CONFIG_F2FS_FAULT_INJECTION is not set
CONFIG_FS_DAX=y
CONFIG_FS_POSIX_ACL=y
CONFIG_EXPORTFS=y
# CONFIG_EXPORTFS_BLOCK_OPS is not set
CONFIG_FILE_LOCKING=y
CONFIG_MANDATORY_FILE_LOCKING=y
CONFIG_FS_ENCRYPTION=y
CONFIG_FSNOTIFY=y
CONFIG_DNOTIFY=y
CONFIG_INOTIFY_USER=y
# CONFIG_FANOTIFY is not set
CONFIG_QUOTA=y
CONFIG_QUOTA_NETLINK_INTERFACE=y
# CONFIG_PRINT_QUOTA_WARNING is not set
# CONFIG_QUOTA_DEBUG is not set
CONFIG_QUOTA_TREE=y
# CONFIG_QFMT_V1 is not set
CONFIG_QFMT_V2=y
CONFIG_QUOTACTL=y
CONFIG_QUOTACTL_COMPAT=y
CONFIG_AUTOFS4_FS=y
CONFIG_AUTOFS_FS=y
# CONFIG_FUSE_FS is not set
CONFIG_OVERLAY_FS=y
# CONFIG_OVERLAY_FS_REDIRECT_DIR is not set
CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y
# CONFIG_OVERLAY_FS_INDEX is not set
# CONFIG_OVERLAY_FS_XINO_AUTO is not set
# CONFIG_OVERLAY_FS_METACOPY is not set
#
# Caches
#
# CONFIG_FSCACHE is not set
#
# CD-ROM/DVD Filesystems
#
# CONFIG_ISO9660_FS is not set
# CONFIG_UDF_FS is not set
#
# DOS/FAT/NT Filesystems
#
# CONFIG_MSDOS_FS is not set
# CONFIG_VFAT_FS is not set
# CONFIG_NTFS_FS is not set
#
# Pseudo filesystems
#
CONFIG_PROC_FS=y
CONFIG_PROC_KCORE=y
CONFIG_PROC_SYSCTL=y
CONFIG_PROC_PAGE_MONITOR=y
CONFIG_PROC_CHILDREN=y
CONFIG_KERNFS=y
CONFIG_SYSFS=y
CONFIG_TMPFS=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_TMPFS_XATTR=y
# CONFIG_HUGETLBFS is not set
CONFIG_MEMFD_CREATE=y
# CONFIG_CONFIGFS_FS is not set
CONFIG_MISC_FILESYSTEMS=y
# CONFIG_ORANGEFS_FS is not set
# CONFIG_ADFS_FS is not set
# CONFIG_AFFS_FS is not set
# CONFIG_ECRYPT_FS is not set
# CONFIG_HFS_FS is not set
# CONFIG_HFSPLUS_FS is not set
# CONFIG_BEFS_FS is not set
# CONFIG_BFS_FS is not set
# CONFIG_EFS_FS is not set
# CONFIG_JFFS2_FS is not set
CONFIG_UBIFS_FS=y
# CONFIG_UBIFS_FS_ADVANCED_COMPR is not set
CONFIG_UBIFS_FS_LZO=y
CONFIG_UBIFS_FS_ZLIB=y
# CONFIG_UBIFS_ATIME_SUPPORT is not set
CONFIG_UBIFS_FS_XATTR=y
CONFIG_UBIFS_FS_ENCRYPTION=y
CONFIG_UBIFS_FS_SECURITY=y
# CONFIG_UBIFS_FS_AUTHENTICATION is not set
# CONFIG_CRAMFS is not set
# CONFIG_SQUASHFS is not set
# CONFIG_VXFS_FS is not set
# CONFIG_MINIX_FS is not set
# CONFIG_OMFS_FS is not set
# CONFIG_HPFS_FS is not set
# CONFIG_QNX4FS_FS is not set
# CONFIG_QNX6FS_FS is not set
# CONFIG_ROMFS_FS is not set
# CONFIG_PSTORE is not set
# CONFIG_SYSV_FS is not set
# CONFIG_UFS_FS is not set
CONFIG_NETWORK_FILESYSTEMS=y
# CONFIG_NFS_FS is not set
# CONFIG_NFSD is not set
# CONFIG_CEPH_FS is not set
# CONFIG_CIFS is not set
# CONFIG_CODA_FS is not set
# CONFIG_AFS_FS is not set
CONFIG_9P_FS=y
# CONFIG_9P_FS_POSIX_ACL is not set
# CONFIG_9P_FS_SECURITY is not set
CONFIG_NLS=y
CONFIG_NLS_DEFAULT="utf8"
# CONFIG_NLS_CODEPAGE_437 is not set
# CONFIG_NLS_CODEPAGE_737 is not set
# CONFIG_NLS_CODEPAGE_775 is not set
# CONFIG_NLS_CODEPAGE_850 is not set
# CONFIG_NLS_CODEPAGE_852 is not set
# CONFIG_NLS_CODEPAGE_855 is not set
# CONFIG_NLS_CODEPAGE_857 is not set
# CONFIG_NLS_CODEPAGE_860 is not set
# CONFIG_NLS_CODEPAGE_861 is not set
# CONFIG_NLS_CODEPAGE_862 is not set
# CONFIG_NLS_CODEPAGE_863 is not set
# CONFIG_NLS_CODEPAGE_864 is not set
# CONFIG_NLS_CODEPAGE_865 is not set
# CONFIG_NLS_CODEPAGE_866 is not set
# CONFIG_NLS_CODEPAGE_869 is not set
# CONFIG_NLS_CODEPAGE_936 is not set
# CONFIG_NLS_CODEPAGE_950 is not set
# CONFIG_NLS_CODEPAGE_932 is not set
# CONFIG_NLS_CODEPAGE_949 is not set
# CONFIG_NLS_CODEPAGE_874 is not set
# CONFIG_NLS_ISO8859_8 is not set
# CONFIG_NLS_CODEPAGE_1250 is not set
# CONFIG_NLS_CODEPAGE_1251 is not set
CONFIG_NLS_ASCII=y
# CONFIG_NLS_ISO8859_1 is not set
# CONFIG_NLS_ISO8859_2 is not set
# CONFIG_NLS_ISO8859_3 is not set
# CONFIG_NLS_ISO8859_4 is not set
# CONFIG_NLS_ISO8859_5 is not set
# CONFIG_NLS_ISO8859_6 is not set
# CONFIG_NLS_ISO8859_7 is not set
# CONFIG_NLS_ISO8859_9 is not set
# CONFIG_NLS_ISO8859_13 is not set
# CONFIG_NLS_ISO8859_14 is not set
# CONFIG_NLS_ISO8859_15 is not set
# CONFIG_NLS_KOI8_R is not set
# CONFIG_NLS_KOI8_U is not set
# CONFIG_NLS_MAC_ROMAN is not set
# CONFIG_NLS_MAC_CELTIC is not set
# CONFIG_NLS_MAC_CENTEURO is not set
# CONFIG_NLS_MAC_CROATIAN is not set
# CONFIG_NLS_MAC_CYRILLIC is not set
# CONFIG_NLS_MAC_GAELIC is not set
# CONFIG_NLS_MAC_GREEK is not set
# CONFIG_NLS_MAC_ICELAND is not set
# CONFIG_NLS_MAC_INUIT is not set
# CONFIG_NLS_MAC_ROMANIAN is not set
# CONFIG_NLS_MAC_TURKISH is not set
CONFIG_NLS_UTF8=y
#
# Security options
#
CONFIG_KEYS=y
CONFIG_KEYS_COMPAT=y
# CONFIG_PERSISTENT_KEYRINGS is not set
# CONFIG_BIG_KEYS is not set
# CONFIG_TRUSTED_KEYS is not set
CONFIG_ENCRYPTED_KEYS=y
# CONFIG_KEY_DH_OPERATIONS is not set
# CONFIG_SECURITY_DMESG_RESTRICT is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
# CONFIG_SECURITY_NETWORK is not set
CONFIG_PAGE_TABLE_ISOLATION=y
# CONFIG_SECURITY_PATH is not set
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
# CONFIG_HARDENED_USERCOPY is not set
CONFIG_FORTIFY_SOURCE=y
# CONFIG_STATIC_USERMODEHELPER is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_SECURITY_APPARMOR is not set
# CONFIG_SECURITY_LOADPIN is not set
# CONFIG_SECURITY_YAMA is not set
CONFIG_INTEGRITY=y
CONFIG_INTEGRITY_SIGNATURE=y
# CONFIG_INTEGRITY_ASYMMETRIC_KEYS is not set
CONFIG_IMA=y
CONFIG_IMA_MEASURE_PCR_IDX=10
# CONFIG_IMA_TEMPLATE is not set
CONFIG_IMA_NG_TEMPLATE=y
# CONFIG_IMA_SIG_TEMPLATE is not set
CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
CONFIG_IMA_DEFAULT_HASH_SHA1=y
# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
CONFIG_IMA_DEFAULT_HASH="sha1"
