June 2023 - Linux-kselftest-mirror

[PATCH v1 0/2] mm/memfd: fix sysctl MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED

by jeffxu＠chromium.org

From: Jeff Xu <jeffxu(a)google.com> When sysctl vm.memfd_noexec is 2 (MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED), memfd_create(.., MFD_EXEC) should fail. This complies with how MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED is defined - "memfd_create() without MFD_NOEXEC_SEAL will be rejected" Thanks to Dominique Martinet <asmadeus(a)codewreck.org> who reported the bug. see [1] for context. [1] https://lore.kernel.org/linux-mm/CABi2SkXUX_QqTQ10Yx9bBUGpN1wByOi_=gZU6WEy5… Jeff Xu (2): mm/memfd: sysctl: fix MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED selftests/memfd: sysctl: fix MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED mm/memfd.c | 48 +++++++++++----------- tools/testing/selftests/memfd/memfd_test.c | 5 +++ 2 files changed, 30 insertions(+), 23 deletions(-) -- 2.41.0.255.g8b1d071c50-goog

1 year, 5 months

2
5
0 0

[PATCH v2] Documentation: mm/memfd: vm.memfd_noexec

by jeffxu＠chromium.org

From: Jeff Xu <jeffxu(a)google.com> Add documentation for sysctl vm.memfd_noexec Link:https://lore.kernel.org/linux-mm/CABi2SkXUX_QqTQ10Yx9bBUGpN1wByOi_=gZU… Reported-by: Dominique Martinet <asmadeus(a)codewreck.org> Signed-off-by: Jeff Xu <jeffxu(a)google.com> --- Documentation/admin-guide/sysctl/vm.rst | 30 +++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/Documentation/admin-guide/sysctl/vm.rst b/Documentation/admin-guide/sysctl/vm.rst index 45ba1f4dc004..621588041a9e 100644 --- a/Documentation/admin-guide/sysctl/vm.rst +++ b/Documentation/admin-guide/sysctl/vm.rst @@ -424,6 +424,36 @@ e.g., up to one or two maps per allocation. The default value is 65530. +memfd_noexec: +============= +This pid namespaced sysctl controls memfd_create(). + +The new MFD_NOEXEC_SEAL and MFD_EXEC flags of memfd_create() allows +application to set executable bit at creation time. + +When MFD_NOEXEC_SEAL is set, memfd is created without executable bit +(mode:0666), and sealed with F_SEAL_EXEC, so it can't be chmod to +be executable (mode: 0777) after creation. + +when MFD_EXEC flag is set, memfd is created with executable bit +(mode:0777), this is the same as the old behavior of memfd_create. + +The new pid namespaced sysctl vm.memfd_noexec has 3 values: +0: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like + MFD_EXEC was set. +1: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like + MFD_NOEXEC_SEAL was set. +2: memfd_create() without MFD_NOEXEC_SEAL will be rejected. + +The default value is 0. + +Once set, it can't be downgraded at runtime, i.e. 2=>1, 1=>0 +are denied. + +This is pid namespaced sysctl, child processes inherit the parent +process's memfd_noexec at the time of fork. Changes to the parent +process after fork are not automatically propagated to the child +process. memory_failure_early_kill: ========================== -- 2.41.0.255.g8b1d071c50-goog

1 year, 5 months

2
1
0 0

[PATCH v3 0/1] Add documentation for sysctl vm.memfd_noexec

by jeffxu＠chromium.org

From: Jeff Xu <jeffxu(a)google.com> Add documentation for sysctl vm.memfd_noexec Thanks to Dominique Martinet <asmadeus(a)codewreck.org> who reported this. see [1] for context. [1] https://lore.kernel.org/linux-mm/CABi2SkXUX_QqTQ10Yx9bBUGpN1wByOi_=gZU6WEy5… V3: resend V2 with cover letter. V2: revise. V1: initial version. Jeff Xu (1): Documentation: mm/memfd: vm.memfd_noexec Documentation/admin-guide/sysctl/vm.rst | 30 +++++++++++++++++++++++++ 1 file changed, 30 insertions(+) -- 2.41.0.255.g8b1d071c50-goog

