[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <d4859e88-d105-4de2-b19c-f59bf7bd5e88@linux.dev>
Date: Fri, 26 Jan 2024 11:36:48 -0800
From: Yonghong Song <yonghong.song@...ux.dev>
To: Hou Tao <houtao@...weicloud.com>, x86@...nel.org, bpf@...r.kernel.org
Cc: Dave Hansen <dave.hansen@...ux.intel.com>,
Andy Lutomirski <luto@...nel.org>, Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, "H . Peter Anvin" <hpa@...or.com>,
linux-kernel@...r.kernel.org, xingwei lee <xrivendell7@...il.com>,
Jann Horn <jannh@...gle.com>, Sohil Mehta <sohil.mehta@...el.com>,
houtao1@...wei.com
Subject: Re: [PATCH bpf v2 3/3] selftest/bpf: Test the read of vsyscall page
under x86-64
On 1/26/24 3:54 AM, Hou Tao wrote:
> From: Hou Tao <houtao1@...wei.com>
>
> Under x86-64, when using bpf_probe_read_kernel{_str}() or
> bpf_probe_read{_str}() to read vsyscall page, the read may trigger oops,
> so add one test case to ensure that the problem is fixed. Beside those
> four bpf helpers mentioned above, testing the read of vsyscall page by
> using bpf_probe_read_user{_str} and bpf_copy_from_user{_task}() as well.
>
> The test case passes the address of vsyscall page to these six helpers
> and checks whether the returned values are expected:
>
> 1) For bpf_probe_read_kernel{_str}()/bpf_probe_read{_str}(), the
> expected return value is -ERANGE as shown below:
>
> bpf_probe_read_kernel_common
> copy_from_kernel_nofault
> // false, return -ERANGE
> copy_from_kernel_nofault_allowed
>
> 2) For bpf_probe_read_user{_str}(), the expected return value is -EFAULT
> as show below:
>
> bpf_probe_read_user_common
> copy_from_user_nofault
> // false, return -EFAULT
> __access_ok
>
> 3) For bpf_copy_from_user(), the expected return value is -EFAULT:
>
> // return -EFAULT
> bpf_copy_from_user
> copy_from_user
> _copy_from_user
> // return false
> access_ok
>
> 4) For bpf_copy_from_user_task(), the expected return value is -EFAULT:
>
> // return -EFAULT
> bpf_copy_from_user_task
> access_process_vm
> // return 0
> vma_lookup()
> // return 0
> expand_stack()
>
> The occurrence of oops depends on the availability of CPU SMAP [1]
> feature and there are three possible configurations of vsyscall page in
> boot cmd-line: vsyscall={xonly|none|emulate}, so there are totally six
> possible combinations. Under all these combinations, the running of the
> test case succeeds.
>
> [1]: https://en.wikipedia.org/wiki/Supervisor_Mode_Access_Prevention
>
> Signed-off-by: Hou Tao <houtao1@...wei.com>
The first two patches look good to me but I think it would be better
if x86 folks can ack on them. The selftest patch LGTM.
Acked-by: Yonghong Song <yonghong.song@...ux.dev>
Powered by blists - more mailing lists