Bug 8852 - [Anolis23.1 GA][Beta][ANCK-6.6.25-2][x86_64] kernel-selftests测试x86/test_shadow_stack_64执行异常,Could not enable Shadow stack
Summary: [Anolis23.1 GA][Beta][ANCK-6.6.25-2][x86_64] kernel-selftests测试x86/test_shado...
Status: CLOSED WONTFIX
Alias: None
Product: ANCK 6.6 Dev
Classification: ANCK
Component: X86 (show other bugs) X86
Version: 6.6.25-2
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: Guanjun
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-04-23 16:31 UTC by anolislw
Modified: 2024-05-20 19:12 UTC (History)
5 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description anolislw alibaba_cloud_group 2024-04-23 16:31:29 UTC
[缺陷描述]:
kernel-selftests测试x86/test_shadow_stack_64执行异常,返回[SKIP]  Could not enable Shadow stack,需开发同学帮忙确认下是否这个case测试有问题。


[重现概率]:
必现


[重现步骤]
1. 下载kernel-6.6.25-2_rc1.an23.src.rpm
2. rpm -i kernel-6.6.25-2_rc1.an23.src.rpm
3. yum-builddep -y /root/rpmbuild/SPECS/kernel.spec   
   rpmbuild -bp /root/rpmbuild/SPECS/kernel.spec
   cd /root/rpmbuild/BUILD/kernel-6.6.25-2_rc1.an23/linux-6.6.25-2_rc1.an23.x86_64/tools/testing/selftests/x86
4. make;./test_shadow_stack_64


[期望结果]:
用例执行PASS


[实际结果]:
[root@iZbp1c9jzchxjqive233ugZ x86]# ./test_shadow_stack_64
[SKIP]  Could not enable Shadow stack



[重现环境]:
环境信息:云上ecs

Last login: Tue Apr 23 15:16:32 2024 from 59.82.30.41
[root@iZbp1c9jzchxjqive233ugZ ~]# uname -r
6.6.25-2_rc1.an23.x86_64
[root@iZbp1c9jzchxjqive233ugZ ~]# cat /etc/os-release
NAME="Anolis OS"
VERSION="23"
ID="anolis"
VERSION_ID="23"
PLATFORM_ID="platform:an23"
PRETTY_NAME="Anolis OS 23"
ANSI_COLOR="0;31"
HOME_URL="https://openanolis.cn/"
BUG_REPORT_URL="https://bugzilla.openanolis.cn/"

