March 2020 - Linux-kselftest-mirror

[PATCH][next] bpf: Test_verifier: fix spelling mistake "arithmatic" -> "arithmetic"

by Colin King

From: Colin Ian King <colin.king(a)canonical.com> There are a couple of spelling mistakes in two literal strings, fix them. Signed-off-by: Colin Ian King <colin.king(a)canonical.com> --- tools/testing/selftests/bpf/verifier/bounds.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/bpf/verifier/bounds.c b/tools/testing/selftests/bpf/verifier/bounds.c index 4d0d09574bf4..a253a064e6e0 100644 --- a/tools/testing/selftests/bpf/verifier/bounds.c +++ b/tools/testing/selftests/bpf/verifier/bounds.c @@ -501,7 +501,7 @@ .result = REJECT }, { - "bounds check mixed 32bit and 64bit arithmatic. test1", + "bounds check mixed 32bit and 64bit arithmetic. test1", .insns = { BPF_MOV64_IMM(BPF_REG_0, 0), BPF_MOV64_IMM(BPF_REG_1, -1), @@ -520,7 +520,7 @@ .result = ACCEPT }, { - "bounds check mixed 32bit and 64bit arithmatic. test2", + "bounds check mixed 32bit and 64bit arithmetic. test2", .insns = { BPF_MOV64_IMM(BPF_REG_0, 0), BPF_MOV64_IMM(BPF_REG_1, -1), -- 2.25.1

4 years

2
1
0 0

[PATCH 0/2] selftests: kvm: Introduce the mem_slot_test test

by Wainer dos Santos Moschetta

This series introduces a new KVM selftest (mem_slot_test) that goal is to verify memory slots can be added up to the maximum allowed. An extra slot is attempted which should occur on error. The patch 01 is needed so that the VM fd can be accessed from the test code (for the ioctl call attempting to add an extra slot). I ran the test successfully on x86_64, aarch64, and s390x. This is why it is enabled to build on those arches. Finally, I hope it is useful test! Wainer dos Santos Moschetta (2): selftests: kvm: Add vm_get_fd() in kvm_util selftests: kvm: Add mem_slot_test test tools/testing/selftests/kvm/.gitignore | 1 + tools/testing/selftests/kvm/Makefile | 3 + .../testing/selftests/kvm/include/kvm_util.h | 1 + tools/testing/selftests/kvm/lib/kvm_util.c | 5 + tools/testing/selftests/kvm/mem_slot_test.c | 92 +++++++++++++++++++ 5 files changed, 102 insertions(+) create mode 100644 tools/testing/selftests/kvm/mem_slot_test.c -- 2.17.2

4 years

2
10
0 0

Re: runqslower build failed on Debian9

by Andrii Nakryiko

On Mon, Mar 30, 2020 at 5:19 PM Liu Yiding <liuyd.fnst(a)cn.fujitsu.com> wrote: > > > On 3/30/20 2:09 PM, Andrii Nakryiko wrote: > > On 3/29/20 5:48 PM, Liu Yiding wrote: > >> Add attachment. > >> > > > > Your BTF seems to be invalid. It has struct perf_ibs, which has a > > first field `struct pmu pmu` field with valid-looking size of 296 > > bytes, **but** the type that field points to is not a complete `struct > > pmu` definition, but rather just forward declaration. The way it is it > > shouldn't be even compilable, because forward declaration of a struct > > doesn't specify the size of a struct, so compiler should have rejected > > it. So it must be that either DWARF generated by compiler isn't > > correct, or there is DWARF -> BTF conversion bug somewhere. Are you > > using any special DWARF Kconfig settings? Maybe you can share your > > full .config and I might try to repro it on my machine. > > > > >> Are you using any special DWARF Kconfig settings? > > Sorry, i'm a newbie at this. I don't know which settings are related to > DWARF. > > Just search keywords. > > ``` > > liuyd@localhost:~$ cat config-5.6.0-rc5 | grep DWARF > # CONFIG_DEBUG_INFO_DWARF4 is not set > > ``` > > I built attached config on a clear ubuntu machine. Error could be > reproduced. So you are right, there is a conflict between kconfigs. > > > >> Maybe you can share your full .config and I might try to repro it on > my machine. > > Thanks a lot. I attached the broken config. Thanks a lot! I think it's due to DEBUG_INFO_REDUCED which produces not entirely correct DWARF. I'm asking Slava to disable this config when BTF is requested in [0]. [0] https://lore.kernel.org/bpf/CAEf4BzadnfAwfa1D0jZb=01Ou783GpK_U7PAYeEJca-L9k… > > > > But either way, that warning you get is a valid one, it should be > > illegal to have non-pointer forward-declared struct as a type for a > > struct member. > > > >> > >> On 3/30/20 8:46 AM, Liu Yiding wrote: > >>> Something wrong with my smtp and this email missed. > >>> > >>> Send again. > >>> > >>> > >>> On 3/27/20 11:09 AM, Liu Yiding wrote: > >>>> Hi, Andrii. > >>>> > >>>> Thanks for your prompt reply! > >>>> > >>>> Please check attatchment for my_btf.bin. > >>>> > >>>> > >>>> On 3/27/20 4:28 AM, Andrii Nakryiko wrote: > >>>>> Would you be able to share BTF of vmlinux that is used to generate > >>>>> vmlinux.h? Please run in verbose mode: `make V=1` and search for > >>>>> `bpftool btf dump file` command. It should point either to > >>>>> /sys/kernel/btf/vmlinux or some other location, depending on how > >>>>> things are set up on your side. > >>>>> > >>>>> If it's /sys/kernel/btf/vmlinux, you can just `cat > >>>>> /sys/kernel/btf/vmlinux > my_btf.bin`. If it's some other file, > >>>>> easiest would be to just share that file. If not, it's possible to > >>>>> extract .BTF ELF section, let me know if you need help with that. > >>>> > > > > > > > -- > Best Regards. > Liu Yiding > > >

4 years

1
0
0 0

[PATCH] kunit: Fix kunit.py run --build_dir='<foo>' fails on "unclean" trees

by Vitor Massaru Iha

Fix this bug: https://bugzilla.kernel.org/show_bug.cgi?id=205219 For some reason, the environment variable ARCH is used instead of ARCH passed as an argument, this patch uses a copy of the env, but using ARCH=um and CROSS_COMPILER='' to avoid this problem. This patch doesn't change the user's environment variables, avoiding side effects. Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> --- tools/testing/kunit/kunit_kernel.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py index d99ae75ef72f..0cb1f81ac8f2 100644 --- a/tools/testing/kunit/kunit_kernel.py +++ b/tools/testing/kunit/kunit_kernel.py @@ -15,6 +15,7 @@ import kunit_config KCONFIG_PATH = '.config' kunitconfig_path = '.kunitconfig' +env = dict(os.environ.copy(), ARCH='um', CROSS_COMPILE='') class ConfigError(Exception): """Represents an error trying to configure the Linux kernel.""" @@ -36,22 +37,22 @@ class LinuxSourceTreeOperations(object): raise ConfigError(e.output) def make_olddefconfig(self, build_dir): - command = ['make', 'ARCH=um', 'olddefconfig'] + command = ['make', 'olddefconfig'] if build_dir: command += ['O=' + build_dir] try: - subprocess.check_output(command) + subprocess.check_output(command, env=env) except OSError as e: raise ConfigError('Could not call make command: ' + e) except subprocess.CalledProcessError as e: raise ConfigError(e.output) def make(self, jobs, build_dir): - command = ['make', 'ARCH=um', '--jobs=' + str(jobs)] + command = ['make', '--jobs=' + str(jobs)] if build_dir: command += ['O=' + build_dir] try: - subprocess.check_output(command) + subprocess.check_output(command, env=env) except OSError as e: raise BuildError('Could not call execute make: ' + e) except subprocess.CalledProcessError as e: @@ -66,7 +67,8 @@ class LinuxSourceTreeOperations(object): [linux_bin] + params, stdin=subprocess.PIPE, stdout=subprocess.PIPE, - stderr=subprocess.PIPE) + stderr=subprocess.PIPE, + env=env) process.wait(timeout=timeout) return process -- 2.21.1

4 years

2
2
0 0

[PATCH] Makefile: Update kselftest help information

by Shuah Khan

Update kselftest help information. Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> --- Makefile | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index e56bf7ef182d..5e5c770423c7 100644 --- a/Makefile +++ b/Makefile @@ -1470,12 +1470,15 @@ help: @echo ' nsdeps - Generate missing symbol namespace dependencies' @echo '' @echo 'Kernel selftest:' - @echo ' kselftest - Build and run kernel selftest (run as root)' - @echo ' Build, install, and boot kernel before' - @echo ' running kselftest on it' - @echo ' kselftest-clean - Remove all generated kselftest files' - @echo ' kselftest-merge - Merge all the config dependencies of kselftest to existing' - @echo ' .config.' + @echo ' kselftest - Build and run kernel selftest' + @echo ' Build, install, and boot kernel before' + @echo ' running kselftest on it' + @echo ' Run as root for full coverage' + @echo ' kselftest-all - Build kernel selftest' + @echo ' kselftest-install - Build and install kernel selftest' + @echo ' kselftest-clean - Remove all generated kselftest files' + @echo ' kselftest-merge - Merge all the config dependencies of' + @echo ' kselftest to existing .config.' @echo '' @$(if $(dtstree), \ echo 'Devicetree:'; \ -- 2.20.1

