- Linux-kselftest-mirror - lists.linaro.org

[PATCH v3 0/2] Dirtying, failing memop: don't indicate suppression

by Janis Schoetterl-Glausch

If a memop fails due to key checked protection, after already having written to the guest, don't indicate suppression to the guest, as that would imply that memory wasn't modified. This could be considered a fix to the code introducing storage key support, however this is a bug in KVM only if we emulate an instructions writing to an operand spanning multiple pages, which I don't believe we do. v2 -> v3 * tweak commit message * explicitly reset the protection code to 0 on termination * use variable to pass termination arg * add documentation * fix magic constant in selftest Given the changes I did not pick up the r-b's. v1 -> v2 * Reword commit message of patch 1 Janis Schoetterl-Glausch (2): KVM: s390: Don't indicate suppression on dirtying, failing memop KVM: s390: selftest: Test suppression indication on key prot exception Documentation/virt/kvm/api.rst | 6 +++ arch/s390/kvm/gaccess.c | 22 +++++++++-- tools/testing/selftests/kvm/s390x/memop.c | 46 ++++++++++++++++++++++- 3 files changed, 69 insertions(+), 5 deletions(-) Range-diff against v2: 1: b5725a836f1a ! 1: e1dae6522b22 KVM: s390: Don't indicate suppression on dirtying, failing memop @@ Commit message Instruction execution can end in different ways, one of which is suppression, which requires that the instruction execute like a no-op. A writing memop that spans multiple pages and fails due to key - protection can modified guest memory, as a result, the likely - correct ending is termination. Therefore do not indicate a + protection may have modified guest memory, as a result, the likely + correct ending is termination. Therefore, do not indicate a suppressing instruction ending in this case. Signed-off-by: Janis Schoetterl-Glausch <scgl(a)linux.ibm.com> + ## Documentation/virt/kvm/api.rst ## +@@ Documentation/virt/kvm/api.rst: in case of KVM_S390_MEMOP_F_CHECK_ONLY), the ioctl returns a positive + error number indicating the type of exception. This exception is also + raised directly at the corresponding VCPU if the flag + KVM_S390_MEMOP_F_INJECT_EXCEPTION is set. ++On protection exceptions, unless specified otherwise, the injected ++translation-exception identifier (TEID) indicates suppression. + + If the KVM_S390_MEMOP_F_SKEY_PROTECTION flag is set, storage key + protection is also in effect and may cause exceptions if accesses are + prohibited given the access key designated by "key"; the valid range is 0..15. + KVM_S390_MEMOP_F_SKEY_PROTECTION is available if KVM_CAP_S390_MEM_OP_EXTENSION + is > 0. ++Since the accessed memory may span multiple pages and those pages might have ++different storage keys, it is possible that a protection exception occurs ++after memory has been modified. In this case, if the exception is injected, ++the TEID does not indicate suppression. + + Absolute read/write: + ^^^^^^^^^^^^^^^^^^^^ + ## arch/s390/kvm/gaccess.c ## @@ arch/s390/kvm/gaccess.c: enum prot_type { PROT_TYPE_IEP = 4, @@ arch/s390/kvm/gaccess.c: enum prot_type { -static int trans_exc(struct kvm_vcpu *vcpu, int code, unsigned long gva, - u8 ar, enum gacc_mode mode, enum prot_type prot) +static int trans_exc_ending(struct kvm_vcpu *vcpu, int code, unsigned long gva, u8 ar, -+ enum gacc_mode mode, enum prot_type prot, bool suppress) ++ enum gacc_mode mode, enum prot_type prot, bool