| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
There is no lwt_xmit test case for BPF_REDIRECT yet. Add test cases for
both normal and abnormal situations. For abnormal test cases, devices
are set down or have its carrier set down. Without proper fixes,
BPF_REDIRECT to either ingress or egress of such device would panic the
kernel.
Signed-off-by: Yan Zhai <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Link: https://lore.kernel.org/bpf/96bf435243641939d9c9da329fab29cb45f7df22.1692326837.git.yan@cloudflare.com
|
|
Enable CPU v4 instruction tests for arm64. Below are the test results from
BPF test_progs selftests:
# ./test_progs -t ldsx_insn,verifier_sdiv,verifier_movsx,verifier_ldsx,verifier_gotol,verifier_bswap
#115/1 ldsx_insn/map_val and probed_memory:OK
#115/2 ldsx_insn/ctx_member_sign_ext:OK
#115/3 ldsx_insn/ctx_member_narrow_sign_ext:OK
#115 ldsx_insn:OK
#302/1 verifier_bswap/BSWAP, 16:OK
#302/2 verifier_bswap/BSWAP, 16 @unpriv:OK
#302/3 verifier_bswap/BSWAP, 32:OK
#302/4 verifier_bswap/BSWAP, 32 @unpriv:OK
#302/5 verifier_bswap/BSWAP, 64:OK
#302/6 verifier_bswap/BSWAP, 64 @unpriv:OK
#302 verifier_bswap:OK
#316/1 verifier_gotol/gotol, small_imm:OK
#316/2 verifier_gotol/gotol, small_imm @unpriv:OK
#316 verifier_gotol:OK
#324/1 verifier_ldsx/LDSX, S8:OK
#324/2 verifier_ldsx/LDSX, S8 @unpriv:OK
#324/3 verifier_ldsx/LDSX, S16:OK
#324/4 verifier_ldsx/LDSX, S16 @unpriv:OK
#324/5 verifier_ldsx/LDSX, S32:OK
#324/6 verifier_ldsx/LDSX, S32 @unpriv:OK
#324/7 verifier_ldsx/LDSX, S8 range checking, privileged:OK
#324/8 verifier_ldsx/LDSX, S16 range checking:OK
#324/9 verifier_ldsx/LDSX, S16 range checking @unpriv:OK
#324/10 verifier_ldsx/LDSX, S32 range checking:OK
#324/11 verifier_ldsx/LDSX, S32 range checking @unpriv:OK
#324 verifier_ldsx:OK
#335/1 verifier_movsx/MOV32SX, S8:OK
#335/2 verifier_movsx/MOV32SX, S8 @unpriv:OK
#335/3 verifier_movsx/MOV32SX, S16:OK
#335/4 verifier_movsx/MOV32SX, S16 @unpriv:OK
#335/5 verifier_movsx/MOV64SX, S8:OK
#335/6 verifier_movsx/MOV64SX, S8 @unpriv:OK
#335/7 verifier_movsx/MOV64SX, S16:OK
#335/8 verifier_movsx/MOV64SX, S16 @unpriv:OK
#335/9 verifier_movsx/MOV64SX, S32:OK
#335/10 verifier_movsx/MOV64SX, S32 @unpriv:OK
#335/11 verifier_movsx/MOV32SX, S8, range_check:OK
#335/12 verifier_movsx/MOV32SX, S8, range_check @unpriv:OK
#335/13 verifier_movsx/MOV32SX, S16, range_check:OK
#335/14 verifier_movsx/MOV32SX, S16, range_check @unpriv:OK
#335/15 verifier_movsx/MOV32SX, S16, range_check 2:OK
#335/16 verifier_movsx/MOV32SX, S16, range_check 2 @unpriv:OK
#335/17 verifier_movsx/MOV64SX, S8, range_check:OK
#335/18 verifier_movsx/MOV64SX, S8, range_check @unpriv:OK
#335/19 verifier_movsx/MOV64SX, S16, range_check:OK
#335/20 verifier_movsx/MOV64SX, S16, range_check @unpriv:OK
#335/21 verifier_movsx/MOV64SX, S32, range_check:OK
#335/22 verifier_movsx/MOV64SX, S32, range_check @unpriv:OK
#335/23 verifier_movsx/MOV64SX, S16, R10 Sign Extension:OK
#335/24 verifier_movsx/MOV64SX, S16, R10 Sign Extension @unpriv:OK
#335 verifier_movsx:OK
#347/1 verifier_sdiv/SDIV32, non-zero imm divisor, check 1:OK
#347/2 verifier_sdiv/SDIV32, non-zero imm divisor, check 1 @unpriv:OK
#347/3 verifier_sdiv/SDIV32, non-zero imm divisor, check 2:OK
#347/4 verifier_sdiv/SDIV32, non-zero imm divisor, check 2 @unpriv:OK
#347/5 verifier_sdiv/SDIV32, non-zero imm divisor, check 3:OK
#347/6 verifier_sdiv/SDIV32, non-zero imm divisor, check 3 @unpriv:OK
#347/7 verifier_sdiv/SDIV32, non-zero imm divisor, check 4:OK
#347/8 verifier_sdiv/SDIV32, non-zero imm divisor, check 4 @unpriv:OK
#347/9 verifier_sdiv/SDIV32, non-zero imm divisor, check 5:OK
#347/10 verifier_sdiv/SDIV32, non-zero imm divisor, check 5 @unpriv:OK
#347/11 verifier_sdiv/SDIV32, non-zero imm divisor, check 6:OK
#347/12 verifier_sdiv/SDIV32, non-zero imm divisor, check 6 @unpriv:OK
#347/13 verifier_sdiv/SDIV32, non-zero imm divisor, check 7:OK
#347/14 verifier_sdiv/SDIV32, non-zero imm divisor, check 7 @unpriv:OK
#347/15 verifier_sdiv/SDIV32, non-zero imm divisor, check 8:OK
#347/16 verifier_sdiv/SDIV32, non-zero imm divisor, check 8 @unpriv:OK
#347/17 verifier_sdiv/SDIV32, non-zero reg divisor, check 1:OK
#347/18 verifier_sdiv/SDIV32, non-zero reg divisor, check 1 @unpriv:OK
#347/19 verifier_sdiv/SDIV32, non-zero reg divisor, check 2:OK
#347/20 verifier_sdiv/SDIV32, non-zero reg divisor, check 2 @unpriv:OK
#347/21 verifier_sdiv/SDIV32, non-zero reg divisor, check 3:OK
#347/22 verifier_sdiv/SDIV32, non-zero reg divisor, check 3 @unpriv:OK
#347/23 verifier_sdiv/SDIV32, non-zero reg divisor, check 4:OK
#347/24 verifier_sdiv/SDIV32, non-zero reg divisor, check 4 @unpriv:OK
#347/25 verifier_sdiv/SDIV32, non-zero reg divisor, check 5:OK
#347/26 verifier_sdiv/SDIV32, non-zero reg divisor, check 5 @unpriv:OK
#347/27 verifier_sdiv/SDIV32, non-zero reg divisor, check 6:OK
