Re: [syzbot] unexpected kernel reboot (4)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2021/04/15 1:16, Tetsuo Handa wrote:
> On 2021/04/15 0:39, Andrey Konovalov wrote:
>> On Wed, Apr 14, 2021 at 7:45 AM Dmitry Vyukov <dvyukov@xxxxxxxxxx> wrote:
>>>
>>> On Tue, Apr 13, 2021 at 11:27 PM syzbot
>>> <syzbot+9ce030d4c89856b27619@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>>>>
>>>> Hello,
>>>>
>>>> syzbot found the following issue on:
>>>>
>>>> HEAD commit:    89698bec Merge tag 'm68knommu-for-v5.12-rc7' of git://git...
>>>> git tree:       upstream
>>>> console output: https://syzkaller.appspot.com/x/log.txt?x=1243fcfed00000
>>>> kernel config:  https://syzkaller.appspot.com/x/.config?x=b234ddbbe2953747
>>>> dashboard link: https://syzkaller.appspot.com/bug?extid=9ce030d4c89856b27619
>>>> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=173e92fed00000
>>>> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=1735da2ed00000
>>>>
>>>> IMPORTANT: if you fix the issue, please add the following tag to the commit:
>>>> Reported-by: syzbot+9ce030d4c89856b27619@xxxxxxxxxxxxxxxxxxxxxxxxx
>>>>
>>>> output_len: 0x000000000e74eb68
>>>> kernel_total_size: 0x000000000f226000
>>>> needed_size: 0x000000000f400000
>>>> trampoline_32bit: 0x000000000009d000
>>>> Decompressing Linux... Parsing ELF... done.
>>>> Booting the kernel.
>>>
>>> +linux-input
>>>
>>> The reproducer connects some USB HID device and communicates with the driver.
>>> Previously we observed reboots because HID devices can trigger reboot
>>> SYSRQ, but we disable it with "CONFIG_MAGIC_SYSRQ is not set".
>>> How else can a USB device reboot the machine? Is it possible to disable it?
>>> I don't see any direct includes of <linux/reboot.h> in drivers/usb/*
>>
>> This happens when a keyboard sends the Ctrl+Alt+Del sequence, see
>> fn_boot_it()->ctrl_alt_del() in drivers/tty/vt/keyboard.c.

Hmm, maybe the reproducer I use and "#syz test:" uses differs.
But since "#syz test:" did not trigger the problem if
https://syzkaller.appspot.com/x/patch.diff?x=14ba0851d00000 is applied,
can we add

        if (fork() == 0) {
                char buf[20] = { };
                int fd = open("/proc/sys/kernel/ctrl-alt-del", O_WRONLY);
                write(fd, "0\n", 2);
                close(fd);
                fd = open("/proc/sys/kernel/cad_pid", O_WRONLY);
                snprintf(buf, sizeof(buf) - 1, "%d\n", getpid());
                write(fd, buf, strlen(buf));
                close(fd);
        }

to the common setup function? This will serve as a temporary workaround
until Linus accepts disable-specific-functionality changes.

There is no need to keep the process referenced by /proc/sys/kernel/cad_pid alive,
for "struct pid" which can remain after the process terminates is saved there.



[Index of Archives]     [Linux Media Devel]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Linux Wireless Networking]     [Linux Omap]

  Powered by Linux