- Linux-kselftest-mirror - lists.linaro.org

[PATCH] selftests/mm: Fix thread state check in uffd-unit-tests

by Wake Liu

In the thread_state_get() function, the logic to find the thread's state character was using `sizeof(header) - 1` to calculate the offset from the "State:\t" string. The `header` variable is a `const char *` pointer. `sizeof()` on a pointer returns the size of the pointer itself, not the length of the string literal it points to. This makes the code's behavior dependent on the architecture's pointer size. This bug was identified on a 32-bit ARM build (`gsi_tv_arm`) for Android, running on an ARMv8-based device, compiled with Clang 19.0.1. On this 32-bit architecture, `sizeof(char *)` is 4. The expression `sizeof(header) - 1` resulted in an incorrect offset of 3, causing the test to read the wrong character from `/proc/[tid]/status` and fail. On 64-bit architectures, `sizeof(char *)` is 8, so the expression coincidentally evaluates to 7, which matches the length of "State:\t". This is why the bug likely remained hidden on 64-bit builds. To fix this and make the code portable and correct across all architectures, this patch replaces `sizeof(header) - 1` with `strlen(header)`. The `strlen()` function correctly calculates the string's length, ensuring the correct offset is always used. Signed-off-by: Wake Liu <wakel(a)google.com> --- tools/testing/selftests/mm/uffd-unit-tests.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/mm/uffd-unit-tests.c b/tools/testing/selftests/mm/uffd-unit-tests.c index f4807242c5b2..6f5e404a446c 100644 --- a/tools/testing/selftests/mm/uffd-unit-tests.c +++ b/tools/testing/selftests/mm/uffd-unit-tests.c @@ -1317,7 +1317,7 @@ static thread_state thread_state_get(pid_t tid) p = strstr(tmp, header); if (p) { /* For example, "State:\tD (disk sleep)" */ - c = *(p + sizeof(header) - 1); + c = *(p + strlen(header)); return c == 'D' ? THR_STATE_UNINTERRUPTIBLE : THR_STATE_UNKNOWN; } -- 2.52.0.223.gf5cc29aaa4-goog