#347/28 verifier_sdiv/SDIV32, non-zero reg divisor, check 6 @unpriv:OK
#347/29 verifier_sdiv/SDIV32, non-zero reg divisor, check 7:OK
#347/30 verifier_sdiv/SDIV32, non-zero reg divisor, check 7 @unpriv:OK
#347/31 verifier_sdiv/SDIV32, non-zero reg divisor, check 8:OK
#347/32 verifier_sdiv/SDIV32, non-zero reg divisor, check 8 @unpriv:OK
#347/33 verifier_sdiv/SDIV64, non-zero imm divisor, check 1:OK
#347/34 verifier_sdiv/SDIV64, non-zero imm divisor, check 1 @unpriv:OK
#347/35 verifier_sdiv/SDIV64, non-zero imm divisor, check 2:OK
#347/36 verifier_sdiv/SDIV64, non-zero imm divisor, check 2 @unpriv:OK
#347/37 verifier_sdiv/SDIV64, non-zero imm divisor, check 3:OK
#347/38 verifier_sdiv/SDIV64, non-zero imm divisor, check 3 @unpriv:OK
#347/39 verifier_sdiv/SDIV64, non-zero imm divisor, check 4:OK
#347/40 verifier_sdiv/SDIV64, non-zero imm divisor, check 4 @unpriv:OK
#347/41 verifier_sdiv/SDIV64, non-zero imm divisor, check 5:OK
#347/42 verifier_sdiv/SDIV64, non-zero imm divisor, check 5 @unpriv:OK
#347/43 verifier_sdiv/SDIV64, non-zero imm divisor, check 6:OK
#347/44 verifier_sdiv/SDIV64, non-zero imm divisor, check 6 @unpriv:OK
#347/45 verifier_sdiv/SDIV64, non-zero reg divisor, check 1:OK
#347/46 verifier_sdiv/SDIV64, non-zero reg divisor, check 1 @unpriv:OK
#347/47 verifier_sdiv/SDIV64, non-zero reg divisor, check 2:OK
#347/48 verifier_sdiv/SDIV64, non-zero reg divisor, check 2 @unpriv:OK
#347/49 verifier_sdiv/SDIV64, non-zero reg divisor, check 3:OK
#347/50 verifier_sdiv/SDIV64, non-zero reg divisor, check 3 @unpriv:OK
#347/51 verifier_sdiv/SDIV64, non-zero reg divisor, check 4:OK
#347/52 verifier_sdiv/SDIV64, non-zero reg divisor, check 4 @unpriv:OK
#347/53 verifier_sdiv/SDIV64, non-zero reg divisor, check 5:OK
#347/54 verifier_sdiv/SDIV64, non-zero reg divisor, check 5 @unpriv:OK
#347/55 verifier_sdiv/SDIV64, non-zero reg divisor, check 6:OK
#347/56 verifier_sdiv/SDIV64, non-zero reg divisor, check 6 @unpriv:OK
#347/57 verifier_sdiv/SMOD32, non-zero imm divisor, check 1:OK
#347/58 verifier_sdiv/SMOD32, non-zero imm divisor, check 1 @unpriv:OK
#347/59 verifier_sdiv/SMOD32, non-zero imm divisor, check 2:OK
#347/60 verifier_sdiv/SMOD32, non-zero imm divisor, check 2 @unpriv:OK
#347/61 verifier_sdiv/SMOD32, non-zero imm divisor, check 3:OK
#347/62 verifier_sdiv/SMOD32, non-zero imm divisor, check 3 @unpriv:OK
#347/63 verifier_sdiv/SMOD32, non-zero imm divisor, check 4:OK
#347/64 verifier_sdiv/SMOD32, non-zero imm divisor, check 4 @unpriv:OK
#347/65 verifier_sdiv/SMOD32, non-zero imm divisor, check 5:OK
#347/66 verifier_sdiv/SMOD32, non-zero imm divisor, check 5 @unpriv:OK
#347/67 verifier_sdiv/SMOD32, non-zero imm divisor, check 6:OK
#347/68 verifier_sdiv/SMOD32, non-zero imm divisor, check 6 @unpriv:OK
#347/69 verifier_sdiv/SMOD32, non-zero reg divisor, check 1:OK
#347/70 verifier_sdiv/SMOD32, non-zero reg divisor, check 1 @unpriv:OK
#347/71 verifier_sdiv/SMOD32, non-zero reg divisor, check 2:OK
#347/72 verifier_sdiv/SMOD32, non-zero reg divisor, check 2 @unpriv:OK
#347/73 verifier_sdiv/SMOD32, non-zero reg divisor, check 3:OK
#347/74 verifier_sdiv/SMOD32, non-zero reg divisor, check 3 @unpriv:OK
#347/75 verifier_sdiv/SMOD32, non-zero reg divisor, check 4:OK
#347/76 verifier_sdiv/SMOD32, non-zero reg divisor, check 4 @unpriv:OK
#347/77 verifier_sdiv/SMOD32, non-zero reg divisor, check 5:OK
#347/78 verifier_sdiv/SMOD32, non-zero reg divisor, check 5 @unpriv:OK
#347/79 verifier_sdiv/SMOD32, non-zero reg divisor, check 6:OK
#347/80 verifier_sdiv/SMOD32, non-zero reg divisor, check 6 @unpriv:OK
#347/81 verifier_sdiv/SMOD64, non-zero imm divisor, check 1:OK
#347/82 verifier_sdiv/SMOD64, non-zero imm divisor, check 1 @unpriv:OK
#347/83 verifier_sdiv/SMOD64, non-zero imm divisor, check 2:OK
#347/84 verifier_sdiv/SMOD64, non-zero imm divisor, check 2 @unpriv:OK
#347/85 verifier_sdiv/SMOD64, non-zero imm divisor, check 3:OK
#347/86 verifier_sdiv/SMOD64, non-zero imm divisor, check 3 @unpriv:OK
#347/87 verifier_sdiv/SMOD64, non-zero imm divisor, check 4:OK
#347/88 verifier_sdiv/SMOD64, non-zero imm divisor, check 4 @unpriv:OK
#347/89 verifier_sdiv/SMOD64, non-zero imm divisor, check 5:OK
#347/90 verifier_sdiv/SMOD64, non-zero imm divisor, check 5 @unpriv:OK
#347/91 verifier_sdiv/SMOD64, non-zero imm divisor, check 6:OK
#347/92 verifier_sdiv/SMOD64, non-zero imm divisor, check 6 @unpriv:OK
#347/93 verifier_sdiv/SMOD64, non-zero imm divisor, check 7:OK
#347/94 verifier_sdiv/SMOD64, non-zero imm divisor, check 7 @unpriv:OK
#347/95 verifier_sdiv/SMOD64, non-zero imm divisor, check 8:OK
#347/96 verifier_sdiv/SMOD64, non-zero imm divisor, check 8 @unpriv:OK
#347/97 verifier_sdiv/SMOD64, non-zero reg divisor, check 1:OK
#347/98 verifier_sdiv/SMOD64, non-zero reg divisor, check 1 @unpriv:OK
#347/99 verifier_sdiv/SMOD64, non-zero reg divisor, check 2:OK
