Re: BUG: unable to handle kernel NULL pointer dereference in mem_serial_out
From: Greg KH
Date: Fri Dec 13 2019 - 16:48:52 EST
On Fri, Dec 13, 2019 at 11:31:08PM +0900, Tetsuo Handa wrote:
> On 2019/12/13 19:00, Dmitry Vyukov wrote:
> > Easier said than done. "normal user of the serial port" is not really
> > a thing in Linux, right? You either have CAP_SYS_ADMIN or not, that's
> > not per-device...
> > As far as I remember +Tetsuo proposed a config along the lines of
> > "restrict only things that legitimately cause damage under a fuzzer
> > workload", e.g. freezing filesystems, disabling console output, etc.
> > This may be another candidate. But I can't find where that proposal is
> > now.
>
> That suggestion got no response for two months.
>
> https://lkml.kernel.org/r/3e4e2b6b-7828-54ab-cf28-db1a396d7e20@xxxxxxxxxxxxxxxxxxx
>
> Unless we add such kernel config option to upstream kernels, it will become
> a whack-a-mole game.
It will be a whack-a-mole game no matter what.
Yes, /dev/mem/ makes no sense to fuzz. Neither does other things (like
serial port memory addresses.)
You just will have a list of things that you "do not fuzz as these are
dangerous". Nothing new here, any os will have that.
thanks,
greg k-h