From 0ede5bfc57b8910f6436a23955422fae109636c2 Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov Date: Mon, 25 Apr 2022 08:07:36 +0200 Subject: dashboard/config/linux: disable MSR writes Randomly changing MSRs can have unpredictable results. We tried to protect from writes on descriptions level, but it does not work well, the fuzzer has figured out: 03:37:28 executing program 3: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='fd/3\x00') pwritev(r0, ...) Fortunately there is a command line argument that disables all writes. Use it instead. Note: older kernels will need: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a7e1f67ed29f https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=02a16aa13574 --- dashboard/config/linux/bits/base.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'dashboard/config/linux/bits') diff --git a/dashboard/config/linux/bits/base.yml b/dashboard/config/linux/bits/base.yml index c9cf71a1e..2c0cb18c3 100644 --- a/dashboard/config/linux/bits/base.yml +++ b/dashboard/config/linux/bits/base.yml @@ -33,7 +33,7 @@ config: # Huge page overcommit is disabled by default, allowing some overcommit # with vm.nr_overcommit_hugepages is intended to give more coverage. # secretmem_enable enables memfd_secret syscall. - - CMDLINE: "earlyprintk=serial net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 ima_policy=tcb nf-conntrack-ftp.ports=20000 nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000 nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000 binder.debug_mask=0 rcupdate.rcu_expedited=1 no_hash_pointers page_owner=on sysctl.vm.nr_hugepages=4 sysctl.vm.nr_overcommit_hugepages=4 secretmem.enable=1 sysctl.max_rcu_stall_to_panic=1" + - CMDLINE: "earlyprintk=serial net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 ima_policy=tcb nf-conntrack-ftp.ports=20000 nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000 nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000 binder.debug_mask=0 rcupdate.rcu_expedited=1 no_hash_pointers page_owner=on sysctl.vm.nr_hugepages=4 sysctl.vm.nr_overcommit_hugepages=4 secretmem.enable=1 sysctl.max_rcu_stall_to_panic=1 msr.allow_writes=off" # We don't need lots, but some configs set it to 2 which is too low. - NR_CPUS: 8 -- cgit mrf-deployment