From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 950B5C433DB for ; Thu, 11 Mar 2021 17:20:07 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1965864FE5 for ; Thu, 11 Mar 2021 17:20:07 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1965864FE5 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=ObKZb4EY63ZvMtk/7jz9hK+Jtsf6Gt0znV/xbVcoEOc=; b=hezp5wNcD+DNgPfcZNR3M7mCT Gd+Nx1yIFibAOUrMPnpxEP7ngUh8aVILoMdHFhV018TbhNuuH2PSlRjk2x7upg5x3jyqwg+DGcEHV yXaHet5Y//+rwLGLC674w4jiAgcA2PM5vPZSaBgeeBLuCKuFy/OVp+uNWAEerVzS9dfht9uy+Asaf u7E0vZNU+PE47JJ9bjngHYxcMOnT90Jkta54YfkBcIBP3//CBChzLKB45vunTrUiksCU7pzUfd5d0 UuHm+fOhI4Cj/cudSiQgTx6o5gnbb9Zbs/9UY/5svRSQ8ZAc+OwHaATnVcnZIyOD5z+cJpOYRYujo Ujs1oSGFA==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lKOxB-009hMB-Ls; Thu, 11 Mar 2021 17:18:29 +0000 Received: from mail-qk1-x72f.google.com ([2607:f8b0:4864:20::72f]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lKOr5-009fwL-Tr for linux-arm-kernel@lists.infradead.org; Thu, 11 Mar 2021 17:12:15 +0000 Received: by mail-qk1-x72f.google.com with SMTP id d20so21389745qkc.2 for ; Thu, 11 Mar 2021 09:12:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TSvvLBAPJ0EX/aN6NElajlnxXdyur7jPRoQFWWwQZ4k=; b=Cp3CzBv9k1N0jru2/I09rgwa1ckIYCaJ25o692QLbFYcD1Sqch2sbvaBnEF8B9+XFX bI140VmL7hiW+m5PMPmAjzYoJGbWUbA7Je9O4IoTxoE2bRroisTf6RAdverjSi5PxUbf 3cuEBLKVcJ9k81q3RAKmRy8Ucoghnhw3wNrGw1Qy7LEQJAIUaGDxCd126TpqoFMKkUbO VGMnhrDH4NicdgU0KfuBOiEWjrjMR8rhlQsXR+PTq3XVRG2NZIUwc1jGRAT49zhx014s v0Jbups5hH/WtBdjtrUccOd8NARjrxAoqI1B4auIotrOM80ZcOpFAZEefqf/baJw6QB2 0CWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TSvvLBAPJ0EX/aN6NElajlnxXdyur7jPRoQFWWwQZ4k=; b=RKM67dvtbX46GllFWAcNHJOJy8H1T0rszAxEKNo4ct8aznrRTFrE4N9B5hfCP4U8cY d5VX3ltRmfEpfCQKDJJpDrkxDoXEeGvNc13A2G7gWVjYW8bOeF/iWGWdAUGAwKikd+T4 pfmROH9YybddpU5Uh98xdPV2WsF9FkBM0y++bbAQs0L9ZWdMZjU/HpNdiLWhJztWCeXM quSYDLvjoj9hTry4viD3Bbyd6RmpKChHEojg1bN6K45nWCfWcL8Nsa/YOZmIrZ7U03bB S3IgFPxsdl+OBsV6ndA336dFfpp5ZAxdg5ycyKYJLUFLCMzm/MpSL1oJXTdluY9iQFPz ttVA== X-Gm-Message-State: AOAM530voXr5sb2RvWjewlJrevVVaqWfuQEmta+7L3Qto+Mb89bmRivd cogshwGC52/DBQqo6MuiBtmlJNSs77RRJrc3T8sVKg== X-Google-Smtp-Source: ABdhPJyYqq+WcTVVF7Da3fyLl3E5C46PjkBA8p42cikHh6H4SwSc0d8uyqbcTDVkg9xstpK5g1Scm25tHjIzt68j3n4= X-Received: by 2002:a05:620a:410f:: with SMTP id j15mr8661471qko.424.1615482725536; Thu, 11 Mar 2021 09:12:05 -0800 (PST) MIME-Version: 1.0 References: <20210311123315.GF37303@C02TD0UTHF1T.local> In-Reply-To: <20210311123315.GF37303@C02TD0UTHF1T.local> From: Dmitry Vyukov Date: Thu, 11 Mar 2021 18:11:54 +0100 Message-ID: Subject: Re: arm64 syzbot instances To: Mark Rutland Cc: maz@kernel.org, Will Deacon , Ard Biesheuvel , Linux ARM , Arnd Bergmann , syzkaller , LKML X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210311_171213_645833_03FC39B7 X-CRM114-Status: GOOD ( 40.58 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, Mar 11, 2021 at 1:33 PM Mark Rutland wrote: > On Thu, Mar 11, 2021 at 12:38:21PM +0100, 'Dmitry Vyukov' via syzkaller wrote: > > Hi arm64 maintainers, > > The instances have KCOV disabled because it slows down execution too > > much (KASAN in qemu emulation is already extremely slow), so no > > coverage guidance and coverage reports for now :( > > > > The instances found few arm64-specific issues that we have not > > observed on other instances: > > https://syzkaller.appspot.com/bug?id=1d22a2cc3521d5cf6b41bd6b825793c2015f861f > > https://syzkaller.appspot.com/bug?id=bb2c16b0e13b4de4bbf22cf6a4b9b16fb0c20eea > > https://syzkaller.appspot.com/bug?id=b75386f45318ec181b7f49260d619fac9877d456 > > https://syzkaller.appspot.com/bug?id=5a1bc29bca656159f95c7c8bb30e3776ca860332 > > but mostly re-discovering known bugs we already found on x86. > > Likewise, my general experience these days (fuzzing under KVM on a > ThunderX2 host) is that we mostly hit issues in core code or drivers > rather than anything strictly specific to arm64. As my host is ARMv8.1 > that might just be by virtue of not exercising many of the new > architectural features. > > > The instances use qemu emulation and lots of debug configs, so they > > are quite slow and it makes sense to target them at arm64-specific > > parts of the kernel as much as possible (rather > > than stress generic subsystems that are already stressed on x86). > > So the question is: what arm64-specific parts are there that we can reach > > in qemu? > > Can you think of any qemu flags (cpu features, device emulation, etc)? > > Generally, `-cpu max` will expose the more interesting CPU features, and > you already seem to have that, so I think you're mostly there on that > front. > > Devices vary a lot between SoCs (and most aren't even emulated), so > unless you have particular platforms in mind I'd suggest it might be > better to just use PV devices and try to focus fuzzing on arch code and > common code like mm rather than drivers. I don't have any specific SoC in mind. I think we are interested in covering something more commonly used rather than a driver used only on 1 SoC. Testing virt drivers is good, but since we have 3 arm64 instances, we could make then use different boards to get more coverage. What about things like pstore, numa, mtdblock, pflash? When I do man qemu-system-aarch64 for some reason I see help for x86_64, so I am not sure if these are applicable to arm64. > > Any kernel subsystems with heavy arm-specific parts that we may be missing? > > It looks like your configs already have BPF, which is probably one of > the more interesting subsystems with architecture-specific bits, so I > don't have further suggestions on that front. > > > Testing some of the arm64 drivers that qemu can emulate may be the > > most profitable thing. > > Currently the instances use the following flags: > > -machine virt,virtualization=on,graphics=on,usb=on -cpu cortex-a57 > > -machine virt,virtualization=on,mte=on,graphics=on,usb=on -cpu max > > With `-cpu max`, QEMU will use a relatively expensive SW implementation > of pointer authentication (which I found significantly magnified the > cost of implementation like kcov), so depending on your priorities you > might want to disable that or (assuming you have a recent enough build > of QEMU) you might wantto force the use of a cheaper algorithm by > passing `-cpu max,pauth-impef`. > > The relevant QEMU commit is: > > eb94284d0812b4e7 ("arget/arm: Add cpu properties to control pauth") > > ... but it looks like that might not yet be in a tagged release yet. Interesting. I need to note this somewhere. > > mte=on + virtualization=on is broken in the kernel on in the qemu: > > https://lore.kernel.org/lkml/CAAeHK+wDz8aSLyjq1b=q3+HG9aJXxwYR6+gN_fTttMN5osM5gg@mail.gmail.com/ > > > > -- > > You received this message because you are subscribed to the Google Groups "syzkaller" group. > > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+unsubscribe@googlegroups.com. > > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/CACT4Y%2BbeyZ7rjmy7im0KdSU-Pcqd4Rud3xsxonBbYVk0wU-B9g%40mail.gmail.com. _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel