March 2022 - Linux-kselftest-mirror

[PATCH 1/2] selftests/lkdtm: add config and turn off CFI_FORWARD_PROTO

by Muhammad Usama Anjum

Add config options which are needed for LKDTM sub-tests. STACKLEAK_ERASING test needs GCC_PLUGIN_STACKLEAK config. READ_AFTER_FREE and READ_BUDDY_AFTER_FREE tests need INIT_ON_FREE_DEFAULT_ON config. CFI_FORWARD_PROTO always fails as there is no active CFI system of some kind. Turn it off for now by default until proper support. Cc: Kees Cook <keescook(a)chromium.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Fixes: 46d1a0f03d66 ("selftests/lkdtm: Add tests for LKDTM targets") Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- tools/testing/selftests/lkdtm/config | 2 ++ tools/testing/selftests/lkdtm/tests.txt | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/lkdtm/config b/tools/testing/selftests/lkdtm/config index 46f39ee762086..adc9fa60057c5 100644 --- a/tools/testing/selftests/lkdtm/config +++ b/tools/testing/selftests/lkdtm/config @@ -2,8 +2,10 @@ CONFIG_LKDTM=y CONFIG_DEBUG_LIST=y CONFIG_SLAB_FREELIST_HARDENED=y CONFIG_FORTIFY_SOURCE=y +CONFIG_GCC_PLUGIN_STACKLEAK=y CONFIG_HARDENED_USERCOPY=y CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y +CONFIG_INIT_ON_FREE_DEFAULT_ON=y CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y CONFIG_UBSAN=y CONFIG_UBSAN_BOUNDS=y diff --git a/tools/testing/selftests/lkdtm/tests.txt b/tools/testing/selftests/lkdtm/tests.txt index 6b36b7f5dcf96..aa947b0ce1eeb 100644 --- a/tools/testing/selftests/lkdtm/tests.txt +++ b/tools/testing/selftests/lkdtm/tests.txt @@ -72,7 +72,7 @@ USERCOPY_STACK_FRAME_FROM USERCOPY_STACK_BEYOND USERCOPY_KERNEL STACKLEAK_ERASING OK: the rest of the thread stack is properly erased -CFI_FORWARD_PROTO +#CFI_FORWARD_PROTO FORTIFIED_STRSCPY FORTIFIED_OBJECT FORTIFIED_SUBOBJECT -- 2.30.2

2 years

2
14
0 0

[PATCH] Makefile: Fix separate output directory build of kselftests

by Muhammad Usama Anjum

Build of kselftests fail if kernel's top most Makefile is used for running or building kselftests with separate output directory. The absolute path is needed to reference other files during this kind of build. Set KBUILD_ABS_SRCTREE to use absolute path during the build. It fixes the following different types of errors: make kselftest-all O=/linux_mainline/build Makefile:1080: ../scripts/Makefile.extrawarn: No such file or directory make kselftest-all O=build Makefile:1080: ../scripts/Makefile.extrawarn: No such file or directory Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- I've tested this patch on top of next-20220217. The latest next-20220222 have missing patches. --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 86f633c2809ea..62b3eb8a102ab 100644 --- a/Makefile +++ b/Makefile @@ -1411,10 +1411,10 @@ tools/%: FORCE PHONY += kselftest kselftest: - $(Q)$(MAKE) -C $(srctree)/tools/testing/selftests run_tests + $(Q)$(MAKE) -C $(srctree)/tools/testing/selftests KBUILD_ABS_SRCTREE=1 run_tests kselftest-%: FORCE - $(Q)$(MAKE) -C $(srctree)/tools/testing/selftests $* + $(Q)$(MAKE) -C $(srctree)/tools/testing/selftests KBUILD_ABS_SRCTREE=1 $* PHONY += kselftest-merge kselftest-merge: -- 2.30.2

2 years

3
9
0 0

[PATCH v8 0/1] Introduce XSAVE feature self-test

by Pengfei Xu

The XSAVE feature set supports the saving and restoring of xstate components. XSAVE feature has been used for process context switching. XSAVE components include x87 state for FP execution environment, SSE state, AVX state and so on. In order to ensure that XSAVE works correctly, add XSAVE most basic test for XSAVE architecture functionality. This patch tests "FP, SSE(XMM), AVX2(YMM), AVX512_OPMASK/AVX512_ZMM_Hi256/ AVX512_Hi16_ZMM and PKRU parts" xstates with following cases: 1. The content of these xstates in the process should not change after the signal handling. 2. The content of these xstates in the child process should be the same as the content of the parent process after the fork syscall. Because xstate like XMM will not be preserved across function calls, fork() and raise() are implemented and inlined. To prevent GCC from generating any FP/SSE(XMM)/AVX/PKRU code, add "-mno-sse -mno-mmx -mno-sse2 -mno-avx -mno-pku" compiler arguments. stdlib.h can not be used because of the "-mno-sse" option. Thanks Dave, Hansen for the above suggestion! Thanks Chen Yu; Shuah Khan; Chatre Reinette and Tony Luck's comments! Thanks to Bae, Chang Seok for a bunch of comments! ======== - Change from v7 to v8 Many thanks to Bae, Chang Seok for a bunch of comments as follow: - Use the filling buffer way to prepare the xstate buffer, and use xrstor instruction way to load the tested xstates. - Remove useless dump_buffer, compare_buffer functions. - Improve the struct of xstate_info. - Added AVX512_ZMM_Hi256 and AVX512_Hi16_ZMM components in xstate test. - Remove redundant xstate_info.xstate_mask, xstate_flag[], and xfeature_test_mask, use xstate_info.mask instead. - Check if xfeature is supported outside of fill_xstate_buf() , this change is easier to read and understand. - Remove useless wrpkru, only use filling all tested xstate buffer in fill_xstates_buf(). - Improve a bunch of function names and variable names. - Improve test steps flow for readability. - Change from v6 to v7: - Added the error number and error description of the reason for the failure, thanks Shuah Khan's suggestion. - Added a description of what these tests are doing in the head comments. - Added changes update in the head comments. - Added description of the purpose of the function. thanks Shuah Khan. - Change from v5 to v6: - In order to prevent GCC from generating any FP code by mistake, "-mno-sse -mno-mmx -mno-sse2 -mno-avx -mno-pku" compiler parameter was added, it's referred to the parameters for compiling the x86 kernel. Thanks Dave Hansen's suggestion. - Removed the use of "kselftest.h", because kselftest.h included <stdlib.h>, and "stdlib.h" would use sse instructions in it's libc, and this *XSAVE* test needed to be compiled without libc sse instructions(-mno-sse). - Improved the description in commit header, thanks Chen Yu's suggestion. - Becasue test code could not use buildin xsave64 in libc without sse, added xsave function by instruction way. - Every key test action would not use libc(like printf) except syscall until it's failed or done. If it's failed, then it would print the failed reason. - Used __cpuid_count() instead of native_cpuid(), becasue __cpuid_count() was a macro definition function with one instruction in libc and did not change xstate. Thanks Chatre Reinette, Shuah Khan. https://lore.kernel.org/linux-sgx/8b7c98f4-f050-bc1c-5699-fa598ecc66a2@linu… - Change from v4 to v5: - Moved code files into tools/testing/selftests/x86. - Delete xsave instruction test, becaue it's not related to kernel. - Improved case description. - Added AVX512 opmask change and related XSAVE content verification. - Added PKRU part xstate test into instruction and signal handling test. - Added XSAVE process swich test for FPU, AVX2, AVX512 opmask and PKRU part. - Change from v3 to v4: - Improve the comment in patch 1. - Change from v2 to v3: - Improve the description of patch 2 git log. - Change from v1 to v2: - Improve the cover-letter. Thanks Dave Hansen's suggestion. Pengfei Xu (1): selftests/x86/xstate: Add xstate test cases for XSAVE feature tools/testing/selftests/x86/Makefile | 3 +- tools/testing/selftests/x86/xstate.c | 574 +++++++++++++++++++++++++++ 2 files changed, 576 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/x86/xstate.c -- 2.31.1

2 years

3
7
0 0

[PATCH v1] kunit: add support for kunit_suites that reference init code

by Brendan Higgins

Add support for a new kind of kunit_suite registration macro called kunit_test_init_suite(); this new registration macro allows the registration of kunit_suites that reference functions marked __init and data marked __initdata. Signed-off-by: Brendan Higgins <brendanhiggins(a)google.com> Tested-by: Martin Fernandez <martin.fernandez(a)eclypsium.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: David Gow <davidgow(a)google.com> --- This is a follow-up to the RFC here[1]. This patch is in response to a KUnit user issue[2] in which the user was attempting to test some init functions; although this is a functional solution as long as KUnit tests only run during the init phase, we will need to do more work if we ever allow tests to run after the init phase is over; it is for this reason that this patch adds a new registration macro rather than simply modifying the existing macros. Changes since last version: - I added more to the kunit_test_init_suites() kernel-doc comment detailing "how" the modpost warnings are suppressed in addition to the existing information regarding "why" it is OK for the modpost warnings to be suppressed. [1] https://lore.kernel.org/linux-kselftest/20220310210210.2124637-1-brendanhig… [2] https://groups.google.com/g/kunit-dev/c/XDjieRHEneg/m/D0rFCwVABgAJ --- include/kunit/test.h | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/include/kunit/test.h b/include/kunit/test.h index b26400731c02..7f303a06bc97 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -379,6 +379,32 @@ static inline int kunit_run_all_tests(void) #define kunit_test_suite(suite) kunit_test_suites(&suite) +/** + * kunit_test_init_suites() - used to register one or more &struct kunit_suite + * containing init functions or init data. + * + * @__suites: a statically allocated list of &struct kunit_suite. + * + * This functions identically as &kunit_test_suites() except that it suppresses + * modpost warnings for referencing functions marked __init or data marked + * __initdata; this is OK because currently KUnit only runs tests upon boot + * during the init phase or upon loading a module during the init phase. + * + * NOTE TO KUNIT DEVS: If we ever allow KUnit tests to be run after boot, these + * tests must be excluded. + * + * The only thing this macro does that's different from kunit_test_suites is + * that it suffixes the array and suite declarations it makes with _probe; + * modpost suppresses warnings about referencing init data for symbols named in + * this manner. + */ +#define kunit_test_init_suites(__suites...) \ + __kunit_test_suites(CONCATENATE(__UNIQUE_ID(array), _probe), \ + CONCATENATE(__UNIQUE_ID(suites), _probe), \ + ##__suites) + +#define kunit_test_init_suite(suite) kunit_test_init_suites(&suite) + #define kunit_suite_for_each_test_case(suite, test_case) \ for (test_case = suite->test_cases; test_case->run_case; test_case++) base-commit: 330f4c53d3c2d8b11d86ec03a964b86dc81452f5 -- 2.35.1.723.g4982287a31-goog

2 years

3
5
0 0

WARNING: at arch/x86/kvm/../../../virt/kvm/kvm_main.c:3156 mark_page_dirty_in_slot

by Naresh Kamboju

While running kselftest kvm test cases on x86_64 devices the following kernel warning was reported. metadata: git_ref: master git_repo: https://gitlab.com/Linaro/lkft/mirrors/torvalds/linux-mainline git_sha: 1930a6e739c4b4a654a69164dbe39e554d228915 git_describe: v5.17-12882-g1930a6e739c4 kernel_version: 5.17.0 kernel-config: https://builds.tuxbuild.com/272RGo17Agp9s62duqGs3mP2d0S/config # selftests: kvm: evmcs_test # Running L1 which uses EVMCS to run L2 # Injecting NMI into L1 before L2 had a chance to run after restore # Trying extra KVM_GET_NESTED_STATE/KVM_SET_NESTED_STATE cycle ok 4 selftests: kvm: evmcs_test # selftests: kvm: emulator_error_test # module parameter 'allow_smaller_maxphyaddr' is not set. Skipping test. ok 5 selftests: kvm: emulator_error_test # selftests: kvm: hyperv_clock [ 62.510388] ------------[ cut here ]------------ [ 62.515064] WARNING: CPU: 1 PID: 915 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:3156 mark_page_dirty_in_slot+0xba/0xd0 [ 62.525968] Modules linked in: x86_pkg_temp_thermal fuse [ 62.531307] CPU: 1 PID: 915 Comm: hyperv_clock Not tainted 5.17.0 #1 [ 62.537691] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.0b 07/27/2017 [ 62.545185] RIP: 0010:mark_page_dirty_in_slot+0xba/0xd0 [ 62.550452] Code: 89 ea 09 c6 e8 57 d4 00 00 5b 41 5c 41 5d 41 5e 5d c3 48 8b 83 c0 00 00 00 49 63 d5 f0 48 0f ab 10 5b 41 5c 41 5d 41 5e 5d c3 <0f> 0b 5b 41 5c 41 5d 41 5e 5d c3 0f 1f 44 00 00 eb 80 0f 1f 40 00 [ 62.569265] RSP: 0018:ffffa347c1663b50 EFLAGS: 00010246 [ 62.574502] RAX: 0000000080000000 RBX: ffff8f01149ce600 RCX: 0000000000000000 [ 62.581700] RDX: 0000000000000000 RSI: ffffffffa302ab31 RDI: ffffffffa302ab31 [ 62.588874] RBP: ffffa347c1663b70 R08: 0000000000000000 R09: 0000000000000001 [ 62.596046] R10: 0000000000000001 R11: 0000000000000000 R12: ffffa347c1665000 [ 62.603213] R13: 0000000000000022 R14: 0000000000000000 R15: 0000000000000004 [ 62.610389] FS: 00007fe3799c1740(0000) GS:ffff8f041fc80000(0000) knlGS:0000000000000000 [ 62.618697] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 62.624467] CR2: 0000000000000000 CR3: 000000010614e004 CR4: 00000000003726e0 [ 62.631684] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 62.638833] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 62.646009] Call Trace: [ 62.648480] <TASK> [ 62.650604] __kvm_write_guest_page+0xc8/0x100 [ 62.655112] kvm_write_guest+0x61/0xb0 [ 62.658884] kvm_hv_invalidate_tsc_page+0xd3/0x140 [ 62.663699] ? kvm_hv_invalidate_tsc_page+0x72/0x140 [ 62.668684] kvm_arch_vm_ioctl+0x20f/0xbc0 [ 62.672798] ? __lock_acquire+0x3af/0x2450 [ 62.676956] ? __this_cpu_preempt_check+0x13/0x20 [ 62.681706] kvm_vm_ioctl+0x6f1/0xe20 [ 62.685423] ? ktime_get_coarse_real_ts64+0xc7/0xd0 [ 62.690323] ? __this_cpu_preempt_check+0x13/0x20 [ 62.695048] ? lockdep_hardirqs_on+0x7e/0x100 [ 62.699423] ? blk_log_with_error+0x3b/0x70 [ 62.703644] ? __audit_syscall_entry+0xcd/0x130 [ 62.708220] ? selinux_file_ioctl+0xa6/0x130 [ 62.712542] ? selinux_file_ioctl+0xa6/0x130 [ 62.716869] __x64_sys_ioctl+0x91/0xc0 [ 62.720686] do_syscall_64+0x5c/0x80 [ 62.724305] ? __this_cpu_preempt_check+0x13/0x20 [ 62.729059] ? lock_is_held_type+0xdd/0x130 [ 62.733264] ? do_syscall_64+0x69/0x80 [ 62.737069] ? __this_cpu_preempt_check+0x13/0x20 [ 62.741791] ? lockdep_hardirqs_on+0x7e/0x100 [ 62.746219] ? syscall_exit_to_user_mode+0x3e/0x50 [ 62.751082] ? do_syscall_64+0x69/0x80 [ 62.754904] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 62.760027] RIP: 0033:0x7fe3792bf8f7 [ 62.763687] Code: b3 66 90 48 8b 05 a1 35 2c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 71 35 2c 00 f7 d8 64 89 01 48 [ 62.782497] RSP: 002b:00007ffe035acf38 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 62.790131] RAX: ffffffffffffffda RBX: 000000004030ae7b RCX: 00007fe3792bf8f7 [ 62.797334] RDX: 00007ffe035acf70 RSI: 000000004030ae7b RDI: 0000000000000006 [ 62.804539] RBP: 0000000000000007 R08: 000000000040e320 R09: 0000000000000007 [ 62.811737] R10: 000000000004da6b R11: 0000000000000246 R12: 00007fe3799c7000 [ 62.818914] R13: 0000000000000007 R14: 00000000000058cb R15: 00000000000e8f42 [ 62.826141] </TASK> [ 62.828378] irq event stamp: 6435 [ 62.831765] hardirqs last enabled at (6445): [<ffffffffa3272a88>] __up_console_sem+0x58/0x60 [ 62.840354] hardirqs last disabled at (6454): [<ffffffffa3272a6d>] __up_console_sem+0x3d/0x60 [ 62.848944] softirqs last enabled at (6392): [<ffffffffa4600341>] __do_softirq+0x341/0x4cc [ 62.857362] softirqs last disabled at (6473): [<ffffffffa31ef29f>] irq_exit_rcu+0xdf/0x140 [ 62.865700] ---[ end trace 0000000000000000 ]--- ok 6 selftests: kvm: hyperv_clock Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> -- Linaro LKFT https://lkft.linaro.org [1] https://lkft.validation.linaro.org/scheduler/job/4805876#L1528

2 years

3
2
0 0

[PATCH 00/18] bpf: Secure and authenticated preloading of eBPF programs

by Roberto Sassu

eBPF already allows programs to be preloaded and kept running without intervention from user space. There is a dedicated kernel module called bpf_preload, which contains the light skeleton of the iterators_bpf eBPF program. If this module is enabled in the kernel configuration, its loading will be triggered when the bpf filesystem is mounted (unless the module is built-in), and the links of iterators_bpf are pinned in that filesystem (they will appear as the progs.debug and maps.debug files). However, the current mechanism, if used to preload an LSM, would not offer the same security guarantees of LSMs integrated in the security subsystem. Also, it is not generic enough to be used for preloading arbitrary eBPF programs, unless the bpf_preload code is heavily modified. More specifically, the security problems are: - any program can be pinned to the bpf filesystem without limitations (unless a MAC mechanism enforces some restrictions); - programs being executed can be terminated at any time by deleting the pinned objects or unmounting the bpf filesystem. The usability problems are: - only a fixed amount of links can be pinned; - only links can be pinned, other object types are not supported; - code to pin objects has to be written manually; - preloading multiple eBPF programs is not practical, bpf_preload has to be modified to include additional light skeletons. Solve the security problems by mounting the bpf filesystem from the kernel, by preloading authenticated kernel modules (e.g. with module.sig_enforce) and by pinning objects to that filesystem. This particular filesystem instance guarantees that desired eBPF programs run until the very end of the kernel lifecycle, since even root cannot interfere with it. Solve the usability problems by generalizing the pinning function, to handle not only links but also maps and progs. Also increment the object reference count and call the pinning function directly from the preload method (currently in the bpf_preload kernel module) rather than from the bpf filesystem code itself, so that a generic eBPF program can do those operations depending on its objects (this also avoids the limitation of the fixed-size array for storing the objects to pin). Then, simplify the process of pinning objects defined by a generic eBPF program by automatically generating the required methods in the light skeleton. Also, generate a separate kernel module for each eBPF program to preload, so that existing ones don't have to be modified. Finally, support preloading multiple eBPF programs by allowing users to specify a list from the kernel configuration, at build time, or with the new kernel option bpf_preload_list=, at run-time. To summarize, this patch set makes it possible to plug in out-of-tree LSMs matching the security guarantees of their counterpart in the security subsystem, without having to modify the kernel itself. The same benefits are extended to other eBPF program types. Only one remaining problem is how to support auto-attaching eBPF programs with LSM type. It will be solved with a separate patch set. Patches 1-2 export some definitions, to build out-of-tree kernel modules with eBPF programs to preload. Patches 3-4 allow eBPF programs to pin objects by themselves. Patches 5-10 automatically generate the methods for preloading in the light skeleton. Patches 11-14 make it possible to preload multiple eBPF programs. Patch 15 automatically generates the kernel module