| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAADnVQ+dbiBVOuPXY6N8EjQh=7wtQt-mCXP3Ujd1xFfD5rLbew@mail.gmail.com>
Date: Fri, 28 Mar 2025 11:45:11 -0700
From: Alexei Starovoitov <alexei.starovoitov@...il.com>
To: Song Liu <songliubraving@...a.com>
Cc: Andrii Nakryiko <andrii.nakryiko@...il.com>, Song Liu <song@...nel.org>,
"bpf@...r.kernel.org" <bpf@...r.kernel.org>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"ast@...nel.org" <ast@...nel.org>, "daniel@...earbox.net" <daniel@...earbox.net>,
"andrii@...nel.org" <andrii@...nel.org>, Kernel Team <kernel-team@...a.com>,
"kuba@...nel.org" <kuba@...nel.org>
Subject: Re: [PATCH bpf-next] selftests/bpf: Fix tests after change in struct file
On Fri, Mar 28, 2025 at 10:57 AM Song Liu <songliubraving@...a.com> wrote:
>
>
>
> > On Mar 28, 2025, at 10:30 AM, Andrii Nakryiko <andrii.nakryiko@...il.com> wrote:
> >
> > On Thu, Mar 27, 2025 at 11:55 AM Song Liu <song@...nel.org> wrote:
> >>
> >> Change in struct file [1] moves f_ref to the 3rd cache line. This makes
> >> deferencing file pointer as a 8-byte variable invalid, because
> >> btf_struct_walk() will walk into f_lock, which is 4-byte long.
> >>
> >> Fix the selftests to deference the file pointer as a 4-byte variable.
> >>
> >> [1] commit e249056c91a2 ("fs: place f_ref to 3rd cache line in struct
> >> file to resolve false sharing")
> >> Reported-by: Jakub Kicinski <kuba@...nel.org>
> >> Signed-off-by: Song Liu <song@...nel.org>
> >> ---
> >> tools/testing/selftests/bpf/progs/test_module_attach.c | 2 +-
> >> tools/testing/selftests/bpf/progs/test_subprogs_extable.c | 6 +++---
> >> 2 files changed, 4 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/tools/testing/selftests/bpf/progs/test_module_attach.c b/tools/testing/selftests/bpf/progs/test_module_attach.c
> >> index fb07f5773888..7f3c233943b3 100644
> >> --- a/tools/testing/selftests/bpf/progs/test_module_attach.c
> >> +++ b/tools/testing/selftests/bpf/progs/test_module_attach.c
> >> @@ -117,7 +117,7 @@ int BPF_PROG(handle_fexit_ret, int arg, struct file *ret)
> >>
> >> bpf_probe_read_kernel(&buf, 8, ret);
> >> bpf_probe_read_kernel(&buf, 8, (char *)ret + 256);
> >> - *(volatile long long *)ret;
> >> + *(volatile int *)ret;
> >
> > we already have `*(volatile int *)&ret->f_mode;` below, do we really
> > need this int casting case?.. Maybe instead of guessing the size of
> > file's first field, let's just remove `*(volatile long long *)ret;`
> > altogether?
>
> I was assuming the original test covers two cases:
> 1) deref ret itself;
> 2) deref a member of ret (ret->f_mode);
>
> Therefore, instead of doing something like
>
> *(volatile long long *)&ret->f_ref; /* first member of file */
>
> I got current version.
>
> If we don't need the first case, we sure can remove it.
The idea of the patch was to test the load from the address
returned from bpf_testmod_return_ptr() twice.
Once as that exact value and another with some offset,
since JIT processing logic is different whether insn->off is zero.
Doing &ret->f_lock /* first member of file */
sort-of works, but the comment will be stale eventually.
I think the current fix is the best:
- *(volatile long long *)ret;
+ *(volatile int *)ret;
This way the load will have guaranteed insn->off == 0,
and when file layout changes we will notice the breakage right away.
Like happened this time.
So I'm thinking of applying this patch as-is when bpf-next is ready.
Powered by blists - more mailing lists