Re: [PATCH] binfmt_elf: Introduce KUnit test

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kees Cook <keescook@chromium.org>
To: Daniel Latypov <dlatypov@google.com>
Cc: "Steven Rostedt" <rostedt@goodmis.org>,
	"Eric Biederman" <ebiederm@xmission.com>,
	"David Gow" <davidgow@google.com>,
	"Alexey Dobriyan" <adobriyan@gmail.com>,
	"Magnus Groß" <magnus.gross@rwth-aachen.de>,
	kunit-dev@googlegroups.com, linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-mm@kvack.org,
	linux-hardening@vger.kernel.org
Subject: Re: [PATCH] binfmt_elf: Introduce KUnit test
Date: Mon, 28 Feb 2022 19:17:08 -0800	[thread overview]
Message-ID: <202202281915.3479AB42@keescook> (raw)
In-Reply-To: <CAGS_qxoXXkp2rVGrwa4h7bem-sgHikpMufrPXQaSzOW2N==tQw@mail.gmail.com>

On Mon, Feb 28, 2022 at 05:48:27PM -0800, Daniel Latypov wrote:
> On Thu, Feb 24, 2022 at 6:15 AM Steven Rostedt <rostedt@goodmis.org> wrote:
> >
> > On Wed, 23 Feb 2022 22:13:25 -0800
> > Kees Cook <keescook@chromium.org> wrote:
> >
> > > Steven, I want to do fancy live-patch kind or things to replace functions,
> > > but it doesn't need to be particularly fancy because KUnit tests (usually)
> > > run single-threaded, etc. It looks like kprobes could almost do it, but
> > > I don't see a way to have it _avoid_ making a function call.
> >
> >
> > // This is called just before the hijacked function is called
> > static void notrace my_tramp(unsigned long ip, unsigned long parent_ip,
> >                              struct ftrace_ops *ops,
> >                              struct ftrace_regs *fregs)
> > {
> >         int bit;
> >
> >         bit = ftrace_test_recursion_trylock(ip, parent_ip);
> >         if (WARN_ON_ONCE(bit < 0))
> >                 return;
> >
> >         /*
> >          * This uses the live kernel patching arch code to now return
> >          * to new_function() instead of the one that was called.
> >          * If you want to do a lookup, you can look at the "ip"
> >          * which will give you the function you are about to replace.
> >          * Note, it may not be equal to the function address,
> >          * but for that, you can have this:
> >          *   ip = ftrace_location(function_ip);
> >          * which will give the ip that is passed here.
> >          */
> >         klp_arch_set_pc(fregs, new_function);
> 
> Ahah!
> This was the missing bit.
> 
> David and I both got so excited by this we prototyped experimental
> APIs around this over the weekend.
> He also prototyped a more intrusive alternative to using ftrace and
> kernel livepatch since they don't work on all arches, like UML.

Yay! That's excellent. I didn't have time to try this myself, so I'm
delighted to see y'all got it working. Nice!

> We're splitting up responsibility and will each submit RFCs to the
> list in the coming days.
> I'll send the ftrace one based on this.
> He'll send his alternative one as well.
> I think we'll end up having both approaches as they both have their usecases.
> 
> It'll take some iteration to bikeshed stuff like names and make them
> more consistent with each other.
> I've posted my working copy on Gerrit for now, if people want to take
> a look: https://kunit-review.googlesource.com/c/linux/+/5109

Great! I'll go comment on it there.

-- 
Kees Cook

next prev parent reply	other threads:[~2022-03-01  3:17 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-24  5:43 [PATCH] binfmt_elf: Introduce KUnit test Kees Cook
2022-02-24  6:07 ` Daniel Latypov
2022-02-24  6:13   ` Kees Cook
2022-02-24  7:57     ` David Gow
2022-02-24 14:15     ` Steven Rostedt
2022-03-01  1:48       ` Daniel Latypov
2022-03-01  3:17         ` Kees Cook [this message]
2022-03-01  4:21         ` Steven Rostedt
2022-03-01  6:42           ` Daniel Latypov
2022-03-01 15:06             ` Steven Rostedt
2022-02-24  7:41 ` David Gow
2022-02-24  9:45 ` Alexey Dobriyan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202202281915.3479AB42@keescook \
    --to=keescook@chromium.org \
    --cc=adobriyan@gmail.com \
    --cc=davidgow@google.com \
    --cc=dlatypov@google.com \
    --cc=ebiederm@xmission.com \
    --cc=kunit-dev@googlegroups.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=magnus.gross@rwth-aachen.de \
    --cc=rostedt@goodmis.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.