| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Feb 2022 12:56:26 -0800
From: David Vernet <void@...ifault.com>
To: live-patching@...r.kernel.org, linux-kernel@...r.kernel.org,
jpoimboe@...hat.com, pmladek@...e.com, jikos@...nel.org,
mbenes@...e.cz, joe.lawrence@...hat.com, corbet@....net
Cc: void@...ifault.com, kernel-team@...com
Subject: [PATCH v2] livepatch: Skip livepatch tests if ftrace cannot be configured
livepatch has a set of selftests that are used to validate the behavior of
the livepatching subsystem. One of the testcases in the livepatch
testsuite is test-ftrace.sh, which among other things, validates that
livepatching gracefully fails when ftrace is disabled. In the event that
ftrace cannot be disabled using 'sysctl kernel.ftrace_enabled=0', the test
will fail later due to it unexpectedly successfully loading the
test_klp_livepatch module.
While the livepatch selftests are careful to remove any of the livepatch
test modules between testcases to avoid this situation, ftrace may still
fail to be disabled if another trace is active on the system that was
enabled with FTRACE_OPS_FL_PERMANENT. For example, any active BPF programs
that use trampolines will cause this test to fail due to the trampoline
being implemented with register_ftrace_direct(). The following is an
example of such a trace:
tcp_drop (1) R I D tramp: ftrace_regs_caller+0x0/0x58
(call_direct_funcs+0x0/0x30)
direct-->bpf_trampoline_6442550536_0+0x0/0x1000
In order to make the test more resilient to system state that is out of its
control, this patch adds a check to set_ftrace_enabled() to skip the tests
if the sysctl invocation fails.
Signed-off-by: David Vernet <void@...ifault.com>
---
v2:
- Fix typo in newly added comment (s/permament/permanent).
- Adjust the location of the added newline to be before the new comment
rather than that the end of the function.
- Make the failure-path check a bit less brittle by checking for the
exact expected string, rather than specifically for "Device or resource
busy".
tools/testing/selftests/livepatch/functions.sh | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/testing/selftests/livepatch/functions.sh b/tools/testing/selftests/livepatch/functions.sh
index 846c7ed71556..32970324dd7e 100644
--- a/tools/testing/selftests/livepatch/functions.sh
+++ b/tools/testing/selftests/livepatch/functions.sh
@@ -78,6 +78,12 @@ function set_ftrace_enabled() {
result=$(sysctl -q kernel.ftrace_enabled="$1" 2>&1 && \
sysctl kernel.ftrace_enabled 2>&1)
echo "livepatch: $result" > /dev/kmsg
+
+ # Skip the test if ftrace is busy. This can happen under normal system
+ # conditions if a trace is marked as permanent.
+ if [[ "$result" != "kernel.ftrace_enabled = $1" ]]; then
+ skip "failed to set kernel.ftrace_enabled=$1"
+ fi
}
function cleanup() {
--
2.30.2
Powered by blists - more mailing lists