terminate) { struct kvm_s390_pgm_info *pgm = &vcpu->arch.pgm; struct trans_exc_code_bits *tec; @@ arch/s390/kvm/gaccess.c: static int trans_exc(struct kvm_vcpu *vcpu, int code, unsigned long gva, - - switch (code) { - case PGM_PROTECTION: -- switch (prot) { -- case PROT_TYPE_IEP: -- tec->b61 = 1; -- fallthrough; -- case PROT_TYPE_LA: -- tec->b56 = 1; -- break; -- case PROT_TYPE_KEYC: -- tec->b60 = 1; -- break; -- case PROT_TYPE_ALC: -- tec->b60 = 1; -- fallthrough; -- case PROT_TYPE_DAT: -- tec->b61 = 1; -- break; -+ if (suppress) { -+ switch (prot) { -+ case PROT_TYPE_IEP: -+ tec->b61 = 1; -+ fallthrough; -+ case PROT_TYPE_LA: -+ tec->b56 = 1; -+ break; -+ case PROT_TYPE_KEYC: -+ tec->b60 = 1; -+ break; -+ case PROT_TYPE_ALC: -+ tec->b60 = 1; -+ fallthrough; -+ case PROT_TYPE_DAT: -+ tec->b61 = 1; -+ break; -+ } + tec->b61 = 1; + break; } ++ if (terminate) { ++ tec->b56 = 0; ++ tec->b60 = 0; ++ tec->b61 = 0; ++ } fallthrough; case PGM_ASCE_TYPE: + case PGM_PAGE_TRANSLATION: @@ arch/s390/kvm/gaccess.c: static int trans_exc(struct kvm_vcpu *vcpu, int code, unsigned long gva, return code; } @@ arch/s390/kvm/gaccess.c: static int trans_exc(struct kvm_vcpu *vcpu, int code, u +static int trans_exc(struct kvm_vcpu *vcpu, int code, unsigned long gva, u8 ar, + enum gacc_mode mode, enum prot_type prot) +{ -+ return trans_exc_ending(vcpu, code, gva, ar, mode, prot, true); ++ return trans_exc_ending(vcpu, code, gva, ar, mode, prot, false); +} + static int get_vcpu_asce(struct kvm_vcpu *vcpu, union asce *asce, unsigned long ga, u8 ar, enum gacc_mode mode) { @@ arch/s390/kvm/gaccess.c: int access_guest_with_key(struct kvm_vcpu *vcpu, unsigned long ga, u8 ar, + data += fragment_len; ga = kvm_s390_logical_to_effective(vcpu, ga + fragment_len); } - if (rc > 0) +- if (rc > 0) - rc = trans_exc(vcpu, rc, ga, ar, mode, prot); -+ rc = trans_exc_ending(vcpu, rc, ga, ar, mode, prot, -+ (mode != GACC_STORE) || (idx == 0)); ++ if (rc > 0) { ++ bool terminate = (mode == GACC_STORE) && (idx > 0); ++ ++ rc = trans_exc_ending(vcpu, rc, ga, ar, mode, prot, terminate); ++ } out_unlock: if (need_ipte_lock) ipte_unlock(vcpu); 2: 434d96c63cb5 ! 2: d3a152fe6aec KVM: s390: selftest: Test suppression indication on key prot exception @@ Commit message Signed-off-by: Janis Schoetterl-Glausch <scgl(a)linux.ibm.com> ## tools/testing/selftests/kvm/s390x/memop.c ## +@@ + #include <string.h> + #include <sys/ioctl.h> + ++#include <linux/bits.h> ++ + #include "test_util.h" + #include "kvm_util.h" + @@ tools/testing/selftests/kvm/s390x/memop.c: static int err_memop_ioctl(struct test_vcpu vcpu, struct kvm_s390_mem_op *ksmo) #define SIDA_OFFSET(o) ._sida_offset = 1, .sida_offset = (o) #define AR(a) ._ar = 1, .ar = (a) @@ tools/testing/selftests/kvm/s390x/memop.c: static void test_errors_key(void) + struct test_default t = test_default_init(guest_error_key); + uint64_t prefix; + uint64_t teid; ++ uint64_t teid_mask = BIT(63 - 56) | BIT(63 - 60) | BIT(63 - 61); + uint64_t psw[2]; + + HOST_SYNC(t.vcpu, STAGE_INITED); @@ tools/testing/selftests/kvm/s390x/memop.c: static void test_errors_key(void) + HOST_SYNC(t.vcpu, STAGE_IDLED); + MOP(t.vm, ABSOLUTE, READ, &teid, sizeof(teid), GADDR(prefix + 168)); + /* Bits 56, 60, 61 form a code, 0 being the only one allowing for termination */ -+ ASSERT_EQ(teid & 0x4c, 0); ++ ASSERT_EQ(teid & teid_mask, 0); + + kvm_vm_free(t.kvm_vm); +} base-commit: c5eb0a61238dd6faf37f58c9ce61c9980aaffd7a -- 2.32.0

