- Linux-kselftest-mirror - lists.linaro.org

[PATCH] selftests/seccomp: Handle namespace failures gracefully

by Kees Cook

When running without USERNS or PIDNS the seccomp test would hang since it was waiting forever for the child to trigger the user notification since it seems the glibc() abort handler makes a call to getpid(), which would trap again. This changes the getpid filter to getppid, and makes sure ASSERTs execute to stop from spawning the listener. Reported-by: Shuah Khan <shuah(a)kernel.org> Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") Signed-off-by: Kees Cook <keescook(a)chromium.org> --- tools/testing/selftests/seccomp/seccomp_bpf.c | 43 ++++++++++--------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index f69d2ee29742..3a280b7efc87 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -3079,9 +3079,9 @@ TEST(user_notification_basic) /* Check that we get -ENOSYS with no listener attached */ if (pid == 0) { - if (user_trap_syscall(__NR_getpid, 0) < 0) + if (user_trap_syscall(__NR_getppid, 0) < 0) exit(1); - ret = syscall(__NR_getpid); + ret = syscall(__NR_getppid); exit(ret >= 0 || errno != ENOSYS); } @@ -3096,12 +3096,12 @@ TEST(user_notification_basic) EXPECT_EQ(seccomp(SECCOMP_SET_MODE_FILTER, 0, &prog), 0); /* Check that the basic notification machinery works */ - listener = user_trap_syscall(__NR_getpid, + listener = user_trap_syscall(__NR_getppid, SECCOMP_FILTER_FLAG_NEW_LISTENER); ASSERT_GE(listener, 0); /* Installing a second listener in the chain should EBUSY */ - EXPECT_EQ(user_trap_syscall(__NR_getpid, + EXPECT_EQ(user_trap_syscall(__NR_getppid, SECCOMP_FILTER_FLAG_NEW_LISTENER), -1); EXPECT_EQ(errno, EBUSY); @@ -3110,7 +3110,7 @@ TEST(user_notification_basic) ASSERT_GE(pid, 0); if (pid == 0) { - ret = syscall(__NR_getpid); + ret = syscall(__NR_getppid); exit(ret != USER_NOTIF_MAGIC); } @@ -3128,7 +3128,7 @@ TEST(user_notification_basic) EXPECT_GT(poll(&pollfd, 1, -1), 0); EXPECT_EQ(pollfd.revents, POLLOUT); - EXPECT_EQ(req.data.nr, __NR_getpid); + EXPECT_EQ(req.data.nr, __NR_getppid); resp.id = req.id; resp.error = 0; @@ -3160,7 +3160,7 @@ TEST(user_notification_kill_in_middle) TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!"); } - listener = user_trap_syscall(__NR_getpid, + listener = user_trap_syscall(__NR_getppid, SECCOMP_FILTER_FLAG_NEW_LISTENER); ASSERT_GE(listener, 0); @@ -3172,7 +3172,7 @@ TEST(user_notification_kill_in_middle) ASSERT_GE(pid, 0); if (pid == 0) { - ret = syscall(__NR_getpid); + ret = syscall(__NR_getppid); exit(ret != USER_NOTIF_MAGIC); } @@ -3282,7 +3282,7 @@ TEST(user_notification_closed_listener) TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!"); } - listener = user_trap_syscall(__NR_getpid, + listener = user_trap_syscall(__NR_getppid, SECCOMP_FILTER_FLAG_NEW_LISTENER); ASSERT_GE(listener, 0); @@ -3293,7 +3293,7 @@ TEST(user_notification_closed_listener) ASSERT_GE(pid, 0); if (pid == 0) { close(listener); - ret = syscall(__NR_getpid); + ret = syscall(__NR_getppid); exit(ret != -1 && errno != ENOSYS); } @@ -3316,14 +3316,15 @@ TEST(user_notification_child_pid_ns) ASSERT_EQ(unshare(CLONE_NEWUSER | CLONE_NEWPID), 0); - listener = user_trap_syscall(__NR_getpid, SECCOMP_FILTER_FLAG_NEW_LISTENER); + listener = user_trap_syscall(__NR_getppid, + SECCOMP_FILTER_FLAG_NEW_LISTENER); ASSERT_GE(listener, 0); pid = fork(); ASSERT_GE(pid, 0); if (pid == 0) - exit(syscall(__NR_getpid) != USER_NOTIF_MAGIC); + exit(syscall(__NR_getppid) != USER_NOTIF_MAGIC); EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req), 0); EXPECT_EQ(req.pid, pid); @@ -3355,7 +3356,8 @@ TEST(user_notification_sibling_pid_ns) TH_LOG("Kernel does not support PR_SET_NO_NEW_PRIVS!"); } - listener = user_trap_syscall(__NR_getpid, SECCOMP_FILTER_FLAG_NEW_LISTENER); + listener = user_trap_syscall(__NR_getppid, + SECCOMP_FILTER_FLAG_NEW_LISTENER); ASSERT_GE(listener, 0); pid = fork(); @@ -3368,7 +3370,7 @@ TEST(user_notification_sibling_pid_ns) ASSERT_GE(pid2, 0); if (pid2 == 0) - exit(syscall(__NR_getpid) != USER_NOTIF_MAGIC); + exit(syscall(__NR_getppid) != USER_NOTIF_MAGIC); EXPECT_EQ(waitpid(pid2, &status, 0), pid2); EXPECT_EQ(true, WIFEXITED(status)); @@ -3377,11 +3379,11 @@ TEST(user_notification_sibling_pid_ns) } /* Create the sibling ns, and sibling in it. */ - EXPECT_EQ(unshare(CLONE_NEWPID), 0); - EXPECT_EQ(errno, 0); + ASSERT_EQ(unshare(CLONE_NEWPID), 0); + ASSERT_EQ(errno, 0); pid2 = fork(); - EXPECT_GE(pid2, 0); + ASSERT_GE(pid2, 0); if (pid2 == 0) { ASSERT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, &req), 0); @@ -3389,7 +3391,7 @@ TEST(user_notification_sibling_pid_ns) * The pid should be 0, i.e. the task is in some namespace that * we can't "see". */ - ASSERT_EQ(req.pid, 0); + EXPECT_EQ(req.pid, 0); resp.id = req.id; resp.error = 0; @@ -3419,14 +3421,15 @@ TEST(user_notification_fault_recv) ASSERT_EQ(unshare(CLONE_NEWUSER), 0); - listener = user_trap_syscall(__NR_getpid, SECCOMP_FILTER_FLAG_NEW_LISTENER); + listener = user_trap_syscall(__NR_getppid, + SECCOMP_FILTER_FLAG_NEW_LISTENER); ASSERT_GE(listener, 0); pid = fork(); ASSERT_GE(pid, 0); if (pid == 0) - exit(syscall(__NR_getpid) != USER_NOTIF_MAGIC); + exit(syscall(__NR_getppid) != USER_NOTIF_MAGIC); /* Do a bad recv() */ EXPECT_EQ(ioctl(listener, SECCOMP_IOCTL_NOTIF_RECV, NULL), -1); -- 2.17.1 -- Kees Cook

