August 2020 - Linux-kselftest-mirror

by Mickaël Salaün

Hi, This new patch series mainly replace the landlock(2) command multiplexor with 4 new dedicated syscalls: * landlock_get_features(2) * landlock_create_ruleset(2) * landlock_add_rule(2) * landlock_enforce_ruleset(2) The SLOC count is 1264 for security/landlock/ and 1712 for tools/testing/selftest/landlock/ . Test coverage for security/landlock/ is 93.6% of lines. The code not covered only deals with internal kernel errors (e.g. memory allocation) and race conditions. The compiled documentation is available here: https://landlock.io/linux-doc/landlock-v20/security/landlock/index.html This series can be applied on top of v5.8-rc4 . This can be tested with CONFIG_SECURITY_LANDLOCK and CONFIG_SAMPLE_LANDLOCK. This patch series can be found in a Git repository here: https://github.com/landlock-lsm/linux/commits/landlock-v20 I would really appreciate constructive comments on this patch series. # Landlock LSM The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM [1], it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user-space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves. Landlock is inspired by seccomp-bpf but instead of filtering syscalls and their raw arguments, a Landlock rule can restrict the use of kernel objects like file hierarchies, according to the kernel semantic. Landlock also takes inspiration from other OS sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD Pledge/Unveil. In this current form, Landlock misses some access-control features. This enables to minimize this patch series and ease review. This series still addresses multiple use cases, especially with the combined use of seccomp-bpf: applications with built-in sandboxing, init systems, security sandbox tools and security-oriented APIs [2]. Previous version: https://lore.kernel.org/lkml/20200707180955.53024-1-mic@digikod.net/ [1] https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler… [2] https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.n… Casey Schaufler (1): LSM: Infrastructure management of the superblock Mickaël Salaün (11): landlock: Add object management landlock: Add ruleset and domain management landlock: Set up the security framework and manage credentials landlock: Add ptrace restrictions fs,security: Add sb_delete hook landlock: Support filesystem access-control landlock: Add syscall implementations arch: Wire up Landlock syscalls selftests/landlock: Add initial tests samples/landlock: Add a sandbox manager example landlock: Add user and kernel documentation Documentation/security/index.rst | 1 + Documentation/security/landlock/index.rst | 18 + Documentation/security/landlock/kernel.rst | 69 + Documentation/security/landlock/user.rst | 271 +++ MAINTAINERS | 11 + arch/Kconfig | 7 + arch/alpha/kernel/syscalls/syscall.tbl | 4 + arch/arm/tools/syscall.tbl | 4 + arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 8 + arch/ia64/kernel/syscalls/syscall.tbl | 4 + arch/m68k/kernel/syscalls/syscall.tbl | 4 + arch/microblaze/kernel/syscalls/syscall.tbl | 4 + arch/mips/kernel/syscalls/syscall_n32.tbl | 4 + arch/mips/kernel/syscalls/syscall_n64.tbl | 4 + arch/mips/kernel/syscalls/syscall_o32.tbl | 4 + arch/parisc/kernel/syscalls/syscall.tbl | 4 + arch/powerpc/kernel/syscalls/syscall.tbl | 4 + arch/s390/kernel/syscalls/syscall.tbl | 4 + arch/sh/kernel/syscalls/syscall.tbl | 4 + arch/sparc/kernel/syscalls/syscall.tbl | 4 + arch/um/Kconfig | 1 + arch/x86/entry/syscalls/syscall_32.tbl | 4 + arch/x86/entry/syscalls/syscall_64.tbl | 4 + arch/xtensa/kernel/syscalls/syscall.tbl | 4 + fs/super.c | 1 + include/linux/lsm_hook_defs.h | 1 + include/linux/lsm_hooks.h | 3 + include/linux/security.h | 4 + include/linux/syscalls.h | 8 + include/uapi/asm-generic/unistd.h | 10 +- include/uapi/linux/landlock.h | 209 ++ kernel/sys_ni.c | 6 + samples/Kconfig | 7 + samples/Makefile | 1 + samples/landlock/.gitignore | 1 + samples/landlock/Makefile | 15 + samples/landlock/sandboxer.c | 248 +++ security/Kconfig | 11 +- security/Makefile | 2 + security/landlock/Kconfig | 18 + security/landlock/Makefile | 4 + security/landlock/common.h | 20 + security/landlock/cred.c | 46 + security/landlock/cred.h | 58 + security/landlock/fs.c | 609 ++++++ security/landlock/fs.h | 60 + security/landlock/object.c | 66 + security/landlock/object.h | 91 + security/landlock/ptrace.c | 120 ++ security/landlock/ptrace.h | 14 + security/landlock/ruleset.c | 342 ++++ security/landlock/ruleset.h | 157 ++ security/landlock/setup.c | 40 + security/landlock/setup.h | 18 + security/landlock/syscall.c | 571 ++++++ security/security.c | 51 +- security/selinux/hooks.c | 58 +- security/selinux/include/objsec.h | 6 + security/selinux/ss/services.c | 3 +- security/smack/smack.h | 6 + security/smack/smack_lsm.c | 35 +- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/landlock/.gitignore | 2 + tools/testing/selftests/landlock/Makefile | 29 + tools/testing/selftests/landlock/base_test.c | 154 ++ tools/testing/selftests/landlock/common.h | 122 ++ tools/testing/selftests/landlock/config | 5 + tools/testing/selftests/landlock/fs_test.c | 1698 +++++++++++++++++ .../testing/selftests/landlock/ptrace_test.c | 310 +++ tools/testing/selftests/landlock/true.c | 5 + 71 files changed, 5621 insertions(+), 77 deletions(-) create mode 100644 Documentation/security/landlock/index.rst create mode 100644 Documentation/security/landlock/kernel.rst create mode 100644 Documentation/security/landlock/user.rst create mode 100644 include/uapi/linux/landlock.h create mode 100644 samples/landlock/.gitignore create mode 100644 samples/landlock/Makefile create mode 100644 samples/landlock/sandboxer.c create mode 100644 security/landlock/Kconfig create mode 100644 security/landlock/Makefile create mode 100644 security/landlock/common.h create mode 100644 security/landlock/cred.c create mode 100644 security/landlock/cred.h create mode 100644 security/landlock/fs.c create mode 100644 security/landlock/fs.h create mode 100644 security/landlock/object.c create mode 100644 security/landlock/object.h create mode 100644 security/landlock/ptrace.c create mode 100644 security/landlock/ptrace.h create mode 100644 security/landlock/ruleset.c create mode 100644 security/landlock/ruleset.h create mode 100644 security/landlock/setup.c create mode 100644 security/landlock/setup.h create mode 100644 security/landlock/syscall.c create mode 100644 tools/testing/selftests/landlock/.gitignore create mode 100644 tools/testing/selftests/landlock/Makefile create mode 100644 tools/testing/selftests/landlock/base_test.c create mode 100644 tools/testing/selftests/landlock/common.h create mode 100644 tools/testing/selftests/landlock/config create mode 100644 tools/testing/selftests/landlock/fs_test.c create mode 100644 tools/testing/selftests/landlock/ptrace_test.c create mode 100644 tools/testing/selftests/landlock/true.c -- 2.28.0.rc2

3 years, 7 months

3
18
0 0

[RFC PATCH 0/1] selftests/run_kselftest.sh: make each test individually selectable

by Hangbin Liu

Hi, this patch enhanced the run_kselftest.sh to make the tests individually selectable. I'm not sure the if I could add the reuslt in the patch commit, as the log is too long. So I just put the result to the cover-letter: Note: I use `tr -s "/-" "_"` to cover the path name in tests to function name. e.g. networking/timestamping -> networking_timestamping. I'm not sure if it's legal in Makefile. Before the patch: ]# ./kselftest_install.sh /tmp/kselftests ]# cat /tmp/kselftests/run_kselftest.sh #!/bin/sh BASE_DIR=$(realpath $(dirname $0)) cd $BASE_DIR . ./kselftest/runner.sh ROOT=$PWD if [ "$1" = "--summary" ]; then logfile=$BASE_DIR/output.log cat /dev/null > $logfile fi [ -w /dev/kmsg ] && echo "kselftest: Running tests in android" >> /dev/kmsg cd android run_many \ "run.sh" cd $ROOT ...<snip>... [ -w /dev/kmsg ] && echo "kselftest: Running tests in zram" >> /dev/kmsg cd zram run_many \ "zram.sh" cd $ROOT After the patch: ]# ./kselftest_install.sh /tmp/kselftests ]# cat /tmp/kselftests/run_kselftest.sh #!/bin/sh BASE_DIR=$(realpath $(dirname $0)) . ./kselftest/runner.sh TESTS="android ...<snip>... zram" run_android() { [ -w /dev/kmsg ] && echo "kselftest: Running tests in android" >> /dev/kmsg cd android run_many \ "run.sh" cd $ROOT } ...<snip>... run_zram() { [ -w /dev/kmsg ] && echo "kselftest: Running tests in zram" >> /dev/kmsg cd zram run_many \ "zram.sh" cd $ROOT } usage() { cat <<EOF usage: ${0##*/} OPTS -s | --summary Only print summary info and put detailed log in output.log -t | --tests Test name you want to run specifically -h | --help Show this usage info EOF } while true; do case "$1" in -s | --summary ) logfile=$BASE_DIR/output.log; cat /dev/null > $logfile; shift ;; -t | --tests ) TESTS=$2; shift 2 ;; -h | --help ) usage; exit 0;; "" ) break;; * ) usage; exit 1;; esac done cd $BASE_DIR ROOT=$PWD for test in $TESTS; do run_$test done Hangbin Liu (1): selftests/run_kselftest.sh: make each test individually selectable tools/testing/selftests/Makefile | 48 +++++++++++++++++++++++++------- tools/testing/selftests/lib.mk | 2 +- 2 files changed, 39 insertions(+), 11 deletions(-) -- 2.19.2

3 years, 7 months

3
8
0 0

[PATCH 0/3] xtensa: add seccomp support

by Max Filippov

Hello, this series adds support for seccomp filter on xtensa and updates selftests/seccomp. Max Filippov (3): xtensa: expose syscall through user_pt_regs xtensa: add seccomp support selftests/seccomp: add xtensa support .../seccomp/seccomp-filter/arch-support.txt | 2 +- arch/xtensa/Kconfig | 15 +++++++++++++++ arch/xtensa/include/asm/Kbuild | 1 + arch/xtensa/include/asm/thread_info.h | 5 ++++- arch/xtensa/include/uapi/asm/ptrace.h | 3 ++- arch/xtensa/kernel/ptrace.c | 8 +++++++- tools/testing/selftests/seccomp/seccomp_bpf.c | 16 +++++++++++++++- 7 files changed, 45 insertions(+), 5 deletions(-) -- 2.20.1

3 years, 7 months

2
5
0 0

[PATCH] selftests/lkdtm: Use "comm" instead of "diff" for dmesg

by Kees Cook

Instead of full GNU diff (which smaller boot environments may not have), use "comm" which is more available. Reported-by: Naresh Kamboju <naresh.kamboju(a)linaro.org> Link: https://lore.kernel.org/lkml/CA+G9fYtHP+Gg+BrR_GkBMxu2oOi-_e9pATtpb6TVRswv1… Fixes: f131d9edc29d ("selftests/lkdtm: Don't clear dmesg when running tests") Signed-off-by: Kees Cook <keescook(a)chromium.org> --- tools/testing/selftests/lkdtm/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/lkdtm/run.sh b/tools/testing/selftests/lkdtm/run.sh index 8383eb89d88a..5fe23009ae13 100755 --- a/tools/testing/selftests/lkdtm/run.sh +++ b/tools/testing/selftests/lkdtm/run.sh @@ -82,7 +82,7 @@ dmesg > "$DMESG" ($SHELL -c 'cat <(echo '"$test"') >'"$TRIGGER" 2>/dev/null) || true # Record and dump the results -dmesg | diff --changed-group-format='%>' --unchanged-group-format='' "$DMESG" - > "$LOG" || true +dmesg | comm -13 "$DMESG" - > "$LOG" || true cat "$LOG" # Check for expected output -- 2.25.1 -- Kees Cook

3 years, 7 months

4
9
0 0

[PATCH v9 1/2] Add a "nosymfollow" mount option.

