| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <8B104F28-3DD6-412F-B8D1-0120033890A4@oracle.com>
Date: Thu, 17 Oct 2024 15:43:19 +0000
From: Anjali Kulkarni <anjali.k.kulkarni@...cle.com>
To: Stanislav Fomichev <stfomichev@...il.com>
CC: "davem@...emloft.net" <davem@...emloft.net>,
Liam Howlett
<liam.howlett@...cle.com>,
"edumazet@...gle.com" <edumazet@...gle.com>,
"kuba@...nel.org" <kuba@...nel.org>,
"pabeni@...hat.com" <pabeni@...hat.com>,
"mingo@...hat.com" <mingo@...hat.com>,
"peterz@...radead.org"
<peterz@...radead.org>,
"juri.lelli@...hat.com" <juri.lelli@...hat.com>,
"vincent.guittot@...aro.org" <vincent.guittot@...aro.org>,
"dietmar.eggemann@....com" <dietmar.eggemann@....com>,
"rostedt@...dmis.org"
<rostedt@...dmis.org>,
"bsegall@...gle.com" <bsegall@...gle.com>,
"mgorman@...e.de" <mgorman@...e.de>,
"vschneid@...hat.com"
<vschneid@...hat.com>,
"jiri@...nulli.us" <jiri@...nulli.us>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>,
"shuah@...nel.org"
<shuah@...nel.org>,
"linux-kselftest@...r.kernel.org"
<linux-kselftest@...r.kernel.org>,
Pei Li <peili.io@...cle.com>
Subject: Re: [PATCH net-next v4 1/3] connector/cn_proc: Add hash table for
threads
> On Oct 17, 2024, at 8:24 AM, Stanislav Fomichev <stfomichev@...il.com> wrote:
>
> On 10/16, Anjali Kulkarni wrote:
>> Add a new type PROC_CN_MCAST_NOTIFY to proc connector API, which allows a
>> thread to notify the kernel that is going to exit with a non-zero exit
>> code and specify the exit code in it. When thread exits in the kernel,
>> it will send this exit code as a proc filter notification to any
>> listening process.
>> Exiting thread can call this either when it wants to call pthread_exit()
>> with non-zero value or from signal handler.
>>
>> Add a new file cn_hash.c which implements a hash table storing the exit
>> codes of abnormally exiting threads, received by the system call above.
>> The key used for the hash table is the pid of the thread, so when the
>> thread actually exits, we lookup it's pid in the hash table and retrieve
>> the exit code sent by user. If the exit code in struct task is 0, we
>> then replace it with the user supplied non-zero exit code.
>>
>> cn_hash.c implements the hash table add, delete, lookup operations.
>> mutex_lock() and mutex_unlock() operations are used to safeguard the
>> integrity of the hash table while adding or deleting elements.
>> connector.c has the API calls, called from cn_proc.c, as well as calls
>> to allocate, initialize and free the hash table.
>>
>> Add a new flag in PF_* flags of task_struct - EXIT_NOTIFY. This flag is
>> set when user sends the exit code via PROC_CN_MCAST_NOTIFY. While
>> exiting, this flag is checked and the hash table add or delete calls
>> are only made if this flag is set.
>>
>> A refcount field hrefcnt is added in struct cn_hash_dev, to keep track
>> of number of threads which have added an entry in hash table. Before
>> freeing the struct cn_hash_dev, this value must be 0.
>> This refcnt check is added in case CONFIG_CONNECTOR is compiled as a
>> module. In that case, when unloading the module, we need to make sure
>> no hash entries are still present in the hdev table.
>>
>> Copy the task's name (task->comm) into the exit event notification.
>> This will allow applications to filter on the name further using
>> userspace filtering like ebpf.
>>
>> Signed-off-by: Anjali Kulkarni <anjali.k.kulkarni@...cle.com>
>> ---
>> drivers/connector/Makefile | 2 +-
>> drivers/connector/cn_hash.c | 181 ++++++++++++++++++++++++++++++++++
>> drivers/connector/cn_proc.c | 62 +++++++++++-
>> drivers/connector/connector.c | 63 +++++++++++-
>> include/linux/connector.h | 31 ++++++
>> include/linux/sched.h | 2 +-
>> include/uapi/linux/cn_proc.h | 5 +-
>> 7 files changed, 338 insertions(+), 8 deletions(-)
>> create mode 100644 drivers/connector/cn_hash.c
>>
>> diff --git a/drivers/connector/Makefile b/drivers/connector/Makefile
>> index 1bf67d3df97d..cb1dcdf067ad 100644
>> --- a/drivers/connector/Makefile
>> +++ b/drivers/connector/Makefile
>> @@ -2,4 +2,4 @@
>> obj-$(CONFIG_CONNECTOR) += cn.o
>> obj-$(CONFIG_PROC_EVENTS) += cn_proc.o
>>
>> -cn-y += cn_queue.o connector.o
>> +cn-y += cn_hash.o cn_queue.o connector.o
>> diff --git a/drivers/connector/cn_hash.c b/drivers/connector/cn_hash.c
>> new file mode 100644
>> index 000000000000..a079e9bcea6d
>> --- /dev/null
>> +++ b/drivers/connector/cn_hash.c
>> @@ -0,0 +1,181 @@
>> +// SPDX-License-Identifier: GPL-2.0-only
>> +/*
>> + * Author: Anjali Kulkarni <anjali.k.kulkarni@...cle.com>
>> + *
>> + * Copyright (c) 2024 Oracle and/or its affiliates.