#347/100 verifier_sdiv/SMOD64, non-zero reg divisor, check 2 @unpriv:OK
#347/101 verifier_sdiv/SMOD64, non-zero reg divisor, check 3:OK
#347/102 verifier_sdiv/SMOD64, non-zero reg divisor, check 3 @unpriv:OK
#347/103 verifier_sdiv/SMOD64, non-zero reg divisor, check 4:OK
#347/104 verifier_sdiv/SMOD64, non-zero reg divisor, check 4 @unpriv:OK
#347/105 verifier_sdiv/SMOD64, non-zero reg divisor, check 5:OK
#347/106 verifier_sdiv/SMOD64, non-zero reg divisor, check 5 @unpriv:OK
#347/107 verifier_sdiv/SMOD64, non-zero reg divisor, check 6:OK
#347/108 verifier_sdiv/SMOD64, non-zero reg divisor, check 6 @unpriv:OK
#347/109 verifier_sdiv/SMOD64, non-zero reg divisor, check 7:OK
#347/110 verifier_sdiv/SMOD64, non-zero reg divisor, check 7 @unpriv:OK
#347/111 verifier_sdiv/SMOD64, non-zero reg divisor, check 8:OK
#347/112 verifier_sdiv/SMOD64, non-zero reg divisor, check 8 @unpriv:OK
#347/113 verifier_sdiv/SDIV32, zero divisor:OK
#347/114 verifier_sdiv/SDIV32, zero divisor @unpriv:OK
#347/115 verifier_sdiv/SDIV64, zero divisor:OK
#347/116 verifier_sdiv/SDIV64, zero divisor @unpriv:OK
#347/117 verifier_sdiv/SMOD32, zero divisor:OK
#347/118 verifier_sdiv/SMOD32, zero divisor @unpriv:OK
#347/119 verifier_sdiv/SMOD64, zero divisor:OK
#347/120 verifier_sdiv/SMOD64, zero divisor @unpriv:OK
#347 verifier_sdiv:OK
Summary: 6/166 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: Xu Kuohai <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Tested-by: Florent Revest <[email protected]>
Acked-by: Yonghong Song <[email protected]>
Acked-by: Florent Revest <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Various char * parameters in the common powerpc selftest APIs can be
const.
Signed-off-by: Nathan Lynch <[email protected]>
Signed-off-by: Michael Ellerman <[email protected]>
Link: https://msgid.link/[email protected]
|
|
Add exec_prot to to mm/.gitignore and sort the result.
Signed-off-by: Nathan Lynch <[email protected]>
Signed-off-by: Michael Ellerman <[email protected]>
Link: https://msgid.link/[email protected]
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Jakub Kicinski:
"Including fixes from ipsec and netfilter.
No known outstanding regressions.
Fixes to fixes:
- virtio-net: set queues after driver_ok, avoid a potential race
added by recent fix
- Revert "vlan: Fix VLAN 0 memory leak", it may lead to a warning
when VLAN 0 is registered explicitly
- nf_tables:
- fix false-positive lockdep splat in recent fixes
- don't fail inserts if duplicate has expired (fix test failures)
- fix races between garbage collection and netns dismantle
Current release - new code bugs:
- mlx5: Fix mlx5_cmd_update_root_ft() error flow
Previous releases - regressions:
- phy: fix IRQ-based wake-on-lan over hibernate / power off
Previous releases - always broken:
- sock: fix misuse of sk_under_memory_pressure() preventing system
from exiting global TCP memory pressure if a single cgroup is under
pressure
- fix the RTO timer retransmitting skb every 1ms if linear option is
enabled
- af_key: fix sadb_x_filter validation, amment netlink policy
- ipsec: fix slab-use-after-free in decode_session6()
- macb: in ZynqMP resume always configure PS GTR for non-wakeup
source
Misc:
- netfilter: set default timeout to 3 secs for sctp shutdown send and
recv state (from 300ms), align with protocol timers"
* tag 'net-6.5-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (49 commits)
ice: Block switchdev mode when ADQ is active and vice versa
qede: fix firmware halt over suspend and resume
net: do not allow gso_size to be set to GSO_BY_FRAGS
sock: Fix misuse of sk_under_memory_pressure()
sfc: don't fail probe if MAE/TC setup fails
sfc: don't unregister flow_indr if it was never registered
net: dsa: mv88e6xxx: Wait for EEPROM done before HW reset
net/mlx5: Fix mlx5_cmd_update_root_ft() error flow
net/mlx5e: XDP, Fix fifo overrun on XDP_REDIRECT
i40e: fix misleading debug logs
iavf: fix FDIR rule fields masks validation
ipv6: fix indentation of a config attribute
mailmap: add entries for Simon Horman
broadcom: b44: Use b44_writephy() return value
net: openvswitch: reject negative ifindex
team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
net: phy: broadcom: stub c45 read/write for 54810
netfilter: nft_dynset: disallow object maps
netfilter: nf_tables: GC transaction race with netns dismantle
netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
...
|
|
loongarch"
Unifying the asm-generic headers across 32-bit and 64-bit architectures
based on the compiler provided macros was a good idea and appears to work
with all user space, but it caused a regression when building old kernels
on systems that have the new headers installed in /usr/include, as this
combination trips an inconsistency in the kernel's own tools/include
headers that are a mix of userspace and kernel-internal headers.