4 years

2
2
0 0

[RFC PATCH v2 0/3] KASAN/KUnit Integration

by Patricia Alfonso

This patchset contains everything needed to integrate KASAN and KUnit. KUnit will be able to: (1) Fail tests when an unexpected KASAN error occurs (2) Pass tests when an expected KASAN error occurs KASAN Tests have been converted to KUnit with the exception of copy_user_test because KUnit is unable to test those. I am working on documentation on how to use these new tests to be included in the next version of this patchset. Changes since v1: - Make use of Alan Maguire's suggestion to use his patch that allows static resources for integration instead of adding a new attribute to the kunit struct - All KUNIT_EXPECT_KASAN_FAIL statements are local to each test - The definition of KUNIT_EXPECT_KASAN_FAIL is local to the test_kasan.c file since it seems this is the only place this will be used. - Integration relies on KUnit being builtin - copy_user_test has been separated into its own file since KUnit is unable to test these. This can be run as a module just as before, using CONFIG_TEST_KASAN_USER - The addition to the current task has been separated into its own patch as this is a significant enough change to be on its own. Patricia Alfonso (3): Add KUnit Struct to Current Task KUnit: KASAN Integration KASAN: Port KASAN Tests to KUnit include/kunit/test.h | 10 + include/linux/sched.h | 4 + lib/Kconfig.kasan | 13 +- lib/Makefile | 1 + lib/kunit/test.c | 10 +- lib/test_kasan.c | 639 +++++++++++++++---------------------- lib/test_kasan_copy_user.c | 75 +++++ mm/kasan/report.c | 33 ++ 8 files changed, 400 insertions(+), 385 deletions(-) create mode 100644 lib/test_kasan_copy_user.c -- 2.25.1.696.g5e7596f4ac-goog

4 years

4
24
0 0

[PATCH v19 00/24] selftests, powerpc, x86: Memory Protection Keys

by Sandipan Das

Memory protection keys enables an application to protect its address space from inadvertent access by its own code. This feature is now enabled on powerpc and has been available since 4.16-rc1. The patches move the selftests to arch neutral directory and enhance their test coverage. Tested on powerpc64 and x86_64 (Skylake-SP). Link to development branch: https://github.com/sandip4n/linux/tree/pkey-selftests Resending this based on feedback from maintainers who felt this can go in via the -mm tree. This has no other changes from the last version (v18) apart from being rebased. Changelog --------- Link to previous version (v18): https://patchwork.ozlabs.org/project/linuxppc-dev/list/?series=155970 v19: (1) Rebased on top of latest master. v18: (1) Fixed issues with x86 multilib builds based on feedback from Dave. (2) Moved patch 2 to the end of the series. v17: (1) Fixed issues with i386 builds when running on x86_64 based on feedback from Dave. (2) Replaced patch 6 from previous version with patch 7. This addresses u64 format specifier related concerns that Michael had raised in v15. v16: (1) Rebased on top of latest master. (2) Switched to u64 instead of using an arch-dependent pkey_reg_t type for references to the pkey register based on suggestions from Dave, Michal and Michael. (3) Removed build time determination of page size based on suggestion from Michael. (4) Fixed comment before the definition of __page_o_noops() from patch 13 ("selftests/vm/pkeys: Introduce powerpc support"). v15: (1) Rebased on top of latest master. (2) Addressed review comments from Dave Hansen. (3) Moved code for getting or setting pkey bits to new helpers. These changes replace patch 7 of v14. (4) Added a fix which ensures that the correct count of reserved keys is used across different platforms. (5) Added a fix which ensures that the correct page size is used as powerpc supports both 4K and 64K pages. v14: (1) Incorporated another round of comments from Dave Hansen. v13: (1) Incorporated comments for Dave Hansen. (2) Added one more test for correct pkey-0 behavior. v12: (1) Fixed the offset of pkey field in the siginfo structure for x86_64 and powerpc. And tries to use the actual field if the headers have it defined. v11: (1) Fixed a deadlock in the ptrace testcase. v10 and prior: (1) Moved the testcase to arch neutral directory. (2) Split the changes into incremental patches. Desnes A. Nunes do Rosario (1): selftests/vm/pkeys: Fix number of reserved powerpc pkeys Ram Pai (16): selftests/x86/pkeys: Move selftests to arch-neutral directory selftests/vm/pkeys: Rename all references to pkru to a generic name selftests/vm/pkeys: Move generic definitions to header file selftests/vm/pkeys: Fix pkey_disable_clear() selftests/vm/pkeys: Fix assertion in pkey_disable_set/clear() selftests/vm/pkeys: Fix alloc_random_pkey() to make it really random selftests/vm/pkeys: Introduce generic pkey abstractions selftests/vm/pkeys: Introduce powerpc support selftests/vm/pkeys: Fix assertion in test_pkey_alloc_exhaust() selftests/vm/pkeys: Improve checks to determine pkey support selftests/vm/pkeys: Associate key on a mapped page and detect access violation selftests/vm/pkeys: Associate key on a mapped page and detect write violation selftests/vm/pkeys: Detect write violation on a mapped access-denied-key page selftests/vm/pkeys: Introduce a sub-page allocator selftests/vm/pkeys: Test correct behaviour of pkey-0 selftests/vm/pkeys: Override access right definitions on powerpc Sandipan Das (5): selftests: vm: pkeys: Use sane types for pkey register selftests: vm: pkeys: Add helpers for pkey bits selftests: vm: pkeys: Use the correct huge page size selftests: vm: pkeys: Use the correct page size on powerpc selftests: vm: pkeys: Fix multilib builds for x86 Thiago Jung Bauermann (2): selftests/vm/pkeys: Move some definitions to arch-specific header selftests/vm/pkeys: Make gcc check arguments of sigsafe_printf() tools/testing/selftests/vm/.gitignore | 1 + tools/testing/selftests/vm/Makefile | 73 ++ tools/testing/selftests/vm/pkey-helpers.h | 225 ++++++ tools/testing/selftests/vm/pkey-powerpc.h | 136 ++++ tools/testing/selftests/vm/pkey-x86.h | 181 +++++ .../selftests/{x86 => vm}/protection_keys.c | 696 ++++++++++-------- tools/testing/selftests/x86/.gitignore | 1 - tools/testing/selftests/x86/Makefile | 2 +- tools/testing/selftests/x86/pkey-helpers.h | 219 ------ 9 files changed, 1002 insertions(+), 532 deletions(-) create mode 100644 tools/testing/selftests/vm/pkey-helpers.h create mode 100644 tools/testing/selftests/vm/pkey-powerpc.h create mode 100644 tools/testing/selftests/vm/pkey-x86.h rename tools/testing/selftests/{x86 => vm}/protection_keys.c (74%) delete mode 100644 tools/testing/selftests/x86/pkey-helpers.h -- 2.17.1

4 years

1
24
0 0

[PATCH] kunit: convert test results to JSON

by Heidi Fahim

Add a --json flag, which when specified when kunit_tool is run, calls method get_json_result. This is a method within kunit_json.py that formats KUnit results into a dict conforming to the following KernelCI API test_group spec: https://api.kernelci.org/schema-test-group.html#post. The user can specify a filename as the value to json in order to store the JSON results under linux/. Tested within kunit_tool_test.py in a new test case called KUnitJsonTest. Signed-off-by: Heidi Fahim <heidifahim(a)google.com> --- tools/testing/kunit/kunit.py | 24 ++++++- tools/testing/kunit/kunit_json.py | 63 ++++++++++++++++++ tools/testing/kunit/kunit_tool_test.py | 33 +++++++++ .../kunit/test_data/test_pound_sign.log | Bin 0 -> 1656 bytes 4 files changed, 118 insertions(+), 2 deletions(-) create mode 100644 tools/testing/kunit/kunit_json.py diff --git a/tools/testing/kunit/kunit.py b/tools/testing/kunit/kunit.py index 7dca74774dd2..ce8f8e5e0ccb 100755 --- a/tools/testing/kunit/kunit.py +++ b/tools/testing/kunit/kunit.py @@ -17,6 +17,7 @@ from collections import namedtuple from enum import Enum, auto import kunit_config +import kunit_json import kunit_kernel import kunit_parser @@ -24,10 +25,11 @@ KunitResult = namedtuple('KunitResult', ['status','result']) KunitRequest = namedtuple('KunitRequest', ['raw_output','timeout', 'jobs', 'build_dir', 'defconfig', - 'alltests', 'make_options']) + 'alltests', 'make_options', 'json']) KernelDirectoryPath = sys.argv[0].split('tools/testing/kunit/')[0] + class KunitStatus(Enum): SUCCESS = auto() CONFIG_FAILURE = auto() @@ -70,6 +72,7 @@ def run_tests(linux: kunit_kernel.LinuxSourceTree, kunit_output = linux.run_kernel( timeout=None if request.alltests else request.timeout, build_dir=request.build_dir) + if request.raw_output: raw_output = kunit_parser.raw_output(kunit_output) isolated = list(kunit_parser.isolate_kunit_output(raw_output)) @@ -86,6 +89,15 @@ def run_tests(linux: kunit_kernel.LinuxSourceTree, build_end - build_start, test_end - test_start)) + if request.json: + json_obj = kunit_json.get_json_result( + test_result=test_result, + def_config='kunit_defconfig', + build_dir=request.build_dir, + json_path=request.json) + if request.json == 'stdout': + print(json_obj) + if test_result.status != kunit_parser.TestStatus.SUCCESS: return KunitResult(KunitStatus.TEST_FAILURE, test_result) else: @@ -130,6 +142,13 @@ def main(argv, linux=None): help='X=Y make option, can be repeated.', action='append') + run_parser.add_argument('--json', + nargs='?', + help='Stores test results in a JSON, and either ' + 'prints to stdout or saves to file if a ' + 'filename is specified', + const='stdout') + cli_args = parser.parse_args(argv) if cli_args.subcommand == 'run': @@ -155,7 +174,8 @@ def main(argv, linux=None): cli_args.build_dir, cli_args.defconfig, cli_args.alltests, - cli_args.make_options) + cli_args.make_options, + cli_args.json) result = run_tests(linux, request) if result.status != KunitStatus.SUCCESS: sys.exit(1) diff --git a/tools/testing/kunit/kunit_json.py b/tools/testing/kunit/kunit_json.py new file mode 100644 index 000000000000..624b31b2dbd6 --- /dev/null +++ b/tools/testing/kunit/kunit_json.py @@ -0,0 +1,63 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Generates JSON from KUnit results according to +# KernelCI spec: https://github.com/kernelci/kernelci-doc/wiki/Test-API +# +# Copyright (C) 2020, Google LLC. +# Author: Heidi Fahim <heidifahim(a)google.com> + +import json +import os + +import kunit_parser + +from kunit_parser import TestStatus + +def get_json_result(test_result, def_config, build_dir, json_path): + sub_groups = [] + + # Each test suite is mapped to a KernelCI sub_group + for test_suite in test_result.suites: + sub_group = { + "name": test_suite.name, + "arch": "UM", + "defconfig": def_config, + "build_environment": build_dir, + "test_cases": [], + "lab_name": None, + "kernel": None, + "job": None, + "git_branch": "kselftest", + } + test_cases = [] + # TODO: Add attachments attribute in test_case with detailed + # failure message, see https://api.kernelci.org/schema-test-case.html#get + for case in test_suite.cases: + test_case = {"name": case.name, "status": "FAIL"} + if case.status == TestStatus.SUCCESS: + test_case["status"] = "PASS" + elif case.status == TestStatus.TEST_CRASHED: + test_case["status"] = "ERROR" + test_cases.append(test_case) + sub_group["test_cases"] = test_cases + sub_groups.append(sub_group) + test_group = { + "name": "KUnit Test Group", + "arch": "UM", + "defconfig": def_config, + "build_environment": build_dir, + "sub_groups": sub_groups, + "lab_name": None, + "kernel": None, + "job": None, + "git_branch": "kselftest", + } + json_obj = json.dumps(test_group, indent=4) + if json_path != 'stdout': + with open(json_path, 'w') as result_path: + result_path.write(json_obj) + root = __file__.split('tools/testing/kunit/')[0] + kunit_parser.print_with_timestamp( + "Test results stored in %s" % + os.path.join(root, result_path.name)) + return json_obj diff --git a/tools/testing/kunit/kunit_tool_test.py b/tools/testing/kunit/kunit_tool_test.py index ce47e87b633a..94e8a295d466 100755 --- a/tools/testing/kunit/kunit_tool_test.py +++ b/tools/testing/kunit/kunit_tool_test.py @@ -11,11 +11,13 @@ from unittest import mock import tempfile, shutil # Handling test_tmpdir +import json import os import kunit_config import kunit_parser import kunit_kernel +import kunit_json import kunit test_tmpdir = '' @@ -219,6 +221,37 @@ class KUnitParserTest(unittest.TestCase): result = kunit_parser.parse_run_tests(file.readlines()) self.assertEqual('kunit-resource-test', result.suites[0].name) +class KUnitJsonTest(unittest.TestCase): + + def _json_for(self, log_file): + with(open(get_absolute_path(log_file))) as file: + test_result = kunit_parser.parse_run_tests(file) + json_obj = kunit_json.get_json_result( + test_result=test_result, + def_config='kunit_defconfig', + build_dir=None, + json_path='stdout') + return json.loads(json_obj) + + def test_failed_test_json(self): + result = self._json_for( + 'test_data/test_is_test_passed-failure.log') + self.assertEqual( + {'name': 'example_simple_test', 'status': 'FAIL'}, + result["sub_groups"][1]["test_cases"][0]) + + def test_crashed_test_json(self): + result = self._json_for( + 'test_data/test_is_test_passed-crash.log') + self.assertEqual( + {'name': 'example_simple_test', 'status': 'ERROR'}, + result["sub_groups"][1]["test_cases"][0]) + + def test_no_tests_json(self): + result = self._json_for( + 'test_data/test_is_test_passed-no_tests_run.log') + self.assertEqual(0, len(result['sub_groups'])) + class StrContains(str): def __eq__(self, other): return self in other diff --git a/tools/testing/kunit/test_data/test_pound_sign.log b/tools/testing/kunit/test_data/test_pound_sign.log index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..28ffa5ba03bfa81ea02ea9d38e7de7acf3dd9e5d 100644 GIT binary patch literal 1656 zcmah}U2EGg6n$=g#f7|Vtj^>lPBOzDM#o@mlt9+Kgd${FPEBlGBgsqs?{^h<Y3h$o zFBaGLocpP>13GNVmW<8=R3_K%5Q9W*u~4upWe`4q(jqBTdcAw?ZG=v-jA5@FZ|^*5 zoU$NALGF+lEFssq<A{~zdHR7p&7+U(X~E!_yGM{l@40vQ%(~pazHH!+GB!sI;iCKZ zY69Cjp-?V{LrnyMQ5I_>Rp5<1_i#FmdPY1z2tkYI|M1-7PdS}Ub_h8eK~m)?&(I;{ zd<2<NV1vyl7BWOggn_Hc5ba`wRu)R=x;oPiRuheYD}$9XJTpphG^wKX*mr|pw(;#T zTvPxWb#R&-VC|~9KeFD0ooNCooO~P|@vNKL)n#t&WQm2JSh%gFRMuv7!M#yqYailx z8TM&AUN~yqVM$ThVIE55OcVU4mW$eHC#dHEeUvCiE1wT#?U%cS^A_HAK$VqiIBG75 z($V`G!unJPuo@k2@gj4y7$WV7g73Ls@d32giPqc=`3mz^u|IR`05hOx29+=__XXIv z%Xf#6<%P11b*dyatBVv$thED!=x%_Ts?sj1OY%b*t$Y}rODc$J2is^#<A~w+w`~mf zCs_oC7u=9pAjzurLE}*e38}&1-KX^pd*7wM-Q35(VDtTJOgeOnB`K*rii#c_+)*qi zNQ+5Dqv>MG0wcp<uf!}(SCXw)kqXk>xCSP@rQbRs58c`TmTbn>%WO@TFp;w*gB6RU km;Ljlo8cvfMVVCc>`K4bOfE$-fO&T9$C>+RbV7Fh7t6}$ApigX literal 0 HcmV?d00001 -- 2.25.1.696.g5e7596f4ac-goog

4 years

2
1
0 0

[PATCH v15 00/10] Landlock LSM

by Mickaël Salaün

Hi, This new patch series brings improvements, fix some bugs but mainly simplify the code. The object, rule and ruleset management are simplified at the expense of a less aggressive memory freeing (contributed by Jann Horn [1]). There is now less use of RCU for an improved readability. Access checks that can be reached by file-descriptor-based syscalls are removed for now (truncate, getattr, lock, chmod, chown, chgrp, ioctl). This will be handle in a future evolution of Landlock, but right now the goal is to lighten the code to ease review. The SLOC count for security/landlock/ was 1542 with the previous patch series while the current series shrinks it to 1273. The other main improvement is the addition of rule layer levels to ensure that a nested sandbox cannot bypass the access restrictions set by its parents. The syscall is now wired for all architectures and the tests passed for x86_32 and x86_64. The compiled documentation is available here: https://landlock.io/linux-doc/landlock-v15/security/landlock/index.html This series can be applied on top of v5.6-rc7. This can be tested with CONFIG_SECURITY_LANDLOCK and CONFIG_SAMPLE_LANDLOCK. This patch series can be found in a Git repository here: https://github.com/landlock-lsm/linux/commits/landlock-v15 I would really appreciate constructive comments on the design and the code. # Landlock LSM The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM [2], it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user-space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves. Landlock is inspired by seccomp-bpf but instead of filtering syscalls and their raw arguments, a Landlock rule can restrict the use of kernel objects like file hierarchies, according to the kernel semantic. Landlock also takes inspiration from other OS sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD Pledge/Unveil. # Current limitations ## Path walk Landlock need to use dentries to identify a file hierarchy, which is needed for composable and unprivileged access-controls. This means that path resolution/walking (handled with inode_permission()) is not supported, yet. The same limitation also apply to readlink(2). This could be filled with a future extension first of the LSM framework. The Landlock userspace ABI can handle such change with new options (e.g. to the struct landlock_ruleset). ## UnionFS An UnionFS super-block use a set of upper and lower directories. Access request to a file in one of these hierarchy trigger a call to ovl_path_real() which generate another access request according to the matching hierarchy. Because such super-block is not aware of its current mount point, OverlayFS can't create a dedicated mnt_parent for each of the upper and lower directories mount clones. It is then not currently possible to track the source of such indirect access-request, and then not possible to identify a unified OverlayFS hierarchy. ## Memory limits There is currently no limit on the memory usage. Any idea to leverage an existing mechanism (e.g. rlimit)? # Changes since v14 * Simplify the object, rule and ruleset management at the expense of a less aggressive memory freeing. * Remove access checks that may be required for FD-only requests: truncate, getattr, lock, chmod, chown, chgrp, ioctl. * Add the notion of rule layer level to ensure that a nested sandbox cannot bypass the access restrictions set by its parent. * Wire up the syscall for all architectures. * Clean up the code and add more documentation. * Some improvements and bug fixes. # Changes since v13 * Revamp of the LSM: remove the need for eBPF and seccomp(2). * Implement a full filesystem access-control. * Take care of the backward compatibility issues, especially for security features, following a best-effort approach. Previous version: https://lore.kernel.org/lkml/20200224160215.4136-1-mic@digikod.net/ [1] https://lore.kernel.org/lkml/CAG48ez21bEn0wL1bbmTiiu8j9jP5iEWtHOwz4tURUJ+ki… [2] https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler… Regards, Mickaël Salaün (10): landlock: Add object management landlock: Add ruleset and domain management landlock: Set up the security framework and manage credentials landlock: Add ptrace restrictions fs,landlock: Support filesystem access-control landlock: Add syscall implementation arch: Wire up landlock() syscall selftests/landlock: Add initial tests samples/landlock: Add a sandbox manager example landlock: Add user and kernel documentation Documentation/security/index.rst | 1 + Documentation/security/landlock/index.rst | 18 + Documentation/security/landlock/kernel.rst | 69 + Documentation/security/landlock/user.rst | 227 +++ MAINTAINERS | 12 + arch/alpha/kernel/syscalls/syscall.tbl | 1 + arch/arm/tools/syscall.tbl | 1 + arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 2 + arch/ia64/kernel/syscalls/syscall.tbl | 1 + arch/m68k/kernel/syscalls/syscall.tbl | 1 + arch/microblaze/kernel/syscalls/syscall.tbl | 1 + arch/mips/kernel/syscalls/syscall_n32.tbl | 1 + arch/mips/kernel/syscalls/syscall_n64.tbl | 1 + arch/mips/kernel/syscalls/syscall_o32.tbl | 1 + arch/parisc/kernel/syscalls/syscall.tbl | 1 + arch/powerpc/kernel/syscalls/syscall.tbl | 1 + arch/s390/kernel/syscalls/syscall.tbl | 1 + arch/sh/kernel/syscalls/syscall.tbl | 1 + arch/sparc/kernel/syscalls/syscall.tbl | 1 + arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + arch/xtensa/kernel/syscalls/syscall.tbl | 1 + fs/super.c | 2 + include/linux/fs.h | 5 + include/linux/landlock.h | 22 + include/linux/syscalls.h | 3 + include/uapi/asm-generic/unistd.h | 4 +- include/uapi/linux/landlock.h | 311 ++++ kernel/sys_ni.c | 3 + samples/Kconfig | 7 + samples/Makefile | 1 + samples/landlock/.gitignore | 1 + samples/landlock/Makefile | 15 + samples/landlock/sandboxer.c | 217 +++ security/Kconfig | 11 +- security/Makefile | 2 + security/landlock/Kconfig | 18 + security/landlock/Makefile | 4 + security/landlock/common.h | 20 + security/landlock/cred.c | 46 + security/landlock/cred.h | 55 + security/landlock/fs.c | 561 ++++++++ security/landlock/fs.h | 42 + security/landlock/object.c | 66 + security/landlock/object.h | 92 ++ security/landlock/ptrace.c | 120 ++ security/landlock/ptrace.h | 14 + security/landlock/ruleset.c | 352 +++++ security/landlock/ruleset.h | 182 +++ security/landlock/setup.c | 39 + security/landlock/setup.h | 18 + security/landlock/syscall.c | 521 +++++++ tools/testing/selftests/Makefile | 1 + tools/testing/selftests/landlock/.gitignore | 4 + tools/testing/selftests/landlock/Makefile | 26 + tools/testing/selftests/landlock/common.h | 42 + tools/testing/selftests/landlock/config | 5 + tools/testing/selftests/landlock/test_base.c | 113 ++ tools/testing/selftests/landlock/test_fs.c | 1249 +++++++++++++++++ .../testing/selftests/landlock/test_ptrace.c | 294 ++++ tools/testing/selftests/landlock/true.c | 5 + 62 files changed, 4833 insertions(+), 7 deletions(-) create mode 100644 Documentation/security/landlock/index.rst create mode 100644 Documentation/security/landlock/kernel.rst create mode 100644 Documentation/security/landlock/user.rst create mode 100644 include/linux/landlock.h create mode 100644 include/uapi/linux/landlock.h create mode 100644 samples/landlock/.gitignore create mode 100644 samples/landlock/Makefile create mode 100644 samples/landlock/sandboxer.c create mode 100644 security/landlock/Kconfig create mode 100644 security/landlock/Makefile create mode 100644 security/landlock/common.h create mode 100644 security/landlock/cred.c create mode 100644 security/landlock/cred.h create mode 100644 security/landlock/fs.c create mode 100644 security/landlock/fs.h create mode 100644 security/landlock/object.c create mode 100644 security/landlock/object.h create mode 100644 security/landlock/ptrace.c create mode 100644 security/landlock/ptrace.h create mode 100644 security/landlock/ruleset.c create mode 100644 security/landlock/ruleset.h create mode 100644 security/landlock/setup.c create mode 100644 security/landlock/setup.h create mode 100644 security/landlock/syscall.c create mode 100644 tools/testing/selftests/landlock/.gitignore create mode 100644 tools/testing/selftests/landlock/Makefile create mode 100644 tools/testing/selftests/landlock/common.h create mode 100644 tools/testing/selftests/landlock/config create mode 100644 tools/testing/selftests/landlock/test_base.c create mode 100644 tools/testing/selftests/landlock/test_fs.c create mode 100644 tools/testing/selftests/landlock/test_ptrace.c create mode 100644 tools/testing/selftests/landlock/true.c -- 2.26.0.rc2