by Ross Zwisler

From: Mattias Nissler <mnissler(a)chromium.org> For mounts that have the new "nosymfollow" option, don't follow symlinks when resolving paths. The new option is similar in spirit to the existing "nodev", "noexec", and "nosuid" options, as well as to the LOOKUP_NO_SYMLINKS resolve flag in the openat2(2) syscall. Various BSD variants have been supporting the "nosymfollow" mount option for a long time with equivalent implementations. Note that symlinks may still be created on file systems mounted with the "nosymfollow" option present. readlink() remains functional, so user space code that is aware of symlinks can still choose to follow them explicitly. Setting the "nosymfollow" mount option helps prevent privileged writers from modifying files unintentionally in case there is an unexpected link along the accessed path. The "nosymfollow" option is thus useful as a defensive measure for systems that need to deal with untrusted file systems in privileged contexts. More information on the history and motivation for this patch can be found here: https://sites.google.com/a/chromium.org/dev/chromium-os/chromiumos-design-d… Signed-off-by: Mattias Nissler <mnissler(a)chromium.org> Signed-off-by: Ross Zwisler <zwisler(a)google.com> Reviewed-by: Aleksa Sarai <cyphar(a)cyphar.com> --- Changes since v8 [1]: * Look for MNT_NOSYMFOLLOW in link->mnt->mnt_flags so we are testing the link itself rather than the directory holding the link. (Al Viro) * Rebased onto v5.9-rc2. After this lands I will upstream changes to util-linux[2] and man-pages [3]. [1]: https://patchwork.kernel.org/patch/11724607/ [2]: https://github.com/rzwisler/util-linux/commit/7f8771acd85edb70d97921c026c55… [3]: https://github.com/rzwisler/man-pages/commit/b8fe8079f64b5068940c0144586e58… --- fs/namei.c | 3 ++- fs/namespace.c | 2 ++ fs/proc_namespace.c | 1 + fs/statfs.c | 2 ++ include/linux/mount.h | 3 ++- include/linux/statfs.h | 1 + include/uapi/linux/mount.h | 1 + 7 files changed, 11 insertions(+), 2 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index e99e2a9da0f7d..33e8c79bc761e 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -1626,7 +1626,8 @@ static const char *pick_link(struct nameidata *nd, struct path *link, return ERR_PTR(error); } - if (unlikely(nd->flags & LOOKUP_NO_SYMLINKS)) + if (unlikely(nd->flags & LOOKUP_NO_SYMLINKS) || + unlikely(link->mnt->mnt_flags & MNT_NOSYMFOLLOW)) return ERR_PTR(-ELOOP); if (!(nd->flags & LOOKUP_RCU)) { diff --git a/fs/namespace.c b/fs/namespace.c index bae0e95b3713a..6408788a649e1 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -3160,6 +3160,8 @@ int path_mount(const char *dev_name, struct path *path, mnt_flags &= ~(MNT_RELATIME | MNT_NOATIME); if (flags & MS_RDONLY) mnt_flags |= MNT_READONLY; + if (flags & MS_NOSYMFOLLOW) + mnt_flags |= MNT_NOSYMFOLLOW; /* The default atime for remount is preservation */ if ((flags & MS_REMOUNT) && diff --git a/fs/proc_namespace.c b/fs/proc_namespace.c index 3059a9394c2d6..e59d4bb3a89e4 100644 --- a/fs/proc_namespace.c +++ b/fs/proc_namespace.c @@ -70,6 +70,7 @@ static void show_mnt_opts(struct seq_file *m, struct vfsmount *mnt) { MNT_NOATIME, ",noatime" }, { MNT_NODIRATIME, ",nodiratime" }, { MNT_RELATIME, ",relatime" }, + { MNT_NOSYMFOLLOW, ",nosymfollow" }, { 0, NULL } }; const struct proc_fs_opts *fs_infop; diff --git a/fs/statfs.c b/fs/statfs.c index 2616424012ea7..59f33752c1311 100644 --- a/fs/statfs.c +++ b/fs/statfs.c @@ -29,6 +29,8 @@ static int flags_by_mnt(int mnt_flags) flags |= ST_NODIRATIME; if (mnt_flags & MNT_RELATIME) flags |= ST_RELATIME; + if (mnt_flags & MNT_NOSYMFOLLOW) + flags |= ST_NOSYMFOLLOW; return flags; } diff --git a/include/linux/mount.h b/include/linux/mount.h index de657bd211fa6..aaf343b38671c 100644 --- a/include/linux/mount.h +++ b/include/linux/mount.h @@ -30,6 +30,7 @@ struct fs_context; #define MNT_NODIRATIME 0x10 #define MNT_RELATIME 0x20 #define MNT_READONLY 0x40 /* does the user want this to be r/o? */ +#define MNT_NOSYMFOLLOW 0x80 #define MNT_SHRINKABLE 0x100 #define MNT_WRITE_HOLD 0x200 @@ -46,7 +47,7 @@ struct fs_context; #define MNT_SHARED_MASK (MNT_UNBINDABLE) #define MNT_USER_SETTABLE_MASK (MNT_NOSUID | MNT_NODEV | MNT_NOEXEC \ | MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME \ - | MNT_READONLY) + | MNT_READONLY | MNT_NOSYMFOLLOW) #define MNT_ATIME_MASK (MNT_NOATIME | MNT_NODIRATIME | MNT_RELATIME ) #define MNT_INTERNAL_FLAGS (MNT_SHARED | MNT_WRITE_HOLD | MNT_INTERNAL | \ diff --git a/include/linux/statfs.h b/include/linux/statfs.h index 9bc69edb8f188..fac4356ea1bfc 100644 --- a/include/linux/statfs.h +++ b/include/linux/statfs.h @@ -40,6 +40,7 @@ struct kstatfs { #define ST_NOATIME 0x0400 /* do not update access times */ #define ST_NODIRATIME 0x0800 /* do not update directory access times */ #define ST_RELATIME 0x1000 /* update atime relative to mtime/ctime */ +#define ST_NOSYMFOLLOW 0x2000 /* do not follow symlinks */ struct dentry; extern int vfs_get_fsid(struct dentry *dentry, __kernel_fsid_t *fsid); diff --git a/include/uapi/linux/mount.h b/include/uapi/linux/mount.h index 96a0240f23fed..dd8306ea336c1 100644 --- a/include/uapi/linux/mount.h +++ b/include/uapi/linux/mount.h @@ -16,6 +16,7 @@ #define MS_REMOUNT 32 /* Alter flags of a mounted FS */ #define MS_MANDLOCK 64 /* Allow mandatory locks on an FS */ #define MS_DIRSYNC 128 /* Directory modifications are synchronous */ +#define MS_NOSYMFOLLOW 256 /* Do not follow symlinks */ #define MS_NOATIME 1024 /* Do not update access times. */ #define MS_NODIRATIME 2048 /* Do not update directory access times */ #define MS_BIND 4096 -- 2.28.0.297.g1956fa8f8d-goog