1 week, 1 day

3
2
0 0

[PATCH 00/46] Allow inlining C helpers into Rust when using LTO

by Alice Ryhl

This patch series adds __rust_helper to every single rust helper. The patches do not depend on each other, so maintainers please go ahead and pick up any patches relevant to your subsystem! Or provide your Acked-by so that Miguel can pick them up. These changes were generated by adding __rust_helper and running ClangFormat. Unrelated formatting changes were removed manually. Why is __rust_helper needed? ============================ Currently, C helpers cannot be inlined into Rust even when using LTO because LLVM detects slightly different options on the codegen units. * LLVM doesn't want to inline functions compiled with `-fno-delete-null-pointer-checks` with code compiled without. The C CGUs all have this enabled and Rust CGUs don't. Inlining is okay since this is one of the hardening features that does not change the ABI, and we shouldn't have null pointer dereferences in these helpers. * LLVM doesn't want to inline functions with different list of builtins. C side has `-fno-builtin-wcslen`; `wcslen` is not a Rust builtin, so they should be compatible, but LLVM does not perform inlining due to attributes mismatch. * clang and Rust doesn't have the exact target string. Clang generates `+cmov,+cx8,+fxsr` but Rust doesn't enable them (in fact, Rust will complain if `-Ctarget-feature=+cmov,+cx8,+fxsr` is used). x86-64 always enable these features, so they are in fact the same target string, but LLVM doesn't understand this and so inlining is inhibited. This can be bypassed with `--ignore-tti-inline-compatible`, but this is a hidden option. (This analysis was written by Gary Guo.) How is this fixed? ================== To fix this we need to add __always_inline to all helpers when compiling with LTO. However, it should not be added when running bindgen as bindgen will ignore functions marked inline. To achieve this, we are using a #define called __rust_helper that is defined differently depending on whether bindgen is running or not. Note that __rust_helper is currently always #defined to nothing. Changing it to __always_inline will happen separately in another patch series. Signed-off-by: Alice Ryhl <aliceryhl(a)google.com> --- Alice Ryhl (46): rust: auxiliary: add __rust_helper to helpers rust: barrier: add __rust_helper to helpers rust: binder: add __rust_helper to helpers rust: bitmap: add __rust_helper to helpers rust: bitops: add __rust_helper to helpers rust: blk: add __rust_helper to helpers rust: bug: add __rust_helper to helpers rust: clk: add __rust_helper to helpers rust: completion: add __rust_helper to helpers rust: cpu: add __rust_helper to helpers rust: cpufreq: add __rust_helper to helpers rust: cpumask: add __rust_helper to helpers rust: cred: add __rust_helper to helpers rust: device: add __rust_helper to helpers rust: dma: add __rust_helper to helpers rust: drm: add __rust_helper to helpers rust: err: add __rust_helper to helpers rust: fs: add __rust_helper to helpers rust: io: add __rust_helper to helpers rust: irq: add __rust_helper to helpers rust: jump_label: add __rust_helper to helpers rust: kunit: add __rust_helper to helpers rust: maple_tree: add __rust_helper to helpers rust: mm: add __rust_helper to helpers rust: of: add __rust_helper to helpers rust: pci: add __rust_helper to helpers rust: pid_namespace: add __rust_helper to helpers rust: platform: add __rust_helper to helpers rust: poll: add __rust_helper to helpers rust: processor: add __rust_helper to helpers rust: property: add __rust_helper to helpers rust: rbtree: add __rust_helper to helpers rust: rcu: add __rust_helper to helpers rust: refcount: add __rust_helper to helpers rust: regulator: add __rust_helper to helpers rust: scatterlist: add __rust_helper to helpers rust: security: add __rust_helper to helpers rust: slab: add __rust_helper to helpers rust: sync: add __rust_helper to helpers rust: task: add __rust_helper to helpers rust: time: add __rust_helper to helpers rust: uaccess: add __rust_helper to helpers rust: usb: add __rust_helper to helpers rust: wait: add __rust_helper to helpers rust: workqueue: add __rust_helper to helpers rust: xarray: add __rust_helper to helpers rust/helpers/auxiliary.c | 6 +++-- rust/helpers/barrier.c | 6 ++--- rust/helpers/binder.c | 13 ++++----- rust/helpers/bitmap.c | 6 +++-- rust/helpers/bitops.c | 11 +++++--- rust/helpers/blk.c | 4 +-- rust/helpers/bug.c | 4 +-- rust/helpers/build_bug.c | 2 +- rust/helpers/clk.c | 24 +++++++++-------- rust/helpers/completion.c | 2 +- rust/helpers/cpu.c | 2 +- rust/helpers/cpufreq.c | 3 ++- rust/helpers/cpumask.c | 32 +++++++++++++--------- rust/helpers/cred.c | 4 +-- rust/helpers/device.c | 16 +++++------ rust/helpers/dma.c | 15 ++++++----- rust/helpers/drm.c | 7 ++--- rust/helpers/err.c | 6 ++--- rust/helpers/fs.c | 2 +- rust/helpers/io.c | 64 +++++++++++++++++++++++--------------------- rust/helpers/irq.c | 6 +++-- rust/helpers/jump_label.c | 2 +- rust/helpers/kunit.c | 2 +- rust/helpers/maple_tree.c | 3 ++- rust/helpers/mm.c | 20 +++++++------- rust/helpers/mutex.c | 13 ++++----- rust/helpers/of.c | 2 +- rust/helpers/page.c | 9 ++++--- rust/helpers/pci.c | 13 +++++---- rust/helpers/pid_namespace.c | 8 +++--- rust/helpers/platform.c | 2 +- rust/helpers/poll.c | 5 ++-- rust/helpers/processor.c | 2 +- rust/helpers/property.c | 2 +- rust/helpers/rbtree.c | 5 ++-- rust/helpers/rcu.c | 4 +-- rust/helpers/refcount.c | 10 +++---- rust/helpers/regulator.c | 24 ++++++++++------- rust/helpers/scatterlist.c | 12 +++++---- rust/helpers/security.c | 26 ++++++++++-------- rust/helpers/signal.c | 2 +- rust/helpers/slab.c | 14 +++++----- rust/helpers/spinlock.c | 13 ++++----- rust/helpers/sync.c | 4 +-- rust/helpers/task.c | 24 ++++++++--------- rust/helpers/time.c | 12 ++++----- rust/helpers/uaccess.c | 8 +++--- rust/helpers/usb.c | 3 ++- rust/helpers/vmalloc.c | 7 ++--- rust/helpers/wait.c | 2 +- rust/helpers/workqueue.c | 8 +++--- rust/helpers/xarray.c | 10 +++---- 52 files changed, 280 insertions(+), 226 deletions(-) --- base-commit: 54e3eae855629702c566bd2e130d9f40e7f35bde change-id: 20251202-define-rust-helper-f7b531813007 Best regards, -- Alice Ryhl <aliceryhl(a)google.com>

