[PATCH] tomoyo: Don't emit WARNING: string while fuzzing testing.

Tue May 7 20:54:09 UTC 2019

Here is updated description.

Commit cff0e6c3ec3e6230 ("tomoyo: Add a kernel config option for fuzzing
testing.") enabled the learning mode, but syzkaller is detecting any
"WARNING:" string as a crash. Thus, disable TOMOYO's quota warning if
built for fuzzing testing.

On 2019/05/08 1:49, Dmitry Vyukov wrote:
> From: James Morris <jmorris at namei.org>
> Date: Tue, May 7, 2019 at 6:45 PM
> To: Tetsuo Handa
> Cc: <linux-security-module at vger.kernel.org>, Dmitry Vyukov
> 
>> On Tue, 7 May 2019, Tetsuo Handa wrote:
>>
>>> Commit cff0e6c3ec3e6230 ("tomoyo: Add a kernel config option for fuzzing
>>> testing.") enabled the learning mode, and syzbot started crashing by
>>> encountering this warning message. Disable this warning if built for
>>> fuzzing testing; otherwise syzbot can't start fuzzing testing.
>>
>> syzbot crashed? Sounds like a bug in syzbot which should be fixed rather
>> than this approach.
> 
> syzbot did not crash, it detected this as kernel crash.
> 
>>> Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
>>> Cc: Dmitry Vyukov <dvyukov at google.com>
>>> ---
>>>  security/tomoyo/util.c | 2 ++
>>>  1 file changed, 2 insertions(+)
>>>
>>> diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
>>> index 0517cbd..52752e1 100644
>>> --- a/security/tomoyo/util.c
>>> +++ b/security/tomoyo/util.c
>>> @@ -1076,8 +1076,10 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
>>>               domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true;
>>>               /* r->granted = false; */
>>>               tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]);
>>> +#ifndef CONFIG_SECURITY_TOMOYO_INSECURE_BUILTIN_SETTING
>>>               pr_warn("WARNING: Domain '%s' has too many ACLs to hold. Stopped learning mode.\n",
>>>                       domain->domainname->name);
>>> +#endif
>>>       }
>>>       return false;
>>>  }
>>>
>>
>> --
>> James Morris
>> <jmorris at namei.org>
>>
> 