This affects kernel builds on arm64, riscv64 and loongarch64 systems that
might end up using the "#define __BITS_PER_LONG 32" default from the old
tools headers. Backporting the commit into stable kernels would address
this, but it would still break building kernels without that backport,
and waste time for developers trying to understand the problem.
arm64 build machines are rather common, and on riscv64 this can also
happen in practice, but loongarch64 is probably new enough to not
be used much for building old kernels, so only revert the bits
for arm64 and riscv.
Link: https://lore.kernel.org/all/[email protected]/
Reported-by: Nathan Chancellor <[email protected]>
Fixes: 8386f58f8deda ("asm-generic: Unify uapi bitsperlong.h for arm64, riscv and loongarch")
Acked-by: Catalin Marinas <[email protected]>
Acked-by: Palmer Dabbelt <[email protected]>
Tested-by: Nathan Chancellor <[email protected]>
Signed-off-by: Arnd Bergmann <[email protected]>
|
|
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
Daniel Borkmann says:
====================
pull-request: bpf-next 2023-08-16
We've added 17 non-merge commits during the last 6 day(s) which contain
a total of 20 files changed, 1179 insertions(+), 37 deletions(-).
The main changes are:
1) Add a BPF hook in sys_socket() to change the protocol ID
from IPPROTO_TCP to IPPROTO_MPTCP to cover migration for legacy
applications, from Geliang Tang.
2) Follow-up/fallout fix from the SO_REUSEPORT + bpf_sk_assign work
to fix a splat on non-fullsock sks in inet[6]_steal_sock,
from Lorenz Bauer.
3) Improvements to struct_ops links to avoid forcing presence of
update/validate callbacks. Also add bpf_struct_ops fields documentation,
from David Vernet.
4) Ensure libbpf sets close-on-exec flag on gzopen, from Marco Vedovati.
5) Several new tcx selftest additions and bpftool link show support for
tcx and xdp links, from Daniel Borkmann.
6) Fix a smatch warning on uninitialized symbol in
bpf_perf_link_fill_kprobe, from Yafang Shao.
7) BPF selftest fixes e.g. misplaced break in kfunc_call test,
from Yipeng Zou.
8) Small cleanup to remove unused declaration bpf_link_new_file,
from Yue Haibing.
9) Small typo fix to bpftool's perf help message, from Daniel T. Lee.
* tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next:
selftests/bpf: Add mptcpify test
selftests/bpf: Fix error checks of mptcp open_and_load
selftests/bpf: Add two mptcp netns helpers
bpf: Add update_socket_protocol hook
bpftool: Implement link show support for xdp
bpftool: Implement link show support for tcx
selftests/bpf: Add selftest for fill_link_info
bpf: Fix uninitialized symbol in bpf_perf_link_fill_kprobe()
net: Fix slab-out-of-bounds in inet[6]_steal_sock
bpf: Document struct bpf_struct_ops fields
bpf: Support default .validate() and .update() behavior for struct_ops links
selftests/bpf: Add various more tcx test cases
selftests/bpf: Clean up fmod_ret in bench_rename test script
selftests/bpf: Fix repeat option when kfunc_call verification fails
libbpf: Set close-on-exec flag on gzopen
bpftool: fix perf help message
bpf: Remove unused declaration bpf_link_new_file()
====================
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
For stack-validation of a frame-pointer build, objtool validates that
every CALL instruction is preceded by a frame-setup. The new SRSO
return thunks violate this with their RSB stuffing trickery.
Extend the __fentry__ exception to also cover the embedded_insn case
used for this. This cures:
vmlinux.o: warning: objtool: srso_untrain_ret+0xd: call without frame pointer save/setup
Fixes: 4ae68b26c3ab ("objtool/x86: Fix SRSO mess")
Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Signed-off-by: Borislav Petkov (AMD) <[email protected]>
Acked-by: Josh Poimboeuf <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
|
|
'rcu-tasks.2023.07.24a', 'rcuscale.2023.07.14b', 'refscale.2023.07.14b', 'torture.2023.08.14a' and 'torturescripts.2023.07.20a' into HEAD
doc.2023.07.14b: Documentation updates.
fixes.2023.08.16a: Miscellaneous fixes.
rcu-tasks.2023.07.24a: RCU Tasks updates.
rcuscale.2023.07.14b: RCU (updater) scalability test updates.
refscale.2023.07.14b: Reference (reader) scalability test updates.
torture.2023.08.14a: Other torture-test updates.
torturescripts.2023.07.20a: Other torture-test scripting updates.
|
|
Rename the original retbleed return thunk and untrain_ret to
retbleed_return_thunk() and retbleed_untrain_ret().
No functional changes.
Suggested-by: Josh Poimboeuf <[email protected]>
Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Signed-off-by: Borislav Petkov (AMD) <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
|
|
Use the existing configurable return thunk. There is absolute no
justification for having created this __x86_return_thunk alternative.
To clarify, the whole thing looks like:
Zen3/4 does:
srso_alias_untrain_ret:
nop2
lfence
jmp srso_alias_return_thunk
int3
srso_alias_safe_ret: // aliasses srso_alias_untrain_ret just so
add $8, %rsp
ret
int3
srso_alias_return_thunk:
call srso_alias_safe_ret
ud2
While Zen1/2 does:
srso_untrain_ret:
movabs $foo, %rax
lfence
call srso_safe_ret (jmp srso_return_thunk ?)
int3
srso_safe_ret: // embedded in movabs instruction
add $8,%rsp
ret
int3
srso_return_thunk:
call srso_safe_ret
ud2
While retbleed does:
zen_untrain_ret:
test $0xcc, %bl
lfence
jmp zen_return_thunk
int3
zen_return_thunk: // embedded in the test instruction
ret
int3
Where Zen1/2 flush the BTB entry using the instruction decoder trick
(test,movabs) Zen3/4 use BTB aliasing. SRSO adds a return sequence
(srso_safe_ret()) which forces the function return instruction to
speculate into a trap (UD2). This RET will then mispredict and
execution will continue at the return site read from the top of the
stack.
