December 2024 - Linux-kselftest-mirror

[PATCH for-next v2] selftests/Makefile: override the srctree for out-of-tree builds

by Li Zhijian

Fixes an issue where out-of-tree kselftest builds fail when building the BPF and bpftools components. The failure occurs because the top-level Makefile passes a relative srctree path to its sub-Makefiles, which leads to errors in locating necessary files. For example, the following error is encountered: ``` $ make V=1 O=$build/ TARGETS=hid kselftest-all ... make -C ../tools/testing/selftests all make[4]: Entering directory '/path/to/linux/tools/testing/selftests/hid' make -C /path/to/linux/tools/testing/selftests/../../../tools/lib/bpf OUTPUT=/path/to/linux/O/kselftest/hid/tools/build/libbpf/ \ EXTRA_CFLAGS='-g -O0' \ DESTDIR=/path/to/linux/O/kselftest/hid/tools prefix= all install_headers make[5]: Entering directory '/path/to/linux/tools/lib/bpf' ... make[5]: Entering directory '/path/to/linux/tools/bpf/bpftool' Makefile:127: ../tools/build/Makefile.feature: No such file or directory make[5]: *** No rule to make target '../tools/build/Makefile.feature'. Stop. ``` To resolve this, override the srctree in the kselftests's top Makefile when performing an out-of-tree build. This ensures that all sub-Makefiles have the correct path to the source tree, preventing directory resolution errors. Signed-off-by: Li Zhijian <lizhijian(a)fujitsu.com> --- Cc: Masahiro Yamada <masahiroy(a)kernel.org> V2: - handle srctree in selftests itself rather than the linux' top Makefile # Masahiro Yamada <masahiroy(a)kernel.org> V1: https://lore.kernel.org/lkml/20241217031052.69744-1-lizhijian@fujitsu.com/ --- tools/testing/selftests/Makefile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 3d8a80abd4f0..ab82278353cf 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -154,15 +154,19 @@ override LDFLAGS = override MAKEFLAGS = endif +top_srcdir ?= ../../.. + # Append kselftest to KBUILD_OUTPUT and O to avoid cluttering # KBUILD_OUTPUT with selftest objects and headers installed # by selftests Makefile or lib.mk. +# Override the `srctree` variable to ensure it is correctly resolved in +# sub-Makefiles, such as those within `bpf`, when managing targets like +# `net` and `hid`. ifdef building_out_of_srctree override LDFLAGS = +override srctree := $(top_srcdir) endif -top_srcdir ?= ../../.. - ifeq ("$(origin O)", "command line") KBUILD_OUTPUT := $(O) endif -- 2.44.0

