diff options
| author | Dmitry Vyukov <dvyukov@google.com> | 2022-04-25 08:07:36 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2022-04-25 11:27:42 +0200 |
| commit | 0ede5bfc57b8910f6436a23955422fae109636c2 (patch) | |
| tree | b733de305f3c59d2b5835d815a0ccbbbe6b3fef6 /dashboard/config/linux/upstream-arm64-mte.config | |
| parent | f3819cab601e2cd12383bf4e307988c3e3732dd4 (diff) | |
dashboard/config/linux: disable MSR writes
Randomly changing MSRs can have unpredictable results.
We tried to protect from writes on descriptions level,
but it does not work well, the fuzzer has figured out:
03:37:28 executing program 3:
syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='fd/3\x00')
pwritev(r0, ...)
Fortunately there is a command line argument that disables all writes.
Use it instead.
Note: older kernels will need:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a7e1f67ed29f
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=02a16aa13574
Diffstat (limited to 'dashboard/config/linux/upstream-arm64-mte.config')
| -rw-r--r-- | dashboard/config/linux/upstream-arm64-mte.config | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/dashboard/config/linux/upstream-arm64-mte.config b/dashboard/config/linux/upstream-arm64-mte.config index 8a959c417..2f1c2f014 100644 --- a/dashboard/config/linux/upstream-arm64-mte.config +++ b/dashboard/config/linux/upstream-arm64-mte.config @@ -510,7 +510,7 @@ CONFIG_STACKPROTECTOR_PER_TASK=y # Boot options # # CONFIG_ARM64_ACPI_PARKING_PROTOCOL is not set -CONFIG_CMDLINE="earlyprintk=serial net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 ima_policy=tcb nf-conntrack-ftp.ports=20000 nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000 nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000 binder.debug_mask=0 rcupdate.rcu_expedited=1 no_hash_pointers page_owner=on sysctl.vm.nr_hugepages=4 sysctl.vm.nr_overcommit_hugepages=4 secretmem.enable=1 sysctl.max_rcu_stall_to_panic=1 root=/dev/vda console=ttyAMA0 smp.csd_lock_timeout=300000 watchdog_thresh=165 workqueue.watchdog_thresh=420 sysctl.net.core.netdev_unregister_timeout_secs=420 dummy_hcd.num=2" +CONFIG_CMDLINE="earlyprintk=serial net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 ima_policy=tcb nf-conntrack-ftp.ports=20000 nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000 nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000 binder.debug_mask=0 rcupdate.rcu_expedited=1 no_hash_pointers page_owner=on sysctl.vm.nr_hugepages=4 sysctl.vm.nr_overcommit_hugepages=4 secretmem.enable=1 sysctl.max_rcu_stall_to_panic=1 msr.allow_writes=off root=/dev/vda console=ttyAMA0 smp.csd_lock_timeout=300000 watchdog_thresh=165 workqueue.watchdog_thresh=420 sysctl.net.core.netdev_unregister_timeout_secs=420 dummy_hcd.num=2" CONFIG_CMDLINE_FROM_BOOTLOADER=y # CONFIG_CMDLINE_FORCE is not set CONFIG_EFI_STUB=y |