>> + */
>> +
>> +#include <linux/kernel.h>
>> +#include <linux/init.h>
>> +#include <linux/connector.h>
>> +#include <linux/mutex.h>
>> +#include <linux/pid_namespace.h>
>> +
>> +#include <linux/cn_proc.h>
>> +
>> +struct cn_hash_dev *cn_hash_alloc_dev(const char *name)
>> +{
>> + struct cn_hash_dev *hdev;
>> +
>> + hdev = kzalloc(sizeof(*hdev), GFP_KERNEL);
>> + if (!hdev)
>> + return NULL;
>> +
>> + snprintf(hdev->name, sizeof(hdev->name), "%s", name);
>> + atomic_set(&hdev->hrefcnt, 0);
>> + mutex_init(&hdev->uexit_hash_lock);
>> + hash_init(hdev->uexit_pid_htable);
>> + return hdev;
>> +}
>> +
>> +void cn_hash_free_dev(struct cn_hash_dev *hdev)
>> +{
>> + struct uexit_pid_hnode *hnode;
>> + struct hlist_node *tmp;
>> + int bucket;
>> +
>> + pr_debug("%s: Freeing entire hdev %p\n", __func__, hdev);
>> +
>> + mutex_lock(&hdev->uexit_hash_lock);
>> + hash_for_each_safe(hdev->uexit_pid_htable, bucket, tmp,
>> + hnode, uexit_pid_hlist) {
>> + hash_del(&hnode->uexit_pid_hlist);
>> + pr_debug("%s: Freeing node for pid %d\n",
>> + __func__, hnode->pid);
>> + kfree(hnode);
>> + }
>> +
>> + mutex_unlock(&hdev->uexit_hash_lock);
>> + mutex_destroy(&hdev->uexit_hash_lock);
>> +
>> + /*
>> + * This refcnt check is added in case CONFIG_CONNECTOR is
>> + * compiled with =m as a module. In that case, when unloading
>> + * the module, we need to make sure no hash entries are still
>> + * present in the hdev table.
>> + */
>> + while (atomic_read(&hdev->hrefcnt)) {
>> + pr_info("Waiting for %s to become free: refcnt=%d\n",
>> + hdev->name, atomic_read(&hdev->hrefcnt));
>> + msleep(1000);
>> + }
>> +
>> + kfree(hdev);
>> + hdev = NULL;
>> +}
>> +
>> +static struct uexit_pid_hnode *cn_hash_alloc_elem(__u32 uexit_code, pid_t pid)
>> +{
>> + struct uexit_pid_hnode *elem;
>> +
>> + elem = kzalloc(sizeof(*elem), GFP_KERNEL);
>> + if (!elem)
>> + return NULL;
>> +
>> + INIT_HLIST_NODE(&elem->uexit_pid_hlist);
>> + elem->uexit_code = uexit_code;
>> + elem->pid = pid;
>> + return elem;
>> +}
>> +
>> +static inline void cn_hash_free_elem(struct uexit_pid_hnode *elem)
>> +{
>> + kfree(elem);
>> +}
>> +
>> +int cn_hash_add_elem(struct cn_hash_dev *hdev, __u32 uexit_code, pid_t pid)
>> +{
>> + struct uexit_pid_hnode *elem, *hnode;
>> +
>> + elem = cn_hash_alloc_elem(uexit_code, pid);
>> + if (!elem) {
>> + pr_err("%s: cn_hash_alloc_elem() returned NULL pid %d\n",
>> + __func__, pid);
>> + return -ENOMEM;
>> + }
>> +
>> + mutex_lock(&hdev->uexit_hash_lock);
>> + /*
>> + * Check if an entry for the same pid already exists
>> + */
>> + hash_for_each_possible(hdev->uexit_pid_htable,
>> + hnode, uexit_pid_hlist, pid) {
>> + if (hnode->pid == pid) {
>> + mutex_unlock(&hdev->uexit_hash_lock);
>> + cn_hash_free_elem(elem);
>> + pr_debug("%s: pid %d already exists in hash table\n",
>> + __func__, pid);
>> + return -EEXIST;
>> + }
>> + }
>> +
>> + hash_add(hdev->uexit_pid_htable, &elem->uexit_pid_hlist, pid);
>> + mutex_unlock(&hdev->uexit_hash_lock);
>> +
>> + atomic_inc(&hdev->hrefcnt);
>> +
>> + pr_debug("%s: After hash_add of pid %d elem %p hrefcnt %d\n",
>> + __func__, pid, elem, atomic_read(&hdev->hrefcnt));
>> + return 0;
>> +}
>> +
>> +int cn_hash_del_get_exval(struct cn_hash_dev *hdev, pid_t pid)
>> +{
>> + struct uexit_pid_hnode *hnode;
>> + struct hlist_node *tmp;
>> + int excde;
>> +
>> + mutex_lock(&hdev->uexit_hash_lock);
>> + hash_for_each_possible_safe(hdev->uexit_pid_htable,
>> + hnode, tmp, uexit_pid_hlist, pid) {
>> + if (hnode->pid == pid) {
>> + excde = hnode->uexit_code;
>> + hash_del(&hnode->uexit_pid_hlist);
>> + mutex_unlock(&hdev->uexit_hash_lock);
>> + kfree(hnode);
>> + atomic_dec(&hdev->hrefcnt);
>> + pr_debug("%s: After hash_del of pid %d, found exit code %u hrefcnt %d\n",
>> + __func__, pid, excde,
>> + atomic_read(&hdev->hrefcnt));
>> + return excde;
>> + }
>> + }
>> +
>> + mutex_unlock(&hdev->uexit_hash_lock);
>> + pr_err("%s: pid %d not found in hash table\n",
>> + __func__, pid);
>> + return -EINVAL;
>> +}
>> +
>> +int cn_hash_get_exval(struct cn_hash_dev *hdev, pid_t pid)
>> +{
>> + struct uexit_pid_hnode *hnode;
>> + __u32 excde;
>> +
>> + mutex_lock(&hdev->uexit_hash_lock);
>> + hash_for_each_possible(hdev->uexit_pid_htable,
>> + hnode, uexit_pid_hlist, pid) {
>> + if (hnode->pid == pid) {
>> + excde = hnode->uexit_code;
>> + mutex_unlock(&hdev->uexit_hash_lock);
>> + pr_debug("%s: Found exit code %u for pid %d\n",
>> + __func__, excde, pid);
>> + return excde;
>> + }
>> + }
>> +
>> + mutex_unlock(&hdev->uexit_hash_lock);
>> + pr_debug("%s: pid %d not found in hash table\n",
>> + __func__, pid);
>> + return -EINVAL;
>> +}
>> +
>> +bool cn_hash_table_empty(struct cn_hash_dev *hdev)
>> +{
>> + bool is_empty;
>> +
>> + is_empty = hash_empty(hdev->uexit_pid_htable);
>> + pr_debug("Hash table is %s\n", (is_empty ? "empty" : "not empty"));
>> +
>> + return is_empty;
>> +}
>> diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
>> index 44b19e696176..0632a70a89a0 100644
>> --- a/drivers/connector/cn_proc.c
>> +++ b/drivers/connector/cn_proc.c
>> @@ -69,6 +69,8 @@ static int cn_filter(struct sock *dsk, struct sk_buff *skb, void *data)
>> if ((__u32)val == PROC_EVENT_ALL)
>> return 0;
>>
>> + pr_debug("%s: val %lx, what %x\n", __func__, val, what);
>> +
>> /*
>> * Drop packet if we have to report only non-zero exit status
>> * (PROC_EVENT_NONZERO_EXIT) and exit status is 0
>> @@ -326,9 +328,15 @@ void proc_exit_connector(struct task_struct *task)
>> struct proc_event *ev;
>> struct task_struct *parent;
>> __u8 buffer[CN_PROC_MSG_SIZE] __aligned(8);
>> + int uexit_code;
>>
>> - if (atomic_read(&proc_event_num_listeners) < 1)
>> + if (atomic_read(&proc_event_num_listeners) < 1) {
>> + if (likely(!(task->flags & PF_EXIT_NOTIFY)))
>> + return;
>> +
>> + cn_del_get_exval(task->pid);
>> return;
>> + }
>>
>> msg = buffer_to_cn_msg(buffer);
>> ev = (struct proc_event *)msg->data;
>> @@ -337,7 +345,26 @@ void proc_exit_connector(struct task_struct *task)
>> ev->what = PROC_EVENT_EXIT;
>> ev->event_data.exit.process_pid = task->pid;
>> ev->event_data.exit.process_tgid = task->tgid;
>> - ev->event_data.exit.exit_code = task->exit_code;
>> + if (unlikely(task->flags & PF_EXIT_NOTIFY)) {
>> + task->flags &= ~PF_EXIT_NOTIFY;
>> +
>> + uexit_code = cn_del_get_exval(task->pid);
>> + if (uexit_code <= 0) {
>> + pr_debug("%s: err %d returning task's exit code %u\n",
>> + uexit_code, __func__,
>> + task->exit_code);
>
> (I might have commented on the older revision, but same issue here)
>
> In file included from ./include/linux/kernel.h:31,
> from drivers/connector/cn_proc.c:11:
> drivers/connector/cn_proc.c: In function ‘proc_exit_connector’:
> drivers/connector/cn_proc.c:353:34: error: format ‘%s’ expects argument of type ‘char *’, but argument 3 has type ‘int’ [-Werror=format=]
> 353 | pr_debug("%s: err %d returning task's exit code %u\n",
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
Thanks a lot! I had seen this error and corrected it, and compiled each patch separately and all together before sending, so not sure how this happened, but will resend another patch version. Thanks for catching it.
Anjali
> ---
> pw-bot: cr
Powered by blists - more mailing lists