From: kernel test robot <lkp@intel.com>
To: "Christopher M. Riedl" <cmr@codefail.de>, linuxppc-dev@lists.ozlabs.org
Cc: kbuild-all@lists.01.org, kernel-hardening@lists.openwall.com
Subject: Re: [PATCH v3 3/6] Add LKDTM test to hijack a patch mapping (powerpc, x86_64)
Date: Thu, 27 Aug 2020 18:11:28 +0800 [thread overview]
Message-ID: <202008271824.aR9fuh9T%lkp@intel.com> (raw)
In-Reply-To: <20200827052659.24922-4-cmr@codefail.de>
[-- Attachment #1: Type: text/plain, Size: 4191 bytes --]
Hi "Christopher,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on powerpc/next]
[also build test ERROR on char-misc/char-misc-testing tip/x86/core v5.9-rc2 next-20200827]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Christopher-M-Riedl/Use-per-CPU-temporary-mappings-for-patching/20200827-161532
base: https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git next
config: x86_64-allmodconfig (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
reproduce (this is a W=1 build):
# save the attached .config to linux build tree
make W=1 ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
drivers/misc/lkdtm/perms.c: In function 'lkdtm_HIJACK_PATCH':
>> drivers/misc/lkdtm/perms.c:318:38: error: implicit declaration of function 'read_cpu_patching_addr' [-Werror=implicit-function-declaration]
318 | addr = offset_in_page(patch_site) | read_cpu_patching_addr(patching_cpu);
| ^~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
# https://github.com/0day-ci/linux/commit/36a98d779ee4620e6e091cbe3b438b52faa108ad
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Christopher-M-Riedl/Use-per-CPU-temporary-mappings-for-patching/20200827-161532
git checkout 36a98d779ee4620e6e091cbe3b438b52faa108ad
vim +/read_cpu_patching_addr +318 drivers/misc/lkdtm/perms.c
289
290 void lkdtm_HIJACK_PATCH(void)
291 {
292 #ifdef CONFIG_PPC
293 struct ppc_inst original_insn = ppc_inst_read(READ_ONCE(patch_site));
294 #endif
295 #ifdef CONFIG_X86_64
296 int original_insn = READ_ONCE(*patch_site);
297 #endif
298 struct task_struct *patching_kthrd;
299 int patching_cpu, hijacker_cpu, attempts;
300 unsigned long addr;
301 bool hijacked;
302 const int bad_data = 0xbad00bad;
303
304 if (num_online_cpus() < 2) {
305 pr_warn("need at least two cpus\n");
306 return;
307 }
308
309 hijacker_cpu = smp_processor_id();
310 patching_cpu = cpumask_any_but(cpu_online_mask, hijacker_cpu);
311
312 patching_kthrd = kthread_create_on_node(&lkdtm_patching_cpu, NULL,
313 cpu_to_node(patching_cpu),
314 "lkdtm_patching_cpu");
315 kthread_bind(patching_kthrd, patching_cpu);
316 wake_up_process(patching_kthrd);
317
> 318 addr = offset_in_page(patch_site) | read_cpu_patching_addr(patching_cpu);
319
320 pr_info("starting hijacker_cpu=%d\n", hijacker_cpu);
321 for (attempts = 0; attempts < 100000; ++attempts) {
322 /* Use __put_user to catch faults without an Oops */
323 hijacked = !__put_user(bad_data, (int *)addr);
324
325 if (hijacked) {
326 if (kthread_stop(patching_kthrd))
327 pr_err("error trying to stop patching thread\n");
328 break;
329 }
330 }
331 pr_info("hijack attempts: %d\n", attempts);
332
333 if (hijacked) {
334 if (lkdtm_verify_patch(bad_data))
335 pr_err("overwrote kernel text\n");
336 /*
337 * There are window conditions where the hijacker cpu manages to
338 * write to the patch site but the site gets overwritten again by
339 * the patching cpu. We still consider that a "successful" hijack
340 * since the hijacker cpu did not fault on the write.
341 */
342 pr_err("FAIL: wrote to another cpu's patching area\n");
343 } else {
344 kthread_stop(patching_kthrd);
345 }
346
347 /* Restore the original insn for any future lkdtm tests */
348 #ifdef CONFIG_PPC
349 patch_instruction(patch_site, original_insn);
350 #endif
351 #ifdef CONFIG_X86_64
352 lkdtm_do_patch(original_insn);
353 #endif
354 }
355
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 76556 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: kernel test robot <lkp@intel.com>
To: kbuild-all@lists.01.org
Subject: Re: [PATCH v3 3/6] Add LKDTM test to hijack a patch mapping (powerpc, x86_64)
Date: Thu, 27 Aug 2020 18:11:28 +0800 [thread overview]
Message-ID: <202008271824.aR9fuh9T%lkp@intel.com> (raw)
In-Reply-To: <20200827052659.24922-4-cmr@codefail.de>
[-- Attachment #1: Type: text/plain, Size: 4294 bytes --]
Hi "Christopher,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on powerpc/next]
[also build test ERROR on char-misc/char-misc-testing tip/x86/core v5.9-rc2 next-20200827]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Christopher-M-Riedl/Use-per-CPU-temporary-mappings-for-patching/20200827-161532
base: https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git next
config: x86_64-allmodconfig (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
reproduce (this is a W=1 build):
# save the attached .config to linux build tree
make W=1 ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
drivers/misc/lkdtm/perms.c: In function 'lkdtm_HIJACK_PATCH':
>> drivers/misc/lkdtm/perms.c:318:38: error: implicit declaration of function 'read_cpu_patching_addr' [-Werror=implicit-function-declaration]
318 | addr = offset_in_page(patch_site) | read_cpu_patching_addr(patching_cpu);
| ^~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
# https://github.com/0day-ci/linux/commit/36a98d779ee4620e6e091cbe3b438b52faa108ad
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Christopher-M-Riedl/Use-per-CPU-temporary-mappings-for-patching/20200827-161532
git checkout 36a98d779ee4620e6e091cbe3b438b52faa108ad
vim +/read_cpu_patching_addr +318 drivers/misc/lkdtm/perms.c
289
290 void lkdtm_HIJACK_PATCH(void)
291 {
292 #ifdef CONFIG_PPC
293 struct ppc_inst original_insn = ppc_inst_read(READ_ONCE(patch_site));
294 #endif
295 #ifdef CONFIG_X86_64
296 int original_insn = READ_ONCE(*patch_site);
297 #endif
298 struct task_struct *patching_kthrd;
299 int patching_cpu, hijacker_cpu, attempts;
300 unsigned long addr;
301 bool hijacked;
302 const int bad_data = 0xbad00bad;
303
304 if (num_online_cpus() < 2) {
305 pr_warn("need@least two cpus\n");
306 return;
307 }
308
309 hijacker_cpu = smp_processor_id();
310 patching_cpu = cpumask_any_but(cpu_online_mask, hijacker_cpu);
311
312 patching_kthrd = kthread_create_on_node(&lkdtm_patching_cpu, NULL,
313 cpu_to_node(patching_cpu),
314 "lkdtm_patching_cpu");
315 kthread_bind(patching_kthrd, patching_cpu);
316 wake_up_process(patching_kthrd);
317
> 318 addr = offset_in_page(patch_site) | read_cpu_patching_addr(patching_cpu);
319
320 pr_info("starting hijacker_cpu=%d\n", hijacker_cpu);
321 for (attempts = 0; attempts < 100000; ++attempts) {
322 /* Use __put_user to catch faults without an Oops */
323 hijacked = !__put_user(bad_data, (int *)addr);
324
325 if (hijacked) {
326 if (kthread_stop(patching_kthrd))
327 pr_err("error trying to stop patching thread\n");
328 break;
329 }
330 }
331 pr_info("hijack attempts: %d\n", attempts);
332
333 if (hijacked) {
334 if (lkdtm_verify_patch(bad_data))
335 pr_err("overwrote kernel text\n");
336 /*
337 * There are window conditions where the hijacker cpu manages to
338 * write to the patch site but the site gets overwritten again by
339 * the patching cpu. We still consider that a "successful" hijack
340 * since the hijacker cpu did not fault on the write.
341 */
342 pr_err("FAIL: wrote to another cpu's patching area\n");
343 } else {
344 kthread_stop(patching_kthrd);
345 }
346
347 /* Restore the original insn for any future lkdtm tests */
348 #ifdef CONFIG_PPC
349 patch_instruction(patch_site, original_insn);
350 #endif
351 #ifdef CONFIG_X86_64
352 lkdtm_do_patch(original_insn);
353 #endif
354 }
355
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 76556 bytes --]
next prev parent reply other threads:[~2020-08-27 10:14 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-27 5:26 [PATCH v3 0/6] Use per-CPU temporary mappings for patching Christopher M. Riedl
2020-08-27 5:26 ` [PATCH v3 1/6] powerpc: Add LKDTM accessor for patching addr Christopher M. Riedl
2020-08-27 5:26 ` [PATCH v3 2/6] x86: " Christopher M. Riedl
2020-08-27 5:26 ` [PATCH v3 3/6] Add LKDTM test to hijack a patch mapping (powerpc, x86_64) Christopher M. Riedl
2020-08-27 5:26 ` [PATCH v3 3/6] Add LKDTM test to hijack a patch mapping (powerpc,x86_64) Christopher M. Riedl
2020-08-27 10:11 ` kernel test robot [this message]
2020-08-27 10:11 ` [PATCH v3 3/6] Add LKDTM test to hijack a patch mapping (powerpc, x86_64) kernel test robot
2020-08-27 18:10 ` kernel test robot
2020-08-27 18:10 ` kernel test robot
2020-08-27 5:26 ` [PATCH v3 4/6] powerpc: Introduce temporary mm Christopher M. Riedl
2020-08-27 14:15 ` Jann Horn
2020-08-27 14:15 ` Jann Horn
2020-09-07 0:15 ` Christopher M. Riedl
2020-09-07 0:15 ` Christopher M. Riedl
2020-08-27 5:26 ` [PATCH v3 5/6] powerpc: Initialize a temporary mm for code patching Christopher M. Riedl
2020-08-27 5:26 ` [PATCH v3 6/6] powerpc: Use " Christopher M. Riedl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202008271824.aR9fuh9T%lkp@intel.com \
--to=lkp@intel.com \
--cc=cmr@codefail.de \
--cc=kbuild-all@lists.01.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linuxppc-dev@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.