diff options
| author | Marco Elver <elver@google.com> | 2023-06-29 14:21:27 +0200 |
|---|---|---|
| committer | Marco Elver <elver@google.com> | 2023-06-30 15:06:06 +0000 |
| commit | 77fea9231d86fc49b057fc23851653f880d6db0f (patch) | |
| tree | ce18ef102a851ef6639f76ba92239f1e53bcce65 /dashboard/config/linux/bits | |
| parent | 01298212bf09f73286ff351db3853e1137147a60 (diff) | |
dashboard/config/linux: introduce upstream-kasan-badwrites.config
Introduce a variant of upstream-apparmor-kasan, which enables:
- kasan.fault=panic_on_write [1]
- kasan_multi_shot, so that panic_on_warn does cause KASAN to
panic on bad non-write accesses
As discussed in [1], "KASAN reported invalid _writes_ are of special
interest, because they have greater potential to corrupt random kernel
memory or be more easily exploited."
With this config we can set up a syzbot instance that can detect such
issues.
[1] https://lore.kernel.org/linux-mm/20230614095158.1133673-1-elver@google.com/
Diffstat (limited to 'dashboard/config/linux/bits')
| -rw-r--r-- | dashboard/config/linux/bits/kasan_panic_on_write.yml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/dashboard/config/linux/bits/kasan_panic_on_write.yml b/dashboard/config/linux/bits/kasan_panic_on_write.yml new file mode 100644 index 000000000..2cf2e5bff --- /dev/null +++ b/dashboard/config/linux/bits/kasan_panic_on_write.yml @@ -0,0 +1,8 @@ +# Copyright 2023 syzkaller project authors. All rights reserved. +# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. + +config: + # Change KASAN reporting to only panic on bad writes (still reports bad + # reads). Enabling multi-shot mode is required to not panic on the first + # report if panic_on_warn is on as well. + - CMDLINE: [kasan_panic_on_write, append, "kasan.fault=panic_on_write kasan_multi_shot"] |