github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/dashboard/config/linux/bits/base.yml (about) 1 # Copyright 2020 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 # Common config fragments required by syzbot for all kernels 5 6 # CONFIG_DEBUG_MEMORY was once added to mm tree and cause disabling of KASAN, 7 # which in turn caused storm of assorted crashes after silent memory corruptions. 8 # The config was reverted, but we keep it here for the case it is reintroduced to kernel again. 9 # CONFIG_TWIST_KERNEL_BEHAVIOR can be used to prevent fuzzers from trying stupid things. 10 # See https://github.com/google/syzkaller/issues/1622 for details. 11 # DEBUG_AID_FOR_SYZBOT can be used to enable any additional temporal debugging features in linux-next tree. 12 # It is kept in verbatim because it has for some reason disappeared from next-20220222. 13 verbatim: | 14 CONFIG_DEBUG_MEMORY=y 15 CONFIG_TWIST_KERNEL_BEHAVIOR=y 16 CONFIG_TWIST_FOR_SYZKALLER_TESTING=y 17 CONFIG_DEBUG_AID_FOR_SYZBOT=y 18 19 config: 20 # Required to enable some other configs we set. 21 - EXPERT 22 - DEBUG_KERNEL 23 24 # Continuous fuzzing is more important than breaking on warnings. 25 - WERROR: n 26 27 # panic=86400: prevents kernel from rebooting so that we don't get reboot output in all crash reports. 28 # Huge page overcommit is disabled by default, allowing some overcommit 29 # with vm.nr_overcommit_hugepages is intended to give more coverage. 30 # secretmem_enable enables memfd_secret syscall. 31 - CMDLINE: "earlyprintk=serial net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 ima_policy=tcb nf-conntrack-ftp.ports=20000 nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000 nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000 binder.debug_mask=0 rcupdate.rcu_expedited=1 rcupdate.rcu_cpu_stall_cputime=1 no_hash_pointers page_owner=on sysctl.vm.nr_hugepages=4 sysctl.vm.nr_overcommit_hugepages=4 secretmem.enable=1 sysctl.max_rcu_stall_to_panic=1 msr.allow_writes=off coredump_filter=0xffff" 32 33 # We don't need lots, but some configs set it to 2 which is too low. 34 - NR_CPUS: 8 35 36 # We slowdown execution significantly and there is no point in low latency under test. 37 - HZ_100 38 39 - RCU_TRACE: n 40 41 # KPROBES pollute coverage and needlessly slow down execution. 42 - KPROBES: n 43 # Slows down execution and sometimes fuzzer actually enables it. 44 - STACK_TRACER: n 45 - FUNCTION_TRACER: n 46 # Slows down execution. 47 - RETPOLINE: n 48 - PAGE_TABLE_ISOLATION: n 49 - LATENCYTOP: n 50 - SCHED_DEBUG: n 51 52 # Speeds up randomness initialization. 53 - HW_RANDOM 54 # Included as a module in Cuttlefish. 55 - HW_RANDOM_VIRTIO: [-cuttlefish] 56 - HW_RANDOM_INTEL: n 57 - HW_RANDOM_AMD: n 58 - HW_RANDOM_VIA: n 59 - RANDOM_TRUST_CPU: [-arm, -riscv, -v6.1] 60 - RANDOM_TRUST_BOOTLOADER: [v4.16, -v6.1] 61 62 # For detection of supported syscalls 63 - KALLSYMS 64 - KALLSYMS_ALL 65 - KALLSYMS_BASE_RELATIVE 66 67 # For namespace sandbox. 68 - NAMESPACES 69 - USER_NS 70 - UTS_NS 71 # Depends on CONFIG_SYSVIPC. 72 - IPC_NS: [optional] 73 - PID_NS 74 - NET_NS 75 76 # Control groups are needed for better sandboxing of test processes. 77 - CGROUP_PIDS 78 - MEMCG 79 80 # Debugging features (from kernel_configs.md, do not alpha sort). 81 - DEBUG_BUGVERBOSE 82 - PANIC_ON_OOPS 83 - PANIC_TIMEOUT: 86400 84 - SCHED_STACK_END_CHECK 85 - FORTIFY_SOURCE: [-riscv, -clang] 86 - HARDENED_USERCOPY 87 - HARDENED_USERCOPY_FALLBACK: [-v5.15] 88 - BUG_ON_DATA_CORRUPTION 89 # TODO: remove when https://github.com/google/syzkaller/issues/4504 is fixed. 90 - DEBUG_LIST: [-kmsan] 91 - DEBUG_STACKOVERFLOW: [-v5.0] 92 93 # CONFIG_DEBUG_PI_LIST was renamed to CONFIG_DEBUG_PLIST in 8e18faeac3e4. 94 - DEBUG_PLIST: [v5.2] 95 - DEBUG_PI_LIST: [-v5.2] 96 97 # CONFIG_REFCOUNT_FULL was removed in fb041bb7c0a9. 98 - REFCOUNT_FULL: [v4.16, -v5.5, -android-5.4] 99 # Added in 919067cc845f ("net: add CONFIG_PCPU_DEV_REFCNT") and should appear in v5.13. 