3 years, 7 months

3
5
0 0

[PATCH 1/2] kunit: support failure from dynamic analysis tools

by Uriel Guajardo

Adds an API to allow dynamic analysis tools to fail the currently running KUnit test case. - Always places the kunit test in the task_struct to allow other tools to access the currently running KUnit test. - Creates a new header file to avoid circular dependencies that could be created from the test.h file. Requires KASAN-KUnit integration patch to access the kunit test from task_struct: https://lore.kernel.org/linux-kselftest/20200606040349.246780-2-davidgow@go… Signed-off-by: Uriel Guajardo <urielguajardo(a)google.com> --- include/kunit/test-bug.h | 24 ++++++++++++++++++++++++ include/kunit/test.h | 1 + lib/kunit/test.c | 10 ++++++---- 3 files changed, 31 insertions(+), 4 deletions(-) create mode 100644 include/kunit/test-bug.h diff --git a/include/kunit/test-bug.h b/include/kunit/test-bug.h new file mode 100644 index 000000000000..283c19ec328f --- /dev/null +++ b/include/kunit/test-bug.h @@ -0,0 +1,24 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * KUnit API allowing dynamic analysis tools to interact with KUnit tests + * + * Copyright (C) 2020, Google LLC. + * Author: Uriel Guajardo <urielguajardo(a)google.com> + */ + +#ifndef _KUNIT_TEST_BUG_H +#define _KUNIT_TEST_BUG_H + +#if IS_ENABLED(CONFIG_KUNIT) + +extern void kunit_fail_current_test(void); + +#else + +static inline void kunit_fail_current_test(void) +{ +} + +#endif + +#endif /* _KUNIT_TEST_BUG_H */ diff --git a/include/kunit/test.h b/include/kunit/test.h index 3391f38389f8..81bf43a1abda 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -11,6 +11,7 @@ #include <kunit/assert.h> #include <kunit/try-catch.h> +#include <kunit/test-bug.h> #include <linux/kernel.h> #include <linux/module.h> #include <linux/slab.h> diff --git a/lib/kunit/test.c b/lib/kunit/test.c index dcc35fd30d95..d8189d827368 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -16,6 +16,12 @@ #include "string-stream.h" #include "try-catch-impl.h" +void kunit_fail_current_test(void) +{ + if (current->kunit_test) + kunit_set_failure(current->kunit_test); +} + static void kunit_print_tap_version(void) { static bool kunit_has_printed_tap_version; @@ -284,9 +290,7 @@ static void kunit_try_run_case(void *data) struct kunit_suite *suite = ctx->suite; struct kunit_case *test_case = ctx->test_case; -#if (IS_ENABLED(CONFIG_KASAN) && IS_ENABLED(CONFIG_KUNIT)) current->kunit_test = test; -#endif /* IS_ENABLED(CONFIG_KASAN) && IS_ENABLED(CONFIG_KUNIT) */ /* * kunit_run_case_internal may encounter a fatal error; if it does, @@ -602,9 +606,7 @@ void kunit_cleanup(struct kunit *test) spin_unlock(&test->lock); kunit_remove_resource(test, res); } -#if (IS_ENABLED(CONFIG_KASAN) && IS_ENABLED(CONFIG_KUNIT)) current->kunit_test = NULL; -#endif /* IS_ENABLED(CONFIG_KASAN) && IS_ENABLED(CONFIG_KUNIT)*/ } EXPORT_SYMBOL_GPL(kunit_cleanup); -- 2.28.0.163.g6104cc2f0b6-goog

3 years, 7 months

6
9
0 0

[PATCH 00/29] treewide: Convert comma separated statements

by Joe Perches

There are many comma separated statements in the kernel. See:https://lore.kernel.org/lkml/alpine.DEB.2.22.394.2008201856110.2524@had… Convert the comma separated statements that are in if/do/while blocks to use braces and semicolons. Many comma separated statements still exist but those are changes for another day. Joe Perches (29): coding-style.rst: Avoid comma statements alpha: Avoid comma separated statements ia64: Avoid comma separated statements sparc: Avoid comma separated statements ata: Avoid comma separated statements drbd: Avoid comma separated statements lp: Avoid comma separated statements dma-buf: Avoid comma separated statements drm/gma500: Avoid comma separated statements drm/i915: Avoid comma separated statements hwmon: (scmi-hwmon): Avoid comma separated statements Input: MT - Avoid comma separated statements bcache: Avoid comma separated statements media: Avoid comma separated statements mtd: Avoid comma separated statements 8390: Avoid comma separated statements fs_enet: Avoid comma separated statements wan: sbni: Avoid comma separated statements s390/tty3270: Avoid comma separated statements scai/arm: Avoid comma separated statements media: atomisp: Avoid comma separated statements video: fbdev: Avoid comma separated statements fuse: Avoid comma separated statements reiserfs: Avoid comma separated statements lib/zlib: Avoid comma separated statements lib: zstd: Avoid comma separated statements ipv6: fib6: Avoid comma separated statements sunrpc: Avoid comma separated statements tools: Avoid comma separated statements Documentation/process/coding-style.rst | 17 + arch/alpha/kernel/pci_iommu.c | 8 +- arch/alpha/oprofile/op_model_ev4.c | 22 +- arch/alpha/oprofile/op_model_ev5.c | 8 +- arch/ia64/kernel/smpboot.c | 7 +- arch/sparc/kernel/smp_64.c | 7 +- drivers/ata/pata_icside.c | 21 +- drivers/block/drbd/drbd_receiver.c | 6 +- drivers/char/lp.c | 6 +- drivers/dma-buf/st-dma-fence.c | 7 +- drivers/gpu/drm/gma500/mdfld_intel_display.c | 44 ++- drivers/gpu/drm/i915/gt/gen8_ppgtt.c | 8 +- drivers/gpu/drm/i915/gt/intel_gt_requests.c | 6 +- .../gpu/drm/i915/gt/selftest_workarounds.c | 6 +- drivers/gpu/drm/i915/intel_runtime_pm.c | 6 +- drivers/hwmon/scmi-hwmon.c | 6 +- drivers/input/input-mt.c | 11 +- drivers/md/bcache/bset.c | 12 +- drivers/md/bcache/sysfs.c | 6 +- drivers/media/i2c/msp3400-kthreads.c | 12 +- drivers/media/pci/bt8xx/bttv-cards.c | 6 +- drivers/media/pci/saa7134/saa7134-video.c | 7 +- drivers/mtd/devices/lart.c | 10 +- drivers/net/ethernet/8390/axnet_cs.c | 19 +- drivers/net/ethernet/8390/lib8390.c | 14 +- drivers/net/ethernet/8390/pcnet_cs.c | 6 +- .../ethernet/freescale/fs_enet/fs_enet-main.c | 11 +- drivers/net/wan/sbni.c | 101 +++--- drivers/s390/char/tty3270.c | 6 +- drivers/scsi/arm/cumana_2.c | 19 +- drivers/scsi/arm/eesox.c | 9 +- drivers/scsi/arm/powertec.c | 9 +- .../media/atomisp/pci/atomisp_subdev.c | 6 +- drivers/video/fbdev/tgafb.c | 12 +- fs/fuse/dir.c | 24 +- fs/reiserfs/fix_node.c | 36 ++- lib/zlib_deflate/deftree.c | 49 ++- lib/zstd/compress.c | 120 ++++--- lib/zstd/fse_compress.c | 24 +- lib/zstd/huf_compress.c | 6 +- net/ipv6/ip6_fib.c | 12 +- net/sunrpc/sysctl.c | 6 +- tools/lib/subcmd/help.c | 10 +- tools/power/cpupower/utils/cpufreq-set.c | 14 +- tools/testing/selftests/vm/gup_benchmark.c | 18 +- tools/testing/selftests/vm/userfaultfd.c | 296 +++++++++++------- 46 files changed, 694 insertions(+), 382 deletions(-) -- 2.26.0

