| Message ID | 20230414031325.82840-1-eiichi.tsukata@nutanix.com (mailing list archive) |
|---|---|
| State | Rejected |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | audit: use pid.is_auditd to make auditd_test_task() faster | expand |
On Thu, Apr 13, 2023 at 11:14 PM Eiichi Tsukata <eiichi.tsukata@nutanix.com> wrote: > > auditd_test_task() is a hot path of system call auditing. This patch > introduces a new bit field "is_auditd" in pid struct which can be used > for faster check of registered audit daemon. > > Benchmark > ========= > > Run the following command: > > dd if=/dev/zero of=/dev/null bs=1 count=5M > > With rule: > > -a never,exit -F arch=b64 -S uname > > Result: > > Base line : 2.572 sec > /w this patch: 2.412 sec (6.6% faster) > > Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com> > --- > include/linux/pid.h | 4 ++++ > kernel/audit.c | 22 ++-------------------- > kernel/audit.h | 3 ++- > kernel/pid.c | 3 +++ > 4 files changed, 11 insertions(+), 21 deletions(-) > > diff --git a/include/linux/pid.h b/include/linux/pid.h > index 343abf22092e..5fe38e254c9a 100644 > --- a/include/linux/pid.h > +++ b/include/linux/pid.h > @@ -68,6 +68,10 @@ struct pid > wait_queue_head_t wait_pidfd; > struct rcu_head rcu; > struct upid numbers[1]; > +#ifdef CONFIG_AUDIT > + /* registered audit daemon tgid */ > + unsigned is_auditd:1; > +#endif > }; Thank you for the patch, but I don't think we want to add an audit specific field to the pid struct at this time.
> On Apr 14, 2023, at 23:44, Paul Moore <paul@paul-moore.com> wrote: > > On Thu, Apr 13, 2023 at 11:14 PM Eiichi Tsukata > <eiichi.tsukata@nutanix.com> wrote: >> >> auditd_test_task() is a hot path of system call auditing. This patch >> introduces a new bit field "is_auditd" in pid struct which can be used >> for faster check of registered audit daemon. >> >> Benchmark >> ========= >> >> Run the following command: >> >> dd if=/dev/zero of=/dev/null bs=1 count=5M >> >> With rule: >> >> -a never,exit -F arch=b64 -S uname >> >> Result: >> >> Base line : 2.572 sec >> /w this patch: 2.412 sec (6.6% faster) >> >> Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com> >> --- >> include/linux/pid.h | 4 ++++ >> kernel/audit.c | 22 ++-------------------- >> kernel/audit.h | 3 ++- >> kernel/pid.c | 3 +++ >> 4 files changed, 11 insertions(+), 21 deletions(-) >> >> diff --git a/include/linux/pid.h b/include/linux/pid.h >> index 343abf22092e..5fe38e254c9a 100644 >> --- a/include/linux/pid.h >> +++ b/include/linux/pid.h >> @@ -68,6 +68,10 @@ struct pid >> wait_queue_head_t wait_pidfd; >> struct rcu_head rcu; >> struct upid numbers[1]; >> +#ifdef CONFIG_AUDIT >> + /* registered audit daemon tgid */ >> + unsigned is_auditd:1; >> +#endif >> }; > > Thank you for the patch, but I don't think we want to add an audit > specific field to the pid struct at this time. > Hi Paul I agree “is_auditd” is too specific. How about having global “auditd_pid” struct pid pointer and let auditd_test_task() use it? I mean: #define auditd_test_task(tsk) (READ_ONCE(auditd_pid) == task_tgid(tsk)) By the way, it’s a bit different topic, I may have found a race in usage of auditd_pid_vnr(). In AUDIT_SET handling, the variable auditd_pid is referenced outside of the spinlock so it can be changed while it’s referenced. So there is a TOCTOU race like this: CPU0 CPU1 ===== ===== auditd = auditd_pid_vnr() auditd = auditd_pid_vnr() if (auditd_pid) {…} if (auditd_pid) {…} auditd_set() auditd_set() If auditd_pid_vnr() returns 0, this case can lead to replacement of a healthy auditd, which seems to be prohibited judging from the code comment "/* replacing a healthy auditd is not allowed */“. Please correct me if I’m wrong. Thanks Eiichi
On Mon, Apr 17, 2023 at 7:42 AM Eiichi Tsukata <eiichi.tsukata@nutanix.com> wrote: > > On Apr 14, 2023, at 23:44, Paul Moore <paul@paul-moore.com> wrote: > > On Thu, Apr 13, 2023 at 11:14 PM Eiichi Tsukata > > <eiichi.tsukata@nutanix.com> wrote: > >> > >> auditd_test_task() is a hot path of system call auditing. This patch > >> introduces a new bit field "is_auditd" in pid struct which can be used > >> for faster check of registered audit daemon. > >> > >> Benchmark > >> ========= > >> > >> Run the following command: > >> > >> dd if=/dev/zero of=/dev/null bs=1 count=5M > >> > >> With rule: > >> > >> -a never,exit -F arch=b64 -S uname > >> > >> Result: > >> > >> Base line : 2.572 sec > >> /w this patch: 2.412 sec (6.6% faster) > >> > >> Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com> > >> --- > >> include/linux/pid.h | 4 ++++ > >> kernel/audit.c | 22 ++-------------------- > >> kernel/audit.h | 3 ++- > >> kernel/pid.c | 3 +++ > >> 4 files changed, 11 insertions(+), 21 deletions(-) > >> > >> diff --git a/include/linux/pid.h b/include/linux/pid.h > >> index 343abf22092e..5fe38e254c9a 100644 > >> --- a/include/linux/pid.h > >> +++ b/include/linux/pid.h > >> @@ -68,6 +68,10 @@ struct pid > >> wait_queue_head_t wait_pidfd; > >> struct rcu_head rcu; > >> struct upid numbers[1]; > >> +#ifdef CONFIG_AUDIT > >> + /* registered audit daemon tgid */ > >> + unsigned is_auditd:1; > >> +#endif > >> }; > > > > Thank you for the patch, but I don't think we want to add an audit > > specific field to the pid struct at this time. > > > > Hi Paul > > I agree “is_auditd” is too specific. > > How about having global “auditd_pid” struct pid pointer and let auditd_test_task() use it? > I mean: > #define auditd_test_task(tsk) (READ_ONCE(auditd_pid) == task_tgid(tsk)) At this point in time I prefer to keep the auditd pid in the auditd_connection struct. > By the way, it’s a bit different topic, I may have found a race in usage of auditd_pid_vnr(). > In AUDIT_SET handling, the variable auditd_pid is referenced outside of the spinlock so it can be changed while it’s referenced. > So there is a TOCTOU race like this: > > CPU0 CPU1 > ===== ===== > auditd = auditd_pid_vnr() > auditd = auditd_pid_vnr() > if (auditd_pid) {…} > if (auditd_pid) {…} > auditd_set() > auditd_set() > > > > If auditd_pid_vnr() returns 0, this case can lead to replacement of a healthy auditd, which seems to be prohibited judging from the code comment "/* replacing a healthy auditd is not allowed */“. > > Please correct me if I’m wrong. Simultaneous AUDIT_SET operations are prevented by the audit_cmd_mutex/audit_ctl_lock(), see audit_receive().