CONFIG_IMA_WRITE_POLICY=y
CONFIG_IMA_READ_POLICY=y
CONFIG_IMA_APPRAISE=y
CONFIG_IMA_APPRAISE_BOOTPARAM=y
CONFIG_EVM=y
CONFIG_EVM_ATTR_FSUUID=y
# CONFIG_EVM_ADD_XATTRS is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
CONFIG_XOR_BLOCKS=y
CONFIG_CRYPTO=y
#
# Crypto core or helper
#
# CONFIG_CRYPTO_FIPS is not set
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD=y
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_BLKCIPHER=y
CONFIG_CRYPTO_BLKCIPHER2=y
CONFIG_CRYPTO_HASH=y
CONFIG_CRYPTO_HASH2=y
CONFIG_CRYPTO_RNG=y
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_RNG_DEFAULT=y
CONFIG_CRYPTO_AKCIPHER2=y
CONFIG_CRYPTO_KPP2=y
CONFIG_CRYPTO_ACOMP2=y
# CONFIG_CRYPTO_RSA is not set
# CONFIG_CRYPTO_DH is not set
# CONFIG_CRYPTO_ECDH is not set
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MANAGER2=y
# CONFIG_CRYPTO_USER is not set
# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set
# CONFIG_CRYPTO_GF128MUL is not set
CONFIG_CRYPTO_NULL=y
CONFIG_CRYPTO_NULL2=y
# CONFIG_CRYPTO_PCRYPT is not set
CONFIG_CRYPTO_WORKQUEUE=y
CONFIG_CRYPTO_CRYPTD=y
# CONFIG_CRYPTO_AUTHENC is not set
CONFIG_CRYPTO_SIMD=y
CONFIG_CRYPTO_GLUE_HELPER_X86=y
#
# Authenticated Encryption with Associated Data
#
# CONFIG_CRYPTO_CCM is not set
# CONFIG_CRYPTO_GCM is not set
# CONFIG_CRYPTO_CHACHA20POLY1305 is not set
# CONFIG_CRYPTO_AEGIS128 is not set
# CONFIG_CRYPTO_AEGIS128L is not set
# CONFIG_CRYPTO_AEGIS256 is not set
# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set
# CONFIG_CRYPTO_AEGIS128L_AESNI_SSE2 is not set
# CONFIG_CRYPTO_AEGIS256_AESNI_SSE2 is not set
# CONFIG_CRYPTO_MORUS640 is not set
# CONFIG_CRYPTO_MORUS640_SSE2 is not set
# CONFIG_CRYPTO_MORUS1280 is not set
# CONFIG_CRYPTO_MORUS1280_SSE2 is not set
# CONFIG_CRYPTO_MORUS1280_AVX2 is not set
CONFIG_CRYPTO_SEQIV=y
CONFIG_CRYPTO_ECHAINIV=y
#
# Block modes
#
CONFIG_CRYPTO_CBC=y
# CONFIG_CRYPTO_CFB is not set
CONFIG_CRYPTO_CTR=y
CONFIG_CRYPTO_CTS=y
CONFIG_CRYPTO_ECB=y
# CONFIG_CRYPTO_LRW is not set
# CONFIG_CRYPTO_OFB is not set
# CONFIG_CRYPTO_PCBC is not set
CONFIG_CRYPTO_XTS=y
# CONFIG_CRYPTO_KEYWRAP is not set
# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set
# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set
# CONFIG_CRYPTO_ADIANTUM is not set
#
# Hash modes
#
# CONFIG_CRYPTO_CMAC is not set
CONFIG_CRYPTO_HMAC=y
# CONFIG_CRYPTO_XCBC is not set
# CONFIG_CRYPTO_VMAC is not set
#
# Digest
#
CONFIG_CRYPTO_CRC32C=y
CONFIG_CRYPTO_CRC32C_INTEL=y
CONFIG_CRYPTO_CRC32=y
CONFIG_CRYPTO_CRC32_PCLMUL=y
# CONFIG_CRYPTO_CRCT10DIF is not set
# CONFIG_CRYPTO_GHASH is not set
# CONFIG_CRYPTO_POLY1305 is not set
# CONFIG_CRYPTO_POLY1305_X86_64 is not set
# CONFIG_CRYPTO_MD4 is not set
CONFIG_CRYPTO_MD5=y
# CONFIG_CRYPTO_MICHAEL_MIC is not set
# CONFIG_CRYPTO_RMD128 is not set
# CONFIG_CRYPTO_RMD160 is not set
# CONFIG_CRYPTO_RMD256 is not set
# CONFIG_CRYPTO_RMD320 is not set
CONFIG_CRYPTO_SHA1=y
# CONFIG_CRYPTO_SHA1_SSSE3 is not set
# CONFIG_CRYPTO_SHA256_SSSE3 is not set
# CONFIG_CRYPTO_SHA512_SSSE3 is not set
CONFIG_CRYPTO_SHA256=y
# CONFIG_CRYPTO_SHA512 is not set
# CONFIG_CRYPTO_SHA3 is not set
# CONFIG_CRYPTO_SM3 is not set
# CONFIG_CRYPTO_STREEBOG is not set
# CONFIG_CRYPTO_TGR192 is not set
# CONFIG_CRYPTO_WP512 is not set
# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
#
# Ciphers
#
CONFIG_CRYPTO_AES=y
# CONFIG_CRYPTO_AES_TI is not set
CONFIG_CRYPTO_AES_X86_64=y
CONFIG_CRYPTO_AES_NI_INTEL=y
# CONFIG_CRYPTO_ANUBIS is not set
# CONFIG_CRYPTO_ARC4 is not set
# CONFIG_CRYPTO_BLOWFISH is not set
# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set
# CONFIG_CRYPTO_CAMELLIA is not set
# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set
# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set
# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set
# CONFIG_CRYPTO_CAST5 is not set
# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set
# CONFIG_CRYPTO_CAST6 is not set
# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set
# CONFIG_CRYPTO_DES is not set
# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set
# CONFIG_CRYPTO_FCRYPT is not set
# CONFIG_CRYPTO_KHAZAD is not set
# CONFIG_CRYPTO_SALSA20 is not set
# CONFIG_CRYPTO_CHACHA20 is not set
# CONFIG_CRYPTO_CHACHA20_X86_64 is not set
# CONFIG_CRYPTO_SEED is not set
# CONFIG_CRYPTO_SERPENT is not set
# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set
# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set
# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set
# CONFIG_CRYPTO_SM4 is not set
# CONFIG_CRYPTO_TEA is not set
# CONFIG_CRYPTO_TWOFISH is not set
# CONFIG_CRYPTO_TWOFISH_X86_64 is not set
# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set
# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set
#
# Compression
#
CONFIG_CRYPTO_DEFLATE=y
CONFIG_CRYPTO_LZO=y
# CONFIG_CRYPTO_842 is not set
# CONFIG_CRYPTO_LZ4 is not set
# CONFIG_CRYPTO_LZ4HC is not set
# CONFIG_CRYPTO_ZSTD is not set
#
# Random Number Generation
#
# CONFIG_CRYPTO_ANSI_CPRNG is not set
CONFIG_CRYPTO_DRBG_MENU=y
CONFIG_CRYPTO_DRBG_HMAC=y
# CONFIG_CRYPTO_DRBG_HASH is not set
# CONFIG_CRYPTO_DRBG_CTR is not set
CONFIG_CRYPTO_DRBG=y
CONFIG_CRYPTO_JITTERENTROPY=y
# CONFIG_CRYPTO_USER_API_HASH is not set
# CONFIG_CRYPTO_USER_API_SKCIPHER is not set
# CONFIG_CRYPTO_USER_API_RNG is not set
# CONFIG_CRYPTO_USER_API_AEAD is not set
CONFIG_CRYPTO_HASH_INFO=y
# CONFIG_CRYPTO_HW is not set
# CONFIG_ASYMMETRIC_KEY_TYPE is not set
#
# Certificates for signature checking
#
# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
CONFIG_BINARY_PRINTF=y
#
# Library routines
#
CONFIG_RAID6_PQ=y
CONFIG_BITREVERSE=y
CONFIG_RATIONAL=y
CONFIG_GENERIC_STRNCPY_FROM_USER=y
CONFIG_GENERIC_STRNLEN_USER=y
CONFIG_GENERIC_NET_UTILS=y
CONFIG_GENERIC_FIND_FIRST_BIT=y
CONFIG_GENERIC_PCI_IOMAP=y
CONFIG_GENERIC_IOMAP=y
CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
CONFIG_ARCH_HAS_FAST_MULTIPLIER=y
# CONFIG_CRC_CCITT is not set
CONFIG_CRC16=y
# CONFIG_CRC_T10DIF is not set
# CONFIG_CRC_ITU_T is not set
CONFIG_CRC32=y
# CONFIG_CRC32_SELFTEST is not set
CONFIG_CRC32_SLICEBY8=y
# CONFIG_CRC32_SLICEBY4 is not set
# CONFIG_CRC32_SARWATE is not set
# CONFIG_CRC32_BIT is not set
# CONFIG_CRC64 is not set
# CONFIG_CRC4 is not set
# CONFIG_CRC7 is not set
CONFIG_LIBCRC32C=y
# CONFIG_CRC8 is not set
CONFIG_XXHASH=y
# CONFIG_RANDOM32_SELFTEST is not set
CONFIG_ZLIB_INFLATE=y
CONFIG_ZLIB_DEFLATE=y
CONFIG_LZO_COMPRESS=y
CONFIG_LZO_DECOMPRESS=y
CONFIG_LZ4_DECOMPRESS=y
CONFIG_ZSTD_COMPRESS=y
CONFIG_ZSTD_DECOMPRESS=y
CONFIG_XZ_DEC=y
CONFIG_XZ_DEC_X86=y
CONFIG_XZ_DEC_POWERPC=y
CONFIG_XZ_DEC_IA64=y
CONFIG_XZ_DEC_ARM=y
CONFIG_XZ_DEC_ARMTHUMB=y
CONFIG_XZ_DEC_SPARC=y
CONFIG_XZ_DEC_BCJ=y
# CONFIG_XZ_DEC_TEST is not set
CONFIG_DECOMPRESS_GZIP=y
CONFIG_DECOMPRESS_BZIP2=y
CONFIG_DECOMPRESS_LZMA=y
CONFIG_DECOMPRESS_XZ=y
CONFIG_DECOMPRESS_LZO=y
CONFIG_DECOMPRESS_LZ4=y
CONFIG_GENERIC_ALLOCATOR=y
CONFIG_ASSOCIATIVE_ARRAY=y
CONFIG_HAS_IOMEM=y
CONFIG_HAS_IOPORT_MAP=y
CONFIG_HAS_DMA=y
CONFIG_NEED_SG_DMA_LENGTH=y
CONFIG_NEED_DMA_MAP_STATE=y
CONFIG_ARCH_DMA_ADDR_T_64BIT=y
CONFIG_SWIOTLB=y
CONFIG_SGL_ALLOC=y
CONFIG_CPU_RMAP=y
CONFIG_DQL=y
CONFIG_GLOB=y
# CONFIG_GLOB_SELFTEST is not set
CONFIG_NLATTR=y
CONFIG_CLZ_TAB=y
# CONFIG_CORDIC is not set
# CONFIG_DDR is not set
# CONFIG_IRQ_POLL is not set
CONFIG_MPILIB=y
CONFIG_SIGNATURE=y
CONFIG_SG_POOL=y
CONFIG_ARCH_HAS_PMEM_API=y
CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y
CONFIG_ARCH_HAS_UACCESS_MCSAFE=y
CONFIG_SBITMAP=y
# CONFIG_STRING_SELFTEST is not set
#
# Kernel hacking
#
#
# printk and dmesg options
#
CONFIG_PRINTK_TIME=y
CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7
CONFIG_CONSOLE_LOGLEVEL_QUIET=4
CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4
# CONFIG_BOOT_PRINTK_DELAY is not set
CONFIG_DYNAMIC_DEBUG=y
#
# Compile-time checks and compiler options
#
CONFIG_DEBUG_INFO=y
CONFIG_DEBUG_INFO_REDUCED=y
# CONFIG_DEBUG_INFO_SPLIT is not set
# CONFIG_DEBUG_INFO_DWARF4 is not set
# CONFIG_GDB_SCRIPTS is not set
CONFIG_ENABLE_MUST_CHECK=y
CONFIG_FRAME_WARN=2048
# CONFIG_STRIP_ASM_SYMS is not set
# CONFIG_READABLE_ASM is not set
CONFIG_UNUSED_SYMBOLS=y
# CONFIG_PAGE_OWNER is not set
CONFIG_DEBUG_FS=y
# CONFIG_HEADERS_CHECK is not set
CONFIG_DEBUG_SECTION_MISMATCH=y
CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_STACK_VALIDATION=y
# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
CONFIG_MAGIC_SYSRQ=y
CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1
CONFIG_MAGIC_SYSRQ_SERIAL=y
CONFIG_DEBUG_KERNEL=y
#
# Memory Debugging
#
CONFIG_PAGE_EXTENSION=y
CONFIG_DEBUG_PAGEALLOC=y
# CONFIG_DEBUG_PAGEALLOC_ENABLE_DEFAULT is not set
# CONFIG_PAGE_POISONING is not set
# CONFIG_DEBUG_PAGE_REF is not set
# CONFIG_DEBUG_RODATA_TEST is not set
CONFIG_DEBUG_OBJECTS=y
# CONFIG_DEBUG_OBJECTS_SELFTEST is not set
# CONFIG_DEBUG_OBJECTS_FREE is not set
# CONFIG_DEBUG_OBJECTS_TIMERS is not set
# CONFIG_DEBUG_OBJECTS_WORK is not set
# CONFIG_DEBUG_OBJECTS_RCU_HEAD is not set
# CONFIG_DEBUG_OBJECTS_PERCPU_COUNTER is not set
CONFIG_DEBUG_OBJECTS_ENABLE_DEFAULT=1
# CONFIG_DEBUG_SLAB is not set
CONFIG_HAVE_DEBUG_KMEMLEAK=y
CONFIG_DEBUG_KMEMLEAK=y
CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=3000
CONFIG_DEBUG_KMEMLEAK_DEFAULT_OFF=y
CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y
# CONFIG_DEBUG_STACK_USAGE is not set
# CONFIG_DEBUG_VM is not set
CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
# CONFIG_DEBUG_VIRTUAL is not set
CONFIG_DEBUG_MEMORY_INIT=y
# CONFIG_DEBUG_PER_CPU_MAPS is not set
CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
CONFIG_DEBUG_STACKOVERFLOW=y
CONFIG_HAVE_ARCH_KASAN=y
CONFIG_CC_HAS_KASAN_GENERIC=y
# CONFIG_KASAN is not set
CONFIG_ARCH_HAS_KCOV=y
CONFIG_CC_HAS_SANCOV_TRACE_PC=y
# CONFIG_KCOV is not set
# CONFIG_DEBUG_SHIRQ is not set
#
# Debug Lockups and Hangs
#
CONFIG_LOCKUP_DETECTOR=y
CONFIG_SOFTLOCKUP_DETECTOR=y
# CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set
CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0
CONFIG_HARDLOCKUP_DETECTOR_PERF=y
CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y
CONFIG_HARDLOCKUP_DETECTOR=y
# CONFIG_BOOTPARAM_HARDLOCKUP_PANIC is not set
CONFIG_BOOTPARAM_HARDLOCKUP_PANIC_VALUE=0
CONFIG_DETECT_HUNG_TASK=y
CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0
CONFIG_WQ_WATCHDOG=y
# CONFIG_PANIC_ON_OOPS is not set
CONFIG_PANIC_ON_OOPS_VALUE=0
CONFIG_PANIC_TIMEOUT=5
CONFIG_SCHED_DEBUG=y
# CONFIG_SCHEDSTATS is not set
# CONFIG_SCHED_STACK_END_CHECK is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
#
# Lock Debugging (spinlocks, mutexes, etc...)
#
CONFIG_LOCK_DEBUGGING_SUPPORT=y
CONFIG_PROVE_LOCKING=y
CONFIG_LOCK_STAT=y
CONFIG_DEBUG_RT_MUTEXES=y
CONFIG_DEBUG_SPINLOCK=y
CONFIG_DEBUG_MUTEXES=y
CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y
CONFIG_DEBUG_RWSEMS=y
CONFIG_DEBUG_LOCK_ALLOC=y
CONFIG_LOCKDEP=y
# CONFIG_DEBUG_LOCKDEP is not set
CONFIG_DEBUG_ATOMIC_SLEEP=y
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
# CONFIG_LOCK_TORTURE_TEST is not set
# CONFIG_WW_MUTEX_SELFTEST is not set
CONFIG_TRACE_IRQFLAGS=y
CONFIG_STACKTRACE=y
# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set
# CONFIG_DEBUG_KOBJECT is not set
CONFIG_DEBUG_BUGVERBOSE=y
CONFIG_DEBUG_LIST=y
# CONFIG_DEBUG_PI_LIST is not set
CONFIG_DEBUG_SG=y
# CONFIG_DEBUG_NOTIFIERS is not set
# CONFIG_DEBUG_CREDENTIALS is not set
#
# RCU Debugging
#
CONFIG_PROVE_RCU=y
# CONFIG_RCU_PERF_TEST is not set
# CONFIG_RCU_TORTURE_TEST is not set
CONFIG_RCU_CPU_STALL_TIMEOUT=21
CONFIG_RCU_TRACE=y
CONFIG_RCU_EQS_DEBUG=y
# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set
# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
# CONFIG_NOTIFIER_ERROR_INJECTION is not set
CONFIG_FAULT_INJECTION=y
# CONFIG_FAILSLAB is not set
# CONFIG_FAIL_PAGE_ALLOC is not set
CONFIG_FAIL_MAKE_REQUEST=y
# CONFIG_FAIL_IO_TIMEOUT is not set
# CONFIG_FAIL_FUTEX is not set
CONFIG_FAULT_INJECTION_DEBUG_FS=y
# CONFIG_LATENCYTOP is not set
CONFIG_USER_STACKTRACE_SUPPORT=y
CONFIG_NOP_TRACER=y
CONFIG_HAVE_FUNCTION_TRACER=y
CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
CONFIG_HAVE_DYNAMIC_FTRACE=y
CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
CONFIG_HAVE_FENTRY=y
CONFIG_HAVE_C_RECORDMCOUNT=y
CONFIG_TRACER_MAX_TRACE=y
CONFIG_TRACE_CLOCK=y
CONFIG_RING_BUFFER=y
CONFIG_EVENT_TRACING=y
CONFIG_CONTEXT_SWITCH_TRACER=y
CONFIG_PREEMPTIRQ_TRACEPOINTS=y
CONFIG_TRACING=y
CONFIG_GENERIC_TRACER=y
CONFIG_TRACING_SUPPORT=y
CONFIG_FTRACE=y
CONFIG_FUNCTION_TRACER=y
CONFIG_FUNCTION_GRAPH_TRACER=y
# CONFIG_PREEMPTIRQ_EVENTS is not set
# CONFIG_IRQSOFF_TRACER is not set
# CONFIG_SCHED_TRACER is not set
# CONFIG_HWLAT_TRACER is not set
CONFIG_FTRACE_SYSCALLS=y
CONFIG_TRACER_SNAPSHOT=y
# CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP is not set
CONFIG_BRANCH_PROFILE_NONE=y
# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
# CONFIG_STACK_TRACER is not set
CONFIG_BLK_DEV_IO_TRACE=y
CONFIG_UPROBE_EVENTS=y
CONFIG_DYNAMIC_EVENTS=y
CONFIG_PROBE_EVENTS=y
CONFIG_DYNAMIC_FTRACE=y
CONFIG_DYNAMIC_FTRACE_WITH_REGS=y
CONFIG_FUNCTION_PROFILER=y
CONFIG_FTRACE_MCOUNT_RECORD=y
# CONFIG_FTRACE_STARTUP_TEST is not set
# CONFIG_MMIOTRACE is not set
# CONFIG_HIST_TRIGGERS is not set
# CONFIG_TRACEPOINT_BENCHMARK is not set
# CONFIG_RING_BUFFER_BENCHMARK is not set
# CONFIG_RING_BUFFER_STARTUP_TEST is not set
# CONFIG_TRACE_EVAL_MAP_FILE is not set
# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
# CONFIG_DMA_API_DEBUG is not set
CONFIG_RUNTIME_TESTING_MENU=y
# CONFIG_LKDTM is not set
# CONFIG_TEST_LIST_SORT is not set
# CONFIG_TEST_SORT is not set
# CONFIG_BACKTRACE_SELF_TEST is not set
# CONFIG_RBTREE_TEST is not set
# CONFIG_INTERVAL_TREE_TEST is not set
# CONFIG_ATOMIC64_SELFTEST is not set
# CONFIG_TEST_HEXDUMP is not set
# CONFIG_TEST_STRING_HELPERS is not set
# CONFIG_TEST_KSTRTOX is not set
# CONFIG_TEST_PRINTF is not set
# CONFIG_TEST_BITMAP is not set
# CONFIG_TEST_BITFIELD is not set
# CONFIG_TEST_UUID is not set
# CONFIG_TEST_XARRAY is not set
# CONFIG_TEST_OVERFLOW is not set
# CONFIG_TEST_RHASHTABLE is not set
# CONFIG_TEST_HASH is not set
# CONFIG_TEST_IDA is not set
# CONFIG_FIND_BIT_BENCHMARK is not set
# CONFIG_TEST_FIRMWARE is not set
# CONFIG_TEST_SYSCTL is not set
# CONFIG_TEST_UDELAY is not set
# CONFIG_TEST_MEMCAT_P is not set
# CONFIG_MEMTEST is not set
# CONFIG_BUG_ON_DATA_CORRUPTION is not set
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
# CONFIG_KGDB is not set
CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
# CONFIG_UBSAN is not set
CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
CONFIG_STRICT_DEVMEM=y
# CONFIG_IO_STRICT_DEVMEM is not set
CONFIG_TRACE_IRQFLAGS_SUPPORT=y
CONFIG_X86_VERBOSE_BOOTUP=y
CONFIG_EARLY_PRINTK=y
# CONFIG_EARLY_PRINTK_DBGP is not set
# CONFIG_EARLY_PRINTK_USB_XDBC is not set
CONFIG_X86_PTDUMP_CORE=y
# CONFIG_X86_PTDUMP is not set
CONFIG_DEBUG_WX=y
CONFIG_DOUBLEFAULT=y
# CONFIG_DEBUG_TLBFLUSH is not set
CONFIG_HAVE_MMIOTRACE_SUPPORT=y
CONFIG_IO_DELAY_TYPE_0X80=0
CONFIG_IO_DELAY_TYPE_0XED=1
CONFIG_IO_DELAY_TYPE_UDELAY=2
CONFIG_IO_DELAY_TYPE_NONE=3
CONFIG_IO_DELAY_0X80=y
# CONFIG_IO_DELAY_0XED is not set
# CONFIG_IO_DELAY_UDELAY is not set
# CONFIG_IO_DELAY_NONE is not set
CONFIG_DEFAULT_IO_DELAY_TYPE=0
# CONFIG_DEBUG_BOOT_PARAMS is not set
# CONFIG_CPA_DEBUG is not set
# CONFIG_OPTIMIZE_INLINING is not set
# CONFIG_DEBUG_ENTRY is not set
# CONFIG_DEBUG_NMI_SELFTEST is not set
CONFIG_X86_DEBUG_FPU=y
# CONFIG_PUNIT_ATOM_DEBUG is not set
CONFIG_UNWINDER_ORC=y
# CONFIG_UNWINDER_FRAME_POINTER is not set
[-- Attachment #3: chicony.bin --]
[-- Type: application/octet-stream, Size: 4380 bytes --]
[-- Attachment #4: sony.bin --]
[-- Type: application/octet-stream, Size: 471 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: NULL pointer dereference when writing fuzzed data to /dev/uhid
2019-01-04 12:32 NULL pointer dereference when writing fuzzed data to /dev/uhid Anatoly Trosinenko
@ 2019-01-04 13:25 ` Benjamin Tissoires
2019-01-04 13:47 ` Anatoly Trosinenko
` (2 more replies)
0 siblings, 3 replies; 10+ messages in thread
From: Benjamin Tissoires @ 2019-01-04 13:25 UTC (permalink / raw)
To: Anatoly Trosinenko
Cc: Jiri Kosina, lkml, open list:HID CORE LAYER, Roderick Colenbrander
Hi Anatoly,
On Fri, Jan 4, 2019 at 1:32 PM Anatoly Trosinenko
<anatoly.trosinenko@gmail.com> wrote:
>
> Hello,
>
> When writing the attached file to /dev/uhid, a NULL dereference occurs
> in kernel. As I understand, the problem is not UHID-specific, but is
> related to HID subsystem.
