[PATCH v3 3/6] Add LKDTM test to hijack a patch mapping (powerpc, x86_64)
kernel test robot
lkp at intel.com
Thu Aug 27 20:11:28 AEST 2020
Hi "Christopher,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on powerpc/next]
[also build test ERROR on char-misc/char-misc-testing tip/x86/core v5.9-rc2 next-20200827]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Christopher-M-Riedl/Use-per-CPU-temporary-mappings-for-patching/20200827-161532
base: https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git next
config: x86_64-allmodconfig (attached as .config)
compiler: gcc-9 (Debian 9.3.0-15) 9.3.0
reproduce (this is a W=1 build):
# save the attached .config to linux build tree
make W=1 ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp at intel.com>
All errors (new ones prefixed by >>):
drivers/misc/lkdtm/perms.c: In function 'lkdtm_HIJACK_PATCH':
>> drivers/misc/lkdtm/perms.c:318:38: error: implicit declaration of function 'read_cpu_patching_addr' [-Werror=implicit-function-declaration]
318 | addr = offset_in_page(patch_site) | read_cpu_patching_addr(patching_cpu);
| ^~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
# https://github.com/0day-ci/linux/commit/36a98d779ee4620e6e091cbe3b438b52faa108ad
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Christopher-M-Riedl/Use-per-CPU-temporary-mappings-for-patching/20200827-161532
git checkout 36a98d779ee4620e6e091cbe3b438b52faa108ad
vim +/read_cpu_patching_addr +318 drivers/misc/lkdtm/perms.c
289
290 void lkdtm_HIJACK_PATCH(void)
291 {
292 #ifdef CONFIG_PPC
293 struct ppc_inst original_insn = ppc_inst_read(READ_ONCE(patch_site));
294 #endif
295 #ifdef CONFIG_X86_64
296 int original_insn = READ_ONCE(*patch_site);
297 #endif
298 struct task_struct *patching_kthrd;
299 int patching_cpu, hijacker_cpu, attempts;
300 unsigned long addr;
301 bool hijacked;
302 const int bad_data = 0xbad00bad;
303
304 if (num_online_cpus() < 2) {
305 pr_warn("need at least two cpus\n");
306 return;
307 }
308
309 hijacker_cpu = smp_processor_id();
310 patching_cpu = cpumask_any_but(cpu_online_mask, hijacker_cpu);
311
312 patching_kthrd = kthread_create_on_node(&lkdtm_patching_cpu, NULL,
313 cpu_to_node(patching_cpu),
314 "lkdtm_patching_cpu");
315 kthread_bind(patching_kthrd, patching_cpu);
316 wake_up_process(patching_kthrd);
317
> 318 addr = offset_in_page(patch_site) | read_cpu_patching_addr(patching_cpu);
319
320 pr_info("starting hijacker_cpu=%d\n", hijacker_cpu);
321 for (attempts = 0; attempts < 100000; ++attempts) {
322 /* Use __put_user to catch faults without an Oops */
323 hijacked = !__put_user(bad_data, (int *)addr);
324
325 if (hijacked) {
326 if (kthread_stop(patching_kthrd))
327 pr_err("error trying to stop patching thread\n");
328 break;
329 }
330 }
331 pr_info("hijack attempts: %d\n", attempts);
332
333 if (hijacked) {
334 if (lkdtm_verify_patch(bad_data))
335 pr_err("overwrote kernel text\n");
336 /*
337 * There are window conditions where the hijacker cpu manages to
338 * write to the patch site but the site gets overwritten again by
339 * the patching cpu. We still consider that a "successful" hijack
340 * since the hijacker cpu did not fault on the write.
341 */
342 pr_err("FAIL: wrote to another cpu's patching area\n");
343 } else {
344 kthread_stop(patching_kthrd);
345 }
346
347 /* Restore the original insn for any future lkdtm tests */
348 #ifdef CONFIG_PPC
349 patch_instruction(patch_site, original_insn);
350 #endif
351 #ifdef CONFIG_X86_64
352 lkdtm_do_patch(original_insn);
353 #endif
354 }
355
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: .config.gz
Type: application/gzip
Size: 76556 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/linuxppc-dev/attachments/20200827/4f9f79e0/attachment-0001.gz>
More information about the Linuxppc-dev
mailing list