From 77fea9231d86fc49b057fc23851653f880d6db0f Mon Sep 17 00:00:00 2001
From: Marco Elver <elver@google.com>
Date: Thu, 29 Jun 2023 14:21:27 +0200
Subject: dashboard/config/linux: introduce upstream-kasan-badwrites.config

Introduce a variant of upstream-apparmor-kasan, which enables:

	- kasan.fault=panic_on_write [1]
	- kasan_multi_shot, so that panic_on_warn does cause KASAN to
	  panic on bad non-write accesses

As discussed in [1], "KASAN reported invalid _writes_ are of special
interest, because they have greater potential to corrupt random kernel
memory or be more easily exploited."

With this config we can set up a syzbot instance that can detect such
issues.

[1] https://lore.kernel.org/linux-mm/20230614095158.1133673-1-elver@google.com/
---
 dashboard/config/linux/bits/kasan_panic_on_write.yml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 dashboard/config/linux/bits/kasan_panic_on_write.yml

(limited to 'dashboard/config/linux/bits')

diff --git a/dashboard/config/linux/bits/kasan_panic_on_write.yml b/dashboard/config/linux/bits/kasan_panic_on_write.yml
new file mode 100644
index 000000000..2cf2e5bff
--- /dev/null
+++ b/dashboard/config/linux/bits/kasan_panic_on_write.yml
@@ -0,0 +1,8 @@
+# Copyright 2023 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+config:
+ # Change KASAN reporting to only panic on bad writes (still reports bad
+ # reads). Enabling multi-shot mode is required to not panic on the first
+ # report if panic_on_warn is on as well.
+ - CMDLINE: [kasan_panic_on_write, append, "kasan.fault=panic_on_write kasan_multi_shot"]
-- 
cgit mrf-deployment