-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sys/linux: add descriptions to test bpf_lsm module #1971
Conversation
Currently
I suspect the reason is that syz-env is using an older linux version (so only a portion of |
https://github.com/google/syzkaller/blob/master/docs/pseudo_syscalls.md |
Yes, malloc is not OK and don't use FILE*. mmap'ing something at a fixed address is minimal disturbance to the kernel behavior. We could mmap the file as well rather than read it in, should also make the code simpler. |
It seems like it is not possible to mmap the file Is using mmap with |
Yikes!
Let's say, yes. There are no strict rules. We are just trying to disturb execution as less as possible and make things as deterministic as possible. |
Should we be careful to not do a |
What will be the best way to obtain a fixed address that is portable to different architecture? I am looking at virtual memory mappings on different architecture, but not sure if I am on the right direction. |
Codecov Report
|
Check that it does not overlap with any existing mapping. Works for 32-bits. Not too low, not too high (kernel tends to map something there). I would probably take address close to our data region (mapped in os_init), but not adjacent to it. |
Fix the problems above and convert the draft into a normal pull request. |
The only problem I am facing is that when I run the test
where the content of
So it seems like call 1 ( |
syz_btf_id_by_name is probably too slow.
|
After increasing the time limit, the problem with
I think I need to change |
If it requires CAP_ADMIN, then yes. |
I am waiting for #2005 to be merged so I can run |
#2005 is merged now. Please rebase. |
When I run
Call 3 is the second call to the psuedo-syscall |
Also, is it important to pass all the test in By the way,
It seems like there need to be an extra blank line before each syscall, or the parser will assume the comment is the expected errno. |
And also, I can not pass the
I think this will be resolved once #2015 is merged. This commit passed other tests now. I will squash my commits once they are approved. |
Fixes for this merged. Should work now. |
Yes, Re syz_btf_id_by_name and "no coverage", I think we should just special-case syz_btf_id_by_name in pkg/runtest for now. It's intentional that it does not get coverage. And since it's first such syscall, I don't think it makes sense to implement something more fundamental right now. |
The change itself looks good to me. |
This commit includes the following changes: * executor: add a new syz_btf_id_by_name psuedo-syscall * sys/linux: add descriptions for BPF LSM subsystem * sys/linux: add instructions on how to dump vmlinux and install bpftool * sys/linux/test: add tests for the new psuedo-syscall * pkg/host: add support detection for the new psuedo-syscall * pkg/runtest: skip the coverage test when invoking the new psuedo-syscall Update google#533.
I fixed the problem and now it passes CI checks. |
Perfect! |
Pull request google#1971 add the resource bpf_lsm_btf_id and make that a required resource for bpf$BPF_LSM_PROG_LOAD. However, we need google#2035 merged to get a bpf_lsm_btf_id, and the pull request is currently blocked by a pahole issue. Thus, bpf$BPF_LSM_PROG_LOAD will be disabled for now. This pull request makes bpf_lsm_btf_id optional for bpf$BPF_LSM_PROG_LOAD, so we can test this syscall before the issue is resolved.
Pull request #1971 add the resource bpf_lsm_btf_id and make that a required resource for bpf$BPF_LSM_PROG_LOAD. However, we need #2035 merged to get a bpf_lsm_btf_id, and the pull request is currently blocked by a pahole issue. Thus, bpf$BPF_LSM_PROG_LOAD will be disabled for now. This pull request makes bpf_lsm_btf_id optional for bpf$BPF_LSM_PROG_LOAD, so we can test this syscall before the issue is resolved.
syz_btf_id_by_name
to translate a hook name into btf_id.syz_btf_id_by_name
to supported syscalls list.Most of the relevant APIs are in
/include/uapi/linux/bpf.c
(git, bootlin) and/include/uapi/linux/btf.c
(git, bootlin).Some context:
bpf(BPF_PROG_LOAD, ...)
to load a bpf program andbpf(BPF_RAW_TRACEPOINT_OPEN, ...)
to attach the program onto a lsm hook.attach_btf_id
, and one is able to translate a hook name into ID by looking up in/sys/kernel/btf/vmlinux
.sys/kernel/btf/vmlinux
is documented in/include/uapi/linux/btf.c
.