> On Apr 18, 2023, at 5:27, Paul Moore <paul@paul-moore.com> wrote: > > On Mon, Apr 17, 2023 at 7:42 AM Eiichi Tsukata > <eiichi.tsukata@nutanix.com> wrote: >>> On Apr 14, 2023, at 23:44, Paul Moore <paul@paul-moore.com> wrote: >>> On Thu, Apr 13, 2023 at 11:14 PM Eiichi Tsukata >>> <eiichi.tsukata@nutanix.com> wrote: >>>> >>>> auditd_test_task() is a hot path of system call auditing. This patch >>>> introduces a new bit field "is_auditd" in pid struct which can be used >>>> for faster check of registered audit daemon. >>>> >>>> Benchmark >>>> ========= >>>> >>>> Run the following command: >>>> >>>> dd if=/dev/zero of=/dev/null bs=1 count=5M >>>> >>>> With rule: >>>> >>>> -a never,exit -F arch=b64 -S uname >>>> >>>> Result: >>>> >>>> Base line : 2.572 sec >>>> /w this patch: 2.412 sec (6.6% faster) >>>> >>>> Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com> >>>> --- >>>> include/linux/pid.h | 4 ++++ >>>> kernel/audit.c | 22 ++-------------------- >>>> kernel/audit.h | 3 ++- >>>> kernel/pid.c | 3 +++ >>>> 4 files changed, 11 insertions(+), 21 deletions(-) >>>> >>>> diff --git a/include/linux/pid.h b/include/linux/pid.h >>>> index 343abf22092e..5fe38e254c9a 100644 >>>> --- a/include/linux/pid.h >>>> +++ b/include/linux/pid.h >>>> @@ -68,6 +68,10 @@ struct pid >>>> wait_queue_head_t wait_pidfd; >>>> struct rcu_head rcu; >>>> struct upid numbers[1]; >>>> +#ifdef CONFIG_AUDIT >>>> + /* registered audit daemon tgid */ >>>> + unsigned is_auditd:1; >>>> +#endif >>>> }; >>> >>> Thank you for the patch, but I don't think we want to add an audit >>> specific field to the pid struct at this time. >>> >> >> Hi Paul >> >> I agree “is_auditd” is too specific. >> >> How about having global “auditd_pid” struct pid pointer and let auditd_test_task() use it? >> I mean: >> #define auditd_test_task(tsk) (READ_ONCE(auditd_pid) == task_tgid(tsk)) > > At this point in time I prefer to keep the auditd pid in the > auditd_connection struct. OK, but let me try out it as it should look pretty simple. Will post v2 later. > >> By the way, it’s a bit different topic, I may have found a race in usage of auditd_pid_vnr(). >> In AUDIT_SET handling, the variable auditd_pid is referenced outside of the spinlock so it can be changed while it’s referenced. >> So there is a TOCTOU race like this: >> >> CPU0 CPU1 >> ===== ===== >> auditd = auditd_pid_vnr() >> auditd = auditd_pid_vnr() >> if (auditd_pid) {…} >> if (auditd_pid) {…} >> auditd_set() >> auditd_set() >> >> >> >> If auditd_pid_vnr() returns 0, this case can lead to replacement of a healthy auditd, which seems to be prohibited judging from the code comment "/* replacing a healthy auditd is not allowed */“. >> >> Please correct me if I’m wrong. > > Simultaneous AUDIT_SET operations are prevented by the > audit_cmd_mutex/audit_ctl_lock(), see audit_receive(). > Thanks, I missed that. Understood. Eiichi
Hello,
kernel test robot noticed "UBSAN:array-index-out-of-bounds_in_kernel/pid.c" on:
commit: 2b7e57ee8639d525e91bde056303b9adf9f2e067 ("[PATCH] audit: use pid.is_auditd to make auditd_test_task() faster")
url: https://github.com/intel-lab-lkp/linux/commits/Eiichi-Tsukata/audit-use-pid-is_auditd-to-make-auditd_test_task-faster/20230414-111606
base: https://git.kernel.org/cgit/linux/kernel/git/pcmoore/audit.git next
patch link: https://lore.kernel.org/all/20230414031325.82840-1-eiichi.tsukata@nutanix.com/
patch subject: [PATCH] audit: use pid.is_auditd to make auditd_test_task() faster
in testcase: kernel-selftests
version: kernel-selftests-x86_64-60acb023-1_20230329
with following parameters:
group: pidfd
test-description: The kernel contains a set of "self tests" under the tools/testing/selftests/ directory. These are intended to be small unit tests to exercise individual code paths in the kernel.