4 years

2
13
0 0

[RFC PATCH v14 00/10] Landlock LSM

by Mickaël Salaün

Hi, This new version of Landlock is a major revamp of the previous series [1], hence the RFC tag. The three main changes are the replacement of eBPF with a dedicated safe management of access rules, the replacement of the use of seccomp(2) with a dedicated syscall, and the management of filesystem access-control (back from the v10). As discussed in [2], eBPF may be too powerful and dangerous to be put in the hand of unprivileged and potentially malicious processes, especially because of side-channel attacks against access-controls or other parts of the kernel. Thanks to this new implementation (1540 SLOC), designed from the ground to be used by unprivileged processes, this series enables a process to sandbox itself without requiring CAP_SYS_ADMIN, but only the no_new_privs constraint (like seccomp). Not relying on eBPF also enables to improve performances, especially for stacked security policies thanks to mergeable rulesets. The compiled documentation is available here: https://landlock.io/linux-doc/landlock-v14/security/landlock/index.html This series can be applied on top of v5.6-rc3. This can be tested with CONFIG_SECURITY_LANDLOCK and CONFIG_SAMPLE_LANDLOCK. This patch series can be found in a Git repository here: https://github.com/landlock-lsm/linux/commits/landlock-v14 I would really appreciate constructive comments on the design and the code. # Landlock LSM The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM [3], it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user-space applications. Landlock empower any process, including unprivileged ones, to securely restrict themselves. Landlock is inspired by seccomp-bpf but instead of filtering syscalls and their raw arguments, a Landlock rule can restrict the use of kernel objects like file hierarchies, according to the kernel semantic. Landlock also takes inspiration from other OS sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD Pledge/Unveil. # Current limitations ## Path walk Landlock need to use dentries to identify a file hierarchy, which is needed for composable and unprivileged access-controls. This means that path resolution/walking (handled with inode_permission()) is not supported, yet. This could be filled with a future extension first of the LSM framework. The Landlock userspace ABI can handle such change with new option (e.g. to the struct landlock_ruleset). ## UnionFS An UnionFS super-block use a set of upper and lower directories. An access request to a file in one of these hierarchy trigger a call to ovl_path_real() which generate another access request according to the matching hierarchy. Because such super-block is not aware of its current mount point, OverlayFS can't create a dedicated mnt_parent for each of the upper and lower directories mount clones. It is then not currently possible to track the source of such indirect access-request, and then not possible to identify a unified OverlayFS hierarchy. ## Syscall Because it is only tested on x86_64, the syscall is only wired up for this architecture. The whole x86 family (and probably all the others) will be supported in the next patch series. ## Memory limits There is currently no limit on the memory usage. Any idea to leverage an existing mechanism (e.g. rlimit)? # Changes since v13 * Revamp of the LSM: remove the need for eBPF and seccomp(2). * Implement a full filesystem access-control. * Take care of the backward compatibility issues, especially for this security features. Previous version: https://lore.kernel.org/lkml/20191104172146.30797-1-mic@digikod.net/ [1] https://lore.kernel.org/lkml/20191104172146.30797-1-mic@digikod.net/ [2] https://lore.kernel.org/lkml/a6b61f33-82dc-0c1c-7a6c-1926343ef63e@digikod.n… [3] https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler… Regards, Mickaël Salaün (10): landlock: Add object and rule management landlock: Add ruleset and domain management landlock: Set up the security framework and manage credentials landlock: Add ptrace restrictions fs,landlock: Support filesystem access-control landlock: Add syscall implementation arch: Wire up landlock() syscall selftests/landlock: Add initial tests samples/landlock: Add a sandbox manager example landlock: Add user and kernel documentation Documentation/security/index.rst | 1 + Documentation/security/landlock/index.rst | 18 + Documentation/security/landlock/kernel.rst | 44 ++ Documentation/security/landlock/user.rst | 233 +++++++ MAINTAINERS | 12 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + fs/super.c | 2 + include/linux/landlock.h | 22 + include/linux/syscalls.h | 3 + include/uapi/asm-generic/unistd.h | 4 +- include/uapi/linux/landlock.h | 315 +++++++++ samples/Kconfig | 7 + samples/Makefile | 1 + samples/landlock/.gitignore | 1 + samples/landlock/Makefile | 15 + samples/landlock/sandboxer.c | 226 +++++++ security/Kconfig | 11 +- security/Makefile | 2 + security/landlock/Kconfig | 16 + security/landlock/Makefile | 4 + security/landlock/cred.c | 47 ++ security/landlock/cred.h | 55 ++ security/landlock/fs.c | 591 +++++++++++++++++ security/landlock/fs.h | 42 ++ security/landlock/object.c | 341 ++++++++++ security/landlock/object.h | 134 ++++ security/landlock/ptrace.c | 118 ++++ security/landlock/ptrace.h | 14 + security/landlock/ruleset.c | 463 +++++++++++++ security/landlock/ruleset.h | 106 +++ security/landlock/setup.c | 38 ++ security/landlock/setup.h | 20 + security/landlock/syscall.c | 470 +++++++++++++ tools/testing/selftests/Makefile | 1 + tools/testing/selftests/landlock/.gitignore | 3 + tools/testing/selftests/landlock/Makefile | 13 + tools/testing/selftests/landlock/config | 4 + tools/testing/selftests/landlock/test.h | 40 ++ tools/testing/selftests/landlock/test_base.c | 80 +++ tools/testing/selftests/landlock/test_fs.c | 624 ++++++++++++++++++ .../testing/selftests/landlock/test_ptrace.c | 293 ++++++++ 41 files changed, 4429 insertions(+), 6 deletions(-) create mode 100644 Documentation/security/landlock/index.rst create mode 100644 Documentation/security/landlock/kernel.rst create mode 100644 Documentation/security/landlock/user.rst create mode 100644 include/linux/landlock.h create mode 100644 include/uapi/linux/landlock.h create mode 100644 samples/landlock/.gitignore create mode 100644 samples/landlock/Makefile create mode 100644 samples/landlock/sandboxer.c create mode 100644 security/landlock/Kconfig create mode 100644 security/landlock/Makefile create mode 100644 security/landlock/cred.c create mode 100644 security/landlock/cred.h create mode 100644 security/landlock/fs.c create mode 100644 security/landlock/fs.h create mode 100644 security/landlock/object.c create mode 100644 security/landlock/object.h create mode 100644 security/landlock/ptrace.c create mode 100644 security/landlock/ptrace.h create mode 100644 security/landlock/ruleset.c create mode 100644 security/landlock/ruleset.h create mode 100644 security/landlock/setup.c create mode 100644 security/landlock/setup.h create mode 100644 security/landlock/syscall.c create mode 100644 tools/testing/selftests/landlock/.gitignore create mode 100644 tools/testing/selftests/landlock/Makefile create mode 100644 tools/testing/selftests/landlock/config create mode 100644 tools/testing/selftests/landlock/test.h create mode 100644 tools/testing/selftests/landlock/test_base.c create mode 100644 tools/testing/selftests/landlock/test_fs.c create mode 100644 tools/testing/selftests/landlock/test_ptrace.c -- 2.25.0

4 years

5
33
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror March 2020