May 2022 - Linux-kselftest-mirror

[PATCH bpf 1/4] bpf_trace: check size for overflow in bpf_kprobe_multi_link_attach

by Eugene Syromiatnikov

Check that size would not overflow before calculation (and return -EOVERFLOW if it will), to prevent potential out-of-bounds write with the following copy_from_user. Add the same check to kprobe_multi_resolve_syms in case it will be called from elsewhere in the future. Fixes: 0dcac272540613d4 ("bpf: Add multi kprobe link") Signed-off-by: Eugene Syromiatnikov <esyr(a)redhat.com> --- kernel/trace/bpf_trace.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index d8553f4..e90c4ce7 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2358,6 +2358,8 @@ kprobe_multi_resolve_syms(const void __user *usyms, u32 cnt, unsigned int i; char *func; + if (check_mul_overflow(cnt, sizeof(*syms), &size)) + return -EOVERFLOW; size = cnt * sizeof(*syms); syms = kvzalloc(size, GFP_KERNEL); if (!syms) @@ -2429,6 +2431,8 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr if (!cnt) return -EINVAL; + if (check_mul_overflow(cnt, (u32)sizeof(*addrs), &size)) + return -EOVERFLOW; size = cnt * sizeof(*addrs); addrs = kvmalloc(size, GFP_KERNEL); if (!addrs) -- 2.1.4

2 years, 7 months

3
3
0 0

kselftest/next kselftest-seccomp: 5 runs, 4 regressions (v5.18-rc3-19-g15477b31db104)

by kernelci.org bot

kselftest/next kselftest-seccomp: 5 runs, 4 regressions (v5.18-rc3-19-g15477b31db104) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ----------------+-------+---------------+----------+------------------------------+------------ mt8173-elm-hana | arm64 | lab-collabora | gcc-10 | defconfig+kse...4-chromebook | 4 Details: https://kernelci.org/test/job/kselftest/branch/next/kernel/v5.18-rc3-19-g15… Test: kselftest-seccomp Tree: kselftest Branch: next Describe: v5.18-rc3-19-g15477b31db104 URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git SHA: 15477b31db104bc795dd1acccb3e9b89465fff01 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ----------------+-------+---------------+----------+------------------------------+------------ mt8173-elm-hana | arm64 | lab-collabora | gcc-10 | defconfig+kse...4-chromebook | 4 Details: https://kernelci.org/test/plan/id/6282d7eb9a301f44b48f57a4 Results: 87 PASS, 4 FAIL, 8 SKIP Full config: defconfig+kselftest+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//kselftest/next/v5.18-rc3-19-g15477b31db104/ar… HTML log: https://storage.kernelci.org//kselftest/next/v5.18-rc3-19-g15477b31db104/ar… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bullseye-kselftest/2022051… * kselftest-seccomp.seccomp_seccomp_bpf: https://kernelci.org/test/case/id/6282d7eb9a301f44b48f57a7 failing since 81 days (last pass: v5.17-rc1-2-g6d468898d774, first fail: v5.17-rc5-16-g1900be289b59) * kselftest-seccomp.seccomp_seccomp_bpf_TSYNC_two_siblings_with_one_divergence_no_tid_in_err: https://kernelci.org/test/case/id/6282d7eb9a301f44b48f57a8 failing since 81 days (last pass: v5.17-rc1-2-g6d468898d774, first fail: v5.17-rc5-16-g1900be289b59) * kselftest-seccomp.seccomp_seccomp_bpf_TSYNC_two_siblings_with_one_divergence: https://kernelci.org/test/case/id/6282d7eb9a301f44b48f57a9 failing since 81 days (last pass: v5.17-rc1-2-g6d468898d774, first fail: v5.17-rc5-16-g1900be289b59) * kselftest-seccomp.seccomp_seccomp_bpf_TSYNC_siblings_fail_prctl: https://kernelci.org/test/case/id/6282d7eb9a301f44b48f57ad failing since 81 days (last pass: v5.17-rc1-2-g6d468898d774, first fail: v5.17-rc5-16-g1900be289b59)