1 week, 1 day

7
8
0 0

[PATCH net v2] selftests: net: fix "buffer overflow detected" for tap.c

by Alice C. Munduruca

When the selftest 'tap.c' is compiled with '-D_FORTIFY_SOURCE=3', the strcpy() in rtattr_add_strsz() is replaced with a checked version which causes the test to consistently fail when compiled with toolchains for which this option is enabled by default. TAP version 13 1..3 # Starting 3 tests from 1 test cases. # RUN tap.test_packet_valid_udp_gso ... *** buffer overflow detected ***: terminated # test_packet_valid_udp_gso: Test terminated by assertion # FAIL tap.test_packet_valid_udp_gso not ok 1 tap.test_packet_valid_udp_gso # RUN tap.test_packet_valid_udp_csum ... *** buffer overflow detected ***: terminated # test_packet_valid_udp_csum: Test terminated by assertion # FAIL tap.test_packet_valid_udp_csum not ok 2 tap.test_packet_valid_udp_csum # RUN tap.test_packet_crash_tap_invalid_eth_proto ... *** buffer overflow detected ***: terminated # test_packet_crash_tap_invalid_eth_proto: Test terminated by assertion # FAIL tap.test_packet_crash_tap_invalid_eth_proto not ok 3 tap.test_packet_crash_tap_invalid_eth_proto # FAILED: 0 / 3 tests passed. # Totals: pass:0 fail:3 xfail:0 xpass:0 skip:0 error:0 A buffer overflow is detected by the fortified glibc __strcpy_chk() since the __builtin_object_size() of `RTA_DATA(rta)` is incorrectly reported as 1, even though there is ample space in its bounding buffer `req`. Using the unchecked function memcpy() here instead allows us to match the way rtattr_add_str() is written while avoiding the spurious test failure. Fixes: 2e64fe4624d1 ("selftests: add few test cases for tap driver") Signed-off-by: Alice C. Munduruca <alice.munduruca(a)canonical.com> --- tools/testing/selftests/net/tap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/tap.c b/tools/testing/selftests/net/tap.c index 247c3b3ac1c9..dd961b629295 100644 --- a/tools/testing/selftests/net/tap.c +++ b/tools/testing/selftests/net/tap.c @@ -67,7 +67,7 @@ static struct rtattr *rtattr_add_strsz(struct nlmsghdr *nh, unsigned short type, { struct rtattr *rta = rtattr_add(nh, type, strlen(s) + 1); - strcpy(RTA_DATA(rta), s); + memcpy(RTA_DATA(rta), s, strlen(s) + 1); return rta; } -- 2.48.1

