Arm + KASAN + syzbot
Dmitry Vyukov
dvyukov at google.com
Tue Jan 19 13:57:16 EST 2021
On Tue, Jan 19, 2021 at 1:37 PM Russell King - ARM Linux admin
<linux at armlinux.org.uk> wrote:
>
> On Tue, Jan 19, 2021 at 01:05:11PM +0100, Dmitry Vyukov wrote:
> > Yes, I used the qemu -dtb flag.
> >
> > I tried to use CONFIG_ARM_APPENDED_DTB because it looks like a very
> > nice option. However, I couldn't make it work.
> > I enabled:
> > CONFIG_ARM_APPENDED_DTB=y
> > CONFIG_ARM_ATAG_DTB_COMPAT=y
> > # CONFIG_ARM_ATAG_DTB_COMPAT_CMDLINE_FROM_BOOTLOADER is not set
> > CONFIG_ARM_ATAG_DTB_COMPAT_CMDLINE_EXTEND=y
> > and removed qemu -dtb flag and I see:
> >
> > Error: invalid dtb and unrecognized/unsupported machine ID
> > r1=0x000008e0, r2=0x80000100
> > r2[]=05 00 00 00 01 00 41 54 01 00 00 00 00 10 00 00
>
> Right, r2 now doesn't point at valid DT, but points to an ATAG list.
>
> The decompressor should notice that, and fix up the appended DTB.
>
> I assume you concatenated the zImage and the appropriate DTB and
> passed _that_ as the kernel to qemu?
Mkay, I didn't. I assumed kbuild will do this for me.
Appending dtb works, but not completely. I did:
cp arch/arm/boot/zImage arch/arm/boot/zImage.dtb
cat arch/arm/boot/dts/vexpress-v2p-ca15-tc1.dtb >> arch/arm/boot/zImage.dtb
Now I have:
ls -l arch/arm/boot/zImage* arch/arm/boot/dts/vexpress-v2p-ca15-tc1.dtb
-rw-r----- 1 dvyukov primarygroup 13209 Jan 14 13:41
arch/arm/boot/dts/vexpress-v2p-ca15-tc1.dtb
-rwxr-x--- 1 dvyukov primarygroup 33712008 Jan 19 16:55 arch/arm/boot/zImage
-rwxr-x--- 1 dvyukov primarygroup 33725217 Jan 19 18:57 arch/arm/boot/zImage.dtb
Using "-kernel arch/arm/boot/zImage -dtb
arch/arm/boot/dts/vexpress-v2p-ca15-tc1.dtb" fully works.
Using just "-kernel arch/arm/boot/zImage" does not work, not output
from qemu whatsoever (expected).
But using just "-kernel arch/arm/boot/zImage.dtb" gives an interesting
effect. Kernel starts booting, I see console output up to late init
stages, but then it can't find the root device.
So appended dtb works... but only in half. Is names of block devices
something that's controlled by dtb?
[ 89.140285][ T1] VFS: Cannot open root device "vda" or
unknown-block(0,0): error -6
[ 89.144547][ T1] Please append a correct "root=" boot option;
here are the available partitions:
[ 89.146058][ T1] 0100 4096 ram0
[ 89.146295][ T1] (driver?)
[ 89.147537][ T1] 0101 4096 ram1
[ 89.147740][ T1] (driver?)
[ 89.148948][ T1] 0102 4096 ram2
[ 89.149150][ T1] (driver?)
[ 89.150296][ T1] 0103 4096 ram3
[ 89.150497][ T1] (driver?)
[ 89.152714][ T1] 0104 4096 ram4
[ 89.152920][ T1] (driver?)
[ 89.154198][ T1] 0105 4096 ram5
[ 89.154401][ T1] (driver?)
[ 89.155609][ T1] 0106 4096 ram6
[ 89.155811][ T1] (driver?)
[ 89.157020][ T1] 0107 4096 ram7
[ 89.157221][ T1] (driver?)
[ 89.158507][ T1] 0108 4096 ram8
[ 89.158708][ T1] (driver?)
[ 89.159907][ T1] 0109 4096 ram9
[ 89.160109][ T1] (driver?)
[ 89.163842][ T1] 010a 4096 ram10
[ 89.164055][ T1] (driver?)
[ 89.165300][ T1] 010b 4096 ram11
[ 89.165502][ T1] (driver?)
[ 89.166705][ T1] 010c 4096 ram12
[ 89.166906][ T1] (driver?)
[ 89.168131][ T1] 010d 4096 ram13
[ 89.168341][ T1] (driver?)
[ 89.169551][ T1] 010e 4096 ram14
[ 89.169753][ T1] (driver?)
[ 89.170957][ T1] 010f 4096 ram15
[ 89.172047][ T1] (driver?)
[ 89.175569][ T1] 1f00 131072 mtdblock0
[ 89.175801][ T1] (driver?)
[ 89.177051][ T1] 1f01 32768 mtdblock1
[ 89.177256][ T1] (driver?)
[ 89.178481][ T1] 1f02 128 mtdblock2
[ 89.178685][ T1] (driver?)
Just in case, that's v5.11-rc4 with this config:
https://gist.githubusercontent.com/dvyukov/aeb69235ff37a3d48c1a8a74c2fad162/raw/b37273ba14306d4ca2e2fffc07af41c759e092b7/gistfile1.txt
and this qemu command line:
qemu-system-arm -machine vexpress-a15 -cpu max -smp 2 -m 2G
-device virtio-blk-device,drive=hd0 -drive
if=none,format=raw,id=hd0,file=image-arm -snapshot -kernel
arch/arm/boot/zImage.dtb -nographic -netdev
user,host=10.0.2.10,hostfwd=tcp::10022-:22,id=net0 -device
virtio-net-device,netdev=net0 -append "earlyprintk=serial oops=panic
panic_on_warn=1 nmi_watchdog=panic panic=86400 net.ifnames=0
sysctl.kernel.hung_task_all_cpu_backtrace=1 ima_policy=tcb
kvm-intel.nested=1 nf-conntrack-ftp.ports=20000
nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000
nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000
vivid.n_devs=16 vivid.multiplanar=1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2
netrom.nr_ndevs=16 rose.rose_ndevs=16 spec_store_bypass_disable=prctl
numa=fake=2 nopcid dummy_hcd.num=8 binder.debug_mask=0
rcupdate.rcu_expedited=1 root=/dev/vda console=ttyAMA0 vmalloc=512M
watchdog_thresh=165 workqueue.watchdog_thresh=420"
More information about the linux-arm-kernel
mailing list