2 years, 7 months

1
0
0 0

kselftest/next kselftest-lkdtm: 5 runs, 1 regressions (v5.18-rc3-19-g15477b31db104)

by kernelci.org bot

kselftest/next kselftest-lkdtm: 5 runs, 1 regressions (v5.18-rc3-19-g15477b31db104) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ----------------+-------+---------------+----------+------------------------------+------------ mt8173-elm-hana | arm64 | lab-collabora | gcc-10 | defconfig+kse...4-chromebook | 1 Details: https://kernelci.org/test/job/kselftest/branch/next/kernel/v5.18-rc3-19-g15… Test: kselftest-lkdtm Tree: kselftest Branch: next Describe: v5.18-rc3-19-g15477b31db104 URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git SHA: 15477b31db104bc795dd1acccb3e9b89465fff01 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ----------------+-------+---------------+----------+------------------------------+------------ mt8173-elm-hana | arm64 | lab-collabora | gcc-10 | defconfig+kse...4-chromebook | 1 Details: https://kernelci.org/test/plan/id/6282d757748f68d69e8f5720 Results: 56 PASS, 8 FAIL, 26 SKIP Full config: defconfig+kselftest+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//kselftest/next/v5.18-rc3-19-g15477b31db104/ar… HTML log: https://storage.kernelci.org//kselftest/next/v5.18-rc3-19-g15477b31db104/ar… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bullseye-kselftest/2022051… * kselftest-lkdtm.lkdtm_READ_AFTER_FREE_sh: https://kernelci.org/test/case/id/6282d757748f68d69e8f575c failing since 41 days (last pass: v5.17-rc5-22-gf6d344cd5fa6, first fail: v5.18-rc1)

2 years, 7 months

1
0
0 0

[PATCH v2 1/1] selftests: vm: add process_mrelease tests

by Suren Baghdasaryan

Introduce process_mrelease syscall sanity tests which include tests which expect to fail: - process_mrelease with invalid pidfd and flags inputs - process_mrelease on a live process with no pending signals and valid process_mrelease usage which is expected to succeed. Because process_mrelease has to be used against a process with a pending SIGKILL, it's possible that the process exits before process_mrelease gets called. In such cases we retry the test with a victim that allocates twice more memory up to 1GB. This would require the victim process to spend more time during exit and process_mrelease has a better chance of catching the process before it exits and succeeding. On success the test reports the amount of memory the child had to allocate for reaping to succeed. Sample output: Success reaping a child with 1MB of memory allocations On failure the test reports the failure. Sample outputs: All process_mrelease attempts failed! process_mrelease: Invalid argument Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> --- tools/testing/selftests/vm/.gitignore | 1 + tools/testing/selftests/vm/Makefile | 1 + tools/testing/selftests/vm/mrelease_test.c | 214 +++++++++++++++++++++ tools/testing/selftests/vm/run_vmtests.sh | 16 ++ 4 files changed, 232 insertions(+) create mode 100644 tools/testing/selftests/vm/mrelease_test.c diff --git a/tools/testing/selftests/vm/.gitignore b/tools/testing/selftests/vm/.gitignore index d7507f3c7c76..c019e53f24f9 100644 --- a/tools/testing/selftests/vm/.gitignore +++ b/tools/testing/selftests/vm/.gitignore @@ -10,6 +10,7 @@ map_populate thuge-gen compaction_test mlock2-tests +mrelease_test mremap_dontunmap mremap_test on-fault-limit diff --git a/tools/testing/selftests/vm/Makefile b/tools/testing/selftests/vm/Makefile index 04a49e876a46..733fccbff0ef 100644 --- a/tools/testing/selftests/vm/Makefile +++ b/tools/testing/selftests/vm/Makefile @@ -43,6 +43,7 @@ TEST_GEN_FILES += map_populate TEST_GEN_FILES += memfd_secret TEST_GEN_FILES += mlock-random-test TEST_GEN_FILES += mlock2-tests +TEST_GEN_FILES += mrelease_test TEST_GEN_FILES += mremap_dontunmap TEST_GEN_FILES += mremap_test TEST_GEN_FILES += on-fault-limit diff --git a/tools/testing/selftests/vm/mrelease_test.c b/tools/testing/selftests/vm/mrelease_test.c new file mode 100644 index 000000000000..99680676069b --- /dev/null +++ b/tools/testing/selftests/vm/mrelease_test.c @@ -0,0 +1,214 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright 2022 Google LLC + */ +#define _GNU_SOURCE +#include <errno.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdlib.h> +#include <sys/wait.h> +#include <unistd.h> + +#include "util.h" + +#include "../kselftest.h" + +#if defined(__NR_pidfd_open) && defined(__NR_process_mrelease) + +static inline int pidfd_open(pid_t pid, unsigned int flags) +{ + return syscall(__NR_pidfd_open, pid, flags); +} + +static inline int process_mrelease(int pidfd, unsigned int flags) +{ + return syscall(__NR_process_mrelease, pidfd, flags); +} + +static void write_fault_pages(char *addr, unsigned long nr_pages) +{ + unsigned long i; + + for (i = 0; i < nr_pages; i++) + *((unsigned long *)(addr + (i * PAGE_SIZE))) = i; +} + +static int alloc_noexit(unsigned long nr_pages, int pipefd) +{ + int timeout = 10; /* 10sec timeout to get killed */ + int ppid = getppid(); + void *buf; + + buf = mmap(NULL, nr_pages * PAGE_SIZE, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANON, 0, 0); + if (buf == MAP_FAILED) { + perror("mmap failed, halting the test"); + return KSFT_FAIL; + } + + write_fault_pages((char *)buf, nr_pages); + + /* Signal the parent that the child is ready */ + if (write(pipefd, "", 1) < 0) { + perror("write"); + return KSFT_FAIL; + } + + /* Wait to be killed (when reparenting happens) */ + while (getppid() == ppid && timeout > 0) { + sleep(1); + timeout--; + } + + munmap(buf, nr_pages * PAGE_SIZE); + + return (timeout > 0) ? KSFT_PASS : KSFT_FAIL; +} + +/* The process_mrelease calls in this test are expected to fail */ +void run_negative_tests(int pidfd) +{ + /* Test invalid flags. Expect to fail with EINVAL error code. */ + if (!process_mrelease(pidfd, (unsigned int)-1) || errno != EINVAL) { + perror("process_mrelease with wrong flags"); + exit(KSFT_FAIL); + } + /* + * Test reaping while process is alive with no pending SIGKILL. + * Expect to fail with EINVAL error code. + */ + if (!process_mrelease(pidfd, 0) || errno != EINVAL) { + perror("process_mrelease on a live process"); + exit(KSFT_FAIL); + } +} + +#define MB(x) (x << 20) +#define MAX_SIZE_MB 1024 + +int main(void) +{ + int pipefd[2], pidfd; + bool success, retry; + size_t size; + pid_t pid; + char byte; + int res; + + /* Test a wrong pidfd */ + if (!process_mrelease(-1, 0) || errno != EBADF) { + perror("process_mrelease with wrong pidfd"); + exit(KSFT_FAIL); + } + + /* Start the test with 1MB child memory allocation */ + size = 1; +retry: + /* + * Pipe for the child to signal when it's done allocating + * memory + */ + if (pipe(pipefd)) { + perror("pipe"); + exit(KSFT_FAIL); + } + pid = fork(); + if (pid < 0) { + perror("fork"); + close(pipefd[0]); + close(pipefd[1]); + exit(KSFT_FAIL); + } + + if (pid == 0) { + /* + * Child main routine: + * Allocate and fault-in memory and wait to be killed + */ + close(pipefd[0]); + res = alloc_noexit(MB(size) / PAGE_SIZE, pipefd[1]); + close(pipefd[1]); + exit(res); + } + + /* + * Parent main routine: + * Wait for the child to finish allocations, then kill and reap + */ + close(pipefd[1]); + /* Block until the child is ready */ + res = read(pipefd[0], &byte, 1); + close(pipefd[0]); + if (res < 0) { + perror("read"); + if (!kill(pid, SIGKILL)) + waitpid(pid, NULL, 0); + exit(KSFT_FAIL); + } + + pidfd = pidfd_open(pid, 0); + if (pidfd < 0) { + perror("pidfd_open"); + if (!kill(pid, SIGKILL)) + waitpid(pid, NULL, 0); + exit(KSFT_FAIL); + } + + /* Run negative tests which require a live child */ + run_negative_tests(pidfd); + + if (kill(pid, SIGKILL)) { + perror("kill"); + exit(KSFT_FAIL); + } + + success = (process_mrelease(pidfd, 0) == 0); + if (!success) { + /* + * If we failed to reap because the child exited too soon, + * before we could call process_mrelease. Double child's memory + * which causes it to spend more time on cleanup and increases + * our chances of reaping its memory before it exits. + * Retry until we succeed or reach MAX_SIZE_MB. + */ + if (errno == ESRCH) { + retry = (size <= MAX_SIZE_MB); + } else { + perror("process_mrelease"); + waitpid(pid, NULL, 0); + exit(KSFT_FAIL); + } + } + + /* Cleanup to prevent zombies */ + if (waitpid(pid, NULL, 0) < 0) { + perror("waitpid"); + exit(KSFT_FAIL); + } + close(pidfd); + + if (!success) { + if (retry) { + size *= 2; + goto retry; + } + printf("All process_mrelease attempts failed!\n"); + exit(KSFT_FAIL); + } + + printf("Success reaping a child with %zuMB of memory allocations\n", + size); + return KSFT_PASS; +} + +#else /* defined(__NR_pidfd_open) && defined(__NR_process_mrelease) */ + +int main(int argc, char *argv[]) +{ + printf("skip: skipping process_mrelease test " \ + "(missing __NR_pidfd_open and/or __NR_process_mrelease)\n"); + return KSFT_SKIP; +} + +#endif /* defined(__NR_pidfd_open) && defined(__NR_process_mrelease) */ diff --git a/tools/testing/selftests/vm/run_vmtests.sh b/tools/testing/selftests/vm/run_vmtests.sh index 352ba00cf26b..1986162fea39 100755 --- a/tools/testing/selftests/vm/run_vmtests.sh +++ b/tools/testing/selftests/vm/run_vmtests.sh @@ -287,6 +287,22 @@ else echo "[PASS]" fi +echo "---------------------" +echo "running mrelease_test" +echo "---------------------" +./mrelease_test +ret_val=$? + +if [ $ret_val -eq 0 ]; then + echo "[PASS]" +elif [ $ret_val -eq $ksft_skip ]; then + echo "[SKIP]" + exitcode=$ksft_skip +else + echo "[FAIL]" + exitcode=1 +fi + echo "-------------------" echo "running mremap_test" echo "-------------------" -- 2.36.0.550.gb090851708-goog

