All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 0/2] selftests/x86: fsgsbase test updates
@ 2020-08-26 17:00 Andy Lutomirski
  2020-08-26 17:00 ` [PATCH 1/2] selftests/x86/fsgsbase: Reap a forgotten child Andy Lutomirski
  2020-08-26 17:00 ` [PATCH 2/2] selftests/x86/fsgsbase: Test PTRACE_PEEKUSER for GSBASE with invalid LDT GS Andy Lutomirski
  0 siblings, 2 replies; 5+ messages in thread
From: Andy Lutomirski @ 2020-08-26 17:00 UTC (permalink / raw)
  To: x86; +Cc: LKML, Andy Lutomirski

This fixes a minor bug and adds a test for the recent NULL pointer
dereference.

Andy Lutomirski (2):
  selftests/x86/fsgsbase: Reap a forgotten child
  selftests/x86/fsgsbase: Test PTRACE_PEEKUSER for GSBASE with invalid
    LDT GS

 tools/testing/selftests/x86/fsgsbase.c | 68 ++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)

-- 
2.25.4


^ permalink raw reply	[flat|nested] 5+ messages in thread
* [PATCH 1/2] selftests/x86/fsgsbase: Reap a forgotten child
  2020-08-26 17:00 [PATCH 0/2] selftests/x86: fsgsbase test updates Andy Lutomirski
@ 2020-08-26 17:00 ` Andy Lutomirski
  2020-08-26 19:02   ` [tip: x86/fsgsbase] " tip-bot2 for Andy Lutomirski
  2020-08-26 17:00 ` [PATCH 2/2] selftests/x86/fsgsbase: Test PTRACE_PEEKUSER for GSBASE with invalid LDT GS Andy Lutomirski
  1 sibling, 1 reply; 5+ messages in thread
From: Andy Lutomirski @ 2020-08-26 17:00 UTC (permalink / raw)
  To: x86; +Cc: LKML, Andy Lutomirski

The ptrace() test forgot to reap its child.  Reap it.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
 tools/testing/selftests/x86/fsgsbase.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/testing/selftests/x86/fsgsbase.c b/tools/testing/selftests/x86/fsgsbase.c
index 998319553523..0056e2597f53 100644
--- a/tools/testing/selftests/x86/fsgsbase.c
+++ b/tools/testing/selftests/x86/fsgsbase.c
@@ -517,6 +517,9 @@ static void test_ptrace_write_gsbase(void)
 
 END:
 	ptrace(PTRACE_CONT, child, NULL, NULL);
+	wait(&status);
+	if (!WIFEXITED(status))
+		printf("[WARN]\tChild didn't exit cleanly.\n");
 }
 
 int main()
-- 
2.25.4


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PATCH 2/2] selftests/x86/fsgsbase: Test PTRACE_PEEKUSER for GSBASE with invalid LDT GS
  2020-08-26 17:00 [PATCH 0/2] selftests/x86: fsgsbase test updates Andy Lutomirski
  2020-08-26 17:00 ` [PATCH 1/2] selftests/x86/fsgsbase: Reap a forgotten child Andy Lutomirski
@ 2020-08-26 17:00 ` Andy Lutomirski
  2020-08-26 19:02   ` [tip: x86/fsgsbase] " tip-bot2 for Andy Lutomirski
  1 sibling, 1 reply; 5+ messages in thread
From: Andy Lutomirski @ 2020-08-26 17:00 UTC (permalink / raw)
  To: x86; +Cc: LKML, Andy Lutomirski, stable

This tesst commit 8ab49526b53d ("x86/fsgsbase/64: Fix NULL deref in
86_fsgsbase_read_task").  Unpatched kernels will OOPS.

Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski <luto@kernel.org>
---
 tools/testing/selftests/x86/fsgsbase.c | 65 ++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)

diff --git a/tools/testing/selftests/x86/fsgsbase.c b/tools/testing/selftests/x86/fsgsbase.c
index 0056e2597f53..7161cfc2e60b 100644
--- a/tools/testing/selftests/x86/fsgsbase.c
+++ b/tools/testing/selftests/x86/fsgsbase.c
@@ -443,6 +443,68 @@ static void test_unexpected_base(void)
 
 #define USER_REGS_OFFSET(r) offsetof(struct user_regs_struct, r)
 