6 years

3
3
0 0

[PATCH v11 00/14] arm64: untag user pointers passed to the kernel

by Andrey Konovalov

=== Overview arm64 has a feature called Top Byte Ignore, which allows to embed pointer tags into the top byte of each pointer. Userspace programs (such as HWASan, a memory debugging tool [1]) might use this feature and pass tagged user pointers to the kernel through syscalls or other interfaces. Right now the kernel is already able to handle user faults with tagged pointers, due to these patches: 1. 81cddd65 ("arm64: traps: fix userspace cache maintenance emulation on a tagged pointer") 2. 7dcd9dd8 ("arm64: hw_breakpoint: fix watchpoint matching for tagged pointers") 3. 276e9327 ("arm64: entry: improve data abort handling of tagged pointers") This patchset extends tagged pointer support to syscall arguments. As per the proposed ABI change [3], tagged pointers are only allowed to be passed to syscalls when they point to memory ranges obtained by anonymous mmap() or brk(). For non-memory syscalls this is done by untaging user pointers when the kernel performs pointer checking to find out whether the pointer comes from userspace (most notably in access_ok). The untagging is done only when the pointer is being checked, the tag is preserved as the pointer makes its way through the kernel and stays tagged when the kernel dereferences the pointer when perfoming user memory accesses. Memory syscalls (mmap, mprotect, etc.) don't do user memory accesses but rather deal with memory ranges, and untagged pointers are better suited to describe memory ranges internally. Thus for memory syscalls we untag pointers completely when they enter the kernel. === Other approaches One of the alternative approaches to untagging that was considered is to completely strip the pointer tag as the pointer enters the kernel with some kind of a syscall wrapper, but that won't work with the countless number of different ioctl calls. With this approach we would need a custom wrapper for each ioctl variation, which doesn't seem practical. An alternative approach to untagging pointers in memory syscalls prologues is to inspead allow tagged pointers to be passed to find_vma() (and other vma related functions) and untag them there. Unfortunately, a lot of find_vma() callers then compare or subtract the returned vma start and end fields against the pointer that was being searched. Thus this approach would still require changing all find_vma() callers. === Testing The following testing approaches has been taken to find potential issues with user pointer untagging: 1. Static testing (with sparse [2] and separately with a custom static analyzer based on Clang) to track casts of __user pointers to integer types to find places where untagging needs to be done. 2. Static testing with grep to find parts of the kernel that call find_vma() (and other similar functions) or directly compare against vm_start/vm_end fields of vma. 3. Static testing with grep to find parts of the kernel that compare user pointers with TASK_SIZE or other similar consts and macros. 4. Dynamic testing: adding BUG_ON(has_tag(addr)) to find_vma() and running a modified syzkaller version that passes tagged pointers to the kernel. Based on the results of the testing the requried patches have been added to the patchset. === Notes This patchset is meant to be merged together with "arm64 relaxed ABI" [3]. This patchset is a prerequisite for ARM's memory tagging hardware feature support [4]. This patchset has been merged into the Pixel 2 kernel tree and is now being used to enable testing of Pixel 2 phones with HWASan. Thanks! [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html [2] https://github.com/lucvoo/sparse-dev/commit/5f960cb10f56ec2017c128ef9d16060… [3] https://lkml.org/lkml/2018/12/10/402 [4] https://community.arm.com/processors/b/blog/posts/arm-a-profile-architectur… Changes in v11: - Added "uprobes, arm64: untag user pointers in find_active_uprobe" patch. - Added "bpf, arm64: untag user pointers in stack_map_get_build_id_offset" patch. - Fixed "tracing, arm64: untag user pointers in seq_print_user_ip" to correctly perform subtration with a tagged addr. - Moved untagged_addr() from SYSCALL_DEFINE3(mprotect) and SYSCALL_DEFINE4(pkey_mprotect) to do_mprotect_pkey(). - Moved untagged_addr() definition for other arches from include/linux/memory.h to include/linux/mm.h. - Changed untagging in strn*_user() to perform userspace accesses through tagged pointers. - Updated the documentation to mention that passing