test-url: https://www.kernel.org/doc/Documentation/kselftest.txt
compiler: gcc-11
test machine: 4 threads Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz (Skylake) with 16G memory
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Link: https://lore.kernel.org/oe-lkp/202304181552.12aae560-oliver.sang@intel.com
[ 137.659628][ T1795] UBSAN: array-index-out-of-bounds in kernel/pid.c:247:15
[ 137.668563][ T1795] index 1 is out of range for type 'upid [1]'
[ 137.674587][ T1795] CPU: 3 PID: 1795 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 137.683674][ T1795] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 137.693314][ T1795] Call Trace:
[ 137.696482][ T1795] <TASK>
[ 137.699308][ T1795] dump_stack_lvl (lib/dump_stack.c:107)
[ 137.703716][ T1795] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 137.709339][ T1795] ? alloc_workqueue (kernel/workqueue.c:4490)
[ 137.714170][ T1795] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5691)
[ 137.718661][ T1795] alloc_pid (kernel/pid.c:247)
[ 137.722817][ T1795] ? copy_namespaces (arch/x86/include/asm/atomic.h:95 include/linux/atomic/atomic-instrumented.h:191 include/linux/nsproxy.h:112 kernel/nsproxy.c:162)
[ 137.727661][ T1795] copy_process (kernel/fork.c:2287)
[ 137.732257][ T1795] ? __cleanup_sighand (kernel/fork.c:2018)
[ 137.737110][ T1795] kernel_clone (include/linux/random.h:26 kernel/fork.c:2685)
[ 137.741425][ T1795] ? create_io_thread (kernel/fork.c:2644)
[ 137.746194][ T1795] __do_sys_clone (kernel/fork.c:2814)
[ 137.750620][ T1795] ? __do_sys_vfork (kernel/fork.c:2814)
[ 137.755204][ T1795] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 137.761714][ T1795] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 kernel/entry/common.c:111)
[ 137.767516][ T1795] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 137.771843][ T1795] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 137.777652][ T1795] RIP: 0033:0x7f5ef131b203
[ 137.781965][ T1795] Code: 00 00 00 00 00 66 90 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 00 add %al,(%rax)
4: 00 66 90 add %ah,-0x70(%rsi)
7: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax
e: 00 00
10: 45 31 c0 xor %r8d,%r8d
13: 31 d2 xor %edx,%edx
15: 31 f6 xor %esi,%esi
17: bf 11 00 20 01 mov $0x1200011,%edi
1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10
23: b8 38 00 00 00 mov $0x38,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 35 ja 0x67
32: 89 c2 mov %eax,%edx
34: 85 c0 test %eax,%eax
36: 75 2c jne 0x64
38: 64 fs
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 04 25 add $0x25,%al
3d: 10 00 adc %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 35 ja 0x3d
8: 89 c2 mov %eax,%edx
a: 85 c0 test %eax,%eax
c: 75 2c jne 0x3a
e: 64 fs
f: 48 rex.W
10: 8b .byte 0x8b
11: 04 25 add $0x25,%al
13: 10 00 adc %al,(%rax)
...
[ 137.801576][ T1795] RSP: 002b:00007ffe17f1b248 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 137.809918][ T1795] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ef131b203
[ 137.817807][ T1795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 137.825701][ T1795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000073
[ 137.833622][ T1795] R10: 00007f5ef1244a10 R11: 0000000000000246 R12: 0000000000000001
[ 137.841514][ T1795] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 137.849424][ T1795] </TASK>
[ 137.852358][ T1795] ================================================================================
[ 137.861627][ T1795] ================================================================================
[ 137.870883][ T1795] UBSAN: array-index-out-of-bounds in kernel/pid.c:248:15
[ 137.879799][ T1795] index 1 is out of range for type 'upid [1]'
[ 137.885817][ T1795] CPU: 3 PID: 1795 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 137.894839][ T1795] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 137.904480][ T1795] Call Trace:
[ 137.907664][ T1795] <TASK>
[ 137.910489][ T1795] dump_stack_lvl (lib/dump_stack.c:107)
[ 137.914889][ T1795] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 137.920511][ T1795] ? alloc_workqueue (kernel/workqueue.c:4490)
[ 137.925351][ T1795] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5691)
[ 137.929832][ T1795] alloc_pid (kernel/pid.c:248)
[ 137.933970][ T1795] ? copy_namespaces (arch/x86/include/asm/atomic.h:95 include/linux/atomic/atomic-instrumented.h:191 include/linux/nsproxy.h:112 kernel/nsproxy.c:162)
[ 137.938806][ T1795] copy_process (kernel/fork.c:2287)
[ 137.943400][ T1795] ? __cleanup_sighand (kernel/fork.c:2018)
[ 137.948257][ T1795] kernel_clone (include/linux/random.h:26 kernel/fork.c:2685)
[ 137.952622][ T1795] ? create_io_thread (kernel/fork.c:2644)
[ 137.957389][ T1795] __do_sys_clone (kernel/fork.c:2814)
[ 137.961788][ T1795] ? __do_sys_vfork (kernel/fork.c:2814)
[ 137.966375][ T1795] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 137.972865][ T1795] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 kernel/entry/common.c:111)
[ 137.978667][ T1795] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 137.982993][ T1795] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 137.988791][ T1795] RIP: 0033:0x7f5ef131b203
[ 137.993098][ T1795] Code: 00 00 00 00 00 66 90 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 00 add %al,(%rax)
4: 00 66 90 add %ah,-0x70(%rsi)
7: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax
e: 00 00
10: 45 31 c0 xor %r8d,%r8d
13: 31 d2 xor %edx,%edx
15: 31 f6 xor %esi,%esi
17: bf 11 00 20 01 mov $0x1200011,%edi
1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10
23: b8 38 00 00 00 mov $0x38,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 35 ja 0x67
32: 89 c2 mov %eax,%edx
34: 85 c0 test %eax,%eax
36: 75 2c jne 0x64
38: 64 fs
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 04 25 add $0x25,%al
3d: 10 00 adc %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 35 ja 0x3d
8: 89 c2 mov %eax,%edx
a: 85 c0 test %eax,%eax
c: 75 2c jne 0x3a
e: 64 fs
f: 48 rex.W
10: 8b .byte 0x8b
11: 04 25 add $0x25,%al
13: 10 00 adc %al,(%rax)
...
[ 138.012706][ T1795] RSP: 002b:00007ffe17f1b248 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 138.021030][ T1795] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ef131b203
[ 138.028923][ T1795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 138.036817][ T1795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000073
[ 138.044702][ T1795] R10: 00007f5ef1244a10 R11: 0000000000000246 R12: 0000000000000001
[ 138.052633][ T1795] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 138.060571][ T1795] </TASK>
[ 138.063545][ T1795] ================================================================================
[ 138.072792][ T1795] ================================================================================
[ 138.082064][ T1795] UBSAN: array-index-out-of-bounds in include/linux/pid.h:159:20
[ 138.091532][ T1795] index 1 is out of range for type 'upid [1]'
[ 138.097526][ T1795] CPU: 3 PID: 1795 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 138.106572][ T1795] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 138.116218][ T1795] Call Trace:
[ 138.119390][ T1795] <TASK>
[ 138.122213][ T1795] dump_stack_lvl (lib/dump_stack.c:108)
[ 138.126620][ T1795] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 138.132253][ T1795] copy_process (include/linux/pid.h:159 kernel/fork.c:2430)
[ 138.136852][ T1795] ? __cleanup_sighand (kernel/fork.c:2018)
[ 138.141715][ T1795] kernel_clone (include/linux/random.h:26 kernel/fork.c:2685)
[ 138.146036][ T1795] ? create_io_thread (kernel/fork.c:2644)
[ 138.150813][ T1795] __do_sys_clone (kernel/fork.c:2814)
[ 138.155218][ T1795] ? __do_sys_vfork (kernel/fork.c:2814)
[ 138.159820][ T1795] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 138.166321][ T1795] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 kernel/entry/common.c:111)
[ 138.172121][ T1795] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 138.176452][ T1795] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 138.182250][ T1795] RIP: 0033:0x7f5ef131b203
[ 138.186598][ T1795] Code: 00 00 00 00 00 66 90 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 00 add %al,(%rax)
4: 00 66 90 add %ah,-0x70(%rsi)
7: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax
e: 00 00
10: 45 31 c0 xor %r8d,%r8d
13: 31 d2 xor %edx,%edx
15: 31 f6 xor %esi,%esi
17: bf 11 00 20 01 mov $0x1200011,%edi
1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10
23: b8 38 00 00 00 mov $0x38,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 35 ja 0x67
32: 89 c2 mov %eax,%edx
34: 85 c0 test %eax,%eax
36: 75 2c jne 0x64
38: 64 fs
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 04 25 add $0x25,%al
3d: 10 00 adc %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 35 ja 0x3d
8: 89 c2 mov %eax,%edx
a: 85 c0 test %eax,%eax
c: 75 2c jne 0x3a
e: 64 fs
f: 48 rex.W
10: 8b .byte 0x8b
11: 04 25 add $0x25,%al
13: 10 00 adc %al,(%rax)
...
[ 138.206212][ T1795] RSP: 002b:00007ffe17f1b248 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 138.214567][ T1795] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ef131b203
[ 138.222459][ T1795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 138.230347][ T1795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000073
[ 138.238238][ T1795] R10: 00007f5ef1244a10 R11: 0000000000000246 R12: 0000000000000001
[ 138.246129][ T1795] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 138.254039][ T1795] </TASK>
[ 138.256954][ T1795] ================================================================================
[ 138.266154][ T1795] ================================================================================
[ 138.275354][ T1795] UBSAN: array-index-out-of-bounds in include/linux/pid.h:171:21
[ 138.284818][ T1795] index 1 is out of range for type 'upid [1]'
[ 138.290789][ T1795] CPU: 3 PID: 1795 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 138.299816][ T1795] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 138.309456][ T1795] Call Trace:
[ 138.312630][ T1795] <TASK>
[ 138.315459][ T1795] dump_stack_lvl (lib/dump_stack.c:108)
[ 138.319856][ T1795] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 138.325483][ T1795] copy_process (include/linux/pid.h:171 kernel/fork.c:2459)
[ 138.330080][ T1795] ? __cleanup_sighand (kernel/fork.c:2018)
[ 138.334937][ T1795] kernel_clone (include/linux/random.h:26 kernel/fork.c:2685)
[ 138.339255][ T1795] ? create_io_thread (kernel/fork.c:2644)
[ 138.344034][ T1795] __do_sys_clone (kernel/fork.c:2814)
[ 138.348439][ T1795] ? __do_sys_vfork (kernel/fork.c:2814)
[ 138.353039][ T1795] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 138.359541][ T1795] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 kernel/entry/common.c:111)
[ 138.365358][ T1795] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 138.369688][ T1795] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 138.375481][ T1795] RIP: 0033:0x7f5ef131b203
[ 138.379791][ T1795] Code: 00 00 00 00 00 66 90 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 00 add %al,(%rax)
4: 00 66 90 add %ah,-0x70(%rsi)
7: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax
e: 00 00
10: 45 31 c0 xor %r8d,%r8d
13: 31 d2 xor %edx,%edx
15: 31 f6 xor %esi,%esi
17: bf 11 00 20 01 mov $0x1200011,%edi
1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10
23: b8 38 00 00 00 mov $0x38,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 35 ja 0x67
32: 89 c2 mov %eax,%edx
34: 85 c0 test %eax,%eax
36: 75 2c jne 0x64
38: 64 fs
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 04 25 add $0x25,%al
3d: 10 00 adc %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 35 ja 0x3d
8: 89 c2 mov %eax,%edx
a: 85 c0 test %eax,%eax
c: 75 2c jne 0x3a
e: 64 fs
f: 48 rex.W
10: 8b .byte 0x8b
11: 04 25 add $0x25,%al
13: 10 00 adc %al,(%rax)
...