1 week, 1 day

2
2
0 0

[PATCH v3 0/3] KVM ARM64 pre_fault_memory

by Jack Thomson

From: Jack Thomson <jackabt(a)amazon.com> This patch series adds ARM64 support for the KVM_PRE_FAULT_MEMORY feature, which was previously only available on x86 [1]. This allows us to reduce the number of stage-2 faults during execution. This is of benefit in post-copy migration scenarios, particularly in memory intensive applications, where we are experiencing high latencies due to the stage-2 faults. Patch Overview: - The first patch adds support for the KVM_PRE_FAULT_MEMORY ioctl on arm64. - The second patch updates the pre_fault_memory_test to support arm64. - The last patch extends the pre_fault_memory_test to cover different vm memory backings. === Changes Since v2 [2] === - Update fault info synthesize value. Thanks Suzuki - Remove change to selftests for unaligned mmap allocations. Thanks Sean [1]: https://lore.kernel.org/kvm/20240710174031.312055-1-pbonzini@redhat.com [2]: https://lore.kernel.org/linux-arm-kernel/20251013151502.6679-1-jackabt.amaz… Jack Thomson (3): KVM: arm64: Add pre_fault_memory implementation KVM: selftests: Enable pre_fault_memory_test for arm64 KVM: selftests: Add option for different backing in pre-fault tests Documentation/virt/kvm/api.rst | 3 +- arch/arm64/kvm/Kconfig | 1 + arch/arm64/kvm/arm.c | 1 + arch/arm64/kvm/mmu.c | 73 +++++++++++- tools/testing/selftests/kvm/Makefile.kvm | 1 + .../selftests/kvm/pre_fault_memory_test.c | 110 ++++++++++++++---- 6 files changed, 159 insertions(+), 30 deletions(-) base-commit: 8a4821412cf2c1429fffa07c012dd150f2edf78c -- 2.43.0

1 week, 1 day

5
9
0 0

[PATCH v11 RESEND 0/9] support FEAT_LSUI

by Yeoreum Yun

Since Armv9.6, FEAT_LSUI supplies the load/store instructions for previleged level to access to access user memory without clearing PSTATE.PAN bit. This patchset support FEAT_LSUI and applies in futex atomic operation and user_swpX emulation where can replace from ldxr/st{l}xr pair implmentation with clearing PSTATE.PAN bit to correspondant load/store unprevileged atomic operation without clearing PSTATE.PAN bit. This patch based on v6.19-rc1 Patch Sequences ================ Patch #1 adds cpufeature for FEAT_LSUI Patch #2-#3 expose FEAT_LSUI to guest Patch #4 adds Kconfig for FEAT_LSUI Patch #5-#6 support futex atomic-op with FEAT_LSUI Patch #7-#9 support user_swpX emulation with FEAT_LSUI Patch History ============== from v10 to v11: - rebase to v6.19-rc1 - use cast instruction to emulate deprecated swpb instruction - https://lore.kernel.org/all/20251103163224.818353-1-yeoreum.yun@arm.com/ from v9 to v10: - apply FEAT_LSUI to user_swpX emulation. - add test coverage for LSUI bit in ID_AA64ISAR3_EL1 - rebase to v6.18-rc4 - https://lore.kernel.org/all/20250922102244.2068414-1-yeoreum.yun@arm.com/ from v8 to v9: - refotoring __lsui_cmpxchg64() - rebase to v6.17-rc7 - https://lore.kernel.org/all/20250917110838.917281-1-yeoreum.yun@arm.com/ from v7 to v8: - implements futex_atomic_eor() and futex_atomic_cmpxchg() with casalt with C helper. - Drop the small optimisation on ll/sc futex_atomic_set operation. - modify some commit message. - https://lore.kernel.org/all/20250816151929.197589-1-yeoreum.yun@arm.com/ from v6 to v7: - wrap FEAT_LSUI with CONFIG_AS_HAS_LSUI in cpufeature - remove unnecessary addition of indentation. - remove unnecessary mte_tco_enable()/disable() on LSUI operation. - https://lore.kernel.org/all/20250811163635.1562145-1-yeoreum.yun@arm.com/ from v5 to v6: - rebase to v6.17-rc1 - https://lore.kernel.org/all/20250722121956.1509403-1-yeoreum.yun@arm.com/ from v4 to v5: - remove futex_ll_sc.h futext_lsui and lsui.h and move them to futex.h - reorganize the patches. - https://lore.kernel.org/all/20250721083618.2743569-1-yeoreum.yun@arm.com/ from v3 to v4: - rebase to v6.16-rc7 - modify some patch's title. - https://lore.kernel.org/all/20250617183635.1266015-1-yeoreum.yun@arm.com/ from v2 to v3: - expose FEAT_LUSI to guest - add help section for LUSI Kconfig - https://lore.kernel.org/all/20250611151154.46362-1-yeoreum.yun@arm.com/ from v1 to v2: - remove empty v9.6 menu entry - locate HAS_LUSI in cpucaps in order - https://lore.kernel.org/all/20250611104916.10636-1-yeoreum.yun@arm.com/ Yeoreum Yun (9): arm64: cpufeature: add FEAT_LSUI KVM: arm64: expose FEAT_LSUI to guest KVM: arm64: kselftest: set_id_regs: add test for FEAT_LSUI arm64: Kconfig: Detect toolchain support for LSUI arm64: futex: refactor futex atomic operation arm64: futex: support futex with FEAT_LSUI arm64: separate common LSUI definitions into lsui.h arm64: armv8_deprecated: convert user_swpX to inline function arm64: armv8_deprecated: apply FEAT_LSUI for swpX emulation. arch/arm64/Kconfig | 5 + arch/arm64/include/asm/futex.h | 291 +++++++++++++++--- arch/arm64/include/asm/lsui.h | 25 ++ arch/arm64/kernel/armv8_deprecated.c | 111 +++++-- arch/arm64/kernel/cpufeature.c | 10 + arch/arm64/kvm/sys_regs.c | 3 +- arch/arm64/tools/cpucaps | 1 + .../testing/selftests/kvm/arm64/set_id_regs.c | 1 + 8 files changed, 381 insertions(+), 66 deletions(-) create mode 100644 arch/arm64/include/asm/lsui.h base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8 -- LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}

