When the CONFIG_HOTPLUG_CPU is not set, there won't be a "hotplug"
directory in /sys/devices/system/cpu/. Make use of this fact to check
if we need to skip this test.
Signed-off-by: Po-Hsu Lin <po-hsu.lin(a)canonical.com>
---
tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh b/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
index 0d26b5e..27275a1 100755
--- a/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
+++ b/tools/testing/selftests/cpu-hotplug/cpu-on-off-test.sh
@@ -23,6 +23,11 @@ prerequisite()
exit $ksft_skip
fi
+ if [ ! -d $SYSFS/devices/system/cpu/hotplug/ ]; then
+ echo $msg CONFIG_HOTPLUG_CPU needs to be enabled >&2
+ exit $ksft_skip
+ fi
+
if ! ls $SYSFS/devices/system/cpu/cpu* > /dev/null 2>&1; then
echo $msg cpu hotplug is not supported >&2
exit $ksft_skip
--
2.7.4
The kernel can be configured to require kexec kernel images and kernel
modules are signed. An IMA policy can be specified on the boot command
line or a custom IMA policy loaded requiring the kexec kernel image and
kernel modules be signed. In addition, systems booted in secure boot
mode with the IMA architecture specific policy enabled, require validly
signed kexec kernel images and kernel modules.
There are two methods of signing kernel images and two methods of
signing kernel modules. In addition, there are two syscalls for each.
kernel image: PE signature, IMA signature
kexec syscalls: kexec_load, kexec_file_load
Both the PE and IMA kernel image signature can only be verified when
loaded via the kexec_file_load syscall.
kernel moodule: appended signature, IMA signature
kernel module syscalls: init_module, finit_module
The appended kernel module signature can be verified when the kernel
module is loaded via either syscall. The IMA kernel module signature
can only be verified when the kernel module is loaded via the
finit_module syscall.
The selftests in this patch set verify that only signed kernel images
and kernel modules are loaded as required, based on the kernel config,
the secure boot mode, and the IMA runtime policy.
Loading a kernel image or kernel module requires root privileges. To
run just the IMA selftests: sudo make TARGETS=ima kselftest
Mimi Zohar (5):
selftests/ima: cleanup the kexec selftest
selftests/ima: define a set of common functions
selftests/ima: define common logging functions
selftests/ima: kexec_file_load syscall test
selftests/ima: loading kernel modules
tools/testing/selftests/ima/Makefile | 3 +-
tools/testing/selftests/ima/common_lib.sh | 154 ++++++++++++++++
tools/testing/selftests/ima/test_kernel_module.sh | 96 ++++++++++
.../testing/selftests/ima/test_kexec_file_load.sh | 195 +++++++++++++++++++++
tools/testing/selftests/ima/test_kexec_load.sh | 53 ++----
5 files changed, 463 insertions(+), 38 deletions(-)
create mode 100755 tools/testing/selftests/ima/common_lib.sh
create mode 100755 tools/testing/selftests/ima/test_kernel_module.sh
create mode 100755 tools/testing/selftests/ima/test_kexec_file_load.sh
--
2.7.5
Hi Linus,
Please pull the following Kselftest update for Linux 5.1-rc1
This Kselftest update for Linux 5.1-rc1 consists of
- ir test compile warnings fixes
- seccomp test fixes and improvements from Tycho Andersen and Kees Cook
- ftrace fixes to non-POSIX-compliant constructs in colored output code
and handling absence of tput from Juerg Haefliger
diff is attached.
