LKML Archive on lore.kernel.org
 help / color / Atom feed
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
To: Andrew Morton <akpm@linux-foundation.org>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Steven Rostedt <rostedt@goodmis.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Dmitry Vyukov <dvyukov@google.com>
Cc: Matthew Garrett <mjg59@google.com>,
	Andi Kleen <ak@linux.intel.com>,
	"Theodore Y . Ts'o" <tytso@mit.edu>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Petr Mladek <pmladek@suse.com>,
	Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
	Arnd Bergmann <arnd@arndb.de>, Jiri Slaby <jslaby@suse.com>,
	Peter Zijlstra <peterz@infradead.org>,
	LKML <linux-kernel@vger.kernel.org>,
	syzkaller@googlegroups.com,
	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Subject: [PATCH v4 2/3] twist: Allow disabling k_spec() function in drivers/tty/vt/keyboard.c
Date: Tue, 21 Apr 2020 22:19:50 +0900
Message-ID: <20200421131951.4948-2-penguin-kernel@I-love.SAKURA.ne.jp> (raw)
In-Reply-To: <20200421131951.4948-1-penguin-kernel@I-love.SAKURA.ne.jp>

syzbot is reporting unexpected kernel reboots [1]. This seems to be
caused by triggering Ctrl-Alt-Del event via k_spec() function in
drivers/tty/vt/keyboard.c file, for the console output includes normal
restart sequence.

  [   97.727327][    T1] systemd-shutdown[1]: Unmounting file systems.
  [   97.734278][    T1] systemd-shutdown[1]: Remounting '/' read-only with options ''.
  [   97.747758][   T21] usb 2-1: device descriptor read/8, error -71
  [   97.747850][ T3116] usb 1-1: device descriptor read/8, error -71
  [   97.764818][    T1] EXT4-fs (sda1): re-mounted. Opts: 
  [   97.777551][    T1] systemd-shutdown[1]: Remounting '/' read-only with options ''.
  [   97.785448][    T1] EXT4-fs (sda1): re-mounted. Opts: 
  [   97.790920][    T1] systemd-shutdown[1]: All filesystems unmounted.
  [   97.797352][    T1] systemd-shutdown[1]: Deactivating swaps.
  [   97.803451][    T1] systemd-shutdown[1]: All swaps deactivated.
  [   97.809626][    T1] systemd-shutdown[1]: Detaching loop devices.
  [   97.890294][    T1] systemd-shutdown[1]: All loop devices detached.
  [   98.967832][ T3116] usb 1-1: device descriptor read/8, error -71
  [  100.108406][    T1] sd 0:0:1:0: [sda] Synchronizing SCSI cache
  [  100.116036][    T1] reboot: Restarting system
  [  100.120636][    T1] reboot: machine restart
  SeaBIOS (version 1.8.2-20200402_173431-google)
  Total RAM Size = 0x00000001e0000000 = 7680 MiB
  CPUs found: 2     Max CPUs supported: 2
  Comparing RSDP and RSDP

Therefore, allow disabling only k_spec() function in order to allow
fuzzers to examine the remaining part in that file.

[1] https://syzkaller.appspot.com/bug?id=321861b1588b44d064b779b92293c5d55cfe8430

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
 drivers/tty/vt/keyboard.c | 2 ++
 lib/Kconfig.twist         | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c
index 15d33fa0c925..f08855c4c5ba 100644
--- a/drivers/tty/vt/keyboard.c
+++ b/drivers/tty/vt/keyboard.c
@@ -633,6 +633,8 @@ static void k_spec(struct vc_data *vc, unsigned char value, char up_flag)
 	     kbd->kbdmode == VC_OFF) &&
 	     value != KVAL(K_SAK))
 		return;		/* SAK is allowed even in raw mode */
+	if (IS_ENABLED(CONFIG_TWIST_DISABLE_KBD_K_SPEC_HANDLER))
+		return;
 	fn_handler[value](vc);
 }
 
diff --git a/lib/Kconfig.twist b/lib/Kconfig.twist
index a5ce0db67f28..a1d038bcc2a5 100644
--- a/lib/Kconfig.twist
+++ b/lib/Kconfig.twist
@@ -10,4 +10,11 @@ menuconfig TWIST_KERNEL_BEHAVIOR
 
 if TWIST_KERNEL_BEHAVIOR
 
+config TWIST_DISABLE_KBD_K_SPEC_HANDLER
+       bool "Disable k_spec() function in drivers/tty/vt/keyboard.c"
+       help
+	 k_spec() function allows triggering e.g. Ctrl-Alt-Del event.
+	 Such event is annoying for fuzz testing which wants to test
+	 kernel code without rebooting the system.
+
 endif # TWIST_KERNEL_BEHAVIOR
-- 
2.18.2


  reply index

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-21 13:19 [PATCH v4 1/3] Add kernel config option for twisting kernel behavior Tetsuo Handa
2020-04-21 13:19 ` Tetsuo Handa [this message]
2020-04-21 13:19 ` [PATCH v4 3/3] twist: Add option for selecting twist options for syzkaller's testing Tetsuo Handa
2020-04-21 16:00   ` Dmitry Vyukov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200421131951.4948-2-penguin-kernel@I-love.SAKURA.ne.jp \
    --to=penguin-kernel@i-love.sakura.ne.jp \
    --cc=ak@linux.intel.com \
    --cc=akpm@linux-foundation.org \
    --cc=arnd@arndb.de \
    --cc=dvyukov@google.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=jslaby@suse.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mjg59@google.com \
    --cc=peterz@infradead.org \
    --cc=pmladek@suse.com \
    --cc=rostedt@goodmis.org \
    --cc=sergey.senozhatsky@gmail.com \
    --cc=syzkaller@googlegroups.com \
    --cc=torvalds@linux-foundation.org \
    --cc=tytso@mit.edu \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

LKML Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
	git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
	git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
	git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
	git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
	git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
	git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
	git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git
	git clone --mirror https://lore.kernel.org/lkml/8 lkml/git/8.git
	git clone --mirror https://lore.kernel.org/lkml/9 lkml/git/9.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
		linux-kernel@vger.kernel.org
	public-inbox-index lkml

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git