1 year, 5 months

1
1
0 0

[PATCH v3 0/4] KVM: selftests: Improve PMU event filter settings and add test cases

by Jinrong Liang

Hi, This patch series aims to improve the PMU event filter settings with a cleaner and more organized structure and adds several test cases related to PMU event filters. The first patch of this series introduces a custom "__kvm_pmu_event_filter" structure that simplifies the event filter setup and improves overall code readability and maintainability. The second patch adds test cases to check that unsupported input values in the PMU event filters are rejected, covering unsupported "action" values, unsupported "flags" values, and unsupported "nevents" values, as well as the setting of non-existent fixed counters in the fixed bitmap. The third patch includes tests for the PMU event filter's behavior when applied to fixed performance counters, ensuring the correct operation in cases where no fixed counters exist (e.g., Intel guest PMU version=1 or AMD guest). Finally, the fourth patch adds a test to verify that setting both generic and fixed performance event filters does not impact the consistency of the fixed performance filter behavior. These changes help to ensure that KVM's PMU event filter functions as expected in all supported use cases. These patches have been tested and verified to function properly. Any feedback or suggestions are greatly appreciated. Please note that following patches should be applied before this patch series: https://lore.kernel.org/kvm/20230530134248.23998-2-cloudliang@tencent.com https://lore.kernel.org/kvm/20230530134248.23998-3-cloudliang@tencent.com This will ensure that macro definitions such as X86_INTEL_MAX_FIXED_CTR_NUM, INTEL_PMC_IDX_FIXED, etc. can be used. Sincerely, Jinrong Liang Changes log: v3: - Rebased to 31b4fc3bc64a(tag: kvm-x86-next-2023.06.02). - Dropped the patch "KVM: selftests: Replace int with uint32_t for nevents". (Sean) - Dropped the patch "KVM: selftests: Test pmu event filter with incompatible kvm_pmu_event_filter". (Sean) - Introduce __kvm_pmu_event_filter to replace the original method of creating PMU event filters. (Sean) - Use the macro definition of kvm_cpu_property to find the number of supported fixed counters instead of calculating it via the vcpu's cpuid. (Sean) - Remove the wrappers that are single line passthroughs. (Sean) - Optimize function names and variable names. (Sean) - Optimize comments to make them more rigorous. (Sean) v2: - Wrap the code from the documentation in a block of code. (Bagas Sanjaya) v1: https://lore.kernel.org/kvm/20230414110056.19665-1-cloudliang@tencent.com Jinrong Liang (4): KVM: selftests: Introduce __kvm_pmu_event_filter to improved event filter settings KVM: selftests: Test unavailable event filters are rejected KVM: selftests: Check if event filter meets expectations on fixed counters KVM: selftests: Test gp event filters don't affect fixed event filters .../kvm/x86_64/pmu_event_filter_test.c | 341 +++++++++++++----- 1 file changed, 246 insertions(+), 95 deletions(-) base-commit: 31b4fc3bc64aadd660c5bfa5178c86a7ba61e0f7 prerequisite-patch-id: 909d42f185f596d6e5c5b48b33231c89fa5236e4 prerequisite-patch-id: ba0dd0f97d8db0fb6cdf2c7f1e3a60c206fc9784 -- 2.31.1

1 year, 5 months

2
9
0 0

[PATCH v1 00/17] selftests/nolibc: allow run with minimal kernel config

by Zhangjin Wu

Hi, Willy This patchset mainly allows speed up the nolibc test with a minimal kernel config. As the nolibc supported architectures become more and more, the 'run' test with DEFCONFIG may cost several hours, which is not friendly to develop testing and even for release testing, so, smaller kernel configs may be required, and firstly, we should let nolibc-test work with less kernel config options, this patchset aims to this goal. This patchset mainly remove the dependency from procfs, tmpfs, net and memfd_create, many failures have been fixed up. When CONFIG_TMPFS and CONFIG_SHMEM are disabled, kernel will provide a ramfs based tmpfs (mm/shmem.c), it will be used as a choice to fix up some failures and also allow skip less tests. Besides, it also adds musl support, improves glibc support and fixes up a kernel cmdline passing use case. This is based on the dev.2023.06.14a branch of linux-rcu [1], all of the supported architectures are tested (with local minimal configs, [5] pasted the one for i386) without failures: arch/board | result ------------|------------ arm/vexpress-a9 | 138 test(s) passed, 1 skipped, 0 failed. See all results in /labs/linux-lab/logging/nolibc/arm-vexpress-a9-nolibc-test.log aarch64/virt | 138 test(s) passed, 1 skipped, 0 failed. See all results in /labs/linux-lab/logging/nolibc/aarch64-virt-nolibc-test.log ppc/g3beige | not supported i386/pc | 136 test(s) passed, 3 skipped, 0 failed. See all results in /labs/linux-lab/logging/nolibc/i386-pc-nolibc-test.log x86_64/pc | 138 test(s) passed, 1 skipped, 0 failed. See all results in /labs/linux-lab/logging/nolibc/x86_64-pc-nolibc-test.log mipsel/malta | 138 test(s) passed, 1 skipped, 0 failed. See all results in /labs/linux-lab/logging/nolibc/mipsel-malta-nolibc-test.log loongarch64/virt | 138 test(s) passed, 1 skipped, 0 failed. See all results in /labs/linux-lab/logging/nolibc/loongarch64-virt-nolibc-test.log riscv64/virt | 136 test(s) passed, 3 skipped, 0 failed. See all results in /labs/linux-lab/logging/nolibc/riscv64-virt-nolibc-test.log riscv32/virt | no test log found s390x/s390-ccw-virtio | 138 test(s) passed, 1 skipped, 0 failed. See all results in /labs/linux-lab/logging/nolibc/s390x-s390-ccw-virtio-nolibc-test.log Notes: * The skipped ones are -fstackprotector, chmod_self and chown_self The -fstackprotector skip is due to gcc version. chmod_self and chmod_self skips are due to procfs not enabled * ppc/g3beige support is added locally, but not added in this patchset will send ppc support as a new patchset, it depends on v2 test report patchset [3] and the v5 rv32 support, require changes on Makefile * riscv32/virt support is still in review, see v5 rv32 support [4] This patchset doesn't depends on any of my other nolibc patch series, but the new rmdir() routine added in this patchset may be requird to apply the __sysret() from our v4 syscall helper series [2] after that series being merged, currently, we use the old method to let it compile without any dependency. Here explains all of the patches: * selftests/nolibc: stat_fault: silence NULL argument warning with glibc selftests/nolibc: gettid: restore for glibc and musl selftests/nolibc: add _LARGEFILE64_SOURCE for musl The above 3 patches adds musl compile support and improve glibc support. It is able to build and run nolibc-test with musl libc now, but there are some failures/skips due to the musl its own issues/requirements: $ sudo ./nolibc-test | grep -E 'FAIL|SKIP' 8 sbrk = 1 ENOMEM [FAIL] 9 brk = -1 ENOMEM [FAIL] 46 limit_int_fast16_min = -2147483648 [FAIL] 47 limit_int_fast16_max = 2147483647 [FAIL] 49 limit_int_fast32_min = -2147483648 [FAIL] 50 limit_int_fast32_max = 2147483647 [FAIL] 0 -fstackprotector not supported [SKIPPED] musl disabled sbrk and brk for some conflicts with its malloc and the fast version of int types are defined in 32bit, which differs from nolibc and glibc. musl reserved the sbrk(0) to allow get current brk, we added a test for this in the v4 __sysret() helper series [2]. * selftests/nolibc: fix up kernel parameters support kernel cmdline allows pass two types of parameters, one is without '=', another is with '=', the first one is passed as init arguments, the sencond one is passed as init environment variables. Our nolibc-test prefer arguments to environment variables, this not work when users add such parameters in the kernel cmdline: noapic NOLIBC_TEST=syscall So, this patch will verify the setting from arguments at first, if it is no valid, will try the environment variables instead. * selftests/nolibc: stat_timestamps: remove procfs dependency Use '/' instead of /proc/self, or we can add a 'has_proc' condition for this test case, but it is not that necessary to skip the whole stat_timestamps tests for such a subtest binding to /proc/self. Welcome suggestion from Thomas. * tools/nolibc: add rmdir() support selftests/nolibc: add a new rmdir() test case rmdir() routine and test case are added for the coming requirement. Note, if the __sysret() patchset [2] is applied before us, this patch should be rebased on it and apply the __sysret() helper. * selftests/nolibc: fix up failures when there is no procfs call rmdir() to remove /proc completely to rework the checking of /proc, before, the existing of /proc not means the procfs is really mounted. * selftests/nolibc: rename proc variable to has_proc selftests/nolibc: rename euid0 variable to is_root align with the has_gettid, has_xxx variables. * selftests/nolibc: prepare tmpfs and hugetlbfs selftests/nolibc: rename chmod_net to chmod_good selftests/nolibc: link_cross: support tmpfs selftests/nolibc: rename chroot_exe to chroot_file use file from /tmp instead of file from /proc when there is no procfs this avoid skipping the chmod_net, link_cross, chroot_exe tests * selftests/nolibc: vfprintf: silence memfd_create() warning selftests/nolibc: vfprintf: skip if neither tmpfs nor hugetlbfs selftests/nolibc: vfprintf: support tmpfs and hugetlbfs memfd_create from kernel >= v6.2 forcely warn on missing MFD_NOEXEC_SEAL flag, the first one silence it with such flag, for older kernels, use 0 flag as before. since memfd_create() depends on TMPFS or HUGETLBFS, the second one skip the whole vfprintf instead of simply fail if memfd_create() not work. the 3rd one futher try the ramfs based tmpfs even when memfd_create() not work. At last, let's simply discuss about the configs, I have prepared minimal configs for all of the nolibc supported architectures but not sure where should we put them, what about tools/testing/selftests/nolibc/configs ? Thanks! Best regards, Zhangjin --- [1]: https://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu.git/ [2]: https://lore.kernel.org/linux-riscv/cover.1687187451.git.falcon@tinylab.org/ [3]: https://lore.kernel.org/lkml/cover.1687156559.git.falcon@tinylab.org/ [4]: https://lore.kernel.org/linux-riscv/cover.1687176996.git.falcon@tinylab.org/ [5]: https://pastebin.com/5jq0Vxbz Zhangjin Wu (17): selftests/nolibc: stat_fault: silence NULL argument warning with glibc selftests/nolibc: gettid: restore for glibc and musl selftests/nolibc: add _LARGEFILE64_SOURCE for musl selftests/nolibc: fix up kernel parameters support selftests/nolibc: stat_timestamps: remove procfs dependency tools/nolibc: add rmdir() support selftests/nolibc: add a new rmdir() test case selftests/nolibc: fix up failures when there is no procfs selftests/nolibc: rename proc variable to has_proc selftests/nolibc: rename euid0 variable to is_root selftests/nolibc: prepare tmpfs and hugetlbfs selftests/nolibc: rename chmod_net to chmod_good selftests/nolibc: link_cross: support tmpfs selftests/nolibc: rename chroot_exe to chroot_file selftests/nolibc: vfprintf: silence memfd_create() warning selftests/nolibc: vfprintf: skip if neither tmpfs nor hugetlbfs selftests/nolibc: vfprintf: support tmpfs and hugetlbfs tools/include/nolibc/sys.h | 28 ++++ tools/testing/selftests/nolibc/nolibc-test.c | 132 +++++++++++++++---- 2 files changed, 138 insertions(+), 22 deletions(-) -- 2.25.1

