lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1F7835B6-2B7D-4A82-AB91-D4D6569662D8@fb.com>
Date:   Thu, 4 Nov 2021 17:36:59 +0000
From:   Song Liu <songliubraving@...com>
To:     Yonghong Song <yhs@...com>
CC:     bpf <bpf@...r.kernel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "ast@...nel.org" <ast@...nel.org>,
        "daniel@...earbox.net" <daniel@...earbox.net>,
        "andrii@...nel.org" <andrii@...nel.org>,
        Kernel Team <Kernel-team@...com>,
        "kpsingh@...nel.org" <kpsingh@...nel.org>
Subject: Re: [PATCH v2 bpf-next 2/2] selftests/bpf: add tests for bpf_find_vma



> On Nov 4, 2021, at 10:17 AM, Song Liu <songliubraving@...com> wrote:
> 
> 
> 
>> On Nov 4, 2021, at 10:07 AM, Yonghong Song <yhs@...com> wrote:
>> 
>> 
>> 
>> On 11/4/21 12:00 AM, Song Liu wrote:
>>> Add tests for bpf_find_vma in perf_event program and kprobe program. The
>>> perf_event program is triggered from NMI context, so the second call of
>>> bpf_find_vma() will return -EBUSY (irq_work busy). The kprobe program,
>>> on the other hand, does not have this constraint.
>>> Also add test for illegal writes to task or vma from the callback
>>> function. The verifier should reject both cases.
>>> Signed-off-by: Song Liu <songliubraving@...com>
> 
> [...]
> 
>>> +static void test_find_vma_pe(struct find_vma *skel)
>>> +{
>>> +	struct bpf_link *link = NULL;
>>> +	volatile int j = 0;
>>> +	int pfd = -1, i;
>>> +
>>> +	pfd = open_pe();
>>> +	if (pfd < 0) {
>>> +		if (pfd == -ENOENT || pfd == -EOPNOTSUPP) {
>>> +			printf("%s:SKIP:no PERF_COUNT_HW_CPU_CYCLES\n", __func__);
>>> +			test__skip();
>>> +		}
>>> +		if (!ASSERT_GE(pfd, 0, "perf_event_open"))
>>> +			goto cleanup;
>>> +	}
>>> +
>>> +	link = bpf_program__attach_perf_event(skel->progs.handle_pe, pfd);
>>> +	if (!ASSERT_OK_PTR(link, "attach_perf_event"))
>>> +		goto cleanup;
>>> +
>>> +	for (i = 0; i < 1000000; ++i)
>>> +		++j;
>> 
>> Does this really work? Compiler could do
>> j += 1000000;
> 
> I think compiler won't do it with volatile j? 
> 
>> 
>>> +
>>> +	test_and_reset_skel(skel, -EBUSY /* in nmi, irq_work is busy */);
>>> +cleanup:
>>> +	bpf_link__destroy(link);
>>> +	close(pfd);
>>> +	/* caller will clean up skel */
>> 
>> Above comment is not needed. It should be clear from the code.
>> 
>>> +}
>>> +
>>> +static void test_find_vma_kprobe(struct find_vma *skel)
>>> +{
>>> +	int err;
>>> +
>>> +	err = find_vma__attach(skel);
>>> +	if (!ASSERT_OK(err, "get_branch_snapshot__attach"))
>>> +		return;  /* caller will cleanup skel */
>>> +
>>> +	getpgid(skel->bss->target_pid);
>>> +	test_and_reset_skel(skel, -ENOENT /* could not find vma for ptr 0 */);
>>> +}
>>> +
>>> +static void test_illegal_write_vma(void)
>>> +{
>>> +	struct find_vma_fail1 *skel;
>>> +
>>> +	skel = find_vma_fail1__open_and_load();
>>> +	ASSERT_ERR_PTR(skel, "find_vma_fail1__open_and_load");
>>> +}
>>> +
>>> +static void test_illegal_write_task(void)
>>> +{
>>> +	struct find_vma_fail2 *skel;
>>> +
>>> +	skel = find_vma_fail2__open_and_load();
>>> +	ASSERT_ERR_PTR(skel, "find_vma_fail2__open_and_load");
>>> +}
>>> +
>>> +void serial_test_find_vma(void)
>>> +{
>>> +	struct find_vma *skel;
>>> +
>>> +	skel = find_vma__open_and_load();
>>> +	if (!ASSERT_OK_PTR(skel, "find_vma__open_and_load"))
>>> +		return;
>>> +
>>> +	skel->bss->target_pid = getpid();
>>> +	skel->bss->addr = (__u64)test_find_vma_pe;
>>> +
>>> +	test_find_vma_pe(skel);
>>> +	usleep(100000); /* allow the irq_work to finish */
>>> +	test_find_vma_kprobe(skel);
>>> +
>>> +	find_vma__destroy(skel);
>>> +	test_illegal_write_vma();
>>> +	test_illegal_write_task();
>>> +}
>>> diff --git a/tools/testing/selftests/bpf/progs/find_vma.c b/tools/testing/selftests/bpf/progs/find_vma.c
>>> new file mode 100644
>>> index 0000000000000..2776718a54e29
>>> --- /dev/null
>>> +++ b/tools/testing/selftests/bpf/progs/find_vma.c
>>> @@ -0,0 +1,70 @@
>>> +// SPDX-License-Identifier: GPL-2.0
>>> +/* Copyright (c) 2021 Facebook */
>>> +#include "vmlinux.h"
>>> +#include <bpf/bpf_helpers.h>
>>> +#include <bpf/bpf_tracing.h>
>>> +
>>> +char _license[] SEC("license") = "GPL";
>>> +
>>> +struct callback_ctx {
>>> +	int dummy;
>>> +};
>>> +
>>> +#define VM_EXEC		0x00000004
>>> +#define DNAME_INLINE_LEN 32
>>> +
>>> +pid_t target_pid = 0;
>>> +char d_iname[DNAME_INLINE_LEN] = {0};
>>> +__u32 found_vm_exec = 0;
>>> +__u64 addr = 0;
>>> +int find_zero_ret = -1;
>>> +int find_addr_ret = -1;
>>> +
>>> +static __u64
>> 
>> Let us 'long' instead of '__u64' to match uapi bpf.h.
>> 
>>> +check_vma(struct task_struct *task, struct vm_area_struct *vma,
>>> +	  struct callback_ctx *data)
>>> +{
>>> +	if (vma->vm_file)
>>> +		bpf_probe_read_kernel_str(d_iname, DNAME_INLINE_LEN - 1,
>>> +					  vma->vm_file->f_path.dentry->d_iname);
>>> +
>>> +	/* check for VM_EXEC */
>>> +	if (vma->vm_flags & VM_EXEC)
>>> +		found_vm_exec = 1;
>>> +
>>> +	return 0;
>>> +}
>>> +
>>> +SEC("kprobe/__x64_sys_getpgid")
>> 
>> The test will fail for non x86_64 architecture.
>> I had some tweaks in test_probe_user.c. Please take a look.
>> We can refactor to make tweaks in test_probe_user.c reusable
>> by other files.
> 
> Good point. I will look into this. 

Actually, we can just use SEC("raw_tp/sys_enter") here. 

Thanks,
Song

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