Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1679702pxb; Mon, 11 Oct 2021 10:45:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxuBgeD9hUNsSe8JtiHwFjaAEWrOYrwsDX4ex7d0sjTrw66IDCIHKWjKrdBn7Ply5Ijwge7 X-Received: by 2002:a17:906:cc89:: with SMTP id oq9mr27720390ejb.70.1633974349802; Mon, 11 Oct 2021 10:45:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633974349; cv=none; d=google.com; s=arc-20160816; b=0mHLz0Aas7ZttS/B3Q1jxu9qzcIwp00LbPv4+zkM1jr4wHCdIjoSCPMUhc97XGAUc9 5yFa7JaPm8sGM3S8+G16eQd6frlablI9XN1WfIhNIP8pMpC7fgQdBtVozzTwpDq3HU7z ozWjxbA6YnO17PMx6HEqPUoFCfcYCBfbWzQMguxjPW6dVhknWct7iqN3cdjZawkykUbh LMnNSr5le9okACmE/sfkBQsTslJbjY6GQCLEZRxQFsr2uhnRhkIrvKJcz5r0XMT/Uwb8 cBzPs7jGQ9//haKpzDh6TMRPGJ1NxCWw54UgJAxYSbVPfmw2U7fBAXrc9Yhe61CZH5eH kqeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=fIgVsm94kxYUZNiL4Bxn3wPBnd3IejzU3gHnaJvMuG4=; b=RuPISo/RsggUoQKU+Th1iZs5CCmflqs5ftj+XcuwaKUS/yGsM1H2b9WlQaF1SxBuYa 486+P5/DKBn/d5nn1e0Bqmpd9NLoU1O5QOrKpiV1+rpSJlmMSSGyISTmbgiHsPjsETq0 Hj1MqfpWEPSLDgAjjH5OvkLTqWIL6IE8jsOzWBwyj4+arlvQ9TXFj2U6DD82bg8zAa0d 4K8bJ4KP5g3faswZlVl/2KHhT4HeMJqV1XQsmJulM0YJdsN8oJp1a7j1iG/Q67iZjFyd s2jECx8UZdqf+dTzAfOrdNSdC3W/EFvDA0QOIV1LZ63yZXWDrVLYNP2EvfFMe5exoc3d M6hw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=NDDjxJTv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y8si11847256edm.73.2021.10.11.10.45.25; Mon, 11 Oct 2021 10:45:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=NDDjxJTv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231951AbhJKRog (ORCPT + 99 others); Mon, 11 Oct 2021 13:44:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33318 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233321AbhJKRo0 (ORCPT ); Mon, 11 Oct 2021 13:44:26 -0400 Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1BD23C06174E for ; Mon, 11 Oct 2021 10:42:26 -0700 (PDT) Received: by mail-pl1-x636.google.com with SMTP id n11so11403593plf.4 for ; Mon, 11 Oct 2021 10:42:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=fIgVsm94kxYUZNiL4Bxn3wPBnd3IejzU3gHnaJvMuG4=; b=NDDjxJTvpXyqQZqINNCpwq5QuvZPHy3ezHcVfOu79DTvi2kj8uT8BS7XQM8rbR+Gse abrAepFyJpMx1OnUkC119hHQ/wfKy+HbF3egevze0eKjs0CjaKmO4D3JpHdvnYHrpGpz DMiJSWLleg8CkwUxu015qDgfkK26DS6o6pfv4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=fIgVsm94kxYUZNiL4Bxn3wPBnd3IejzU3gHnaJvMuG4=; b=GOcCyiBcPmCESNJFjyizkjwqTiHCT3fOTYnIef3W4CMU0iV8NH9giypu0mA5p1zlOb NMuw/zt5GqSql8gBuINWQv6nLyCCcnC7DZ8XEfs3UqD8exZj+URf7V1FdeTEsZQZIzzv uE0Aq+CCID88a4PZhoZT3+ugyCBMPeSxcWgo1LBeVofd+ZlKVpIHLLOd8CS+nJ9NHYKd CKrh7NZP90KoMp8BhYSUgM70IKVAeoxKaYnN0oGm25Eo5rNN9mB+IC64Oo3GHjj6RWz4 rwbCPqv9SYSSvUsjGDr4suXCsK+ik5Fx0M9jMWr4YvOLi7lC9BGhvgHu5InBVVNeCQ85 aVaw== X-Gm-Message-State: AOAM530Bf/cBNrYddfVXgpTUVYx5wZ4y66HSpbK0qAruAmQI5Cv2oVNG Yy7mMNLC8VRoIrgQFjff+0oSKqQJxBGkBA== X-Received: by 2002:a17:902:f551:b0:13e:fb56:f519 with SMTP id h17-20020a170902f55100b0013efb56f519mr25796087plf.0.1633974145574; Mon, 11 Oct 2021 10:42:25 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id j4sm9091145pfu.94.2021.10.11.10.42.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Oct 2021 10:42:25 -0700 (PDT) Date: Mon, 11 Oct 2021 10:42:24 -0700 From: Kees Cook To: Alexey Dobriyan Cc: Peter Zijlstra , Mark Rutland , Shuah Khan , linux-kselftest@vger.kernel.org, Josh Poimboeuf , Andrew Morton , Alexey Gladkov , jannh@google.com, vcaputo@pengaru.com, mingo@redhat.com, juri.lelli@redhat.com, vincent.guittot@linaro.org, dietmar.eggemann@arm.com, rostedt@goodmis.org, bsegall@google.com, mgorman@suse.de, bristot@redhat.com, christian.brauner@ubuntu.com, amistry@google.com, Kenta.Tada@sony.com, legion@kernel.org, michael.weiss@aisec.fraunhofer.de, mhocko@suse.com, deller@gmx.de, zhengqi.arch@bytedance.com, me@tobin.cc, tycho@tycho.pizza, tglx@linutronix.de, bp@alien8.de, hpa@zytor.com, axboe@kernel.dk, metze@samba.org, laijs@linux.alibaba.com, luto@kernel.org, dave.hansen@linux.intel.com, ebiederm@xmission.com, ohoono.kwon@samsung.com, kaleshsingh@google.com, yifeifz2@illinois.edu, linux-arch@vger.kernel.org, vgupta@kernel.org, linux@armlinux.org.uk, will@kernel.org, guoren@kernel.org, bcain@codeaurora.org, monstr@monstr.eu, tsbogend@alpha.franken.de, nickhu@andestech.com, jonas@southpole.se, mpe@ellerman.id.au, paul.walmsley@sifive.com, hca@linux.ibm.com, ysato@users.sourceforge.jp, davem@davemloft.net, chris@zankel.net, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] selftests: proc: Make sure wchan works when it exists Message-ID: <202110111022.21B600CC2@keescook> References: <20211008235504.2957528-1-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Oct 09, 2021 at 03:52:02PM +0300, Alexey Dobriyan wrote: > On Fri, Oct 08, 2021 at 04:55:04PM -0700, Kees Cook wrote: > > This makes sure that wchan contains a sensible symbol when a process is > > blocked. > > > Specifically this calls the sleep() syscall, and expects the > > architecture to have called schedule() from a function that has "sleep" > > somewhere in its name. > > This exposes internal kernel symbol to userspace. Correct; we're verifying the results of the wchan output, which produces a kernel symbol for blocked processes. > Why would want to test that? This is part of a larger series refactoring/fixing wchan[1], and we've now tripped over several different failure conditions, so I want to make sure this doesn't regress in the future. > Doing s/sleep/SLEEP/g doesn't change kernel but now the test is broken. Yes; the test would be doing it's job, as that would mean there was a userspace visible change to wchan, so we'd want to catch it and either fix the kernel or update the test to reflect the new reality. > > > For example, on the architectures I tested > > (x86_64, arm64, arm, mips, and powerpc) this is "hrtimer_nanosleep": > > > +/* > > + * Make sure that wchan returns a reasonable symbol when blocked. > > + */ > > Test should be "contains C identifier" then? Nope, this was intentional. Expanding to a C identifier won't catch the "we unwound the stack to the wrong depth and now all wchan shows is '__switch_to'" bug[2]. We're specifically checking that wchan is doing at least the right thing for the most common blocking state. > > > +int main(void) > > +{ > > + char buf[64]; > > + pid_t child; > > + int sync[2], fd; > > + > > + if (pipe(sync) < 0) > > + perror_exit("pipe"); > > + > > + child = fork(); > > + if (child < 0) > > + perror_exit("fork"); > > + if (child == 0) { > > + /* Child */ > > + if (close(sync[0]) < 0) > > + perror_exit("child close sync[0]"); > > + if (close(sync[1]) < 0) > > + perror_exit("child close sync[1]"); > > Redundant close(). Hmm, did you maybe miss the differing array indexes? This closes the reading end followed by the writing end of the child's pipe. > > > + sleep(10); > > + _exit(0); > > + } > > + /* Parent */ > > + if (close(sync[1]) < 0) > > + perror_exit("parent close sync[1]"); > > Redundant close(). It's not, though. This closes the write side of the parent's pipe. > > > + if (read(sync[0], buf, 1) != 0) > > + perror_exit("parent read sync[0]"); > > Racy if child is scheduled out after first close in the child. No, the first close will close the child's read-side of the pipe, which isn't being used. For example, see[3]. The parent's read of /proc/$child/wchan could technically race if the child is scheduled out after the second close() and before the sleep(), but the parent is doing at least 2 syscalls before then. I'm open to a more exact synchronization method, but this should be sufficient. (e.g. Using ptrace to catch sleep syscall entry seemed like overkill.) -Kees [1] https://lore.kernel.org/lkml/20211008111527.438276127@infradead.org/ [2] https://lore.kernel.org/lkml/20211008124052.GA976@C02TD0UTHF1T.local/ [3] https://man7.org/tlpi/code/online/diff/pipes/pipe_sync.c.html > > > + snprintf(buf, sizeof(buf), "/proc/%d/wchan", child); > > + fd = open(buf, O_RDONLY); > > + if (fd < 0) { > > + if (errno == ENOENT) > > + return 4; > > + perror_exit(buf); > > + } > > + > > + memset(buf, 0, sizeof(buf)); > > + if (read(fd, buf, sizeof(buf) - 1) < 1) > > + perror_exit(buf); > > + if (strstr(buf, "sleep") == NULL) { > > + fprintf(stderr, "FAIL: did not find 'sleep' in wchan '%s'\n", buf); > > + return 1; > > + } > > + printf("ok: found 'sleep' in wchan '%s'\n", buf); > > + > > + if (kill(child, SIGKILL) < 0) > > + perror_exit("kill"); > > + if (waitpid(child, NULL, 0) != child) { > > + fprintf(stderr, "waitpid: got the wrong child!?\n"); > > + return 1; > > + } > > + > > + return 0; > > +} -- Kees Cook