1 year, 5 months

2
27
0 0

[PATCH v8 0/5] mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC

by jeffxu＠chromium.org

From: Jeff Xu <jeffxu(a)google.com> Since Linux introduced the memfd feature, memfd have always had their execute bit set, and the memfd_create() syscall doesn't allow setting it differently. However, in a secure by default system, such as ChromeOS, (where all executables should come from the rootfs, which is protected by Verified boot), this executable nature of memfd opens a door for NoExec bypass and enables “confused deputy attack”. E.g, in VRP bug [1]: cros_vm process created a memfd to share the content with an external process, however the memfd is overwritten and used for executing arbitrary code and root escalation. [2] lists more VRP in this kind. On the other hand, executable memfd has its legit use, runc uses memfd’s seal and executable feature to copy the contents of the binary then execute them, for such system, we need a solution to differentiate runc's use of executable memfds and an attacker's [3]. To address those above, this set of patches add following: 1> Let memfd_create() set X bit at creation time. 2> Let memfd to be sealed for modifying X bit. 3> A new pid namespace sysctl: vm.memfd_noexec to control the behavior of X bit.For example, if a container has vm.memfd_noexec=2, then memfd_create() without MFD_NOEXEC_SEAL will be rejected. 4> A new security hook in memfd_create(). This make it possible to a new LSM, which rejects or allows executable memfd based on its security policy. Change history: v8: - Update ref bug in cover letter. - Add Reviewed-by field. - Remove security hook (security_memfd_create) patch, which will have its own patch set in future. v7: - patch 2/6: remove #ifdef and MAX_PATH (memfd_test.c). - patch 3/6: check capability (CAP_SYS_ADMIN) from userns instead of global ns (pid_sysctl.h). Add a tab (pid_namespace.h). - patch 5/6: remove #ifdef (memfd_test.c) - patch 6/6: remove unneeded security_move_mount(security.c). v6:https://lore.kernel.org/lkml/20221206150233.1963717-1-jeffxu@google.com/ - Address comment and move "#ifdef CONFIG_" from .c file to pid_sysctl.h v5:https://lore.kernel.org/lkml/20221206152358.1966099-1-jeffxu@google.com/ - Pass vm.memfd_noexec from current ns to child ns. - Fix build issue detected by kernel test robot. - Add missing security.c v3:https://lore.kernel.org/lkml/20221202013404.163143-1-jeffxu@google.com/ - Address API design comments in v2. - Let memfd_create() to set X bit at creation time. - A new pid namespace sysctl: vm.memfd_noexec to control behavior of X bit. - A new security hook in memfd_create(). v2:https://lore.kernel.org/lkml/20220805222126.142525-1-jeffxu@google.com/ - address comments in V1. - add sysctl (vm.mfd_noexec) to set the default file permissions of memfd_create to be non-executable. v1:https://lwn.net/Articles/890096/ [1] https://crbug.com/1305267 [2] https://bugs.chromium.org/p/chromium/issues/list?q=type%3Dbug-security%20me… [3] https://lwn.net/Articles/781013/ Daniel Verkamp (2): mm/memfd: add F_SEAL_EXEC selftests/memfd: add tests for F_SEAL_EXEC Jeff Xu (3): mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC mm/memfd: Add write seals when apply SEAL_EXEC to executable memfd selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC include/linux/pid_namespace.h | 19 ++ include/uapi/linux/fcntl.h | 1 + include/uapi/linux/memfd.h | 4 + kernel/pid_namespace.c | 5 + kernel/pid_sysctl.h | 59 ++++ mm/memfd.c | 56 +++- mm/shmem.c | 6 + tools/testing/selftests/memfd/fuse_test.c | 1 + tools/testing/selftests/memfd/memfd_test.c | 341 ++++++++++++++++++++- 9 files changed, 489 insertions(+), 3 deletions(-) create mode 100644 kernel/pid_sysctl.h base-commit: eb7081409f94a9a8608593d0fb63a1aa3d6f95d8 -- 2.39.0.rc1.256.g54fd8350bd-goog

