July 2021 - Linux-kselftest-mirror

Re: [PATCH v8 3/8] security/brute: Detect a brute force attack

by Alexander Lobakin

Hi, From: John Wood <john.wood(a)gmx.com> Date: Sat, 5 Jun 2021 17:04:00 +0200 > For a correct management of a fork brute force attack it is necessary to > track all the information related to the application crashes. To do so, > use the extended attributes (xattr) of the executable files and define a > statistical data structure to hold all the necessary information shared > by all the fork hierarchy processes. This info is the number of crashes, > the last crash timestamp and the crash period's moving average. > > The same can be achieved using a pointer to the fork hierarchy > statistical data held by the task_struct structure. But this has an > important drawback: a brute force attack that happens through the execve > system call losts the faults info since these statistics are freed when > the fork hierarchy disappears. Using this method makes not possible to > manage this attack type that can be successfully treated using extended > attributes. > > Also, to avoid false positives during the attack detection it is > necessary to narrow the possible cases. So, only the following scenarios > are taken into account: > > 1.- Launching (fork()/exec()) a setuid/setgid process repeatedly until a > desirable memory layout is got (e.g. Stack Clash). > 2.- Connecting to an exec()ing network daemon (e.g. xinetd) repeatedly > until a desirable memory layout is got (e.g. what CTFs do for simple > network service). > 3.- Launching processes without exec() (e.g. Android Zygote) and > exposing state to attack a sibling. > 4.- Connecting to a fork()ing network daemon (e.g. apache) repeatedly > until the previously shared memory layout of all the other children > is exposed (e.g. kind of related to HeartBleed). > > In each case, a privilege boundary has been crossed: > > Case 1: setuid/setgid process > Case 2: network to local > Case 3: privilege changes > Case 4: network to local > > To mark that a privilege boundary has been crossed it is only necessary > to create a new stats for the executable file via the extended attribute > and only if it has no previous statistical data. This is done using four > different LSM hooks, one per privilege boundary: > > setuid/setgid process --> bprm_creds_from_file hook (based on secureexec > flag). > network to local -------> socket_accept hook (taking into account only > external connections). > privilege changes ------> task_fix_setuid and task_fix_setgid hooks. > > To detect a brute force attack it is necessary that the executable file > statistics be updated in every fatal crash and the most important data > to update is the application crash period. To do so, use the new > "task_fatal_signal" LSM hook added in a previous step. > > The application crash period must be a value that is not prone to change > due to spurious data and follows the real crash period. So, to compute > it, the exponential moving average (EMA) is used. > > Based on the updated statistics two different attacks can be handled. A > slow brute force attack that is detected if the maximum number of faults > per fork hierarchy is reached and a fast brute force attack that is > detected if the application crash period falls below a certain > threshold. > > Moreover, only the signals delivered by the kernel are taken into > account with the exception of the SIGABRT signal since the latter is > used by glibc for stack canary, malloc, etc failures, which may indicate > that a mitigation has been triggered. > > Signed-off-by: John Wood <john.wood(a)gmx.com> > > <snip> > > +static int brute_get_xattr_stats(struct dentry *dentry, struct inode *inode, > + struct brute_stats *stats) > +{ > + int rc; > + struct brute_raw_stats raw_stats; > + > + rc = __vfs_getxattr(dentry, inode, XATTR_NAME_BRUTE, &raw_stats, > + sizeof(raw_stats)); > + if (rc < 0) > + return rc; > + > + stats->faults = le32_to_cpu(raw_stats.faults); > + stats->nsecs = le64_to_cpu(raw_stats.nsecs); > + stats->period = le64_to_cpu(raw_stats.period); > + stats->flags = raw_stats.flags; > + return 0; > +} > > <snip> > > +static int brute_task_execve(struct linux_binprm *bprm, struct file *file) > +{ > + struct dentry *dentry = file_dentry(bprm->file); > + struct inode *inode = file_inode(bprm->file); > + struct brute_stats stats; > + int rc; > + > + inode_lock(inode); > + rc = brute_get_xattr_stats(dentry, inode, &stats); > + if (WARN_ON_ONCE(rc && rc != -ENODATA)) > + goto unlock; I think I caught a problem here. Have you tested this with initramfs? According to init/do_mount.c's init_rootfs()/rootfs_init_fs_context(), when `root=` cmdline parameter is not empty, kernel creates rootfs of type ramfs (tmpfs otherwise). The thing about ramfs is that it doesn't support xattrs. I'm running this v8 on a regular PC with initramfs and having `root=` in cmdline, and Brute doesn't allow the kernel to run any init processes (/init, /sbin/init, ...) with err == -95 (-EOPNOTSUPP) -- I'm getting a WARNING: CPU: 0 PID: 173 at brute_task_execve+0x15d/0x200 <snip> Failed to execute /init (error -95) and so on (and a panic at the end). If I omit `root=` from cmdline, then the kernel runs init process just fine -- I guess because initramfs is then placed inside tmpfs with xattr support. As for me, this ramfs/tmpfs selection based on `root=` presence is ridiculous and I don't see or know any reasons behind that. But that's another story, and ramfs might be not the only one system without xattr support. I think Brute should have a fallback here, e.g. it could simply ignore files from xattr-incapable filesystems instead of such WARNING splats and stuff. > + > + if (rc == -ENODATA && bprm->secureexec) { > + brute_reset_stats(&stats); > + rc = brute_set_xattr_stats(dentry, inode, &stats); > + if (WARN_ON_ONCE(rc)) > + goto unlock; > + } > + > + rc = 0; > +unlock: > + inode_unlock(inode); > + return rc; > +} > + > > <snip> Thanks, Al