3 months, 1 week

4
3
0 0

[RFC PATCH v1 0/2] Add file seal to prevent future exec mappings

by Isaac J. Manjarres

Android uses the ashmem driver [1] for creating shared memory regions between processes. The ashmem driver exposes an ioctl command for processes to restrict the permissions an ashmem buffer can be mapped with. Buffers are created with the ability to be mapped as readable, writable, and executable. Processes remove the ability to map some ashmem buffers as executable to ensure that those buffers cannot be exploited to run unintended code. Other buffers retain their ability to be mapped as executable, as these buffers can be used for just-in-time (JIT) compilation. So there is a need to be able to remove the ability to map a buffer as executable on a per-buffer basis. Android is currently trying to migrate towards replacing its ashmem driver usage with memfd. Part of the transition involved introducing a library that serves to abstract away how shared memory regions are allocated (i.e. ashmem vs memfd). This allows clients to use a single interface for restricting how a buffer can be mapped without having to worry about how it is handled for ashmem (through the ioctl command mentioned earlier) or memfd (through file seals). While memfd has support for preventing buffers from being mapped as writable beyond a certain point in time (thanks to F_SEAL_FUTURE_WRITE), it does not have a similar interface to prevent buffers from being mapped as executable beyond a certain point. However, that could be implemented as a file seal (F_SEAL_FUTURE_EXEC) which works similarly to F_SEAL_FUTURE_WRITE. F_SEAL_FUTURE_WRITE was chosen as a template for how this new seal should behave, instead of F_SEAL_WRITE, for the following reasons: 1. Having the new seal behave like F_SEAL_FUTURE_WRITE matches the behavior that was present with ashmem. This aids in seamlessly transitioning clients away from ashmem to memfd. 2. Making the new seal behave like F_SEAL_WRITE would mean that no mappings that could become executable in the future (i.e. via mprotect()) can exist when the seal is applied. However, there are known cases (e.g. CursorWindow [2]) where restrictions are applied on how a buffer can be mapped after a mapping has already been made. That mapping may have VM_MAYEXEC set, which would not allow the seal to be applied successfully. Therefore, the F_SEAL_FUTURE_EXEC seal was designed to have the same semantics as F_SEAL_FUTURE_WRITE. Note: this series depends on Lorenzo's work [3] which allows for a memfd's file seals to be read in do_mmap(). [1] https://cs.android.com/android/kernel/superproject/+/common-android-mainlin… [2] https://developer.android.com/reference/android/database/CursorWindow [3] https://lore.kernel.org/all/cover.1732804776.git.lorenzo.stoakes@oracle.com/ Isaac J. Manjarres (2): mm/memfd: Add support for F_SEAL_FUTURE_EXEC to memfd selftests/memfd: Add tests for F_SEAL_FUTURE_EXEC include/linux/mm.h | 5 ++ include/uapi/linux/fcntl.h | 1 + mm/memfd.c | 1 + mm/mmap.c | 11 +++ tools/testing/selftests/memfd/memfd_test.c | 79 ++++++++++++++++++++++ 5 files changed, 97 insertions(+) -- 2.47.0.338.g60cca15819-goog

3 months, 1 week

7
19
0 0

[PATCH v4 0/2] riscv/ptrace: add new regset to access original a0 register

by Celeste Liu

The orig_a0 is missing in struct user_regs_struct of riscv, and there is no way to add it without breaking UAPI. (See Link tag below) Like NT_ARM_SYSTEM_CALL do, we add a new regset name NT_RISCV_ORIG_A0 to access original a0 register from userspace via ptrace API. Link: https://lore.kernel.org/all/59505464-c84a-403d-972f-d4b2055eeaac@gmail.com/ Signed-off-by: Celeste Liu <uwu(a)coelacanthus.name> --- Changes in v4: - Fix a copy paste error in selftest. (Forget to commit...) - Link to v3: https://lore.kernel.org/r/20241226-riscv-new-regset-v3-0-f5b96465826b@coela… Changes in v3: - Use return 0 directly for readability. - Fix test for modify a0. - Add Fixes: tag - Remove useless Cc: stable. - Selftest will check both a0 and orig_a0, but depends on the correctness of PTRACE_GET_SYSCALL_INFO. - Link to v2: https://lore.kernel.org/r/20241203-riscv-new-regset-v2-0-d37da8c0cba6@coela… Changes in v2: - Fix integer width. - Add selftest. - Link to v1: https://lore.kernel.org/r/20241201-riscv-new-regset-v1-1-c83c58abcc7b@coela… --- Celeste Liu (2): riscv/ptrace: add new regset to access original a0 register riscv: selftests: Add a ptrace test to verify syscall parameter modification arch/riscv/kernel/ptrace.c | 32 ++++++ include/uapi/linux/elf.h | 1 + tools/testing/selftests/riscv/abi/.gitignore | 1 + tools/testing/selftests/riscv/abi/Makefile | 5 +- tools/testing/selftests/riscv/abi/ptrace.c | 151 +++++++++++++++++++++++++++ 5 files changed, 189 insertions(+), 1 deletion(-) --- base-commit: 0e287d31b62bb53ad81d5e59778384a40f8b6f56 change-id: 20241201-riscv-new-regset-d529b952ad0d Best regards, -- Celeste Liu <uwu(a)coelacanthus.name>