thanks,
-- Shuah
----------------------------------------------------------------
The following changes since commit d13937116f1e82bf508a6325111b322c30c85eb9:
Linux 5.0-rc6 (2019-02-10 14:42:20 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
tags/linux-kselftest-5.1-rc1
for you to fetch changes up to 0e27ded1159f62ab1a4e723796246bd5b1793b93:
selftests/ftrace: Handle the absence of tput (2019-02-25 07:48:01 -0700)
----------------------------------------------------------------
linux-kselftest-5.1-rc1
This Kselftest update for Linux 5.1-rc1 consists of
- ir test compile warnings fixes
- seccomp test fixes and improvements from Tycho Andersen and Kees Cook
- ftrace fixes to non-POSIX-compliant constructs in colored output code
and handling absence of tput from Juerg Haefliger
----------------------------------------------------------------
Juerg Haefliger (3):
selftests/ftrace: Replace echo -e with printf
selftests/ftrace: Replace \e with \033
selftests/ftrace: Handle the absence of tput
Kees Cook (2):
selftests/harness: Update named initializer syntax
selftests/seccomp: Actually sleep for 1/10th second
Shuah Khan (3):
selftests: ir: fix warning: "%s" directive output may be
truncated ’ directive output may be truncated
selftests: ir: skip when lirc device doesn't exist.
selftests: ir: skip when non-root user runs the test
Tycho Andersen (6):
selftests: don't kill child immediately in get_metadata() test
selftests: fix typo in seccomp_bpf.c
selftest: include stdio.h in kselftest.h
selftests: skip seccomp get_metadata test if not real root
selftests: set NO_NEW_PRIVS bit in seccomp user tests
selftests: unshare userns in seccomp pidns testcases
tools/testing/selftests/ftrace/ftracetest | 21 +++++++-----
tools/testing/selftests/ir/ir_loopback.c | 6 ++--
tools/testing/selftests/ir/ir_loopback.sh | 5 +++
tools/testing/selftests/kselftest.h | 1 +
tools/testing/selftests/kselftest_harness.h | 10 +++---
tools/testing/selftests/seccomp/seccomp_bpf.c | 47
+++++++++++++++++++++++----
6 files changed, 68 insertions(+), 22 deletions(-)
----------------------------------------------------------------
Atom-based CPUs trigger stack fault when invoke 32-bit SYSENTER instruction
with invalid register values. So we also need sigbus handling in this case.
Following is assembly when the fault expception happens.
(gdb) disassemble $eip
Dump of assembler code for function __kernel_vsyscall:
0xf7fd8fe0 <+0>: push %ecx
0xf7fd8fe1 <+1>: push %edx
0xf7fd8fe2 <+2>: push %ebp
0xf7fd8fe3 <+3>: mov %esp,%ebp
0xf7fd8fe5 <+5>: sysenter
0xf7fd8fe7 <+7>: int $0x80
=> 0xf7fd8fe9 <+9>: pop %ebp
0xf7fd8fea <+10>: pop %edx
0xf7fd8feb <+11>: pop %ecx
0xf7fd8fec <+12>: ret
End of assembler dump.
Accroding to Intel SDM, this could also be a Stack Segment Fault(#SS, 12),
except a normal Page Fault(#PF, 14). Especially, in section 6.9 of Vol.3A,
both stack and page faults are within the 10th(lowest priority) class, and
as it said, "exceptions within each class are implementation-dependent and
may vary from processor to processor". It's expected for processors like
Intel Atom to trigger stack fault(sigbus), while we get page fault(sigsegv)
from common Core processors.
Signed-off-by: Tong Bo <bo.tong(a)intel.com>
---
tools/testing/selftests/x86/syscall_arg_fault.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/x86/syscall_arg_fault.c b/tools/testing/selftests/x86/syscall_arg_fault.c
index 7db4fc9..38cd246 100644
--- a/tools/testing/selftests/x86/syscall_arg_fault.c
+++ b/tools/testing/selftests/x86/syscall_arg_fault.c
@@ -43,7 +43,7 @@ static sigjmp_buf jmpbuf;
static volatile sig_atomic_t n_errs;
-static void sigsegv(int sig, siginfo_t *info, void *ctx_void)
+static void sigsegv_or_sigbus(int sig, siginfo_t *info, void *ctx_void)
{
ucontext_t *ctx = (ucontext_t*)ctx_void;
@@ -73,7 +73,9 @@ int main()
if (sigaltstack(&stack, NULL) != 0)
err(1, "sigaltstack");
- sethandler(SIGSEGV, sigsegv, SA_ONSTACK);
+ sethandler(SIGSEGV, sigsegv_or_sigbus, SA_ONSTACK);
+ /* Atom CPUs may trigger sigbus for below SYSENTER exception case */
+ sethandler(SIGBUS, sigsegv_or_sigbus, SA_ONSTACK);
sethandler(SIGILL, sigill, SA_ONSTACK);
/*
--
2.7.4
This patchset is meant to be merged together with "arm64 relaxed ABI" [1].
arm64 has a feature called Top Byte Ignore, which allows to embed pointer
tags into the top byte of each pointer. Userspace programs (such as
HWASan, a memory debugging tool [2]) might use this feature and pass
tagged user pointers to the kernel through syscalls or other interfaces.
Right now the kernel is already able to handle user faults with tagged
pointers, due to these patches:
1. 81cddd65 ("arm64: traps: fix userspace cache maintenance emulation on a
tagged pointer")
2. 7dcd9dd8 ("arm64: hw_breakpoint: fix watchpoint matching for tagged
pointers")
3. 276e9327 ("arm64: entry: improve data abort handling of tagged
pointers")
This patchset extends tagged pointer support to syscall arguments.
For non-memory syscalls this is done by untaging user pointers when the
kernel performs pointer checking to find out whether the pointer comes
from userspace (most notably in access_ok). The untagging is done only
when the pointer is being checked, the tag is preserved as the pointer
makes its way through the kernel.
Since memory syscalls (mmap, mprotect, etc.) don't do memory accesses but
rather deal with memory ranges, untagged pointers are better suited to
describe memory ranges internally. Thus for memory syscalls we untag
pointers completely when they enter the kernel.
One of the alternative approaches to untagging that was considered is to
completely strip the pointer tag as the pointer enters the kernel with
some kind of a syscall wrapper, but that won't work with the countless
number of different ioctl calls. With this approach we would need a custom
wrapper for each ioctl variation, which doesn't seem practical.
The following testing approaches has been taken to find potential issues
with user pointer untagging:
1. Static testing (with sparse [3] and separately with a custom static
analyzer based on Clang) to track casts of __user pointers to integer
types to find places where untagging needs to be done.
2. Static testing with grep to find parts of the kernel that call
find_vma() (and other similar functions) or directly compare against
vm_start/vm_end fields of vma.
3. Static testing with grep to find parts of the kernel that compare
user pointers with TASK_SIZE or other similar consts and macros.
4. Dynamic testing: adding BUG_ON(has_tag(addr)) to find_vma() and running
a modified syzkaller version that passes tagged pointers to the kernel.
Based on the results of the testing the requried patches have been added
to the patchset.
This patchset has been merged into the Pixel 2 kernel tree and is now
being used to enable testing of Pixel 2 phones with HWASan.
This patchset is a prerequisite for ARM's memory tagging hardware feature
support [4].
Thanks!
[1] https://lkml.org/lkml/2018/12/10/402
[2] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html
[3] https://github.com/lucvoo/sparse-dev/commit/5f960cb10f56ec2017c128ef9d16060…
[4] https://community.arm.com/processors/b/blog/posts/arm-a-profile-architectur…
Changes in v10:
- Added "mm, arm64: untag user pointers passed to memory syscalls" back.
- New patch "fs, arm64: untag user pointers in fs/userfaultfd.c".
- New patch "net, arm64: untag user pointers in tcp_zerocopy_receive".
- New patch "kernel, arm64: untag user pointers in prctl_set_mm*".
- New patch "tracing, arm64: untag user pointers in seq_print_user_ip".
Changes in v9:
- Rebased onto 4.20-rc6.
- Used u64 instead of __u64 in type casts in the untagged_addr macro for
arm64.
- Added braces around (addr) in the untagged_addr macro for other arches.
Changes in v8:
- Rebased onto 65102238 (4.20-rc1).
- Added a note to the cover letter on why syscall wrappers/shims that untag
user pointers won't work.
- Added a note to the cover letter that this patchset has been merged into
the Pixel 2 kernel tree.
- Documentation fixes, in particular added a list of syscalls that don't
support tagged user pointers.
Changes in v7:
- Rebased onto 17b57b18 (4.19-rc6).
- Dropped the "arm64: untag user address in __do_user_fault" patch, since
the existing patches already handle user faults properly.
