Re: WARNING in ion_ioctl

From: Laura Abbott
Date: Thu Jan 04 2018 - 14:01:14 EST


On 01/04/2018 06:13 AM, Dmitry Vyukov wrote:
On Thu, Jan 4, 2018 at 3:06 PM, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
On Thu, Jan 04, 2018 at 05:57:01AM -0800, syzbot wrote:
Hello,

syzkaller hit the following crash on
71ee203389f7cb1c1927eab22b95baa01405791c
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
compiler: gcc (GCC) 7.1.1 20170620
.config is attached
Raw console output is attached.
C reproducer is attached
syzkaller reproducer is attached. See https://goo.gl/kgGztJ
for information about syzkaller reproducers


IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+fa2d5f63ee5904a0115a@xxxxxxxxxxxxxxxxxxxxxxxxx
It will help syzbot understand when the bug is fixed. See footer for
details.
If you forward the report, please keep this part and the footer.

audit: type=1400 audit(1514734723.062:7): avc: denied { map } for
pid=3502 comm="syzkaller809746" path="/root/syzkaller809746698" dev="sda1"
ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
WARNING: CPU: 0 PID: 3502 at drivers/staging/android/ion/ion-ioctl.c:73
ion_ioctl+0x2db/0x380 drivers/staging/android/ion/ion-ioctl.c:73
Kernel panic - not syncing: panic_on_warn set ...

This is to be expected when you pass in a crappy ion ioctl structure.

So don't do that :)

Yeah, it's a harsh warning, but I think the userspace developers like it
to ensure they got their implementation correct.

After the warning is thrown, all keeps working just fine.

Hi Greg,

Or, don't do WARNINGs on EINVAL and do pr_warn instead, as useful but
also enables automated kernel testing with non-tainted reports, which
is kinda a useful property.


From past experience, pr_warn was too subtle for some developers but
I'm more interested in the fuzzing at this point so I'll see about
just switching it to a pr_warn_once.

Thanks,
Laura