3 months, 1 week

3
7
0 0

[PATCH] selftests/rseq: Fix rseq for cases without glibc support

by Raghavendra Rao Ananta

Currently the rseq constructor, rseq_init(), assumes that glibc always has the support for rseq symbols (__rseq_size for instance). However, glibc supports rseq from version 2.35 onwards. As a result, for the systems that run glibc less than 2.35, the global rseq_size remains initialized to -1U. When a thread then tries to register for rseq, get_rseq_min_alloc_size() would end up returning -1U, which is incorrect. Hence, initialize rseq_size for the cases where glibc doesn't have the support for rseq symbols. Cc: stable(a)vger.kernel.org Fixes: 73a4f5a704a2 ("selftests/rseq: Fix mm_cid test failure") Signed-off-by: Raghavendra Rao Ananta <rananta(a)google.com> --- tools/testing/selftests/rseq/rseq.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/rseq/rseq.c b/tools/testing/selftests/rseq/rseq.c index 5b9772cdf265..9eb5356f25fa 100644 --- a/tools/testing/selftests/rseq/rseq.c +++ b/tools/testing/selftests/rseq/rseq.c @@ -142,6 +142,16 @@ unsigned int get_rseq_kernel_feature_size(void) return ORIG_RSEQ_FEATURE_SIZE; } +static void set_default_rseq_size(void) +{ + unsigned int rseq_kernel_feature_size = get_rseq_kernel_feature_size(); + + if (rseq_kernel_feature_size < ORIG_RSEQ_ALLOC_SIZE) + rseq_size = rseq_kernel_feature_size; + else + rseq_size = ORIG_RSEQ_ALLOC_SIZE; +} + int rseq_register_current_thread(void) { int rc; @@ -219,12 +229,7 @@ void rseq_init(void) fallthrough; case ORIG_RSEQ_ALLOC_SIZE: { - unsigned int rseq_kernel_feature_size = get_rseq_kernel_feature_size(); - - if (rseq_kernel_feature_size < ORIG_RSEQ_ALLOC_SIZE) - rseq_size = rseq_kernel_feature_size; - else - rseq_size = ORIG_RSEQ_ALLOC_SIZE; + set_default_rseq_size(); break; } default: @@ -239,8 +244,10 @@ void rseq_init(void) rseq_size = 0; return; } + rseq_offset = (void *)&__rseq_abi - rseq_thread_pointer(); rseq_flags = 0; + set_default_rseq_size(); } static __attribute__((destructor)) base-commit: 40384c840ea1944d7c5a392e8975ed088ecf0b37 -- 2.47.0.338.g60cca15819-goog

3 months, 1 week

3
4
0 0

[PATCH 0/8] x86/module: rework ROX cache to avoid writable copy

by Mike Rapoport

From: "Mike Rapoport (Microsoft)" <rppt(a)kernel.org> Hi, Following Peter's comments [1] these patches rework handling of ROX caches for module text allocations. Instead of using a writable copy that really complicates alternatives patching, temporarily remap parts of a large ROX page as RW for the time of module formation and then restore it's ROX protections when the module is ready. To keep the ROX memory mapped with large pages, make set_memory code capable of restoring large pages (more details are in patch 3). The patches also available in git https://git.kernel.org/rppt/h/execmem/x86-rox/v8 [1] https://lore.kernel.org/all/20241209083818.GK8562@noisy.programming.kicks-a… Kirill A. Shutemov (1): x86/mm/pat: Restore large pages after fragmentation Mike Rapoport (Microsoft) (7): x86/mm/pat: cpa-test: fix length for CPA_ARRAY test x86/mm/pat: drop duplicate variable in cpa_flush() execmem: add API for temporal remapping as RW and restoring ROX afterwards module: introduce MODULE_STATE_GONE modules: switch to execmem API for remapping as RW and restoring ROX Revert "x86/module: prepare module loading for ROX allocations of text" module: drop unused module_writable_address() arch/um/kernel/um_arch.c | 11 +- arch/x86/entry/vdso/vma.c | 3 +- arch/x86/include/asm/alternative.h | 14 +- arch/x86/include/asm/pgtable_types.h | 2 + arch/x86/kernel/alternative.c | 181 ++++++--------- arch/x86/kernel/ftrace.c | 30 ++- arch/x86/kernel/module.c | 45 ++-- arch/x86/mm/pat/cpa-test.c | 2 +- arch/x86/mm/pat/set_memory.c | 216 +++++++++++++++++- include/linux/execmem.h | 31 +++ include/linux/module.h | 21 +- include/linux/moduleloader.h | 4 - include/linux/vm_event_item.h | 2 + kernel/module/kallsyms.c | 8 +- kernel/module/kdb.c | 2 +- kernel/module/main.c | 86 ++----- kernel/module/procfs.c | 2 +- kernel/module/strict_rwx.c | 9 +- kernel/tracepoint.c | 2 + lib/kunit/test.c | 2 + mm/execmem.c | 118 ++++++++-- mm/vmstat.c | 2 + samples/livepatch/livepatch-callbacks-demo.c | 1 + .../test_modules/test_klp_callbacks_demo.c | 1 + .../test_modules/test_klp_callbacks_demo2.c | 1 + .../livepatch/test_modules/test_klp_state.c | 1 + .../livepatch/test_modules/test_klp_state2.c | 1 + 27 files changed, 511 insertions(+), 287 deletions(-) -- 2.45.2

