Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp549091pxf; Thu, 11 Mar 2021 09:13:37 -0800 (PST) X-Google-Smtp-Source: ABdhPJz1FAY2n2qlH+lF8ShN8n10xGyW7tjjvR0uT84Rm0cEj1MqbyDUGeHjAjYK/m9embqpCmbV X-Received: by 2002:aa7:cc94:: with SMTP id p20mr9704324edt.353.1615482817406; Thu, 11 Mar 2021 09:13:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615482817; cv=none; d=google.com; s=arc-20160816; b=nhReoAPg5XOk2ChsmwYKBKxA+3XSajNv6i+lB8VfKiiCsHv7xNDmKZpZGiBAXaj/us utBggdn6l9b1JjhUzwdR/quzQCSbO8soZR6RUCcAJsUJEGv9XP/+a7OsKKRI26CwkY1E JvAnigo5j458dwaV+edzo91Zd5GgguCVGRLNktC1Wn1lKdpRbPvEZahOqXlyiUIBUfln rxjxiljgRyVcoNsy7LB5Uvnn4kE9aQcbxFtMTEGyJRvYBJE1wXg3qXD4R6u9EP9zmWY9 VurmFHuY4OU/Iomj1BPbWP4uC+KicVr8T0+CZdsPbVC6WEwotyvLc3WzjdOxcfik5XgA qmRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=TSvvLBAPJ0EX/aN6NElajlnxXdyur7jPRoQFWWwQZ4k=; b=Kh7xFEKEjYoZiMFzFIQovJObpUOICzWPnmjxxUBa06kG91U/EAQH2XBUBU4wKUeHm9 ix/x/l1InSHtU1jusxKkH0KXHEMj0NgN4akA1IyaOrHGB4qKdz6bU4gA4ki9EVi0eybz cVECc7NQ+9AB+sGpdrqfmJZjMUAPqJkxLVkf+7HUPNeONeVUi1tiDMmP8q5HwZPw8hHr LT6/1uvWLQGhsk685KMwBOx12xGli3gSXhMoBIh/IvQUbjvyj18AOkx/exuqALlTfFuV Gj3QWuzII76WvIKJWa8NjmdA7yRaSkt1NHFtMnGZKSC72PbJrrkf+dP+pD9gyj8v/M7s PeQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Cp3CzBv9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x27si2084588ejb.603.2021.03.11.09.13.13; Thu, 11 Mar 2021 09:13:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Cp3CzBv9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229962AbhCKRMQ (ORCPT + 99 others); Thu, 11 Mar 2021 12:12:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38256 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229938AbhCKRMH (ORCPT ); Thu, 11 Mar 2021 12:12:07 -0500 Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9BA32C061574 for ; Thu, 11 Mar 2021 09:12:06 -0800 (PST) Received: by mail-qk1-x72e.google.com with SMTP id a9so21334220qkn.13 for ; Thu, 11 Mar 2021 09:12:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TSvvLBAPJ0EX/aN6NElajlnxXdyur7jPRoQFWWwQZ4k=; b=Cp3CzBv9k1N0jru2/I09rgwa1ckIYCaJ25o692QLbFYcD1Sqch2sbvaBnEF8B9+XFX bI140VmL7hiW+m5PMPmAjzYoJGbWUbA7Je9O4IoTxoE2bRroisTf6RAdverjSi5PxUbf 3cuEBLKVcJ9k81q3RAKmRy8Ucoghnhw3wNrGw1Qy7LEQJAIUaGDxCd126TpqoFMKkUbO VGMnhrDH4NicdgU0KfuBOiEWjrjMR8rhlQsXR+PTq3XVRG2NZIUwc1jGRAT49zhx014s v0Jbups5hH/WtBdjtrUccOd8NARjrxAoqI1B4auIotrOM80ZcOpFAZEefqf/baJw6QB2 0CWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TSvvLBAPJ0EX/aN6NElajlnxXdyur7jPRoQFWWwQZ4k=; b=VoO6BjsOvfo12Gw4+zqQndUO59Kxh2aF48YOHwHqwxPSd/4nVGmxL5k4vY4o1XdawZ J76o8poL2AXO4wntpv/OnvYjOQg0DmO2RA8WPuw+pGSMbjQLwHv77NM8CSripws/FtMn 0GFK3YwFY4oYlgbWgjDc81MNOdNFEugqiynhXCp2WYB3vAh/TsLljR9oLtB36ImdvKo8 6QqoyvEdffzbJrG0awLHHH/8lTDKvFZMoX6P5wenMVk/Sg6LLpbHvnbGdSNPTbfWLNcT gfnibEZq7TckHtY0zRiV1ghEd8NVLu4HRZ5c17LPMW5ecN+2BKqBiFCyCML1LgpcQANk 8gpw== X-Gm-Message-State: AOAM530K5IjHEGD3thI3Z+RU4/MlofFEd6a2qUad0KDvD+g6fiqeUZ6f CjXobRrH5KcYuNDAcaTtTsmLBKUZ/C4p2vE8KcTMA8hy7wc08Q== X-Received: by 2002:a05:620a:410f:: with SMTP id j15mr8661471qko.424.1615482725536; Thu, 11 Mar 2021 09:12:05 -0800 (PST) MIME-Version: 1.0 References: <20210311123315.GF37303@C02TD0UTHF1T.local> In-Reply-To: <20210311123315.GF37303@C02TD0UTHF1T.local> From: Dmitry Vyukov Date: Thu, 11 Mar 2021 18:11:54 +0100 Message-ID: Subject: Re: arm64 syzbot instances To: Mark Rutland Cc: maz@kernel.org, Will Deacon , Ard Biesheuvel , Linux ARM , Arnd Bergmann , syzkaller , LKML Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 11, 2021 at 1:33 PM Mark Rutland wrote: > On Thu, Mar 11, 2021 at 12:38:21PM +0100, 'Dmitry Vyukov' via syzkaller wrote: > > Hi arm64 maintainers, > > The instances have KCOV disabled because it slows down execution too > > much (KASAN in qemu emulation is already extremely slow), so no > > coverage guidance and coverage