100 - PCPU_DEV_REFCNT: [n, v5.13] 101 102 - NET_DEV_REFCNT_TRACKER: [v5.17] 103 - NET_NS_REFCNT_TRACKER: [v5.17] 104 105 - DEBUG_NET: [v5.19] 106 107 # This config does not add any debug checks (only debug output). 108 - DEBUG_KOBJECT: n 109 110 - DEBUG_INFO 111 # Our containers currently include toolchains that don't support DWARF5, 112 # but some default kernel configs and compilers (namely, clang) try to 113 # use DWARF5 by default. So we enable DWARF4 explicitly and don't 114 # enable DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT. 115 - DEBUG_INFO_DWARF4 116 # CONFIG_DEBUG_INFO_BTF breaks the build since 5.14 merge window: 117 # https://lkml.kernel.org/r/YOLzFecogWmdZ5Hc@infradead.org 118 - DEBUG_INFO_BTF: [-v5.13] 119 - DEBUG_INFO_REDUCED: n 120 121 # This should make behavior more deterministic. 122 - INIT_ON_ALLOC_DEFAULT_ON: [v4.16, -kmsan] 123 124 # KCOV slows down execution too much with KASAN_HW_TAGS and in qemu emulation in general. 125 # KCOV crashes on Arm: 126 # https://lore.kernel.org/linux-arm-kernel/20210119130010.GA2338@C02TD0UTHF1T.local/T/#m78fdfcc41ae831f91c93ad5dabe63f7ccfb482f0 127 # KCOV is not supported on s390 with our toolchain now, config depends on: 128 # (!ARCH_WANTS_NO_INSTR [=y] || STACK_VALIDATION [=n] || GCC_VERSION [=110200]>=120000 || CLANG_VERSION [=0]>=130000) 129 - KCOV: [-arm, -s390, -nokcov] 130 - KCOV_INSTRUMENT_ALL: [-arm, -s390, -nokcov] 131 # Doesn't boot with KCOV_ENABLE_COMPARISONS on Cuttlefish. 132 - KCOV_ENABLE_COMPARISONS: [-arm, -s390, -nokcov, -cuttlefish] 133 - DEBUG_FS 134 135 # Required for KCOV but also eliminates unnecessary non-determinism. 136 # For s390, it's always enabled after the `s390: always build relocatable kernel` commit. 137 - RELOCATABLE: [n, -s390] 138 - RANDOMIZE_BASE: n 139 140 # Print thread and CPU ids. 141 - PRINTK_CALLER 142 - PRINTK_TIME 143 # Some kernel oops'es are large. Largest observed for a stack overflow is ~42KB. 144 # There are 2 such buffers per CPU (safe and nmi), so this adds 128KB per CPU. 145 # The config was removed in "Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT". 146 - PRINTK_SAFE_LOG_BUF_SHIFT: [16, -v6.3] 147 148 # Fault injection. 149 - FAULT_INJECTION 150 - FAILSLAB 151 - FAIL_PAGE_ALLOC 152 - FAIL_MAKE_REQUEST 153 - FAIL_IO_TIMEOUT 154 - FAIL_FUTEX 155 - FAULT_INJECTION_DEBUG_FS 156 - FAULT_INJECTION_CONFIGFS: [v6.3] 157 - FAULT_INJECTION_USERCOPY: [v5.10] 158 159 # Options enabled to boot Debian Wheezy. 160 - DEVTMPFS 161 - DEVTMPFS_MOUNT 162 - INOTIFY_USER 163 - UEVENT_HELPER 164 - UEVENT_HELPER_PATH: "/sbin/hotplug" 165 166 # QEMU disk is usually on the generic PCI bus. 167 - PCI_HOST_GENERIC: [v4.16] 168 - OF: [v4.16] 169 170 # Options enabled to boot Debian Stretch. 171 - CONFIGFS_FS 172 - SECURITYFS 173 174 # More debugging info is always good. 175 - NMI_CHECK_CPU: [x86_64, v6.3] 176 177 # If syzkaller gets to /dev/{mem,kmem,ioport}, it will destroy the machine. 178 # It managed to do so with some mount's, chdir's and bogus file names. 179 # These are not needed for fuzzing, so completely disabling them is 180 # the simplest and the most reliable option. 181 - DEVMEM: n 182 - DEVKMEM: n 183 - DEVPORT: n 184 185 # Disable magic SysRq completely, as it can be reached over USB and through tty. 186 - MAGIC_SYSRQ: n 187 # We don't need it and it enables MAGIC_SYSRQ and KPROBES. 188 - KGDB: n 189 190 # Don't test/need this (may be enabled via HID_HYPERV_MOUSE in USB/HID configs). 191 - HYPERV: n 192 193 # Don't test/need this. 194 - XEN: n 195 196 # These are legacy gadget drivers that we don't reach/test and some of these break boot: 197 # https://github.com/google/syzkaller/pull/1975#issuecomment-712807462 198 - USB_G_NCM: n 199 - USB_G_SERIAL: n 200 - USB_G_PRINTER: n 201 - USB_G_NOKIA: n 202 - USB_G_ACM_MS: n 203 - USB_G_MULTI: n 204 - USB_G_HID: n 205 - USB_G_DBGP: n 206 - USB_G_WEBCAM: n 207 - USB_ZERO: n 208 - USB_AUDIO: n 209 - USB_ETH: n 210 - USB_FUNCTIONFS: n 211 - USB_MASS_STORAGE: n 212 - USB_GADGET_TARGET: n 213 - USB_MIDI_GADGET: n 214 - USB_CDC_COMPOSITE: n