2 years, 4 months

2
5
0 0

[PATCH] selftests/sgx: Fix Q1 and Q2 calculation in sigstruct.c

by Jarkko Sakkinen

From: Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> Q1 and Q2 are numbers with *maximum* length of 384 bytes. If the calculated length of Q1 and Q2 is less than 384 bytes, things will go wrong. E.g. if Q2 is 383 bytes, then 1. The bytes of q2 are copied to sigstruct->q2 in calc_q1q2(). 2. The entire sigstruct->q2 is reversed, which results it being 256 * Q2, given that the last byte of sigstruct->q2 is added to before the bytes given by calc_q1q2(). Either change in key or measurement can trigger the bug. E.g. an unmeasured heap could cause a devastating change in Q1 or Q2. Reverse exactly the bytes of Q1 and Q2 in calc_q1q2() before returning to the caller. Link: https://lore.kernel.org/linux-sgx/20210301051836.30738-1-tianjia.zhang@linu… Signed-off-by: Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- The original patch did a bad job explaining the code change but it turned out making sense. I wrote a new description. tools/testing/selftests/sgx/sigstruct.c | 41 +++++++++++++------------ 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c index dee7a3d6c5a5..92bbc5a15c39 100644 --- a/tools/testing/selftests/sgx/sigstruct.c +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -55,10 +55,27 @@ static bool alloc_q1q2_ctx(const uint8_t *s, const uint8_t *m, return true; } +static void reverse_bytes(void *data, int length) +{ + int i = 0; + int j = length - 1; + uint8_t temp; + uint8_t *ptr = data; + + while (i < j) { + temp = ptr[i]; + ptr[i] = ptr[j]; + ptr[j] = temp; + i++; + j--; + } +} + static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1, uint8_t *q2) { struct q1q2_ctx ctx; + int len; if (!alloc_q1q2_ctx(s, m, &ctx)) { fprintf(stderr, "Not enough memory for Q1Q2 calculation\n"); @@ -89,8 +106,10 @@ static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1, goto out; } - BN_bn2bin(ctx.q1, q1); - BN_bn2bin(ctx.q2, q2); + len = BN_bn2bin(ctx.q1, q1); + reverse_bytes(q1, len); + len = BN_bn2bin(ctx.q2, q2); + reverse_bytes(q2, len); free_q1q2_ctx(&ctx); return true; @@ -152,22 +171,6 @@ static RSA *gen_sign_key(void) return key; } -static void reverse_bytes(void *data, int length) -{ - int i = 0; - int j = length - 1; - uint8_t temp; - uint8_t *ptr = data; - - while (i < j) { - temp = ptr[i]; - ptr[i] = ptr[j]; - ptr[j] = temp; - i++; - j--; - } -} - enum mrtags { MRECREATE = 0x0045544145524345, MREADD = 0x0000000044444145, @@ -367,8 +370,6 @@ bool encl_measure(struct encl *encl) /* BE -> LE */ reverse_bytes(sigstruct->signature, SGX_MODULUS_SIZE); reverse_bytes(sigstruct->modulus, SGX_MODULUS_SIZE); - reverse_bytes(sigstruct->q1, SGX_MODULUS_SIZE); - reverse_bytes(sigstruct->q2, SGX_MODULUS_SIZE); EVP_MD_CTX_destroy(ctx); RSA_free(key); -- 2.32.0

2 years, 4 months

1
0
0 0

[PATCH] selftests: netfilter: Add RFC-7597 Section 5.1 PSID selftests

by Cole Dishington

Add selftests for masquerading into a smaller subset of ports defined by PSID. Signed-off-by: Cole Dishington <Cole.Dishington(a)alliedtelesis.co.nz> --- .../netfilter/nat_masquerade_psid.sh | 158 ++++++++++++++++++ 1 file changed, 158 insertions(+) create mode 100644 tools/testing/selftests/netfilter/nat_masquerade_psid.sh diff --git a/tools/testing/selftests/netfilter/nat_masquerade_psid.sh b/tools/testing/selftests/netfilter/nat_masquerade_psid.sh new file mode 100644 index 000000000000..90e2e5ca4d68 --- /dev/null +++ b/tools/testing/selftests/netfilter/nat_masquerade_psid.sh @@ -0,0 +1,158 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# <:copyright-gpl +# Copyright (C) 2021 Allied Telesis Labs NZ +# +# check that NAT can masquerade using PSID defined ranges. +# +# Setup is: +# +# nsclient1(veth0) -> (veth1)nsrouter(veth2) -> (veth0)nsclient2 +# Setup a nat masquerade rule with psid defined ranges. +# + +# Kselftest framework requirement - SKIP code is 4. +ksft_skip=4 +ret=0 +ns_all="nsclient1 nsrouter nsclient2" + +readonly infile="$(mktemp)" +readonly outfile="$(mktemp)" +readonly datalen=32 +readonly server_port=8080 + +conntrack -V > /dev/null 2>&1 +if [ $? -ne 0 ];then + echo "SKIP: Could not run test without conntrack tool" + exit $ksft_skip +fi + +iptables --version > /dev/null 2>&1 +if [ $? -ne 0 ];then + echo "SKIP: Could not run test without iptables tool" + exit $ksft_skip +fi + +ip -Version > /dev/null 2>&1 +if [ $? -ne 0 ];then + echo "SKIP: Could not run test without ip tool" + exit $ksft_skip +fi + +ipv4() { + echo -n 192.168.$1.$2 +} + +cleanup() { + for n in $ns_all; do ip netns del $n;done + + if [ -f "${outfile}" ]; then + rm "$outfile" + fi + if [ -f "${infile}" ]; then + rm "$infile" + fi +} + +server_listen() { + ip netns exec nsclient2 nc -l -p "$server_port" > "$outfile" & + server_pid=$! + sleep 0.2 +} + +client_connect() { + ip netns exec nsclient1 timeout 2 nc -w 1 -p "$port" $(ipv4 2 2) "$server_port" < $infile +} + +verify_data() { + local _ret=0 + wait "$server_pid" + cmp "$infile" "$outfile" 2>/dev/null + _ret=$? + rm "$outfile" + return $_ret +} + +test_service() { + server_listen + client_connect + verify_data +} + +check_connection() { + entry=$(ip netns exec nsrouter conntrack -p tcp --sport $port -L 2>&1) + entry=${entry##*sport=8080 dport=} + entry=${entry%% *} + [[ "x$(( ($entry & $psid_mask) / $two_power_j ))" = "x$psid" ]] +} + +run_test() { + ip netns exec nsrouter iptables -A FORWARD -i veth1 -j ACCEPT + ip netns exec nsrouter iptables -P FORWARD DROP + ip netns exec nsrouter iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT + ip netns exec nsrouter iptables -t nat --new psid + ip netns exec nsrouter iptables -t nat --insert psid -j MASQUERADE --psid $offset:$psid:$psid_length + ip netns exec nsrouter iptables -t nat -I POSTROUTING -o veth2 -j psid + + # calculate psid mask + two_power_j=$(( $offset / (1 << $psid_length) )) + psid_mask=$(( ( (1 << $psid_length) - 1) * $two_power_j )) + + # Create file + dd if=/dev/urandom of="${infile}" bs="${datalen}" count=1 >/dev/null 2>&1 + + # Test multiple ports + for p in 1 2 3 4 5; do + port=1080$p + + test_service + if [ $? -ne 0 ]; then + ret=1 + break + fi + + check_connection + if [ $? -ne 0 ]; then + ret=1 + break + fi + done + + # tidy up test rules + ip netns exec nsrouter iptables -F + ip netns exec nsrouter iptables -t nat -F + ip netns exec nsrouter iptables -t nat -X psid +} + +for n in $ns_all; do + ip netns add $n + ip -net $n link set lo up +done + +for i in 1 2; do + ip link add veth0 netns nsclient$i type veth peer name veth$i netns nsrouter + + ip -net nsclient$i link set veth0 up + ip -net nsclient$i addr add $(ipv4 $i 2)/24 dev veth0 + + ip -net nsrouter link set veth$i up + ip -net nsrouter addr add $(ipv4 $i 1)/24 dev veth$i +done + +ip -net nsclient1 route add default via $(ipv4 1 1) +ip -net nsclient2 route add default via $(ipv4 2 1) + +ip netns exec nsrouter sysctl -q net.ipv4.conf.all.forwarding=1 + +offset=1024 +psid_length=8 +for psid in 0 52; do + run_test + if [ $? -ne 0 ]; then + break + fi +done + +cleanup +exit $ret -- 2.32.0