Thanks for the report.
I wanted to tell you that I started investigating the other private
report you sent us, but couldn't find the time to properly come with a
fix as the fuzzed data is hard to discriminate from valid data.
A couple of notes though:
- writing to uhid needs to be done by root. Any distribution that
doesn't enforce that is doomed to have several security issues
- we could somehow reproduce those fuzzed data on a USB or Bluetooth
connection, but that would require physical access to the device, so
you are doomed also
- last IIRC, there was some attempts by the ChromeOS team to allow
access to the HID stack from the Chrome plugins, I don't know if this
is able to generate the issues.
On the specifics reported here:
>
> How to reproduce:
> 1) Checkout the fresh master branch of the Linux kernel (tested on
> commit 96d4f267e)
> 2) Compile it with the attached config (kvm-xfstests capable)
> 3) Take one of reproducers and execute
> cat /vtmp/repro > /dev/uhid
>
> What happens:
>
> For chicony.bin:
>
> root@kvm-xfstests:~# cat /vtmp/chicony.bin > /dev/uhid
> [ 19.072703] BUG: unable to handle kernel NULL pointer dereference
> at 0000000000000002
> [ 19.073371] #PF error: [normal kernel read fault]
> [ 19.073755] PGD 8000000078b2c067 P4D 8000000078b2c067 PUD 0
> [ 19.074223] Oops: 0000 [#1] SMP PTI
> [ 19.074809] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted
> 4.20.0-xfstests-10979-g96d4f267e40 #1
> [ 19.075965] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> BIOS 1.11.1-1ubuntu1 04/01/2014
> [ 19.077599] Workqueue: events uhid_device_add_worker
> [ 19.078019] RIP: 0010:ch_switch12_report_fixup+0x13/0x70
This driver expects the device to be connected on USB, and you are
triggering the oops because you are on uhid.
I am chasing the USB dependencies in most drivers, but this is a hard
task to do when I do not have access to the actual devices.
I guess one way of fixing that is to add a check for the actual
transport driver during probe:
hid_is_using_ll_driver(hdev, &usb_hid_driver)
Patches are welcome :)
> [ 19.078462] Code: 49 8b 00 3e 80 60 20 df b8 01 00 00 00 c3 66 0f
> 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 8f 48 19 00 00 48 89 f0 48
> 8b 49 d8 <80> 79 02 01 74 01 c3 81 7f 3c 21 14 00 00 75 f6 83 3a 7f 76
> f1 80
> [ 19.080103] RSP: 0018:ffffa1d880367c48 EFLAGS: 00010286
> [ 19.080541] RAX: ffff9b653d27b180 RBX: ffff9b653a6fb948 RCX: 0000000000000000
> [ 19.081133] RDX: ffffa1d880367c5c RSI: ffff9b653d27b180 RDI: ffff9b653a6fa000
> [ 19.081780] RBP: ffff9b653d27b180 R08: 000000064992eed0 R09: 0000000000000000
> [ 19.082409] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9b653a6fa000
> [ 19.083017] R13: ffffffff83f14510 R14: ffffffff83f14440 R15: 0000000000000000
> [ 19.083619] FS: 0000000000000000(0000) GS:ffff9b653fc00000(0000)
> knlGS:0000000000000000
> [ 19.084362] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 19.085164] CR2: 0000000000000002 CR3: 00000000788b8004 CR4: 0000000000360ef0
> [ 19.085789] Call Trace:
> [ 19.086011] hid_open_report+0x81/0x2c0
> [ 19.086341] hid_device_probe+0x135/0x160
> [ 19.086754] ? __driver_attach+0x110/0x110
> [ 19.087109] really_probe+0xe0/0x390
> [ 19.087411] ? __driver_attach+0x110/0x110
> [ 19.087782] bus_for_each_drv+0x78/0xc0
> [ 19.088134] __device_attach+0xcc/0x130
> [ 19.088477] bus_probe_device+0x9f/0xb0
> [ 19.088832] device_add+0x422/0x680
> [ 19.089144] ? __debugfs_create_file+0xb5/0xf0
> [ 19.089536] hid_add_device+0xec/0x280
> [ 19.089880] uhid_device_add_worker+0x15/0x60
> [ 19.090270] process_one_work+0x238/0x5d0
> [ 19.090627] worker_thread+0x3d/0x390
> [ 19.090959] ? process_one_work+0x5d0/0x5d0
> [ 19.091331] kthread+0x121/0x140
> [ 19.096732] ? __kthread_create_on_node+0x1a0/0x1a0
> [ 19.097164] ret_from_fork+0x3a/0x50
> [ 19.097483] CR2: 0000000000000002
> [ 19.097779] ---[ end trace 1b547acaae113039 ]---
> [ 19.098186] RIP: 0010:ch_switch12_report_fixup+0x13/0x70
> [ 19.098621] Code: 49 8b 00 3e 80 60 20 df b8 01 00 00 00 c3 66 0f
> 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 8f 48 19 00 00 48 89 f0 48
> 8b 49 d8 <80> 79 02 01 74 01 c3 81 7f 3c 21 14 00 00 75 f6 83 3a 7f 76
> f1 80
> [ 19.100251] RSP: 0018:ffffa1d880367c48 EFLAGS: 00010286
> [ 19.100707] RAX: ffff9b653d27b180 RBX: ffff9b653a6fb948 RCX: 0000000000000000
> [ 19.101321] RDX: ffffa1d880367c5c RSI: ffff9b653d27b180 RDI: ffff9b653a6fa000
> [ 19.102448] RBP: ffff9b653d27b180 R08: 000000064992eed0 R09: 0000000000000000
> [ 19.103029] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9b653a6fa000
> [ 19.103601] R13: ffffffff83f14510 R14: ffffffff83f14440 R15: 0000000000000000
> [ 19.104173] FS: 0000000000000000(0000) GS:ffff9b653fc00000(0000)
> knlGS:0000000000000000
> [ 19.104823] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 19.105289] CR2: 0000000000000002 CR3: 00000000788b8004 CR4: 0000000000360ef0
> [ 19.105864] BUG: sleeping function called from invalid context at
> include/linux/percpu-rwsem.h:34
> [ 19.106578] in_atomic(): 0, irqs_disabled(): 1, pid: 5, name: kworker/0:0
> [ 19.107671] INFO: lockdep is turned off.
> [ 19.108384] irq event stamp: 3576
> [ 19.108976] hardirqs last enabled at (3575): [<ffffffff82e01ed5>]
> __kmalloc_track_caller+0x185/0x310
> [ 19.112970] hardirqs last disabled at (3576): [<ffffffff82c015f4>]
> trace_hardirqs_off_thunk+0x1a/0x1c
> [ 19.114557] softirqs last enabled at (3504): [<ffffffff834002b1>]
> peernet2id+0x51/0x80
> [ 19.115897] softirqs last disabled at (3502): [<ffffffff83400292>]
> peernet2id+0x32/0x80
> [ 19.117319] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G D
> 4.20.0-xfstests-10979-g96d4f267e40 #1
> [ 19.118739] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> BIOS 1.11.1-1ubuntu1 04/01/2014
> [ 19.120049] Workqueue: events uhid_device_add_worker
> [ 19.120767] Call Trace:
> [ 19.121127] dump_stack+0x67/0x90
> [ 19.121622] ___might_sleep.cold.13+0x9f/0xaf
> [ 19.122278] exit_signals+0x1c/0x200
> [ 19.122792] do_exit+0xac/0xaf0
> [ 19.123619] ? process_one_work+0x5d0/0x5d0
> [ 19.124520] ? kthread+0x121/0x140
> [ 19.125050] rewind_stack_do_exit+0x17/0x20
>
> For sony.bin:
>
> root@kvm-xfstests:~# cat /vtmp/sony.bin > /dev/uhid
> [ 16.891931] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.892432] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.892894] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.893362] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.893844] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.895389] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.898165] sony 0003:054C:1000.0001: ignoring exceeding usage max
> [ 16.901190] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.903797] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.906401] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.908957] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.911449] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.913936] sony 0003:054C:1000.0001: unknown main item tag 0x1
> [ 16.916551] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.918454] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.919743] sony 0003:054C:1000.0001: unknown main item tag 0x4
> [ 16.920834] sony 0003:054C:1000.0001: unknown main item tag 0xe
> [ 16.921904] sony 0003:054C:1000.0001: unknown main item tag 0xe
> [ 16.923006] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.924082] sony 0003:054C:1000.0001: unknown main item tag 0x2
> [ 16.925195] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.926289] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.927400] sony 0003:054C:1000.0001: unknown main item tag 0x0
> [ 16.928546] BUG: unable to handle kernel NULL pointer dereference
> at 0000000000000028
> [ 16.929951] #PF error: [normal kernel read fault]
> [ 16.930884] PGD 800000007a52b067 P4D 800000007a52b067 PUD 0
> [ 16.931836] Oops: 0000 [#1] SMP PTI
> [ 16.932437] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted
> 4.20.0-xfstests-10979-g96d4f267e40 #1
> [ 16.933752] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> BIOS 1.11.1-1ubuntu1 04/01/2014
> [ 16.935372] Workqueue: events uhid_device_add_worker
> [ 16.936321] RIP: 0010:hid_validate_values+0x48/0x110
In a sense, it's good to have a fault there because this was added to
make sure we do not blindly accept any data. The fact that it doesn't
fail gracefully is a sign that there is something else.
Maybe Roderick could have a look?