3 months, 1 week

12
22
0 0

[PATCH v2 0/2] kunit: enable hardware virtualization

by Tamir Duberstein

This series implements feature detection of hardware virtualization on Linux and macOS; the latter being my primary use case. This yields approximately a 6x improvement using HVF on M3 Pro. Signed-off-by: Tamir Duberstein <tamird(a)gmail.com> --- Changes in v2: - Use QEMU accelerator fallback (Alyssa Ross, Thomas Weißschuh). - Link to v1: https://lore.kernel.org/r/20241025-kunit-qemu-accel-macos-v1-0-2f30c26192d4… --- Tamir Duberstein (2): kunit: add fallback for os.sched_getaffinity kunit: enable hardware acceleration when available tools/testing/kunit/kunit.py | 11 ++++++++++- tools/testing/kunit/kunit_kernel.py | 3 +++ tools/testing/kunit/qemu_configs/arm64.py | 2 +- 3 files changed, 14 insertions(+), 2 deletions(-) --- base-commit: 81983758430957d9a5cb3333fe324fd70cf63e7e change-id: 20241025-kunit-qemu-accel-macos-2840e4c2def5 Best regards, -- Tamir Duberstein <tamird(a)gmail.com>

3 months, 1 week

3
9
0 0

[PATCH v4 0/8] Basic SEV-SNP Selftests

by Pratik R. Sampat

This patch series extends the sev_init2 and the sev_smoke test to exercise the SEV-SNP VM launch workflow. Primarily, it introduces the architectural defines, its support in the SEV library and extends the tests to interact with the SEV-SNP ioctl() wrappers. Patch 1 - Do not advertize SNP on incompatible firmware Patch 2 - SNP test for KVM_SEV_INIT2 Patch 3 - Add VMGEXIT helper Patch 4 - Introduce SEV+ VM type check Patch 5 - SNP iotcl() plumbing for the SEV library Patch 6 - Force set GUEST_MEMFD for SNP Patch 7 - Cleanups of smoke test - Decouple policy from type Patch 8 - SNP smoke test v4: 1. Remove SNP FW API version check in the test and ensure the KVM capability advertizes the presence of the feature. Retain the minimum version definitions to exercise these API versions in the smoke test. 2. Retained only the SNP smoke test and SNP_INIT2 test 3. The SNP architectural defined merged with SNP_INIT2 test patch 4. SNP shutdown merged with SNP smoke test patch 5. Add SEV VM type check to abstract comparisons and reduce clutter 6. Define a SNP default policy which sets bits based on the presence of SMT 7. Decouple privatization and encryption for it to be SNP agnostic 8. Assert for only positive tests using vm_ioctl() 9. Dropped tested-by tags In summary - based on comments from Sean, I have primarily reduced the scope of this patch series to focus on breaking down the SNP smoke test patch (v3 - patch2) to first introduce SEV-SNP support and use this interface to extend the sev_init2 and the sev_smoke test. The rest of the v3 patchset that introduces ioctl, pre fault, fallocate and negative tests, will be re-worked and re-introduced subsequently in future patch series post addressing the issues discussed. v3: https://lore.kernel.org/kvm/20240905124107.6954-1-pratikrajesh.sampat@amd.c… 1. Remove the assignments for the prefault and fallocate test type enums. 2. Fix error message for sev launch measure and finish. 3. Collect tested-by tags [Peter, Srikanth] Any feedback/review is highly appreciated! Pratik R. Sampat (8): KVM: SEV: Disable SEV-SNP on FW validation failure KVM: selftests: SEV-SNP test for KVM_SEV_INIT2 KVM: selftests: Add VMGEXIT helper KVM: selftests: Introduce SEV VM type check KVM: selftests: Add library support for interacting with SNP KVM: selftests: Force GUEST_MEMFD flag for SNP VM type KVM: selftests: Abstractions for SEV to decouple policy from type KVM: selftests: Add a basic SEV-SNP smoke test arch/x86/kvm/svm/sev.c | 4 +- drivers/crypto/ccp/sev-dev.c | 6 ++ include/linux/psp-sev.h | 3 + .../selftests/kvm/include/x86_64/processor.h | 1 + .../selftests/kvm/include/x86_64/sev.h | 55 ++++++++++- tools/testing/selftests/kvm/lib/kvm_util.c | 7 +- .../selftests/kvm/lib/x86_64/processor.c | 4 +- tools/testing/selftests/kvm/lib/x86_64/sev.c | 98 ++++++++++++++++++- .../selftests/kvm/x86_64/sev_init2_tests.c | 13 +++ .../selftests/kvm/x86_64/sev_smoke_test.c | 96 ++++++++++++++---- 10 files changed, 258 insertions(+), 29 deletions(-) -- 2.43.0