[ 138.399395][ T1795] RSP: 002b:00007ffe17f1b248 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 138.407729][ T1795] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ef131b203
[ 138.415646][ T1795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 138.423560][ T1795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000073
[ 138.431470][ T1795] R10: 00007f5ef1244a10 R11: 0000000000000246 R12: 0000000000000001
[ 138.439357][ T1795] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 138.447274][ T1795] </TASK>
[ 138.450183][ T1795] ================================================================================
[ 138.459384][ T1795] ================================================================================
[ 138.468632][ T1795] UBSAN: array-index-out-of-bounds in include/linux/pid.h:159:20
[ 138.478102][ T1795] index 1 is out of range for type 'upid [1]'
[ 138.484072][ T1795] CPU: 3 PID: 1795 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 138.493105][ T1795] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 138.502740][ T1795] Call Trace:
[ 138.505920][ T1795] <TASK>
[ 138.508748][ T1795] dump_stack_lvl (lib/dump_stack.c:108)
[ 138.513155][ T1795] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 138.518787][ T1795] copy_process (include/linux/pid.h:159 kernel/fork.c:2460)
[ 138.523386][ T1795] ? __cleanup_sighand (kernel/fork.c:2018)
[ 138.528249][ T1795] kernel_clone (include/linux/random.h:26 kernel/fork.c:2685)
[ 138.532615][ T1795] ? create_io_thread (kernel/fork.c:2644)
[ 138.537396][ T1795] __do_sys_clone (kernel/fork.c:2814)
[ 138.541797][ T1795] ? __do_sys_vfork (kernel/fork.c:2814)
[ 138.546398][ T1795] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 138.552907][ T1795] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 kernel/entry/common.c:111)
[ 138.558708][ T1795] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 138.563039][ T1795] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 138.568841][ T1795] RIP: 0033:0x7f5ef131b203
[ 138.573153][ T1795] Code: 00 00 00 00 00 66 90 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 00 add %al,(%rax)
4: 00 66 90 add %ah,-0x70(%rsi)
7: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax
e: 00 00
10: 45 31 c0 xor %r8d,%r8d
13: 31 d2 xor %edx,%edx
15: 31 f6 xor %esi,%esi
17: bf 11 00 20 01 mov $0x1200011,%edi
1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10
23: b8 38 00 00 00 mov $0x38,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 35 ja 0x67
32: 89 c2 mov %eax,%edx
34: 85 c0 test %eax,%eax
36: 75 2c jne 0x64
38: 64 fs
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 04 25 add $0x25,%al
3d: 10 00 adc %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 35 ja 0x3d
8: 89 c2 mov %eax,%edx
a: 85 c0 test %eax,%eax
c: 75 2c jne 0x3a
e: 64 fs
f: 48 rex.W
10: 8b .byte 0x8b
11: 04 25 add $0x25,%al
13: 10 00 adc %al,(%rax)
...
[ 138.592766][ T1795] RSP: 002b:00007ffe17f1b248 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 138.601104][ T1795] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ef131b203
[ 138.609006][ T1795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 138.616897][ T1795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000073
[ 138.624799][ T1795] R10: 00007f5ef1244a10 R11: 0000000000000246 R12: 0000000000000001
[ 138.632696][ T1795] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 138.640652][ T1795] </TASK>
[ 138.643595][ T1795] ================================================================================
[ 138.652865][ T1795] ================================================================================
[ 138.652904][ T1846] ================================================================================
[ 138.662138][ T1795] UBSAN: array-index-out-of-bounds in kernel/pid.c:112:19
[ 138.671282][ T1846] UBSAN: array-index-out-of-bounds in include/linux/pid.h:159:20
[ 138.671287][ T1846] index 1 is out of range for type 'upid [1]'
[ 138.680120][ T1795] index 1 is out of range for type 'upid [1]'
[ 138.680123][ T1795] CPU: 3 PID: 1795 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 138.680126][ T1795] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 138.720369][ T1795] Call Trace:
[ 138.723537][ T1795] <TASK>
[ 138.726375][ T1795] dump_stack_lvl (lib/dump_stack.c:107)
[ 138.730773][ T1795] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 138.736393][ T1795] ? alloc_workqueue (kernel/workqueue.c:4490)
[ 138.741233][ T1795] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5691)
[ 138.745718][ T1795] put_pid (include/linux/rcupdate.h:332 include/linux/rcupdate.h:806 kernel/pid.c:446)
[ 138.750291][ T1795] kernel_clone (kernel/fork.c:2644)
[ 138.754693][ T1795] ? create_io_thread (kernel/fork.c:2644)
[ 138.759469][ T1795] __do_sys_clone (kernel/fork.c:2814)
[ 138.763866][ T1795] ? __do_sys_vfork (kernel/fork.c:2814)
[ 138.768453][ T1795] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 138.774949][ T1795] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 kernel/entry/common.c:111)
[ 138.780743][ T1795] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 138.785069][ T1795] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 138.790868][ T1795] RIP: 0033:0x7f5ef131b203
[ 138.795179][ T1795] Code: 00 00 00 00 00 66 90 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 00 add %al,(%rax)
4: 00 66 90 add %ah,-0x70(%rsi)
7: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax
e: 00 00
10: 45 31 c0 xor %r8d,%r8d
13: 31 d2 xor %edx,%edx
15: 31 f6 xor %esi,%esi
17: bf 11 00 20 01 mov $0x1200011,%edi
1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10
23: b8 38 00 00 00 mov $0x38,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 35 ja 0x67
32: 89 c2 mov %eax,%edx
34: 85 c0 test %eax,%eax
36: 75 2c jne 0x64
38: 64 fs
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 04 25 add $0x25,%al
3d: 10 00 adc %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 35 ja 0x3d
8: 89 c2 mov %eax,%edx
a: 85 c0 test %eax,%eax
c: 75 2c jne 0x3a
e: 64 fs
f: 48 rex.W
10: 8b .byte 0x8b
11: 04 25 add $0x25,%al
13: 10 00 adc %al,(%rax)
...