1 year, 5 months

4
11
0 0

[PATCH AUTOSEL 6.1 02/12] tracing/user_events: Prevent same name but different args event

by Sasha Levin

From: sunliming <sunliming(a)kylinos.cn> [ Upstream commit ba470eebc2f6c2f704872955a715b9555328e7d0 ] User processes register name_args for events. If the same name but different args event are registered. The trace outputs of second event are printed as the first event. This is incorrect. Return EADDRINUSE back to the user process if the same name but different args event has being registered. Link: https://lore.kernel.org/linux-trace-kernel/20230529032100.286534-1-sunlimin… Signed-off-by: sunliming <sunliming(a)kylinos.cn> Reviewed-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Acked-by: Beau Belgrave <beaub(a)linux.microsoft.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/trace/trace_events_user.c | 36 +++++++++++++++---- .../selftests/user_events/ftrace_test.c | 6 ++++ 2 files changed, 36 insertions(+), 6 deletions(-) diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c index 625cab4b9d945..774d146c2c2ca 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -1274,6 +1274,8 @@ static int user_event_parse(struct user_event_group *group, char *name, int index; u32 key; struct user_event *user; + int argc = 0; + char **argv; /* Prevent dyn_event from racing */ mutex_lock(&event_mutex); @@ -1281,13 +1283,35 @@ static int user_event_parse(struct user_event_group *group, char *name, mutex_unlock(&event_mutex); if (user) { - *newuser = user; - /* - * Name is allocated by caller, free it since it already exists. - * Caller only worries about failure cases for freeing. - */ - kfree(name); + if (args) { + argv = argv_split(GFP_KERNEL, args, &argc); + if (!argv) { + ret = -ENOMEM; + goto error; + } + + ret = user_fields_match(user, argc, (const char **)argv); + argv_free(argv); + + } else + ret = list_empty(&user->fields); + + if (ret) { + *newuser = user; + /* + * Name is allocated by caller, free it since it already exists. + * Caller only worries about failure cases for freeing. + */ + kfree(name); + } else { + ret = -EADDRINUSE; + goto error; + } + return 0; +error: + refcount_dec(&user->refcnt); + return ret; } index = find_first_zero_bit(group->page_bitmap, MAX_EVENTS); diff --git a/tools/testing/selftests/user_events/ftrace_test.c b/tools/testing/selftests/user_events/ftrace_test.c index 1bc26e6476fc3..df0e776c2cc1b 100644 --- a/tools/testing/selftests/user_events/ftrace_test.c +++ b/tools/testing/selftests/user_events/ftrace_test.c @@ -209,6 +209,12 @@ TEST_F(user, register_events) { ASSERT_EQ(0, reg.write_index); ASSERT_NE(0, reg.status_bit); + /* Multiple registers to same name but different args should fail */ + reg.enable_bit = 29; + reg.name_args = (__u64)"__test_event u32 field1;"; + ASSERT_EQ(-1, ioctl(self->data_fd, DIAG_IOCSREG, &reg)); + ASSERT_EQ(EADDRINUSE, errno); + /* Ensure disabled */ self->enable_fd = open(enable_file, O_RDWR); ASSERT_NE(-1, self->enable_fd); -- 2.39.2

1 year, 5 months

1
0
0 0

[PATCH AUTOSEL 6.3 03/17] tracing/user_events: Prevent same name but different args event

by Sasha Levin

From: sunliming <sunliming(a)kylinos.cn> [ Upstream commit ba470eebc2f6c2f704872955a715b9555328e7d0 ] User processes register name_args for events. If the same name but different args event are registered. The trace outputs of second event are printed as the first event. This is incorrect. Return EADDRINUSE back to the user process if the same name but different args event has being registered. Link: https://lore.kernel.org/linux-trace-kernel/20230529032100.286534-1-sunlimin… Signed-off-by: sunliming <sunliming(a)kylinos.cn> Reviewed-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Acked-by: Beau Belgrave <beaub(a)linux.microsoft.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/trace/trace_events_user.c | 36 +++++++++++++++---- .../selftests/user_events/ftrace_test.c | 6 ++++ 2 files changed, 36 insertions(+), 6 deletions(-) diff --git a/kernel/trace/trace_events_user.c b/kernel/trace/trace_events_user.c index 625cab4b9d945..774d146c2c2ca 100644 --- a/kernel/trace/trace_events_user.c +++ b/kernel/trace/trace_events_user.c @@ -1274,6 +1274,8 @@ static int user_event_parse(struct user_event_group *group, char *name, int index; u32 key; struct user_event *user; + int argc = 0; + char **argv; /* Prevent dyn_event from racing */ mutex_lock(&event_mutex); @@ -1281,13 +1283,35 @@ static int user_event_parse(struct user_event_group *group, char *name, mutex_unlock(&event_mutex); if (user) { - *newuser = user; - /* - * Name is allocated by caller, free it since it already exists. - * Caller only worries about failure cases for freeing. - */ - kfree(name); + if (args) { + argv = argv_split(GFP_KERNEL, args, &argc); + if (!argv) { + ret = -ENOMEM; + goto error; + } + + ret = user_fields_match(user, argc, (const char **)argv); + argv_free(argv); + + } else + ret = list_empty(&user->fields); + + if (ret) { + *newuser = user; + /* + * Name is allocated by caller, free it since it already exists. + * Caller only worries about failure cases for freeing. + */ + kfree(name); + } else { + ret = -EADDRINUSE; + goto error; + } + return 0; +error: + refcount_dec(&user->refcnt); + return ret; } index = find_first_zero_bit(group->page_bitmap, MAX_EVENTS); diff --git a/tools/testing/selftests/user_events/ftrace_test.c b/tools/testing/selftests/user_events/ftrace_test.c index 1bc26e6476fc3..df0e776c2cc1b 100644 --- a/tools/testing/selftests/user_events/ftrace_test.c +++ b/tools/testing/selftests/user_events/ftrace_test.c @@ -209,6 +209,12 @@ TEST_F(user, register_events) { ASSERT_EQ(0, reg.write_index); ASSERT_NE(0, reg.status_bit); + /* Multiple registers to same name but different args should fail */ + reg.enable_bit = 29; + reg.name_args = (__u64)"__test_event u32 field1;"; + ASSERT_EQ(-1, ioctl(self->data_fd, DIAG_IOCSREG, &reg)); + ASSERT_EQ(EADDRINUSE, errno); + /* Ensure disabled */ self->enable_fd = open(enable_file, O_RDWR); ASSERT_NE(-1, self->enable_fd); -- 2.39.2

1 year, 5 months

1
0
0 0

[PATCH bpf-next 0/7] Support defragmenting IPv(4|6) packets in BPF

by Daniel Xu

=== Context === In the context of a middlebox, fragmented packets are tricky to handle. The full 5-tuple of a packet is often only available in the first fragment which makes enforcing consistent policy difficult. There are really only two stateless options, neither of which are very nice: 1. Enforce policy on first fragment and accept all subsequent fragments. This works but may let in certain attacks or allow data exfiltration. 2. Enforce policy on first fragment and drop all subsequent fragments. This does not really work b/c some protocols may rely on fragmentation. For example, DNS may rely on oversized UDP packets for large responses. So stateful tracking is the only sane option. RFC 8900 [0] calls this out as well in section 6.3: Middleboxes [...] should process IP fragments in a manner that is consistent with [RFC0791] and [RFC8200]. In many cases, middleboxes must maintain state in order to achieve this goal. === BPF related bits === Policy has traditionally been enforced from XDP/TC hooks. Both hooks run before kernel reassembly facilities. However, with the new BPF_PROG_TYPE_NETFILTER, we can rather easily hook into existing netfilter reassembly infra. The basic idea is we bump a refcnt on the netfilter defrag module and then run the bpf prog after the defrag module runs. This allows bpf progs to transparently see full, reassembled packets. The nice thing about this is that progs don't have to carry around logic to detect fragments. === Patchset details === There was an earlier attempt at providing defrag via kfuncs [1]. The feedback was that we could end up doing too much stuff in prog execution context (like sending ICMP error replies). However, I think there are still some outstanding discussion w.r.t. performance when it comes to netfilter vs the previous approach. I'll schedule some time during office hours for this. Patches 1 & 2 are stolenfrom Florian. Hopefully he doesn't mind. There were some outstanding comments on the v2 [2] but it doesn't look like a v3 was ever submitted. I've addressed the comments and put them in this patchset cuz I needed them. Finally, the new selftest seems to be a little flaky. I'm not quite sure why the server will fail to `recvfrom()` occassionaly. I'm fairly sure it's a timing related issue with creating veths. I'll keep debugging but I didn't want that to hold up discussion on this patchset. [0]: https://datatracker.ietf.org/doc/html/rfc8900 [1]: https://lore.kernel.org/bpf/cover.1677526810.git.dxu@dxuuu.xyz/ [2]: https://lore.kernel.org/bpf/20230525110100.8212-1-fw@strlen.de/ Daniel Xu (7): tools: libbpf: add netfilter link attach helper selftests/bpf: Add bpf_program__attach_netfilter helper test netfilter: defrag: Add glue hooks for enabling/disabling defrag netfilter: bpf: Support BPF_F_NETFILTER_IP_DEFRAG in netfilter link bpf: selftests: Support not connecting client socket bpf: selftests: Support custom type and proto for client sockets bpf: selftests: Add defrag selftests include/linux/netfilter.h | 12 + include/uapi/linux/bpf.h | 5 + net/ipv4/netfilter/nf_defrag_ipv4.c | 8 + net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 10 + net/netfilter/core.c | 6 + net/netfilter/nf_bpf_link.c | 108 ++++++- tools/include/uapi/linux/bpf.h | 5 + tools/lib/bpf/bpf.c | 8 + tools/lib/bpf/bpf.h | 6 + tools/lib/bpf/libbpf.c | 47 +++ tools/lib/bpf/libbpf.h | 15 + tools/lib/bpf/libbpf.map | 1 + tools/testing/selftests/bpf/Makefile | 4 +- .../selftests/bpf/generate_udp_fragments.py | 90 ++++++ .../selftests/bpf/ip_check_defrag_frags.h | 57 ++++ tools/testing/selftests/bpf/network_helpers.c | 26 +- tools/testing/selftests/bpf/network_helpers.h | 3 + .../bpf/prog_tests/ip_check_defrag.c | 282 ++++++++++++++++++ .../bpf/prog_tests/netfilter_basic.c | 78 +++++ .../selftests/bpf/progs/ip_check_defrag.c | 104 +++++++ .../bpf/progs/test_netfilter_link_attach.c | 14 + 21 files changed, 868 insertions(+), 21 deletions(-) create mode 100755 tools/testing/selftests/bpf/generate_udp_fragments.py create mode 100644 tools/testing/selftests/bpf/ip_check_defrag_frags.h create mode 100644 tools/testing/selftests/bpf/prog_tests/ip_check_defrag.c create mode 100644 tools/testing/selftests/bpf/prog_tests/netfilter_basic.c create mode 100644 tools/testing/selftests/bpf/progs/ip_check_defrag.c create mode 100644 tools/testing/selftests/bpf/progs/test_netfilter_link_attach.c -- 2.40.1

1 year, 5 months

3
14
0 0

Słowa kluczowe do wypozycjonowania

by Adam Charachuta

Dzień dobry, zapoznałem się z Państwa ofertą i z przyjemnością przyznaję, że przyciąga uwagę i zachęca do dalszych rozmów. Pomyślałem, że może mógłbym mieć swój wkład w Państwa rozwój i pomóc dotrzeć z tą ofertą do większego grona odbiorców. Pozycjonuję strony www, dzięki czemu generują świetny ruch w sieci. Możemy porozmawiać w najbliższym czasie? Pozdrawiam Adam Charachuta

1 year, 5 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror June 2023