On Tue, Sep 10, 2019 at 01:25:31PM +0100, Cristian Marussi wrote:
On 04/09/2019 12:47, Dave Martin wrote:
On Mon, Sep 02, 2019 at 12:29:21pm +0100, Cristian Marussi wrote:
Hi
this patchset aims to add the initial arch-specific arm64 support to kselftest starting with signals-related test-cases. A common internal test-case layout is proposed which then it is anyway wired-up to the toplevel kselftest Makefile, so that it should be possible at the end to run it on an arm64 target in the usual way with KSFT.
BTW, it's helpful to state the base branch / commit as clearly as possible near the top of the cover letter, say,
--8<--
This series is based on arm64/for-next/core [1] commit 9ce1263033cd ("selftests, arm64: add a selftest for passing tagged pointers to kernel")
[1] git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/core
-->8--
This is particularly important if you expect the maintainer to pick up the patches.
You don't need to reference a specific commit unless there's a significant chance of conflicts if the wrong commit is used, but it can help provide a clue as to why you're basing on this alternate branch.
Ok, thanks I'll do.
~/linux# make TARGETS=arm64 kselftest
New KSFT arm64 testcases live inside tools/testing/selftests/arm64 grouped by family inside subdirectories: arm64/signal is the first family proposed with this series. This series converts also to this subdirectory scheme the pre-existing (already queued on arm64/for-next/core) KSFT arm64 tags tests, moving them into arm64/tags.
Thanks
Cristian
Notes:
further details in the included READMEs
more tests still to be written (current strategy is going through the related Kernel signal-handling code and write a test for each possible and sensible code-path) A few ideas for more TODO testcases:
- fake_sigreturn_unmapped_sp: SP into unmapped addrs
- fake_sigreturn_kernelspace_sp: SP into kernel addrs
- fake_sigreturn_sve_bad_extra_context: SVE extra context badly formed
- mangle_sve_invalid_extra_context: SVE extra_context invalid
SVE signal testcases and special handling will be part of an additional patch still to be released
What's your approach to checking that the test failure paths work?
We could either hack the kernel or the tests to provoke "fake" failures, and I don't think it's necessary to test everything in this way, providing we have confidence that the test strategy and framework works in general.
So my approach to testing the tests itself has been as follows:
- PASS path: instrumented Kernel itself to print the exact line where the SEGV is supposed to be called and manually check once for all (just redone now). Something like:
# FAKE_SIGRETURN_MISALIGNED_SP :: Triggers a sigreturn with a misaligned sigframe Registered handlers for all signals. Detected MINSTKSIGSZ:9984 Testcase initialized. uc context validated. GOOD CONTEXT grabbed from sig_copyctx handler Handled SIG_COPYCTX Calling sigreturn with fake sigframe sized:4688 at SP @FFFFCAAE5253 [ 188.206911] Kernel SEGV @ 571 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< SIG_OK -- SP:0xFFFFCAAE5253 si_addr@:0xffffcaae5253 si_code:2 token@:0xffffcaae5253 offset:0 ==>> completed. PASS(1)
FAIL path: tried at first the same approach (instrument to avoid the SEGV), but thinking that this could have led to general Kernel instability while processing bad sigframes, I instead instrumented tests and utils as follows:
mangle_ TESTS:
- removed the "mangling" for each test, and observed test FAIL (NO SEGV)
# MANGLE_PSTATE_INVALID_MODE_EL1h :: Mangling uc_mcontext INVALID MODE EL1h Registered handlers for all signals. Detected MINSTKSIGSZ:9984 Testcase initialized. uc context validated. Handled SIG_TRIG ==>> completed. FAIL(0)
+ SSBS: being this a peculiar mangle_ test, where we check that SSBS is PRESERVED as it is on Kernel restoring sigframe (no expected SEGV), I used a kernel patched to NOT preserve the SSBS bit (so clearing it). Moreover I experimented with the various SSBS support levels (no_supp/SSBS_BIT/MRS+SSBS_BIT) and observed how test behaved related to the detected SSBS support + verify that an anomalous SEGV (no SEGV_ACCER) is detected (say a *(* int)0x00= inside handler)# MANGLE_PSTATE_INVALID_DAIF_BITS :: Mangling uc_mcontext with INVALID DAIF_BITS Registered handlers for all signals. Detected MINSTKSIGSZ:9984 Testcase initialized. uc context validated. SIG_OK -- SP:0xFFFFFBE96DA0 si_addr@:(nil) si_code:1 token@:(nil) offset:0 si_code != SEGV_ACCERR...test is probably broken! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -- RX UNEXPECTED SIGNAL: 6 ==>> completed. FAIL(0)
fake_sigreturn_ TESTS:
- verify placing on the stack the good context grabbed from get_current_context() as it is (GOOD), execution flow is anomalously restored inside get_current_context() and such anomaly is spotted (without deadly loops)
# FAKE_SIGRETURN_BAD_MAGIC :: Trigger a sigreturn with a sigframe with a bad magic Registered handlers for all signals. Detected MINSTKSIGSZ:9984 Testcase initialized. uc context validated. GOOD CONTEXT grabbed from sig_copyctx handler Handled SIG_COPYCTX Calling sigreturn with fake sigframe sized:4688 at SP @FFFFCAC61F80 Unexpected successful sigreturn detected: live_uc is stale ! <<<<<<<<<<<<<<<<<<<<<<<<<<< ==>> completed. FAIL(0)
+ verify that an early SEGV is detected as anomalous (say a *(* int)0x00 before fake sigframe has been placed on the stack)# FAKE_SIGRETURN_BAD_MAGIC :: Trigger a sigreturn with a sigframe with a bad magic Registered handlers for all signals. Detected MINSTKSIGSZ:9984 Testcase initialized. uc context validated. GOOD CONTEXT grabbed from sig_copyctx handler Handled SIG_COPYCTX Available space:3552 Using badly built context - ERR: BAD MAGIC ! Calling sigreturn with fake sigframe sized:4688 at SP @FFFFE77C96D0 SIG_OK -- SP:0xFFFFE77C96D0 si_addr@:(nil) si_code:1 token@:(nil) offset:0 current->token ZEROED...test is probably broken! <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< -- RX UNEXPECTED SIGNAL: 6 ==>> completed. FAIL(0)
OK, seems reasonable.
I was just curious as to how you'd approached it.
Cheers ---Dave