lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAADnVQ+dbiBVOuPXY6N8EjQh=7wtQt-mCXP3Ujd1xFfD5rLbew@mail.gmail.com>
Date: Fri, 28 Mar 2025 11:45:11 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Song Liu <songliubraving@...a.com>
Cc: Andrii Nakryiko <andrii.nakryiko@...il.com>, Song Liu <song@...nel.org>, 
	"bpf@...r.kernel.org" <bpf@...r.kernel.org>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, 
	"ast@...nel.org" <ast@...nel.org>, "daniel@...earbox.net" <daniel@...earbox.net>, 
	"andrii@...nel.org" <andrii@...nel.org>, Kernel Team <kernel-team@...a.com>, 
	"kuba@...nel.org" <kuba@...nel.org>
Subject: Re: [PATCH bpf-next] selftests/bpf: Fix tests after change in struct file

On Fri, Mar 28, 2025 at 10:57 AM Song Liu <songliubraving@...a.com> wrote:
>
>
>
> > On Mar 28, 2025, at 10:30 AM, Andrii Nakryiko <andrii.nakryiko@...il.com> wrote:
> >
> > On Thu, Mar 27, 2025 at 11:55 AM Song Liu <song@...nel.org> wrote:
> >>
> >> Change in struct file [1] moves f_ref to the 3rd cache line. This makes
> >> deferencing file pointer as a 8-byte variable invalid, because
> >> btf_struct_walk() will walk into f_lock, which is 4-byte long.
> >>
> >> Fix the selftests to deference the file pointer as a 4-byte variable.
> >>
> >> [1] commit e249056c91a2 ("fs: place f_ref to 3rd cache line in struct
> >>                          file to resolve false sharing")
> >> Reported-by: Jakub Kicinski <kuba@...nel.org>
> >> Signed-off-by: Song Liu <song@...nel.org>
> >> ---
> >> tools/testing/selftests/bpf/progs/test_module_attach.c    | 2 +-
> >> tools/testing/selftests/bpf/progs/test_subprogs_extable.c | 6 +++---
> >> 2 files changed, 4 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/tools/testing/selftests/bpf/progs/test_module_attach.c b/tools/testing/selftests/bpf/progs/test_module_attach.c
> >> index fb07f5773888..7f3c233943b3 100644
> >> --- a/tools/testing/selftests/bpf/progs/test_module_attach.c
> >> +++ b/tools/testing/selftests/bpf/progs/test_module_attach.c
> >> @@ -117,7 +117,7 @@ int BPF_PROG(handle_fexit_ret, int arg, struct file *ret)
> >>
> >>        bpf_probe_read_kernel(&buf, 8, ret);
> >>        bpf_probe_read_kernel(&buf, 8, (char *)ret + 256);
> >> -       *(volatile long long *)ret;
> >> +       *(volatile int *)ret;
> >
> > we already have `*(volatile int *)&ret->f_mode;` below, do we really
> > need this int casting case?.. Maybe instead of guessing the size of
> > file's first field, let's just remove `*(volatile long long *)ret;`
> > altogether?
>
> I was assuming the original test covers two cases:
>   1) deref ret itself;
>   2) deref a member of ret (ret->f_mode);
>
> Therefore, instead of doing something like
>
>    *(volatile long long *)&ret->f_ref;  /* first member of file */
>
> I got current version.
>
> If we don't need the first case, we sure can remove it.

The idea of the patch was to test the load from the address
returned from bpf_testmod_return_ptr() twice.
Once as that exact value and another with some offset,
since JIT processing logic is different whether insn->off is zero.
Doing &ret->f_lock /* first member of file */
sort-of works, but the comment will be stale eventually.
I think the current fix is the best:
-       *(volatile long long *)ret;
+       *(volatile int *)ret;

This way the load will have guaranteed insn->off == 0,
and when file layout changes we will notice the breakage right away.
Like happened this time.

So I'm thinking of applying this patch as-is when bpf-next is ready.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