1 week, 2 days

2
11
0 0

[PATCH] kselftest/anon_inode: replace null pointers with empty arrays

by Clint George

Make use of empty (NULL-terminated) array instead of NULL pointer to avoid compiler errors while maintaining the behavior of the function intact Signed-off-by: Clint George <clintbgeorge(a)gmail.com> --- [] Testing: The diff between before and after of running the kselftest test of the module shows no regression on system with x86 architecture Let me know if any more testing is needed to be done [] Error log: ~/Desktop/kernel-dev/linux-v1/tools/testing/selftests/filesystems$ make LLVM=1 W=1 CC devpts_pts CC file_stressor CC anon_inode_test anon_inode_test.c:45:37: warning: null passed to a callee that requires a non-null argument [-Wnonnull] 45 | ASSERT_LT(execveat(fd_context, "", NULL, NULL, AT_EMPTY_PATH), 0); | ^~~~ /usr/lib/llvm-18/lib/clang/18/include/__stddef_null.h:26:14: note: expanded from macro 'NULL' 26 | #define NULL ((void*)0) | ^~~~~~~~~~ /home/clint/Desktop/kernel-dev/linux-v1/tools/testing/selftests/../../../tools/testing/selftests/kselftest_harness.h:535:11: note: expanded from macro 'ASSERT_LT' 535 | __EXPECT(expected, #expected, seen, #seen, <, 1) | ^~~~~~~~ /home/clint/Desktop/kernel-dev/linux-v1/tools/testing/selftests/../../../tools/testing/selftests/kselftest_harness.h:758:33: note: expanded from macro '__EXPECT' 758 | __typeof__(_expected) __exp = (_expected); \ | ^~~~~~~~~ 1 warning generated. tools/testing/selftests/filesystems/anon_inode_test.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/filesystems/anon_inode_test.c b/tools/testing/selftests/filesystems/anon_inode_test.c index 94c6c81c2..2c4c50500 100644 --- a/tools/testing/selftests/filesystems/anon_inode_test.c +++ b/tools/testing/selftests/filesystems/anon_inode_test.c @@ -42,7 +42,10 @@ TEST(anon_inode_no_exec) fd_context = sys_fsopen("tmpfs", 0); ASSERT_GE(fd_context, 0); - ASSERT_LT(execveat(fd_context, "", NULL, NULL, AT_EMPTY_PATH), 0); + char *const empty_argv[] = {NULL}; + char *const empty_envp[] = {NULL}; + + ASSERT_LT(execveat(fd_context, "", empty_argv, empty_envp, AT_EMPTY_PATH), 0); ASSERT_EQ(errno, EACCES); EXPECT_EQ(close(fd_context), 0); -- 2.43.0

1 week, 2 days

1
0
0 0

[PATCH] kselftest/coredump: use __builtin_trap() instead of null pointer

by Clint George

Use __builtin_trap() to truly crash the program instead of dereferencing null pointer which may be optimized by the compiler preventing the crash from occurring Signed-off-by: Clint George <clintbgeorge(a)gmail.com> --- [] Testing: The diff between before and after of running the kselftest test of the module shows no regression on system with x86 architecture Let me know if any more testing is needed to be done [] Error log: ~/Desktop/kernel-dev/linux-v1/tools/testing/selftests/coredump$ make LLVM=1 W=1 CC stackdump_test coredump_test_helpers.c:59:6: warning: indirection of non-volatile null pointer will be deleted, not trap [-Wnull-dereference] 59 | i = *(int *)NULL; | ^~~~~~~~~~~~ coredump_test_helpers.c:59:6: note: consider using __builtin_trap() or qualifying pointer with 'volatile' 1 warning generated. CC coredump_socket_test coredump_test_helpers.c:59:6: warning: indirection of non-volatile null pointer will be deleted, not trap [-Wnull-dereference] 59 | i = *(int *)NULL; | ^~~~~~~~~~~~ coredump_test_helpers.c:59:6: note: consider using __builtin_trap() or qualifying pointer with 'volatile' 1 warning generated. CC coredump_socket_protocol_test coredump_test_helpers.c:59:6: warning: indirection of non-volatile null pointer will be deleted, not trap [-Wnull-dereference] 59 | i = *(int *)NULL; | ^~~~~~~~~~~~ coredump_test_helpers.c:59:6: note: consider using __builtin_trap() or qualifying pointer with 'volatile' 1 warning generated. tools/testing/selftests/coredump/coredump_test_helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/coredump/coredump_test_helpers.c b/tools/testing/selftests/coredump/coredump_test_helpers.c index a6f6d5f2a..5c8adee63 100644 --- a/tools/testing/selftests/coredump/coredump_test_helpers.c +++ b/tools/testing/selftests/coredump/coredump_test_helpers.c @@ -56,7 +56,7 @@ void crashing_child(void) pthread_create(&thread, NULL, do_nothing, NULL); /* crash on purpose */ - i = *(int *)NULL; + __builtin_trap(); } int create_detached_tmpfs(void) -- 2.43.0

1 week, 2 days

1
0
0 0

[PATCH 0/3] selftests/futex: fix the issue of abnormal test results caused by thread timing

by Yuwen Chen

On the Android arm32 platform, when performing the futex_requeue test, it will most likely return a failure. The specific reason is detailed in a commit[1] previously submitted by Edward Liaw. However, this commit cannot perfectly solve the problem. This is because using a barrier does not guarantee that the child thread will wait on futex_wait. This series of patches attempts to solve this problem by checking whether the child thread is in a sleeping state. This is because when the child thread goes to sleep, it indicates that it is waiting for the futex lock. Link: https://lore.kernel.org/all/20240918231102.234253-1-edliaw@google.com/

