Andrey Konovalov (5):
kasan: fix assigning tags twice
kasan, kmemleak: pass tagged pointers to kmemleak
kmemleak: account for tagged pointers when calculating pointer range
kasan, slub: move kasan_poison_slab hook before page_address
kasan, slub: fix conflicts with
When an object is kmalloc()'ed, two hooks are called: kasan_slab_alloc()
and kasan_kmalloc(). Right now we assign a tag twice, once in each of
the hooks. Fix it by assigning a tag only in the former hook.
Signed-off-by: Andrey Konovalov
---
mm/kasan/common.c
untag pointers before saving them to min_addr
and max_addr and when performing a lookup.
Signed-off-by: Andrey Konovalov
---
mm/kmemleak.c | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index f9d9dc250428..707fa5579f66 100644
--- a/mm
dress() is called before kasan_poison_slab(). Fix it by changing
the order.
Signed-off-by: Andrey Konovalov
---
mm/slub.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/mm/slub.c b/mm/slub.c
index 4a3d7686902f..ce874a5c9ee7 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -16
perly
propagate tags throughout the loop.
Reported-by: Qian Cai
Signed-off-by: Andrey Konovalov
---
mm/slub.c | 20 +++-
1 file changed, 7 insertions(+), 13 deletions(-)
diff --git a/mm/slub.c b/mm/slub.c
index ce874a5c9ee7..0d32f8d30752 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -3
ed-by: Qian Cai
Signed-off-by: Andrey Konovalov
---
mm/slab.h| 6 ++
mm/slab_common.c | 2 +-
mm/slub.c| 3 ++-
3 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/mm/slab.h b/mm/slab.h
index 4190c24ef0e9..638ea1b25d39 100644
--- a/mm/slab.h
+++ b/mm/slab.h
@@ -437,11 +
On Tue, Feb 12, 2019 at 3:43 AM Qian Cai wrote:
>
>
>
> On 2/11/19 4:59 PM, Andrey Konovalov wrote:
> > CONFIG_SLAB_FREELIST_HARDENED hashes freelist pointer with the address
> > of the object where the pointer gets stored. With tag based KASAN we don't
> > acco
On Mon, Mar 18, 2019 at 6:35 PM Eric Dumazet wrote:
>
> On Mon, Mar 18, 2019 at 10:18 AM Andrey Konovalov
> wrote:
> >
> > This patch is a part of a series that extends arm64 kernel ABI to allow to
> > pass tagged user pointers (with the top byte set to something e
On Fri, Sep 6, 2019 at 3:51 PM Will Deacon wrote:
>
> On Wed, Sep 04, 2019 at 06:41:00PM +0200, Andrey Konovalov wrote:
> > tags_test.c relies on PR_SET_TAGGED_ADDR_CTRL/PR_TAGGED_ADDR_ENABLE being
> > present in system headers. When this is not the case the build of this
&
On Wed, Aug 21, 2019 at 6:38 PM syzbot
wrote:
>
> Hello,
>
> syzbot has tested the proposed patch and the reproducer did not trigger
> crash:
>
> Reported-and-tested-by:
> syzbot+ded1794a717e3b235...@syzkaller.appspotmail.com
>
> Tested on:
>
> commit: e96407b4 usb-fuzzer: main usb gadget
On Thu, Aug 22, 2019 at 5:05 AM Eric Biggers wrote:
>
> On Mon, Aug 19, 2019 at 05:22:07AM -0700, syzbot wrote:
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:5181b473 net: phy: realtek: add NBase-T PHY auto-detection
> > git tree: net-next
> > console output
On Tue, Sep 3, 2019 at 2:08 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:eea39f24 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=165e5
On Tue, Sep 3, 2019 at 2:08 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:eea39f24 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=140a7
On Tue, Sep 3, 2019 at 2:08 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:eea39f24 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=16ab9
On Tue, Sep 3, 2019 at 2:08 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:eea39f24 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=168ec
On Tue, Sep 3, 2019 at 2:08 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:eea39f24 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=17398
On Tue, Sep 3, 2019 at 4:56 PM Daniel Axtens wrote:
>
> Provide the current number of vmalloc shadow pages in
> /sys/kernel/debug/kasan_vmalloc/shadow_pages.
