Re: [PATCH v3 bpf-next] selftests/bpf: Fix selftests broken by mitigations=off

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Yonghong Song <yonghong.song@linux.dev>
To: Daniel Borkmann <daniel@iogearbox.net>,
	Yafang Shao <laoar.shao@gmail.com>,
	alexei.starovoitov@gmail.com
Cc: andrii@kernel.org, ast@kernel.org, bpf@vger.kernel.org,
	gerhorst@cs.fau.de, haoluo@google.com, john.fastabend@gmail.com,
	jolsa@kernel.org, kpsingh@kernel.org, martin.lau@linux.dev,
	sdf@google.com, song@kernel.org
Subject: Re: [PATCH v3 bpf-next] selftests/bpf: Fix selftests broken by mitigations=off
Date: Thu, 26 Oct 2023 09:54:17 -0700	[thread overview]
Message-ID: <4f3f8433-e7e7-4b31-856c-b47de43d0af5@linux.dev> (raw)
In-Reply-To: <3f47542a-ec0f-c33c-4300-36b54858a79c@iogearbox.net>


On 10/26/23 6:46 AM, Daniel Borkmann wrote:
> On 10/25/23 6:56 AM, Yonghong Song wrote:
>> On 10/24/23 8:11 PM, Yafang Shao wrote:
>>> When we configure the kernel command line with 'mitigations=off' and 
>>> set
>>> the sysctl knob 'kernel.unprivileged_bpf_disabled' to 0, the commit
>>> bc5bc309db45 ("bpf: Inherit system settings for CPU security 
>>> mitigations")
>>> causes issues in the execution of `test_progs -t verifier`. This is 
>>> because
>>> 'mitigations=off' bypasses Spectre v1 and Spectre v4 protections.
>>>
>>> Currently, when a program requests to run in unprivileged mode
>>> (kernel.unprivileged_bpf_disabled = 0), the BPF verifier may prevent it
>>> from running due to the following conditions not being enabled:
>>>
>>>    - bypass_spec_v1
>>>    - bypass_spec_v4
>>>    - allow_ptr_leaks
>>>    - allow_uninit_stack
>>>
>>> While 'mitigations=off' enables the first two conditions, it does not
>>> enable the latter two. As a result, some test cases in
>>> 'test_progs -t verifier' that were expected to fail to run may run
>>> successfully, while others still fail but with different error 
>>> messages.
>>> This makes it challenging to address them comprehensively.
>>>
>>> Moreover, in the future, we may introduce more fine-grained control 
>>> over
>>> CPU mitigations, such as enabling only bypass_spec_v1 or 
>>> bypass_spec_v4.
>>>
>>> Given the complexity of the situation, rather than fixing each 
>>> broken test
>>> case individually, it's preferable to skip them when 
>>> 'mitigations=off' is
>>> in effect and introduce specific test cases for the new 
>>> 'mitigations=off'
>>> scenario. For instance, we can introduce new BTF declaration tags like
>>> '__failure__nospec', '__failure_nospecv1' and '__failure_nospecv4'.
>>>
>>> In this patch, the approach is to simply skip the broken test cases 
>>> when
>>> 'mitigations=off' is enabled. The result of `test_progs -t verifier` as
>>> follows after this commit,
>>>
>>> Before this commit
>>> ==================
>>> - without 'mitigations=off'
>>>    - kernel.unprivileged_bpf_disabled = 2
>>>      Summary: 74/948 PASSED, 388 SKIPPED, 0 FAILED
>>>    - kernel.unprivileged_bpf_disabled = 0
>>>      Summary: 74/1336 PASSED, 0 SKIPPED, 0 FAILED <<<<
>>> - with 'mitigations=off'
>>>    - kernel.unprivileged_bpf_disabled = 2
>>>      Summary: 74/948 PASSED, 388 SKIPPED, 0 FAILED
>>>    - kernel.unprivileged_bpf_disabled = 0
>>>      Summary: 63/1276 PASSED, 0 SKIPPED, 11 FAILED <<<< 11 FAILED
>>>
>>> After this commit
>>> =================
>>> - without 'mitigations=off'
>>>    - kernel.unprivileged_bpf_disabled = 2
>>>      Summary: 74/948 PASSED, 388 SKIPPED, 0 FAILED
>>>    - kernel.unprivileged_bpf_disabled = 0
>>>      Summary: 74/1336 PASSED, 0 SKIPPED, 0 FAILED <<<<
>>> - with this patch, with 'mitigations=off'
>>>    - kernel.unprivileged_bpf_disabled = 2
>>>      Summary: 74/948 PASSED, 388 SKIPPED, 0 FAILED
>>>    - kernel.unprivileged_bpf_disabled = 0
>>>      Summary: 74/948 PASSED, 388 SKIPPED, 0 FAILED <<<< SKIPPED
>>>
>>> Fixes: bc5bc309db45 ("bpf: Inherit system settings for CPU security 
>>> mitigations")
>>> Reported-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
>>> Closes: 
>>> https://lore.kernel.org/bpf/CAADnVQKUBJqg+hHtbLeeC2jhoJAWqnmRAzXW3hmUCNSV9kx4sQ@mail.gmail.com
>>> Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
>>
>> Ack with a nit below.
>> Acked-by: Yonghong Song <yonghong.song@linux.dev>
>>
> [...]
>>>       }
>>> -    return disabled;
>>> +    return disabled ? true : get_mitigations_off();
>>
>> Above code is correct. But you could slightly simplify it with
>>      return disabled ? : get_mitigations_off();
>>
>> I guess maintainer can decide whether simplification is needed
>> or not.
>
> Turns out if you omit, then compiler will complain with a warning :)
>
>   [...]
>   GEN      vmlinux.h
> unpriv_helpers.c: In function ‘get_unpriv_disabled’:
> unpriv_helpers.c:56:27: error: the omitted middle operand in ‘?:’ will 
> always be ‘true’, suggest explicit middle operand [-Werror=parentheses]
>    56 |         return disabled ? : get_mitigations_off();
>       |                           ^
> cc1: all warnings being treated as errors
> make: *** [Makefile:615: 
> /root/linux/tools/testing/selftests/bpf/unpriv_helpers.o] Error 1