1 week, 2 days

2
5
0 0

[PATCH v3] lkdtm: Add lockdep related crash tests

by Tzung-Bi Shih

Introduce various lockdep related crash tests. Signed-off-by: Tzung-Bi Shih <tzungbi(a)kernel.org> --- v3: - Add some entries in tools/testing/selftests/lkdtm/tests.txt. v2: https://lore.kernel.org/all/20251117033337.3730681-1-tzungbi@kernel.org/ - Fix "warning: suggest braces around empty body in an 'else' statement [-Wempty-body]" reported by 0day test robot. v1: https://lore.kernel.org/lkml/20251114062535.1827309-1-tzungbi@kernel.org/T/… drivers/misc/lkdtm/Makefile | 1 + drivers/misc/lkdtm/core.c | 1 + drivers/misc/lkdtm/lkdtm.h | 1 + drivers/misc/lkdtm/lockdep.c | 98 +++++++++++++++++++++++++ tools/testing/selftests/lkdtm/tests.txt | 8 ++ 5 files changed, 109 insertions(+) create mode 100644 drivers/misc/lkdtm/lockdep.c diff --git a/drivers/misc/lkdtm/Makefile b/drivers/misc/lkdtm/Makefile index 03ebe33185f9..830b71c8e6a0 100644 --- a/drivers/misc/lkdtm/Makefile +++ b/drivers/misc/lkdtm/Makefile @@ -11,6 +11,7 @@ lkdtm-$(CONFIG_LKDTM) += usercopy.o lkdtm-$(CONFIG_LKDTM) += kstack_erase.o lkdtm-$(CONFIG_LKDTM) += cfi.o lkdtm-$(CONFIG_LKDTM) += fortify.o +lkdtm-$(CONFIG_LKDTM) += lockdep.o lkdtm-$(CONFIG_PPC_64S_HASH_MMU) += powerpc.o KASAN_SANITIZE_stackleak.o := n diff --git a/drivers/misc/lkdtm/core.c b/drivers/misc/lkdtm/core.c index 5732fd59a227..43e91388940f 100644 --- a/drivers/misc/lkdtm/core.c +++ b/drivers/misc/lkdtm/core.c @@ -96,6 +96,7 @@ static const struct crashtype_category *crashtype_categories[] = { &stackleak_crashtypes, &cfi_crashtypes, &fortify_crashtypes, + &lockdep_crashtypes, #ifdef CONFIG_PPC_64S_HASH_MMU &powerpc_crashtypes, #endif diff --git a/drivers/misc/lkdtm/lkdtm.h b/drivers/misc/lkdtm/lkdtm.h index 015e0484026b..d2d97e6f323e 100644 --- a/drivers/misc/lkdtm/lkdtm.h +++ b/drivers/misc/lkdtm/lkdtm.h @@ -84,6 +84,7 @@ extern struct crashtype_category usercopy_crashtypes; extern struct crashtype_category stackleak_crashtypes; extern struct crashtype_category cfi_crashtypes; extern struct crashtype_category fortify_crashtypes; +extern struct crashtype_category lockdep_crashtypes; extern struct crashtype_category powerpc_crashtypes; /* Each category's init/exit routines. */ diff --git a/drivers/misc/lkdtm/lockdep.c b/drivers/misc/lkdtm/lockdep.c new file mode 100644 index 000000000000..e029e9e60ce6 --- /dev/null +++ b/drivers/misc/lkdtm/lockdep.c @@ -0,0 +1,98 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright 2025 Google LLC + * + * Tests related to lockdep warnings. + */ +#include "lkdtm.h" +#include <linux/cleanup.h> +#include <linux/irqflags.h> +#include <linux/mutex.h> +#include <linux/spinlock.h> +#include <linux/srcu.h> + +static DEFINE_SPINLOCK(lock_A); +static DEFINE_SPINLOCK(lock_B); + +/* For "WARNING: possible circular locking dependency detected". */ +static void lkdtm_LOCKDEP_CIRCULAR_LOCK(void) +{ + scoped_guard(spinlock, &lock_A) + scoped_guard(spinlock, &lock_B) {} + scoped_guard(spinlock, &lock_B) + scoped_guard(spinlock, &lock_A) {} +} + +/* For "WARNING: possible recursive locking detected". */ +static void lkdtm_LOCKDEP_RECURSIVE_LOCK(void) +{ + guard(spinlock)(&lock_A); + guard(spinlock)(&lock_A); +} + +/* For "WARNING: inconsistent lock state". */ +static void lkdtm_LOCKDEP_INCONSISTENT_LOCK(void) +{ + lockdep_softirq_enter(); + scoped_guard(spinlock, &lock_A) {} + lockdep_softirq_exit(); + + scoped_guard(spinlock, &lock_A) {} +} + +/* For "WARNING: Nested lock was not taken". */ +static void lkdtm_LOCKDEP_NESTED_LOCK_NOT_HELD(void) +{ + spin_lock_nest_lock(&lock_B, &lock_A); +} + +/* For "WARNING: bad unlock balance detected!". */ +static void lkdtm_LOCKDEP_BAD_UNLOCK_BALANCE(void) +{ + spin_unlock(&lock_A); +} + +/* For "WARNING: held lock freed!". */ +static void lkdtm_LOCKDEP_HELD_LOCK_FREED(void) +{ + spin_lock(&lock_A); + spin_lock_init(&lock_A); +} + +/* For "WARNING: lock held when returning to user space!". */ +static void lkdtm_LOCKDEP_HELD_LOCK(void) +{ + spin_lock(&lock_A); +} + +/* For "WARNING: suspicious RCU usage". */ +static void lkdtm_LOCKDEP_SUSPICIOUS_RCU(void) +{ + struct srcu_struct srcu; + void __rcu *res = NULL; + int idx; + + init_srcu_struct(&srcu); + + idx = srcu_read_lock(&srcu); + rcu_dereference(res); + srcu_read_unlock(&srcu, idx); + + cleanup_srcu_struct(&srcu); +} + +static struct crashtype crashtypes[] = { + CRASHTYPE(LOCKDEP_CIRCULAR_LOCK), + CRASHTYPE(LOCKDEP_RECURSIVE_LOCK), + CRASHTYPE(LOCKDEP_INCONSISTENT_LOCK), + CRASHTYPE(LOCKDEP_NESTED_LOCK_NOT_HELD), + CRASHTYPE(LOCKDEP_BAD_UNLOCK_BALANCE), + CRASHTYPE(LOCKDEP_HELD_LOCK_FREED), + CRASHTYPE(LOCKDEP_HELD_LOCK), + CRASHTYPE(LOCKDEP_SUSPICIOUS_RCU), +}; + +struct crashtype_category lockdep_crashtypes = { + .crashtypes = crashtypes, + .len = ARRAY_SIZE(crashtypes), +}; diff --git a/tools/testing/selftests/lkdtm/tests.txt b/tools/testing/selftests/lkdtm/tests.txt index cff124c1eddd..7b32dece3d3a 100644 --- a/tools/testing/selftests/lkdtm/tests.txt +++ b/tools/testing/selftests/lkdtm/tests.txt @@ -83,3 +83,11 @@ FORTIFY_STR_MEMBER detected buffer overflow FORTIFY_MEM_OBJECT detected buffer overflow FORTIFY_MEM_MEMBER detected field-spanning write PPC_SLB_MULTIHIT Recovered +#LOCKDEP_CIRCULAR_LOCK Lockdep can only trigger once +#LOCKDEP_RECURSIVE_LOCK Hangs the system +#LOCKDEP_INCONSISTENT_LOCK Lockdep can only trigger once +#LOCKDEP_NESTED_LOCK_NOT_HELD Cause a deadlock in subsequent lockdep tests +#LOCKDEP_BAD_UNLOCK_BALANCE Lockdep can only trigger once +#LOCKDEP_HELD_LOCK_FREED Lockdep can only trigger once +#LOCKDEP_HELD_LOCK Cause a deadlock in subsequent lockdep tests +#LOCKDEP_SUSPICIOUS_RCU Lockdep can only trigger once -- 2.52.0.305.g3fc767764a-goog

1 week, 2 days

1
0
0 0

Re: sea_to_user sefltest failure

by Sebastian Ott

On Thu, 11 Dec 2025, Jiaqi Yan wrote: > CONFIGs seem alright to me. Do you boot kernel with cmdline options like "default_hugepagesz=1G hugepagesz=1G hugepages=64", or dynamically set up > huge pages via "echo 64 > /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages"? Neither of these. When I do the test is skipped: # echo 64 > /sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages # ./arm64/sea_to_user Random seed: 0x6b8b4567 # Mapped 0x40000 pages: gva=0x80000000 to gpa=0xff80000000 # Before EINJect: data=0xbaadcafe # EINJ_GVA=0x81234bad, einj_gpa=0xff81234bad, einj_hva=0xffff41234bad, einj_hpa=0x80241234bad ok 1 # SKIP EINJ module probably not loaded?sh: line 1: /sys/kernel/debug/apei/einj/error_type: No such file or directory Bail out! Failed to write EINJ entry: No such file or directory (2) # 1 skipped test(s) detected. Consider enabling relevant config options to improve coverage. # Planned tests != run tests (0 != 1) # Totals: pass:0 fail:0 xfail:0 xpass:0 skip:1 error:0

1 week, 2 days

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror