| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
This option enables the "enforcing=?" option (at least), which
simplifies SELINUX configuration.
|
| |
|
|
|
| |
update linux to v5.18-rc1
fix dependency update errors
update configs
|
| |
|
|
|
|
|
|
|
| |
Problems with KASAN_OUTLINE and some other instrumentations were
recentely fixed in a series by Alexandre Ghiti. Fixes for KASAN_INLINE
are also on the way.
Switch syzbot's riscv instance to KASAN_OUTLINE to make it work after a
130+ day break.
|
| |
|
|
|
|
|
| |
W/o this config arm stack traces don't include PC which we expect
when parsing stack traces.
It was added in May 13 2021, and it seems since then we classified
all arm reports as corrupted.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Move CONFIG_AID_FOR_SYZBOT to verbatim since it has for some reason
disappeared from the linux-next tree.
Add CONFIG_RCU_EXP_CPU_STALL_TIMEOUT and set it to the maximum value.
Otherwise it overwhelms syzbot with `INFO: rcu_preempt detected
expedited stalls on CPUs/tasks` crashes.
|
| |
|
|
|
|
| |
This functionality is perfectly reachable for us via madvise.
Reported-by: Brad Spengler
|
| |
|
|
| |
These are now enabled on real devices.
|
| |
|
|
| |
Update configs to latest HEADs of chromeos-5.* branches.
|
| |
|
|
|
| |
Update FD/DRM configs based on Daniel recommendations here:
https://lore.kernel.org/all/YfJ9yWW+MH8N4r4A@phenom.ffwll.local/
|
| |
|
|
| |
Enable new configs in v5.17 that look interesting to us.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update mainline and linux-next revisions to the latest tags
and fix configs that broke.
NF_FLOW_TABLE_IPV4/6 were removed in:
commit c42ba4290b2147aa033d17f22151494515655d77
netfilter: flowtable: remove ipv4/ipv6 modules
CONFIG_DAX_DRIVER was removed in:
commit afd586f0d06ce3d81b7c474499630fec88833828
dax: remove CONFIG_DAX_DRIVER
BLK_DEV_CRYPTOLOOP was removed in:
commit 47e9624616c80c9879feda536c48c6a3a0ed9835
block: remove support for cryptoloop and the xor transfer
NFT_COUNTER was removed in:
commit 023223dfbfb34fcc9b7dd41e21fbf9a5d5237989
netfilter: nf_tables: make counter support built-in
ICST was renamed to CLK_ICST in:
commit 323fd5955f844d1b6acf1a1af488da460f657ff2
clk: versatile: Rename ICST to CLK_ICST
APPARMOR_INTROSPECT_POLICY was added as requirement for other configs
we enabled in:
commit abfb9c0725f274c75ca2a51684c2dd842a8dc254
apparmor: make export of raw binary profile to userspace optional
|
| |
|
|
|
|
| |
We generate slightly reduces configs for arm/arm64 b/c we test in slow qemu VMs.
Add full versions of these configs that can be used with syz-check to avoid
no-such-struct warnings.
|
| |
|
|
| |
To add the ChromeOS 5.15 configs.
It required to disable the INCREMENTAL_FS support.
|
| | |
|
| |
|
| |
To add the ChromeOS 5.10 support.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sys/linux/damon.txt: initial description
description of DAMON's interface mounted in debugfs: target_ids, attrs, init_regions, monitor_on
* sys/linux/damon.txt: additional damon interface description added
added DAMON interface descriptions for schemes, kdamond_pid, mk_contexts, rm_contexts
prefix of all the files with damon to avoid colliding naming
* sys/linux/damon.txt: standard copyright statement added
* sys/linux/damon.txt.const: const file of sys/linux/damon.txt added
* sys/linux/damon.txt: type fix of pid to fmt
* dashboard/config/linux/bits/subsystems.yml: damon configs added for Syzbot
* dashboard/config/linux: generated kernel configs with added damon config
* sys/linux/damon.txt: fmt type fix
* sys/linux/damon.txt: read and close syscalls removed
write and read mk_contexts summarized into one syscall
some refining of syscall interfaces
|
| |
|
|
|
|
|
| |
High values of CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY cause
significant slowdown (see issue #2892). Reduce the value.
Fixes #2892
|
| |
|
|
|
| |
New debugging configs in net-next.
Eric asks to enable them.
|
| |
|
|
| |
Updated the Android 5.10 base to 8d21bcc704ea1 (latest 5.10lts commit).
Regenerated configs.
|
| |
|
|
|
|
| |
This is how the boot-time parameter is called now.
Signed-off-by: Alexander Potapenko <glider@google.com>
|
| |
|
|
|
|
| |
All of lockdep comes with a number of config options, so let's refactor
it into a separate lockdep.yml, which makes it easier to disable
selectively.
|
| |
|
|
|
|
|
| |
Add the 'onlynet' tag and use it on the KCSAN instance.
Strictly speaking 'wireless', 'bluetooth', and 'hamradio' could also be
included in 'onlynet', but leave them out for now.
|
| |
|
|
|
| |
Move most networking related configs to net.yml, including net drivers
that are dependencies for various features.
|
| | |
|
| |
|
|
|
|
|
| |
5.15 was released, update a few TODOs that were dependent on 5.15 being
properly released.
Re-generate all configs.
|
| |
|
|
|
|
| |
Also, create only 2 binder devices at binderfs creation - we don't need
32 devices anymore, as a separate binderfs instance is now created per
each syz-executor.
|
| |
|
|
|
|
|
|
|
|
|
| |
I think it's secretmem.enable rather than secretmem_enable.
I can't find any useful docs. Here:
module_param_named(enable, secretmem_enable, bool, 0400);
What is the param name?