for preloading an eBPF program, patch 16 does a kernel mount of the bpf filesystem, and finally patches 17-18 test the functionality introduced. Roberto Sassu (18): bpf: Export bpf_link_inc() bpf-preload: Move bpf_preload.h to include/linux bpf-preload: Generalize object pinning from the kernel bpf-preload: Export and call bpf_obj_do_pin_kernel() bpf-preload: Generate static variables bpf-preload: Generate free_objs_and_skel() bpf-preload: Generate preload() bpf-preload: Generate load_skel() bpf-preload: Generate code to pin non-internal maps bpf-preload: Generate bpf_preload_ops bpf-preload: Store multiple bpf_preload_ops structures in a linked list bpf-preload: Implement new registration method for preloading eBPF programs bpf-preload: Move pinned links and maps to a dedicated directory in bpffs bpf-preload: Switch to new preload registration method bpf-preload: Generate code of kernel module to preload bpf-preload: Do kernel mount to ensure that pinned objects don't disappear bpf-preload/selftests: Add test for automatic generation of preload methods bpf-preload/selftests: Preload a test eBPF program and check pinned objects .../admin-guide/kernel-parameters.txt | 8 + fs/namespace.c | 1 + include/linux/bpf.h | 5 + include/linux/bpf_preload.h | 37 ++ init/main.c | 2 + kernel/bpf/inode.c | 295 +++++++++-- kernel/bpf/preload/Kconfig | 25 +- kernel/bpf/preload/bpf_preload.h | 16 - kernel/bpf/preload/bpf_preload_kern.c | 85 +--- kernel/bpf/preload/iterators/Makefile | 9 +- .../bpf/preload/iterators/iterators.lskel.h | 466 +++++++++++------- kernel/bpf/syscall.c | 1 + .../bpf/bpftool/Documentation/bpftool-gen.rst | 13 + tools/bpf/bpftool/bash-completion/bpftool | 6 +- tools/bpf/bpftool/gen.c | 331 +++++++++++++ tools/bpf/bpftool/main.c | 7 +- tools/bpf/bpftool/main.h | 1 + tools/testing/selftests/bpf/Makefile | 32 +- .../bpf/bpf_testmod_preload/.gitignore | 7 + .../bpf/bpf_testmod_preload/Makefile | 20 + .../gen_preload_methods.expected.diff | 97 ++++ .../bpf/prog_tests/test_gen_preload_methods.c | 27 + .../bpf/prog_tests/test_preload_methods.c | 69 +++ .../selftests/bpf/progs/gen_preload_methods.c | 23 + 24 files changed, 1246 insertions(+), 337 deletions(-) create mode 100644 include/linux/bpf_preload.h delete mode 100644 kernel/bpf/preload/bpf_preload.h create mode 100644 tools/testing/selftests/bpf/bpf_testmod_preload/.gitignore create mode 100644 tools/testing/selftests/bpf/bpf_testmod_preload/Makefile create mode 100644 tools/testing/selftests/bpf/prog_tests/gen_preload_methods.expected.diff create mode 100644 tools/testing/selftests/bpf/prog_tests/test_gen_preload_methods.c create mode 100644 tools/testing/selftests/bpf/prog_tests/test_preload_methods.c create mode 100644 tools/testing/selftests/bpf/progs/gen_preload_methods.c -- 2.32.0

2 years

7
44
0 0

[PATCH v3 0/2] AARCH64: Enable GCC-based Shadow Call Stack

by Dan Li

Shadow call stacks will be available in GCC >= 12, this series makes the corresponding kernel configuration available when compiling the kernel with the gcc and adds corresponding tests in lkdtm. Dan Li (2): AARCH64: Add gcc Shadow Call Stack support lkdtm: Add Shadow Call Stack tests arch/Kconfig | 19 +++---- arch/arm64/Kconfig | 2 +- drivers/misc/lkdtm/Makefile | 1 + drivers/misc/lkdtm/core.c | 2 + drivers/misc/lkdtm/lkdtm.h | 4 ++ drivers/misc/lkdtm/scs.c | 67 +++++++++++++++++++++++++ include/linux/compiler-gcc.h | 4 ++ tools/testing/selftests/lkdtm/tests.txt | 2 + 8 files changed, 91 insertions(+), 10 deletions(-) create mode 100644 drivers/misc/lkdtm/scs.c -- 2.17.1

