test

Author: olsajiri

arch/x86/kernel/uprobes.c

@@ -645,11 +645,10 @@ static unsigned long find_nearest_page(unsigned long vaddr)
 		.length     = PAGE_SIZE,
 		.align_mask = ~PAGE_MASK,
 	};
-	unsigned long low_limit = PAGE_SIZE, high_limit = TASK_SIZE;
-	unsigned long low_tramp = ~0UL, high_tramp = ~0UL;
-	unsigned long limit, low_4GB, high_4GB;
+	unsigned long limit, low_limit = PAGE_SIZE, high_limit = TASK_SIZE;
+	unsigned long cross_4GB, low_4GB, high_4GB;
+	unsigned long low_tramp, high_tramp;
 	unsigned long call_end = vaddr + 5;
-	unsigned long aligned_4GB;
 
 	/*
 	 * The idea is to create a trampoline every 4GB, so we need to find
@@ -658,13 +657,10 @@ static unsigned long find_nearest_page(unsigned long vaddr)
 	 * page.
 	 */
 
-	if (vaddr > TASK_SIZE || vaddr < PAGE_SIZE)
-		return -ENOMEM;
-
-	/* Restrict limits to be within [PAGE_SIZE,TASK_SIZE] boundary. */
 	low_4GB = call_end & MASK_4GB;
 	high_4GB = low_4GB + __4GB;
 
+	/* Restrict limits to be within [PAGE_SIZE,TASK_SIZE] boundary. */
 	if (!check_add_overflow(call_end, INT_MIN, &limit))
 		low_limit = limit;
 	if (low_limit == PAGE_SIZE)
@@ -674,24 +670,20 @@ static unsigned long find_nearest_page(unsigned long vaddr)
 	if (high_limit > TASK_SIZE)
 		high_limit = high_4GB = TASK_SIZE;
 
+	/* Get 4GB alligned address that's within (call_end - 2GB, call_end + 2GB). */
+	if (low_limit <= low_4GB)
+		cross_4GB = low_4GB;
+	else
+		cross_4GB = high_4GB;
+
 	/* Search up from intersecting 4GB alignment address. */
-	if (low_limit <= low_4GB) {
-		info.low_limit = low_4GB;
-		info.high_limit = high_limit;
-	} else {
-		info.low_limit = high_4GB;
-		info.high_limit = high_limit;
-	}
+	info.low_limit = cross_4GB;
+	info.high_limit = high_limit;
 	high_tramp = vm_unmapped_area(&info);
 
 	/* Search down from intersecting 4GB alignment address. */
-	if (low_limit <= low_4GB) {
-		info.low_limit = low_limit;
-		info.high_limit = low_4GB;
-	} else {
-		info.low_limit = low_limit;
-		info.high_limit = high_4GB;
-	}
+	info.low_limit = low_limit;
+	info.high_limit = cross_4GB;
 	info.flags = VM_UNMAPPED_AREA_TOPDOWN;
 	low_tramp = vm_unmapped_area(&info);
 
@@ -702,16 +694,11 @@ static unsigned long find_nearest_page(unsigned long vaddr)
 	if (IS_ERR_VALUE(low_tramp))
 		return high_tramp;
 
-	if (low_limit <= low_4GB)
-		aligned_4GB = low_4GB;
-	else
-		aligned_4GB = high_4GB;
-
-	printk("KRAVA find_nearest_page vaddr %lx high_tramp %lx low_tramp %lx aligned_4GB %lx\n",
-			vaddr, low_tramp, high_tramp, aligned_4GB);
+	printk("KRAVA find_nearest_page vaddr %lx high_tramp %lx low_tramp %lx cross_4GB %lx\n",
+			vaddr, high_tramp, low_tramp, cross_4GB);
 
 	/* Return address that's closest to the 4GB alignment address. */
-	if (aligned_4GB - low_tramp < high_tramp - aligned_4GB)
+	if (cross_4GB - low_tramp < high_tramp - cross_4GB)
 		return low_tramp;
 	return high_tramp;
 }
@@ -756,6 +743,9 @@ static struct uprobe_trampoline *get_uprobe_trampoline(unsigned long vaddr, bool
 
 	printk("get_uprobe_trampoline1 vaddr %lx\n", vaddr);
 
+	if (vaddr > TASK_SIZE || vaddr < PAGE_SIZE)
+		return NULL;
+
 	hlist_for_each_entry(tramp, &state->head_tramps, node) {
 		if (is_reachable_by_call(tramp->vaddr, vaddr)) {
 			printk("get_uprobe_trampoline2 vaddr %lx -> tramp %lx\n", vaddr, tramp->vaddr);
@@ -907,10 +897,36 @@ asm (
 
 extern u8 uprobe_trampoline_entry[];
 
+static ssize_t
+bpf_uprobe_trampoline_write(struct file *file, struct kobject *kobj,
+			    const struct bin_attribute *bin_attr,
+			    char *buf, loff_t off, size_t len)
+{
+	struct mm_struct *mm = current->mm;
+	unsigned long vaddr = 0;
+	bool new = false;
+
+	if (kstrtoul(buf, 0, &vaddr))
+		return -EINVAL;
+
+        mmap_write_lock(mm);
+	get_uprobe_trampoline(vaddr, &new);
+        mmap_write_unlock(mm);
+
+	trace_printk("vaddr %lx new %d\n", vaddr, new);
+	return strlen(buf);
+}
+
+static struct bin_attribute bin_attr_uprobe_trampoline_file __ro_after_init = {
+	.attr = { .name = "uprobe_trampoline", .mode = 0666, },
+	.write = bpf_uprobe_trampoline_write,
+};
+
 static int __init arch_uprobes_init(void)
 {
+	printk("KRAVA TASK_SIZE %lx\n", TASK_SIZE);
 	tramp_mapping_pages[0] = virt_to_page(uprobe_trampoline_entry);
-	return 0;
+	return sysfs_create_bin_file(kernel_kobj, &bin_attr_uprobe_trampoline_file);
 }
 
 late_initcall(arch_uprobes_init);

tools/testing/selftests/bpf/prog_tests/uprobe_syscall.c

@@ -799,6 +799,66 @@ static void test_uprobe_sigill(void)
 	ASSERT_EQ(WTERMSIG(status), SIGILL, "WTERMSIG");
 }
 
+#define UPROBE_TRAMPOLINE_TEST_FILE "/sys/kernel/uprobe_trampoline"
+
+static int write_trampoline(unsigned long vaddr)
+{
+	size_t n, ret;
+	char buf[30];
+	int fd;
+
+	fprintf(stderr, "KRAVA vaddr %lx\n", vaddr);
+
+	n = sprintf(buf, "%lu", vaddr);
+
+	fd = open(UPROBE_TRAMPOLINE_TEST_FILE, O_WRONLY);
+	if (fd < 0)
+		return -errno;
+
+	ret = write(fd, buf, n);
+	close(fd);
+	return ret != n ? (int) ret : 0;
+}
+
+#define TASK_SIZE 0x7ffffffff000
+static void test_trampoline(void)
+{
+	int i;
+
+	fprintf(stderr, "KRAVA 1\n");
+
+	write_trampoline(0x2000);
+	write_trampoline((1UL << 32) + 0x2000);
+	write_trampoline((1UL << 32)*10 + 0x1000);
+	write_trampoline((1UL << 32)*10 - 0x1000);
+
+	fprintf(stderr, "KRAVA 2\n");
+
+	for (i = 0; i < 10; i++) {
+		write_trampoline((1UL << 32)*10 - i*1*(1UL << 30));
+		write_trampoline((1UL << 32)*10 - i*1*(1UL << 30) + 4096);
+	}
+
+	fprintf(stderr, "KRAVA 3\n");
+
+	for (i = 0; i < 10; i++) {
+		write_trampoline((1UL << 32)*10 + i*1*(1UL << 30));
+		write_trampoline((1UL << 32)*10 + i*1*(1UL << 30) + 4096);
+	}
+
+	fprintf(stderr, "KRAVA 4\n");
+
+	write_trampoline(TASK_SIZE - 0x1000);
+	write_trampoline(TASK_SIZE - 0x2000);
+
+	fprintf(stderr, "KRAVA 5\n");
+
+	for (i = 0; i < 10; i++) {
+		write_trampoline(TASK_SIZE + i*1*(1UL << 30));
+		write_trampoline(TASK_SIZE + i*1*(1UL << 30) + 4096);
+	}
+}
+
 static void __test_uprobe_syscall(void)
 {
 	if (test__start_subtest("uretprobe_regs_equal"))
@@ -823,6 +883,8 @@ static void __test_uprobe_syscall(void)
 		test_uprobe_regs_equal(false);
 	if (test__start_subtest("regs_change"))
 		test_regs_change();
+	if (test__start_subtest("trampoline"))
+		test_trampoline();
 }
 #else
 static void __test_uprobe_syscall(void)