[root@iZbp1c9jzchxjqive233ugZ ~]# cat /proc/cmdline
BOOT_IMAGE=(hd0,gpt2)/boot/vmlinuz-6.6.25-2_rc1.an23.x86_64 root=UUID=06ce37cb-4731-4a37-a95d-1f756b7eee30 ro rhgb crashkernel=0M-2G:0M,2G-8G:192M,8G-:256M cryptomgr.notests cgroup.memory=nokmem rcupdate.rcu_cpu_stall_timeout=300 quiet biosdevname=0 net.ifnames=0 console=tty0 console=ttyS0,115200n8 noibrs nvme_core.io_timeout=4294967295 nvme_core.admin_timeout=4294967295
[root@iZbp1c9jzchxjqive233ugZ ~]# df -h
Filesystem      Size  Used Avail Use% Mounted on
devtmpfs        4.0M     0  4.0M   0% /dev
tmpfs           7.6G     0  7.6G   0% /dev/shm
tmpfs           3.1G  560K  3.1G   1% /run
/dev/nvme0n1p2   40G   14G   27G  33% /
tmpfs           7.6G     0  7.6G   0% /tmp
tmpfs           1.6G  4.0K  1.6G   1% /run/user/0
[root@iZbp1c9jzchxjqive233ugZ ~]#
[root@iZbp1c9jzchxjqive233ugZ ~]# free -g
               total        used        free      shared  buff/cache   available
Mem:              15           0          14           0           0          14
Swap:              0           0           0
[root@iZbp1c9jzchxjqive233ugZ ~]#
[root@iZbp1c9jzchxjqive233ugZ ~]# lscpu
Architecture:             x86_64
  CPU op-mode(s):         32-bit, 64-bit
  Address sizes:          52 bits physical, 57 bits virtual
  Byte Order:             Little Endian
CPU(s):                   4
  On-line CPU(s) list:    0-3
Vendor ID:                GenuineIntel
  BIOS Vendor ID:         Alibaba Cloud
  Model name:             Intel(R) Xeon(R) Platinum 8475B
    BIOS Model name:      pc-q35-df-2.1  CPU @ 0.0GHz
    BIOS CPU family:      1
    CPU family:           6
    Model:                143
    Thread(s) per core:   2
    Core(s) per socket:   2
    Socket(s):            1
    Stepping:             8
    CPU(s) scaling MHz:   83%
    CPU max MHz:          3800.0000
    CPU min MHz:          800.0000
    BogoMIPS:             5400.00
    Flags:                fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse
                           sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cp
                          uid aperfmperf tsc_known_freq pni pclmulqdq monitor ssse3 fma cx16 pdcm pcid sse4_1 sse4_2 x
                          2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch cpuid_faul
                          t ibrs_enhanced fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm avx512f avx512d
                          q rdseed adx smap avx512ifma clflushopt clwb avx512cd sha_ni avx512bw avx512vl xsaveopt xsav
                          ec xgetbv1 xsaves avx_vnni avx512_bf16 wbnoinvd ida arat hwp hwp_notify hwp_act_window hwp_e
                          pp hwp_pkg_req avx512vbmi umip pku ospke waitpkg avx512_vbmi2 gfni vaes vpclmulqdq avx512_vn
                          ni avx512_bitalg avx512_vpopcntdq rdpid bus_lock_detect cldemote movdiri movdir64b enqcmd fs
                          rm md_clear serialize tsxldtrk amx_bf16 avx512_fp16 amx_tile amx_int8 arch_capabilities
Virtualization features:
  Hypervisor vendor:      KVM
  Virtualization type:    full
Caches (sum of all):
  L1d:                    96 KiB (2 instances)
  L1i:                    64 KiB (2 instances)
  L2:                     4 MiB (2 instances)
  L3:                     97.5 MiB (1 instance)
NUMA:
  NUMA node(s):           1
  NUMA node0 CPU(s):      0-3
Vulnerabilities:
  Gather data sampling:   Not affected
  Itlb multihit:          Not affected
  L1tf:                   Not affected
  Mds:                    Not affected
  Meltdown:               Not affected
  Mmio stale data:        Unknown: No mitigations
  Reg file data sampling: Not affected
  Retbleed:               Not affected
  Spec rstack overflow:   Not affected
  Spec store bypass:      Vulnerable
  Spectre v1:             Mitigation; usercopy/swapgs barriers and __user pointer sanitization
  Spectre v2:             Mitigation; Enhanced / Automatic IBRS, RSB filling, PBRSB-eIBRS SW sequence
  Srbds:                  Not affected
  Tsx async abort:        Not affected
Comment 1 zhangxinyi 2024-04-25 10:57:47 UTC
进行了一个系统调用判断来SKIP了这个case,需要开发确认是否支持该功能
#define ARCH_PRCTL(arg1, arg2)                                  \
({                                                              \
        long _ret;                                              \
        register long _num  asm("eax") = __NR_arch_prctl;       \
        register long _arg1 asm("rdi") = (long)(arg1);          \
        register long _arg2 asm("rsi") = (long)(arg2);          \
                                                                \
        asm volatile (                                          \
                "syscall\n"                                     \
                : "=a"(_ret)                                    \
                : "r"(_arg1), "r"(_arg2),                       \
                  "0"(_num)                                     \
                : "rcx", "r11", "memory", "cc"                  \
        );                                                      \
        _ret;                                                   \
})
Comment 2 Guanjun alibaba_cloud_group 2024-04-29 11:29:41 UTC
# CONFIG_X86_USER_SHADOW_STACK is not set

在我们的内核中,user shadow stack并没有打开,所以用户态的测试程序没有办法enable shadow stack。这是符合预期的
Comment 3 Guanjun alibaba_cloud_group 2024-05-10 09:49:27 UTC
这是防止用户态ROP攻击的安全开关,没有必要打开开关,维持现状,won't fix
Comment 4 Guanjun alibaba_cloud_group 2024-05-10 09:52:00 UTC
这是防止用户态ROP攻击的安全开关,没有必要打开开关,维持现状,won't fix