[ 138.814778][ T1795] RSP: 002b:00007ffe17f1b248 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 138.823112][ T1795] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ef131b203
[ 138.830999][ T1795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 138.838889][ T1795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000073
[ 138.846783][ T1795] R10: 00007f5ef1244a10 R11: 0000000000000246 R12: 0000000000000001
[ 138.854673][ T1795] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 138.862634][ T1795] </TASK>
[ 138.865561][ T1846] CPU: 1 PID: 1846 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 138.865587][ T1795] ================================================================================
[ 138.874538][ T1846] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 138.874557][ T1846] Call Trace:
[ 138.874560][ T1846] <TASK>
[ 138.874563][ T1846] dump_stack_lvl (lib/dump_stack.c:107)
[ 138.903834][ T1846] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 138.909459][ T1846] __task_pid_nr_ns (include/linux/pid.h:159 kernel/pid.c:512 kernel/pid.c:502)
[ 138.914215][ T1846] schedule_tail (kernel/sched/core.c:5243)
[ 138.918529][ T1846] ret_from_fork (arch/x86/entry/entry_64.S:295)
[ 138.922794][ T1846] </TASK>
[ 138.925863][ T1846] ================================================================================
[ 138.935843][ T1846] ================================================================================
[ 138.945156][ T1846] UBSAN: array-index-out-of-bounds in include/linux/pid.h:159:20
[ 138.954728][ T1846] index 1 is out of range for type 'upid [1]'
[ 138.960755][ T1846] CPU: 2 PID: 1846 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 138.969791][ T1846] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 138.979424][ T1846] Call Trace:
[ 138.982611][ T1846] <TASK>
[ 138.985440][ T1846] dump_stack_lvl (lib/dump_stack.c:107)
[ 138.989831][ T1846] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 138.995452][ T1846] ? kasan_set_track (mm/kasan/common.c:52)
[ 139.000112][ T1846] task_active_pid_ns (include/linux/pid.h:159 kernel/pid.c:512)
[ 139.004857][ T1846] proc_init_fs_context (fs/proc/root.c:252)
[ 139.009868][ T1846] alloc_fs_context (fs/fs_context.c:291)
[ 139.014626][ T1846] do_new_mount (fs/namespace.c:3028)
[ 139.019026][ T1846] ? do_add_mount (fs/namespace.c:3003)
[ 139.023612][ T1846] ? security_capable (security/security.c:837 (discriminator 13))
[ 139.028368][ T1846] path_mount (fs/namespace.c:3372)
[ 139.032681][ T1846] ? finish_automount (fs/namespace.c:3299)
[ 139.037624][ T1846] __x64_sys_mount (fs/namespace.c:3386 fs/namespace.c:3594 fs/namespace.c:3571 fs/namespace.c:3571)
[ 139.042285][ T1846] ? path_mount (fs/namespace.c:3571)
[ 139.046871][ T1846] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 139.051186][ T1846] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 139.056977][ T1846] RIP: 0033:0x7f5ef1350bca
[ 139.061281][ T1846] Code: 48 8b 0d 39 82 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 06 82 0c 00 f7 d8 64 89 01 48
All code
========
0: 48 8b 0d 39 82 0c 00 mov 0xc8239(%rip),%rcx # 0xc8240
7: f7 d8 neg %eax
9: 64 89 01 mov %eax,%fs:(%rcx)
c: 48 83 c8 ff or $0xffffffffffffffff,%rax
10: c3 retq
11: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
18: 00 00 00
1b: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
20: 49 89 ca mov %rcx,%r10
23: b8 a5 00 00 00 mov $0xa5,%eax
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 retq
33: 48 8b 0d 06 82 0c 00 mov 0xc8206(%rip),%rcx # 0xc8240
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 retq
9: 48 8b 0d 06 82 0c 00 mov 0xc8206(%rip),%rcx # 0xc8216
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
[ 139.080873][ T1846] RSP: 002b:00007ffe17f1b348 EFLAGS: 00000207 ORIG_RAX: 00000000000000a5
[ 139.089197][ T1846] RAX: ffffffffffffffda RBX: 00007ffe17f1b5c8 RCX: 00007f5ef1350bca
[ 139.097088][ T1846] RDX: 0000557f404d3474 RSI: 0000557f404d346e RDI: 0000557f404d3474
[ 139.104981][ T1846] RBP: 00007ffe17f1b490 R08: 0000000000000000 R09: 00007f5ef1244740
[ 139.112870][ T1846] R10: 0000000000000000 R11: 0000000000000207 R12: 0000000000000000
[ 139.120756][ T1846] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 139.128675][ T1846] </TASK>
[ 139.131614][ T1846] ================================================================================
[ 139.142885][ T1846] ================================================================================
[ 139.152124][ T1846] UBSAN: array-index-out-of-bounds in include/linux/pid.h:159:20
[ 139.161641][ T1846] index 1 is out of range for type 'upid [1]'
[ 139.167688][ T1846] CPU: 2 PID: 1846 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 139.176727][ T1846] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 139.186357][ T1846] Call Trace:
[ 139.189524][ T1846] <TASK>
[ 139.192348][ T1846] dump_stack_lvl (lib/dump_stack.c:107)
[ 139.196745][ T1846] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 139.202368][ T1846] ? get_task_pid (include/linux/rcupdate.h:332 include/linux/rcupdate.h:806 kernel/pid.c:446)
[ 139.206848][ T1846] pid_vnr (include/linux/pid.h:159 kernel/pid.c:512 kernel/pid.c:491)
[ 139.210807][ T1846] kernel_clone (kernel/fork.c:2697)
[ 139.215207][ T1846] ? create_io_thread (kernel/fork.c:2644)
[ 139.219973][ T1846] __do_sys_clone (kernel/fork.c:2814)
[ 139.224373][ T1846] ? __do_sys_vfork (kernel/fork.c:2814)
[ 139.228960][ T1846] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 139.235455][ T1846] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:77 kernel/entry/common.c:111)
[ 139.241245][ T1846] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 139.245623][ T1846] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 139.251427][ T1846] RIP: 0033:0x7f5ef131b203
[ 139.255733][ T1846] Code: 00 00 00 00 00 66 90 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 00 add %al,(%rax)
4: 00 66 90 add %ah,-0x70(%rsi)
7: 64 48 8b 04 25 10 00 mov %fs:0x10,%rax
e: 00 00
10: 45 31 c0 xor %r8d,%r8d
13: 31 d2 xor %edx,%edx
15: 31 f6 xor %esi,%esi
17: bf 11 00 20 01 mov $0x1200011,%edi
1c: 4c 8d 90 d0 02 00 00 lea 0x2d0(%rax),%r10
23: b8 38 00 00 00 mov $0x38,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 35 ja 0x67
32: 89 c2 mov %eax,%edx
34: 85 c0 test %eax,%eax
36: 75 2c jne 0x64
38: 64 fs
39: 48 rex.W
3a: 8b .byte 0x8b
3b: 04 25 add $0x25,%al
3d: 10 00 adc %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 35 ja 0x3d
8: 89 c2 mov %eax,%edx
a: 85 c0 test %eax,%eax
c: 75 2c jne 0x3a
e: 64 fs
f: 48 rex.W
10: 8b .byte 0x8b
11: 04 25 add $0x25,%al
13: 10 00 adc %al,(%rax)
...
[ 139.275314][ T1846] RSP: 002b:00007ffe17f1b248 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 139.283653][ T1846] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5ef131b203
[ 139.291558][ T1846] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 139.299448][ T1846] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f5ef1244740
[ 139.307335][ T1846] R10: 00007f5ef1244a10 R11: 0000000000000246 R12: 0000000000000001
[ 139.315224][ T1846] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 139.323135][ T1846] </TASK>
[ 139.326087][ T1846] ================================================================================
[ 139.335382][ T1846] ================================================================================
[ 139.344662][ T1846] UBSAN: array-index-out-of-bounds in include/linux/pid.h:159:20
[ 139.354318][ T1846] index 1 is out of range for type 'upid [1]'
[ 139.360350][ T1846] CPU: 2 PID: 1846 Comm: pidfd_test Not tainted 6.3.0-rc1-00001-g2b7e57ee8639 #1
[ 139.369388][ T1846] Hardware name: HP HP Z238 Microtower Workstation/8183, BIOS N51 Ver. 01.63 10/05/2017
[ 139.379013][ T1846] Call Trace:
[ 139.382191][ T1846] <TASK>
[ 139.385014][ T1846] dump_stack_lvl (lib/dump_stack.c:107)
[ 139.389411][ T1846] __ubsan_handle_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:348)
[ 139.395033][ T1846] find_get_pid (include/linux/pid.h:159 kernel/pid.c:512 kernel/pid.c:320 kernel/pid.c:468)
[ 139.399430][ T1846] kernel_wait4 (kernel/exit.c:1766)
[ 139.403828][ T1846] ? __wake_up_parent (kernel/exit.c:1742)
[ 139.408627][ T1846] __do_sys_wait4 (kernel/exit.c:1803)
[ 139.413109][ T1846] ? kernel_wait4 (kernel/exit.c:1801)
[ 139.417725][ T1846] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4529)
[ 139.424220][ T1846] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80)
[ 139.428608][ T1846] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120)
[ 139.434418][ T1846] RIP: 0033:0x7f5ef131aa83
[ 139.438727][ T1846] Code: ff ff ff ff e9 0e 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 80 3d 61 6b 10 00 00 49 89 ca 74 14 b8 3d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 5d c3 0f 1f 40 00 48 83 ec 28 89 54 24 14 48
All code
========
0: ff (bad)
1: ff (bad)
2: ff (bad)
3: ff (bad)
4: e9 0e 00 00 00 jmpq 0x17
9: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
10: 00 00 00
13: 0f 1f 40 00 nopl 0x0(%rax)
17: 80 3d 61 6b 10 00 00 cmpb $0x0,0x106b61(%rip) # 0x106b7f
1e: 49 89 ca mov %rcx,%r10
21: 74 14 je 0x37
23: b8 3d 00 00 00 mov $0x3d,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 5d ja 0x8f
32: c3 retq
33: 0f 1f 40 00 nopl 0x0(%rax)
37: 48 83 ec 28 sub $0x28,%rsp
3b: 89 54 24 14 mov %edx,0x14(%rsp)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 5d ja 0x65
8: c3 retq
9: 0f 1f 40 00 nopl 0x0(%rax)
d: 48 83 ec 28 sub $0x28,%rsp
11: 89 54 24 14 mov %edx,0x14(%rsp)
15: 48 rex.W
[ 139.458318][ T1846] RSP: 002b:00007ffe17f1b318 EFLAGS: 00000202 ORIG_RAX: 000000000000003d
[ 139.466659][ T1846] RAX: ffffffffffffffda RBX: 00007ffe17f1b5c8 RCX: 00007f5ef131aa83
[ 139.474569][ T1846] RDX: 0000000000000000 RSI: 00007ffe17f1b338 RDI: 0000000000000002
[ 139.482458][ T1846] RBP: 00007ffe17f1b340 R08: 0000000000000000 R09: 00007f5ef1244740
[ 139.490352][ T1846] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 139.498244][ T1846] R13: 00007ffe17f1b5d8 R14: 0000557f404d4dd8 R15: 00007f5ef1464020
[ 139.506155][ T1846] </TASK>
[ 139.509131][ T1846] ================================================================================
[ 139.884334][ T291] # TAP version 13
[ 139.884357][ T291]
[ 139.890614][ T291] # 1..8
[ 139.890632][ T291]
[ 139.896187][ T291] # # Parent: pid: 1795
[ 139.896205][ T291]
[ 139.903747][ T291] # # Parent: Waiting for Child (1796) to complete.
[ 139.903766][ T291]
[ 139.913180][ T291] # # Time waited for child: 3
[ 139.913197][ T291]
[ 139.922068][ T291] # ok 1 pidfd_poll check for premature notification on child thread exec test: Passed
[ 139.922085][ T291]
[ 139.934390][ T291] # # Parent: pid: 1795
[ 139.934406][ T291]
[ 139.941907][ T291] # # Parent: Waiting for Child (1807) to complete.
[ 139.941924][ T291]
[ 139.951508][ T291] # # Parent: Child process waited for.
[ 139.951572][ T291]
[ 139.959959][ T291] # # Time waited for child: 3
[ 139.959976][ T291]
[ 139.968849][ T291] # ok 2 pidfd_poll check for premature notification on child thread exec test: Passed
[ 139.968866][ T291]
[ 139.981153][ T291] # # Parent: pid: 1795
[ 139.981169][ T291]
[ 139.988656][ T291] # # Parent: Waiting for Child (1821) to complete.
[ 139.988673][ T291]
[ 139.998085][ T291] # # Time since child exit: 3
[ 139.998101][ T291]
[ 140.007120][ T291] # ok 3 pidfd_poll check for premature notification on non-emptygroup leader exit test: Passed
[ 140.007138][ T291]
[ 140.020226][ T291] # # Parent: pid: 1795
[ 140.020243][ T291]
[ 140.027673][ T291] # # Parent: Waiting for Child (1833) to complete.
[ 140.027704][ T291]
[ 140.037347][ T291] # # Parent: Child process waited for.
[ 140.037363][ T291]
[ 140.045731][ T291] # # Time since child exit: 3
[ 140.045748][ T291]
[ 140.054800][ T291] # ok 4 pidfd_poll check for premature notification on non-emptygroup leader exit test: Passed
[ 140.054818][ T291]
[ 140.070044][ T291] # ok 5 pidfd_send_signal check for support test: pidfd_send_signal() syscall is supported. Tests can be executed
[ 140.070061][ T291]
[ 140.085654][ T291] # ok 6 pidfd_send_signal send SIGUSR1 test: Sent signal
[ 140.085673][ T291]
[ 140.095623][ T291] # # waitpid WEXITSTATUS=0
[ 140.095640][ T291]
[ 140.104242][ T291] # ok 7 pidfd_send_signal signal exited process test: Failed to send signal as expected
[ 140.104259][ T291]
[ 140.116908][ T291] # # waitpid WEXITSTATUS=0
[ 140.116925][ T291]
[ 140.124132][ T291] # # waitpid WEXITSTATUS=0
[ 140.124148][ T291]
[ 140.131332][ T291] # # waitpid WEXITSTATUS=0
[ 140.131348][ T291]
[ 140.138567][ T291] # # waitpid WEXITSTATUS=0
[ 140.138584][ T291]
[ 140.145863][ T291] # # waitpid WEXITSTATUS=0
[ 140.145880][ T291]
[ 140.153115][ T291] # # waitpid WEXITSTATUS=0
[ 140.153131][ T291]
[ 140.160338][ T291] # # waitpid WEXITSTATUS=0
[ 140.160354][ T291]
[ 140.167622][ T291] # # waitpid WEXITSTATUS=0
[ 140.167640][ T291]
[ 140.174903][ T291] # # waitpid WEXITSTATUS=0
[ 140.174920][ T291]
[ 140.182129][ T291] # # waitpid WEXITSTATUS=0
[ 140.182145][ T291]
[ 140.189318][ T291] # # waitpid WEXITSTATUS=0
[ 140.189335][ T291]
[ 140.196532][ T291] # # waitpid WEXITSTATUS=0
[ 140.196566][ T291]
[ 140.203843][ T291] # # waitpid WEXITSTATUS=0
[ 140.203860][ T291]
[ 140.211111][ T291] # # waitpid WEXITSTATUS=0
[ 140.211127][ T291]
[ 140.218301][ T291] # # waitpid WEXITSTATUS=0
[ 140.218317][ T291]
[ 140.225571][ T291] # # waitpid WEXITSTATUS=0
[ 140.225588][ T291]
[ 140.232871][ T291] # # waitpid WEXITSTATUS=0
[ 140.232888][ T291]
[ 140.240123][ T291] # # waitpid WEXITSTATUS=0
[ 140.240139][ T291]
[ 140.247331][ T291] # # waitpid WEXITSTATUS=0
[ 140.247347][ T291]
[ 140.254619][ T291] # # waitpid WEXITSTATUS=0
[ 140.254636][ T291]
[ 140.261901][ T291] # # waitpid WEXITSTATUS=0
[ 140.261917][ T291]
[ 140.269145][ T291] # # waitpid WEXITSTATUS=0
[ 140.269162][ T291]
[ 140.276343][ T291] # # waitpid WEXITSTATUS=0
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
sudo bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
sudo bin/lkp run generated-yaml-file
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
diff --git a/include/linux/pid.h b/include/linux/pid.h index 343abf22092e..5fe38e254c9a 100644 --- a/include/linux/pid.h +++ b/include/linux/pid.h @@ -68,6 +68,10 @@ struct pid wait_queue_head_t wait_pidfd; struct rcu_head rcu; struct upid numbers[1]; +#ifdef CONFIG_AUDIT + /* registered audit daemon tgid */ + unsigned is_auditd:1; +#endif }; extern struct pid init_struct_pid; diff --git a/kernel/audit.c b/kernel/audit.c index 9bc0b0301198..964d1a20c32d 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -208,26 +208,6 @@ struct audit_reply { struct sk_buff *skb; }; -/** - * auditd_test_task - Check to see if a given task is an audit daemon - * @task: the task to check - * - * Description: - * Return 1 if the task is a registered audit daemon, 0 otherwise. - */ -int auditd_test_task(struct task_struct *task) -{ - int rc; - struct auditd_connection *ac; - - rcu_read_lock(); - ac = rcu_dereference(auditd_conn); - rc = (ac && ac->pid == task_tgid(task) ? 1 : 0); - rcu_read_unlock(); - - return rc; -} - /** * audit_ctl_lock - Take the audit control lock */ @@ -478,6 +458,7 @@ static void auditd_conn_free(struct rcu_head *rcu) struct auditd_connection *ac; ac = container_of(rcu, struct auditd_connection, rcu); + ac->pid->is_auditd = 0; put_pid(ac->pid); put_net(ac->net); kfree(ac); @@ -505,6 +486,7 @@ static int auditd_set(struct pid *pid, u32 portid, struct net *net) if (!ac_new) return -ENOMEM; ac_new->pid = get_pid(pid); + ac_new->pid->is_auditd = 1; ac_new->portid = portid; ac_new->net = get_net(net); diff --git a/kernel/audit.h b/kernel/audit.h index c57b008b9914..aecf334a699f 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -214,7 +214,8 @@ extern bool audit_ever_enabled; extern void audit_log_session_info(struct audit_buffer *ab); -extern int auditd_test_task(struct task_struct *task); +/* Check to see if a given task is an audit daemon */ +#define auditd_test_task(tsk) task_tgid(tsk)->is_auditd #define AUDIT_INODE_BUCKETS 32 extern struct list_head audit_inode_hash[AUDIT_INODE_BUCKETS]; diff --git a/kernel/pid.c b/kernel/pid.c index 3fbc5e46b721..c0efaeee99a0 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -183,6 +183,9 @@ struct pid *alloc_pid(struct pid_namespace *ns, pid_t *set_tid, tmp = ns; pid->level = ns->level; +#ifdef CONFIG_AUDIT + pid->is_auditd = 0; +#endif for (i = ns->level; i >= 0; i--) { int tid = 0;
auditd_test_task() is a hot path of system call auditing. This patch introduces a new bit field "is_auditd" in pid struct which can be used for faster check of registered audit daemon. Benchmark ========= Run the following command: dd if=/dev/zero of=/dev/null bs=1 count=5M With rule: -a never,exit -F arch=b64 -S uname Result: Base line : 2.572 sec /w this patch: 2.412 sec (6.6% faster) Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com> --- include/linux/pid.h | 4 ++++ kernel/audit.c | 22 ++-------------------- kernel/audit.h | 3 ++- kernel/pid.c | 3 +++ 4 files changed, 11 insertions(+), 21 deletions(-)