2 years

2
15
0 0

[PATCH bpf v4] bpf: Support dual-stack sockets in bpf_tcp_check_syncookie

by Maxim Mikityanskiy

bpf_tcp_gen_syncookie looks at the IP version in the IP header and validates the address family of the socket. It supports IPv4 packets in AF_INET6 dual-stack sockets. On the other hand, bpf_tcp_check_syncookie looks only at the address family of the socket, ignoring the real IP version in headers, and validates only the packet size. This implementation has some drawbacks: 1. Packets are not validated properly, allowing a BPF program to trick bpf_tcp_check_syncookie into handling an IPv6 packet on an IPv4 socket. 2. Dual-stack sockets fail the checks on IPv4 packets. IPv4 clients end up receiving a SYNACK with the cookie, but the following ACK gets dropped. This patch fixes these issues by changing the checks in bpf_tcp_check_syncookie to match the ones in bpf_tcp_gen_syncookie. IP version from the header is taken into account, and it is validated properly with address family. Fixes: 399040847084 ("bpf: add helper to check for a valid SYN cookie") Signed-off-by: Maxim Mikityanskiy <maximmi(a)nvidia.com> Reviewed-by: Tariq Toukan <tariqt(a)nvidia.com> --- net/core/filter.c | 17 +++- .../bpf/test_tcp_check_syncookie_user.c | 78 ++++++++++++++----- 2 files changed, 72 insertions(+), 23 deletions(-) v2 changes: moved from bpf-next to bpf. v3 changes: added a selftest. v4 changes: none, CCed Jakub and Arthur from Cloudflare. diff --git a/net/core/filter.c b/net/core/filter.c index a7044e98765e..64470a727ef7 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -7016,24 +7016,33 @@ BPF_CALL_5(bpf_tcp_check_syncookie, struct sock *, sk, void *, iph, u32, iph_len if (!th->ack || th->rst || th->syn) return -ENOENT; + if (unlikely(iph_len < sizeof(struct iphdr))) + return -EINVAL; + if (tcp_synq_no_recent_overflow(sk)) return -ENOENT; cookie = ntohl(th->ack_seq) - 1; - switch (sk->sk_family) { - case AF_INET: - if (unlikely(iph_len < sizeof(struct iphdr))) + /* Both struct iphdr and struct ipv6hdr have the version field at the + * same offset so we can cast to the shorter header (struct iphdr). + */ + switch (((struct iphdr *)iph)->version) { + case 4: + if (sk->sk_family == AF_INET6 && ipv6_only_sock(sk)) return -EINVAL; ret = __cookie_v4_check((struct iphdr *)iph, th, cookie); break; #if IS_BUILTIN(CONFIG_IPV6) - case AF_INET6: + case 6: if (unlikely(iph_len < sizeof(struct ipv6hdr))) return -EINVAL; + if (sk->sk_family != AF_INET6) + return -EINVAL; + ret = __cookie_v6_check((struct ipv6hdr *)iph, th, cookie); break; #endif /* CONFIG_IPV6 */ diff --git a/tools/testing/selftests/bpf/test_tcp_check_syncookie_user.c b/tools/testing/selftests/bpf/test_tcp_check_syncookie_user.c index b9e991d43155..e7775d3bbe08 100644 --- a/tools/testing/selftests/bpf/test_tcp_check_syncookie_user.c +++ b/tools/testing/selftests/bpf/test_tcp_check_syncookie_user.c @@ -18,8 +18,9 @@ #include "bpf_rlimit.h" #include "cgroup_helpers.h" -static int start_server(const struct sockaddr *addr, socklen_t len) +static int start_server(const struct sockaddr *addr, socklen_t len, bool dual) { + int mode = !dual; int fd; fd = socket(addr->sa_family, SOCK_STREAM, 0); @@ -28,6 +29,14 @@ static int start_server(const struct sockaddr *addr, socklen_t len) goto out; } + if (addr->sa_family == AF_INET6) { + if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&mode, + sizeof(mode)) == -1) { + log_err("Failed to set the dual-stack mode"); + goto close_out; + } + } + if (bind(fd, addr, len) == -1) { log_err("Failed to bind server socket"); goto close_out; @@ -47,24 +56,17 @@ static int start_server(const struct sockaddr *addr, socklen_t len) return fd; } -static int connect_to_server(int server_fd) +static int connect_to_server(const struct sockaddr *addr, socklen_t len) { - struct sockaddr_storage addr; - socklen_t len = sizeof(addr); int fd = -1; - if (getsockname(server_fd, (struct sockaddr *)&addr, &len)) { - log_err("Failed to get server addr"); - goto out; - } - - fd = socket(addr.ss_family, SOCK_STREAM, 0); + fd = socket(addr->sa_family, SOCK_STREAM, 0); if (fd == -1) { log_err("Failed to create client socket"); goto out; } - if (connect(fd, (const struct sockaddr *)&addr, len) == -1) { + if (connect(fd, (const struct sockaddr *)addr, len) == -1) { log_err("Fail to connect to server"); goto close_out; } @@ -116,7 +118,8 @@ static int get_map_fd_by_prog_id(int prog_id, bool *xdp) return map_fd; } -static int run_test(int server_fd, int results_fd, bool xdp) +static int run_test(int server_fd, int results_fd, bool xdp, + const struct sockaddr *addr, socklen_t len) { int client = -1, srv_client = -1; int ret = 0; @@ -142,7 +145,7 @@ static int run_test(int server_fd, int results_fd, bool xdp) goto err; } - client = connect_to_server(server_fd); + client = connect_to_server(addr, len); if (client == -1) goto err; @@ -199,12 +202,30 @@ static int run_test(int server_fd, int results_fd, bool xdp) return ret; } +static bool get_port(int server_fd, in_port_t *port) +{ + struct sockaddr_in addr; + socklen_t len = sizeof(addr); + + if (getsockname(server_fd, (struct sockaddr *)&addr, &len)) { + log_err("Failed to get server addr"); + return false; + } + + /* sin_port and sin6_port are located at the same offset. */ + *port = addr.sin_port; + return true; +} + int main(int argc, char **argv) { struct sockaddr_in addr4; struct sockaddr_in6 addr6; + struct sockaddr_in addr4dual; + struct sockaddr_in6 addr6dual; int server = -1; int server_v6 = -1; + int server_dual = -1; int results = -1; int err = 0; bool xdp; @@ -224,25 +245,43 @@ int main(int argc, char **argv) addr4.sin_family = AF_INET; addr4.sin_addr.s_addr = htonl(INADDR_LOOPBACK); addr4.sin_port = 0; + memcpy(&addr4dual, &addr4, sizeof(addr4dual)); memset(&addr6, 0, sizeof(addr6)); addr6.sin6_family = AF_INET6; addr6.sin6_addr = in6addr_loopback; addr6.sin6_port = 0; - server = start_server((const struct sockaddr *)&addr4, sizeof(addr4)); - if (server == -1) + memset(&addr6dual, 0, sizeof(addr6dual)); + addr6dual.sin6_family = AF_INET6; + addr6dual.sin6_addr = in6addr_any; + addr6dual.sin6_port = 0; + + server = start_server((const struct sockaddr *)&addr4, sizeof(addr4), + false); + if (server == -1 || !get_port(server, &addr4.sin_port)) goto err; server_v6 = start_server((const struct sockaddr *)&addr6, - sizeof(addr6)); - if (server_v6 == -1) + sizeof(addr6), false); + if (server_v6 == -1 || !get_port(server_v6, &addr6.sin6_port)) + goto err; + + server_dual = start_server((const struct sockaddr *)&addr6dual, + sizeof(addr6dual), true); + if (server_dual == -1 || !get_port(server_dual, &addr4dual.sin_port)) + goto err; + + if (run_test(server, results, xdp, + (const struct sockaddr *)&addr4, sizeof(addr4))) goto err; - if (run_test(server, results, xdp)) + if (run_test(server_v6, results, xdp, + (const struct sockaddr *)&addr6, sizeof(addr6))) goto err; - if (run_test(server_v6, results, xdp)) + if (run_test(server_dual, results, xdp, + (const struct sockaddr *)&addr4dual, sizeof(addr4dual))) goto err; printf("ok\n"); @@ -252,6 +291,7 @@ int main(int argc, char **argv) out: close(server); close(server_v6); + close(server_dual); close(results); return err; } -- 2.30.2

2 years

3
3
0 0

[RFC v4 0/8] Proposal for a GPU cgroup controller

by T.J. Mercier

This patch series revisits the proposal for a GPU cgroup controller to track and limit memory allocations by various device/allocator subsystems. The patch series also contains a simple prototype to illustrate how Android intends to implement DMA-BUF allocator attribution using the GPU cgroup controller. The prototype does not include resource limit enforcements. Changelog: v4: Skip test if not run as root per Shuah Khan Add better test logging for abnormal child termination per Shuah Khan Adjust ordering of charge/uncharge during transfer to avoid potentially hitting cgroup limit per Michal Koutný Adjust gpucg_try_charge critical section for charge transfer functionality Fix uninitialized return code error for dmabuf_try_charge error case v3: Remove Upstreaming Plan from gpu-cgroup.rst per John Stultz Use more common dual author commit message format per John Stultz Remove android from binder changes title per Todd Kjos Add a kselftest for this new behavior per Greg Kroah-Hartman Include details on behavior for all combinations of kernel/userspace versions in changelog (thanks Suren Baghdasaryan) per Greg Kroah-Hartman. Fix pid and uid types in binder UAPI header v2: See the previous revision of this change submitted by Hridya Valsaraju at: https://lore.kernel.org/all/20220115010622.3185921-1-hridya@google.com/ Move dma-buf cgroup charge transfer from a dma_buf_op defined by every heap to a single dma-buf function for all heaps per Daniel Vetter and Christian König. Pointers to struct gpucg and struct gpucg_device tracking the current associations were added to the dma_buf struct to achieve this. Fix incorrect Kconfig help section indentation per Randy Dunlap. History of the GPU cgroup controller ==================================== The GPU/DRM cgroup controller came into being when a consensus[1] was reached that the resources it tracked were unsuitable to be integrated into memcg. Originally, the proposed controller was specific to the DRM subsystem and was intended to track GEM buffers and GPU-specific resources[2]. In order to help establish a unified memory accounting model for all GPU and all related subsystems, Daniel Vetter put forth a suggestion to move it out of the DRM subsystem so that it can be used by other DMA-BUF exporters as well[3]. This RFC proposes an interface that does the same. [1]: https://patchwork.kernel.org/project/dri-devel/cover/20190501140438.9506-1-… [2]: https://lore.kernel.org/amd-gfx/20210126214626.16260-1-brian.welty@intel.co… [3]: https://lore.kernel.org/amd-gfx/YCVOl8%2F87bqRSQei@phenom.ffwll.local/ Hridya Valsaraju (5): gpu: rfc: Proposal for a GPU cgroup controller cgroup: gpu: Add a cgroup controller for allocator attribution of GPU memory dmabuf: heaps: export system_heap buffers with GPU cgroup charging dmabuf: Add gpu cgroup charge transfer function binder: Add a buffer flag to relinquish ownership of fds T.J. Mercier (3): dmabuf: Use the GPU cgroup charge/uncharge APIs binder: use __kernel_pid_t and __kernel_uid_t for userspace selftests: Add binder cgroup gpu memory transfer test Documentation/gpu/rfc/gpu-cgroup.rst | 183 +++++++ Documentation/gpu/rfc/index.rst | 4 + drivers/android/binder.c | 26 + drivers/dma-buf/dma-buf.c | 107 ++++ drivers/dma-buf/dma-heap.c | 27 + drivers/dma-buf/heaps/system_heap.c | 3 + include/linux/cgroup_gpu.h | 139 +++++ include/linux/cgroup_subsys.h | 4 + include/linux/dma-buf.h | 22 +- include/linux/dma-heap.h | 11 + include/uapi/linux/android/binder.h | 5 +- init/Kconfig | 7 + kernel/cgroup/Makefile | 1 + kernel/cgroup/gpu.c | 362 +++++++++++++ .../selftests/drivers/android/binder/Makefile | 8 + .../drivers/android/binder/binder_util.c | 254 +++++++++ .../drivers/android/binder/binder_util.h | 32 ++ .../selftests/drivers/android/binder/config | 4 + .../binder/test_dmabuf_cgroup_transfer.c | 484 ++++++++++++++++++ 19 files changed, 1679 insertions(+), 4 deletions(-) create mode 100644 Documentation/gpu/rfc/gpu-cgroup.rst create mode 100644 include/linux/cgroup_gpu.h create mode 100644 kernel/cgroup/gpu.c create mode 100644 tools/testing/selftests/drivers/android/binder/Makefile create mode 100644 tools/testing/selftests/drivers/android/binder/binder_util.c create mode 100644 tools/testing/selftests/drivers/android/binder/binder_util.h create mode 100644 tools/testing/selftests/drivers/android/binder/config create mode 100644 tools/testing/selftests/drivers/android/binder/test_dmabuf_cgroup_transfer.c -- 2.35.1.1021.g381101b075-goog

2 years

4
21
0 0

Re: [RFC v1 01/10] roadtest: import libvhost-user from QEMU

by Johannes Berg

On Fri, 2022-03-11 at 17:24 +0100, Vincent Whitchurch wrote: > Import the libvhost-user from QEMU for use in the implementation of the > virtio devices in the roadtest backend. > So hm, I wonder if this is the sensible thing to do? Not that I mind importing qemu code, but: 1) the implementation is rather complex in some places, and has support for a LOT of virtio/vhost-user features that are really not needed in these cases, for performance etc. It's also close to 4k LOC. 2) the implementation doesn't support time-travel mode which might come in handy We have another implementation that might be simpler: https://github.com/linux-test-project/usfstl/blob/main/src/vhost.c but it probably has dependencies on other things in this library, but vhost.c itself is only ~1k LOC. (But I need to update it, I'm sure we have some unpublished bugfixes etc. in this code) johannes

2 years

2
1
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror March 2022