3 years, 4 months

2
3
0 0

[PATCH bpf v2 2/4] bpf_trace: support 32-bit kernels in bpf_kprobe_multi_link_attach

by Eugene Syromiatnikov

It seems that there is no reason not to support 32-bit architectures; doing so requires a bit of rework with respect to cookies handling, however, as the current code implicitly assumes that sizeof(long) == sizeof(u64). Signed-off-by: Eugene Syromiatnikov <esyr(a)redhat.com> --- kernel/trace/bpf_trace.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index f1d4e68..bf5bcfb 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2406,16 +2406,12 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr struct bpf_link_primer link_primer; void __user *ucookies; unsigned long *addrs; - u32 flags, cnt, size; + u32 flags, cnt, size, cookies_size; void __user *uaddrs; u64 *cookies = NULL; void __user *usyms; int err; - /* no support for 32bit archs yet */ - if (sizeof(u64) != sizeof(void *)) - return -EOPNOTSUPP; - if (prog->expected_attach_type != BPF_TRACE_KPROBE_MULTI) return -EINVAL; @@ -2425,6 +2421,7 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr uaddrs = u64_to_user_ptr(attr->link_create.kprobe_multi.addrs); usyms = u64_to_user_ptr(attr->link_create.kprobe_multi.syms); + ucookies = u64_to_user_ptr(attr->link_create.kprobe_multi.cookies); if (!!uaddrs == !!usyms) return -EINVAL; @@ -2432,8 +2429,11 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr if (!cnt) return -EINVAL; - if (check_mul_overflow(cnt, (u32)sizeof(*addrs), &size)) + if (check_mul_overflow(cnt, (u32)sizeof(*addrs), &size) || + (ucookies && + check_mul_overflow(cnt, (u32)sizeof(*cookies), &cookies_size))) { return -EOVERFLOW; + } size = cnt * sizeof(*addrs); addrs = kvmalloc(size, GFP_KERNEL); if (!addrs) @@ -2450,14 +2450,14 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr goto error; } - ucookies = u64_to_user_ptr(attr->link_create.kprobe_multi.cookies); if (ucookies) { - cookies = kvmalloc(size, GFP_KERNEL); + cookies_size = cnt * sizeof(*cookies); + cookies = kvmalloc(cookies_size, GFP_KERNEL); if (!cookies) { err = -ENOMEM; goto error; } - if (copy_from_user(cookies, ucookies, size)) { + if (copy_from_user(cookies, ucookies, cookies_size)) { err = -EFAULT; goto error; } -- 2.1.4

3 years, 4 months

2
1
0 0

[PATCH bpf v2 1/4] bpf_trace: check size for overflow in bpf_kprobe_multi_link_attach

by Eugene Syromiatnikov

Check that size would not overflow before calculation (and return -EOVERFLOW if it will), to prevent potential out-of-bounds write with the following copy_from_user. Add the same check to kprobe_multi_resolve_syms in case it will be called from elsewhere in the future. Fixes: 0dcac272540613d4 ("bpf: Add multi kprobe link") Signed-off-by: Eugene Syromiatnikov <esyr(a)redhat.com> --- kernel/trace/bpf_trace.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index d8553f4..f1d4e68 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2352,12 +2352,15 @@ static int kprobe_multi_resolve_syms(const void __user *usyms, u32 cnt, unsigned long *addrs) { - unsigned long addr, size; + unsigned long addr, sym_size; + u32 size; const char __user **syms; int err = -ENOMEM; unsigned int i; char *func; + if (check_mul_overflow(cnt, (u32)sizeof(*syms), &size)) + return -EOVERFLOW; size = cnt * sizeof(*syms); syms = kvzalloc(size, GFP_KERNEL); if (!syms) @@ -2382,9 +2385,9 @@ kprobe_multi_resolve_syms(const void __user *usyms, u32 cnt, addr = kallsyms_lookup_name(func); if (!addr) goto error; - if (!kallsyms_lookup_size_offset(addr, &size, NULL)) + if (!kallsyms_lookup_size_offset(addr, &sym_size, NULL)) goto error; - addr = ftrace_location_range(addr, addr + size - 1); + addr = ftrace_location_range(addr, addr + sym_size - 1); if (!addr) goto error; addrs[i] = addr; @@ -2429,6 +2432,8 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr if (!cnt) return -EINVAL; + if (check_mul_overflow(cnt, (u32)sizeof(*addrs), &size)) + return -EOVERFLOW; size = cnt * sizeof(*addrs); addrs = kvmalloc(size, GFP_KERNEL); if (!addrs) -- 2.1.4

3 years, 4 months

2
1
0 0

[PATCH bpf 1/4] bpf_trace: check size for overflow in bpf_kprobe_multi_link_attach

by Eugene Syromiatnikov

Check that size would not overflow before calculation (and return -EOVERFLOW if it will), to prevent potential out-of-bounds write with the following copy_from_user. Add the same check to kprobe_multi_resolve_syms in case it will be called from elsewhere in the future. Fixes: 0dcac272540613d4 ("bpf: Add multi kprobe link") Signed-off-by: Eugene Syromiatnikov <esyr(a)redhat.com> --- kernel/trace/bpf_trace.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index d8553f4..e90c4ce7 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2358,6 +2358,8 @@ kprobe_multi_resolve_syms(const void __user *usyms, u32 cnt, unsigned int i; char *func; + if (check_mul_overflow(cnt, sizeof(*syms), &size)) + return -EOVERFLOW; size = cnt * sizeof(*syms); syms = kvzalloc(size, GFP_KERNEL); if (!syms) @@ -2429,6 +2431,8 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr if (!cnt) return -EINVAL; + if (check_mul_overflow(cnt, (u32)sizeof(*addrs), &size)) + return -EOVERFLOW; size = cnt * sizeof(*addrs); addrs = kvmalloc(size, GFP_KERNEL); if (!addrs) -- 2.1.4

3 years, 4 months

3
3
0 0

kselftest/next kselftest-seccomp: 5 runs, 4 regressions (v5.18-rc3-19-g15477b31db104)

by kernelci.org bot

kselftest/next kselftest-seccomp: 5 runs, 4 regressions (v5.18-rc3-19-g15477b31db104) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ----------------+-------+---------------+----------+------------------------------+------------ mt8173-elm-hana | arm64 | lab-collabora | gcc-10 | defconfig+kse...4-chromebook | 4 Details: https://kernelci.org/test/job/kselftest/branch/next/kernel/v5.18-rc3-19-g15… Test: kselftest-seccomp Tree: kselftest Branch: next Describe: v5.18-rc3-19-g15477b31db104 URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git SHA: 15477b31db104bc795dd1acccb3e9b89465fff01 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ----------------+-------+---------------+----------+------------------------------+------------ mt8173-elm-hana | arm64 | lab-collabora | gcc-10 | defconfig+kse...4-chromebook | 4 Details: https://kernelci.org/test/plan/id/6282d7eb9a301f44b48f57a4 Results: 87 PASS, 4 FAIL, 8 SKIP Full config: defconfig+kselftest+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//kselftest/next/v5.18-rc3-19-g15477b31db104/ar… HTML log: https://storage.kernelci.org//kselftest/next/v5.18-rc3-19-g15477b31db104/ar… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bullseye-kselftest/2022051… * kselftest-seccomp.seccomp_seccomp_bpf: https://kernelci.org/test/case/id/6282d7eb9a301f44b48f57a7 failing since 81 days (last pass: v5.17-rc1-2-g6d468898d774, first fail: v5.17-rc5-16-g1900be289b59) * kselftest-seccomp.seccomp_seccomp_bpf_TSYNC_two_siblings_with_one_divergence_no_tid_in_err: https://kernelci.org/test/case/id/6282d7eb9a301f44b48f57a8 failing since 81 days (last pass: v5.17-rc1-2-g6d468898d774, first fail: v5.17-rc5-16-g1900be289b59) * kselftest-seccomp.seccomp_seccomp_bpf_TSYNC_two_siblings_with_one_divergence: https://kernelci.org/test/case/id/6282d7eb9a301f44b48f57a9 failing since 81 days (last pass: v5.17-rc1-2-g6d468898d774, first fail: v5.17-rc5-16-g1900be289b59) * kselftest-seccomp.seccomp_seccomp_bpf_TSYNC_siblings_fail_prctl: https://kernelci.org/test/case/id/6282d7eb9a301f44b48f57ad failing since 81 days (last pass: v5.17-rc1-2-g6d468898d774, first fail: v5.17-rc5-16-g1900be289b59)

3 years, 4 months

1
0
0 0

kselftest/next kselftest-lkdtm: 5 runs, 1 regressions (v5.18-rc3-19-g15477b31db104)

by kernelci.org bot

kselftest/next kselftest-lkdtm: 5 runs, 1 regressions (v5.18-rc3-19-g15477b31db104) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ----------------+-------+---------------+----------+------------------------------+------------ mt8173-elm-hana | arm64 | lab-collabora | gcc-10 | defconfig+kse...4-chromebook | 1 Details: https://kernelci.org/test/job/kselftest/branch/next/kernel/v5.18-rc3-19-g15… Test: kselftest-lkdtm Tree: kselftest Branch: next Describe: v5.18-rc3-19-g15477b31db104 URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git SHA: 15477b31db104bc795dd1acccb3e9b89465fff01 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ----------------+-------+---------------+----------+------------------------------+------------ mt8173-elm-hana | arm64 | lab-collabora | gcc-10 | defconfig+kse...4-chromebook | 1 Details: https://kernelci.org/test/plan/id/6282d757748f68d69e8f5720 Results: 56 PASS, 8 FAIL, 26 SKIP Full config: defconfig+kselftest+arm64-chromebook Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//kselftest/next/v5.18-rc3-19-g15477b31db104/ar… HTML log: https://storage.kernelci.org//kselftest/next/v5.18-rc3-19-g15477b31db104/ar… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bullseye-kselftest/2022051… * kselftest-lkdtm.lkdtm_READ_AFTER_FREE_sh: https://kernelci.org/test/case/id/6282d757748f68d69e8f575c failing since 41 days (last pass: v5.17-rc5-22-gf6d344cd5fa6, first fail: v5.18-rc1)