tagged pointers to memory syscalls is allowed. - Updated the test to use malloc'ed memory instead of stack memory. Changes in v10: - Added "mm, arm64: untag user pointers passed to memory syscalls" back. - New patch "fs, arm64: untag user pointers in fs/userfaultfd.c". - New patch "net, arm64: untag user pointers in tcp_zerocopy_receive". - New patch "kernel, arm64: untag user pointers in prctl_set_mm*". - New patch "tracing, arm64: untag user pointers in seq_print_user_ip". Changes in v9: - Rebased onto 4.20-rc6. - Used u64 instead of __u64 in type casts in the untagged_addr macro for arm64. - Added braces around (addr) in the untagged_addr macro for other arches. Changes in v8: - Rebased onto 65102238 (4.20-rc1). - Added a note to the cover letter on why syscall wrappers/shims that untag user pointers won't work. - Added a note to the cover letter that this patchset has been merged into the Pixel 2 kernel tree. - Documentation fixes, in particular added a list of syscalls that don't support tagged user pointers. Changes in v7: - Rebased onto 17b57b18 (4.19-rc6). - Dropped the "arm64: untag user address in __do_user_fault" patch, since the existing patches already handle user faults properly. - Dropped the "usb, arm64: untag user addresses in devio" patch, since the passed pointer must come from a vma and therefore be untagged. - Dropped the "arm64: annotate user pointers casts detected by sparse" patch (see the discussion to the replies of the v6 of this patchset). - Added more context to the cover letter. - Updated Documentation/arm64/tagged-pointers.txt. Changes in v6: - Added annotations for user pointer casts found by sparse. - Rebased onto 050cdc6c (4.19-rc1+). Changes in v5: - Added 3 new patches that add untagging to places found with static analysis. - Rebased onto 44c929e1 (4.18-rc8). Changes in v4: - Added a selftest for checking that passing tagged pointers to the kernel succeeds. - Rebased onto 81e97f013 (4.18-rc1+). Changes in v3: - Rebased onto e5c51f30 (4.17-rc6+). - Added linux-arch@ to the list of recipients. Changes in v2: - Rebased onto 2d618bdf (4.17-rc3+). - Removed excessive untagging in gup.c. - Removed untagging pointers returned from __uaccess_mask_ptr. Changes in v1: - Rebased onto 4.17-rc1. Changes in RFC v2: - Added "#ifndef untagged_addr..." fallback in linux/uaccess.h instead of defining it for each arch individually. - Updated Documentation/arm64/tagged-pointers.txt. - Dropped "mm, arm64: untag user addresses in memory syscalls". - Rebased onto 3eb2ce82 (4.16-rc7). Andrey Konovalov (14): uaccess: add untagged_addr definition for other arches arm64: untag user pointers in access_ok and __uaccess_mask_ptr lib, arm64: untag user pointers in strn*_user mm, arm64: untag user pointers passed to memory syscalls mm, arm64: untag user pointers in mm/gup.c fs, arm64: untag user pointers in copy_mount_options fs, arm64: untag user pointers in fs/userfaultfd.c net, arm64: untag user pointers in tcp_zerocopy_receive kernel, arm64: untag user pointers in prctl_set_mm* tracing, arm64: untag user pointers in seq_print_user_ip uprobes, arm64: untag user pointers in find_active_uprobe bpf, arm64: untag user pointers in stack_map_get_build_id_offset arm64: update Documentation/arm64/tagged-pointers.txt selftests, arm64: add a selftest for passing tagged pointers to kernel Documentation/arm64/tagged-pointers.txt | 18 +++++++--------- arch/arm64/include/asm/uaccess.h | 10 +++++---- fs/namespace.c | 2 +- fs/userfaultfd.c | 5 +++++ include/linux/mm.h | 4 ++++ ipc/shm.c | 2 ++ kernel/bpf/stackmap.c | 6 ++++-- kernel/events/uprobes.c | 2 ++ kernel/sys.c | 14 +++++++++++++ kernel/trace/trace_output.c | 5 +++-- lib/strncpy_from_user.c | 3 ++- lib/strnlen_user.c | 3 ++- mm/gup.c | 4 ++++ mm/madvise.c | 2 ++ mm/mempolicy.c | 5 +++++ mm/migrate.c | 1 + mm/mincore.c | 2 ++ mm/mlock.c | 5 +++++ mm/mmap.c | 7 +++++++ mm/mprotect.c | 1 + mm/mremap.c | 2 ++ mm/msync.c | 2 ++ net/ipv4/tcp.c | 2 ++ tools/testing/selftests/arm64/.gitignore | 1 + tools/testing/selftests/arm64/Makefile | 11 ++++++++++ .../testing/selftests/arm64/run_tags_test.sh | 12 +++++++++++ tools/testing/selftests/arm64/tags_test.c | 21 +++++++++++++++++++ 27 files changed, 131 insertions(+), 21 deletions(-) create mode 100644 tools/testing/selftests/arm64/.gitignore create mode 100644 tools/testing/selftests/arm64/Makefile create mode 100755 tools/testing/selftests/arm64/run_tags_test.sh create mode 100644 tools/testing/selftests/arm64/tags_test.c -- 2.21.0.360.g471c308f928-goog

