Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp313251pxp; Wed, 9 Mar 2022 03:36:05 -0800 (PST) X-Google-Smtp-Source: ABdhPJzSze7fxL/l4lB5LMgG/0Cg8kOFEQZo2rPR+kqCVj3v6wLp5rknQQbOWcstZeyKgszyuXvl X-Received: by 2002:a63:1b66:0:b0:37c:728a:e06f with SMTP id b38-20020a631b66000000b0037c728ae06fmr13690781pgm.458.1646825765074; Wed, 09 Mar 2022 03:36:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646825765; cv=none; d=google.com; s=arc-20160816; b=Lq3XNidEelkBSHQd/8k4eaF+Aa5k09HdZ6gCeClVSBuiuAPayzZ84/dcVOWWeQxR2r Eyzk8ZeoDPqmcXLOjWLhQy2G2sHI9K1DEBxVnow07PQPlKQesIdXV/p4tGLV+muWOC6L dsvnUtPz2YOEvurBxOUVXsqgVkhpFtxr3aEmjiEf2KuXCAJHB+zLrp+VTmKc5ZJyiW8i 1/0h5H0dyTc/06J7xziRD46KGe7I1xg07ru8PWl3D+nbrdvfr5xTn00GKvuTPXlQjZXC AhWNKXcFb2RLOew1EpOzBgHJEQQAMFUTpAZwSo+9rvb7NhKHdIuBcIuLm0QXobMz5sA7 6itA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=7cN9sV0/WTN4NHzm+ToLCSOMFSuq20yVNECoj1P44SQ=; b=F8Vnhmq9iZzV4BACtB5It9AQiAlQ38hYElq/FS1TLIm2FduU+KjH+FdLgUYwb4x5Xh iZN6jaEa75D6bf4t32dGQ9l4Wl8Z4XrScEBj57ujuf3aPlxjJPyUON58LxkxmopKdK1Y ZLiT1jCN90YdywyQ6IEPBZpLLaTinNPnLYA4o/WI+30mTxos2LtHyiePlso/u66W//oy EYRbzMMC5pP87HbpBz5n4ZEg0+ZWPWvojoeF8NGZcM9cdID2M3LdZbbg8RK81j0UTanP 2j3ImFuYdsbYSlqkakxlukFtNWBFA3yEKP1aiIcOmK6Wen01x6XOH3jmN6BoSITG+Cpk bu/w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="eEQrO/Lt"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x22-20020a170902821600b0014d732c5cdcsi1564464pln.128.2022.03.09.03.35.48; Wed, 09 Mar 2022 03:36:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="eEQrO/Lt"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230479AbiCIKqr (ORCPT + 99 others); Wed, 9 Mar 2022 05:46:47 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51314 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229540AbiCIKqq (ORCPT ); Wed, 9 Mar 2022 05:46:46 -0500 Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 736E668F9E for ; Wed, 9 Mar 2022 02:45:47 -0800 (PST) Received: by mail-io1-xd2f.google.com with SMTP id x4so2220007iop.7 for ; Wed, 09 Mar 2022 02:45:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=7cN9sV0/WTN4NHzm+ToLCSOMFSuq20yVNECoj1P44SQ=; b=eEQrO/LtoRGg3WjtdutiywG5GnqWAWdwF4m3xwgkMITHEDbr8HcKJcoJhmPMUDwkHg bvFMfXrseWAiD2N0l2qKFnp9RF4kkai3xrrjH8lbb0URODZ1UCiQIc4BCdqH4N8Nu6qQ PB4OVmmDuY7s+OCC1FT5zv88WaDiPnGOPwjBObqQgCbVbvrU+PKaG73P8bpUjo89rc2d GDhUU3nhlI6G1mYv/c/6ieAaBRr3+YQv8ilV8jt1WXWn1ItC/p483Usr6C2CAGE32ABf aqmzAt2glrU3biD8CN/KDZUcM8UjodZeVQ+61U56M0fHQnlzuXCEathAMet2XbwIk3qV rI+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=7cN9sV0/WTN4NHzm+ToLCSOMFSuq20yVNECoj1P44SQ=; b=8Jc1zHzyCE5yjNq8yWB08lbbfXzfD19+CHYAKWvI+BbqMwv84BVKvLDQFJhvtATFFY OFsyBp/CMJboxmCB3lUCnwr61Ed2PY1cT3WJqstdBR0aGG8Bqb48ZW++XMLS5GvugUZH pMLdnd5fBFJNJvAlo2ylYsS6k7g3F2RclJp63iX1s8VfiLPn5Mv6AegWlRbd3Rl1rceT 9xC2qU50h+Iw8bR340r8/rwyS63z5ditekoBLUhAvbQUYrLjNM7bKAgXI1s973yCT2bv bEIigEVax15THHiYl8yysgUoMnySz/CWZb0wqDo29LZG7wai0u/TuOAUazNrdm+nInPH /kRg== X-Gm-Message-State: AOAM531gED7XEMVzeivaDHy2hy5erRPetLpLS9jIJVvnz344BfJqfEMr p+ovljzW6CJU9sw+xFh50pOHevrk4PEW6PoXVKpLRg== X-Received: by 2002:a05:6638:3789:b0:317:7763:46 with SMTP id w9-20020a056638378900b0031777630046mr19500601jal.42.1646822745978; Wed, 09 Mar 2022 02:45:45 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Aleksandr Nogikh Date: Wed, 9 Mar 2022 11:45:34 +0100 Message-ID: Subject: Re: [PATCH -fixes v3 0/6] Fixes KASAN and other along the way To: Palmer Dabbelt Cc: Alexander Potapenko , Alexandre Ghiti , Marco Elver , Paul Walmsley , Albert Ou , Andrey Ryabinin , Andrey Konovalov , Dmitry Vyukov , Nick Hu , linux-riscv@lists.infradead.org, LKML , kasan-dev Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I switched the riscv syzbot instance to KASAN_OUTLINE and now it is finally being fuzzed again! Thank you very much for the series! -- Best Regards, Aleksandr On Fri, Mar 4, 2022 at 5:12 AM Palmer Dabbelt wrote: > > On Tue, 01 Mar 2022 09:39:54 PST (-0800), Palmer Dabbelt wrote: > > On Fri, 25 Feb 2022 07:00:23 PST (-0800), glider@google.com wrote: > >> On Fri, Feb 25, 2022 at 3:47 PM Alexandre Ghiti < > >> alexandre.ghiti@canonical.com> wrote: > >> > >>> On Fri, Feb 25, 2022 at 3:31 PM Alexander Potapenko > >>> wrote: > >>> > > >>> > > >>> > > >>> > On Fri, Feb 25, 2022 at 3:15 PM Alexandre Ghiti < > >>> alexandre.ghiti@canonical.com> wrote: > >>> >> > >>> >> On Fri, Feb 25, 2022 at 3:10 PM Alexander Potapenko > >>> wrote: > >>> >> > > >>> >> > > >>> >> > > >>> >> > On Fri, Feb 25, 2022 at 3:04 PM Alexandre Ghiti < > >>> alexandre.ghiti@canonical.com> wrote: > >>> >> >> > >>> >> >> On Fri, Feb 25, 2022 at 2:06 PM Marco Elver > >>> wrote: > >>> >> >> > > >>> >> >> > On Fri, 25 Feb 2022 at 13:40, Alexandre Ghiti > >>> >> >> > wrote: > >>> >> >> > > > >>> >> >> > > As reported by Aleksandr, syzbot riscv is broken since comm= it > >>> >> >> > > 54c5639d8f50 ("riscv: Fix asan-stack clang build"). This co= mmit > >>> actually > >>> >> >> > > breaks KASAN_INLINE which is not fixed in this series, that= will > >>> come later > >>> >> >> > > when found. > >>> >> >> > > > >>> >> >> > > Nevertheless, this series fixes small things that made the = syzbot > >>> >> >> > > configuration + KASAN_OUTLINE fail to boot. > >>> >> >> > > > >>> >> >> > > Note that even though the config at [1] boots fine with thi= s > >>> series, I > >>> >> >> > > was not able to boot the small config at [2] which fails be= cause > >>> >> >> > > kasan_poison receives a really weird address 0x407570630100= 0000 > >>> (maybe a > >>> >> >> > > kasan person could provide some hint about what happens bel= ow in > >>> >> >> > > do_ctors -> __asan_register_globals): > >>> >> >> > > >>> >> >> > asan_register_globals is responsible for poisoning redzones a= round > >>> >> >> > globals. As hinted by 'do_ctors', it calls constructors, and = in > >>> this > >>> >> >> > case a compiler-generated constructor that calls > >>> >> >> > __asan_register_globals with metadata generated by the compil= er. > >>> That > >>> >> >> > metadata contains information about global variables. Note, t= hese > >>> >> >> > constructors are called on initial boot, but also every time = a > >>> kernel > >>> >> >> > module (that has globals) is loaded. > >>> >> >> > > >>> >> >> > It may also be a toolchain issue, but it's hard to say. If yo= u're > >>> >> >> > using GCC to test, try Clang (11 or later), and vice-versa. > >>> >> >> > >>> >> >> I tried 3 different gcc toolchains already, but that did not fi= x the > >>> >> >> issue. The only thing that worked was setting asan-globals=3D0 = in > >>> >> >> scripts/Makefile.kasan, but ok, that's not a fix. > >>> >> >> I tried to bisect this issue but our kasan implementation has b= een > >>> >> >> broken quite a few times, so it failed. > >>> >> >> > >>> >> >> I keep digging! > >>> >> >> > >>> >> > > >>> >> > The problem does not reproduce for me with GCC 11.2.0: kernels b= uilt > >>> with both [1] and [2] are bootable. > >>> >> > >>> >> Do you mean you reach userspace? Because my image boots too, and f= ails > >>> >> at some point: > >>> >> > >>> >> [ 0.000150] sched_clock: 64 bits at 10MHz, resolution 100ns, wr= aps > >>> >> every 4398046511100ns > >>> >> [ 0.015847] Console: colour dummy device 80x25 > >>> >> [ 0.016899] printk: console [tty0] enabled > >>> >> [ 0.020326] printk: bootconsole [ns16550a0] disabled > >>> >> > >>> > > >>> > In my case, QEMU successfully boots to the login prompt. > >>> > I am running QEMU 6.2.0 (Debian 1:6.2+dfsg-2) and an image Aleksand= r > >>> shared with me (guess it was built according to this instruction: > >>> https://github.com/google/syzkaller/blob/master/docs/linux/setup_linu= x-host_qemu-vm_riscv64-kernel.md > >>> ) > >>> > > >>> > >>> Nice thanks guys! I always use the latest opensbi and not the one tha= t > >>> is embedded in qemu, which is the only difference between your comman= d > >>> line (which works) and mine (which does not work). So the issue is > >>> probably there, I really need to investigate that now. > >>> > >>> Great to hear that! > >> > >> > >>> That means I only need to fix KASAN_INLINE and we're good. > >>> > >>> I imagine Palmer can add your Tested-by on the series then? > >>> > >> Sure :) > > > > Do you mind actually posting that (i, the Tested-by tag)? It's less > > likely to get lost that way. I intend on taking this into fixes ASAP, > > my builds have blown up for some reason (I got bounced between machines= , > > so I'm blaming that) so I need to fix that first. > > This is on fixes (with a "Tested-by: Alexander Potapenko > "), along with some trivial commit message fixes. > > Thanks! > > > > >> > >>> > >>> Thanks again! > >>> > >>> Alex > >>> > >>> >> > >>> >> It traps here. > >>> >> > >>> >> > FWIW here is how I run them: > >>> >> > > >>> >> > qemu-system-riscv64 -m 2048 -smp 1 -nographic -no-reboot \ > >>> >> > -device virtio-rng-pci -machine virt -device \ > >>> >> > virtio-net-pci,netdev=3Dnet0 -netdev \ > >>> >> > user,id=3Dnet0,restrict=3Don,hostfwd=3Dtcp:127.0.0.1:12529-:22= -device \ > >>> >> > virtio-blk-device,drive=3Dhd0 -drive \ > >>> >> > file=3D${IMAGE},if=3Dnone,format=3Draw,id=3Dhd0 -snapshot \ > >>> >> > -kernel ${KERNEL_SRC_DIR}/arch/riscv/boot/Image -append > >>> "root=3D/dev/vda > >>> >> > console=3DttyS0 earlyprintk=3Dserial" > >>> >> > > >>> >> > > >>> >> >> > >>> >> >> Thanks for the tips, > >>> >> >> > >>> >> >> Alex > >>> >> > > >>> >> > > >>> >> > > >>> >> > -- > >>> >> > Alexander Potapenko > >>> >> > Software Engineer > >>> >> > > >>> >> > Google Germany GmbH > >>> >> > Erika-Mann-Stra=C3=9Fe, 33 > >>> >> > 80636 M=C3=BCnchen > >>> >> > > >>> >> > Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Liana Sebastian > >>> >> > Registergericht und -nummer: Hamburg, HRB 86891 > >>> >> > Sitz der Gesellschaft: Hamburg > >>> >> > > >>> >> > Diese E-Mail ist vertraulich. Falls Sie diese f=C3=A4lschlicherw= eise > >>> erhalten haben sollten, leiten Sie diese bitte nicht an jemand andere= s > >>> weiter, l=C3=B6schen Sie alle Kopien und Anh=C3=A4nge davon und lasse= n Sie mich bitte > >>> wissen, dass die E-Mail an die falsche Person gesendet wurde. > >>> >> > > >>> >> > > >>> >> > > >>> >> > This e-mail is confidential. If you received this communication = by > >>> mistake, please don't forward it to anyone else, please erase all cop= ies > >>> and attachments, and please let me know that it has gone to the wrong > >>> person. > >>> >> > >>> >> -- > >>> >> You received this message because you are subscribed to the Google > >>> Groups "kasan-dev" group. > >>> >> To unsubscribe from this group and stop receiving emails from it, = send > >>> an email to kasan-dev+unsubscribe@googlegroups.com. > >>> >> To view this discussion on the web visit > >>> https://groups.google.com/d/msgid/kasan-dev/CA%2BzEjCsQPVYSV7CdhKnvju= jXkMXuRQd%3DVPok1awb20xifYmidw%40mail.gmail.com > >>> . > >>> > > >>> > > >>> > > >>> > -- > >>> > Alexander Potapenko > >>> > Software Engineer > >>> > > >>> > Google Germany GmbH > >>> > Erika-Mann-Stra=C3=9Fe, 33 > >>> > 80636 M=C3=BCnchen > >>> > > >>> > Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Liana Sebastian > >>> > Registergericht und -nummer: Hamburg, HRB 86891 > >>> > Sitz der Gesellschaft: Hamburg > >>> > > >>> > Diese E-Mail ist vertraulich. Falls Sie diese f=C3=A4lschlicherweis= e erhalten > >>> haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, > >>> l=C3=B6schen Sie alle Kopien und Anh=C3=A4nge davon und lassen Sie mi= ch bitte wissen, > >>> dass die E-Mail an die falsche Person gesendet wurde. > >>> > > >>> > > >>> > > >>> > This e-mail is confidential. If you received this communication by > >>> mistake, please don't forward it to anyone else, please erase all cop= ies > >>> and attachments, and please let me know that it has gone to the wrong > >>> person. > >>> > >>> -- > >>> You received this message because you are subscribed to the Google Gr= oups > >>> "kasan-dev" group. > >>> To unsubscribe from this group and stop receiving emails from it, sen= d an > >>> email to kasan-dev+unsubscribe@googlegroups.com. > >>> To view this discussion on the web visit > >>> https://groups.google.com/d/msgid/kasan-dev/CA%2BzEjCuJw8N0dUmQNdFqDM= 96bzKqPDjRe4FUnOCbjhJtO0R8Hg%40mail.gmail.com > >>> . > >>> > >> > >> > >> -- > >> Alexander Potapenko > >> Software Engineer > >> > >> Google Germany GmbH > >> Erika-Mann-Stra=C3=9Fe, 33 > >> 80636 M=C3=BCnchen > >> > >> Gesch=C3=A4ftsf=C3=BChrer: Paul Manicle, Liana Sebastian > >> Registergericht und -nummer: Hamburg, HRB 86891 > >> Sitz der Gesellschaft: Hamburg > >> > >> Diese E-Mail ist vertraulich. Falls Sie diese f=C3=A4lschlicherweise e= rhalten > >> haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, > >> l=C3=B6schen Sie alle Kopien und Anh=C3=A4nge davon und lassen Sie mic= h bitte wissen, > >> dass die E-Mail an die falsche Person gesendet wurde. > >> > >> > >> > >> This e-mail is confidential. If you received this communication by mis= take, > >> please don't forward it to anyone else, please erase all copies and > >> attachments, and please let me know that it has gone to the wrong pers= on.