2 years, 7 months

3
6
0 0

kselftest/next build: 8 builds: 0 failed, 8 passed (v5.18-rc3-19-g15477b31db104)

by kernelci.org bot

kselftest/next build: 8 builds: 0 failed, 8 passed (v5.18-rc3-19-g15477b31db104) Full Build Summary: https://kernelci.org/build/kselftest/branch/next/kernel/v5.18-rc3-19-g15477… Tree: kselftest Branch: next Git Describe: v5.18-rc3-19-g15477b31db104 Git Commit: 15477b31db104bc795dd1acccb3e9b89465fff01 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git Built: 4 unique architectures ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- defconfig+kselftest (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest (arm64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig+kselftest (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v7_defconfig+kselftest (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

2 years, 7 months

1
0
0 0

[PATCH bpf v2 4/4] bpf_trace: pass array of u64 values in kprobe_multi.addrs

by Eugene Syromiatnikov

With the interface as defined, it is impossible to pass 64-bit kernel addresses from a 32-bit userspace process in BPF_LINK_TYPE_KPROBE_MULTI, which severly limits the useability of the interface, change the ABI to accept an array of u64 values instead of (kernel? user?) longs. Interestingly, the rest of the libbpf infrastructure uses 64-bit values for kallsyms addresses already, so this patch also eliminates the sym_addr cast in tools/lib/bpf/libbpf.c:resolve_kprobe_multi_cb(). Fixes: 0dcac272540613d4 ("bpf: Add multi kprobe link") Fixes: 5117c26e877352bc ("libbpf: Add bpf_link_create support for multi kprobes") Fixes: ddc6b04989eb0993 ("libbpf: Add bpf_program__attach_kprobe_multi_opts function") Fixes: f7a11eeccb111854 ("selftests/bpf: Add kprobe_multi attach test") Fixes: 9271a0c7ae7a9147 ("selftests/bpf: Add attach test for bpf_program__attach_kprobe_multi_opts") Fixes: 2c6401c966ae1fbe ("selftests/bpf: Add kprobe_multi bpf_cookie test") Signed-off-by: Eugene Syromiatnikov <esyr(a)redhat.com> --- kernel/trace/bpf_trace.c | 25 ++++++++++++++++++---- tools/lib/bpf/bpf.h | 2 +- tools/lib/bpf/libbpf.c | 8 +++---- tools/lib/bpf/libbpf.h | 2 +- .../testing/selftests/bpf/prog_tests/bpf_cookie.c | 2 +- .../selftests/bpf/prog_tests/kprobe_multi_test.c | 8 +++---- 6 files changed, 32 insertions(+), 15 deletions(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 268c92b..a8a639a 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2413,7 +2413,7 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr void __user *ucookies; unsigned long *addrs; u32 flags, cnt, size, cookies_size; - void __user *uaddrs; + u64 __user *uaddrs; u64 *cookies = NULL; void __user *usyms; int err; @@ -2446,9 +2446,26 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr return -ENOMEM; if (uaddrs) { - if (copy_from_user(addrs, uaddrs, size)) { - err = -EFAULT; - goto error; + if (sizeof(*addrs) == sizeof(*uaddrs)) { + if (copy_from_user(addrs, uaddrs, size)) { + err = -EFAULT; + goto error; + } + } else { + u32 i; + u64 addr; + + for (i = 0; i < cnt; i++) { + if (get_user(addr, uaddrs + i)) { + err = -EFAULT; + goto error; + } + if (addr > ULONG_MAX) { + err = -EINVAL; + goto error; + } + addrs[i] = addr; + } } } else { err = kprobe_multi_resolve_syms(usyms, cnt, addrs); diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h index f4b4afb..f677602 100644 --- a/tools/lib/bpf/bpf.h +++ b/tools/lib/bpf/bpf.h @@ -417,7 +417,7 @@ struct bpf_link_create_opts { __u32 flags; __u32 cnt; const char **syms; - const unsigned long *addrs; + const __u64 *addrs; const __u64 *cookies; } kprobe_multi; }; diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 809fe20..03a14a6 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -10279,7 +10279,7 @@ static bool glob_match(const char *str, const char *pat) struct kprobe_multi_resolve { const char *pattern; - unsigned long *addrs; + __u64 *addrs; size_t cap; size_t cnt; }; @@ -10294,12 +10294,12 @@ resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type, if (!glob_match(sym_name, res->pattern)) return 0; - err = libbpf_ensure_mem((void **) &res->addrs, &res->cap, sizeof(unsigned long), + err = libbpf_ensure_mem((void **) &res->addrs, &res->cap, sizeof(__u64), res->cnt + 1); if (err) return err; - res->addrs[res->cnt++] = (unsigned long) sym_addr; + res->addrs[res->cnt++] = sym_addr; return 0; } @@ -10314,7 +10314,7 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog, }; struct bpf_link *link = NULL; char errmsg[STRERR_BUFSIZE]; - const unsigned long *addrs; + const __u64 *addrs; int err, link_fd, prog_fd; const __u64 *cookies; const char **syms; diff --git a/tools/lib/bpf/libbpf.h b/tools/lib/bpf/libbpf.h index 05dde85..ec1cb61 100644 --- a/tools/lib/bpf/libbpf.h +++ b/tools/lib/bpf/libbpf.h @@ -431,7 +431,7 @@ struct bpf_kprobe_multi_opts { /* array of function symbols to attach */ const char **syms; /* array of function addresses to attach */ - const unsigned long *addrs; + const __u64 *addrs; /* array of user-provided values fetchable through bpf_get_attach_cookie */ const __u64 *cookies; /* number of elements in syms/addrs/cookies arrays */ diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c b/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c index 923a613..5aa482a 100644 --- a/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c +++ b/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c @@ -137,7 +137,7 @@ static void kprobe_multi_link_api_subtest(void) cookies[6] = 7; cookies[7] = 8; - opts.kprobe_multi.addrs = (const unsigned long *) &addrs; + opts.kprobe_multi.addrs = (const __u64 *) &addrs; opts.kprobe_multi.cnt = ARRAY_SIZE(addrs); opts.kprobe_multi.cookies = (const __u64 *) &cookies; prog_fd = bpf_program__fd(skel->progs.test_kprobe); diff --git a/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c b/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c index b9876b5..fbf4cf2 100644 --- a/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c +++ b/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c @@ -105,7 +105,7 @@ static void test_link_api_addrs(void) GET_ADDR("bpf_fentry_test7", addrs[6]); GET_ADDR("bpf_fentry_test8", addrs[7]); - opts.kprobe_multi.addrs = (const unsigned long*) addrs; + opts.kprobe_multi.addrs = (const __u64 *) addrs; opts.kprobe_multi.cnt = ARRAY_SIZE(addrs); test_link_api(&opts); } @@ -183,7 +183,7 @@ static void test_attach_api_addrs(void) GET_ADDR("bpf_fentry_test7", addrs[6]); GET_ADDR("bpf_fentry_test8", addrs[7]); - opts.addrs = (const unsigned long *) addrs; + opts.addrs = (const __u64 *) addrs; opts.cnt = ARRAY_SIZE(addrs); test_attach_api(NULL, &opts); } @@ -241,7 +241,7 @@ static void test_attach_api_fails(void) goto cleanup; /* fail_2 - both addrs and syms set */ - opts.addrs = (const unsigned long *) addrs; + opts.addrs = (const __u64 *) addrs; opts.syms = syms; opts.cnt = ARRAY_SIZE(syms); opts.cookies = NULL; @@ -255,7 +255,7 @@ static void test_attach_api_fails(void) goto cleanup; /* fail_3 - pattern and addrs set */ - opts.addrs = (const unsigned long *) addrs; + opts.addrs = (const __u64 *) addrs; opts.syms = NULL; opts.cnt = ARRAY_SIZE(syms); opts.cookies = NULL; -- 2.1.4