Maybe it makes sense to put this into /sys/kernel/debug/kasan/
(without _vmalloc) and name e.g. vmalloc_shadow_pages? In case we want
to ex
ddr);
> } else {
> diff --git a/mm/kasan/tags_report.c b/mm/kasan/tags_report.c
> index 8eaf5f722271..969ae08f59d7 100644
> --- a/mm/kasan/tags_report.c
> +++ b/mm/kasan/tags_report.c
> @@ -36,6 +36,30 @@
>
> const char *get_bug_type(struct kasan_access_info *info)
> {
> +#ifdef CONFIG_KASAN_SW_TAGS_IDENTIFY
> + struct kasan_alloc_meta *alloc_meta;
> + struct kmem_cache *cache;
> + struct page *page;
> + const void *addr;
> + void *object;
> + u8 tag;
> + int i;
> +
> + tag = get_tag(info->access_addr);
> + addr = reset_tag(info->access_addr);
> + page = kasan_addr_to_page(addr);
> + if (page && PageSlab(page)) {
> + cache = page->slab_cache;
> + object = nearest_obj(cache, page, (void *)addr);
> + alloc_meta = get_alloc_info(cache, object);
> +
> + for (i = 0; i < KASAN_NR_FREE_STACKS; i++)
> + if (alloc_meta->free_pointer_tag[i] == tag)
> + return "use-after-free";
> + return "out-of-bounds";
I think we should keep the "invalid-access" bug type here if we failed
to identify the bug as a "use-after-free" (and change the patch
description accordingly).
Other than that:
Acked-by: Andrey Konovalov
> + }
> +
> +#endif
> return "invalid-access";
> }
>
> --
> 2.21.0
>
On Fri, Aug 23, 2019 at 3:56 PM Cristian Marussi
wrote:
>
> Hi Andrey
>
> On 24/06/2019 15:33, Andrey Konovalov wrote:
> > This patch is a part of a series that extends kernel ABI to allow to pass
> > tagged user pointers (with the top byte set to something else other t
On Wed, Sep 4, 2019 at 8:51 AM Walter Wu wrote:
>
> This patch is KASAN report adds the alloc/free stacks for page allocator
> in order to help programmer to see memory corruption caused by page.
>
> By default, KASAN doesn't record alloc/free stack for page allocator.
> It is difficult to fix up
On Wed, Sep 4, 2019 at 4:41 PM Alan Stern wrote:
>
> On Tue, 3 Sep 2019, syzbot wrote:
>
> > Hello,
> >
> > syzbot has tested the proposed patch but the reproducer still triggered
> > crash:
> > KASAN: slab-out-of-bounds Read in usb_reset_and_verify_device
> >
> > usb 6-1: Using ep0 maxpacket: 16
Suggested-by: Cristian Marussi
Signed-off-by: Andrey Konovalov
---
tools/testing/selftests/arm64/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/arm64/Makefile
b/tools/testing/selftests/arm64/Makefile
index a61b2e743e99..f9f79fb272f0 100644
--- a/tools
On Tue, Sep 3, 2019 at 2:17 PM Andrey Konovalov wrote:
>
> On Tue, Sep 3, 2019 at 2:08 PM syzbot
> wrote:
> >
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:eea39f24 usb-fuzzer: main usb gadget fuzzer driver
> >
On Thu, Sep 5, 2019 at 4:20 AM Hui Peng wrote:
>
> Can you guys have a look at the attached patch?
Let's try it:
#syz test: https://github.com/google/kasan.git eea39f24
FYI: there are two more reports coming from this driver, which might
(or might not) have the same root cause. One of them has
On Thu, Sep 5, 2019 at 1:27 PM syzbot
wrote:
>
> Hello,
>
> syzbot has tested the proposed patch and the reproducer did not trigger
> crash:
>
> Reported-and-tested-by:
> syzbot+14b53bfeb17f2b210...@syzkaller.appspotmail.com
>
> Tested on:
>
> commit: eea39f24 usb-fuzzer: main usb gadget f
On Tue, Jul 30, 2019 at 2:28 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:7f7867ff usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=11a7
On Thu, Jul 25, 2019 at 2:08 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:6a3599ce usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=10d7
On Mon, Aug 19, 2019 at 4:48 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:d0847550 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=15fb
On Fri, Sep 13, 2019 at 10:35 PM Alan Stern wrote:
>
> On Fri, 13 Sep 2019, syzbot wrote:
>
> > syzbot has found a reproducer for the following crash on:
> >
> > HEAD commit:f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
> > git tree: https://github.com/google/kasan.git usb-fuzzer
>
On Mon, Sep 16, 2019 at 10:31 PM Alan Stern wrote:
>
> On Mon, 16 Sep 2019, syzbot wrote:
>
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:014077b5 DO-NOT-SUBMIT: usb-fuzzer: main usb gadget fuzzer..
> > git tree: https://github.com/google/kmsan.git master
>
On Tue, Sep 17, 2019 at 10:01 AM Hillf Danton wrote:
>
>
> On Mon, 16 Sep 2019 14:42:06 -0700
> >
> > syzbot has found a reproducer for the following crash on:
> >
> > HEAD commit:f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
> > git tree: https://github.com/google/kasan.git usb-fuz
On Mon, Sep 16, 2019 at 6:40 PM Alan Stern wrote:
>
> On Mon, 16 Sep 2019, syzbot wrote:
>
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
> > git tree: https://github.com/google/kasan.git usb-fuzzer
> > conso
On Tue, Sep 17, 2019 at 1:19 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=166a
On Mon, Sep 16, 2019 at 8:49 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=10ef
On Mon, Sep 16, 2019 at 8:49 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=1498
On Mon, Sep 16, 2019 at 8:49 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=1462
On Mon, Sep 16, 2019 at 8:49 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=1681
On Mon, Sep 16, 2019 at 8:49 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:014077b5 DO-NOT-SUBMIT: usb-fuzzer: main usb gadget fuzzer..
> git tree: https://github.com/google/kmsan.git master
> console output: https://syzkaller.appspot.com/x/log.txt?
On Tue, Sep 17, 2019 at 4:51 PM Alan Stern wrote:
>
> On Tue, 17 Sep 2019, Dmitry Vyukov wrote:
>
> > On Mon, Sep 16, 2019 at 10:31 PM Alan Stern
> > wrote:
> > >
> > > On Mon, 16 Sep 2019, syzbot wrote:
> > >
> > > > Hello,
> > > >
> > > > syzbot found the following crash on:
> > > >
> > > > HE
On Tue, Sep 17, 2019 at 5:28 PM Alan Stern wrote:
>
> On Tue, 17 Sep 2019, Andrey Konovalov wrote:
>
> > On Tue, Sep 17, 2019 at 4:51 PM Alan Stern
> > wrote:
> > >
> > > On Tue, 17 Sep 2019, Dmitry Vyukov wrote:
> > >
> > > >
On Tue, Sep 17, 2019 at 11:44 PM Rafael J. Wysocki wrote:
>
> On Mon, Sep 16, 2019 at 8:49 PM syzbot
> wrote:
> >
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
> > git tree: https://github.com/google/kasan.
On Mon, Sep 16, 2019 at 6:32 PM Alan Stern wrote:
>
> On Mon, 16 Sep 2019, Andrey Konovalov wrote:
>
> > On Fri, Sep 13, 2019 at 10:35 PM Alan Stern
> > wrote:
> > >
> > > On Fri, 13 Sep 2019, syzbot wrote:
> > >
> > > &
On Wed, Oct 2, 2019 at 8:16 AM Nick Hu wrote:
>
> This patch ports the feature Kernel Address SANitizer (KASAN).
Hi Nick,
Please also update KASAN documentation to mention that riscv is supported.
Thanks!
>
> Note: The start address of shadow memory is at the beginning of kernel
> space, which
> ../arch/sparc/include/asm/pgtable_64.h:1102:2: note: to match this '('
> ((__typeof__(addr))(__untagged_addr((unsigned long)(addr)))
> ^
> ../mm/gup.c:791:10: note: in expansion of macro 'untagged_addr'
> start = untagged_addr(start);
> ^~~~~
> ..
On Fri, Apr 12, 2019 at 4:26 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:9a33b369 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan/tree/usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=124
On Wed, Aug 14, 2019 at 4:08 PM Ganapathi Bhat wrote:
>
> Hi Dmitry/Kalle,
>
> > >>
> > >> Hi Dmitry,
> > >>
> > >> We have a patch to fix this:
> > >> https://patchwork.kernel.org/patch/10990275/
> > >
> > > Hi Ganapathi,
> > >
> > > Has this patch been accepted anywhere? This bug is still open o
On Tue, Sep 17, 2019 at 8:24 PM Alan Stern wrote:
>
> On Mon, 16 Sep 2019, syzbot wrote:
>
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
> > git tree: https://github.com/google/kasan.git usb-fuzzer
> > conso
On Thu, Sep 19, 2019 at 10:24 AM Johan Hovold wrote:
>
> On Mon, Sep 16, 2019 at 06:29:12AM -0700, syzbot wrote:
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
> > git tree: https://github.com/google/kasan.gi
On Wed, Sep 18, 2019 at 8:57 PM Alan Stern wrote:
>
> On Tue, 17 Sep 2019, syzbot wrote:
>
> > Hello,
> >
> > syzbot has tested the proposed patch but the reproducer still triggered
> > crash:
> > WARNING in sysfs_remove_group
> >
> > [ cut here ]
> > sysfs group 'power' no
On Tue, Sep 17, 2019 at 8:24 PM Alan Stern wrote:
>
> On Mon, 16 Sep 2019, syzbot wrote:
>
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
> > git tree: https://github.com/google/kasan.git usb-fuzzer
> > conso
On Thu, Sep 19, 2019 at 8:19 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:e0bd8d79 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=17d6
On Thu, Sep 19, 2019 at 8:19 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:014077b5 DO-NOT-SUBMIT: usb-fuzzer: main usb gadget fuzzer..
> git tree: https://github.com/google/kmsan.git master
> console output: https://syzkaller.appspot.com/x/log.txt?
On Wed, Sep 4, 2019 at 6:38 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:eea39f24 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=15214
On Mon, Sep 16, 2019 at 10:58 PM Matthew Wilcox wrote:
>
> On Mon, Sep 16, 2019 at 01:00:11PM -0700, David Rientjes wrote:
> > On Mon, 16 Sep 2019, syzbot wrote:
> > > HEAD commit:f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
> > > git tree: https://github.com/google/kasan.git usb-f
On Fri, Sep 20, 2019 at 12:08 PM Dmitry Vyukov wrote:
>
> On Fri, Sep 20, 2019 at 12:02 PM Johan Hovold wrote:
> >
> > On Fri, Sep 20, 2019 at 02:20:00AM -0700, syzbot wrote:
> > > Hello,
> > >
> > > syzbot has tested the proposed patch but the reproducer still triggered
> > > crash:
> > > KASAN:
On Fri, Sep 20, 2019 at 3:49 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:e0bd8d79 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=17cb
On Tue, Sep 24, 2019 at 4:19 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:d9e63adc usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=1602
On Tue, Sep 24, 2019 at 4:33 PM Alan Stern wrote:
>
> On Tue, 24 Sep 2019, Andrey Konovalov wrote:
>
> > On Tue, Sep 24, 2019 at 4:19 PM syzbot
> > wrote:
> > >
> > > Hello,
> > >
> > > syzbot found the following crash on:
> > >
On Wed, Sep 25, 2019 at 4:10 PM Alan Stern wrote:
>
> On Wed, 25 Sep 2019, syzbot wrote:
>
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:d9e63adc usb-fuzzer: main usb gadget fuzzer driver
> > git tree: https://github.com/google/kasan.git usb-fuzzer
> > conso
On Mon, Jul 29, 2019 at 1:48 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:6a3599ce usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=1408
On Mon, Sep 16, 2019 at 3:29 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=176a
On Mon, Sep 16, 2019 at 3:29 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:f0df5c1b usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=11ca
On Mon, Aug 19, 2019 at 4:48 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:d0847550 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=1160
On Mon, Aug 19, 2019 at 4:48 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:d0847550 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=14ff
On Mon, Aug 19, 2019 at 4:48 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:d0847550 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=1365
On Fri, Sep 20, 2019 at 5:41 PM Andrey Konovalov wrote:
>
> On Mon, Aug 19, 2019 at 4:48 PM syzbot
> wrote:
> >
> > Hello,
> >
> > syzbot found the following crash on:
> >
> > HEAD commit:d0847550 usb-fuzzer: main usb gadget fuzzer driver
On Thu, Sep 19, 2019 at 8:19 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:e0bd8d79 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=10c4
On Tue, Jul 9, 2019 at 2:27 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:7829a896 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=118d1
On Fri, Sep 20, 2019 at 7:09 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:e0bd8d79 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=12f0
On Fri, Sep 20, 2019 at 8:59 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:e0bd8d79 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=1670
On Mon, Sep 23, 2019 at 11:42 AM Peter Chen wrote:
>
> > On Tue, Jul 9, 2019 at 2:27 PM syzbot
> > wrote:
> > >
> > > Hello,
> > >
> > > syzbot found the following crash on:
> > >
> > > HEAD commit:7829a896 usb-fuzzer: main usb gadget fuzzer driver
> > > git tree: https://github.com/goo
On Mon, Sep 23, 2019 at 4:31 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:e0bd8d79 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=14d4
On Mon, Aug 19, 2019 at 3:34 PM Will Deacon wrote:
>
> On Mon, Aug 19, 2019 at 02:23:48PM +0100, Mark Rutland wrote:
> > On Mon, Aug 19, 2019 at 01:56:26PM +0100, Will Deacon wrote:
> > > On Mon, Aug 19, 2019 at 07:44:20PM +0800, Walter Wu wrote:
> > > > __arm_v7s_unmap() call iopte_deref() to tra
On Mon, Aug 19, 2019 at 5:03 PM Mark Rutland wrote:
>
> On Mon, Aug 19, 2019 at 04:05:22PM +0200, Andrey Konovalov wrote:
> > On Mon, Aug 19, 2019 at 3:34 PM Will Deacon wrote:
> > >
> > > On Mon, Aug 19, 2019 at 02:23:48PM +0100, Mark Rutland wrote:
> > &g
e that tag in the shadow
> is the same as in the pointer.
>
> Fixes: 7f94ffbc4c6a ("kasan: add hooks implementation for tag-based mode")
> Signed-off-by: Andrey Ryabinin
> Reported-by: Walter Wu
> Reported-by: Mark Rutland
> Cc:
Reviewed-by: Andrey Konovalov
>
Documentation/dev-tools/kcov.rst for details). As the result kcov can
now be used to collect coverage from vhost worker threads.
Signed-off-by: Andrey Konovalov
---
drivers/vhost/vhost.c | 6 ++
drivers/vhost/vhost.h | 1 +
2 files changed, 7 insertions(+)
diff --git a/drivers/vhost/vhost.c b
/dev-tools/kcov.rst for details), each USB bus gets a unique
global handle id from the USB subsystem kcov handle id range. As the
result kcov can now be used to collect coverage from events that happen on
a particular USB bus.
Signed-off-by: Andrey Konovalov
---
drivers/usb/core/hub.c | 5 +
1
Changed encoding of kcov remote handle ids, see the documentation.
- Added a comment reference for kcov_sequence task_struct field.
- Change common_handle type to u32.
- Add checks for handle validity into kcov_ioctl_locked() and
kcov_remote_start().
- Updated documentation to reflect the changes.
coverage by via a common
handle, kcov will collect coverage for each code section that is annotated
to use the common handle obtained as kcov_handle from the current
task_struct. However non common handles allow to collect coverage
selectively from different subsystems.
Signed-off-by: A
On Mon, Oct 21, 2019 at 3:53 PM Dmitry Vyukov wrote:
>
> On Thu, Oct 17, 2019 at 7:44 PM Andrey Konovalov
> wrote:
> >
> > Currently kcov can only collect coverage for syscalls that are issued
> > from the current process. This patch adds support for KCOV_REMOT
On Wed, Oct 23, 2019 at 10:36 AM Dmitry Vyukov wrote:
>
> On Tue, Oct 22, 2019 at 6:46 PM Andrey Konovalov
> wrote:
> >
> > This patch adds kcov_remote_start()/kcov_remote_stop() annotations to the
> > vhost_worker() function, which is responsible for proces
On Wed, Oct 23, 2019 at 3:50 PM Dmitry Vyukov wrote:
>
> On Wed, Oct 23, 2019 at 3:35 PM Andrey Konovalov
> wrote:
> >
> > On Wed, Oct 23, 2019 at 10:36 AM Dmitry Vyukov wrote:
> > >
> > > On Tue, Oct 22, 2019 at 6:46 PM Andrey Konovalov
>
ed encoding of kcov remote handle ids, see the documentation.
- Added a comment reference for kcov_sequence task_struct field.
- Change common_handle type to u32.
- Add checks for handle validity into kcov_ioctl_locked() and
kcov_remote_start().
- Updated documentation to reflect the changes.
Andre
coverage by via a common
handle, kcov will collect coverage for each code section that is annotated
to use the common handle obtained as kcov_handle from the current
task_struct. However non common handles allow to collect coverage
selectively from different subsystems.
Signed-off-by: A
/dev-tools/kcov.rst for details), each USB bus gets a unique
global handle id from the USB subsystem kcov handle id range. As the
result kcov can now be used to collect coverage from events that happen on
a particular USB bus.
Signed-off-by: Andrey Konovalov
---
drivers/usb/core/hub.c | 5 +
1
Documentation/dev-tools/kcov.rst for details). As the result kcov can
now be used to collect coverage from vhost worker threads.
Signed-off-by: Andrey Konovalov
---
drivers/vhost/vhost.c | 6 ++
drivers/vhost/vhost.h | 1 +
2 files changed, 7 insertions(+)
diff --git a/drivers/vhost/vhost.c b
On Wed, Oct 9, 2019 at 6:09 PM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:58d5f26a usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=14932
On Tue, Sep 24, 2019 at 4:38 PM Greg Kroah-Hartman
wrote:
>
> On Tue, Sep 24, 2019 at 10:33:12AM -0400, Alan Stern wrote:
> > On Tue, 24 Sep 2019, Andrey Konovalov wrote:
> >
> > > On Tue, Sep 24, 2019 at 4:19 PM syzbot
> > > wrote:
> > > >
On Thu, Sep 19, 2019 at 11:44 PM syzbot
wrote:
>
> Hello,
>
> syzbot has tested the proposed patch and the reproducer did not trigger
> crash:
>
> Reported-and-tested-by:
> syzbot+745b0dff8028f9488...@syzkaller.appspotmail.com
>
> Tested on:
>
> commit: e0bd8d79 usb-fuzzer: main usb gadget
On Fri, Oct 11, 2019 at 4:08 PM Alan Stern wrote:
>
> On Fri, 11 Oct 2019, Jaskaran Singh wrote:
>
> > On Mon, 2019-10-07 at 12:39 -0700, syzbot wrote:
> > > Hello,
> > >
> > > syzbot found the following crash on:
> > >
> > > HEAD commit:1e76a3e5 kmsan: replace __GFP_NO_KMSAN_SHADOW with
> > >
Raw Gadget.
Signed-off-by: Andrey Konovalov
---
Documentation/usb/raw-gadget.rst | 6 +-
drivers/usb/gadget/legacy/raw_gadget.c | 194 -
include/uapi/linux/usb/raw_gadget.h| 84 ++-
3 files changed, 207 insertions(+), 77 deletions(-)
diff --git a/D
On Tue, Apr 28, 2020 at 9:46 PM Andrey Konovalov wrote:
>
> Currently automatic gadget endpoint selection based on required features
> doesn't work. Raw Gadget tries iterating over the list of available
> endpoints and finding one that has the right direction and transfer type
On Tue, Apr 28, 2020 at 9:46 PM Andrey Konovalov wrote:
>
> Currently automatic gadget endpoint selection based on required features
> doesn't work. Raw Gadget tries iterating over the list of available
> endpoints and finding one that has the right direction and transfer type
On Wed, Apr 29, 2020 at 3:14 AM Alan Stern wrote:
>
> On Tue, 28 Apr 2020, Andrey Konovalov wrote:
>
> > Hi Alan,
> >
> > This patch uses the approach that I mentioned in the discussion about
> > endpoint selection. Does this look acceptable?
>
> I
h
Raw Gadget.
Fixes: f2c2e717642c ("usb: gadget: add raw-gadget interface")
Signed-off-by: Andrey Konovalov
---
Changes v1 -> v2:
- Validate endpoint number against dev->eps_num instead of
USB_RAW_EPS_NUM_MAX.
- Dropped maxburst from struct usb_raw_ep_limits, added reserved fiel
L_SET/CLEAR_HALT/WEDGE allow to set/clear halt/wedge status
on non-control non-isochronous endpoints.
Fixes: f2c2e717642c ("usb: gadget: add raw-gadget interface")
Signed-off-by: Andrey Konovalov
---
This goes on top of:
[PATCH v2] usb: raw-gadget: fix gadget endpoint selection
whic
On Thu, Apr 30, 2020 at 3:08 AM Andrey Konovalov wrote:
>
> Raw Gadget is currently unable to stall/halt/wedge gadget endpoints,
> which is required for proper emulation of certain USB classes.
>
> This patch adds a few more ioctls:
>
> - USB_RAW_IOCTL_EP0_STALL allows to s
L_SET/CLEAR_HALT/WEDGE allow to set/clear halt/wedge status
on non-control non-isochronous endpoints.
Fixes: f2c2e717642c ("usb: gadget: add raw-gadget interface")
Signed-off-by: Andrey Konovalov
---
Changes v1 -> v2:
- Use unique ioctl numbers.
This goes on top of:
[PATCH v2] us
On Fri, Oct 11, 2019 at 5:06 PM Greg Kroah-Hartman
wrote:
>
> On Fri, Oct 11, 2019 at 10:53:47AM -0400, Alan Stern wrote:
> > On Fri, 11 Oct 2019, Andrey Konovalov wrote:
> >
> > > On Fri, Oct 11, 2019 at 4:08 PM Alan Stern
> > > wrote:
> >
> > &
On Thu, Oct 17, 2019 at 3:42 AM syzbot
wrote:
>
> Hello,
>
> syzbot found the following crash on:
>
> HEAD commit:22be26f7 usb-fuzzer: main usb gadget fuzzer driver
> git tree: https://github.com/google/kasan.git usb-fuzzer
> console output: https://syzkaller.appspot.com/x/log.txt?x=1756
701 - 800 of 2085 matches
Mail list logo