+static void test_ptrace_write_gs_read_base(void)
+{
+	int status;
+	pid_t child = fork();
+
+	if (child < 0)
+		err(1, "fork");
+
+	if (child == 0) {
+		printf("[RUN]\tPTRACE_POKE GS, read GSBASE back\n");
+
+		printf("[RUN]\tARCH_SET_GS to 1\n");
+		if (syscall(SYS_arch_prctl, ARCH_SET_GS, 1) != 0)
+			err(1, "ARCH_SET_GS");
+
+		if (ptrace(PTRACE_TRACEME, 0, NULL, NULL) != 0)
+			err(1, "PTRACE_TRACEME");
+
+		raise(SIGTRAP);
+		_exit(0);
+	}
+
+	wait(&status);
+
+	if (WSTOPSIG(status) == SIGTRAP) {
+		unsigned long base;
+		unsigned long gs_offset = USER_REGS_OFFSET(gs);
+		unsigned long base_offset = USER_REGS_OFFSET(gs_base);
+
+		/* Read the initial base.  It should be 1. */
+		base = ptrace(PTRACE_PEEKUSER, child, base_offset, NULL);
+		if (base == 1) {
+			printf("[OK]\tGSBASE started at 1\n");
+		} else {
+			nerrs++;
+			printf("[FAIL]\tGSBASE started at 0x%lx\n", base);
+		}
+
+		printf("[RUN]\tSet GS = 0x7, read GSBASE\n");
+
+		/* Poke an LDT selector into GS. */
+		if (ptrace(PTRACE_POKEUSER, child, gs_offset, 0x7) != 0)
+			err(1, "PTRACE_POKEUSER");
+
+		/* And read the base. */
+		base = ptrace(PTRACE_PEEKUSER, child, base_offset, NULL);
+
+		if (base == 0 || base == 1) {
+			printf("[OK]\tGSBASE reads as 0x%lx with invalid GS\n", base);
+		} else {
+			nerrs++;
+			printf("[FAIL]\tGSBASE=0x%lx (should be 0 or 1)\n", base);
+		}
+	}
+
+	ptrace(PTRACE_CONT, child, NULL, NULL);
+
+	wait(&status);
+	if (!WIFEXITED(status))
+		printf("[WARN]\tChild didn't exit cleanly.\n");
+}
+
 static void test_ptrace_write_gsbase(void)
 {
 	int status;
@@ -529,6 +591,9 @@ int main()
 	shared_scratch = mmap(NULL, 4096, PROT_READ | PROT_WRITE,
 			      MAP_ANONYMOUS | MAP_SHARED, -1, 0);
 
+	/* Do these tests before we have an LDT. */
+	test_ptrace_write_gs_read_base();
+
 	/* Probe FSGSBASE */
 	sethandler(SIGILL, sigill, 0);
 	if (sigsetjmp(jmpbuf, 1) == 0) {
-- 
2.25.4


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [tip: x86/fsgsbase] selftests/x86/fsgsbase: Test PTRACE_PEEKUSER for GSBASE with invalid LDT GS
  2020-08-26 17:00 ` [PATCH 2/2] selftests/x86/fsgsbase: Test PTRACE_PEEKUSER for GSBASE with invalid LDT GS Andy Lutomirski
@ 2020-08-26 19:02   ` tip-bot2 for Andy Lutomirski
  0 siblings, 0 replies; 5+ messages in thread
From: tip-bot2 for Andy Lutomirski @ 2020-08-26 19:02 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Andy Lutomirski, Ingo Molnar, stable, x86, LKML

The following commit has been merged into the x86/fsgsbase branch of tip:

Commit-ID:     1b9abd1755ad947d7c9913e92e7837b533124c90
Gitweb:        https://git.kernel.org/tip/1b9abd1755ad947d7c9913e92e7837b533124c90
Author:        Andy Lutomirski <luto@kernel.org>
AuthorDate:    Wed, 26 Aug 2020 10:00:46 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Wed, 26 Aug 2020 20:54:18 +02:00

selftests/x86/fsgsbase: Test PTRACE_PEEKUSER for GSBASE with invalid LDT GS

This tests commit:

  8ab49526b53d ("x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task")

Unpatched kernels will OOPS.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/c618ae86d1f757e01b1a8e79869f553cb88acf9a.1598461151.git.luto@kernel.org
---
 tools/testing/selftests/x86/fsgsbase.c | 65 +++++++++++++++++++++++++-
 1 file changed, 65 insertions(+)

diff --git a/tools/testing/selftests/x86/fsgsbase.c b/tools/testing/selftests/x86/fsgsbase.c
index 0056e25..7161cfc 100644
--- a/tools/testing/selftests/x86/fsgsbase.c
+++ b/tools/testing/selftests/x86/fsgsbase.c
@@ -443,6 +443,68 @@ static void test_unexpected_base(void)
 
 #define USER_REGS_OFFSET(r) offsetof(struct user_regs_struct, r)
 
