Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp989054ybh; Thu, 12 Mar 2020 15:01:40 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsFc5Ntdner8B/XSR5k58RWHO1gvG66C/OL2RrXbZatpX+T54qk8dvOIbEFP0eHctLRV3N/ X-Received: by 2002:a9d:5a8a:: with SMTP id w10mr8255693oth.200.1584050499812; Thu, 12 Mar 2020 15:01:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584050499; cv=none; d=google.com; s=arc-20160816; b=Ui1b0Ul8d9lkWpM7klaB+eV5TXTDJ0gmz7vd40hsE+AGNnrAf0tZu3gE15Z0hutMTJ Uu1RmBdl1ypbaASlyoSprC2vPKa8+nNAyfZr7qa/B6qtd9+k6Gx9wOvsKyAfJzbnxqOj nfqjR6YBhPgf3/aRQ7MC8yNtf5CP7a2Fd8kwCzYcRydaerpyh5BCF8QWiSuLDbkWw3LO DUY9VBQXu3gZAfkTEYflYpU+Y1HYZzHxhU1uwn1UxsMxAF3eJt6zGJWmrfY45sLdBDG8 /sKiL+wLcCsQ/8L/XbMbMbxfFgiadppPGUMYGkENmyYU68TUOTtolEcQwO2Uv37hlgZs KB8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=76+1maN14v4/OZuZbRHbOg2SW8ybv8I9K6EemEl1eas=; b=vMipgQkN1LJqtEoKOV9qLbcnR9TCFMavZWb9zNXWhWE3r5zvdUdBHYLjTw6XtQu3gM pHfT0jJ2UUXr5QNHzf1DmAKv84OMzJBEXHvcXwQmmBroIMO43EBlXbrpul4D7z++LR9P 3battfdrZkMP/wQpIWK8vLVeh3KDP8knmRvwCA0ics5OjlLU9x4Q9wsp8/FN7dqH0kEd Plb4xOfV95/8lmae76p+6B5RH0FDJVoZumyVXwYOg2iHppq8k4xOwBGCM25Bl0Tj0Hgj TLFHYLeZe5ziLYSqdGl+ub6VqMmKvYJo/y6UIGWA+2ABBebNyZpJNNV8bbwbP1npU1Xi VZMw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s200si2179173oie.188.2020.03.12.15.01.26; Thu, 12 Mar 2020 15:01:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726591AbgCLWAb (ORCPT + 99 others); Thu, 12 Mar 2020 18:00:31 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:53069 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726513AbgCLWAa (ORCPT ); Thu, 12 Mar 2020 18:00:30 -0400 Received: from fsav110.sakura.ne.jp (fsav110.sakura.ne.jp [27.133.134.237]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 02CLxOr0088649; Fri, 13 Mar 2020 06:59:24 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav110.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav110.sakura.ne.jp); Fri, 13 Mar 2020 06:59:24 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav110.sakura.ne.jp) Received: from [192.168.1.9] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 02CLxOUL088644 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 13 Mar 2020 06:59:24 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Subject: Re: [PATCH v2] Add kernel config option for fuzz testing. To: Steven Rostedt Cc: Dmitry Vyukov , Jiri Slaby , Greg Kroah-Hartman , Andrew Morton , Matthew Garrett , Andi Kleen , "Theodore Y . Ts'o" , Alexander Viro , Petr Mladek , Sergey Senozhatsky , Arnd Bergmann , Linus Torvalds , LKML References: <20200307135822.3894-1-penguin-kernel@I-love.SAKURA.ne.jp> <6f2e27de-c820-7de3-447d-cd9f7c650add@suse.com> <20200308065258.GE3983392@kroah.com> <3e9f47f7-a6c1-7cec-a84f-e621ae5426be@suse.com> <20200311101115.53139149@gandalf.local.home> From: Tetsuo Handa Message-ID: <7e0d2bbf-71c2-395c-9a42-d3d6d3ee4fa4@i-love.sakura.ne.jp> Date: Fri, 13 Mar 2020 06:59:22 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020/03/13 4:23, Dmitry Vyukov wrote: >> Or teach the fuzz tool not to do specific bad things. > > We do some of this. > But generally it's impossible for anything that involves memory > indirections, or depends on the exact type of fd (e.g. all ioctl's), > etc. Boils down to halting problem and ability to predict exact > behavior of arbitrary programs. I would like to enable changes like below only if CONFIG_KERNEL_BUILT_FOR_FUZZ_TESTING=y . Since TASK_RUNNING threads are not always running on CPUs (in syzbot, the kernel is tested on a VM with only 2 CPUs, which means that many threads are simply waiting for CPU time to be assigned), dumping locks held by all threads gives us more clue when e.g. khungtask fired. But since lockdep_print_held_locks() is racy, I assume that this change won't be accepted unless CONFIG_KERNEL_BUILT_FOR_FUZZ_TESTING=y . Also, for another example, limit number of memory pages /dev/ion driver can consume only if CONFIG_KERNEL_BUILT_FOR_FUZZ_TESTING=y ( https://github.com/google/syzkaller/issues/1267 ), for limiting number of memory pages is a user-visible change while we need to avoid false alarms caused by consuming all memory pages. In other words, while majority of things CONFIG_KERNEL_BUILT_FOR_FUZZ_TESTING=y would do "disable this", there would be a few "enable this" and "change this". diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c index 32406ef0d6a2..1bc7878768fc 100644 --- a/kernel/locking/lockdep.c +++ b/kernel/locking/lockdep.c @@ -695,6 +695,7 @@ static void print_lock(struct held_lock *hlock) static void lockdep_print_held_locks(struct task_struct *p) { int i, depth = READ_ONCE(p->lockdep_depth); + bool unreliable; if (!depth) printk("no locks held by %s/%d.\n", p->comm, task_pid_nr(p)); @@ -705,10 +706,12 @@ static void lockdep_print_held_locks(struct task_struct *p) * It's not reliable to print a task's held locks if it's not sleeping * and it's not the current task. */ - if (p->state == TASK_RUNNING && p != current) - return; + unreliable = p->state == TASK_RUNNING && p != current; for (i = 0; i < depth; i++) { - printk(" #%d: ", i); + if (unreliable) + printk(" #%d?: ", i); + else + printk(" #%d: ", i); print_lock(p->held_locks + i); } }