clang compiler is okay with '?:' change while gcc compiler issued errors. So yes,
existing code is good for both compilers. Thanks!


>
> So it's okay as is, applied, thanks!
>

next prev parent reply	other threads:[~2023-10-26 16:54 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-05  8:41 [PATCH bpf-next] bpf: Inherit system settings for CPU security mitigations Yafang Shao
2023-10-05 17:24 ` Stanislav Fomichev
2023-10-05 18:01 ` Song Liu
2023-10-05 23:30   ` KP Singh
2023-10-06 16:55     ` Daniel Borkmann
2023-10-06 18:20 ` patchwork-bot+netdevbpf
2023-10-11 22:53 ` Andrii Nakryiko
2023-10-12  2:29   ` Yafang Shao
2023-10-12  4:42     ` Andrii Nakryiko
2023-10-20  0:42 ` Alexei Starovoitov
2023-10-20  2:35   ` Yafang Shao
2023-10-22  9:26   ` [PATCH bpf-next] selftests/bpf: Fix selftests broken by mitigations=off Yafang Shao
2023-10-22  9:49     ` [PATCH v2 " Yafang Shao
2023-10-22 10:05       ` Yafang Shao
2023-10-22 11:27       ` kernel test robot
2023-10-25  3:11   ` [PATCH v3 " Yafang Shao
2023-10-25  4:56     ` Yonghong Song
2023-10-26 13:46       ` Daniel Borkmann
2023-10-26 16:54         ` Yonghong Song [this message]
2023-10-26 13:50     ` patchwork-bot+netdevbpf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4f3f8433-e7e7-4b31-856c-b47de43d0af5@linux.dev \
    --to=yonghong.song@linux.dev \
    --cc=alexei.starovoitov@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=gerhorst@cs.fau.de \
    --cc=haoluo@google.com \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=kpsingh@kernel.org \
    --cc=laoar.shao@gmail.com \
    --cc=martin.lau@linux.dev \
    --cc=sdf@google.com \
    --cc=song@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.