[PATCH] RISC-V: defconfig: Remove CONFIG_SECURITY

Palmer Dabbelt palmer at rivosinc.com
Fri Aug 12 14:53:57 PDT 2022 

On Tue, 09 Aug 2022 23:18:42 PDT (-0700), Palmer Dabbelt wrote:
> A handful of security-related entries were added to defconfig in
> ba6cfef057e1 ("riscv: enable Docker requirements in defconfig"), and
> while they weren't triggering any issues in that actual commit they are
> tripping up kasan after the merge.  Remove them, so we get back to a
> working defconfig.
>
> Fixes: 4d1044fcb996 ("Merge tag 'riscv-for-linus-5.20-mw0' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux")
> Signed-off-by: Palmer Dabbelt <palmer at rivosinc.com>
> ---
> I'm not entirely sure what's going on here: just cherry-picking that
> defconfig onto the merge base of ea0c39260d0c ("Merge tag '9p-for-5.20'
> of https://github.com/martinetd/linux") start triggering kasan failures
> along the lines of
>
> [    2.497182] Unable to handle kernel paging request at virtual address ffebfffefffef000
> [    2.498067] Oops [#1]
> [    2.498304] Modules linked in:
> [    2.498703] CPU: 3 PID: 88 Comm: mount Not tainted 5.19.0-14658-g318ec69153ba #16
> [    2.499169] Hardware name: riscv-virtio,qemu (DT)
> [    2.499581] epc : kasan_check_range+0x116/0x14c
> [    2.500812]  ra : memset+0x1e/0x4c
> [    2.501092] epc : ffffffff8025c7da ra : ffffffff8025ceba sp : ff6000008307fa60
> [    2.501451]  gp : ffffffff81d6d100 tp : ff60000082fd3c00 t0 : ff6000008307fb30
> [    2.501802]  t1 : ffebfffefffef000 t2 : 0000000000000000 s0 : ff6000008307fa90
> [    2.502153]  s1 : 0000000000000004 a0 : 0000000000000010 a1 : 0000000000000004
> [    2.502493]  a2 : 0000000000000001 a3 : ffffffff801f3022 a4 : ff5ffffffff78000
> [    2.502842]  a5 : ffebfffefffef000 a6 : ffebfffefffef001 a7 : ff5ffffffff78003
> [    2.503197]  s2 : ff5ffffffff78000 s3 : 0000000000000000 s4 : ffffffff8159de88
> [    2.503545]  s5 : ff600001f7de99c0 s6 : ffffffff81d6e640 s7 : ffffffff81d78060
> [    2.503913]  s8 : ff60000080ffad38 s9 : ff5ffffffff78000 s10: 0000000000000008
> [    2.504465]  s11: 0000000000000010 t3 : 0000000000000000 t4 : ffebfffefffef000
> [    2.504860]  t5 : ffebfffefffef001 t6 : 0000000000000002
> [    2.505142] status: 0000000000000120 badaddr: ffebfffefffef000 cause: 000000000000000d
> [    2.505570] [<ffffffff801f3022>] pcpu_alloc+0x454/0x7d4
> [    2.505925] [<ffffffff801f33ce>] __alloc_percpu+0x14/0x1c
> [    2.506227] [<ffffffff800901bc>] __percpu_init_rwsem+0x1a/0x98
> [    2.506546] [<ffffffff8027f018>] alloc_super+0xfc/0x3da
> [    2.506837] [<ffffffff8027fefc>] sget_fc+0x90/0x2c4
> [    2.507116] [<ffffffff802808a2>] get_tree_nodev+0x24/0xa4
> [    2.507410] [<ffffffff801e2564>] shmem_get_tree+0x14/0x1c
> [    2.507705] [<ffffffff8027e840>] vfs_get_tree+0x3a/0x11a
> [    2.508009] [<ffffffff802b2b54>] path_mount+0x2f4/0xbd6
> [    2.508784] [<ffffffff802b3b2c>] sys_mount+0x1ae/0x26c
> [    2.509099] [<ffffffff80003b10>] ret_from_syscall+0x0/0x2
> [    2.509787] ---[ end trace 0000000000000000 ]---
>
> they're only showing up on the QEMU virt "-smp 8" (not "-smp 4").  I'm
> pretty confident there's some other bug lurking here and we've just
> happened to uncover it, and while I hate to drop parts of the config
> it's just too much of a headache to have a broken defconfig whih kasan
> enabled.
> ---
>  arch/riscv/configs/defconfig | 4 ----
>  1 file changed, 4 deletions(-)
>
> diff --git a/arch/riscv/configs/defconfig b/arch/riscv/configs/defconfig
> index aed332a9d4ea..3ae79af77806 100644
> --- a/arch/riscv/configs/defconfig
> +++ b/arch/riscv/configs/defconfig
> @@ -179,10 +179,6 @@ CONFIG_ROOT_NFS=y
>  CONFIG_9P_FS=y
>  CONFIG_NLS_CODEPAGE_437=y
>  CONFIG_NLS_ISO8859_1=m
> -CONFIG_SECURITY=y
> -CONFIG_SECURITY_SELINUX=y
> -CONFIG_SECURITY_APPARMOR=y
> -CONFIG_DEFAULT_SECURITY_DAC=y
>  CONFIG_CRYPTO_USER_API_HASH=y
>  CONFIG_CRYPTO_DEV_VIRTIO=y
>  CONFIG_PRINTK_TIME=y

Looks like this one has been fixed somewhere in Linus' tree already, so 
I'm dropping it.

More information about the linux-riscv mailing list