Cheers,
Benjamin
> [ 16.937690] Code: 4c 69 ce 03 01 00 00 4a 8d 44 08 0c 48 8b 44 c7
> 08 48 85 c0 0f 84 a9 00 00 00 39 88 30 08 00 00 76 53 41 89 c9 4e 8b
> 4c c8 30 <45> 39 41 28 72 69 48 83 c4 08 c3 89 f6 48 69 c6 18 08 00 00
> 48 8b
> [ 16.941067] RSP: 0018:ffffb2c880367ab0 EFLAGS: 00010286
> [ 16.941935] RAX: ffff8d54b881c870 RBX: ffff8d54b881dd08 RCX: 0000000000000000
> [ 16.943203] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8d54b881c000
> [ 16.945406] RBP: ffff8d54bacb3580 R08: 0000000000000007 R09: 0000000000000000
> [ 16.946590] R10: 0000000000000000 R11: ffff8d54b80293e6 R12: ffff8d54b881c000
> [ 16.947668] R13: dead000000000100 R14: ffff8d54b881c000 R15: ffff8d54ba4fb818
> [ 16.948765] FS: 0000000000000000(0000) GS:ffff8d54bfc00000(0000)
> knlGS:0000000000000000
> [ 16.949838] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 16.950663] CR2: 0000000000000028 CR3: 000000007a4e8002 CR4: 0000000000360ef0
> [ 16.951513] Call Trace:
> [ 16.951870] sony_input_configured+0xd6d/0x1060
> [ 16.952608] ? kobject_set_name_vargs+0x6f/0x90
> [ 16.953257] ? dev_set_name+0x57/0x70
> [ 16.953783] ? init_timer_key+0xed/0x120
> [ 16.954353] hidinput_connect+0x2fb/0x89b
> [ 16.954974] hid_connect+0x2f3/0x370
> [ 16.955489] hid_hw_start+0x38/0x60
> [ 16.956052] sony_probe+0xba/0x160
> [ 16.956541] hid_device_probe+0xf7/0x160
> [ 16.957103] ? __driver_attach+0x110/0x110
> [ 16.957689] really_probe+0xe0/0x390
> [ 16.958206] ? __driver_attach+0x110/0x110
> [ 16.958797] bus_for_each_drv+0x78/0xc0
> [ 16.959290] __device_attach+0xcc/0x130
> [ 16.959832] bus_probe_device+0x9f/0xb0
> [ 16.960407] device_add+0x422/0x680
> [ 16.960772] ? __debugfs_create_file+0xb5/0xf0
> [ 16.962459] hid_add_device+0xec/0x280
> [ 16.963517] uhid_device_add_worker+0x15/0x60
> [ 16.964304] process_one_work+0x238/0x5d0
> [ 16.965062] worker_thread+0x3d/0x390
> [ 16.965737] ? process_one_work+0x5d0/0x5d0
> [ 16.966499] kthread+0x121/0x140
> [ 16.967089] ? __kthread_create_on_node+0x1a0/0x1a0
> [ 16.967988] ret_from_fork+0x3a/0x50
> [ 16.968742] CR2: 0000000000000028
> [ 16.969394] ---[ end trace bc79f619177a8c3e ]---
> [ 16.970267] RIP: 0010:hid_validate_values+0x48/0x110
> [ 16.971167] Code: 4c 69 ce 03 01 00 00 4a 8d 44 08 0c 48 8b 44 c7
> 08 48 85 c0 0f 84 a9 00 00 00 39 88 30 08 00 00 76 53 41 89 c9 4e 8b
> 4c c8 30 <45> 39 41 28 72 69 48 83 c4 08 c3 89 f6 48 69 c6 18 08 00 00
> 48 8b
> [ 16.974023] RSP: 0018:ffffb2c880367ab0 EFLAGS: 00010286
> [ 16.974805] RAX: ffff8d54b881c870 RBX: ffff8d54b881dd08 RCX: 0000000000000000
> [ 16.975925] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8d54b881c000
> [ 16.977035] RBP: ffff8d54bacb3580 R08: 0000000000000007 R09: 0000000000000000
> [ 16.978269] R10: 0000000000000000 R11: ffff8d54b80293e6 R12: ffff8d54b881c000
> [ 16.979446] R13: dead000000000100 R14: ffff8d54b881c000 R15: ffff8d54ba4fb818
> [ 16.980503] FS: 0000000000000000(0000) GS:ffff8d54bfc00000(0000)
> knlGS:0000000000000000
> [ 16.981675] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 16.982566] CR2: 0000000000000028 CR3: 000000007a4e8002 CR4: 0000000000360ef0
> [ 16.983712] BUG: sleeping function called from invalid context at
> include/linux/percpu-rwsem.h:34
> [ 16.985362] in_atomic(): 0, irqs_disabled(): 1, pid: 5, name: kworker/0:0
> [ 16.985947] INFO: lockdep is turned off.
> [ 16.986296] irq event stamp: 4040
> [ 16.986584] hardirqs last enabled at (4039): [<ffffffffab201ed5>]
> __kmalloc_track_caller+0x185/0x310
> [ 16.987354] hardirqs last disabled at (4040): [<ffffffffab0015f4>]
> trace_hardirqs_off_thunk+0x1a/0x1c
> [ 16.988522] softirqs last enabled at (3962): [<ffffffffabc0032f>]
> __do_softirq+0x32f/0x440
> [ 16.989788] softirqs last disabled at (3955): [<ffffffffab0b32f6>]
> irq_exit+0xa6/0xe0
> [ 16.992028] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G D
> 4.20.0-xfstests-10979-g96d4f267e40 #1
> [ 16.993354] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> BIOS 1.11.1-1ubuntu1 04/01/2014
> [ 16.994960] Workqueue: events uhid_device_add_worker
> [ 16.996048] Call Trace:
> [ 16.996593] dump_stack+0x67/0x90
> [ 16.997203] ___might_sleep.cold.13+0x9f/0xaf
> [ 16.998004] exit_signals+0x1c/0x200
> [ 16.998660] do_exit+0xac/0xaf0
> [ 16.999232] ? process_one_work+0x5d0/0x5d0
> [ 16.999987] ? kthread+0x121/0x140
> [ 17.000709] rewind_stack_do_exit+0x17/0x20
>
>
> Best regards
> Anatoly
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: NULL pointer dereference when writing fuzzed data to /dev/uhid
2019-01-04 13:25 ` Benjamin Tissoires
@ 2019-01-04 13:47 ` Anatoly Trosinenko
2019-01-04 16:38 ` Roderick Colenbrander
2019-01-13 23:09 ` Pavel Machek
2 siblings, 0 replies; 10+ messages in thread
From: Anatoly Trosinenko @ 2019-01-04 13:47 UTC (permalink / raw)
To: Benjamin Tissoires
Cc: Jiri Kosina, lkml, open list:HID CORE LAYER, Roderick Colenbrander
> I wanted to tell you that I started investigating the other private
> report you sent us, but couldn't find the time to properly come with a
> fix as the fuzzed data is hard to discriminate from valid data.
Oops, I thought I was "over securing" these issues and everyone
ignored them since I heard default policy here is to not send reports
privately without a good reason, so I re-evaluated them and sent
publicly...
OTOH these ones seem to be not too severe: on the first glance they
require a physical or root access, and even if they don't, *these
ones* are only NULL dereferences.
Best regards
Anatoly
пт, 4 янв. 2019 г. в 16:25, Benjamin Tissoires <benjamin.tissoires@redhat.com>:
>
> Hi Anatoly,
>
>
> On Fri, Jan 4, 2019 at 1:32 PM Anatoly Trosinenko
> <anatoly.trosinenko@gmail.com> wrote:
> >
> > Hello,
> >
> > When writing the attached file to /dev/uhid, a NULL dereference occurs
> > in kernel. As I understand, the problem is not UHID-specific, but is
> > related to HID subsystem.
>
> Thanks for the report.
> I wanted to tell you that I started investigating the other private
> report you sent us, but couldn't find the time to properly come with a
> fix as the fuzzed data is hard to discriminate from valid data.
>
> A couple of notes though:
> - writing to uhid needs to be done by root. Any distribution that
> doesn't enforce that is doomed to have several security issues
> - we could somehow reproduce those fuzzed data on a USB or Bluetooth
> connection, but that would require physical access to the device, so
> you are doomed also
> - last IIRC, there was some attempts by the ChromeOS team to allow
> access to the HID stack from the Chrome plugins, I don't know if this
> is able to generate the issues.
>
> On the specifics reported here:
>
> >
> > How to reproduce:
> > 1) Checkout the fresh master branch of the Linux kernel (tested on
> > commit 96d4f267e)
> > 2) Compile it with the attached config (kvm-xfstests capable)
> > 3) Take one of reproducers and execute
> > cat /vtmp/repro > /dev/uhid
> >
> > What happens:
> >
> > For chicony.bin:
> >
> > root@kvm-xfstests:~# cat /vtmp/chicony.bin > /dev/uhid
> > [ 19.072703] BUG: unable to handle kernel NULL pointer dereference
> > at 0000000000000002
> > [ 19.073371] #PF error: [normal kernel read fault]
> > [ 19.073755] PGD 8000000078b2c067 P4D 8000000078b2c067 PUD 0
> > [ 19.074223] Oops: 0000 [#1] SMP PTI
> > [ 19.074809] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted
> > 4.20.0-xfstests-10979-g96d4f267e40 #1
> > [ 19.075965] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> > BIOS 1.11.1-1ubuntu1 04/01/2014
> > [ 19.077599] Workqueue: events uhid_device_add_worker
> > [ 19.078019] RIP: 0010:ch_switch12_report_fixup+0x13/0x70
>
> This driver expects the device to be connected on USB, and you are
> triggering the oops because you are on uhid.
> I am chasing the USB dependencies in most drivers, but this is a hard
> task to do when I do not have access to the actual devices.
