| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250515182322.117840-14-pasha.tatashin@soleen.com>
Date: Thu, 15 May 2025 18:23:17 +0000
From: Pasha Tatashin <pasha.tatashin@...een.com>
To: pratyush@...nel.org,
jasonmiu@...gle.com,
graf@...zon.com,
changyuanl@...gle.com,
pasha.tatashin@...een.com,
rppt@...nel.org,
dmatlack@...gle.com,
rientjes@...gle.com,
corbet@....net,
rdunlap@...radead.org,
ilpo.jarvinen@...ux.intel.com,
kanie@...ux.alibaba.com,
ojeda@...nel.org,
aliceryhl@...gle.com,
masahiroy@...nel.org,
akpm@...ux-foundation.org,
tj@...nel.org,
yoann.congal@...le.fr,
mmaurer@...gle.com,
roman.gushchin@...ux.dev,
chenridong@...wei.com,
axboe@...nel.dk,
mark.rutland@....com,
jannh@...gle.com,
vincent.guittot@...aro.org,
hannes@...xchg.org,
dan.j.williams@...el.com,
david@...hat.com,
joel.granados@...nel.org,
rostedt@...dmis.org,
anna.schumaker@...cle.com,
song@...nel.org,
zhangguopeng@...inos.cn,
linux@...ssschuh.net,
linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org,
linux-mm@...ck.org,
gregkh@...uxfoundation.org,
tglx@...utronix.de,
mingo@...hat.com,
bp@...en8.de,
dave.hansen@...ux.intel.com,
x86@...nel.org,
hpa@...or.com,
rafael@...nel.org,
dakr@...nel.org,
bartosz.golaszewski@...aro.org,
cw00.choi@...sung.com,
myungjoo.ham@...sung.com,
yesanishhere@...il.com,
Jonathan.Cameron@...wei.com,
quic_zijuhu@...cinc.com,
aleksander.lobakin@...el.com,
ira.weiny@...el.com,
andriy.shevchenko@...ux.intel.com,
leon@...nel.org,
lukas@...ner.de,
bhelgaas@...gle.com,
wagi@...nel.org,
djeffery@...hat.com,
stuart.w.hayes@...il.com,
ptyadav@...zon.de
Subject: [RFC v2 13/16] luo: add selftests for subsystems un/registration
Introduce a self-test mechanism for the LUO to allow verification of
core subsystem management functionality. This is primarily intended
for developers and system integrators validating the live update
feature.
The tests are enabled via the new Kconfig option
CONFIG_LIVEUPDATE_SELFTESTS (default 'n') and are triggered through
a new ioctl command, LIVEUPDATE_IOCTL_SELFTESTS, added to the
/dev/liveupdate device node.
This ioctl accepts commands defined in luo_selftests.h to:
- LUO_CMD_SUBSYSTEM_REGISTER: Creates and registers a dummy LUO
subsystem using the liveupdate_register_subsystem() function. It
allocates a data page and copies initial data from userspace.
- LUO_CMD_SUBSYSTEM_UNREGISTER: Unregisters the specified dummy
subsystem using the liveupdate_unregister_subsystem() function and
cleans up associated test resources.
- LUO_CMD_SUBSYSTEM_GETDATA: Copies the data page associated with a
registered test subsystem back to userspace, allowing verification of
data potentially modified or preserved by test callbacks.
This provides a way to test the fundamental registration and
unregistration flows within the LUO framework from userspace without
requiring a full live update sequence.
Signed-off-by: Pasha Tatashin <pasha.tatashin@...een.com>
---
drivers/misc/liveupdate/Kconfig | 15 ++
drivers/misc/liveupdate/Makefile | 1 +
drivers/misc/liveupdate/luo_internal.h | 9 +
drivers/misc/liveupdate/luo_ioctl.c | 4 +
drivers/misc/liveupdate/luo_selftests.c | 283 ++++++++++++++++++++++++
drivers/misc/liveupdate/luo_selftests.h | 23 ++
include/uapi/linux/liveupdate.h | 24 ++
7 files changed, 359 insertions(+)
create mode 100644 drivers/misc/liveupdate/luo_selftests.c
create mode 100644 drivers/misc/liveupdate/luo_selftests.h
diff --git a/drivers/misc/liveupdate/Kconfig b/drivers/misc/liveupdate/Kconfig
index 09940f9a724a..304217e2fe95 100644
--- a/drivers/misc/liveupdate/Kconfig
+++ b/drivers/misc/liveupdate/Kconfig
@@ -43,3 +43,18 @@ config LIVEUPDATE_SYSFS_API
needed to coordinate application restarts and minimize downtime.
If unsure, say N.
+
+config LIVEUPDATE_SELFTESTS
+ bool "Live Update Orchestrator - self tests"
+ depends on LIVEUPDATE
+ help
+ Say Y here to build self-tests for the LUO framework. When enabled,
+ these tests can be initiated via the ioctl interface to help verify
+ the core live update functionality.
+
+ This option is primarily intended for developers working on the
+ live update feature or for validation purposes during system
+ integration.
+
+ If you are unsure or are building a production kernel where size
+ or attack surface is a concern, say N.
diff --git a/drivers/misc/liveupdate/Makefile b/drivers/misc/liveupdate/Makefile
index 190323c10220..1afa4059b99f 100644
--- a/drivers/misc/liveupdate/Makefile
+++ b/drivers/misc/liveupdate/Makefile
@@ -2,5 +2,6 @@
obj-y += luo_ioctl.o
obj-y += luo_core.o
obj-y += luo_files.o
+obj-$(CONFIG_LIVEUPDATE_SELFTESTS) += luo_selftests.o
obj-y += luo_subsystems.o
obj-$(CONFIG_LIVEUPDATE_SYSFS_API) += luo_sysfs.o
diff --git a/drivers/misc/liveupdate/luo_internal.h b/drivers/misc/liveupdate/luo_internal.h
index bf1ba18722e2..45bf8398ab6e 100644
--- a/drivers/misc/liveupdate/luo_internal.h
+++ b/drivers/misc/liveupdate/luo_internal.h
@@ -40,6 +40,15 @@ void luo_sysfs_notify(void);
static inline void luo_sysfs_notify(void) {}
#endif
+#ifdef CONFIG_LIVEUPDATE_SELFTESTS
+int luo_ioctl_selftests(void __user *argp);
+#else
+static inline int luo_ioctl_selftests(void __user *argp)
+{
+ return -EOPNOTSUPP;
+}
+#endif
+
extern const char *const luo_state_str[];
/* Get the current state as a string */
diff --git a/drivers/misc/liveupdate/luo_ioctl.c b/drivers/misc/liveupdate/luo_ioctl.c
index 76c687ff650b..f92cea7eff82 100644
--- a/drivers/misc/liveupdate/luo_ioctl.c
+++ b/drivers/misc/liveupdate/luo_ioctl.c
@@ -152,6 +152,10 @@ static long luo_ioctl(struct file *filep, unsigned int cmd, unsigned long arg)
ret = -EFAULT;
break;
+ case LIVEUPDATE_IOCTL_SELFTESTS:
+ ret = luo_ioctl_selftests((void __user *)arg);
+ break;
+
default:
pr_warn("ioctl: unknown command nr: 0x%x\n", _IOC_NR(cmd));
ret = -ENOTTY;
diff --git a/drivers/misc/liveupdate/luo_selftests.c b/drivers/misc/liveupdate/luo_selftests.c
new file mode 100644
index 000000000000..7956e5c2371f
--- /dev/null
+++ b/drivers/misc/liveupdate/luo_selftests.c
@@ -0,0 +1,283 @@
+// SPDX-License-Identifier: GPL-2.0
+
+/*
+ * Copyright (c) 2025, Google LLC.
+ * Pasha Tatashin <pasha.tatashin@...een.com>
+ */
+
+/**
+ * DOC: LUO Selftests
+ *
+ * We provide ioctl-based selftest interface for the LUO. It provides a
+ * mechanism to test core LUO functionality, particularly the registration,
+ * unregistration, and data handling aspects of LUO subsystems, without
+ * requiring a full live update event sequence.