+static void test_ptrace_write_gs_read_base(void)
+{
+	int status;
+	pid_t child = fork();
+
+	if (child < 0)
+		err(1, "fork");
+
+	if (child == 0) {
+		printf("[RUN]\tPTRACE_POKE GS, read GSBASE back\n");
+
+		printf("[RUN]\tARCH_SET_GS to 1\n");
+		if (syscall(SYS_arch_prctl, ARCH_SET_GS, 1) != 0)
+			err(1, "ARCH_SET_GS");
+
+		if (ptrace(PTRACE_TRACEME, 0, NULL, NULL) != 0)
+			err(1, "PTRACE_TRACEME");
+
+		raise(SIGTRAP);
+		_exit(0);
+	}
+
+	wait(&status);
+
+	if (WSTOPSIG(status) == SIGTRAP) {
+		unsigned long base;
+		unsigned long gs_offset = USER_REGS_OFFSET(gs);
+		unsigned long base_offset = USER_REGS_OFFSET(gs_base);
+
+		/* Read the initial base.  It should be 1. */
+		base = ptrace(PTRACE_PEEKUSER, child, base_offset, NULL);
+		if (base == 1) {
+			printf("[OK]\tGSBASE started at 1\n");
+		} else {
+			nerrs++;
+			printf("[FAIL]\tGSBASE started at 0x%lx\n", base);
+		}
+
+		printf("[RUN]\tSet GS = 0x7, read GSBASE\n");
+
+		/* Poke an LDT selector into GS. */
+		if (ptrace(PTRACE_POKEUSER, child, gs_offset, 0x7) != 0)
+			err(1, "PTRACE_POKEUSER");
+
+		/* And read the base. */
+		base = ptrace(PTRACE_PEEKUSER, child, base_offset, NULL);
+
+		if (base == 0 || base == 1) {
+			printf("[OK]\tGSBASE reads as 0x%lx with invalid GS\n", base);
+		} else {
+			nerrs++;
+			printf("[FAIL]\tGSBASE=0x%lx (should be 0 or 1)\n", base);
+		}
+	}
+
+	ptrace(PTRACE_CONT, child, NULL, NULL);
+
+	wait(&status);
+	if (!WIFEXITED(status))
+		printf("[WARN]\tChild didn't exit cleanly.\n");
+}
+
 static void test_ptrace_write_gsbase(void)
 {
 	int status;
@@ -529,6 +591,9 @@ int main()
 	shared_scratch = mmap(NULL, 4096, PROT_READ | PROT_WRITE,
 			      MAP_ANONYMOUS | MAP_SHARED, -1, 0);
 
+	/* Do these tests before we have an LDT. */
+	test_ptrace_write_gs_read_base();
+
 	/* Probe FSGSBASE */
 	sethandler(SIGILL, sigill, 0);
 	if (sigsetjmp(jmpbuf, 1) == 0) {

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [tip: x86/fsgsbase] selftests/x86/fsgsbase: Reap a forgotten child
  2020-08-26 17:00 ` [PATCH 1/2] selftests/x86/fsgsbase: Reap a forgotten child Andy Lutomirski
@ 2020-08-26 19:02   ` tip-bot2 for Andy Lutomirski
  0 siblings, 0 replies; 5+ messages in thread
From: tip-bot2 for Andy Lutomirski @ 2020-08-26 19:02 UTC (permalink / raw)
  To: linux-tip-commits; +Cc: Andy Lutomirski, Ingo Molnar, x86, LKML

The following commit has been merged into the x86/fsgsbase branch of tip:

Commit-ID:     ab2dd173330a3f07142e68cd65682205036cd00f
Gitweb:        https://git.kernel.org/tip/ab2dd173330a3f07142e68cd65682205036cd00f
Author:        Andy Lutomirski <luto@kernel.org>
AuthorDate:    Wed, 26 Aug 2020 10:00:45 -07:00
Committer:     Ingo Molnar <mingo@kernel.org>
CommitterDate: Wed, 26 Aug 2020 20:54:17 +02:00

selftests/x86/fsgsbase: Reap a forgotten child

The ptrace() test forgot to reap its child.  Reap it.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/e7700a503f30e79ab35a63103938a19893dbeff2.1598461151.git.luto@kernel.org
---
 tools/testing/selftests/x86/fsgsbase.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/testing/selftests/x86/fsgsbase.c b/tools/testing/selftests/x86/fsgsbase.c
index 9983195..0056e25 100644
--- a/tools/testing/selftests/x86/fsgsbase.c
+++ b/tools/testing/selftests/x86/fsgsbase.c
@@ -517,6 +517,9 @@ static void test_ptrace_write_gsbase(void)
 
 END:
 	ptrace(PTRACE_CONT, child, NULL, NULL);
+	wait(&status);
+	if (!WIFEXITED(status))
+		printf("[WARN]\tChild didn't exit cleanly.\n");
 }
 
 int main()

^ permalink raw reply related	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-08-26 19:03 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-26 17:00 [PATCH 0/2] selftests/x86: fsgsbase test updates Andy Lutomirski
2020-08-26 17:00 ` [PATCH 1/2] selftests/x86/fsgsbase: Reap a forgotten child Andy Lutomirski
2020-08-26 19:02   ` [tip: x86/fsgsbase] " tip-bot2 for Andy Lutomirski
2020-08-26 17:00 ` [PATCH 2/2] selftests/x86/fsgsbase: Test PTRACE_PEEKUSER for GSBASE with invalid LDT GS Andy Lutomirski
2020-08-26 19:02   ` [tip: x86/fsgsbase] " tip-bot2 for Andy Lutomirski

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.