Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp3371956pxm; Mon, 28 Feb 2022 18:50:04 -0800 (PST) X-Google-Smtp-Source: ABdhPJxDRAca37zlIi6G7pBlx0UIEbIM3frXwHxgGI5Dh4AKsiternHSntzsbMX0cIkqhP/6qywz X-Received: by 2002:a17:903:110d:b0:14d:85b2:4b36 with SMTP id n13-20020a170903110d00b0014d85b24b36mr23807854plh.75.1646103004574; Mon, 28 Feb 2022 18:50:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646103004; cv=none; d=google.com; s=arc-20160816; b=AAJFpqwCqdA+vSEXAr9T4MMFuRgqB7FmMUNoEyZqrUrFbzuVNkmYoE/DwBZukx0Wvn 05aTIuvVw8aiM8mcLfrwBVTNSwWeGbb0uZOA+o/1oxXOSidV5m1Trp8yrUD1rG6dMlbb fVvhIOgxBQgNifc7ZCoMq/IH6sU69bkOIigETxUs+xUuPjnGJMwmhR9yXxLbX1hNedH9 WFnKsSKf18gZlY6oEKYjYRP9MAV45+bjSaZ0ZmXb7Ex3HfNMc+HDMFbcvvU6YDir1cM2 Yh5l+qLRj/ZlzzKFOV9mLXDsY0HL4YYOsXXzQ34iIuAI6ajSQcW11a/UxsjeodKVCzzP R+Jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=qdaEKJNXyehKmI6OZeRutyAexvnsM0OhIQCRJEZlx28=; b=rhXwE05caAnu2WT87pIdxKh+JKts9zyEP3aomv5QkJulV1lgl5E99VuiE629zllsHb KBEqWjKCmysPbh4GEXck6/11acl8iM1AdbDGyl9jZ8fA5AxTmf79J+zv6/D0GPlwYb0X crMV5/0b0iSrlHOInOpkbPJmiTHR9zohAaJCAOCy/jmO4i9BJtJWtZaM3l2HOPsuPwBy nYaLwN47qEQ+rbTtBDPP+gGF9vKQ6mJEVrmQ1Mp3zjQFK5q0DNCH5xY4nHs/IjEkBuOj fKwiMmsxS2pk4UX5d5Cz3/QElydNF7yGWEL+IaxN7X95pvdqKxVBAJZhlkjKEZJqYaZQ 8A+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="hk62M/2R"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t7-20020a056a0021c700b004e0f449dbc1si12636946pfj.11.2022.02.28.18.49.48; Mon, 28 Feb 2022 18:50:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="hk62M/2R"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231786AbiCABtV (ORCPT + 99 others); Mon, 28 Feb 2022 20:49:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38706 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229498AbiCABtU (ORCPT ); Mon, 28 Feb 2022 20:49:20 -0500 Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 55D4F5B3F0 for ; Mon, 28 Feb 2022 17:48:40 -0800 (PST) Received: by mail-ej1-x62e.google.com with SMTP id dr20so3755802ejc.6 for ; Mon, 28 Feb 2022 17:48:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qdaEKJNXyehKmI6OZeRutyAexvnsM0OhIQCRJEZlx28=; b=hk62M/2R3BtupGl5Pb4JIGG6SEHCrWhREvCKfHTYpMBQ4qyhyY+4bK5b+KJJU+prb9 jw2/VkjB829+5rxjhC8YKv2FW83z6j482i2qwn1Sq0qRLTW3HOGlTLaPuCIa64sdQ81F 6HHA+4u8A39L+cEhNKhWdNpr6HcBlGxPaSH4+wuVJU/yiAvPZT1x+P19RzP0NJiTSqqd HTvyvR1g9rOPUbgaKmcGVAAIMAxR6leD35by1icaadxC09XUfXdMOykTBR0JUJDXqzKP V6NnInEOsPCBEJBhms88PsDL+DOV7tlECL4waxonwf7rH2nwCSmbrvFe6JU9fiKYefHu I4BQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qdaEKJNXyehKmI6OZeRutyAexvnsM0OhIQCRJEZlx28=; b=gtSkQnA/C/4XavNd2CDxphlS+SrK4HdxlCw2+0HcAXeM2fXDXqWH6bUX0McMBxgbsK e4wZIJn/j4idvXKIkvKTmqSqBWcjyQYxVV6Gl2Y3kNZXvwlGDzHMSKnKPmR53bxdWfCw +lHN5r67Hs0COTE/1/DpbxZTT38dOpiQbI17zg0DeYMSuVyAu0/Uu5oEI8e8gEHYWgLM k3GmNy0WQUk4WJznlHD2ies/DbOWAq+VqOqJM1oCc3kiqfGAyBEucgFmJf4RuIKzpY24 A4u4AptBixDIqqC/6yWc9RpvHM42d/+O1oNpXq0VzKf5k+iq6i11/LHqPxOY29bBzb/0 dxyA== X-Gm-Message-State: AOAM531xfiQFMUFSBZoxQH3ztoyeZZO/yYRODVEEkLa5Vg2XlvL04Af1 