| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Feb 2022 15:30:02 -0500
From: Joe Lawrence <joe.lawrence@...hat.com>
To: David Vernet <void@...ifault.com>, live-patching@...r.kernel.org,
linux-kernel@...r.kernel.org, jpoimboe@...hat.com,
pmladek@...e.com, jikos@...nel.org, mbenes@...e.cz, corbet@....net
Cc: kernel-team@...com
Subject: Re: [PATCH] livepatch: Skip livepatch tests if ftrace cannot be
configured
On 2/3/22 6:32 PM, David Vernet wrote:
> livepatch has a set of selftests that are used to validate the behavior of
> the livepatching subsystem. One of the testcases in the livepatch
> testsuite is test-ftrace.sh, which among other things, validates that
> livepatching gracefully fails when ftrace is disabled. In the event that
> ftrace cannot be disabled using 'sysctl kernel.ftrace_enabled=0', the test
> will fail later due to it unexpectedly successfully loading the
> test_klp_livepatch module.
>
> While the livepatch selftests are careful to remove any of the livepatch
> test modules between testcases to avoid this situation, ftrace may still
> fail to be disabled if another trace is active on the system that was
> enabled with FTRACE_OPS_FL_PERMANENT. For example, any active BPF programs
> that use trampolines will cause this test to fail due to the trampoline
> being implemented with register_ftrace_direct(). The following is an
> example of such a trace:
>
> tcp_drop (1) R I D tramp: ftrace_regs_caller+0x0/0x58
> (call_direct_funcs+0x0/0x30)
> direct-->bpf_trampoline_6442550536_0+0x0/0x1000
>
> In order to make the test more resilient to system state that is out of its
> control, this patch adds a check to set_ftrace_enabled() to skip the tests
> if the sysctl invocation fails.
>
> Signed-off-by: David Vernet <void@...ifault.com>
Hi David,
Thanks for this test case, comments below...
> ---
> tools/testing/selftests/livepatch/functions.sh | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/tools/testing/selftests/livepatch/functions.sh b/tools/testing/selftests/livepatch/functions.sh
> index 846c7ed71556..6857fdcb6b45 100644
> --- a/tools/testing/selftests/livepatch/functions.sh
> +++ b/tools/testing/selftests/livepatch/functions.sh
> @@ -78,6 +78,12 @@ function set_ftrace_enabled() {
> result=$(sysctl -q kernel.ftrace_enabled="$1" 2>&1 && \
> sysctl kernel.ftrace_enabled 2>&1)
> echo "livepatch: $result" > /dev/kmsg
> + # Skip the test if ftrace is busy. This can happen under normal system
> + # conditions if a trace is marked as permament.
sp: s/permament/permanent
> + if [[ "$result" == *"Device or resource busy"* ]]; then
> + skip "failed to set kernel.ftrace_enabled=$1"
> + fi
> +
style nit: move the blank line from here to just before the new # Skip
comment
> }
>
> function cleanup() {
>
Can we be more paranoid and just look for the exact result that we expect:
if [[ "$result" != "kernel.ftrace_enabled = 1" ]]; then
skip "failed to set kernel.ftrace_enabled=$1"
fi
and that way we catch any other faults. What do you think?
Thanks,
--
Joe
Powered by blists - more mailing lists