>
> I guess one way of fixing that is to add a check for the actual
> transport driver during probe:
> hid_is_using_ll_driver(hdev, &usb_hid_driver)
>
> Patches are welcome :)
>
> > [ 19.078462] Code: 49 8b 00 3e 80 60 20 df b8 01 00 00 00 c3 66 0f
> > 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 8f 48 19 00 00 48 89 f0 48
> > 8b 49 d8 <80> 79 02 01 74 01 c3 81 7f 3c 21 14 00 00 75 f6 83 3a 7f 76
> > f1 80
> > [ 19.080103] RSP: 0018:ffffa1d880367c48 EFLAGS: 00010286
> > [ 19.080541] RAX: ffff9b653d27b180 RBX: ffff9b653a6fb948 RCX: 0000000000000000
> > [ 19.081133] RDX: ffffa1d880367c5c RSI: ffff9b653d27b180 RDI: ffff9b653a6fa000
> > [ 19.081780] RBP: ffff9b653d27b180 R08: 000000064992eed0 R09: 0000000000000000
> > [ 19.082409] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9b653a6fa000
> > [ 19.083017] R13: ffffffff83f14510 R14: ffffffff83f14440 R15: 0000000000000000
> > [ 19.083619] FS: 0000000000000000(0000) GS:ffff9b653fc00000(0000)
> > knlGS:0000000000000000
> > [ 19.084362] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 19.085164] CR2: 0000000000000002 CR3: 00000000788b8004 CR4: 0000000000360ef0
> > [ 19.085789] Call Trace:
> > [ 19.086011] hid_open_report+0x81/0x2c0
> > [ 19.086341] hid_device_probe+0x135/0x160
> > [ 19.086754] ? __driver_attach+0x110/0x110
> > [ 19.087109] really_probe+0xe0/0x390
> > [ 19.087411] ? __driver_attach+0x110/0x110
> > [ 19.087782] bus_for_each_drv+0x78/0xc0
> > [ 19.088134] __device_attach+0xcc/0x130
> > [ 19.088477] bus_probe_device+0x9f/0xb0
> > [ 19.088832] device_add+0x422/0x680
> > [ 19.089144] ? __debugfs_create_file+0xb5/0xf0
> > [ 19.089536] hid_add_device+0xec/0x280
> > [ 19.089880] uhid_device_add_worker+0x15/0x60
> > [ 19.090270] process_one_work+0x238/0x5d0
> > [ 19.090627] worker_thread+0x3d/0x390
> > [ 19.090959] ? process_one_work+0x5d0/0x5d0
> > [ 19.091331] kthread+0x121/0x140
> > [ 19.096732] ? __kthread_create_on_node+0x1a0/0x1a0
> > [ 19.097164] ret_from_fork+0x3a/0x50
> > [ 19.097483] CR2: 0000000000000002
> > [ 19.097779] ---[ end trace 1b547acaae113039 ]---
> > [ 19.098186] RIP: 0010:ch_switch12_report_fixup+0x13/0x70
> > [ 19.098621] Code: 49 8b 00 3e 80 60 20 df b8 01 00 00 00 c3 66 0f
> > 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 8b 8f 48 19 00 00 48 89 f0 48
> > 8b 49 d8 <80> 79 02 01 74 01 c3 81 7f 3c 21 14 00 00 75 f6 83 3a 7f 76
> > f1 80
> > [ 19.100251] RSP: 0018:ffffa1d880367c48 EFLAGS: 00010286
> > [ 19.100707] RAX: ffff9b653d27b180 RBX: ffff9b653a6fb948 RCX: 0000000000000000
> > [ 19.101321] RDX: ffffa1d880367c5c RSI: ffff9b653d27b180 RDI: ffff9b653a6fa000
> > [ 19.102448] RBP: ffff9b653d27b180 R08: 000000064992eed0 R09: 0000000000000000
> > [ 19.103029] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9b653a6fa000
> > [ 19.103601] R13: ffffffff83f14510 R14: ffffffff83f14440 R15: 0000000000000000
> > [ 19.104173] FS: 0000000000000000(0000) GS:ffff9b653fc00000(0000)
> > knlGS:0000000000000000
> > [ 19.104823] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 19.105289] CR2: 0000000000000002 CR3: 00000000788b8004 CR4: 0000000000360ef0
> > [ 19.105864] BUG: sleeping function called from invalid context at
> > include/linux/percpu-rwsem.h:34
> > [ 19.106578] in_atomic(): 0, irqs_disabled(): 1, pid: 5, name: kworker/0:0
> > [ 19.107671] INFO: lockdep is turned off.
> > [ 19.108384] irq event stamp: 3576
> > [ 19.108976] hardirqs last enabled at (3575): [<ffffffff82e01ed5>]
> > __kmalloc_track_caller+0x185/0x310
> > [ 19.112970] hardirqs last disabled at (3576): [<ffffffff82c015f4>]
> > trace_hardirqs_off_thunk+0x1a/0x1c
> > [ 19.114557] softirqs last enabled at (3504): [<ffffffff834002b1>]
> > peernet2id+0x51/0x80
> > [ 19.115897] softirqs last disabled at (3502): [<ffffffff83400292>]
> > peernet2id+0x32/0x80
> > [ 19.117319] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G D
> > 4.20.0-xfstests-10979-g96d4f267e40 #1
> > [ 19.118739] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> > BIOS 1.11.1-1ubuntu1 04/01/2014
> > [ 19.120049] Workqueue: events uhid_device_add_worker
> > [ 19.120767] Call Trace:
> > [ 19.121127] dump_stack+0x67/0x90
> > [ 19.121622] ___might_sleep.cold.13+0x9f/0xaf
> > [ 19.122278] exit_signals+0x1c/0x200
> > [ 19.122792] do_exit+0xac/0xaf0
> > [ 19.123619] ? process_one_work+0x5d0/0x5d0
> > [ 19.124520] ? kthread+0x121/0x140
> > [ 19.125050] rewind_stack_do_exit+0x17/0x20
> >
> > For sony.bin:
> >
> > root@kvm-xfstests:~# cat /vtmp/sony.bin > /dev/uhid
> > [ 16.891931] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.892432] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.892894] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.893362] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.893844] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.895389] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.898165] sony 0003:054C:1000.0001: ignoring exceeding usage max
> > [ 16.901190] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.903797] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.906401] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.908957] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.911449] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.913936] sony 0003:054C:1000.0001: unknown main item tag 0x1
> > [ 16.916551] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.918454] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.919743] sony 0003:054C:1000.0001: unknown main item tag 0x4
> > [ 16.920834] sony 0003:054C:1000.0001: unknown main item tag 0xe
> > [ 16.921904] sony 0003:054C:1000.0001: unknown main item tag 0xe
> > [ 16.923006] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.924082] sony 0003:054C:1000.0001: unknown main item tag 0x2
> > [ 16.925195] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.926289] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.927400] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.928546] BUG: unable to handle kernel NULL pointer dereference
> > at 0000000000000028
> > [ 16.929951] #PF error: [normal kernel read fault]
> > [ 16.930884] PGD 800000007a52b067 P4D 800000007a52b067 PUD 0
> > [ 16.931836] Oops: 0000 [#1] SMP PTI
> > [ 16.932437] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted
> > 4.20.0-xfstests-10979-g96d4f267e40 #1
> > [ 16.933752] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> > BIOS 1.11.1-1ubuntu1 04/01/2014
> > [ 16.935372] Workqueue: events uhid_device_add_worker
> > [ 16.936321] RIP: 0010:hid_validate_values+0x48/0x110
>
> In a sense, it's good to have a fault there because this was added to
> make sure we do not blindly accept any data. The fact that it doesn't
> fail gracefully is a sign that there is something else.
> Maybe Roderick could have a look?
>
> Cheers,
> Benjamin
>
> > [ 16.937690] Code: 4c 69 ce 03 01 00 00 4a 8d 44 08 0c 48 8b 44 c7
> > 08 48 85 c0 0f 84 a9 00 00 00 39 88 30 08 00 00 76 53 41 89 c9 4e 8b
> > 4c c8 30 <45> 39 41 28 72 69 48 83 c4 08 c3 89 f6 48 69 c6 18 08 00 00
> > 48 8b
> > [ 16.941067] RSP: 0018:ffffb2c880367ab0 EFLAGS: 00010286
> > [ 16.941935] RAX: ffff8d54b881c870 RBX: ffff8d54b881dd08 RCX: 0000000000000000
> > [ 16.943203] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8d54b881c000
> > [ 16.945406] RBP: ffff8d54bacb3580 R08: 0000000000000007 R09: 0000000000000000
> > [ 16.946590] R10: 0000000000000000 R11: ffff8d54b80293e6 R12: ffff8d54b881c000
> > [ 16.947668] R13: dead000000000100 R14: ffff8d54b881c000 R15: ffff8d54ba4fb818
> > [ 16.948765] FS: 0000000000000000(0000) GS:ffff8d54bfc00000(0000)
> > knlGS:0000000000000000
> > [ 16.949838] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 16.950663] CR2: 0000000000000028 CR3: 000000007a4e8002 CR4: 0000000000360ef0
> > [ 16.951513] Call Trace:
> > [ 16.951870] sony_input_configured+0xd6d/0x1060
> > [ 16.952608] ? kobject_set_name_vargs+0x6f/0x90
> > [ 16.953257] ? dev_set_name+0x57/0x70
> > [ 16.953783] ? init_timer_key+0xed/0x120
> > [ 16.954353] hidinput_connect+0x2fb/0x89b
> > [ 16.954974] hid_connect+0x2f3/0x370
> > [ 16.955489] hid_hw_start+0x38/0x60
> > [ 16.956052] sony_probe+0xba/0x160
> > [ 16.956541] hid_device_probe+0xf7/0x160
> > [ 16.957103] ? __driver_attach+0x110/0x110
> > [ 16.957689] really_probe+0xe0/0x390
> > [ 16.958206] ? __driver_attach+0x110/0x110
> > [ 16.958797] bus_for_each_drv+0x78/0xc0
> > [ 16.959290] __device_attach+0xcc/0x130
> > [ 16.959832] bus_probe_device+0x9f/0xb0
> > [ 16.960407] device_add+0x422/0x680
> > [ 16.960772] ? __debugfs_create_file+0xb5/0xf0
> > [ 16.962459] hid_add_device+0xec/0x280
> > [ 16.963517] uhid_device_add_worker+0x15/0x60
> > [ 16.964304] process_one_work+0x238/0x5d0
> > [ 16.965062] worker_thread+0x3d/0x390
> > [ 16.965737] ? process_one_work+0x5d0/0x5d0
> > [ 16.966499] kthread+0x121/0x140
> > [ 16.967089] ? __kthread_create_on_node+0x1a0/0x1a0
> > [ 16.967988] ret_from_fork+0x3a/0x50
> > [ 16.968742] CR2: 0000000000000028
> > [ 16.969394] ---[ end trace bc79f619177a8c3e ]---
> > [ 16.970267] RIP: 0010:hid_validate_values+0x48/0x110
> > [ 16.971167] Code: 4c 69 ce 03 01 00 00 4a 8d 44 08 0c 48 8b 44 c7
> > 08 48 85 c0 0f 84 a9 00 00 00 39 88 30 08 00 00 76 53 41 89 c9 4e 8b
> > 4c c8 30 <45> 39 41 28 72 69 48 83 c4 08 c3 89 f6 48 69 c6 18 08 00 00
> > 48 8b
> > [ 16.974023] RSP: 0018:ffffb2c880367ab0 EFLAGS: 00010286
> > [ 16.974805] RAX: ffff8d54b881c870 RBX: ffff8d54b881dd08 RCX: 0000000000000000
> > [ 16.975925] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8d54b881c000
> > [ 16.977035] RBP: ffff8d54bacb3580 R08: 0000000000000007 R09: 0000000000000000
> > [ 16.978269] R10: 0000000000000000 R11: ffff8d54b80293e6 R12: ffff8d54b881c000
> > [ 16.979446] R13: dead000000000100 R14: ffff8d54b881c000 R15: ffff8d54ba4fb818
> > [ 16.980503] FS: 0000000000000000(0000) GS:ffff8d54bfc00000(0000)
> > knlGS:0000000000000000
> > [ 16.981675] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 16.982566] CR2: 0000000000000028 CR3: 000000007a4e8002 CR4: 0000000000360ef0
> > [ 16.983712] BUG: sleeping function called from invalid context at
> > include/linux/percpu-rwsem.h:34
> > [ 16.985362] in_atomic(): 0, irqs_disabled(): 1, pid: 5, name: kworker/0:0
> > [ 16.985947] INFO: lockdep is turned off.