If it's prefixed with module name, what's the module name for non-modules?
What are the values for bool flags? Does no value at all enable it?
|
| |
|
|
| |
regenerate configs
|
| |
|
|
|
|
|
| |
secretmem_enable is required to enable memfd_secret syscall:
https://elixir.bootlin.com/linux/v5.15-rc6/source/mm/secretmem.c#L202
(the android 5.10 base config was not generated on HEAD somehow)
|
| |
|
|
|
|
|
| |
"cgroup_disable=pressure cgroup.memory=nokmem" would affect kernel behaviour.
Suggested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The tag that is provided is from 'android12-5.10-lts'.
The LTS version must be used, as it is more up-to-date in terms of
security fixes and stable back-ports than its non-lts counterpart.
Using a tag from the non-lts branch will result in lots of false
positives which would end up wasting quality engineering time.
Signed-off-by: Lee Jones <lee.jones@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Android
KASAN_STACK_ENABLE was renamed to KASAN_STACK in kernel version v5.11.
This change was also back-ported to android12-5.10, so we need to
provide support for that here too or else `make configs` will complain
that KASAN_STACK_ENABLE is not enabled.
Signed-off-by: Lee Jones <lee.jones@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not pretend writes are atomic. While this may currently be a
prevailing preference in the community, it does hide more interesting
bugs [1].
Since we moderate data races anyway, and are still drowning in data
races, a few more won't hurt.
What it does help with, however, is getting better signals about harmful
data races. Most of the read/write data races provide weak signals, but
write/write data races should provide a stronger harmfulness signal [1],
which will help us in selecting data races to investigate further.
[1] https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html
|
| |
|
|
|
| |
CONFIG_KCSAN_DEBUG no longer exists, remove it. Older kernels will set
it to 'n' by default.
|
| | |
|
| |
|
|
|
|
| |
Update to latest upstream, linux-next and kmsan.
KMSAN stopped supporting few configs which depend on crypto
and heap auto-init.
|
| |
|
|
|
|
| |
Update the tags for upstream and -next and update all configs.
This pulls in the CONFIG_WERROR disabled-by-default change.
|
| |
|
|
|
|
| |
This reverts commit 23e41b77c691a7e95d822c53f895f8d53326c342.
The config fragment is now unused, remove it.
|
| |
|
|
| |
Update the tags for upstream and -next and update all configs.
|
| |
|
|
|
|
| |
RAW_DRIVER: https://git.kernel.org/torvalds/c/603e4922f1c81fc2ed3a87b4f91a8d3aafc7e093
CAIF_HSI: https://git.kernel.org/torvalds/c/ca75bcf0a83b6cc7f53a593d98ec7121c4839b43
WWAN_CORE: https://git.kernel.org/torvalds/c/89212e160b81e778f829b89743570665810e3b13
|
| |
|
|
|
|
|
|
|
| |
DRM_VMWGFX_FBCON
As of [1] DRM_VMWGFX_FBCON depends on DRM_FBDEV_EMULATION. It doesn't
hurt to always enable it also on older kernels.
[1] https://git.kernel.org/torvalds/c/5dbf2fc587cb79cb366bd6e79ac6b52269d64fc5
|
| |
|
|
| |
https://git.kernel.org/torvalds/c/223198183ff1fc099184081f997bf1f710f1ef72
|
| |
|
|
| |
https://lkml.kernel.org/r/20210612000714.775825-1-willy@infradead.org
|
| |
|
|
| |
https://git.kernel.org/torvalds/c/76a3c92ec9e0668e4cd0e9ff1782eb68f61a179c
|
| |
|
|
|
| |
Apparently it's broken with clang:
https://lore.kernel.org/lkml/CAKwvOd=A+ueGV2ihdy5GtgR2fQbcXjjAtVxv3=cPjffpebZB7A@mail.gmail.com
|
| |
|
|
|
|
|
|
| |
Linux 5.15 will introduce -Werror to be on by default:
https://git.kernel.org/torvalds/c/3fe617ccafd6f5bb33c2391d6f4eeb41c1fd0151
Introduce nowerror.yml that can be used for configs that are likely to
be perpetually broken due to Werror.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The new CONFIG_KCSAN_PERMISSIVE is now supported in mainline:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aa829778b16f15266fefe2640f04931b16ce39c0
Select it in the default syzbot config.
The configs were updated manually, because we should wait until
v5.15-rc1 is out (mainline is still in the merge window), at which
point we can update upstream's commit hash for syz-kconf and regenerate
all configs.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a number of one-off "BUG: stack guard page was hit" bugs:
https://syzkaller.appspot.com/bug?extid=b9419ddbdb57ce0e7f36
https://syzkaller.appspot.com/bug?extid=1ea34900b9a6fb8526c4
https://syzkaller.appspot.com/bug?extid=cd2009ad04934b665765
https://syzkaller.appspot.com/bug?extid=4e1ccdc40f48e600d960
Most likely these have the same root cause (recursion via call_netdevice_notifiers),
and we should attribute them to one of top frames as we do for stalls.
But we can't do this because in all these cases the stack is truncated and ends with:
Lost 408 message(s)!
Lost 394 message(s)!
Lost 519 message(s)!
These messages come from kernel/printk/printk_safe.c and happen when
a "safe" buffer overflows. Increasing CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT
should help to get complete parsable stack traces.
The default value is 13 (8K).
The largest number of lost lines I found is 519 and the longest
line in the stack trace is 67 bytes. So that's 67*519+8K = 42965.
Increase the config to 16 (64K).
There are 2 such buffers per CPU (safe and nmi), so this will
increase memory consumption to 128K per CPU. Should be fine.
|
