v4: - update the commit message with application of patch 3/4
v3: - use the quotes with correct format in the commit message of patch 4/4, sorry for that
v2: - update the commit message to explain the detailed reason of patch 3/4 - add this cover letter
Tiezhu Yang (4): selftests: kmod: Use variable NAME in kmod_test_0001() kmod: Remove redundant "be an" in the comment kmod: Return directly if module name is empty in request_module() test_kmod: Avoid potential double free in trigger_config_run_type()
kernel/kmod.c | 10 +++++++--- lib/test_kmod.c | 2 +- tools/testing/selftests/kmod/kmod.sh | 4 ++-- 3 files changed, 10 insertions(+), 6 deletions(-)
Use the variable NAME instead of "\000" directly in kmod_test_0001().
Acked-by: Luis Chamberlain mcgrof@kernel.org Signed-off-by: Tiezhu Yang yangtiezhu@loongson.cn ---
v4: - no changes
v3: - no changes
v2: - just add the Acked-by tag
tools/testing/selftests/kmod/kmod.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/kmod/kmod.sh b/tools/testing/selftests/kmod/kmod.sh index 3702dbc..da60c3b 100755 --- a/tools/testing/selftests/kmod/kmod.sh +++ b/tools/testing/selftests/kmod/kmod.sh @@ -341,7 +341,7 @@ kmod_test_0001_driver()
kmod_defaults_driver config_num_threads 1 - printf '\000' >"$DIR"/config_test_driver + printf $NAME >"$DIR"/config_test_driver config_trigger ${FUNCNAME[0]} config_expect_result ${FUNCNAME[0]} MODULE_NOT_FOUND } @@ -352,7 +352,7 @@ kmod_test_0001_fs()
kmod_defaults_fs config_num_threads 1 - printf '\000' >"$DIR"/config_test_fs + printf $NAME >"$DIR"/config_test_fs config_trigger ${FUNCNAME[0]} config_expect_result ${FUNCNAME[0]} -EINVAL }
There exists redundant "be an" in the comment, remove it.
Acked-by: Luis Chamberlain mcgrof@kernel.org Signed-off-by: Tiezhu Yang yangtiezhu@loongson.cn ---
v4: - no changes
v3: - no changes
v2: - just add the Acked-by tag
kernel/kmod.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/kernel/kmod.c b/kernel/kmod.c index 37c3c4b..3cd075c 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c @@ -36,9 +36,8 @@ * * If you need less than 50 threads would mean we're dealing with systems * smaller than 3200 pages. This assumes you are capable of having ~13M memory, - * and this would only be an be an upper limit, after which the OOM killer - * would take effect. Systems like these are very unlikely if modules are - * enabled. + * and this would only be an upper limit, after which the OOM killer would take + * effect. Systems like these are very unlikely if modules are enabled. */ #define MAX_KMOD_CONCURRENT 50 static atomic_t kmod_concurrent_max = ATOMIC_INIT(MAX_KMOD_CONCURRENT);
If module name is empty, it is better to return directly at the beginning of request_module() without doing the needless call_modprobe() operation.
(1) In the kernel space
Call trace:
request_module() | | __request_module() | | call_modprobe() | | call_usermodehelper_exec() -- retval = sub_info->retval; | | call_usermodehelper_exec_work() | | call_usermodehelper_exec_sync() -- sub_info->retval = ret; | | --> call_usermodehelper_exec_async() --> do_execve() | kernel_wait4(pid, (int __user *)&ret, 0, NULL);
The exit status of child process is wrote to the address of variable "ret" after call kernel_wait4(), its value is 256 if module name is empty, then sub_info->retval is assigned to "ret" which is 256, the function call_usermodehelper_exec() returns 256, call_modprobe() and __request_module() also return 256.
(2)In the user space
when build and execute the following application, we can see the exit status is 256.
$ ./system exit status = 256
$ ./execl exit status = 256
$ cat system.c #include <stdio.h> #include <stdlib.h>
int main() { int status = 0;
status = system("modprobe '' > /dev/null 2>&1"); printf("exit status = %d\n", status);
return status; }
$ cat execl.c #include <sys/wait.h> #include <stdlib.h> #include <unistd.h> #include <stdio.h>
int main() { pid_t pid, w; int status;
pid = fork(); if (pid == -1) { perror("fork"); exit(EXIT_FAILURE); }
if (pid == 0) { execl("/bin/sh", "sh", "-c", "modprobe '' > /dev/null 2>&1", (char *) 0); } else { w = waitpid(pid, &status, 0); if (w == -1) { perror("waitpid"); exit(EXIT_FAILURE); }
printf("exit status = %d\n", status); exit(EXIT_SUCCESS); }
return 0; }
The exit status of child process is wrote to the address of variable "status" after call waitpid() in the user space that corresponds with kernel_wait4() in the kernel space.
Signed-off-by: Tiezhu Yang yangtiezhu@loongson.cn ---
v4: - update the commit message with application
v3: - no changes
v2: - update the commit message to explain the detailed reason
kernel/kmod.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/kernel/kmod.c b/kernel/kmod.c index 3cd075c..5851444 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c @@ -28,6 +28,8 @@
#include <trace/events/module.h>
+#define MODULE_NOT_FOUND 256 + /* * Assuming: * @@ -144,6 +146,9 @@ int __request_module(bool wait, const char *fmt, ...) if (ret >= MODULE_NAME_LEN) return -ENAMETOOLONG;
+ if (strlen(module_name) == 0) + return MODULE_NOT_FOUND; + ret = security_kernel_module_request(module_name); if (ret) return ret;
On Tue, Apr 21, 2020 at 03:05:03PM +0800, Tiezhu Yang wrote:
The exit status of child process is wrote to the address of variable "status" after call waitpid() in the user space that corresponds with kernel_wait4() in the kernel space.
NACK, the issue is in umh, I'll send a fix.
Luis
Reset the member "test_fs" of the test configuration after a call of the function "kfree_const" to a null pointer so that a double memory release will not be performed.
Fixes: d9c6a72d6fa2 ("kmod: add test driver to stress test the module loader") Acked-by: Luis Chamberlain mcgrof@kernel.org Signed-off-by: Tiezhu Yang yangtiezhu@loongson.cn ---
v4: - no changes
v3: - use the quotes with correct format in the commit message, sorry for that
v2: - update the commit message suggested by Markus Elfring - add the Fixes tag
lib/test_kmod.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/test_kmod.c b/lib/test_kmod.c index e651c37..eab5277 100644 --- a/lib/test_kmod.c +++ b/lib/test_kmod.c @@ -745,7 +745,7 @@ static int trigger_config_run_type(struct kmod_test_device *test_dev, break; case TEST_KMOD_FS_TYPE: kfree_const(config->test_fs); - config->test_driver = NULL; + config->test_fs = NULL; copied = config_copy_test_fs(config, test_str, strlen(test_str)); break;
Hi,
Could you please apply the following three patches?
[v4,1/4] selftests: kmod: Use variable NAME in kmod_test_0001() https://lore.kernel.org/patchwork/patch/1227980/
[v4,2/4] kmod: Remove redundant "be an" in the comment https://lore.kernel.org/patchwork/patch/1227982/
[v4,4/4] test_kmod: Avoid potential double free in trigger_config_run_type() https://lore.kernel.org/patchwork/patch/1227978/
Thanks, Tiezhu Yang
On Mon, May 11, 2020 at 08:59:37PM +0800, Tiezhu Yang wrote:
Hi,
Could you please apply the following three patches?
[v4,1/4] selftests: kmod: Use variable NAME in kmod_test_0001() https://lore.kernel.org/patchwork/patch/1227980/
[v4,2/4] kmod: Remove redundant "be an" in the comment https://lore.kernel.org/patchwork/patch/1227982/
[v4,4/4] test_kmod: Avoid potential double free in trigger_config_run_type() https://lore.kernel.org/patchwork/patch/1227978/
Andrew,
These 3 patches should be fine.
I am re-working a replacement proper fix for patch #3, that requires a change to the umh. I'll try to iron this out today.
Luis
On Mon, May 11, 2020 at 12:28 PM Luis Chamberlain mcgrof@kernel.org wrote:
On Mon, May 11, 2020 at 08:59:37PM +0800, Tiezhu Yang wrote:
Hi,
Could you please apply the following three patches?
[v4,1/4] selftests: kmod: Use variable NAME in kmod_test_0001() https://lore.kernel.org/patchwork/patch/1227980/
[v4,2/4] kmod: Remove redundant "be an" in the comment https://lore.kernel.org/patchwork/patch/1227982/
[v4,4/4] test_kmod: Avoid potential double free in trigger_config_run_type() https://lore.kernel.org/patchwork/patch/1227978/
Andrew,
These 3 patches should be fine.
I am re-working a replacement proper fix for patch #3, that requires a change to the umh. I'll try to iron this out today.
I'll pick these up, and run tests now that I have a finalized solution in place for the patch replacement I mentioned which was needed. Sorry this took so long, but I am glad I took my time. I'll post soon after I test the new fix.
Luis
linux-kselftest-mirror@lists.linaro.org
-
Luis Chamberlain -
Tiezhu Yang