> > [ 16.986296] irq event stamp: 4040
> > [ 16.986584] hardirqs last enabled at (4039): [<ffffffffab201ed5>]
> > __kmalloc_track_caller+0x185/0x310
> > [ 16.987354] hardirqs last disabled at (4040): [<ffffffffab0015f4>]
> > trace_hardirqs_off_thunk+0x1a/0x1c
> > [ 16.988522] softirqs last enabled at (3962): [<ffffffffabc0032f>]
> > __do_softirq+0x32f/0x440
> > [ 16.989788] softirqs last disabled at (3955): [<ffffffffab0b32f6>]
> > irq_exit+0xa6/0xe0
> > [ 16.992028] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G D
> > 4.20.0-xfstests-10979-g96d4f267e40 #1
> > [ 16.993354] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> > BIOS 1.11.1-1ubuntu1 04/01/2014
> > [ 16.994960] Workqueue: events uhid_device_add_worker
> > [ 16.996048] Call Trace:
> > [ 16.996593] dump_stack+0x67/0x90
> > [ 16.997203] ___might_sleep.cold.13+0x9f/0xaf
> > [ 16.998004] exit_signals+0x1c/0x200
> > [ 16.998660] do_exit+0xac/0xaf0
> > [ 16.999232] ? process_one_work+0x5d0/0x5d0
> > [ 16.999987] ? kthread+0x121/0x140
> > [ 17.000709] rewind_stack_do_exit+0x17/0x20
> >
> >
> > Best regards
> > Anatoly
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: NULL pointer dereference when writing fuzzed data to /dev/uhid
2019-01-04 13:25 ` Benjamin Tissoires
2019-01-04 13:47 ` Anatoly Trosinenko
@ 2019-01-04 16:38 ` Roderick Colenbrander
2019-01-04 17:04 ` Anatoly Trosinenko
2019-01-13 23:09 ` Pavel Machek
2 siblings, 1 reply; 10+ messages in thread
From: Roderick Colenbrander @ 2019-01-04 16:38 UTC (permalink / raw)
To: Benjamin Tissoires
Cc: Anatoly Trosinenko, Jiri Kosina, lkml, open list:HID CORE LAYER
> > For sony.bin:
> >
> > root@kvm-xfstests:~# cat /vtmp/sony.bin > /dev/uhid
> > [ 16.891931] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.892432] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.892894] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.893362] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.893844] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.895389] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.898165] sony 0003:054C:1000.0001: ignoring exceeding usage max
> > [ 16.901190] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.903797] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.906401] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.908957] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.911449] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.913936] sony 0003:054C:1000.0001: unknown main item tag 0x1
> > [ 16.916551] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.918454] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.919743] sony 0003:054C:1000.0001: unknown main item tag 0x4
> > [ 16.920834] sony 0003:054C:1000.0001: unknown main item tag 0xe
> > [ 16.921904] sony 0003:054C:1000.0001: unknown main item tag 0xe
> > [ 16.923006] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.924082] sony 0003:054C:1000.0001: unknown main item tag 0x2
> > [ 16.925195] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.926289] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.927400] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > [ 16.928546] BUG: unable to handle kernel NULL pointer dereference
> > at 0000000000000028
> > [ 16.929951] #PF error: [normal kernel read fault]
> > [ 16.930884] PGD 800000007a52b067 P4D 800000007a52b067 PUD 0
> > [ 16.931836] Oops: 0000 [#1] SMP PTI
> > [ 16.932437] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted
> > 4.20.0-xfstests-10979-g96d4f267e40 #1
> > [ 16.933752] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> > BIOS 1.11.1-1ubuntu1 04/01/2014
> > [ 16.935372] Workqueue: events uhid_device_add_worker
> > [ 16.936321] RIP: 0010:hid_validate_values+0x48/0x110
>
> In a sense, it's good to have a fault there because this was added to
> make sure we do not blindly accept any data. The fact that it doesn't
> fail gracefully is a sign that there is something else.
> Maybe Roderick could have a look?
>
> Cheers,
> Benjamin
>
Sure I can have a look. Would you be able to share the sony.bin file?
Did you inject a particular device? We do a lot of remapping and
processing in hid-sony at startup. It is probably related to that.
Thanks,
Roderick
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: NULL pointer dereference when writing fuzzed data to /dev/uhid
2019-01-04 16:38 ` Roderick Colenbrander
@ 2019-01-04 17:04 ` Anatoly Trosinenko
2019-01-04 21:35 ` Roderick Colenbrander
0 siblings, 1 reply; 10+ messages in thread
From: Anatoly Trosinenko @ 2019-01-04 17:04 UTC (permalink / raw)
To: Roderick Colenbrander
Cc: Benjamin Tissoires, Jiri Kosina, lkml, open list:HID CORE LAYER
[-- Attachment #1: Type: text/plain, Size: 3371 bytes --]
> Would you be able to share the sony.bin file?
Sent it in this message.
> Did you inject a particular device?
If you are asking me, then no, I blindly send fuzzed data with a
simple (but quite large and not very meaningful) header. That time it
just turned out to be Sony-like descriptor :)
Best regards
Anatoly
пт, 4 янв. 2019 г. в 19:38, Roderick Colenbrander <thunderbird2k@gmail.com>:
>
> > > For sony.bin:
> > >
> > > root@kvm-xfstests:~# cat /vtmp/sony.bin > /dev/uhid
> > > [ 16.891931] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.892432] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.892894] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.893362] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.893844] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.895389] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.898165] sony 0003:054C:1000.0001: ignoring exceeding usage max
> > > [ 16.901190] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.903797] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.906401] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.908957] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.911449] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.913936] sony 0003:054C:1000.0001: unknown main item tag 0x1
> > > [ 16.916551] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.918454] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.919743] sony 0003:054C:1000.0001: unknown main item tag 0x4
> > > [ 16.920834] sony 0003:054C:1000.0001: unknown main item tag 0xe
> > > [ 16.921904] sony 0003:054C:1000.0001: unknown main item tag 0xe
> > > [ 16.923006] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.924082] sony 0003:054C:1000.0001: unknown main item tag 0x2
> > > [ 16.925195] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.926289] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.927400] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > [ 16.928546] BUG: unable to handle kernel NULL pointer dereference
> > > at 0000000000000028
> > > [ 16.929951] #PF error: [normal kernel read fault]
> > > [ 16.930884] PGD 800000007a52b067 P4D 800000007a52b067 PUD 0
> > > [ 16.931836] Oops: 0000 [#1] SMP PTI
> > > [ 16.932437] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted
> > > 4.20.0-xfstests-10979-g96d4f267e40 #1
> > > [ 16.933752] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> > > BIOS 1.11.1-1ubuntu1 04/01/2014
> > > [ 16.935372] Workqueue: events uhid_device_add_worker
> > > [ 16.936321] RIP: 0010:hid_validate_values+0x48/0x110
> >
> > In a sense, it's good to have a fault there because this was added to
> > make sure we do not blindly accept any data. The fact that it doesn't
> > fail gracefully is a sign that there is something else.
> > Maybe Roderick could have a look?
> >
> > Cheers,
> > Benjamin
> >
>
> Sure I can have a look. Would you be able to share the sony.bin file?
> Did you inject a particular device? We do a lot of remapping and
> processing in hid-sony at startup. It is probably related to that.
>
> Thanks,
> Roderick
[-- Attachment #2: sony.bin --]
[-- Type: application/octet-stream, Size: 471 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: NULL pointer dereference when writing fuzzed data to /dev/uhid
2019-01-04 17:04 ` Anatoly Trosinenko
@ 2019-01-04 21:35 ` Roderick Colenbrander
0 siblings, 0 replies; 10+ messages in thread
From: Roderick Colenbrander @ 2019-01-04 21:35 UTC (permalink / raw)
To: Anatoly Trosinenko
Cc: Benjamin Tissoires, Jiri Kosina, lkml, open list:HID CORE LAYER
Thanks, it seems the tests created a Buzz controller. It is
sony_led_init (called from sony_input_configured), which calls
hid_validate_values. It is hid_validate_values, which is unhappy due
to obviously corrupted reports.
I'm not too familiar with hid_validate_values, but it seems to access
a bunch of data structures on the HID device. The code probably makes
some assumptions. Fixing this issue requires some more sanity
checking, if it is worth it.
Thanks,
Roderick
On Fri, Jan 4, 2019 at 9:04 AM Anatoly Trosinenko
<anatoly.trosinenko@gmail.com> wrote:
>
> > Would you be able to share the sony.bin file?
> Sent it in this message.
>
> > Did you inject a particular device?
> If you are asking me, then no, I blindly send fuzzed data with a
> simple (but quite large and not very meaningful) header. That time it
> just turned out to be Sony-like descriptor :)
>
> Best regards
> Anatoly
>
> пт, 4 янв. 2019 г. в 19:38, Roderick Colenbrander <thunderbird2k@gmail.com>:
> >
> > > > For sony.bin:
> > > >
> > > > root@kvm-xfstests:~# cat /vtmp/sony.bin > /dev/uhid
> > > > [ 16.891931] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.892432] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.892894] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.893362] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.893844] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.895389] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.898165] sony 0003:054C:1000.0001: ignoring exceeding usage max
> > > > [ 16.901190] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.903797] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.906401] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.908957] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.911449] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.913936] sony 0003:054C:1000.0001: unknown main item tag 0x1
> > > > [ 16.916551] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.918454] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.919743] sony 0003:054C:1000.0001: unknown main item tag 0x4
> > > > [ 16.920834] sony 0003:054C:1000.0001: unknown main item tag 0xe
> > > > [ 16.921904] sony 0003:054C:1000.0001: unknown main item tag 0xe
> > > > [ 16.923006] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.924082] sony 0003:054C:1000.0001: unknown main item tag 0x2
> > > > [ 16.925195] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.926289] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.927400] sony 0003:054C:1000.0001: unknown main item tag 0x0
> > > > [ 16.928546] BUG: unable to handle kernel NULL pointer dereference
> > > > at 0000000000000028
> > > > [ 16.929951] #PF error: [normal kernel read fault]
> > > > [ 16.930884] PGD 800000007a52b067 P4D 800000007a52b067 PUD 0
> > > > [ 16.931836] Oops: 0000 [#1] SMP PTI
> > > > [ 16.932437] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted
> > > > 4.20.0-xfstests-10979-g96d4f267e40 #1
> > > > [ 16.933752] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> > > > BIOS 1.11.1-1ubuntu1 04/01/2014
> > > > [ 16.935372] Workqueue: events uhid_device_add_worker
> > > > [ 16.936321] RIP: 0010:hid_validate_values+0x48/0x110
> > >
> > > In a sense, it's good to have a fault there because this was added to
> > > make sure we do not blindly accept any data. The fact that it doesn't
> > > fail gracefully is a sign that there is something else.
> > > Maybe Roderick could have a look?
> > >
> > > Cheers,
> > > Benjamin
> > >
> >
> > Sure I can have a look. Would you be able to share the sony.bin file?