3 years, 7 months

3
5
0 0

[PATCH -next] selftests/seccomp: Use bitwise instead of arithmetic operator for flags

by Zou Wei

This silences the following coccinelle warning: "WARNING: sum of probable bitmasks, consider |" tools/testing/selftests/seccomp/seccomp_bpf.c:3131:17-18: WARNING: sum of probable bitmasks, consider | tools/testing/selftests/seccomp/seccomp_bpf.c:3133:18-19: WARNING: sum of probable bitmasks, consider | tools/testing/selftests/seccomp/seccomp_bpf.c:3134:18-19: WARNING: sum of probable bitmasks, consider | tools/testing/selftests/seccomp/seccomp_bpf.c:3135:18-19: WARNING: sum of probable bitmasks, consider | Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") Reported-by: Hulk Robot <hulkci(a)huawei.com> Signed-off-by: Zou Wei <zou_wei(a)huawei.com> --- tools/testing/selftests/seccomp/seccomp_bpf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 89fb3e0..1b4cdf3 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -3128,11 +3128,11 @@ TEST(get_metadata) static int user_trap_syscall(int nr, unsigned int flags) { struct sock_filter filter[] = { - BPF_STMT(BPF_LD+BPF_W+BPF_ABS, + BPF_STMT(BPF_LD|BPF_W|BPF_ABS, offsetof(struct seccomp_data, nr)), - BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, nr, 0, 1), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_USER_NOTIF), - BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), + BPF_JUMP(BPF_JMP|BPF_JEQ|BPF_K, nr, 0, 1), + BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_USER_NOTIF), + BPF_STMT(BPF_RET|BPF_K, SECCOMP_RET_ALLOW), }; struct sock_fprog prog = { -- 2.6.2

3 years, 7 months

2
1
0 0

[PATCH v2 0/6] xfrm: Add compat layer

by Dmitry Safonov

Changes since v1: - reworked patches set to use translator - separated the compat layer into xfrm_compat.c, compiled under XFRM_USER_COMPAT config - 32-bit messages now being sent in frag_list (like wext-core does) - instead of __packed add compat_u64 members in compat structures - selftest reworked to kselftest lib API - added netlink dump testing to the selftest XFRM is disabled for compatible users because of the UABI difference. The difference is in structures paddings and in the result the size of netlink messages differ. Possibility for compatible application to manage xfrm tunnels was disabled by: the commmit 19d7df69fdb2 ("xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems") and the commit 74005991b78a ("xfrm: Do not parse 32bits compiled xfrm netlink msg on 64bits host"). This is my second attempt to resolve the xfrm/compat problem by adding the 64=>32 and 32=>64 bit translators those non-visibly to a user provide translation between compatible user and kernel. Previous attempt was to interrupt the message ABI according to a syscall by xfrm_user, which resulted in over-complicated code [1]. Florian Westphal provided the idea of translator and some draft patches in the discussion. In these patches, his idea is reused and some of his initial code is also present. There were a couple of attempts to solve xfrm compat problem: https://lkml.org/lkml/2017/1/20/733 https://patchwork.ozlabs.org/patch/44600/ http://netdev.vger.kernel.narkive.com/2Gesykj6/patch-net-next-xfrm-correctl… All the discussions end in the conclusion that xfrm should have a full compatible layer to correctly work with 32-bit applications on 64-bit kernels: https://lkml.org/lkml/2017/1/23/413 https://patchwork.ozlabs.org/patch/433279/ In some recent lkml discussion, Linus said that it's worth to fix this problem and not giving people an excuse to stay on 32-bit kernel: https://lkml.org/lkml/2018/2/13/752 There is also an selftest for ipsec tunnels. It doesn't depend on any library and compat version can be easy build with: make CFLAGS=-m32 net/ipsec Patches as a .git branch: https://github.com/0x7f454c46/linux/tree/xfrm-compat-v2 [1]: https://lkml.kernel.org/r/20180726023144.31066-1-dima@arista.com Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Florian Westphal <fw(a)strlen.de> Cc: Herbert Xu <herbert(a)gondor.apana.org.au> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Steffen Klassert <steffen.klassert(a)secunet.com> Cc: Stephen Suryaputra <ssuryaextr(a)gmail.com> Cc: Dmitry Safonov <0x7f454c46(a)gmail.com> Cc: netdev(a)vger.kernel.org Dmitry Safonov (6): xfrm/compat: Add 64=>32-bit messages translator xfrm/compat: Attach xfrm dumps to 64=>32 bit translator netlink/compat: Append NLMSG_DONE/extack to frag_list xfrm/compat: Add 32=>64-bit messages translator xfrm/compat: Translate 32-bit user_policy from sockptr selftest/net/xfrm: Add test for ipsec tunnel MAINTAINERS | 1 + include/net/xfrm.h | 32 + net/netlink/af_netlink.c | 48 +- net/xfrm/Kconfig | 11 + net/xfrm/Makefile | 1 + net/xfrm/xfrm_compat.c | 609 +++++++ net/xfrm/xfrm_state.c | 11 +- net/xfrm/xfrm_user.c | 79 +- tools/testing/selftests/net/.gitignore | 1 + tools/testing/selftests/net/Makefile | 1 + tools/testing/selftests/net/ipsec.c | 2195 ++++++++++++++++++++++++ 11 files changed, 2953 insertions(+), 36 deletions(-) create mode 100644 net/xfrm/xfrm_compat.c create mode 100644 tools/testing/selftests/net/ipsec.c -- 2.27.0

3 years, 7 months

2
3
0 0

[PATCH] Documentation: kunit: Add naming guidelines

by David Gow

As discussed in [1], KUnit tests have hitherto not had a particularly consistent naming scheme. This adds documentation outlining how tests and test suites should be named, including how those names should be used in Kconfig entries and filenames. [1]: https://lore.kernel.org/linux-kselftest/202006141005.BA19A9D3@keescook/t/#u Signed-off-by: David Gow <davidgow(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> --- This is a follow-up v1 to the RFC patch here: https://lore.kernel.org/linux-kselftest/20200620054944.167330-1-davidgow@go… There weren't any fundamental objections to the naming guidelines themselves, so nothing's changed on that front. Otherwise, changes since the RFC: - Fixed a bit of space/tab confusion in the index (Thanks, Randy) - Added some more examples (and some test case examples). - Added some examples of what not to call subsystems and suites. - No longer explicitly require "If unsure, put N" in Kconfig entries. - Minor formatting changes. Cheers, -- David Documentation/dev-tools/kunit/index.rst | 1 + Documentation/dev-tools/kunit/style.rst | 181 ++++++++++++++++++++++++ 2 files changed, 182 insertions(+) create mode 100644 Documentation/dev-tools/kunit/style.rst diff --git a/Documentation/dev-tools/kunit/index.rst b/Documentation/dev-tools/kunit/index.rst index e93606ecfb01..c234a3ab3c34 100644 --- a/Documentation/dev-tools/kunit/index.rst +++ b/Documentation/dev-tools/kunit/index.rst @@ -11,6 +11,7 @@ KUnit - Unit Testing for the Linux Kernel usage kunit-tool api/index + style faq What is KUnit? diff --git a/Documentation/dev-tools/kunit/style.rst b/Documentation/dev-tools/kunit/style.rst new file mode 100644 index 000000000000..8cad2627924c --- /dev/null +++ b/Documentation/dev-tools/kunit/style.rst @@ -0,0 +1,181 @@ +.. SPDX-License-Identifier: GPL-2.0 + +=========================== +Test Style and Nomenclature +=========================== + +Subsystems, Suites, and Tests +============================= + +In order to make tests as easy to find as possible, they're grouped into suites +and subsystems. A test suite is a group of tests which test a related area of +the kernel, and a subsystem is a set of test suites which test different parts +of the same kernel subsystem or driver. + +Subsystems +---------- + +Every test suite must belong to a subsystem. A subsystem is a collection of one +or more KUnit test suites which test the same driver or part of the kernel. A +rule of thumb is that a test subsystem should match a single kernel module. If +the code being tested can't be compiled as a module, in many cases the subsystem +should correspond to a directory in the source tree or an entry in the +MAINTAINERS file. If unsure, follow the conventions set by tests in similar +areas. + +Test subsystems should be named after the code being tested, either after the +module (wherever possible), or after the directory or files being tested. Test +subsystems should be named to avoid ambiguity where necessary. + +If a test subsystem name has multiple components, they should be separated by +underscores. *Do not* include "test" or "kunit" directly in the subsystem name +unless you are actually testing other tests or the kunit framework itself. + +Example subsystems could be: + +``ext4`` + Matches the module and filesystem name. +``apparmor`` + Matches the module name and LSM name. +``kasan`` + Common name for the tool, prominent part of the path ``mm/kasan`` +``snd_hda_codec_hdmi`` + Has several components (``snd``, ``hda``, ``codec``, ``hdmi``) separated by + underscores. Matches the module name. + +Avoid names like these: + +``linear-ranges`` + Names should use underscores, not dashes, to separate words. Prefer + ``linear_ranges``. +``qos-kunit-test`` + As well as using underscores, this name should not have "kunit-test" as a + suffix, and ``qos`` is ambiguous as a subsystem name. ``power_qos`` would be a + better name. +``pc_parallel_port`` + The corresponding module name is ``parport_pc``, so this subsystem should also + be named ``parport_pc``. + +.. note:: + The KUnit API and tools do not explicitly know about subsystems. They're + simply a way of categorising test suites and naming modules which + provides a simple, consistent way for humans to find and run tests. This + may change in the future, though. + +Suites +------ + +KUnit tests are grouped into test suites, which cover a specific area of +functionality being tested. Test suites can have shared initialisation and +shutdown code which is run for all tests in the suite. +Not all subsystems will need to be split into multiple test suites (e.g. simple drivers). + +Test suites are named after the subsystem they are part of. If a subsystem +contains several suites, the specific area under test should be appended to the +subsystem name, separated by an underscore. + +The full test suite name (including the subsystem name) should be specified as +the ``.name`` member of the ``kunit_suite`` struct, and forms the base for the +module name (see below). + +Example test suites could include: + +``ext4_inode`` + Part of the ``ext4`` subsystem, testing the ``inode`` area. +``kunit_try_catch`` + Part of the ``kunit`` implementation itself, testing the ``try_catch`` area. +``apparmor_property_entry`` + Part of the ``apparmor`` subsystem, testing the ``property_entry`` area. +``kasan`` + The ``kasan`` subsystem has only one suite, so the suite name is the same as + the subsystem name. + +Avoid names like: + +``ext4_ext4_inode`` + There's no reason to state the subsystem twice. +``property_entry`` + The suite name is ambiguous without the subsystem name. +``kasan_unit_test`` + Because there is only one suite in the ``kasan`` subsystem, the suite should + just be called ``kasan``. There's no need to redundantly add ``unit_test``. + +Test Cases +---------- + +Individual tests consist of a single function which tests a constrained +codepath, property, or function. In the test output, individual tests' results +will show up as subtests of the suite's results. + +Tests should be named after what they're testing. This is often the name of the +function being tested, with a description of the input or codepath being tested. +As tests are C functions, they should be named and written in accordance with +the kernel coding style. + +.. note:: + As tests are themselves functions, their names cannot conflict with + other C identifiers in the kernel. This may require some creative + naming. It's a good idea to make your test functions `static` to avoid + polluting the global namespace. + +Example test names include: + +``unpack_u32_with_null_name`` + Tests the ``unpack_u32`` function when a NULL name is passed in. +``test_list_splice`` + Tests the ``list_splice`` macro. It has the prefix ``test_`` to avoid a + name conflict with the macro itself. + + +Should it be necessary to refer to a test outside the context of its test suite, +the *fully-qualified* name of a test should be the suite name followed by the +test name, separated by a colon (i.e. ``suite:test``). + +Test Kconfig Entries +==================== + +Every test suite should be tied to a Kconfig entry. + +This Kconfig entry must: + +* be named ``CONFIG_<name>_KUNIT_TEST``: where <name> is the name of the test + suite. +* be listed either alongside the config entries for the driver/subsystem being + tested, or be under [Kernel Hacking]→[Kernel Testing and Coverage] +* depend on ``CONFIG_KUNIT`` +* be visible only if ``CONFIG_KUNIT_ALL_TESTS`` is not enabled. +* have a default value of ``CONFIG_KUNIT_ALL_TESTS``. +* have a brief description of KUnit in the help text + +Unless there's a specific reason not to (e.g. the test is unable to be built as +a module), Kconfig entries for tests should be tristate. + +An example Kconfig entry: + +.. code-block:: none + + config FOO_KUNIT_TEST + tristate "KUnit test for foo" if !KUNIT_ALL_TESTS + depends on KUNIT + default KUNIT_ALL_TESTS + help + This builds unit tests for foo. + + For more information on KUnit and unit tests in general, please refer + to the KUnit documentation in Documentation/dev-tools/kunit + + If unsure, say N + + +Test Filenames +============== + +Where possible, test suites should be placed in a separate source file in the +same directory as the code being tested. + +This file should be named ``<suite>_kunit.c``. It may make sense to strip +excessive namespacing from the source filename (e.g., ``firmware_kunit.c`` instead of +``<drivername>_firmware.c``), but please ensure the module name does contain the +full suite name. + + -- 2.27.0.212.ge8ba1cc988-goog

3 years, 7 months

4
10
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror August 2020