3 months, 1 week

4
20
0 0

[PATCH] kunit: Introduce autorun option

by Stanislav Kinsburskii

The new option controls tests run on boot or module load. With the new debugfs "run" dentry allowing to run tests on demand, an ability to disable automatic tests run becomes a useful option in case of intrusive tests. The option is set to true by default to preserve the existent behavior. It can be overridden by either the corresponding module option or by the corresponding config build option. Signed-off-by: Stanislav Kinsburskii <skinsburskii(a)linux.microsoft.com> --- include/kunit/test.h | 4 +++- lib/kunit/Kconfig | 12 ++++++++++++ lib/kunit/debugfs.c | 2 +- lib/kunit/executor.c | 18 +++++++++++++++++- lib/kunit/test.c | 6 ++++-- 5 files changed, 37 insertions(+), 5 deletions(-) diff --git a/include/kunit/test.h b/include/kunit/test.h index 34b71e42fb10..58dbab60f853 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -312,6 +312,7 @@ static inline void kunit_set_failure(struct kunit *test) } bool kunit_enabled(void); +bool kunit_autorun(void); const char *kunit_action(void); const char *kunit_filter_glob(void); char *kunit_filter(void); @@ -334,7 +335,8 @@ kunit_filter_suites(const struct kunit_suite_set *suite_set, int *err); void kunit_free_suite_set(struct kunit_suite_set suite_set); -int __kunit_test_suites_init(struct kunit_suite * const * const suites, int num_suites); +int __kunit_test_suites_init(struct kunit_suite * const * const suites, int num_suites, + bool run_tests); void __kunit_test_suites_exit(struct kunit_suite **suites, int num_suites); diff --git a/lib/kunit/Kconfig b/lib/kunit/Kconfig index 34d7242d526d..a97897edd964 100644 --- a/lib/kunit/Kconfig +++ b/lib/kunit/Kconfig @@ -81,4 +81,16 @@ config KUNIT_DEFAULT_ENABLED In most cases this should be left as Y. Only if additional opt-in behavior is needed should this be set to N. +config KUNIT_AUTORUN_ENABLED + bool "Default value of kunit.autorun" + default y + help + Sets the default value of kunit.autorun. If set to N then KUnit + tests will not run after initialization unless kunit.autorun=1 is + passed to the kernel command line. The test can still be run manually + via debugfs interface. + + In most cases this should be left as Y. Only if additional opt-in + behavior is needed should this be set to N. + endif # KUNIT diff --git a/lib/kunit/debugfs.c b/lib/kunit/debugfs.c index d548750a325a..9df064f40d98 100644 --- a/lib/kunit/debugfs.c +++ b/lib/kunit/debugfs.c @@ -145,7 +145,7 @@ static ssize_t debugfs_run(struct file *file, struct inode *f_inode = file->f_inode; struct kunit_suite *suite = (struct kunit_suite *) f_inode->i_private; - __kunit_test_suites_init(&suite, 1); + __kunit_test_suites_init(&suite, 1, true); return count; } diff --git a/lib/kunit/executor.c b/lib/kunit/executor.c index 34b7b6833df3..340723571b0f 100644 --- a/lib/kunit/executor.c +++ b/lib/kunit/executor.c @@ -29,6 +29,22 @@ const char *kunit_action(void) return action_param; } +/* + * Run KUnit tests after initialization + */ +#ifdef CONFIG_KUNIT_AUTORUN_ENABLED +static bool autorun_param = true; +#else +static bool autorun_param; +#endif +module_param_named(autorun, autorun_param, bool, 0); +MODULE_PARM_DESC(autorun, "Run KUnit tests after initialization"); + +bool kunit_autorun(void) +{ + return autorun_param; +} + static char *filter_glob_param; static char *filter_param; static char *filter_action_param; @@ -266,7 +282,7 @@ void kunit_exec_run_tests(struct kunit_suite_set *suite_set, bool builtin) pr_info("1..%zu\n", num_suites); } - __kunit_test_suites_init(suite_set->start, num_suites); + __kunit_test_suites_init(suite_set->start, num_suites, kunit_autorun()); } void kunit_exec_list_tests(struct kunit_suite_set *suite_set, bool include_attr) diff --git a/lib/kunit/test.c b/lib/kunit/test.c index 089c832e3cdb..146d1b48a096 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -708,7 +708,8 @@ bool kunit_enabled(void) return enable_param; } -int __kunit_test_suites_init(struct kunit_suite * const * const suites, int num_suites) +int __kunit_test_suites_init(struct kunit_suite * const * const suites, int num_suites, + bool run_tests) { unsigned int i; @@ -731,7 +732,8 @@ int __kunit_test_suites_init(struct kunit_suite * const * const suites, int num_ for (i = 0; i < num_suites; i++) { kunit_init_suite(suites[i]); - kunit_run_tests(suites[i]); + if (run_tests) + kunit_run_tests(suites[i]); } static_branch_dec(&kunit_running);

3 months, 1 week

2
3
0 0

selftests: core: unshare_test: WARNING: at mm/util.c:671 __kvmalloc_node_noprof

by Naresh Kamboju

The following kernel warning is noticed on all arch and all devices while running selftests: core: unshare_test on Linux next-20240823 and next-20240826. First seen on next-20240823. Good: next-20240822 BAD: next-20240823 and next-20240826 Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> Crash log: -------- # selftests: core: unshare_test <4>[ 61.084149] ------------[ cut here ]------------ <4>[ 61.085175] WARNING: CPU: 0 PID: 477 at mm/util.c:671 __kvmalloc_node_noprof (mm/util.c:671 (discriminator 1)) <4>[ 61.088958] Modules linked in: crct10dif_ce sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 drm fuse backlight dm_mod ip_tables x_tables <4>[ 61.093141] CPU: 0 UID: 0 PID: 477 Comm: unshare_test Not tainted 6.11.0-rc5-next-20240826 #1 <4>[ 61.094558] Hardware name: linux,dummy-virt (DT) <4>[ 61.096763] pstate: 23400009 (nzCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) <4>[ 61.097841] pc : __kvmalloc_node_noprof (mm/util.c:671 (discriminator 1)) <4>[ 61.099701] lr : __kvmalloc_node_noprof (mm/util.c:661) <4>[ 61.100448] sp : ffff800080abbce0 <4>[ 61.100819] x29: ffff800080abbcf0 x28: fff0000004549280 x27: 0000000000000000 <4>[ 61.101744] x26: 0000000000000000 x25: 0000000000000000 x24: fff0000003615e40 <4>[ 61.102512] x23: fff0000003615ec0 x22: bfafa45863b285c8 x21: 0000000200002000 <4>[ 61.103232] x20: 00000000ffffffff x19: 0000000000400cc0 x18: 0000000000000000 <4>[ 61.104053] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 <4>[ 61.104927] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 <4>[ 61.105752] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 <4>[ 61.106606] x8 : 0000000000000001 x7 : 0000000000000001 x6 : 0000000000000005 <4>[ 61.107377] x5 : 0000000000000000 x4 : fff0000004549280 x3 : 0000000000000000 <4>[ 61.108207] x2 : 0000000000000000 x1 : 000000007fffffff x0 : 0000000000000000 <4>[ 61.109262] Call trace: <4>[ 61.109619] __kvmalloc_node_noprof (mm/util.c:671 (discriminator 1)) <4>[ 61.110248] alloc_fdtable (fs/file.c:133) <4>[ 61.110751] expand_files (include/linux/atomic/atomic-arch-fallback.h:457 include/linux/atomic/atomic-instrumented.h:33 fs/file.c:177 fs/file.c:238) <4>[ 61.111171] ksys_dup3 (fs/file.c:1337) <4>[ 61.111596] __arm64_sys_dup3 (fs/file.c:1355) <4>[ 61.112006] invoke_syscall (arch/arm64/include/asm/current.h:19 arch/arm64/kernel/syscall.c:54) <4>[ 61.112480] el0_svc_common.constprop.0 (include/linux/thread_info.h:127 (discriminator 2) arch/arm64/kernel/syscall.c:140 (discriminator 2)) <4>[ 61.112955] do_el0_svc (arch/arm64/kernel/syscall.c:152) <4>[ 61.113384] el0_svc (arch/arm64/include/asm/irqflags.h:55 arch/arm64/include/asm/irqflags.h:76 arch/arm64/kernel/entry-common.c:165 arch/arm64/kernel/entry-common.c:178 arch/arm64/kernel/entry-common.c:713) <4>[ 61.113742] el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:731) <4>[ 61.115181] el0t_64_sync (arch/arm64/kernel/entry.S:598) <4>[ 61.115709] ---[ end trace 0000000000000000 ]--- Crash Log links, -------- - https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20240826/te… Crash failed comparison: ---------- - https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20240826/te… metadata: ---- git describe: next-20240823 and next-20240826 git repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next git sha: c79c85875f1af04040fe4492ed94ce37ad729c4d kernel config: https://storage.tuxsuite.com/public/linaro/lkft/builds/2l2pZRzhgRkPgXIKLJCI… artifact location: https://storage.tuxsuite.com/public/linaro/lkft/builds/2l2pZRzhgRkPgXIKLJCI… build url: https://storage.tuxsuite.com/public/linaro/lkft/builds/2l2pZRzhgRkPgXIKLJCI… toolchain: clang-18 and gcc-13 Steps to reproduce: --------- - https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2l2paZVYTl… - https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2l2paZVYTl… Please let me know if you need more information. -- Linaro LKFT https://lkft.linaro.org

3 months, 1 week

2
2
0 0

[RFC PATCH v2 0/2] Add file seal to prevent future exec mappings

by Isaac J. Manjarres

Android uses the ashmem driver [1] for creating shared memory regions between processes. The ashmem driver exposes an ioctl command for processes to restrict the permissions an ashmem buffer can be mapped with. Buffers are created with the ability to be mapped as readable, writable, and executable. Processes remove the ability to map some ashmem buffers as executable to ensure that those buffers cannot be used to inject malicious code for another process to run. Other buffers retain their ability to be mapped as executable, as these buffers can be used for just-in-time (JIT) compilation. So there is a need to be able to remove the ability to map a buffer as executable on a per-buffer basis. Android is currently trying to migrate towards replacing its ashmem driver usage with memfd. Part of the transition involved introducing a library that serves to abstract away how shared memory regions are allocated (i.e. ashmem vs memfd). This allows clients to use a single interface for restricting how a buffer can be mapped without having to worry about how it is handled for ashmem (through the ioctl command mentioned earlier) or memfd (through file seals). While memfd has support for preventing buffers from being mapped as writable beyond a certain point in time (thanks to F_SEAL_FUTURE_WRITE), it does not have a similar interface to prevent buffers from being mapped as executable beyond a certain point. However, that could be implemented as a file seal (F_SEAL_FUTURE_EXEC) which works similarly to F_SEAL_FUTURE_WRITE. F_SEAL_FUTURE_WRITE was chosen as a template for how this new seal should behave, instead of F_SEAL_WRITE, for the following reasons: 1. Having the new seal behave like F_SEAL_FUTURE_WRITE matches the behavior that was present with ashmem. This aids in seamlessly transitioning clients away from ashmem to memfd. 2. Making the new seal behave like F_SEAL_WRITE would mean that no mappings that could become executable in the future (i.e. via mprotect()) can exist when the seal is applied. However, there are known cases (e.g. CursorWindow [2]) where restrictions are applied on how a buffer can be mapped after a mapping has already been made. That mapping may have VM_MAYEXEC set, which would not allow the seal to be applied successfully. Therefore, the F_SEAL_FUTURE_EXEC seal was designed to have the same semantics as F_SEAL_FUTURE_WRITE. Note: this series depends on Lorenzo's work [3], [4], [5] from Andrew Morton's mm-unstable branch [6], which reworks memfd's file seal checks, allowing for newer file seals to be implemented in a cleaner fashion. Changes from v1 ==> v2: - Changed the return code to be -EPERM instead of -EACCES when attempting to map an exec sealed file with PROT_EXEC to align to mmap()'s man page. Thank you Kalesh Singh for spotting this! - Rebased on top of Lorenzo's work to cleanup memfd file seal checks in mmap() ([3], [4], and [5]). Thank you for this Lorenzo! - Changed to deny PROT_EXEC mappings only if the mapping is shared, instead of for both shared and private mappings, after discussing this with Lorenzo. Opens: - Lorenzo brought up that this patch may negatively impact the usage of MFD_NOEXEC_SCOPE_NOEXEC_ENFORCED [7]. However, it is not clear to me why that is the case. At the moment, my intent is for the executable permissions of the file to be disjoint from the ability to create executable mappings. Links: [1] https://cs.android.com/android/kernel/superproject/+/common-android-mainlin… [2] https://developer.android.com/reference/android/database/CursorWindow [3] https://lore.kernel.org/all/cover.1732804776.git.lorenzo.stoakes@oracle.com/ [4] https://lkml.kernel.org/r/20241206212846.210835-1-lorenzo.stoakes@oracle.com [5] https://lkml.kernel.org/r/7dee6c5d-480b-4c24-b98e-6fa47dbd8a23@lucifer.local [6] https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/tree/?h=mm-unst… [7] https://lore.kernel.org/all/3a53b154-1e46-45fb-a559-65afa7a8a788@lucifer.lo… Links to previous versions: v1: https://lore.kernel.org/all/20241206010930.3871336-1-isaacmanjarres@google.… Isaac J. Manjarres (2): mm/memfd: Add support for F_SEAL_FUTURE_EXEC to memfd selftests/memfd: Add tests for F_SEAL_FUTURE_EXEC include/uapi/linux/fcntl.h | 1 + mm/memfd.c | 39 ++++++++++- tools/testing/selftests/memfd/memfd_test.c | 79 ++++++++++++++++++++++ 3 files changed, 118 insertions(+), 1 deletion(-) -- 2.47.1.613.gc27f4b7a9f-goog

3 months, 2 weeks

2
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror December 2024