VmomRFxImZEZsRMvFrQFykee+Aqx47rR87cxhDM22g== X-Received: by 2002:a17:906:6d0b:b0:6d1:d64e:3142 with SMTP id m11-20020a1709066d0b00b006d1d64e3142mr17304749ejr.631.1646099318663; Mon, 28 Feb 2022 17:48:38 -0800 (PST) MIME-Version: 1.0 References: <20220224054332.1852813-1-keescook@chromium.org> <202202232208.B416701@keescook> <20220224091550.2b7e8784@gandalf.local.home> In-Reply-To: <20220224091550.2b7e8784@gandalf.local.home> From: Daniel Latypov Date: Mon, 28 Feb 2022 17:48:27 -0800 Message-ID: Subject: Re: [PATCH] binfmt_elf: Introduce KUnit test To: Steven Rostedt Cc: Kees Cook , Eric Biederman , David Gow , Alexey Dobriyan , =?UTF-8?B?TWFnbnVzIEdyb8Of?= , kunit-dev@googlegroups.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-18.1 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 24, 2022 at 6:15 AM Steven Rostedt wrote: > > On Wed, 23 Feb 2022 22:13:25 -0800 > Kees Cook wrote: > > > Steven, I want to do fancy live-patch kind or things to replace functions, > > but it doesn't need to be particularly fancy because KUnit tests (usually) > > run single-threaded, etc. It looks like kprobes could almost do it, but > > I don't see a way to have it _avoid_ making a function call. > > > // This is called just before the hijacked function is called > static void notrace my_tramp(unsigned long ip, unsigned long parent_ip, > struct ftrace_ops *ops, > struct ftrace_regs *fregs) > { > int bit; > > bit = ftrace_test_recursion_trylock(ip, parent_ip); > if (WARN_ON_ONCE(bit < 0)) > return; > > /* > * This uses the live kernel patching arch code to now return > * to new_function() instead of the one that was called. > * If you want to do a lookup, you can look at the "ip" > * which will give you the function you are about to replace. > * Note, it may not be equal to the function address, > * but for that, you can have this: > * ip = ftrace_location(function_ip); > * which will give the ip that is passed here. > */ > klp_arch_set_pc(fregs, new_function); Ahah! This was the missing bit. David and I both got so excited by this we prototyped experimental APIs around this over the weekend. He also prototyped a more intrusive alternative to using ftrace and kernel livepatch since they don't work on all arches, like UML. We're splitting up responsibility and will each submit RFCs to the list in the coming days. I'll send the ftrace one based on this. He'll send his alternative one as well. I think we'll end up having both approaches as they both have their usecases. It'll take some iteration to bikeshed stuff like names and make them more consistent with each other. I've posted my working copy on Gerrit for now, if people want to take a look: https://kunit-review.googlesource.com/c/linux/+/5109 It should be visible publicly, but it will prompt you to sign in if you try to post comments ;( If anyone has comments before we send out the RFCs, feel free to email me directly and CC kunit-dev@. Thanks, Daniel