- Dropped the "usb, arm64: untag user addresses in devio" patch, since the
passed pointer must come from a vma and therefore be untagged.
- Dropped the "arm64: annotate user pointers casts detected by sparse"
patch (see the discussion to the replies of the v6 of this patchset).
- Added more context to the cover letter.
- Updated Documentation/arm64/tagged-pointers.txt.
Changes in v6:
- Added annotations for user pointer casts found by sparse.
- Rebased onto 050cdc6c (4.19-rc1+).
Changes in v5:
- Added 3 new patches that add untagging to places found with static
analysis.
- Rebased onto 44c929e1 (4.18-rc8).
Changes in v4:
- Added a selftest for checking that passing tagged pointers to the
kernel succeeds.
- Rebased onto 81e97f013 (4.18-rc1+).
Changes in v3:
- Rebased onto e5c51f30 (4.17-rc6+).
- Added linux-arch@ to the list of recipients.
Changes in v2:
- Rebased onto 2d618bdf (4.17-rc3+).
- Removed excessive untagging in gup.c.
- Removed untagging pointers returned from __uaccess_mask_ptr.
Changes in v1:
- Rebased onto 4.17-rc1.
Changes in RFC v2:
- Added "#ifndef untagged_addr..." fallback in linux/uaccess.h instead of
defining it for each arch individually.
- Updated Documentation/arm64/tagged-pointers.txt.
- Dropped "mm, arm64: untag user addresses in memory syscalls".
- Rebased onto 3eb2ce82 (4.16-rc7).
Reviewed-by: Luc Van Oostenryck <luc.vanoostenryck(a)gmail.com>
Signed-off-by: Andrey Konovalov <andreyknvl(a)google.com>
Andrey Konovalov (12):
uaccess: add untagged_addr definition for other arches
arm64: untag user pointers in access_ok and __uaccess_mask_ptr
lib, arm64: untag user pointers in strn*_user
mm, arm64: untag user pointers passed to memory syscalls
mm, arm64: untag user pointers in mm/gup.c
fs, arm64: untag user pointers in copy_mount_options
fs, arm64: untag user pointers in fs/userfaultfd.c
net, arm64: untag user pointers in tcp_zerocopy_receive
kernel, arm64: untag user pointers in prctl_set_mm*
tracing, arm64: untag user pointers in seq_print_user_ip
arm64: update Documentation/arm64/tagged-pointers.txt
selftests, arm64: add a selftest for passing tagged pointers to kernel
Documentation/arm64/tagged-pointers.txt | 25 +++++++++++--------
arch/arm64/include/asm/uaccess.h | 10 +++++---
fs/namespace.c | 2 +-
fs/userfaultfd.c | 5 ++++
include/linux/memory.h | 4 +++
ipc/shm.c | 2 ++
kernel/sys.c | 14 +++++++++++
kernel/trace/trace_output.c | 2 +-
lib/strncpy_from_user.c | 2 ++
lib/strnlen_user.c | 2 ++
mm/gup.c | 4 +++
mm/madvise.c | 2 ++
mm/mempolicy.c | 5 ++++
mm/migrate.c | 1 +
mm/mincore.c | 2 ++
mm/mlock.c | 5 ++++
mm/mmap.c | 7 ++++++
mm/mprotect.c | 2 ++
mm/mremap.c | 2 ++
mm/msync.c | 2 ++
net/ipv4/tcp.c | 2 ++
tools/testing/selftests/arm64/.gitignore | 1 +
tools/testing/selftests/arm64/Makefile | 11 ++++++++
.../testing/selftests/arm64/run_tags_test.sh | 12 +++++++++
tools/testing/selftests/arm64/tags_test.c | 19 ++++++++++++++
25 files changed, 129 insertions(+), 16 deletions(-)
create mode 100644 tools/testing/selftests/arm64/.gitignore
create mode 100644 tools/testing/selftests/arm64/Makefile
create mode 100755 tools/testing/selftests/arm64/run_tags_test.sh
create mode 100644 tools/testing/selftests/arm64/tags_test.c
--
2.21.0.rc0.258.g878e2cd30e-goog