From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 766C6C433F5 for ; Fri, 10 Dec 2021 13:32:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=s72BBX169XvuWklWE58kJo/n3I1Zw4/Gk0fipPzX8R4=; b=2tWA5LmdV5AHk5 JRf5lwsUdfYKYiq/do312ostx3P7KrZ/fZhkO4k7SrHR+LQOSGZqCYUx2SYfOtZjYxKcj/JO8uijn KejUmq9rSIFI1MbH0YC9d9nEm0yTpSM+ZoiQU2/YROSY7518kmdMIIJ537JbVw+KoeRkUv/w6o8TB yVeOAZJqux3o+/L36vlumn6phXfsz7EwQIBGLbMdLl1dt6YHIrrlYPKTqq089VsIqQLos2IY5GuJp 0Wlv1RndDb+iUabo1RBUwKI4WNtBrG+EGAcg3MgxI22UkDc8i22IfL2KdnRz83H3Sc2ezpr7JbGy+ rvCODZ2mzhHz34jKqqvQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mvfym-001yyV-I9; Fri, 10 Dec 2021 13:30:28 +0000 Received: from mail-wr1-x42f.google.com ([2a00:1450:4864:20::42f]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mvfyf-001yvj-Na for linux-arm-kernel@lists.infradead.org; Fri, 10 Dec 2021 13:30:23 +0000 Received: by mail-wr1-x42f.google.com with SMTP id d9so14958562wrw.4 for ; Fri, 10 Dec 2021 05:30:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=dTdbuA9hIdKn4BfZbCPlTiSyHXJY337c3HR+lMVDle0=; b=YidYi3Fu8huIr5y4/jlAfPC5nI9PIDEuaSycwThZ8P4eSOoYrOSHDTNGlV8Z58MSq1 nLViggv2CJ05+3TJ/iM8LaCSjxFV0xL0r9K1DPQUoZPryr9Daoa3+FYnJHcKrWuGoIf8 Q4g7xaSyduPS4GhcYKKPAC60Eu5VSwzkcf8NtUc4GkZkdwWnXtTOnN4LHMJxxpmOvI2V jwUoLT+Y68ymEV/V9+33LhurOGp8YomH3pQb7qdJknEq6q+f/KzuLeMw9HuAvkMhTnl7 /y5yZXF6PzIH2ayUQGHLWyJOUOTNtFQJEP5Dno2RQjsChi4DVoLDcXQ7BWszUzeSemnH qYVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=dTdbuA9hIdKn4BfZbCPlTiSyHXJY337c3HR+lMVDle0=; b=YO+HWnMGp7r9mFTRVUdGSirIw1it144NnF6BJej76yaDkcCgoNj+KkxnOYdUWfN4ML qga//DYIZMrBL6Ko+hgm4LERAHtktqwd9fyK4INQABn5XJOERrxd+ltBVOS8EjwvK8Sy 3CaXaTj91Sr+O53Lj1DtgU3pwMOA0U2XKK8Zpr59qd7FgXvLxdtZvlBi4VIN6IcV5HhU pJ/QCmww9E9KX4QZmA+59Yo/jhYEJDlcSdoXlDt6RuDJS6P0KcmojDrg/gU7aWNm1l54 wrKO2NwkUS8eBcxaqQFKefrd7Dgynh2N8tw4V621UpXlZOW5DZktyFpv0qWbfd8eAGUQ ekpQ== X-Gm-Message-State: AOAM533rGtiGO+/Kfn46R4Lr59rjuyFqeqFkUTKuHCU7cgE2f/0AWbM6 YBo4FT/O26Vpr7maUjQXbdvz7g== X-Google-Smtp-Source: ABdhPJwCcS9p25EiCqzxhRSk2Pa1gd4yTmwpBUlVZupz6pABIABSyQyupvZFwpKEK3nVmGN2yBv8pg== X-Received: by 2002:a5d:6acc:: with SMTP id u12mr13746398wrw.628.1639143017223; Fri, 10 Dec 2021 05:30:17 -0800 (PST) Received: from elver.google.com ([2a00:79e0:15:13:13f9:8295:8923:1942]) by smtp.gmail.com with ESMTPSA id m7sm2852886wml.38.2021.12.10.05.30.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Dec 2021 05:30:16 -0800 (PST) Date: Fri, 10 Dec 2021 14:30:09 +0100 From: Marco Elver To: Peter Collingbourne Cc: Catalin Marinas , Will Deacon , Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Daniel Bristot de Oliveira , Thomas Gleixner , Andy Lutomirski , Kees Cook , Andrew Morton , Masahiro Yamada , Sami Tolvanen , YiFei Zhu , Mark Rutland , Frederic Weisbecker , Viresh Kumar , Andrey Konovalov , Gabriel Krisman Bertazi , Chris Hyser , Daniel Vetter , Chris Wilson , Arnd Bergmann , Dmitry Vyukov , Christian Brauner , "Eric W. Biederman" , Alexey Gladkov , Ran Xiaokai , David Hildenbrand , Xiaofeng Cao , Cyrill Gorcunov , Thomas Cedeno , Alexander Potapenko , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Evgenii Stepanov Subject: Re: [PATCH v4 7/7] selftests: test uaccess logging Message-ID: References: <20211209221545.2333249-1-pcc@google.com> <20211209221545.2333249-8-pcc@google.