[syzbot] WARNING in unsafe_follow_pfn

Jason Gunthorpe jgg at ziepe.ca
Tue Apr 13 18:11:45 UTC 2021


On Tue, Apr 13, 2021 at 07:20:12PM +0200, Dmitry Vyukov wrote:
> > > Plus users are going to be seeing this as well.  According to the commit
> > > message for 69bacee7f9ad ("mm: Add unsafe_follow_pfn") "Unfortunately
> > > there's some users where this is not fixable (like v4l userptr of iomem
> > > mappings)".  It sort of seems crazy to dump this giant splat and then
> > > tell users to ignore it forever because it can't be fixed...  0_0
> >
> > I think the discussion conclusion was that this interface should not
> > be used by userspace anymore, it is obsolete by some new interface?
> >
> > It should be protected by some kconfig and the kconfig should be
> > turned off for syzkaller runs.
> 
> If this is not a kernel bug, then it must not use WARN_ON[_ONCE]. It
> makes the kernel untestable for both automated systems and humans:

It is a kernel security bug triggerable by userspace.

> And if it's a kernel bug reachable from user-space, then I think this
> code should be removed entirely, not just on all testing systems. Or
> otherwise if we are not removing it for some reason, then it needs to
> be fixed.

Legacy embedded systems apparently require it.

It should be blocked by a kconfig. Distributions and syzkaller runs
should not enable that kconfig. What else can we do for insane uapi?

Jason



More information about the Linux-security-module-archive mailing list