2 years, 7 months

1
0
0 0

[PATCH bpf v2 3/4] bpf_trace: handle compat in kprobe_multi_resolve_syms

by Eugene Syromiatnikov

For compat processes, userspace pointer size is different. Since the copied array is iterated anyway, the simplest fix seems to be copy the user-supplied array as-is and the iterate as an array of native or compat pointers, depending on the in_compat_syscall() value. Fixes: 0dcac272540613d4 ("bpf: Add multi kprobe link") Signed-off-by: Eugene Syromiatnikov <esyr(a)redhat.com> --- kernel/trace/bpf_trace.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index bf5bcfb..268c92b 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2353,16 +2353,19 @@ kprobe_multi_resolve_syms(const void __user *usyms, u32 cnt, unsigned long *addrs) { unsigned long addr, sym_size; - u32 size; + u32 size, elem_size; const char __user **syms; + compat_uptr_t __user *compat_syms; int err = -ENOMEM; unsigned int i; char *func; - if (check_mul_overflow(cnt, (u32)sizeof(*syms), &size)) + elem_size = in_compat_syscall() ? sizeof(*compat_syms) : sizeof(*syms); + if (check_mul_overflow(cnt, elem_size, &size)) return -EOVERFLOW; - size = cnt * sizeof(*syms); + size = cnt * elem_size; syms = kvzalloc(size, GFP_KERNEL); + compat_syms = (void *)syms; if (!syms) return -ENOMEM; @@ -2376,7 +2379,10 @@ kprobe_multi_resolve_syms(const void __user *usyms, u32 cnt, } for (i = 0; i < cnt; i++) { - err = strncpy_from_user(func, syms[i], KSYM_NAME_LEN); + const char __user *ufunc = in_compat_syscall() + ? (char __user *)(uintptr_t)compat_syms[i] + : syms[i]; + err = strncpy_from_user(func, ufunc, KSYM_NAME_LEN); if (err == KSYM_NAME_LEN) err = -E2BIG; if (err < 0) -- 2.1.4

2 years, 7 months

1
0
0 0

[PATCH bpf v2 0/4] Fix 32-bit arch and compat support for the kprobe_multi attach type

by Eugene Syromiatnikov

As suggested in [1], the kprobe_multi interface is to be fixed for 32-bit architectures and compat, rather then disabled. As it turned out, there are a couple of additional problems that are to be addressed: - the absence of size overflow checks, leading to possible out-of-bounds writes (addressed by the first patch); - the assumption that long has the same size as u64, which would make cookies arrays size calculation incorrect on 32-bit architectures (addressed by the second patch); - the addrs array passing API, that is incompatible with compat and has to be changed (addressed in the fourth patch): those are kernel addresses and not user ones (as was incorrectly stated in [2]); this change is only semantical for 64-bit user/kernelspace, so it shouldn't impact ABI there, at least. [1] https://lore.kernel.org/lkml/CAADnVQ+2gwhcMht4PuDnDOFKY68Wsq8QFz4Y69NBX_TLa… [2] https://lore.kernel.org/lkml/20220510184155.GA8295@asgard.redhat.com/ v2: - Fixed the isses reported by CI v1: https://lore.kernel.org/lkml/20220516182657.GA28596@asgard.redhat.com/ Eugene Syromiatnikov (4): bpf_trace: check size for overflow in bpf_kprobe_multi_link_attach bpf_trace: support 32-bit kernels in bpf_kprobe_multi_link_attach bpf_trace: handle compat in kprobe_multi_resolve_syms bpf_trace: pass array of u64 values in kprobe_multi.addrs kernel/trace/bpf_trace.c | 62 ++++++++++++++++------ tools/lib/bpf/bpf.h | 2 +- tools/lib/bpf/libbpf.c | 8 +-- tools/lib/bpf/libbpf.h | 2 +- .../testing/selftests/bpf/prog_tests/bpf_cookie.c | 2 +- .../selftests/bpf/prog_tests/kprobe_multi_test.c | 8 +-- 6 files changed, 56 insertions(+), 28 deletions(-) -- 2.1.4

2 years, 7 months

1
0
0 0

[PATCH] kunit: fix executor OOM error handling logic on non-UML

by Daniel Latypov

The existing logic happens to work fine on UML, but is not correct when running on other arches. 1. We didn't initialize `int err`, and kunit_filter_suites() doesn't explicitly set it to 0 on success. So we had false "failures". Note: it doesn't happen on UML, causing this to get overlooked. 2. If we error out, we do not call kunit_handle_shutdown(). This makes kunit.py timeout when using a non-UML arch, since the QEMU process doesn't ever exit. Fixes: a02353f49162 ("kunit: bail out of test filtering logic quicker if OOM") Signed-off-by: Daniel Latypov <dlatypov(a)google.com> --- lib/kunit/executor.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/kunit/executor.c b/lib/kunit/executor.c index 2f73a6a35a7e..96f96e42ce06 100644 --- a/lib/kunit/executor.c +++ b/lib/kunit/executor.c @@ -247,13 +247,13 @@ int kunit_run_all_tests(void) .start = __kunit_suites_start, .end = __kunit_suites_end, }; - int err; + int err = 0; if (filter_glob_param) { suite_set = kunit_filter_suites(&suite_set, filter_glob_param, &err); if (err) { pr_err("kunit executor: error filtering suites: %d\n", err); - return err; + goto out; } } @@ -268,9 +268,10 @@ int kunit_run_all_tests(void) kunit_free_suite_set(suite_set); } - kunit_handle_shutdown(); - return 0; +out: + kunit_handle_shutdown(); + return err; } #if IS_BUILTIN(CONFIG_KUNIT_TEST) base-commit: 9660209d9418f2295d31fea0d32e313e9b2c1200 -- 2.36.0.550.gb090851708-goog

2 years, 7 months

2
1
0 0

[PATCH] kselftests/ir : Improve readability of modprobe error message

by Gautam Menghani

Improve the readability of error message which says module not found. The new behaviour is consistent with the modprobe command. Signed-off-by: Gautam Menghani <gautammenghani201(a)gmail.com> --- tools/testing/selftests/ir/ir_loopback.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/ir/ir_loopback.sh b/tools/testing/selftests/ir/ir_loopback.sh index b90dc9939f45..aff9299c9416 100755 --- a/tools/testing/selftests/ir/ir_loopback.sh +++ b/tools/testing/selftests/ir/ir_loopback.sh @@ -10,7 +10,7 @@ if [ $UID != 0 ]; then fi if ! /sbin/modprobe -q -n rc-loopback; then - echo "ir_loopback: module rc-loopback is not found [SKIP]" + echo "ir_loopback: module rc-loopback is not found in /lib/modules/`uname -r` [SKIP]" exit $ksft_skip fi -- 2.25.1

2 years, 7 months

2
1
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror May 2022