| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zi9NPfII8I7nWz6O@krava>
Date: Mon, 29 Apr 2024 09:33:17 +0200
From: Jiri Olsa <olsajiri@...il.com>
To: Andrii Nakryiko <andrii.nakryiko@...il.com>
Cc: Steven Rostedt <rostedt@...dmis.org>,
Masami Hiramatsu <mhiramat@...nel.org>,
Oleg Nesterov <oleg@...hat.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>, linux-kernel@...r.kernel.org,
linux-trace-kernel@...r.kernel.org, linux-api@...r.kernel.org,
x86@...nel.org, bpf@...r.kernel.org,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>,
"Borislav Petkov (AMD)" <bp@...en8.de>,
Ingo Molnar <mingo@...hat.com>, Andy Lutomirski <luto@...nel.org>
Subject: Re: [PATCHv3 bpf-next 5/7] selftests/bpf: Add uretprobe syscall call
from user space test
On Fri, Apr 26, 2024 at 11:03:29AM -0700, Andrii Nakryiko wrote:
> On Sun, Apr 21, 2024 at 12:43 PM Jiri Olsa <jolsa@...nel.org> wrote:
> >
> > Adding test to verify that when called from outside of the
> > trampoline provided by kernel, the uretprobe syscall will cause
> > calling process to receive SIGILL signal and the attached bpf
> > program is no executed.
> >
> > Signed-off-by: Jiri Olsa <jolsa@...nel.org>
> > ---
> > .../selftests/bpf/prog_tests/uprobe_syscall.c | 92 +++++++++++++++++++
> > .../selftests/bpf/progs/uprobe_syscall_call.c | 15 +++
> > 2 files changed, 107 insertions(+)
> > create mode 100644 tools/testing/selftests/bpf/progs/uprobe_syscall_call.c
> >
>
> See nits below, but overall LGTM
>
> Acked-by: Andrii Nakryiko <andrii@...nel.org>
>
> [...]
>
> > @@ -219,6 +301,11 @@ static void test_uretprobe_regs_change(void)
> > {
> > test__skip();
> > }
> > +
> > +static void test_uretprobe_syscall_call(void)
> > +{
> > + test__skip();
> > +}
> > #endif
> >
> > void test_uprobe_syscall(void)
> > @@ -228,3 +315,8 @@ void test_uprobe_syscall(void)
> > if (test__start_subtest("uretprobe_regs_change"))
> > test_uretprobe_regs_change();
> > }
> > +
> > +void serial_test_uprobe_syscall_call(void)
>
> does it need to be serial? non-serial are still run sequentially
> within a process (there is no multi-threading), it's more about some
> global effects on system.
plz see below
>
> > +{
> > + test_uretprobe_syscall_call();
> > +}
> > diff --git a/tools/testing/selftests/bpf/progs/uprobe_syscall_call.c b/tools/testing/selftests/bpf/progs/uprobe_syscall_call.c
> > new file mode 100644
> > index 000000000000..5ea03bb47198
> > --- /dev/null
> > +++ b/tools/testing/selftests/bpf/progs/uprobe_syscall_call.c
> > @@ -0,0 +1,15 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +#include "vmlinux.h"
> > +#include <bpf/bpf_helpers.h>
> > +#include <string.h>
> > +
> > +struct pt_regs regs;
> > +
> > +char _license[] SEC("license") = "GPL";
> > +
> > +SEC("uretprobe//proc/self/exe:uretprobe_syscall_call")
> > +int uretprobe(struct pt_regs *regs)
> > +{
> > + bpf_printk("uretprobe called");
>
> debugging leftover? we probably don't want to pollute trace_pipe from test
the reason for this is to make sure the bpf program was not executed,
the test makes sure the child gets killed with SIGILL and also that
the bpf program was not executed by checking the trace_pipe and
making sure nothing was received
the trace_pipe reading is also why it's serial
jirka
>
> > + return 0;
> > +}
> > --
> > 2.44.0
> >
Powered by blists - more mailing lists