3 years, 4 months

1
0
0 0

[PATCH v2 1/1] selftests: vm: add process_mrelease tests

by Suren Baghdasaryan

Introduce process_mrelease syscall sanity tests which include tests which expect to fail: - process_mrelease with invalid pidfd and flags inputs - process_mrelease on a live process with no pending signals and valid process_mrelease usage which is expected to succeed. Because process_mrelease has to be used against a process with a pending SIGKILL, it's possible that the process exits before process_mrelease gets called. In such cases we retry the test with a victim that allocates twice more memory up to 1GB. This would require the victim process to spend more time during exit and process_mrelease has a better chance of catching the process before it exits and succeeding. On success the test reports the amount of memory the child had to allocate for reaping to succeed. Sample output: Success reaping a child with 1MB of memory allocations On failure the test reports the failure. Sample outputs: All process_mrelease attempts failed! process_mrelease: Invalid argument Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> --- tools/testing/selftests/vm/.gitignore | 1 + tools/testing/selftests/vm/Makefile | 1 + tools/testing/selftests/vm/mrelease_test.c | 214 +++++++++++++++++++++ tools/testing/selftests/vm/run_vmtests.sh | 16 ++ 4 files changed, 232 insertions(+) create mode 100644 tools/testing/selftests/vm/mrelease_test.c diff --git a/tools/testing/selftests/vm/.gitignore b/tools/testing/selftests/vm/.gitignore index d7507f3c7c76..c019e53f24f9 100644 --- a/tools/testing/selftests/vm/.gitignore +++ b/tools/testing/selftests/vm/.gitignore @@ -10,6 +10,7 @@ map_populate thuge-gen compaction_test mlock2-tests +mrelease_test mremap_dontunmap mremap_test on-fault-limit diff --git a/tools/testing/selftests/vm/Makefile b/tools/testing/selftests/vm/Makefile index 04a49e876a46..733fccbff0ef 100644 --- a/tools/testing/selftests/vm/Makefile +++ b/tools/testing/selftests/vm/Makefile @@ -43,6 +43,7 @@ TEST_GEN_FILES += map_populate TEST_GEN_FILES += memfd_secret TEST_GEN_FILES += mlock-random-test TEST_GEN_FILES += mlock2-tests +TEST_GEN_FILES += mrelease_test TEST_GEN_FILES += mremap_dontunmap TEST_GEN_FILES += mremap_test TEST_GEN_FILES += on-fault-limit diff --git a/tools/testing/selftests/vm/mrelease_test.c b/tools/testing/selftests/vm/mrelease_test.c new file mode 100644 index 000000000000..99680676069b --- /dev/null +++ b/tools/testing/selftests/vm/mrelease_test.c @@ -0,0 +1,214 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright 2022 Google LLC + */ +#define _GNU_SOURCE +#include <errno.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdlib.h> +#include <sys/wait.h> +#include <unistd.h> + +#include "util.h" + +#include "../kselftest.h" + +#if defined(__NR_pidfd_open) && defined(__NR_process_mrelease) + +static inline int pidfd_open(pid_t pid, unsigned int flags) +{ + return syscall(__NR_pidfd_open, pid, flags); +} + +static inline int process_mrelease(int pidfd, unsigned int flags) +{ + return syscall(__NR_process_mrelease, pidfd, flags); +} + +static void write_fault_pages(char *addr, unsigned long nr_pages) +{ + unsigned long i; + + for (i = 0; i < nr_pages; i++) + *((unsigned long *)(addr + (i * PAGE_SIZE))) = i; +} + +static int alloc_noexit(unsigned long nr_pages, int pipefd) +{ + int timeout = 10; /* 10sec timeout to get killed */ + int ppid = getppid(); + void *buf; + + buf = mmap(NULL, nr_pages * PAGE_SIZE, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANON, 0, 0); + if (buf == MAP_FAILED) { + perror("mmap failed, halting the test"); + return KSFT_FAIL; + } + + write_fault_pages((char *)buf, nr_pages); + + /* Signal the parent that the child is ready */ + if (write(pipefd, "", 1) < 0) { + perror("write"); + return KSFT_FAIL; + } + + /* Wait to be killed (when reparenting happens) */ + while (getppid() == ppid && timeout > 0) { + sleep(1); + timeout--; + } + + munmap(buf, nr_pages * PAGE_SIZE); + + return (timeout > 0) ? KSFT_PASS : KSFT_FAIL; +} + +/* The process_mrelease calls in this test are expected to fail */ +void run_negative_tests(int pidfd) +{ + /* Test invalid flags. Expect to fail with EINVAL error code. */ + if (!process_mrelease(pidfd, (unsigned int)-1) || errno != EINVAL) { + perror("process_mrelease with wrong flags"); + exit(KSFT_FAIL); + } + /* + * Test reaping while process is alive with no pending SIGKILL. + * Expect to fail with EINVAL error code. + */ + if (!process_mrelease(pidfd, 0) || errno != EINVAL) { + perror("process_mrelease on a live process"); + exit(KSFT_FAIL); + } +} + +#define MB(x) (x << 20) +#define MAX_SIZE_MB 1024 + +int main(void) +{ + int pipefd[2], pidfd; + bool success, retry; + size_t size; + pid_t pid; + char byte; + int res; + + /* Test a wrong pidfd */ + if (!process_mrelease(-1, 0) || errno != EBADF) { + perror("process_mrelease with wrong pidfd"); + exit(KSFT_FAIL); + } + + /* Start the test with 1MB child memory allocation */ + size = 1; +retry: + /* + * Pipe for the child to signal when it's done allocating + * memory + */ + if (pipe(pipefd)) { + perror("pipe"); + exit(KSFT_FAIL); + } + pid = fork(); + if (pid < 0) { + perror("fork"); + close(pipefd[0]); + close(pipefd[1]); + exit(KSFT_FAIL); + } + + if (pid == 0) { + /* + * Child main routine: + * Allocate and fault-in memory and wait to be killed + */ + close(pipefd[0]); + res = alloc_noexit(MB(size) / PAGE_SIZE, pipefd[1]); + close(pipefd[1]); + exit(res); + } + + /* + * Parent main routine: + * Wait for the child to finish allocations, then kill and reap + */ + close(pipefd[1]); + /* Block until the child is ready */ + res = read(pipefd[0], &byte, 1); + close(pipefd[0]); + if (res < 0) { + perror("read"); + if (!kill(pid, SIGKILL)) + waitpid(pid, NULL, 0); + exit(KSFT_FAIL); + } + + pidfd = pidfd_open(pid, 0); + if (pidfd < 0) { + perror("pidfd_open"); + if (!kill(pid, SIGKILL)) + waitpid(pid, NULL, 0); + exit(KSFT_FAIL); + } + + /* Run negative tests which require a live child */ + run_negative_tests(pidfd); + + if (kill(pid, SIGKILL)) { + perror("kill"); + exit(KSFT_FAIL); + } + + success = (process_mrelease(pidfd, 0) == 0); + if (!success) { + /* + * If we failed to reap because the child exited too soon, + * before we could call process_mrelease. Double child's memory + * which causes it to spend more time on cleanup and increases + * our chances of reaping its memory before it exits. + * Retry until we succeed or reach MAX_SIZE_MB. + */ + if (errno == ESRCH) { + retry = (size <= MAX_SIZE_MB); + } else { + perror("process_mrelease"); + waitpid(pid, NULL, 0); + exit(KSFT_FAIL); + } + } + + /* Cleanup to prevent zombies */ + if (waitpid(pid, NULL, 0) < 0) { + perror("waitpid"); + exit(KSFT_FAIL); + } + close(pidfd); + + if (!success) { + if (retry) { + size *= 2; + goto retry; + } + printf("All process_mrelease attempts failed!\n"); + exit(KSFT_FAIL); + } + + printf("Success reaping a child with %zuMB of memory allocations\n", + size); + return KSFT_PASS; +} + +#else /* defined(__NR_pidfd_open) && defined(__NR_process_mrelease) */ + +int main(int argc, char *argv[]) +{ + printf("skip: skipping process_mrelease test " \ + "(missing __NR_pidfd_open and/or __NR_process_mrelease)\n"); + return KSFT_SKIP; +} + +#endif /* defined(__NR_pidfd_open) && defined(__NR_process_mrelease) */ diff --git a/tools/testing/selftests/vm/run_vmtests.sh b/tools/testing/selftests/vm/run_vmtests.sh index 352ba00cf26b..1986162fea39 100755 --- a/tools/testing/selftests/vm/run_vmtests.sh +++ b/tools/testing/selftests/vm/run_vmtests.sh @@ -287,6 +287,22 @@ else echo "[PASS]" fi +echo "---------------------" +echo "running mrelease_test" +echo "---------------------" +./mrelease_test +ret_val=$? + +if [ $ret_val -eq 0 ]; then + echo "[PASS]" +elif [ $ret_val -eq $ksft_skip ]; then + echo "[SKIP]" + exitcode=$ksft_skip +else + echo "[FAIL]" + exitcode=1 +fi + echo "-------------------" echo "running mremap_test" echo "-------------------" -- 2.36.0.550.gb090851708-goog

3 years, 4 months

3
6
0 0

kselftest/next build: 8 builds: 0 failed, 8 passed (v5.18-rc3-19-g15477b31db104)

by kernelci.org bot

kselftest/next build: 8 builds: 0 failed, 8 passed (v5.18-rc3-19-g15477b31db104) Full Build Summary: https://kernelci.org/build/kselftest/branch/next/kernel/v5.18-rc3-19-g15477… Tree: kselftest Branch: next Git Describe: v5.18-rc3-19-g15477b31db104 Git Commit: 15477b31db104bc795dd1acccb3e9b89465fff01 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git Built: 4 unique architectures ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- defconfig+kselftest (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest (arm64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig+kselftest (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v7_defconfig+kselftest (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

3 years, 4 months

1
0
0 0

[PATCH bpf v2 4/4] bpf_trace: pass array of u64 values in kprobe_multi.addrs

by Eugene Syromiatnikov

With the interface as defined, it is impossible to pass 64-bit kernel addresses from a 32-bit userspace process in BPF_LINK_TYPE_KPROBE_MULTI, which severly limits the useability of the interface, change the ABI to accept an array of u64 values instead of (kernel? user?) longs. Interestingly, the rest of the libbpf infrastructure uses 64-bit values for kallsyms addresses already, so this patch also eliminates the sym_addr cast in tools/lib/bpf/libbpf.c:resolve_kprobe_multi_cb(). Fixes: 0dcac272540613d4 ("bpf: Add multi kprobe link") Fixes: 5117c26e877352bc ("libbpf: Add bpf_link_create support for multi kprobes") Fixes: ddc6b04989eb0993 ("libbpf: Add bpf_program__attach_kprobe_multi_opts function") Fixes: f7a11eeccb111854 ("selftests/bpf: Add kprobe_multi attach test") Fixes: 9271a0c7ae7a9147 ("selftests/bpf: Add attach test for bpf_program__attach_kprobe_multi_opts") Fixes: 2c6401c966ae1fbe ("selftests/bpf: Add kprobe_multi bpf_cookie test") Signed-off-by: Eugene Syromiatnikov <esyr(a)redhat.com> --- kernel/trace/bpf_trace.c | 25 ++++++++++++++++++---- tools/lib/bpf/bpf.h | 2 +- tools/lib/bpf/libbpf.c | 8 +++---- tools/lib/bpf/libbpf.h | 2 +- .../testing/selftests/bpf/prog_tests/bpf_cookie.c | 2 +- .../selftests/bpf/prog_tests/kprobe_multi_test.c | 8 +++---- 6 files changed, 32 insertions(+), 15 deletions(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 268c92b..a8a639a 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2413,7 +2413,7 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr void __user *ucookies; unsigned long *addrs; u32 flags, cnt, size, cookies_size; - void __user *uaddrs; + u64 __user *uaddrs; u64 *cookies = NULL; void __user *usyms; int err; @@ -2446,9 +2446,26 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr return -ENOMEM; if (uaddrs) { - if (copy_from_user(addrs, uaddrs, size)) { - err = -EFAULT; - goto error; + if (sizeof(*addrs) == sizeof(*uaddrs)) { + if (copy_from_user(addrs, uaddrs, size)) { + err = -EFAULT; + goto error; + } + } else { + u32 i; + u64 addr; + + for (i = 0; i < cnt; i++) { + if (get_user(addr, uaddrs + i)) { + err = -EFAULT; + goto error; + } + if (addr > ULONG_MAX) { + err = -EINVAL; + goto error; + } + addrs[i] = addr; + } } } else { err = kprobe_multi_resolve_syms(usyms, cnt, addrs); diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h index f4b4afb..f677602 100644 --- a/tools/lib/bpf/bpf.h +++ b/tools/lib/bpf/bpf.h @@ -417,7 +417,7 @@ struct bpf_link_create_opts { __u32 flags; __u32 cnt; const char **syms; - const unsigned long *addrs; + const __u64 *addrs; const __u64 *cookies; } kprobe_multi; }; diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 809fe20..03a14a6 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -10279,7 +10279,7 @@ static bool glob_match(const char *str, const char *pat) struct kprobe_multi_resolve { const char *pattern; - unsigned long *addrs; + __u64 *addrs; size_t cap; size_t cnt; }; @@ -10294,12 +10294,12 @@ resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type, if (!glob_match(sym_name, res->pattern)) return 0; - err = libbpf_ensure_mem((void **) &res->addrs, &res->cap, sizeof(unsigned long), + err = libbpf_ensure_mem((void **) &res->addrs, &res->cap, sizeof(__u64), res->cnt + 1); if (err) return err; - res->addrs[res->cnt++] = (unsigned long) sym_addr; + res->addrs[res->cnt++] = sym_addr; return 0; } @@ -10314,7 +10314,7 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog, }; struct bpf_link *link = NULL; char errmsg[STRERR_BUFSIZE]; - const unsigned long *addrs; + const __u64 *addrs; int err, link_fd, prog_fd; const __u64 *cookies; const char **syms; diff --git a/tools/lib/bpf/libbpf.h b/tools/lib/bpf/libbpf.h index 05dde85..ec1cb61 100644 --- a/tools/lib/bpf/libbpf.h +++ b/tools/lib/bpf/libbpf.h @@ -431,7 +431,7 @@ struct bpf_kprobe_multi_opts { /* array of function symbols to attach */ const char **syms; /* array of function addresses to attach */ - const unsigned long *addrs; + const __u64 *addrs; /* array of user-provided values fetchable through bpf_get_attach_cookie */ const __u64 *cookies; /* number of elements in syms/addrs/cookies arrays */ diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c b/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c index 923a613..5aa482a 100644 --- a/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c +++ b/tools/testing/selftests/bpf/prog_tests/bpf_cookie.c @@ -137,7 +137,7 @@ static void kprobe_multi_link_api_subtest(void) cookies[6] = 7; cookies[7] = 8; - opts.kprobe_multi.addrs = (const unsigned long *) &addrs; + opts.kprobe_multi.addrs = (const __u64 *) &addrs; opts.kprobe_multi.cnt = ARRAY_SIZE(addrs); opts.kprobe_multi.cookies = (const __u64 *) &cookies; prog_fd = bpf_program__fd(skel->progs.test_kprobe); diff --git a/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c b/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c index b9876b5..fbf4cf2 100644 --- a/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c +++ b/tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c @@ -105,7 +105,7 @@ static void test_link_api_addrs(void) GET_ADDR("bpf_fentry_test7", addrs[6]); GET_ADDR("bpf_fentry_test8", addrs[7]); - opts.kprobe_multi.addrs = (const unsigned long*) addrs; + opts.kprobe_multi.addrs = (const __u64 *) addrs; opts.kprobe_multi.cnt = ARRAY_SIZE(addrs); test_link_api(&opts); } @@ -183,7 +183,7 @@ static void test_attach_api_addrs(void) GET_ADDR("bpf_fentry_test7", addrs[6]); GET_ADDR("bpf_fentry_test8", addrs[7]); - opts.addrs = (const unsigned long *) addrs; + opts.addrs = (const __u64 *) addrs; opts.cnt = ARRAY_SIZE(addrs); test_attach_api(NULL, &opts); } @@ -241,7 +241,7 @@ static void test_attach_api_fails(void) goto cleanup; /* fail_2 - both addrs and syms set */ - opts.addrs = (const unsigned long *) addrs; + opts.addrs = (const __u64 *) addrs; opts.syms = syms; opts.cnt = ARRAY_SIZE(syms); opts.cookies = NULL; @@ -255,7 +255,7 @@ static void test_attach_api_fails(void) goto cleanup; /* fail_3 - pattern and addrs set */ - opts.addrs = (const unsigned long *) addrs; + opts.addrs = (const __u64 *) addrs; opts.syms = NULL; opts.cnt = ARRAY_SIZE(syms); opts.cookies = NULL; -- 2.1.4

3 years, 4 months

1
0
0 0

[PATCH bpf v2 3/4] bpf_trace: handle compat in kprobe_multi_resolve_syms

by Eugene Syromiatnikov

For compat processes, userspace pointer size is different. Since the copied array is iterated anyway, the simplest fix seems to be copy the user-supplied array as-is and the iterate as an array of native or compat pointers, depending on the in_compat_syscall() value. Fixes: 0dcac272540613d4 ("bpf: Add multi kprobe link") Signed-off-by: Eugene Syromiatnikov <esyr(a)redhat.com> --- kernel/trace/bpf_trace.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index bf5bcfb..268c92b 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2353,16 +2353,19 @@ kprobe_multi_resolve_syms(const void __user *usyms, u32 cnt, unsigned long *addrs) { unsigned long addr, sym_size; - u32 size; + u32 size, elem_size; const char __user **syms; + compat_uptr_t __user *compat_syms; int err = -ENOMEM; unsigned int i; char *func; - if (check_mul_overflow(cnt, (u32)sizeof(*syms), &size)) + elem_size = in_compat_syscall() ? sizeof(*compat_syms) : sizeof(*syms); + if (check_mul_overflow(cnt, elem_size, &size)) return -EOVERFLOW; - size = cnt * sizeof(*syms); + size = cnt * elem_size; syms = kvzalloc(size, GFP_KERNEL); + compat_syms = (void *)syms; if (!syms) return -ENOMEM; @@ -2376,7 +2379,10 @@ kprobe_multi_resolve_syms(const void __user *usyms, u32 cnt, } for (i = 0; i < cnt; i++) { - err = strncpy_from_user(func, syms[i], KSYM_NAME_LEN); + const char __user *ufunc = in_compat_syscall() + ? (char __user *)(uintptr_t)compat_syms[i] + : syms[i]; + err = strncpy_from_user(func, ufunc, KSYM_NAME_LEN); if (err == KSYM_NAME_LEN) err = -E2BIG; if (err < 0) -- 2.1.4

3 years, 4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror