Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp1276474ybh; Sat, 14 Mar 2020 22:58:34 -0700 (PDT) X-Google-Smtp-Source: ADFU+vv91xd5ek9iEzYX8GHtRSzIA4SjbALp6hMc9TEe7Ni6eeCkk7+5sW2ZtThpUNOwhOqlDVQb X-Received: by 2002:a9d:63d2:: with SMTP id e18mr17491665otl.277.1584251914065; Sat, 14 Mar 2020 22:58:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584251914; cv=none; d=google.com; s=arc-20160816; b=hI8+3eONMrdlvWnCozNyaYiWtiEl4etGTr48p5guA7a1dkIoy2O4NDxzEoo0FNI6kU Q5kVlCRBNbz2lS6Sv2xON/YYTqnKXbyhOQwodjBLKoTTuw1cz6uIRl3DaQIIjRQkWgmH TsQvBASAw/vwAYEBenrZcgBE5CNeHZRDbyeHpBoaucicSM4W60FQ4C1eFMXZK58dLsE8 PMCyWFuyJ3D6YtxnnF5ghhUpz0G3mIXYakQH3NswQBvduUrFLl/PC4Vm8myLrv6+OJNX 7vqkepJeZoOjylv4mxr7GFnLcTz6t45Sbr9UF2sRUzps2gB97toG6cm3Y6jj8xEgG3Vq S7Jw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=P0PhmrWeYl62ooXY9u66tmOzjBc59eyH8e2oVcv2a7c=; b=A+Sf3kmpnjAzAKKXwTndV1mQqktcP8f0f2FD1ad6KiNpRLb8nH+VclWFAAiQacv82F Z9s39Py6ecHaPy9HFazUp+kIUuGRPHcZCNPiexYOOx/VvvQOSg2Aj81GNnv6dZNyOuKW ylLo47G5PL04RlJ9H3bqS1Gj4Leg24rXc3Tvu6JTopqXeM0Io072i2mxZDarcGBxP3yE KRvIctcNMMC2kUIhWMrlaN8WCs1hThBdTcY69Kd6yC3IhFfslyxr4GZARgkox9RQAqmD VYnC4cWJk6IANsNHIJ3defYQpBMBZRvhmtUzxY6xrhtTOa6XxuGpyv9hkk6jfIVTNUpj Z/mA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=m79lNpOH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g15si8019826otr.90.2020.03.14.22.58.22; Sat, 14 Mar 2020 22:58:34 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=m79lNpOH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727243AbgCOFyZ (ORCPT + 99 others); Sun, 15 Mar 2020 01:54:25 -0400 Received: from mail-qt1-f195.google.com ([209.85.160.195]:45336 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726949AbgCOFyZ (ORCPT ); Sun, 15 Mar 2020 01:54:25 -0400 Received: by mail-qt1-f195.google.com with SMTP id z8so7987213qto.12 for ; Sat, 14 Mar 2020 22:54:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=P0PhmrWeYl62ooXY9u66tmOzjBc59eyH8e2oVcv2a7c=; b=m79lNpOHHSDx2lT8mnquQ6YULXxg+AAU5CS/1Ja4BZcXjEpRk6VIsXEOHcO5Vm/MbH K+U8Q9CB5VtkIzKLZSTvDpS/neXNWJhTRtqZM7yAADKbttr3jLeqrSzO0yJDuIHg0R41 h1ayMebv1ZYhCdsoqszPFGUHYqiPX9n9bVwde0LxD2YacQe/M92lLF/b960b5nmbUort h7Jbn7U+oYbkCI7q98Uz+SeKCescRgiH0OnjUB+LhJT5TCaID6JhVVMbzlPl1RWrgnL0 TbkZY8/1w30H02Im67KcMjiv9b+82TtYFu1pdTZdeVgQ/rcjLFBhSzhJU8TTxUorD1QQ kHLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=P0PhmrWeYl62ooXY9u66tmOzjBc59eyH8e2oVcv2a7c=; b=gN9Wgbjz5XVXctqnnN26iwXrDqoYHXQPIBVerWTl70PRs68Gm5CecKW+pjsKSoorlF ueiTGty5oZBFcovd1Qj6rSNEdAwae8vAv2+Caf+kyual+EIiyZnkSmjxhj3VXrgvcEOT DfhyhRHV8ZYK/Odl8i4l1Unwqlh1vZwWJNNv4U2SoxHmQy9SOReEiRNruJ00bbh/smG5 9URdnSf+avYxWEznFYc6ottLphiklOenlPAzqRQP6xEP+fBK1vhzjuh6DcQo+wB6r4U1 2/Wqkc43m3BbWF9bAlXW9TWnmVsgw9SAnlUH/hekv33x7D34Iml6bPQN9ME7900SxvD0 JMpQ== X-Gm-Message-State: ANhLgQ0d2ajQDDKVvtyzNnnY96R7W/I42UQWFoCLgx270+yKNHktN/H3 tuSLOhzQSrsNA62+5fx2AJc/HPmLBVwcyrTeZ4FmfA== X-Received: by 2002:ac8:6697:: with SMTP id d23mr19728067qtp.257.1584251661560; Sat, 14 Mar 2020 22:54:21 -0700 (PDT) MIME-Version: 1.0 References: <20200307135822.3894-1-penguin-kernel@I-love.SAKURA.ne.jp> <6f2e27de-c820-7de3-447d-cd9f7c650add@suse.com> <20200308065258.GE3983392@kroah.com> <3e9f47f7-a6c1-7cec-a84f-e621ae5426be@suse.com> <20200311101115.53139149@gandalf.local.home> <7e0d2bbf-71c2-395c-9a42-d3d6d3ee4fa4@i-love.sakura.ne.jp> <20200312182935.70ed6516@gandalf.local.home> In-Reply-To: <20200312182935.70ed6516@gandalf.local.home> From: Dmitry Vyukov Date: Sun, 15 Mar 2020 06:54:10 +0100 Message-ID: Subject: Re: [PATCH v2] Add kernel config option for fuzz testing. To: Steven Rostedt Cc: Tetsuo Handa , Jiri Slaby , Greg Kroah-Hartman , Andrew Morton , Matthew Garrett , Andi Kleen , "Theodore Y . Ts'o" , Alexander Viro , Petr Mladek , Sergey Senozhatsky , Arnd Bergmann , Linus Torvalds , LKML , Peter Zijlstra Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 12, 2020 at 11:29 PM Steven Rostedt wrote: > > On Fri, 13 Mar 2020 06:59:22 +0900 > Tetsuo Handa wrote: > > > On 2020/03/13 4:23, Dmitry Vyukov wrote: > > >> Or teach the fuzz tool not to do specific bad things. > > > > > > We do some of this. > > > But generally it's impossible for anything that involves memory > > > indirections, or depends on the exact type of fd (e.g. all ioctl's), > > > etc. Boils down to halting problem and ability to predict exact > > > behavior of arbitrary programs. > > > > I would like to enable changes like below only if CONFIG_KERNEL_BUILT_FOR_FUZZ_TESTING=y . > > > > Since TASK_RUNNING threads are not always running on CPUs (in syzbot, the kernel is > > tested on a VM with only 2 CPUs, which means that many threads are simply waiting for > > CPU time to be assigned), dumping locks held by all threads gives us more clue when > > e.g. khungtask fired. But since lockdep_print_held_locks() is racy, I assume that > > this change won't be accepted unless CONFIG_KERNEL_BUILT_FOR_FUZZ_TESTING=y . > > > > Also, for another example, limit number of memory pages /dev/ion driver can consume only if > > CONFIG_KERNEL_BUILT_FOR_FUZZ_TESTING=y ( https://github.com/google/syzkaller/issues/1267 ), > > for limiting number of memory pages is a user-visible change while we need to avoid false > > alarms caused by consuming all memory pages. > > > > In other words, while majority of things CONFIG_KERNEL_BUILT_FOR_FUZZ_TESTING=y would > > do "disable this", there would be a few "enable this" and "change this". > > I still fear that people will just disable large sections. I've seen this > before. Developers take the easy way out, and when someone adds a new > feature that may be dangerous, they will just say "oh turn off fuzzing" and > be done with it. > > As Linus likes to say, when you need to make changes to the kernel to test > it, you are no longer testing production kernels. Well, it's tradeoffs all the way down. For example, KASAN also radically affects the kernel (changes just every line of code). There still should be final testing of the actual production build of course. But I would say generally one wants to test with KASAN enabled all the time. Or, it also depends on the baseline. If our baseline is "everybody is crazy about testing, ready to prioritize it on top of everything else and spend infinite amounts of time on it", then there may be better solutions. But if our baseline is "no testing at all", or "we have to disable whole subsystems b/c we don't have better realistic options and only few people willing to spend at least some time on it", then it may be a good practical solution ;) > > diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c > > index 32406ef0d6a2..1bc7878768fc 100644 > > --- a/kernel/locking/lockdep.c > > +++ b/kernel/locking/lockdep.c > > @@ -695,6 +695,7 @@ static void print_lock(struct held_lock *hlock) > > static void lockdep_print_held_locks(struct task_struct *p) > > { > > int i, depth = READ_ONCE(p->lockdep_depth); > > + bool unreliable; > > > > if (!depth) > > printk("no locks held by %s/%d.\n", p->comm, task_pid_nr(p)); > > @@ -705,10 +706,12 @@ static void lockdep_print_held_locks(struct task_struct *p) > > * It's not reliable to print a task's held locks if it's not sleeping > > * and it's not the current task. > > */ > > - if (p->state == TASK_RUNNING && p != current) > > - return; > > + unreliable = p->state == TASK_RUNNING && p != current; > > for (i = 0; i < depth; i++) { > > - printk(" #%d: ", i); > > + if (unreliable) > > + printk(" #%d?: ", i); > > + else > > + printk(" #%d: ", i); > > Have you tried submitting this? Has Peter nacked it? > > -- Steve > > > print_lock(p->held_locks + i); > > } > > } >