Pick one of three options at boot (evey function can only ever return
once).
[ bp: Fixup commit message uarch details and add them in a comment in
the code too. Add a comment about the srso_select_mitigation()
dependency on retbleed_select_mitigation(). Add moar ifdeffery for
32-bit builds. Add a dummy srso_untrain_ret_alias() definition for
32-bit alternatives needing the symbol. ]
Fixes: fb3bd914b3ec ("x86/srso: Add a Speculative RAS Overflow mitigation")
Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Signed-off-by: Borislav Petkov (AMD) <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
|
|
This testcase is constrived to reproduce a problem that the cpu buffers
become unavailable which is due to 'record_disabled' of array_buffer and
max_buffer being messed up.
Local test result after bugfix:
# ./ftracetest test.d/00basic/snapshot1.tc
=== Ftrace unit tests ===
[1] Snapshot and tracing_cpumask [PASS]
[2] (instance) Snapshot and tracing_cpumask [PASS]
# of passed: 2
# of failed: 0
# of unresolved: 0
# of untested: 0
# of unsupported: 0
# of xfailed: 0
# of undefined(test bug): 0
Link: https://lkml.kernel.org/r/[email protected]
Cc: <[email protected]>
Cc: <[email protected]>
Cc: <[email protected]>
Signed-off-by: Zheng Yejian <[email protected]>
Signed-off-by: Steven Rostedt (Google) <[email protected]>
|
|
Implement a new test program mptcpify: if the family is AF_INET or
AF_INET6, the type is SOCK_STREAM, and the protocol ID is 0 or
IPPROTO_TCP, set it to IPPROTO_MPTCP. It will be hooked in
update_socket_protocol().
Extend the MPTCP test base, add a selftest test_mptcpify() for the
mptcpify case. Open and load the mptcpify test prog to mptcpify the
TCP sockets dynamically, then use start_server() and connect_to_fd()
to create a TCP socket, but actually what's created is an MPTCP
socket, which can be verified through 'getsockopt(SOL_PROTOCOL)'
and 'getsockopt(MPTCP_INFO)'.
Acked-by: Yonghong Song <[email protected]>
Reviewed-by: Matthieu Baerts <[email protected]>
Signed-off-by: Geliang Tang <[email protected]>
Link: https://lore.kernel.org/r/364e72f307e7bb38382ec7442c182d76298a9c41.1692147782.git.geliang.tang@suse.com
Signed-off-by: Martin KaFai Lau <[email protected]>
|
|
Return libbpf_get_error(), instead of -EIO, for the error from
mptcp_sock__open_and_load().
Load success means prog_fd and map_fd are always valid. So drop these
unneeded ASSERT_GE checks for them in mptcp run_test().
Acked-by: Yonghong Song <[email protected]>
Signed-off-by: Geliang Tang <[email protected]>
Link: https://lore.kernel.org/r/db5fcb93293df9ab173edcbaf8252465b80da6f2.1692147782.git.geliang.tang@suse.com
Signed-off-by: Martin KaFai Lau <[email protected]>
|
|
Add two netns helpers for mptcp tests: create_netns() and
cleanup_netns(). Use them in test_base().
These new helpers will be re-used in the following commits
introducing new tests.
Acked-by: Yonghong Song <[email protected]>
Reviewed-by: Matthieu Baerts <[email protected]>
Signed-off-by: Geliang Tang <[email protected]>
Link: https://lore.kernel.org/r/7506371fb6c417b401cc9d7365fe455754f4ba3f.1692147782.git.geliang.tang@suse.com
Signed-off-by: Martin KaFai Lau <[email protected]>
|
|
Add support to dump XDP link information to bpftool. This reuses the
recently added show_link_ifindex_{plain,json}(). The XDP link info only
exposes the ifindex.
Below shows an example link dump output, and a cgroup link is included
for comparison, too:
# bpftool link
[...]
10: cgroup prog 2466
cgroup_id 1 attach_type cgroup_inet6_post_bind
[...]
16: xdp prog 2477
ifindex enp5s0(3)
[...]
Equivalent json output:
# bpftool link --json
[...]
{
"id": 10,
"type": "cgroup",
"prog_id": 2466,
"cgroup_id": 1,
"attach_type": "cgroup_inet6_post_bind"
},
[...]
{
"id": 16,
"type": "xdp",
"prog_id": 2477,
"devname": "enp5s0",
"ifindex": 3
}
[...]
Signed-off-by: Daniel Borkmann <[email protected]>
Reviewed-by: Quentin Monnet <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin KaFai Lau <[email protected]>
|
|
Add support to dump tcx link information to bpftool. This adds a
common helper show_link_ifindex_{plain,json}() which can be reused
also for other link types. The plain text and json device output is
the same format as in bpftool net dump.
Below shows an example link dump output along with a cgroup link
for comparison:
# bpftool link
[...]
10: cgroup prog 1977
cgroup_id 1 attach_type cgroup_inet6_post_bind
[...]
13: tcx prog 2053
ifindex enp5s0(3) attach_type tcx_ingress
14: tcx prog 2080
ifindex enp5s0(3) attach_type tcx_egress
[...]
Equivalent json output:
# bpftool link --json
[...]
{
"id": 10,
"type": "cgroup",
"prog_id": 1977,
"cgroup_id": 1,
"attach_type": "cgroup_inet6_post_bind"
},
[...]
{
"id": 13,
"type": "tcx",
"prog_id": 2053,
"devname": "enp5s0",
"ifindex": 3,
"attach_type": "tcx_ingress"
},
{
"id": 14,
"type": "tcx",
"prog_id": 2080,
"devname": "enp5s0",
"ifindex": 3,
"attach_type": "tcx_egress"
}
[...]
Suggested-by: Yafang Shao <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Reviewed-by: Quentin Monnet <[email protected]>
Acked-by: Yafang Shao <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Martin KaFai Lau <[email protected]>
|
|
At the moment the cachestat syscall number is hard coded into the test
source code.
Remove that and replace it with the proper __NR_cachestat macro.
That ensures compatibility should other architectures pick a different
number.
Signed-off-by: Andre Przywara <[email protected]>
Reviewed-by: Nhat Pham <[email protected]>
Signed-off-by: Shuah Khan <[email protected]>
|
|
Libraries should be listed last on the compiler's command line, so that
the linker can look for and find still unresolved symbols. The librt
library, required for the shm_* functions, was announced using CFLAGS,
which puts the library *before* the source files, and fails compilation
on my system:
======================
gcc -isystem /src/linux-selftests/usr/include -Wall -lrt test_cachestat.c
-o /src/linux-selftests/kselftest/cachestat/test_cachestat
/usr/bin/ld: /tmp/cceQWO3u.o: in function `test_cachestat_shmem':
test_cachestat.c:(.text+0x890): undefined reference to `shm_open'
/usr/bin/ld: test_cachestat.c:(.text+0x99c): undefined reference to `shm_unlink'
collect2: error: ld returned 1 exit status
make[4]: *** [../lib.mk:181: /src/linux-selftests/kselftest/cachestat/test_cachestat] Error 1
======================
Announce the library using the LDLIBS variable, which ensures the proper
ordering on the command line.
Signed-off-by: Andre Przywara <[email protected]>
Signed-off-by: Shuah Khan <[email protected]>
|
|
Observed occassional failures in the futex_wait_timeout test:
ok 1 futex_wait relative succeeds
ok 2 futex_wait_bitset realtime succeeds
ok 3 futex_wait_bitset monotonic succeeds
ok 4 futex_wait_requeue_pi realtime succeeds
ok 5 futex_wait_requeue_pi monotonic succeeds
not ok 6 futex_lock_pi realtime returned 0
......
The test expects the child thread to complete some steps before
the parent thread gets to run. There is an implicit expectation
of the order of invocation of futex_lock_pi between the child thread
and the parent thread. Make this order explicit. If the order is
not met, the futex_lock_pi call in the parent thread succeeds and
will not timeout.
Fixes: f4addd54b161 ("selftests: futex: Expand timeout test")
Signed-off-by: Nysal Jan K.A <[email protected]>
Signed-off-by: Shuah Khan <[email protected]>
|
|
We have some dmabuf-heaps and perf_events tests but they are not hooked
up to the kselftest build infrastructure which is a bit of an obstacle
to running them in systems with generic infrastructure for selftests.
Add them to the top level kselftest Makefile so they get built as
standard.
Signed-off-by: Mark Brown <[email protected]>
Signed-off-by: Shuah Khan <[email protected]>
|
|
The user_events selftests were removed from the standard set of
selftests due to the uapi header it relies on having been temporarily
removed. That header is now reinstated so we can reenable the tests.
Signed-off-by: Mark Brown <[email protected]>
Signed-off-by: Shuah Khan <[email protected]>
|
|
In busybox, the mktemp requires that the generated filename be
suffixed with at least six consecutive 'X' characters. Otherwise,
it will return an "Invalid argument" error.
Signed-off-by: Hui Min Mina Chou <[email protected]>
Reviewed-by: Javier Martinez Canillas <[email protected]>
Signed-off-by: Shuah Khan <[email protected]>
|
|
Add selftest for the fill_link_info of uprobe, kprobe and tracepoint.
The result:
$ tools/testing/selftests/bpf/test_progs --name=fill_link_info
#79/1 fill_link_info/kprobe_link_info:OK
#79/2 fill_link_info/kretprobe_link_info:OK
#79/3 fill_link_info/kprobe_invalid_ubuff:OK
#79/4 fill_link_info/tracepoint_link_info:OK
#79/5 fill_link_info/uprobe_link_info:OK
#79/6 fill_link_info/uretprobe_link_info:OK
#79/7 fill_link_info/kprobe_multi_link_info:OK
#79/8 fill_link_info/kretprobe_multi_link_info:OK
#79/9 fill_link_info/kprobe_multi_invalid_ubuff:OK
#79 fill_link_info:OK
Summary: 1/9 PASSED, 0 SKIPPED, 0 FAILED
The test case for kprobe_multi won't be run on aarch64, as it is not
supported.
Signed-off-by: Yafang Shao <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Acked-by: Yonghong Song <[email protected]>
Acked-by: Jiri Olsa <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
riscv now supports mmaping hardware counters to userspace so adapt the test
to run on this architecture.
Signed-off-by: Alexandre Ghiti <[email protected]>
Reviewed-by: Andrew Jones <[email protected]>
Reviewed-by: Atish Patra <[email protected]>
Reviewed-by: Ian Rogers <[email protected]>
|
|
riscv now supports mmaping hardware counters so add what's needed to
take advantage of that in libperf.
Signed-off-by: Alexandre Ghiti <[email protected]>
Reviewed-by: Andrew Jones <[email protected]>
Reviewed-by: Atish Patra <[email protected]>
Reviewed-by: Ian Rogers <[email protected]>
|
|
Add the jscvt feature check in the set of hwcap tests.
Due to the requirement of jscvt feature, a compiler configuration
of v8.3 or above is needed to support assembly. Therefore, hand
encode is used here instead.
Signed-off-by: Zeng Heng <[email protected]>
Reviewed-by: Mark Brown <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Will Deacon <[email protected]>
|
|
Add the pmull feature check in the set of hwcap tests.
Signed-off-by: Zeng Heng <[email protected]>
Reviewed-by: Mark Brown <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Will Deacon <[email protected]>
|
|
Add the AES feature check in the set of hwcap tests.
Signed-off-by: Zeng Heng <[email protected]>
Reviewed-by: Mark Brown <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Will Deacon <[email protected]>
|
|
Add the SHA1 and related features check in the set of hwcap tests.
Signed-off-by: Zeng Heng <[email protected]>
Reviewed-by: Mark Brown <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Will Deacon <[email protected]>
|
|
Now that ptrace and perf are no longer exclusive, update the
test to exercise interesting interactions.
An assembly file is used for the children to allow precise instruction
choice and addresses, while avoiding any compiler quirks.
Signed-off-by: Benjamin Gray <[email protected]>
Signed-off-by: Michael Ellerman <[email protected]>
Link: https://msgid.link/[email protected]
|
|
Commit ddb5cdbafaaa ("kbuild: generate KSYMTAB entries by modpost")
deprecated <asm/export.h>, which is now a wrapper of <linux/export.h>.
Replace #include <asm/export.h> with #include <linux/export.h>.
After all the <asm/export.h> lines are converted, <asm/export.h> and
<asm-generic/export.h> will be removed.
Signed-off-by: Masahiro Yamada <[email protected]>
[mpe: Fixup selftests that stub asm/export.h]
Signed-off-by: Michael Ellerman <[email protected]>
Link: https://msgid.link/[email protected]
|
|
The arm64 BTI selftests are currently built in the source directory,
then the generated binaries are copied to the output directory.
This leaves the object files around in a potentially otherwise pristine
source tree, tainting it for out-of-tree kernel builds.
Prepend $(OUTPUT) to every reference to an object file in the Makefile,
and remove the extra handling and copying. This puts all generated files
under the output directory.
Signed-off-by: Andre Przywara <[email protected]>
Reviewed-by: Mark Brown <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Will Deacon <[email protected]>
|
|
If memcmp() does not return 0, "zeros" need to be freed to prevent memleak
Signed-off-by: Ding Xiang <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Will Deacon <[email protected]>
|
|
Add 1000 IPv6 routes with expiration time (w/ and w/o additional 5000
permanet routes in the background.) Wait for a few seconds to make sure
they are removed correctly.
The expected output of the test looks like the following example.
> Fib6 garbage collection test
> TEST: ipv6 route garbage collection [ OK ]
Signed-off-by: Kui-Feng Lee <[email protected]>
Reviewed-by: David Ahern <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Objtool --rethunk does two things:
- it collects all (tail) call's of __x86_return_thunk and places them
into .return_sites. These are typically compiler generated, but
RET also emits this same.
- it fudges the validation of the __x86_return_thunk symbol; because
this symbol is inside another instruction, it can't actually find
the instruction pointed to by the symbol offset and gets upset.
Because these two things pertained to the same symbol, there was no
pressing need to separate these two separate things.
However, alas, along comes SRSO and more crazy things to deal with
appeared.
The SRSO patch itself added the following symbol names to identify as
rethunk:
'srso_untrain_ret', 'srso_safe_ret' and '__ret'
Where '__ret' is the old retbleed return thunk, 'srso_safe_ret' is a
new similarly embedded return thunk, and 'srso_untrain_ret' is
completely unrelated to anything the above does (and was only included
because of that INT3 vs UD2 issue fixed previous).
Clear things up by adding a second category for the embedded instruction
thing.
Fixes: fb3bd914b3ec ("x86/srso: Add a Speculative RAS Overflow mitigation")
Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Signed-off-by: Borislav Petkov (AMD) <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
|
|
When run command "ip netns delete client", device link1_1 has been
deleted. So, it is no need to delete link1_1 again. Remove it.
Signed-off-by: Zhengchao Shao <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
When developing specs its useful to know which attr space
YNL was trying to find an attribute in on key error.
Instead of printing:
KeyError: 0
add info about the space:
Exception: Space 'vport' has no attribute with value '0'
Reviewed-by: Donald Hunter <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
This selftest is designed for testing the support of NEXT-C-SID flavor
for SRv6 End.X behavior. It instantiates a virtual network composed of
several nodes: hosts and SRv6 routers. Each node is realized using a
network namespace that is properly interconnected to others through veth
pairs, according to the topology depicted in the selftest script file.
The test considers SRv6 routers implementing IPv4/IPv6 L3 VPNs leveraged
by hosts for communicating with each other. Such routers i) apply
different SRv6 Policies to the traffic received from connected hosts,
considering the IPv4 or IPv6 protocols; ii) use the NEXT-C-SID
compression mechanism for encoding several SRv6 segments within a single
128-bit SID address, referred to as a Compressed SID (C-SID) container.
The NEXT-C-SID is provided as a "flavor" of the SRv6 End.X behavior,
enabling it to properly process the C-SID containers. The correct
execution of the enabled NEXT-C-SID SRv6 End.X behavior is verified
through reachability tests carried out between hosts belonging to the
same VPN.
Signed-off-by: Paolo Lungaroni <[email protected]>
Co-developed-by: Andrea Mayer <[email protected]>
Signed-off-by: Andrea Mayer <[email protected]>
Reviewed-by: David Ahern <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
Required for following patches.
Resolve merge conflict by using the hunk from the for-next branch and
shifting the iommufd_object_deref_user() into iommufd_hw_pagetable_put()
Signed-off-by: Jason Gunthorpe <[email protected]>
|
|
Add several new tcx test cases to improve test coverage. This also includes
a few new tests with ingress instead of clsact qdisc, to cover the fix from
commit dc644b540a2d ("tcx: Fix splat in ingress_destroy upon tcx_entry_free").
# ./test_progs -t tc
[...]
#234 tc_links_after:OK
#235 tc_links_append:OK
#236 tc_links_basic:OK
#237 tc_links_before:OK
#238 tc_links_chain_classic:OK
#239 tc_links_chain_mixed:OK
#240 tc_links_dev_cleanup:OK
#241 tc_links_dev_mixed:OK
#242 tc_links_ingress:OK
#243 tc_links_invalid:OK
#244 tc_links_prepend:OK
#245 tc_links_replace:OK
#246 tc_links_revision:OK
#247 tc_opts_after:OK
#248 tc_opts_append:OK
#249 tc_opts_basic:OK
#250 tc_opts_before:OK
#251 tc_opts_chain_classic:OK
#252 tc_opts_chain_mixed:OK
#253 tc_opts_delete_empty:OK
#254 tc_opts_demixed:OK
#255 tc_opts_detach:OK
#256 tc_opts_detach_after:OK
#257 tc_opts_detach_before:OK
#258 tc_opts_dev_cleanup:OK
#259 tc_opts_invalid:OK
#260 tc_opts_mixed:OK
#261 tc_opts_prepend:OK
#262 tc_opts_replace:OK
#263 tc_opts_revision:OK
[...]
