| Message ID | 1557228862-9277-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | tomoyo: Don't emit WARNING: string while fuzzing testing. | expand |
On Tue, 7 May 2019, Tetsuo Handa wrote: > Commit cff0e6c3ec3e6230 ("tomoyo: Add a kernel config option for fuzzing > testing.") enabled the learning mode, and syzbot started crashing by > encountering this warning message. Disable this warning if built for > fuzzing testing; otherwise syzbot can't start fuzzing testing. syzbot crashed? Sounds like a bug in syzbot which should be fixed rather than this approach. > > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > Cc: Dmitry Vyukov <dvyukov@google.com> > --- > security/tomoyo/util.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c > index 0517cbd..52752e1 100644 > --- a/security/tomoyo/util.c > +++ b/security/tomoyo/util.c > @@ -1076,8 +1076,10 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) > domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true; > /* r->granted = false; */ > tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]); > +#ifndef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING > pr_warn("WARNING: Domain '%s' has too many ACLs to hold. Stopped learning mode.\n", > domain->domainname->name); > +#endif > } > return false; > } >
From: James Morris <jmorris@namei.org> Date: Tue, May 7, 2019 at 6:45 PM To: Tetsuo Handa Cc: <linux-security-module@vger.kernel.org>, Dmitry Vyukov > On Tue, 7 May 2019, Tetsuo Handa wrote: > > > Commit cff0e6c3ec3e6230 ("tomoyo: Add a kernel config option for fuzzing > > testing.") enabled the learning mode, and syzbot started crashing by > > encountering this warning message. Disable this warning if built for > > fuzzing testing; otherwise syzbot can't start fuzzing testing. > > syzbot crashed? Sounds like a bug in syzbot which should be fixed rather > than this approach. syzbot did not crash, it detected this as kernel crash. > > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > > Cc: Dmitry Vyukov <dvyukov@google.com> > > --- > > security/tomoyo/util.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c > > index 0517cbd..52752e1 100644 > > --- a/security/tomoyo/util.c > > +++ b/security/tomoyo/util.c > > @@ -1076,8 +1076,10 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) > > domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true; > > /* r->granted = false; */ > > tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]); > > +#ifndef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING > > pr_warn("WARNING: Domain '%s' has too many ACLs to hold. Stopped learning mode.\n", > > domain->domainname->name); > > +#endif > > } > > return false; > > } > > > > -- > James Morris > <jmorris@namei.org> >
Here is updated description.
Commit cff0e6c3ec3e6230 ("tomoyo: Add a kernel config option for fuzzing
testing.") enabled the learning mode, but syzkaller is detecting any
"WARNING:" string as a crash. Thus, disable TOMOYO's quota warning if
built for fuzzing testing.
On 2019/05/08 1:49, Dmitry Vyukov wrote:
> From: James Morris <jmorris@namei.org>
> Date: Tue, May 7, 2019 at 6:45 PM
> To: Tetsuo Handa
> Cc: <linux-security-module@vger.kernel.org>, Dmitry Vyukov
>
>> On Tue, 7 May 2019, Tetsuo Handa wrote:
>>
>>> Commit cff0e6c3ec3e6230 ("tomoyo: Add a kernel config option for fuzzing
>>> testing.") enabled the learning mode, and syzbot started crashing by
>>> encountering this warning message. Disable this warning if built for
>>> fuzzing testing; otherwise syzbot can't start fuzzing testing.
>>
>> syzbot crashed? Sounds like a bug in syzbot which should be fixed rather
>> than this approach.
>
> syzbot did not crash, it detected this as kernel crash.
>
>>> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
>>> Cc: Dmitry Vyukov <dvyukov@google.com>
>>> ---
>>> security/tomoyo/util.c | 2 ++
>>> 1 file changed, 2 insertions(+)
>>>
>>> diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
>>> index 0517cbd..52752e1 100644
>>> --- a/security/tomoyo/util.c
>>> +++ b/security/tomoyo/util.c
>>> @@ -1076,8 +1076,10 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
>>> domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true;
>>> /* r->granted = false; */
>>> tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]);
>>> +#ifndef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
>>> pr_warn("WARNING: Domain '%s' has too many ACLs to hold. Stopped learning mode.\n",
>>> domain->domainname->name);
>>> +#endif
>>> }
>>> return false;
>>> }
>>>
>>
>> --
>> James Morris
>> <jmorris@namei.org>
>>
>
On Tue, 7 May 2019, Tetsuo Handa wrote: > Commit cff0e6c3ec3e6230 ("tomoyo: Add a kernel config option for fuzzing > testing.") enabled the learning mode, and syzbot started crashing by > encountering this warning message. Disable this warning if built for > fuzzing testing; otherwise syzbot can't start fuzzing testing. > > Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> > Cc: Dmitry Vyukov <dvyukov@google.com> Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-tomoyo
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index 0517cbd..52752e1 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c @@ -1076,8 +1076,10 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r) domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true; /* r->granted = false; */ tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]); +#ifndef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING pr_warn("WARNING: Domain '%s' has too many ACLs to hold. Stopped learning mode.\n", domain->domainname->name); +#endif } return false; }
Commit cff0e6c3ec3e6230 ("tomoyo: Add a kernel config option for fuzzing testing.") enabled the learning mode, and syzbot started crashing by encountering this warning message. Disable this warning if built for fuzzing testing; otherwise syzbot can't start fuzzing testing. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Cc: Dmitry Vyukov <dvyukov@google.com> --- security/tomoyo/util.c | 2 ++ 1 file changed, 2 insertions(+)