lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 29 Apr 2024 14:39:17 +0200
From: Mickaël Salaün <mic@...ikod.net>
To: Kees Cook <keescook@...omium.org>
Cc: Christian Brauner <brauner@...nel.org>, 
	Jakub Kicinski <kuba@...nel.org>, Mark Brown <broonie@...nel.org>, 
	Shengyu Li <shengyu.li.evgeny@...il.com>, Shuah Khan <shuah@...nel.org>, 
	"David S . Miller" <davem@...emloft.net>, Günther Noack <gnoack@...gle.com>, 
	Will Drewry <wad@...omium.org>, kernel test robot <oliver.sang@...el.com>, 
	linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org
Subject: Re: [PATCH v1 5/5] selftests/harness: Fix vfork() side effects and
 uncaught errors

On Fri, Apr 26, 2024 at 12:47:16PM -0700, Kees Cook wrote:
> On Fri, Apr 26, 2024 at 07:22:52PM +0200, Mickaël Salaün wrote:
> > Setting the time namespace with CLONE_NEWTIME returns -EUSERS if the
> > calling thread shares memory with another thread (because of the shared
> > vDSO), which is the case when it is created with vfork().
> > 
> > Fix pidfd_setns_test by replacing test harness's vfork() call with a
> > clone3() call with CLONE_VFORK, and an explicit sharing of the
> > __test_metadata and self objects.
> > 
> > Replace _metadata->teardown_parent with a new FIXTURE_TEARDOWN_PARENT()
> > helper that can replace FIXTURE_TEARDOWN().  This is a cleaner approach
> > and it enables to selectively share the fixture data between the child
> > process running tests and the parent process running the fixture
> > teardown.  This also avoids updating several tests to not rely on the
> > self object's copy-on-write property (e.g. storing the returned value of
> > a fork() call).
> > 
> > In the Landlock filesystem tests, don't allocate self->dir_path in the
> > test process because this would not be visible in the
> > FIXTURE_TEARDOWN_PARENT() process when not sharing the memory mapping.
> > 
> > Unconditionally share _metadata between all forked processes, which
> > enables to actually catch errors (which were previously ignored).
> > 
> > Replace a wrong EXPECT_GT(self->child_pid_exited, 0) with EXPECT_GE(),
> > which is now actually tested on the parent and child sides.
> > 
> > FIXTURE_VARIANT_ADD() doesn't need to be MAP_SHARED because it should
> > not be modified: it is already passed as const pointers to
> > FIXTURE_TEARDOWN().  Make that explicit by constifying the variants
> > declarations.
> 
> This patch makes at least(?) 3 different logical changes. Can you split
> these up a bit; I think it would make review a bit easier.

OK

> 
> I don't quite understand why the need for the explicit shared memory
> setup for the fixture metadata? Is this to deal with the vfork?

This change is needed for the parent process to check if any error
happened in the test child process during FIXTURE_SETUP(), TEST_F(), and
FIXTURE_TEARDOWN().  With vfork(), the sharing was implicit between the
parent and the child, but without sharing the full memory mapping we
need to MAP_SHARE it explicitly.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