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20211209221545.2333249-8-pcc@google.com> User-Agent: Mutt/2.0.5 (2021-01-21) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211210_053021_786686_7ACAE651 X-CRM114-Status: GOOD ( 36.02 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Thu, Dec 09, 2021 at 02:15PM -0800, Peter Collingbourne wrote: > Add a kselftest for the uaccess logging feature. > > Link: https://linux-review.googlesource.com/id/I39e1707fb8aef53747c42bd55b46ecaa67205199 > Signed-off-by: Peter Collingbourne It would be good to also test: - Logging of reads. - Exhausting the uaccess buffer, ideally somehow checking that the kernel hasn't written out-of-bounds, e.g. by using some canary. - Passing an invalid address to some syscall, for which the access should not be logged? - Passing an invalid address to the PR_SET_UACCESS_DESCRIPTOR_ADDR_ADDR prctl(). - Passing a valid address to the prctl(), but that address points to an invalid address. > --- > tools/testing/selftests/Makefile | 1 + > .../testing/selftests/uaccess_buffer/Makefile | 4 + > .../uaccess_buffer/uaccess_buffer_test.c | 126 ++++++++++++++++++ > 3 files changed, 131 insertions(+) > create mode 100644 tools/testing/selftests/uaccess_buffer/Makefile > create mode 100644 tools/testing/selftests/uaccess_buffer/uaccess_buffer_test.c > > diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile > index c852eb40c4f7..291b62430557 100644 > --- a/tools/testing/selftests/Makefile > +++ b/tools/testing/selftests/Makefile > @@ -71,6 +71,7 @@ TARGETS += timers > endif > TARGETS += tmpfs > TARGETS += tpm2 > +TARGETS += uaccess_buffer > TARGETS += user > TARGETS += vDSO > TARGETS += vm > diff --git a/tools/testing/selftests/uaccess_buffer/Makefile b/tools/testing/selftests/uaccess_buffer/Makefile > new file mode 100644 > index 000000000000..e6e5fb43ce29 > --- /dev/null > +++ b/tools/testing/selftests/uaccess_buffer/Makefile > @@ -0,0 +1,4 @@ > +# SPDX-License-Identifier: GPL-2.0 > +TEST_GEN_PROGS := uaccess_buffer_test > + > +include ../lib.mk > diff --git a/tools/testing/selftests/uaccess_buffer/uaccess_buffer_test.c b/tools/testing/selftests/uaccess_buffer/uaccess_buffer_test.c > new file mode 100644 > index 000000000000..051062e4fbf9 > --- /dev/null > +++ b/tools/testing/selftests/uaccess_buffer/uaccess_buffer_test.c > @@ -0,0 +1,126 @@ > +// SPDX-License-Identifier: GPL-2.0 > + > +#include "../kselftest_harness.h" > + > +#include > +#include > +#include > + > +FIXTURE(uaccess_buffer) > +{ > + uint64_t addr; > +}; > + > +FIXTURE_SETUP(uaccess_buffer) > +{ > + ASSERT_EQ(0, prctl(PR_SET_UACCESS_DESCRIPTOR_ADDR_ADDR, &self->addr, 0, > + 0, 0)); > +} > + > +FIXTURE_TEARDOWN(uaccess_buffer) > +{ > + ASSERT_EQ(0, prctl(PR_SET_UACCESS_DESCRIPTOR_ADDR_ADDR, 0, 0, 0, 