Summary: 44/38 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: Daniel Borkmann <[email protected]>
Link: https://lore.kernel.org/r/8699efc284b75ccdc51ddf7062fa2370330dc6c0.1692029283.git.daniel@iogearbox.net
Signed-off-by: Martin KaFai Lau <[email protected]>
|
|
Allow user to pass port index for health reporter dump request.
Re-generate the related code.
Signed-off-by: Jiri Pirko <[email protected]>
Acked-by: Jakub Kicinski <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
instance attributes
Extend per-instance dump command definitions to accept instance
attributes. Allow parsing of devlink handle attributes so they could
be used for instance selection.
Re-generate the related code.
Signed-off-by: Jiri Pirko <[email protected]>
Acked-by: Jakub Kicinski <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
Add the definitions for the commands that do per-instance dump
and re-generate the related code.
Signed-off-by: Jiri Pirko <[email protected]>
Acked-by: Jakub Kicinski <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Jakub Kicinski <[email protected]>
|
|
Running the bench_rename test script, the following error occurs:
# ./benchs/run_bench_rename.sh
base : 0.819 ± 0.012M/s
kprobe : 0.538 ± 0.009M/s
kretprobe : 0.503 ± 0.004M/s
rawtp : 0.779 ± 0.020M/s
fentry : 0.726 ± 0.007M/s
fexit : 0.691 ± 0.007M/s
benchmark 'rename-fmodret' not found
The bench_rename_fmodret has been removed in commit b000def2e052
("selftests: Remove fmod_ret from test_overhead"), thus remove it
from the runners in the test script.
Fixes: b000def2e052 ("selftests: Remove fmod_ret from test_overhead")
Signed-off-by: Yipeng Zou <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
There is no way where topts.repeat can be set to 1 when tc_test fails.
Fix the typo where the break statement slipped by one line.
Fixes: fb66223a244f ("selftests/bpf: add test for accessing ctx from syscall program type")
Signed-off-by: Yipeng Zou <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Reviewed-by: Li Zetao <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
Enable the close-on-exec flag when using gzopen. This is especially important
for multithreaded programs making use of libbpf, where a fork + exec could
race with libbpf library calls, potentially resulting in a file descriptor
leaked to the new process. This got missed in 59842c5451fe ("libbpf: Ensure
libbpf always opens files with O_CLOEXEC").
Fixes: 59842c5451fe ("libbpf: Ensure libbpf always opens files with O_CLOEXEC")
Signed-off-by: Marco Vedovati <[email protected]>
Signed-off-by: Daniel Borkmann <[email protected]>
Link: https://lore.kernel.org/bpf/[email protected]
|
|
This test verifies whether the encapsulated packets have the correct
configured TTL. It does so by sending ICMP packets through the test
topology and mirroring them to a gretap netdevice. On a busy host
however, more than just the test ICMP packets may end up flowing
through the topology, get mirrored, and counted. This leads to
potential spurious failures as the test observes much more mirrored
packets than the sent test packets, and assumes a bug.
Fix this by tightening up the mirror action match. Change it from
matchall to a flower classifier matching on ICMP packets specifically.
Fixes: 45315673e0c5 ("selftests: forwarding: Test changes in mirror-to-gretap")
Signed-off-by: Petr Machata <[email protected]>
Tested-by: Mirsad Todorovac <[email protected]>
Reviewed-by: Ido Schimmel <[email protected]>
Reviewed-by: Simon Horman <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
retpolines and IBT
The kprobes optimization check can_optimize() calls
insn_is_indirect_jump() to detect indirect jump instructions in
a target function. If any is found, creating an optprobe is disallowed
in the function because the jump could be from a jump table and could
potentially land in the middle of the target optprobe.
With retpolines, insn_is_indirect_jump() additionally looks for calls to
indirect thunks which the compiler potentially used to replace original
jumps. This extra check is however unnecessary because jump tables are
disabled when the kernel is built with retpolines. The same is currently
the case with IBT.
Based on this observation, remove the logic to look for calls to
indirect thunks and skip the check for indirect jumps altogether if the
kernel is built with retpolines or IBT. Remove subsequently the symbols
__indirect_thunk_start and __indirect_thunk_end which are no longer
needed.
Dropping this logic indirectly fixes a problem where the range
[__indirect_thunk_start, __indirect_thunk_end] wrongly included also the
return thunk. It caused that machines which used the return thunk as
a mitigation and didn't have it patched by any alternative ended up not
being able to use optprobes in any regular function.
Fixes: 0b53c374b9ef ("x86/retpoline: Use -mfunction-return")
Suggested-by: Peter Zijlstra (Intel) <[email protected]>
Suggested-by: Masami Hiramatsu (Google) <[email protected]>
Signed-off-by: Petr Pavlu <[email protected]>
Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Signed-off-by: Borislav Petkov (AMD) <[email protected]>
Acked-by: Masami Hiramatsu (Google) <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
|
|
The linker script arch/x86/kernel/vmlinux.lds.S matches the thunk
sections ".text.__x86.*" from arch/x86/lib/retpoline.S as follows:
.text {
[...]
TEXT_TEXT
[...]
__indirect_thunk_start = .;
*(.text.__x86.*)
__indirect_thunk_end = .;
[...]
}
Macro TEXT_TEXT references TEXT_MAIN which normally expands to only
".text". However, with CONFIG_LTO_CLANG, TEXT_MAIN becomes
".text .text.[0-9a-zA-Z_]*" which wrongly matches also the thunk
sections. The output layout is then different than expected. For
instance, the currently defined range [__indirect_thunk_start,
__indirect_thunk_end] becomes empty.
Prevent the problem by using ".." as the first separator, for example,
".text..__x86.indirect_thunk". This pattern is utilized by other
explicit section names which start with one of the standard prefixes,
such as ".text" or ".data", and that need to be individually selected in
the linker script.
[ nathan: Fix conflicts with SRSO and fold in fix issue brought up by
Andrew Cooper in post-review:
https://lore.kernel.org/[email protected] ]
Fixes: dc5723b02e52 ("kbuild: add support for Clang LTO")
Signed-off-by: Petr Pavlu <[email protected]>
Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Signed-off-by: Nathan Chancellor <[email protected]>
Signed-off-by: Borislav Petkov (AMD) <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
|