> > Did you inject a particular device? We do a lot of remapping and
> > processing in hid-sony at startup. It is probably related to that.
> >
> > Thanks,
> > Roderick
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: NULL pointer dereference when writing fuzzed data to /dev/uhid
2019-01-04 13:25 ` Benjamin Tissoires
2019-01-04 13:47 ` Anatoly Trosinenko
2019-01-04 16:38 ` Roderick Colenbrander
@ 2019-01-13 23:09 ` Pavel Machek
2019-01-14 14:23 ` Anatoly Trosinenko
2 siblings, 1 reply; 10+ messages in thread
From: Pavel Machek @ 2019-01-13 23:09 UTC (permalink / raw)
To: Benjamin Tissoires
Cc: Anatoly Trosinenko, Jiri Kosina, lkml, open list:HID CORE LAYER,
Roderick Colenbrander
[-- Attachment #1: Type: text/plain, Size: 1244 bytes --]
Hi!
I just want to note that while these may not be high-priority, they
are still security holes to be fixed.
> > When writing the attached file to /dev/uhid, a NULL dereference occurs
> > in kernel. As I understand, the problem is not UHID-specific, but is
> > related to HID subsystem.
>
> Thanks for the report.
> I wanted to tell you that I started investigating the other private
> report you sent us, but couldn't find the time to properly come with a
> fix as the fuzzed data is hard to discriminate from valid data.
>
> A couple of notes though:
> - writing to uhid needs to be done by root. Any distribution that
> doesn't enforce that is doomed to have several security issues
We want to protect kernel from root, too.
> - we could somehow reproduce those fuzzed data on a USB or Bluetooth
> connection, but that would require physical access to the device, so
> you are doomed also
Not neccessarily. Imagine a kiosk where PC is protected but keyboard
uses USB connection. If our USB stack is buggy, you are doomed... but
you should not be ;-).
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: NULL pointer dereference when writing fuzzed data to /dev/uhid
2019-01-13 23:09 ` Pavel Machek
@ 2019-01-14 14:23 ` Anatoly Trosinenko
2019-01-14 14:55 ` Benjamin Tissoires
0 siblings, 1 reply; 10+ messages in thread
From: Anatoly Trosinenko @ 2019-01-14 14:23 UTC (permalink / raw)
To: Pavel Machek
Cc: Benjamin Tissoires, Jiri Kosina, lkml, open list:HID CORE LAYER,
Roderick Colenbrander
> fuzzed data is hard to discriminate from valid data.
Just in case it can be helpful... If it is about manually "parsing"
descriptors to understand what is wrong by hands, then maybe Kaitai
Struct parser generator can help. I understand it is probably not
suited well for in-kernel binary parsing, but given a text-form
description of a format, it can visualize parsed binary data as a
hierarchical structure.
Best regards
Anatoly
пн, 14 янв. 2019 г. в 02:09, Pavel Machek <pavel@ucw.cz>:
>
> Hi!
>
> I just want to note that while these may not be high-priority, they
> are still security holes to be fixed.
>
> > > When writing the attached file to /dev/uhid, a NULL dereference occurs
> > > in kernel. As I understand, the problem is not UHID-specific, but is
> > > related to HID subsystem.
> >
> > Thanks for the report.
> > I wanted to tell you that I started investigating the other private
> > report you sent us, but couldn't find the time to properly come with a
> > fix as the fuzzed data is hard to discriminate from valid data.
> >
> > A couple of notes though:
> > - writing to uhid needs to be done by root. Any distribution that
> > doesn't enforce that is doomed to have several security issues
>
> We want to protect kernel from root, too.
>
> > - we could somehow reproduce those fuzzed data on a USB or Bluetooth
> > connection, but that would require physical access to the device, so
> > you are doomed also
>
> Not neccessarily. Imagine a kiosk where PC is protected but keyboard
> uses USB connection. If our USB stack is buggy, you are doomed... but
> you should not be ;-).
> Pavel
> --
> (english) http://www.livejournal.com/~pavelmachek
> (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: NULL pointer dereference when writing fuzzed data to /dev/uhid
2019-01-14 14:23 ` Anatoly Trosinenko
@ 2019-01-14 14:55 ` Benjamin Tissoires
2019-01-14 15:00 ` Anatoly Trosinenko
0 siblings, 1 reply; 10+ messages in thread
From: Benjamin Tissoires @ 2019-01-14 14:55 UTC (permalink / raw)
To: Anatoly Trosinenko
Cc: Pavel Machek, Jiri Kosina, lkml, open list:HID CORE LAYER,
Roderick Colenbrander
On Mon, Jan 14, 2019 at 3:23 PM Anatoly Trosinenko
<anatoly.trosinenko@gmail.com> wrote:
>
> > fuzzed data is hard to discriminate from valid data.
>
> Just in case it can be helpful... If it is about manually "parsing"
> descriptors to understand what is wrong by hands, then maybe Kaitai
> Struct parser generator can help. I understand it is probably not
> suited well for in-kernel binary parsing, but given a text-form
> description of a format, it can visualize parsed binary data as a
> hierarchical structure.
Well, the data and parsing is pretty straightforward (see
http://who-t.blogspot.com/2018/12/understanding-hid-report-descriptors.html
if you want to have an entertaining understanding, instead of reading
the specs). The problem is the fuzzed data looks like a correct one,
but there is garbage in the middle.
And we can not simply rely on some global CRC that would prevent
fuzzing because there is none. And the report descriptor is in the
device, so we can't upgrade all of them.
So in the end, sending a fuzz HID report descriptor is like sending a
language grammar that doesn't mean anything. The parser says, "well,
yes, why not", but sometime the rest of the drivers expect a little
bit more, and this is where it gets hard to see.
Cheers,
Benjamin
>
> Best regards
> Anatoly
>
> пн, 14 янв. 2019 г. в 02:09, Pavel Machek <pavel@ucw.cz>:
>
> >
> > Hi!
> >
> > I just want to note that while these may not be high-priority, they
> > are still security holes to be fixed.
> >
> > > > When writing the attached file to /dev/uhid, a NULL dereference occurs
> > > > in kernel. As I understand, the problem is not UHID-specific, but is
> > > > related to HID subsystem.
> > >
> > > Thanks for the report.
> > > I wanted to tell you that I started investigating the other private
> > > report you sent us, but couldn't find the time to properly come with a
> > > fix as the fuzzed data is hard to discriminate from valid data.
> > >
> > > A couple of notes though:
> > > - writing to uhid needs to be done by root. Any distribution that
> > > doesn't enforce that is doomed to have several security issues
> >
> > We want to protect kernel from root, too.
> >
> > > - we could somehow reproduce those fuzzed data on a USB or Bluetooth
> > > connection, but that would require physical access to the device, so
> > > you are doomed also
> >
> > Not neccessarily. Imagine a kiosk where PC is protected but keyboard
> > uses USB connection. If our USB stack is buggy, you are doomed... but
> > you should not be ;-).
> > Pavel
> > --
> > (english) http://www.livejournal.com/~pavelmachek
> > (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: NULL pointer dereference when writing fuzzed data to /dev/uhid
2019-01-14 14:55 ` Benjamin Tissoires
@ 2019-01-14 15:00 ` Anatoly Trosinenko
0 siblings, 0 replies; 10+ messages in thread
From: Anatoly Trosinenko @ 2019-01-14 15:00 UTC (permalink / raw)
To: Benjamin Tissoires
Cc: Pavel Machek, Jiri Kosina, lkml, open list:HID CORE LAYER,
Roderick Colenbrander
Thank you for the explanation!
Best regards
Anatoly
пн, 14 янв. 2019 г. в 17:55, Benjamin Tissoires <benjamin.tissoires@redhat.com>:
>
> On Mon, Jan 14, 2019 at 3:23 PM Anatoly Trosinenko
> <anatoly.trosinenko@gmail.com> wrote:
> >
> > > fuzzed data is hard to discriminate from valid data.
> >
> > Just in case it can be helpful... If it is about manually "parsing"
> > descriptors to understand what is wrong by hands, then maybe Kaitai
> > Struct parser generator can help. I understand it is probably not
> > suited well for in-kernel binary parsing, but given a text-form
> > description of a format, it can visualize parsed binary data as a
> > hierarchical structure.
>
> Well, the data and parsing is pretty straightforward (see
> http://who-t.blogspot.com/2018/12/understanding-hid-report-descriptors.html
> if you want to have an entertaining understanding, instead of reading
> the specs). The problem is the fuzzed data looks like a correct one,
> but there is garbage in the middle.
>
> And we can not simply rely on some global CRC that would prevent
> fuzzing because there is none. And the report descriptor is in the
> device, so we can't upgrade all of them.
>
> So in the end, sending a fuzz HID report descriptor is like sending a
> language grammar that doesn't mean anything. The parser says, "well,
> yes, why not", but sometime the rest of the drivers expect a little
> bit more, and this is where it gets hard to see.
>
> Cheers,
> Benjamin
>
> >
> > Best regards
> > Anatoly
> >
> > пн, 14 янв. 2019 г. в 02:09, Pavel Machek <pavel@ucw.cz>:
> >
> > >
> > > Hi!
> > >
> > > I just want to note that while these may not be high-priority, they
> > > are still security holes to be fixed.
> > >
> > > > > When writing the attached file to /dev/uhid, a NULL dereference occurs
> > > > > in kernel. As I understand, the problem is not UHID-specific, but is
> > > > > related to HID subsystem.
> > > >
> > > > Thanks for the report.
> > > > I wanted to tell you that I started investigating the other private
> > > > report you sent us, but couldn't find the time to properly come with a
> > > > fix as the fuzzed data is hard to discriminate from valid data.
> > > >
> > > > A couple of notes though:
> > > > - writing to uhid needs to be done by root. Any distribution that
> > > > doesn't enforce that is doomed to have several security issues
> > >
> > > We want to protect kernel from root, too.
> > >
> > > > - we could somehow reproduce those fuzzed data on a USB or Bluetooth
> > > > connection, but that would require physical access to the device, so
> > > > you are doomed also
> > >
> > > Not neccessarily. Imagine a kiosk where PC is protected but keyboard
> > > uses USB connection. If our USB stack is buggy, you are doomed... but
> > > you should not be ;-).
> > > Pavel
> > > --
> > > (english) http://www.livejournal.com/~pavelmachek
> > > (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2019-01-14 15:00 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-04 12:32 NULL pointer dereference when writing fuzzed data to /dev/uhid Anatoly Trosinenko
2019-01-04 13:25 ` Benjamin Tissoires
2019-01-04 13:47 ` Anatoly Trosinenko
2019-01-04 16:38 ` Roderick Colenbrander
2019-01-04 17:04 ` Anatoly Trosinenko
2019-01-04 21:35 ` Roderick Colenbrander
2019-01-13 23:09 ` Pavel Machek
2019-01-14 14:23 ` Anatoly Trosinenko
2019-01-14 14:55 ` Benjamin Tissoires
2019-01-14 15:00 ` Anatoly Trosinenko
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.