6 years

8
36
0 0

next-20190412 kselftest results

by ci_notify＠linaro.org

Summary ------------------------------------------------------------------------ git repo: not informed git branch: not informed git commit: not informed git describe: not informed Test details: https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20190412 Regressions (compared to build next-20190411) ------------------------------------------------------------------------ No regressions Fixes (compared to build next-20190411) ------------------------------------------------------------------------ No fixes In total: ------------------------------------------------------------------------ Ran 0 total tests in the following environments and test suites. pass 0 fail 0 xfail 0 skip 0 Environments -------------- - dragonboard-410c - arm64 - hi6220-hikey - arm64 - i386 - juno-r2 - arm64 - x15 - arm - x86_64 Test Suites ----------- Failures ------------------------------------------------------------------------ dragonboard-410c: x86: hi6220-hikey: i386: x15: juno-r2: Skips ------------------------------------------------------------------------ No skips -- Linaro LKFT https://lkft.linaro.org

6 years

1
0
0 0

[PATCH] selftests/harness: Add 30 second timeout per test

by Kees Cook

In order to keep tests from hanging forever, this adds an alarm signal to each test run. This assumes an individual test doesn't take longer than 30 seconds. Signed-off-by: Kees Cook <keescook(a)chromium.org> --- tools/testing/selftests/kselftest_harness.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests/kselftest_harness.h b/tools/testing/selftests/kselftest_harness.h index 2d90c98eeb67..941d9391377f 100644 --- a/tools/testing/selftests/kselftest_harness.h +++ b/tools/testing/selftests/kselftest_harness.h @@ -696,6 +696,7 @@ void __run_test(struct __test_metadata *t) t->passed = 1; t->trigger = 0; printf("[ RUN ] %s\n", t->name); + alarm(30); child_pid = fork(); if (child_pid < 0) { printf("ERROR SPAWNING TEST CHILD\n"); @@ -744,6 +745,7 @@ void __run_test(struct __test_metadata *t) } } printf("[ %4s ] %s\n", (t->passed ? "OK" : "FAIL"), t->name); + alarm(0); } static int test_harness_run(int __attribute__((unused)) argc, -- 2.17.1 -- Kees Cook

6 years

1
0
0 0

[PATCH v3 bpf-next 0/4] L2 encap support for bpf_skb_adjust_room

by Alan Maguire

Extend bpf_skb_adjust_room growth to mark inner MAC header so that L2 encapsulation can be used for tc tunnels. Patch #1 extends the existing test_tc_tunnel to support UDP encapsulation; later we want to be able to test MPLS over UDP and MPLS over GRE encapsulation. Patch #2 adds the BPF_F_ADJ_ROOM_ENCAP_L2(len) macro, which allows specification of inner mac length. Other approaches were explored prior to taking this approach. Specifically, I tried automatically computing the inner mac length on the basis of the specified flags (so inner maclen for GRE/IPv4 encap is the len_diff specified to bpf_skb_adjust_room minus GRE + IPv4 header length for example). Problem with this is that we don't know for sure what form of GRE/UDP header we have; is it a full GRE header, or is it a FOU UDP header or generic UDP encap header? My fear here was we'd end up with an explosion of flags. The other approach tried was to support inner L2 header marking as a separate room adjustment, i.e. adjust for L3/L4 encap, then call bpf_skb_adjust_room for L2 encap. This can be made to work but because it imposed an order on operations, felt a bit clunky. Patch #3 syncs tools/ bpf.h. Patch #4 extends the tests again to support MPLSoverGRE, MPLSoverUDP, and transparent ethernet bridging (TEB) where the inner L2 header is an ethernet header. Testing of BPF encap against tunnels is done for cases where configuration of such tunnels is possible (MPLSoverGRE[6], MPLSoverUDP, gre[6]tap), and skipped otherwise. Testing of BPF encap/decap is always carried out. Changes since v2: - updated tools/testing/selftest/bpf/config with FOU/MPLS CONFIG variables (patches 1, 4) - reduced noise in patch 1 by avoiding unnecessary movement of code - eliminated inner_mac variable in bpf_skb_net_grow (patch 2) Changes since v1: - fixed formatting of commit references. - BPF_F_ADJ_ROOM_FIXED_GSO flag enabled on all variants (patch 1) - fixed fou6 options for UDP encap; checksum errors observed were due to the fact fou6 tunnel was not set up with correct ipproto options (41 -6). 0 checksums work fine (patch 1) - added definitions for mask and shift used in setting L2 length (patch 2) - allow udp encap with fixed GSO (patch 2) - changed "elen" to "l2_len" to be more descriptive (patch 4) Alan Maguire (4): selftests_bpf: extend test_tc_tunnel for UDP encap bpf: add layer 2 encap support to bpf_skb_adjust_room bpf: sync bpf.h to tools/ for BPF_F_ADJ_ROOM_ENCAP_L2 selftests_bpf: add L2 encap to test_tc_tunnel include/uapi/linux/bpf.h | 10 + net/core/filter.c | 12 +- tools/include/uapi/linux/bpf.h | 10 + tools/testing/selftests/bpf/config | 8 + tools/testing/selftests/bpf/progs/test_tc_tunnel.c | 321 +++++++++++++++++---- tools/testing/selftests/bpf/test_tc_tunnel.sh | 136 +++++++-- 6 files changed, 417 insertions(+), 80 deletions(-) -- 1.8.3.1

6 years

3
9
0 0

next-20190411 kselftest results

by ci_notify＠linaro.org

Summary ------------------------------------------------------------------------ git repo: not informed git branch: not informed git commit: not informed git describe: not informed Test details: https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20190411 Regressions (compared to build next-20190410) ------------------------------------------------------------------------ No regressions Fixes (compared to build next-20190410) ------------------------------------------------------------------------ No fixes In total: ------------------------------------------------------------------------ Ran 0 total tests in the following environments and test suites. pass 0 fail 0 xfail 0 skip 0 Environments -------------- - dragonboard-410c - arm64 - hi6220-hikey - arm64 - i386 - juno-r2 - arm64 - x15 - arm - x86_64 Test Suites ----------- Failures ------------------------------------------------------------------------ i386: x15: x86: dragonboard-410c: hi6220-hikey: juno-r2: Skips ------------------------------------------------------------------------ No skips -- Linaro LKFT https://lkft.linaro.org

6 years

1
0
0 0

secomp_bpf test hangs after global.user_notification_sibling_pid_ns

by shuah

Hi Kees, secomp_bpf test hangs after global.user_notification_sibling_pid_ns when a non-root user runs it on 5.1-rc4 I thought you fixed the problem with this commit: commit 3d244c192afeee7dd4f5fb1b916ea4e47420d401 Author: Kees Cook <keescook(a)chromium.org> Date: Wed Jan 16 16:35:25 2019 -0800 selftests/seccomp: Abort without user notification support seccomp_bpf.c:3380:global.user_notification_sibling_pid_ns:Expected unshare(CLONE_NEWPID) (18446744073709551615) == 0 (0) seccomp_bpf.c:3381:global.user_notification_sibling_pid_ns:Expected errno (1) == 0 (0) seccomp_bpf.c:3365:global.user_notification_sibling_pid_ns:Expected unshare(CLONE_NEWPID) (18446744073709551615) == 0 (0) seccomp_bpf.c:3392:global.user_notification_sibling_pid_ns:Expected req.pid (23610) == 0 (0) hangs right after the above message, root: [ RUN ] global.user_notification_sibling_pid_ns [ OK ] global.user_notification_sibling_pid_ns [ RUN ] global.user_notification_fault_recv [ OK ] global.user_notification_fault_recv [ RUN ] global.seccomp_get_notif_sizes [ OK ] global.seccomp_get_notif_sizes [==========] 74 / 74 tests passed. [ PASSED ] I would debug this myself, double edged sword of harness, makes it hard to debug:) Can you take a look. "make kselftest" just hangs now and doesn't complete. thanks, -- Shuah

6 years

2
1
0 0

next-20190410 kselftest results

by ci_notify＠linaro.org

Summary ------------------------------------------------------------------------ git repo: not informed git branch: not informed git commit: not informed git describe: not informed Test details: https://qa-reports.linaro.org/lkft/linux-next-oe/build/next-20190410 Regressions (compared to build next-20190409) ------------------------------------------------------------------------ No regressions Fixes (compared to build next-20190409) ------------------------------------------------------------------------ No fixes In total: ------------------------------------------------------------------------ Ran 0 total tests in the following environments and test suites. pass 0 fail 0 xfail 0 skip 0 Environments -------------- - dragonboard-410c - arm64 - hi6220-hikey - arm64 - i386 - juno-r2 - arm64 - x15 - arm - x86_64 Test Suites ----------- Failures ------------------------------------------------------------------------ dragonboard-410c: x15: i386: x86: juno-r2: hi6220-hikey: Skips ------------------------------------------------------------------------ No skips -- Linaro LKFT https://lkft.linaro.org

6 years

1
0
0 0

[PATCH] selftests/lib.mk: Move test output to diagnostic lines

by Kees Cook

This changes the selftest output is several ways: - total test count is reported at start. - each test's result is on a single line with "# SKIP" as needed per spec. - each test's output is prefixed with "# " as a "diagnostic line". This creates a bit of a kernel-specific TAP dialect where the diagnostics precede the results. The TAP spec isn't entirely clear about this, though, so I think it's the correct solution so as to keep interactive runs making sense. If the output _followed_ the result line in the spec-suggested YAML form, each test would dump all of its output at once instead of as it went, making debugging harder. This does, however, solve the recursive TAP output problem, as sub-tests will simply be prefixed by "# ". Parsing sub-tests becomes a simple problem of just removing the first two characters of a given top-level test's diagnostic output, and parsing the results. Note that the shell construct needed to both get an exit code from the first command in a pipe and still filter the pipe (to add the "# " prefix) uses a POSIX solution rather than the bash "pipefail" option which is not supported by dash. Example: $ tools/testing/selftests $ make --silent -C x86 run_tests TAP version 13 1..15 selftests: x86 # selftests: x86: single_step_syscall_64 # [RUN] Set TF and check nop # [OK] Survived with TF set and 9 traps # [RUN] Set TF and check syscall-less opportunistic sysret # [OK] Survived with TF set and 12 traps # [RUN] Set TF and check a fast syscall # [OK] Survived with TF set and 22 traps # [RUN] Fast syscall with TF cleared # [OK] Nothing unexpected happened ok 1 selftests: x86: single_step_syscall_64 # selftests: x86: sysret_ss_attrs_64 # [RUN] Syscalls followed by SS validation # [OK] We survived ok 2 selftests: x86: sysret_ss_attrs_64 # selftests: x86: syscall_nt_64 # [RUN] Set NT and issue a syscall # [OK] The syscall worked and flags are still set # [RUN] Set NT|TF and issue a syscall # [OK] The syscall worked and flags are still set ok 3 selftests: x86: syscall_nt_64 ...[skipping example output]... ok 15 selftests: x86: sysret_rip_64 $ make --silent -C x86 run_tests | tappy ............F.. ====================================================================== FAIL: <file=stream> selftests: x86: mov_ss_trap_64 ---------------------------------------------------------------------- ---------------------------------------------------------------------- Ran 15 tests in 0.000s FAILED (failures=1) Signed-off-by: Kees Cook <keescook(a)chromium.org> --- No longer RFC! :) --- tools/testing/selftests/lib.mk | 59 ++++++++++++++++++------------- tools/testing/selftests/prefix.pl | 23 ++++++++++++ 2 files changed, 57 insertions(+), 25 deletions(-) create mode 100755 tools/testing/selftests/prefix.pl diff --git a/tools/testing/selftests/lib.mk b/tools/testing/selftests/lib.mk index 8b0f16409ed7..d3267c08a7b1 100644 --- a/tools/testing/selftests/lib.mk +++ b/tools/testing/selftests/lib.mk @@ -5,6 +5,8 @@ CC := $(CROSS_COMPILE)gcc ifeq (0,$(MAKELEVEL)) OUTPUT := $(shell pwd) endif +testname = $(notdir $(shell pwd)) +selfdir = $(realpath $(dir $(filter %/lib.mk,$(MAKEFILE_LIST)))) # The following are built by lib.mk common compile rules. # TEST_CUSTOM_PROGS should be used by tests that require @@ -32,38 +34,45 @@ endif .ONESHELL: define RUN_TEST_PRINT_RESULT - TEST_HDR_MSG="selftests: "`basename $$PWD`:" $$BASENAME_TEST"; \ - echo $$TEST_HDR_MSG; \ - echo "========================================"; \ + TEST_HDR_MSG="selftests: $(testname): $$BASENAME_TEST"; \ if [ ! -x $$TEST ]; then \ - echo "$$TEST_HDR_MSG: Warning: file $$BASENAME_TEST is not executable, correct this.";\ - echo "not ok 1..$$test_num $$TEST_HDR_MSG [FAIL]"; \ - else \ - cd `dirname $$TEST` > /dev/null; \ - if [ "X$(summary)" != "X" ]; then \ - (./$$BASENAME_TEST > /tmp/$$BASENAME_TEST 2>&1 && \ - echo "ok 1..$$test_num $$TEST_HDR_MSG [PASS]") || \ - (if [ $$? -eq $$skip ]; then \ - echo "not ok 1..$$test_num $$TEST_HDR_MSG [SKIP]"; \ - else echo "not ok 1..$$test_num $$TEST_HDR_MSG [FAIL]"; \ - fi;) \ - else \ - (./$$BASENAME_TEST && \ - echo "ok 1..$$test_num $$TEST_HDR_MSG [PASS]") || \ - (if [ $$? -eq $$skip ]; then \ - echo "not ok 1..$$test_num $$TEST_HDR_MSG [SKIP]"; \ - else echo "not ok 1..$$test_num $$TEST_HDR_MSG [FAIL]"; \ - fi;) \ - fi; \ - cd - > /dev/null; \ + if [ "X$(summary)" = "X" ]; then \ + echo "# warning: 'file $$TEST is not executable, correct this.'";\ + fi; \ + echo "not ok $$test_num $$TEST_HDR_MSG"; \ + else \ + cd `dirname $$TEST` > /dev/null; \ + if [ "X$(summary)" != "X" ]; then \ + (./$$BASENAME_TEST > /tmp/$$BASENAME_TEST 2>&1 &&\ + echo "ok $$test_num $$TEST_HDR_MSG") || \ + (if [ $$? -eq $$skip ]; then \ + echo "not ok $$test_num $$TEST_HDR_MSG # SKIP"; \ + else \ + echo "not ok $$test_num $$TEST_HDR_MSG";\ + fi); \ + else \ + echo "# $$TEST_HDR_MSG"; \ + (((((stdbuf -i0 -o0 -e0 ./$$BASENAME_TEST 2>&1; echo $$? >&3) | \ + $(selfdir)/prefix.pl >&4) 3>&1) | \ + (read xs; exit $$xs)) 4>&1 && \ + echo "ok $$test_num $$TEST_HDR_MSG") || \ + (if [ $$? -eq $$skip ]; then \ + echo "not ok $$test_num $$TEST_HDR_MSG # SKIP"; \ + else \ + echo "not ok $$test_num $$TEST_HDR_MSG";\ + fi); \ + fi; \ + cd - > /dev/null; \ fi; endef define RUN_TESTS @export KSFT_TAP_LEVEL=`echo 1`; \ - test_num=`echo 0`; \ - skip=`echo 4`; \ + test_num=0; \ + total=`echo "$(1)" | wc -w`; \ + skip=4; \ echo "TAP version 13"; \ + echo "1..$$total selftests: $(testname)"; \ for TEST in $(1); do \ BASENAME_TEST=`basename $$TEST`; \ test_num=`echo $$test_num+1 | bc`; \ diff --git a/tools/testing/selftests/prefix.pl b/tools/testing/selftests/prefix.pl new file mode 100755 index 000000000000..ec7e48118183 --- /dev/null +++ b/tools/testing/selftests/prefix.pl @@ -0,0 +1,23 @@ +#!/usr/bin/perl +# SPDX-License-Identifier: GPL-2.0 +# Prefix all lines with "# ", unbuffered. Command being piped in may need +# to have unbuffering forced with "stdbuf -i0 -o0 -e0 $cmd". +use strict; + +binmode STDIN; +binmode STDOUT; + +STDOUT->autoflush(1); + +my $needed = 1; +while (1) { + my $char; + my $bytes = sysread(STDIN, $char, 1); + exit 0 if ($bytes == 0); + if ($needed) { + print "# "; + $needed = 0; + } + print $char; + $needed = 1 if ($char eq "\n"); +} -- 2.17.1 -- Kees Cook

6 years

2
5
0 0

[PATCH] kselftest/lkdtm: Create selftest driving scripts for LKDTM

by Kees Cook

This adds most of the non-system-crashing selftests that exist in LKDTM. The ones that leave the system in an unstable state are marked as "SKIP" in the test run. Since output can change based on architecture and other kernel configs, all output is reported during the tests. Example output: # cd tools/testing/selftests # make --silent -C lkdtm run_tests TAP version 13 1..64 selftests: lkdtm # selftests: lkdtm: PANIC.sh # PANIC: crashes entire system [SKIP] not ok 1 selftests: lkdtm: PANIC.sh # SKIP # selftests: lkdtm: BUG.sh # [19716.955023] lkdtm: Performing direct entry BUG # [19716.956236] ------------[ cut here ]------------ # [19716.957318] kernel BUG at drivers/misc/lkdtm/bugs.c:63! ... # BUG: saw 'call trace:': ok ok 2 selftests: lkdtm: BUG.sh ... Signed-off-by: Kees Cook <keescook(a)chromium.org> --- MAINTAINERS | 1 + tools/testing/selftests/lkdtm/.gitignore | 1 + tools/testing/selftests/lkdtm/Makefile | 11 +++ tools/testing/selftests/lkdtm/config | 1 + tools/testing/selftests/lkdtm/run.sh | 86 ++++++++++++++++++++++++ tools/testing/selftests/lkdtm/tests.txt | 64 ++++++++++++++++++ 6 files changed, 164 insertions(+) create mode 100644 tools/testing/selftests/lkdtm/.gitignore create mode 100644 tools/testing/selftests/lkdtm/Makefile create mode 100644 tools/testing/selftests/lkdtm/config create mode 100755 tools/testing/selftests/lkdtm/run.sh create mode 100644 tools/testing/selftests/lkdtm/tests.txt diff --git a/MAINTAINERS b/MAINTAINERS index 3e5a5d263f29..716d6f0fbd0c 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -8976,6 +8976,7 @@ LINUX KERNEL DUMP TEST MODULE (LKDTM) M: Kees Cook <keescook(a)chromium.org> S: Maintained F: drivers/misc/lkdtm/* +F: tools/testing/selftests/lkdtm/* LINUX KERNEL MEMORY CONSISTENCY MODEL (LKMM) M: Alan Stern <stern(a)rowland.harvard.edu> diff --git a/tools/testing/selftests/lkdtm/.gitignore b/tools/testing/selftests/lkdtm/.gitignore new file mode 100644 index 000000000000..09df4a4da272 --- /dev/null +++ b/tools/testing/selftests/lkdtm/.gitignore @@ -0,0 +1 @@ +[A-Z][A-Z]*.sh diff --git a/tools/testing/selftests/lkdtm/Makefile b/tools/testing/selftests/lkdtm/Makefile new file mode 100644 index 000000000000..f322d281fd8e --- /dev/null +++ b/tools/testing/selftests/lkdtm/Makefile @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0 +# Makefile for LKDTM regression tests + +include ../lib.mk + +# NOTE: $(OUTPUT) won't get default value if used before lib.mk +TEST_GEN_PROGS = $(patsubst %,$(OUTPUT)/%.sh,$(shell awk '{print $$1}' tests.txt | sed -e 's/\#//')) +all: $(TEST_GEN_PROGS) + +$(OUTPUT)/%: run.sh tests.txt + install -m 0744 run.sh $@ diff --git a/tools/testing/selftests/lkdtm/config b/tools/testing/selftests/lkdtm/config new file mode 100644 index 000000000000..d874990e442b --- /dev/null +++ b/tools/testing/selftests/lkdtm/config @@ -0,0 +1 @@ +CONFIG_LKDTM=y diff --git a/tools/testing/selftests/lkdtm/run.sh b/tools/testing/selftests/lkdtm/run.sh new file mode 100755 index 000000000000..a166b925c43d --- /dev/null +++ b/tools/testing/selftests/lkdtm/run.sh @@ -0,0 +1,86 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0 +# +# This reads tests.txt for the list of LKDTM tests to invoke. Any marked +# with a leading "#" are skipped. The line after the test name is either +# the text to look for in dmesg for a "success", or the rationale for why +# a test is marked to be skipped. +# +set -e +TRIGGER=/sys/kernel/debug/provoke-crash/DIRECT + +# Verify we have LKDTM available in the kernel. +if [ ! -r $TRIGGER ] ; then + /sbin/modprobe -q lkdtm || true + if [ ! -r $TRIGGER ] ; then + echo "Cannot find $TRIGGER (missing CONFIG_LKDTM?) [SKIP]" + else + echo "Cannot write $TRIGGER (need to run as root?) [SKIP]" + fi + # Skip this test + exit 4 +fi + +# Figure out which test to run from our script name. +test=$(basename $0 .sh) +# Look up details about the test from master list of LKDTM tests. +line=$(egrep '^#?'"$test"'\b' tests.txt) +if [ -z "$line" ]; then + echo "Missing test '$test' [SKIP]" + exit 4 +fi +# Check that the test is known to LKDTM. +if ! egrep -q '^'"$test"'$' "$TRIGGER" ; then + echo "'$test' missing in $TRIGGER! [SKIP]" + exit 4 +fi + +# Extract notes/expected output from test list. +test=$(echo "$line" | cut -d" " -f1) +if echo "$line" | grep -q ' ' ; then + expect=$(echo "$line" | cut -d" " -f2-) +else + expect="" +fi + +# If the test is commented out, report a skip +if echo "$test" | grep -q '^#' ; then + test=$(echo "$test" | cut -c2-) + if [ -z "$expect" ]; then + expect="crashes entire system" + fi + echo "$test: $expect [SKIP]" + exit 4 +fi + +# If no expected output given, assume an Oops with back trace is success. +if [ -z "$expect" ]; then + expect="call trace:" +fi + +# Clear out dmesg for output reporting +dmesg -c >/dev/null + +# Prepare log for report checking +LOG=$(mktemp --tmpdir -t lkdtm-XXXXXX) +cleanup() { + rm -f "$LOG" +} +trap cleanup EXIT + +# Most shells yell about signals and we're expecting the "cat" process +# to usually be killed by the kernel. So we have to run it in a sub-shell +# and silence errors. +($SHELL -c 'cat <(echo '"$test"') >'"$TRIGGER" 2>/dev/null) || true + +# Record and dump the results +dmesg -c >"$LOG" +cat "$LOG" +# Check for expected output +if grep -qi "$expect" "$LOG" ; then + echo "$test: saw '$expect': ok" + exit 0 +else + echo "$test: missing '$expect': [FAIL]" + exit 1 +fi diff --git a/tools/testing/selftests/lkdtm/tests.txt b/tools/testing/selftests/lkdtm/tests.txt new file mode 100644 index 000000000000..3ee43df87d71 --- /dev/null +++ b/tools/testing/selftests/lkdtm/tests.txt @@ -0,0 +1,64 @@ +#PANIC +BUG +WARNING +EXCEPTION +#LOOP Hangs the system +#EXHAUST_STACK Corrupts memory on failure +#CORRUPT_STACK Crashes entire system on success +#CORRUPT_STACK_STRONG Crashes entire system on success +CORRUPT_LIST_ADD +CORRUPT_LIST_DEL +CORRUPT_USER_DS +STACK_GUARD_PAGE_LEADING +STACK_GUARD_PAGE_TRAILING +UNALIGNED_LOAD_STORE_WRITE +#OVERWRITE_ALLOCATION Corrupts memory on failure +#WRITE_AFTER_FREE Corrupts memory on failure +READ_AFTER_FREE +#WRITE_BUDDY_AFTER_FREE Corrupts memory on failure +READ_BUDDY_AFTER_FREE +#SOFTLOCKUP Hangs the system +#HARDLOCKUP Hangs the system +#SPINLOCKUP Hangs the system +#HUNG_TASK Hangs the system +EXEC_DATA +EXEC_STACK +EXEC_KMALLOC +EXEC_VMALLOC +EXEC_RODATA +EXEC_USERSPACE +EXEC_NULL +ACCESS_USERSPACE +ACCESS_NULL +WRITE_RO +WRITE_RO_AFTER_INIT +WRITE_KERN +REFCOUNT_INC_OVERFLOW +REFCOUNT_ADD_OVERFLOW +REFCOUNT_INC_NOT_ZERO_OVERFLOW +REFCOUNT_ADD_NOT_ZERO_OVERFLOW +REFCOUNT_DEC_ZERO +REFCOUNT_DEC_NEGATIVE Negative detected: saturated +REFCOUNT_DEC_AND_TEST_NEGATIVE Negative detected: saturated +REFCOUNT_SUB_AND_TEST_NEGATIVE Negative detected: saturated +REFCOUNT_INC_ZERO +REFCOUNT_ADD_ZERO +REFCOUNT_INC_SATURATED Saturation detected: still saturated +REFCOUNT_DEC_SATURATED Saturation detected: still saturated +REFCOUNT_ADD_SATURATED Saturation detected: still saturated +REFCOUNT_INC_NOT_ZERO_SATURATED +REFCOUNT_ADD_NOT_ZERO_SATURATED +REFCOUNT_DEC_AND_TEST_SATURATED Saturation detected: still saturated +REFCOUNT_SUB_AND_TEST_SATURATED Saturation detected: still saturated +#REFCOUNT_TIMING timing only +#ATOMIC_TIMING timing only +USERCOPY_HEAP_SIZE_TO +USERCOPY_HEAP_SIZE_FROM +USERCOPY_HEAP_WHITELIST_TO +USERCOPY_HEAP_WHITELIST_FROM +USERCOPY_STACK_FRAME_TO +USERCOPY_STACK_FRAME_FROM +USERCOPY_STACK_BEYOND +USERCOPY_KERNEL +USERCOPY_KERNEL_DS +STACKLEAK_ERASING -- 2.17.1 -- Kees Cook

6 years

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror