| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEf4BzZK1=zdy1_ZdwWXK7Ryk+uWQeSApcpxFT9yMp4bRNanDQ@mail.gmail.com>
Date: Wed, 5 Jan 2022 12:40:34 -0800
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Jiri Olsa <jolsa@...hat.com>
Cc: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Jussi Maki <joamaki@...il.com>, Hangbin Liu <haliu@...hat.com>,
Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...omium.org>
Subject: Re: [PATCH] bpf/selftests: Fix namespace mount setup in tc_redirect
On Tue, Jan 4, 2022 at 4:10 AM Jiri Olsa <jolsa@...hat.com> wrote:
>
> The tc_redirect umounts /sys in the new namespace, which can be
> mounted as shared and cause global umount. The lazy umount also
> takes down mounted trees under /sys like debugfs, which won't be
> available after sysfs mounts again and could cause fails in other
> tests.
>
> # cat /proc/self/mountinfo | grep debugfs
> 34 23 0:7 / /sys/kernel/debug rw,nosuid,nodev,noexec,relatime shared:14 - debugfs debugfs rw
> # cat /proc/self/mountinfo | grep sysfs
> 23 86 0:22 / /sys rw,nosuid,nodev,noexec,relatime shared:2 - sysfs sysfs rw
> # mount | grep debugfs
> debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
>
> # ./test_progs -t tc_redirect
> #164 tc_redirect:OK
> Summary: 1/4 PASSED, 0 SKIPPED, 0 FAILED
>
> # mount | grep debugfs
> # cat /proc/self/mountinfo | grep debugfs
> # cat /proc/self/mountinfo | grep sysfs
> 25 86 0:22 / /sys rw,relatime shared:2 - sysfs sysfs rw
>
> Making the sysfs private under the new namespace so the umount won't
> trigger the global sysfs umount.
Hey Jiri,
Thanks for the fix. Did you try making tc_redirect non-serial again
(s/serial_test_tc_redirect/test_tc_redirect/) and doing parallelized
test_progs run (./test_progs -j) in a tight loop for a while? I
suspect this might have been an issue forcing us to make this test
serial in the first place, so now that it's fixed, we can make
parallel test_progs a bit faster.
>
> Cc: Jussi Maki <joamaki@...il.com>
> Reported-by: Hangbin Liu <haliu@...hat.com>
> Signed-off-by: Jiri Olsa <jolsa@...nel.org>
> ---
> tools/testing/selftests/bpf/prog_tests/tc_redirect.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/tc_redirect.c b/tools/testing/selftests/bpf/prog_tests/tc_redirect.c
> index 4b18b73df10b..c2426df58e17 100644
> --- a/tools/testing/selftests/bpf/prog_tests/tc_redirect.c
> +++ b/tools/testing/selftests/bpf/prog_tests/tc_redirect.c
> @@ -105,6 +105,13 @@ static int setns_by_fd(int nsfd)
> if (!ASSERT_OK(err, "unshare"))
> return err;
>
> + /* Make our /sys mount private, so the following umount won't
> + * trigger the global umount in case it's shared.
> + */
> + err = mount("none", "/sys", NULL, MS_PRIVATE, NULL);
> + if (!ASSERT_OK(err, "remount private /sys"))
> + return err;
> +
> err = umount2("/sys", MNT_DETACH);
> if (!ASSERT_OK(err, "umount2 /sys"))
> return err;
> --
> 2.33.1
>
Powered by blists - more mailing lists