+ *
+ * The tests are intended primarily for developers working on the LUO framework
+ * or for validation purposes during system integration. This functionality is
+ * conditionally compiled based on the `CONFIG_LIVEUPDATE_SELFTESTS` Kconfig
+ * option and should typically be disabled in production kernels.
+ *
+ * Interface:
+ * The selftests are accessed via the `/dev/liveupdate` character device using
+ * the `LIVEUPDATE_IOCTL_SELFTESTS` ioctl command. The argument to the ioctl
+ * is a pointer to a `struct liveupdate_selftest` structure (defined in
+ * `uapi/linux/liveupdate.h`), which contains:
+ * - `cmd`: The specific selftest command to execute (e.g.,
+ * `LUO_CMD_SUBSYSTEM_REGISTER`).
+ * - `arg`: A pointer to a command-specific argument structure. For subsystem
+ * tests, this points to a `struct luo_arg_subsystem` (defined in
+ * `luo_selftests.h`).
+ *
+ * Commands:
+ * - `LUO_CMD_SUBSYSTEM_REGISTER`:
+ * Registers a new dummy LUO subsystem. It allocates kernel memory for test
+ * data, copies initial data from the user-provided `data_page`, sets up
+ * simple logging callbacks, and calls the core
+ * `liveupdate_register_subsystem()`
+ * function. Requires `arg` pointing to `struct luo_arg_subsystem`.
+ * - `LUO_CMD_SUBSYSTEM_UNREGISTER`:
+ * Unregisters a previously registered dummy subsystem identified by `name`.
+ * It calls the core `liveupdate_unregister_subsystem()` function and then
+ * frees the associated kernel memory and internal tracking structures.
+ * Requires `arg` pointing to `struct luo_arg_subsystem` (only `name` used).
+ * - `LUO_CMD_SUBSYSTEM_GETDATA`:
+ * Copies the content of the kernel data page associated with the specified
+ * dummy subsystem (`name`) back to the user-provided `data_page`. This allows
+ * userspace to verify the state of the data after potential test operations.
+ * Requires `arg` pointing to `struct luo_arg_subsystem`.
+ */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <linux/errno.h>
+#include <linux/gfp.h>
+#include <linux/kexec_handover.h>
+#include <linux/liveupdate.h>
+#include <linux/mutex.h>
+#include <linux/uaccess.h>
+#include <uapi/linux/liveupdate.h>
+#include "luo_internal.h"
+#include "luo_selftests.h"
+
+struct luo_subsystems {
+ struct liveupdate_subsystem handle;
+ char name[LUO_NAME_LENGTH];
+ void *data;
+ bool in_use;
+} luo_subsystems[LUO_MAX_SUBSYSTEMS];
+
+/* Only allow one selftest ioctl operation at a time */
+static DEFINE_MUTEX(luo_ioctl_mutex);
+
+static int luo_subsystem_prepare(void *arg, u64 *data)
+{
+ unsigned long i = (unsigned long)arg;
+ unsigned long phys_addr = __pa(luo_subsystems[i].data);
+ int ret;
+
+ ret = kho_preserve_phys(phys_addr, PAGE_SIZE);
+ if (ret)
+ return ret;
+
+ *data = phys_addr;
+ pr_info("Subsystem '%s' prepare data[%lx]\n",
+ luo_subsystems[i].name, phys_addr);
+
+ return 0;
+}
+
+static int luo_subsystem_freeze(void *arg, u64 *data)
+{
+ unsigned long i = (unsigned long)arg;
+
+ pr_info("Subsystem '%s' freeze data[%llx]\n",
+ luo_subsystems[i].name, *data);
+
+ return 0;
+}
+
+static void luo_subsystem_cancel(void *arg, u64 data)
+{
+ unsigned long i = (unsigned long)arg;
+
+ pr_info("Subsystem '%s' canel data[%llx]\n",
+ luo_subsystems[i].name, data);
+}
+
+static void luo_subsystem_finish(void *arg, u64 data)
+{
+ unsigned long i = (unsigned long)arg;
+
+ pr_info("Subsystem '%s' finish data[%llx]\n",
+ luo_subsystems[i].name, data);
+}
+
+static int luo_subsystem_idx(char *name)
+{
+ int i;
+
+ for (i = 0; i < LUO_MAX_SUBSYSTEMS; i++) {
+ if (luo_subsystems[i].in_use &&
+ !strcmp(luo_subsystems[i].name, name))
+ break;
+ }
+
+ if (i == LUO_MAX_SUBSYSTEMS) {
+ pr_warn("Subsystem with name '%s' is not registred\n", name);
+
+ return -EINVAL;
+ }
+
+ return i;
+}
+
+static void luo_put_and_free_subsystem(char *name)
+{
+ int i = luo_subsystem_idx(name);
+
+ if (i < 0)
+ return;
+
+ free_page((unsigned long)luo_subsystems[i].data);
+ luo_subsystems[i].in_use = false;
+}
+
+static int luo_get_and_alloc_subsystem(char *name, void __user *data,
+ struct liveupdate_subsystem **hp)
+{
+ unsigned long page_addr, i;
+
+ page_addr = get_zeroed_page(GFP_KERNEL);
+ if (!page_addr) {
+ pr_warn("Failed to allocate memory for subsystem data\n");
+ return -ENOMEM;
+ }
+
+ if (copy_from_user((void *)page_addr, data, PAGE_SIZE)) {
+ free_page(page_addr);
+ return -EFAULT;
+ }
+
+ for (i = 0; i < LUO_MAX_SUBSYSTEMS; i++) {
+ if (!luo_subsystems[i].in_use)
+ break;
+ }
+
+ if (i == LUO_MAX_SUBSYSTEMS) {
+ pr_warn("Maximum number of subsystems registered\n");
+ return -ENOMEM;
+ }
+
+ luo_subsystems[i].in_use = true;
+ luo_subsystems[i].handle.prepare = luo_subsystem_prepare;
+ luo_subsystems[i].handle.freeze = luo_subsystem_freeze;
+ luo_subsystems[i].handle.cancel = luo_subsystem_cancel;
+ luo_subsystems[i].handle.finish = luo_subsystem_finish;
+ luo_subsystems[i].handle.name = luo_subsystems[i].name;
+ luo_subsystems[i].handle.arg = (void *)i;
+ strscpy(luo_subsystems[i].name, name, LUO_NAME_LENGTH);
+ luo_subsystems[i].data = (void *)page_addr;
+
+ *hp = &luo_subsystems[i].handle;
+
+ return 0;
+}
+
+static int luo_cmd_subsystem_unregister(void __user *argp)
+{
+ struct luo_arg_subsystem arg;
+ int ret, i;
+
+ if (copy_from_user(&arg, argp, sizeof(arg)))
+ return -EFAULT;
+
+ i = luo_subsystem_idx(arg.name);
+ if (i < 0)
+ return i;
+
+ ret = liveupdate_unregister_subsystem(&luo_subsystems[i].handle);
+ if (ret)
+ return ret;
+
+ luo_put_and_free_subsystem(arg.name);
+
+ return 0;
+}
+
+static int luo_cmd_subsystem_register(void __user *argp)
+{
+ struct liveupdate_subsystem *h;
+ struct luo_arg_subsystem arg;
+ int ret;
+
+ if (copy_from_user(&arg, argp, sizeof(arg)))
+ return -EFAULT;
+
+ ret = luo_get_and_alloc_subsystem(arg.name,
+ (void __user *)arg.data_page, &h);
+ if (ret)
+ return ret;
+
+ ret = liveupdate_register_subsystem(h);
+ if (ret)
+ luo_put_and_free_subsystem(arg.name);
+
+ return ret;
+}
+
+static int luo_cmd_subsystem_getdata(void __user *argp)
+{
+ struct luo_arg_subsystem arg;
+ int i;
+
+ if (copy_from_user(&arg, argp, sizeof(arg)))
+ return -EFAULT;
+
+ i = luo_subsystem_idx(arg.name);
+ if (i < 0)
+ return i;
+
+ if (copy_to_user(arg.data_page, luo_subsystems[i].data,
+ PAGE_SIZE)) {
+ return -EFAULT;
+ }
+
+ return 0;
+}
+
+int luo_ioctl_selftests(void __user *argp)
+{
+ struct liveupdate_selftest luo_st;
+ void __user *cmd_argp;
+ int ret = 0;
+
+ if (copy_from_user(&luo_st, argp, sizeof(luo_st)))
+ return -EFAULT;
+
+ cmd_argp = (void __user *)luo_st.arg;
+
+ mutex_lock(&luo_ioctl_mutex);
+ switch (luo_st.cmd) {
+ case LUO_CMD_SUBSYSTEM_REGISTER:
+ ret = luo_cmd_subsystem_register(cmd_argp);
+ break;
+
+ case LUO_CMD_SUBSYSTEM_UNREGISTER:
+ ret = luo_cmd_subsystem_unregister(cmd_argp);
+ break;
+
+ case LUO_CMD_SUBSYSTEM_GETDATA:
+ ret = luo_cmd_subsystem_getdata(cmd_argp);
+ break;
+
+ default:
+ pr_warn("ioctl: unknown self-test command nr: 0x%llx\n",
+ luo_st.cmd);
+ ret = -ENOTTY;
+ break;
+ }
+ mutex_unlock(&luo_ioctl_mutex);
+
+ return ret;
+}
diff --git a/drivers/misc/liveupdate/luo_selftests.h b/drivers/misc/liveupdate/luo_selftests.h
new file mode 100644
index 000000000000..a30c6ce2273e
--- /dev/null
+++ b/drivers/misc/liveupdate/luo_selftests.h
@@ -0,0 +1,23 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+/*
+ * Copyright (c) 2025, Google LLC.
+ * Pasha Tatashin <pasha.tatashin@...een.com>
+ */
+
+#ifndef _LINUX_LUO_SELFTESTS_H
+#define _LINUX_LUO_SELFTESTS_H
+
+/* Maximum number of subsystem self-test can register */
+#define LUO_MAX_SUBSYSTEMS 16
+#define LUO_NAME_LENGTH 32
+
+#define LUO_CMD_SUBSYSTEM_REGISTER 0
+#define LUO_CMD_SUBSYSTEM_UNREGISTER 1
+#define LUO_CMD_SUBSYSTEM_GETDATA 2
+struct luo_arg_subsystem {
+ char name[LUO_NAME_LENGTH];
+ void *data_page;
+};
+
+#endif /* _LINUX_LUO_SELFTESTS_H */
diff --git a/include/uapi/linux/liveupdate.h b/include/uapi/linux/liveupdate.h
index c673d08a29ea..e77a7b4e3448 100644
--- a/include/uapi/linux/liveupdate.h
+++ b/include/uapi/linux/liveupdate.h
@@ -81,6 +81,18 @@ struct liveupdate_fd {
__u64 token;
};
+/**
+ * struct liveupdate_selftest - Holds directions for the self-test operations.
+ * @cmd: Selftest comman defined in luo_selftests.h.
+ * @arg: Argument for the self test command.
+ *
+ * This structure is used only for the selftest purposes.
+ */
+struct liveupdate_selftest {
+ __u64 cmd;
+ __u64 arg;
+};
+
/* The ioctl type, documented in ioctl-number.rst */
#define LIVEUPDATE_IOCTL_TYPE 0xBA
@@ -297,4 +309,16 @@ struct liveupdate_fd {
#define LIVEUPDATE_IOCTL_EVENT_FINISH \
_IO(LIVEUPDATE_IOCTL_TYPE, 0x07)
+/**
+ * LIVEUPDATE_IOCTL_SELFTESTS - Interface for the LUO selftests
+ *
+ * Argument: Pointer to &struct liveupdate_selftest.
+ *
+ * Use by LUO selftests, commands are declared in luo_selftests.h
+ *
+ * Return: 0 on success, negative error code on failure (e.g., invalid token).
+ */
+#define LIVEUPDATE_IOCTL_SELFTESTS \
+ _IOWR(LIVEUPDATE_IOCTL_TYPE, 0x08, struct liveupdate_selftest)
+
#endif /* _UAPI_LIVEUPDATE_H */
--
2.49.0.1101.gccaa498523-goog
Powered by blists - more mailing lists