0)); > +} > + > +TEST_F(uaccess_buffer, uname) > +{ > + struct uaccess_descriptor desc; > + struct uaccess_buffer_entry entries[64]; > + struct utsname un; > + > + desc.addr = (uint64_t)(unsigned long)entries; > + desc.size = 64; > + self->addr = (uint64_t)(unsigned long)&desc; > + ASSERT_EQ(0, uname(&un)); > + ASSERT_EQ(0, self->addr); > + > + if (desc.size == 63) { > + ASSERT_EQ((uint64_t)(unsigned long)(entries + 1), desc.addr); > + > + ASSERT_EQ((uint64_t)(unsigned long)&un, entries[0].addr); > + ASSERT_EQ(sizeof(struct utsname), entries[0].size); > + ASSERT_EQ(UACCESS_BUFFER_FLAG_WRITE, entries[0].flags); > + } else { > + /* See override_architecture in kernel/sys.c */ > + ASSERT_EQ(62, desc.size); > + ASSERT_EQ((uint64_t)(unsigned long)(entries + 2), desc.addr); > + > + ASSERT_EQ((uint64_t)(unsigned long)&un, entries[0].addr); > + ASSERT_EQ(sizeof(struct utsname), entries[0].size); > + ASSERT_EQ(UACCESS_BUFFER_FLAG_WRITE, entries[0].flags); > + > + ASSERT_EQ((uint64_t)(unsigned long)&un.machine, > + entries[1].addr); > + ASSERT_EQ(UACCESS_BUFFER_FLAG_WRITE, entries[1].flags); > + } > +} > + > +static bool handled; > + > +static void usr1_handler(int signo) > +{ > + handled = true; > +} > + > +TEST_F(uaccess_buffer, blocked_signals) > +{ > + struct uaccess_descriptor desc; > + struct shared_buf { > + bool ready; > + bool killed; > + } volatile *shared = mmap(NULL, getpagesize(), PROT_READ | PROT_WRITE, > + MAP_ANON | MAP_SHARED, -1, 0); I know it's a synonym, but to be consistent with other code, MAP_ANONYMOUS? > + struct sigaction act = {}, oldact; > + int pid; > + > + handled = false; > + act.sa_handler = usr1_handler; > + sigaction(SIGUSR1, &act, &oldact); > + > + pid = fork(); > + if (pid == 0) { > + /* > + * Busy loop to synchronize instead of issuing syscalls because > + * we need to test the behavior in the case where no syscall is > + * issued by the parent process. > + */ > + while (!shared->ready) > + ; > + kill(getppid(), SIGUSR1); > + shared->killed = true; > + _exit(0); > + } else { > + int i; > + > + desc.addr = 0; > + desc.size = 0; > + self->addr = (uint64_t)(unsigned long)&desc; > + > + shared->ready = true; > + while (!shared->killed) > + ; > + > + /* > + * The kernel should have IPI'd us by now, but let's wait a bit > + * longer just in case. Is IPI = signalled? Because in the kernel, IPI = inter-processor interrupt. > + */ > + for (i = 0; i != 1000000; ++i) > + ; This is probably optimized out. usleep() should work, or add compiler barrier if usleep doesn't work. > + > + ASSERT_FALSE(handled); > + > + /* > + * Returning from the waitpid syscall should trigger the signal > + * handler. The signal itself may also interrupt waitpid, so > + * make sure to handle EINTR. > + */ > + while (waitpid(pid, NULL, 0) == -1) > + ASSERT_EQ(EINTR, errno); > + ASSERT_TRUE(handled); > + } > + > + munmap((void *)shared, getpagesize()); > + sigaction(SIGUSR1, &oldact, NULL); > +} > + > +TEST_HARNESS_MAIN > -- > 2.34.1.173.g76aa8bc2d0-goog > _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel