| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
This option enables the "enforcing=?" option (at least), which
simplifies SELINUX configuration.
|
| |
|
|
|
| |
update linux to v5.18-rc1
fix dependency update errors
update configs
|
| |
|
|
|
|
|
|
|
| |
Problems with KASAN_OUTLINE and some other instrumentations were
recentely fixed in a series by Alexandre Ghiti. Fixes for KASAN_INLINE
are also on the way.
Switch syzbot's riscv instance to KASAN_OUTLINE to make it work after a
130+ day break.
|
| |
|
|
|
|
|
| |
W/o this config arm stack traces don't include PC which we expect
when parsing stack traces.
It was added in May 13 2021, and it seems since then we classified
all arm reports as corrupted.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Move CONFIG_AID_FOR_SYZBOT to verbatim since it has for some reason
disappeared from the linux-next tree.
Add CONFIG_RCU_EXP_CPU_STALL_TIMEOUT and set it to the maximum value.
Otherwise it overwhelms syzbot with `INFO: rcu_preempt detected
expedited stalls on CPUs/tasks` crashes.
|
| |
|
|
|
|
| |
This functionality is perfectly reachable for us via madvise.
Reported-by: Brad Spengler
|
| |
|
|
| |
These are now enabled on real devices.
|
| |
|
|
| |
Update configs to latest HEADs of chromeos-5.* branches.
|
| |
|
|
|
| |
Update FD/DRM configs based on Daniel recommendations here:
https://lore.kernel.org/all/YfJ9yWW+MH8N4r4A@phenom.ffwll.local/
|
| |
|
|
| |
Enable new configs in v5.17 that look interesting to us.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update mainline and linux-next revisions to the latest tags
and fix configs that broke.
NF_FLOW_TABLE_IPV4/6 were removed in:
commit c42ba4290b2147aa033d17f22151494515655d77
netfilter: flowtable: remove ipv4/ipv6 modules
CONFIG_DAX_DRIVER was removed in:
commit afd586f0d06ce3d81b7c474499630fec88833828
dax: remove CONFIG_DAX_DRIVER
BLK_DEV_CRYPTOLOOP was removed in:
commit 47e9624616c80c9879feda536c48c6a3a0ed9835
block: remove support for cryptoloop and the xor transfer
NFT_COUNTER was removed in:
commit 023223dfbfb34fcc9b7dd41e21fbf9a5d5237989
netfilter: nf_tables: make counter support built-in
ICST was renamed to CLK_ICST in:
commit 323fd5955f844d1b6acf1a1af488da460f657ff2
clk: versatile: Rename ICST to CLK_ICST
APPARMOR_INTROSPECT_POLICY was added as requirement for other configs
we enabled in:
commit abfb9c0725f274c75ca2a51684c2dd842a8dc254
apparmor: make export of raw binary profile to userspace optional
|
| |
|
|
|
|
| |
We generate slightly reduces configs for arm/arm64 b/c we test in slow qemu VMs.
Add full versions of these configs that can be used with syz-check to avoid
no-such-struct warnings.
|
| |
|
|
| |
To add the ChromeOS 5.15 configs.
It required to disable the INCREMENTAL_FS support.
|
| | |
|
| |
|
| |
To add the ChromeOS 5.10 support.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sys/linux/damon.txt: initial description
description of DAMON's interface mounted in debugfs: target_ids, attrs, init_regions, monitor_on
* sys/linux/damon.txt: additional damon interface description added
added DAMON interface descriptions for schemes, kdamond_pid, mk_contexts, rm_contexts
prefix of all the files with damon to avoid colliding naming
* sys/linux/damon.txt: standard copyright statement added
* sys/linux/damon.txt.const: const file of sys/linux/damon.txt added
* sys/linux/damon.txt: type fix of pid to fmt
* dashboard/config/linux/bits/subsystems.yml: damon configs added for Syzbot
* dashboard/config/linux: generated kernel configs with added damon config
* sys/linux/damon.txt: fmt type fix
* sys/linux/damon.txt: read and close syscalls removed
write and read mk_contexts summarized into one syscall
some refining of syscall interfaces
|
| |
|
|
|
|
|
| |
High values of CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY cause
significant slowdown (see issue #2892). Reduce the value.
Fixes #2892
|
| |
|
|
|
| |
New debugging configs in net-next.
Eric asks to enable them.
|
| |
|
|
| |
Updated the Android 5.10 base to 8d21bcc704ea1 (latest 5.10lts commit).
Regenerated configs.
|
| |
|
|
|
|
| |
This is how the boot-time parameter is called now.
Signed-off-by: Alexander Potapenko <glider@google.com>
|
| |
|
|
|
|
| |
make configs uses host compilers.
This produces constant diffs in the generated configs related to different compiler versions.
Suggest to run make configs under syz-env and check-in configs produced this way.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The arm instance has been broken since ~March this year because lockdep
appears broken on arm [1]. Unfortunately it hasn't been fixed since, and
it is unclear if this is going to happen soon.
Since this is holding up fuzzing on arm, and generally causing dozens of
fixes to still appear as "fix pending" on the syzbot dashboard, simply
disable lockdep on the arm instance.
This will allow to at least make some progress and find bugs with the
remaining configs on the arm instance.
[1] https://lore.kernel.org/all/0000000000004f14c105bde08f75@google.com/
|
| |
|
|
|
|
| |
Simplify contraints on debug.yml and lockdep.yml: kmsan, kcsan, and
kmemleak instances already list nonoise, so there's no point in
adding these constraints to debug.yml and lockdep.yml.
|
| |
|
|
|
|
| |
All of lockdep comes with a number of config options, so let's refactor
it into a separate lockdep.yml, which makes it easier to disable
selectively.
|
| |
|
|
|
|
|
| |
Add the 'onlynet' tag and use it on the KCSAN instance.
Strictly speaking 'wireless', 'bluetooth', and 'hamradio' could also be
included in 'onlynet', but leave them out for now.
|
| |
|
|
|
| |
Move most networking related configs to net.yml, including net drivers
that are dependencies for various features.
|
| | |
|
| |
|
|
|
|
|
| |
5.15 was released, update a few TODOs that were dependent on 5.15 being
properly released.
Re-generate all configs.
|
| |
|
|
|
|
| |
Also, create only 2 binder devices at binderfs creation - we don't need
32 devices anymore, as a separate binderfs instance is now created per
each syz-executor.
|
| |
|
|
|
|
|
|
|
|
|
| |
I think it's secretmem.enable rather than secretmem_enable.
I can't find any useful docs. Here:
module_param_named(enable, secretmem_enable, bool, 0400);
What is the param name?
If it's prefixed with module name, what's the module name for non-modules?
What are the values for bool flags? Does no value at all enable it?
|
| |
|
|
| |
regenerate configs
|
| |
|
|
|
|
|
| |
secretmem_enable is required to enable memfd_secret syscall:
https://elixir.bootlin.com/linux/v5.15-rc6/source/mm/secretmem.c#L202
(the android 5.10 base config was not generated on HEAD somehow)
|
| |
|
|
| |
Signed-off-by: Lee Jones <lee.jones@linaro.org>
|
| |
|
|
|
|
|
| |
"cgroup_disable=pressure cgroup.memory=nokmem" would affect kernel behaviour.
Suggested-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The tag that is provided is from 'android12-5.10-lts'.
The LTS version must be used, as it is more up-to-date in terms of
security fixes and stable back-ports than its non-lts counterpart.
Using a tag from the non-lts branch will result in lots of false
positives which would end up wasting quality engineering time.
Signed-off-by: Lee Jones <lee.jones@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Android
KASAN_STACK_ENABLE was renamed to KASAN_STACK in kernel version v5.11.
This change was also back-ported to android12-5.10, so we need to
provide support for that here too or else `make configs` will complain
that KASAN_STACK_ENABLE is not enabled.
Signed-off-by: Lee Jones <lee.jones@linaro.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do not pretend writes are atomic. While this may currently be a
prevailing preference in the community, it does hide more interesting
bugs [1].
Since we moderate data races anyway, and are still drowning in data
races, a few more won't hurt.
What it does help with, however, is getting better signals about harmful
data races. Most of the read/write data races provide weak signals, but
write/write data races should provide a stronger harmfulness signal [1],
which will help us in selecting data races to investigate further.
[1] https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html
|
| |
|
|
|
| |
CONFIG_KCSAN_DEBUG no longer exists, remove it. Older kernels will set
it to 'n' by default.
|
| |
|
|
|
|
| |
They are unused.
Most of cmdline is in kernel CONFIG_CMDLINE.
Most of sysctl is setup by executor.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Update to latest upstream, linux-next and kmsan.
KMSAN stopped supporting few configs which depend on crypto
and heap auto-init.
|
| |
|
|
|
|
| |
Update the tags for upstream and -next and update all configs.
This pulls in the CONFIG_WERROR disabled-by-default change.
|
| |
|
|
|
|
| |
This reverts commit 23e41b77c691a7e95d822c53f895f8d53326c342.
The config fragment is now unused, remove it.
|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts commit e096c0a2a414e487412c9669426780ce5acdde9d.
After a long discussion [1], Linus decided to default WERROR to
COMPILE_TEST [2]. This means we no longer have to unset the option
explicitly.
[1] https://lkml.kernel.org/r/YTfkO2PdnBXQXvsm@elver.google.com
[2] https://git.kernel.org/torvalds/c/b339ec9c229aaf399296a120d7be0e34fbc355ca
|
| |
|
|
| |
Both architectures have added support for KFENCE.
|
| |
|
|
| |
Update the tags for upstream and -next and update all configs.
|
| |
|
|
|
|
| |
RAW_DRIVER: https://git.kernel.org/torvalds/c/603e4922f1c81fc2ed3a87b4f91a8d3aafc7e093
CAIF_HSI: https://git.kernel.org/torvalds/c/ca75bcf0a83b6cc7f53a593d98ec7121c4839b43
WWAN_CORE: https://git.kernel.org/torvalds/c/89212e160b81e778f829b89743570665810e3b13
|
