[{"id":1775109,"web_url":"http://patchwork.ozlabs.org/comment/1775109/","msgid":"<20170925.201631.612115793478960027.davem@davemloft.net>","list_archive_url":null,"date":"2017-09-26T03:16:31","subject":"Re: [PATCH,v3,net-next 0/2] Improve code coverage of syzkaller ","submitter":{"id":15,"url":"http://patchwork.ozlabs.org/api/people/15/","name":"David Miller","email":"davem@davemloft.net"},"content":"From: Petar Penkov <peterpenkov96@gmail.com>\nDate: Fri, 22 Sep 2017 13:49:13 -0700\n\n> This patch series is intended to improve code coverage of syzkaller on\n> the early receive path, specifically including flow dissector, GRO,\n> and GRO with frags parts of the networking stack. Syzkaller exercises\n> the stack through the TUN driver and this is therefore where changes\n> reside. Current coverage through netif_receive_skb() is limited as it\n> does not touch on any of the aforementioned code paths. Furthermore,\n> for full coverage, it is necessary to have more flexibility over the\n> linear and non-linear data of the skbs.\n> \n> The following patches address this by providing the user(syzkaller)\n> with the ability to send via napi_gro_receive() and napi_gro_frags().\n> Additionally, syzkaller can specify how many fragments there are and\n> how much data per fragment there is. This is done by exploiting the\n> convenient structure of iovecs. Finally, this patch series adds\n> support for exercising the flow dissector during fuzzing.\n> \n> The code path including napi_gro_receive() can be enabled via the\n> IFF_NAPI flag.  The remainder of the changes in this patch series give\n> the user significantly more control over packets entering the kernel.\n> To avoid potential security vulnerabilities, hide the ability to send\n> custom skbs and the flow dissector code paths behind a\n> capable(CAP_NET_ADMIN) check to require special user privileges.\n> \n> Changes since v2 based on feedback from Willem de Bruijn and Mahesh\n> Bandewar:\n> \n> Patch 1/ No changes.\n> Patch 2/ Check if the preconditions for IFF_NAPI_FRAGS (IFF_NAPI and\n> \t IFF_TAP) are met before opening/attaching rather than after.\n> \t If they are not, change the behavior from discarding the\n> \t flag to rejecting the command with EINVAL.\n\nSeries applied, thank you.","headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3y1R201y7dz9t3F\n\tfor <patchwork-incoming@ozlabs.org>;\n\tTue, 26 Sep 2017 13:16:40 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S935805AbdIZDQf (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tMon, 25 Sep 2017 23:16:35 -0400","from shards.monkeyblade.net ([184.105.139.130]:40138 \"EHLO\n\tshards.monkeyblade.net\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S934832AbdIZDQe (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Mon, 25 Sep 2017 23:16:34 -0400","from localhost (74-93-104-102-Washington.hfc.comcastbusiness.net\n\t[74.93.104.102])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(Client did not present a certificate)\n\t(Authenticated sender: davem-davemloft)\n\tby shards.monkeyblade.net (Postfix) with ESMTPSA id D551212D8FCDD;\n\tMon, 25 Sep 2017 20:16:33 -0700 (PDT)"],"Date":"Mon, 25 Sep 2017 20:16:31 -0700 (PDT)","Message-Id":"<20170925.201631.612115793478960027.davem@davemloft.net>","To":"peterpenkov96@gmail.com","Cc":"netdev@vger.kernel.org, edumazet@google.com, maheshb@google.com,\n\twillemb@google.com, ppenkov@stanford.edu","Subject":"Re: [PATCH,v3,net-next 0/2] Improve code coverage of syzkaller ","From":"David Miller <davem@davemloft.net>","In-Reply-To":"<20170922204915.7889-1-peterpenkov96@gmail.com>","References":"<20170922204915.7889-1-peterpenkov96@gmail.com>","X-Mailer":"Mew version 6.7 on Emacs 25.3 / Mule 6.0 (HANACHIRUSATO)","Mime-Version":"1.0","Content-Type":"Text/Plain; charset=us-ascii","Content-Transfer-Encoding":"7bit","X-Greylist":"Sender succeeded SMTP AUTH, not delayed by\n\tmilter-greylist-4.5.12 (shards.monkeyblade.net\n\t[149.20.54.216]); Mon, 25 Sep 2017 20:16:34 -0700 (PDT)","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"}}]