reports for now :( > > > > The instances found few arm64-specific issues that we have not > > observed on other instances: > > https://syzkaller.appspot.com/bug?id=1d22a2cc3521d5cf6b41bd6b825793c2015f861f > > https://syzkaller.appspot.com/bug?id=bb2c16b0e13b4de4bbf22cf6a4b9b16fb0c20eea > > https://syzkaller.appspot.com/bug?id=b75386f45318ec181b7f49260d619fac9877d456 > > https://syzkaller.appspot.com/bug?id=5a1bc29bca656159f95c7c8bb30e3776ca860332 > > but mostly re-discovering known bugs we already found on x86. > > Likewise, my general experience these days (fuzzing under KVM on a > ThunderX2 host) is that we mostly hit issues in core code or drivers > rather than anything strictly specific to arm64. As my host is ARMv8.1 > that might just be by virtue of not exercising many of the new > architectural features. > > > The instances use qemu emulation and lots of debug configs, so they > > are quite slow and it makes sense to target them at arm64-specific > > parts of the kernel as much as possible (rather > > than stress generic subsystems that are already stressed on x86). > > So the question is: what arm64-specific parts are there that we can reach > > in qemu? > > Can you think of any qemu flags (cpu features, device emulation, etc)? > > Generally, `-cpu max` will expose the more interesting CPU features, and > you already seem to have that, so I think you're mostly there on that > front. > > Devices vary a lot between SoCs (and most aren't even emulated), so > unless you have particular platforms in mind I'd suggest it might be > better to just use PV devices and try to focus fuzzing on arch code and > common code like mm rather than drivers. I don't have any specific SoC in mind. I think we are interested in covering something more commonly used rather than a driver used only on 1 SoC. Testing virt drivers is good, but since we have 3 arm64 instances, we could make then use different boards to get more coverage. What about things like pstore, numa, mtdblock, pflash? When I do man qemu-system-aarch64 for some reason I see help for x86_64, so I am not sure if these are applicable to arm64. > > Any kernel subsystems with heavy arm-specific parts that we may be missing? > > It looks like your configs already have BPF, which is probably one of > the more interesting subsystems with architecture-specific bits, so I > don't have further suggestions on that front. > > > Testing some of the arm64 drivers that qemu can emulate may be the > > most profitable thing. > > Currently the instances use the following flags: > > -machine virt,virtualization=on,graphics=on,usb=on -cpu cortex-a57 > > -machine virt,virtualization=on,mte=on,graphics=on,usb=on -cpu max > > With `-cpu max`, QEMU will use a relatively expensive SW implementation > of pointer authentication (which I found significantly magnified the > cost of implementation like kcov), so depending on your priorities you > might want to disable that or (assuming you have a recent enough build > of QEMU) you might wantto force the use of a cheaper algorithm by > passing `-cpu max,pauth-impef`. > > The relevant QEMU commit is: > > eb94284d0812b4e7 ("arget/arm: Add cpu properties to control pauth") > > ... but it looks like that might not yet be in a tagged release yet. Interesting. I need to note this somewhere. > > mte=on + virtualization=on is broken in the kernel on in the qemu: > > https://lore.kernel.org/lkml/CAAeHK+wDz8aSLyjq1b=q3+HG9aJXxwYR6+gN_fTttMN5osM5gg@mail.gmail.com/ > > > > -- > > You received this message because you are subscribed to the Google Groups "syzkaller" group. > > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+unsubscribe@googlegroups.com. > > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/CACT4Y%2BbeyZ7rjmy7im0KdSU-Pcqd4Rud3xsxonBbYVk0wU-B9g%40mail.gmail.com.