2 years, 4 months

1
0
0 0

[PATCH net-next v3 0/3] add benchmark selftest and optimization for ptr_ring

by Yunsheng Lin

Patch 1: add a selftest app to benchmark the performance of ptr_ring. Patch 2: move r->queue[] clearing after r->consumer_head updating. Patch 3: add barrier to ensure the visiblity of r->queue[]. V3: add patch 3 and address most of Michael's comment. V2: add patch 1 and add performance data for patch 2. --- Performance raw data using "perf stat -r" cmd, comparison is also done in patch 2/3. ptr_ring_test_org: patch 1 ptr_ring_test_opt1: patch 1 + patch 2 ptr_ring_test_opt2: patch 1 + patch 2 + patch 3 x86_64(as there is other workload in the x86_64 system, so run 1000 times to get more accurate result): Performance counter stats for './ptr_ring_test_org -s 1000 -m 1 -N 100000000' (1000 runs): 5,291.83 msec task-clock # 1.994 CPUs utilized ( +- 0.41% ) 690 context-switches # 0.130 K/sec ( +- 3.65% ) 8 cpu-migrations # 0.002 K/sec ( +- 5.70% ) 291 page-faults # 0.055 K/sec ( +- 0.05% ) 12,660,040,758 cycles # 2.392 GHz ( +- 0.41% ) 24,202,160,722 instructions # 1.91 insn per cycle ( +- 0.06% ) 3,559,123,597 branches # 672.569 M/sec ( +- 0.07% ) 8,009,010 branch-misses # 0.23% of all branches ( +- 0.11% ) 2.6538 +- 0.0109 seconds time elapsed ( +- 0.41% ) Performance counter stats for './ptr_ring_test_opt1 -s 1000 -m 1 -N 100000000' (1000 runs): 5,064.95 msec task-clock # 1.992 CPUs utilized ( +- 0.55% ) 668 context-switches # 0.132 K/sec ( +- 4.20% ) 9 cpu-migrations # 0.002 K/sec ( +- 4.45% ) 291 page-faults # 0.057 K/sec ( +- 0.06% ) 12,117,262,182 cycles # 2.392 GHz ( +- 0.55% ) 22,586,035,716 instructions # 1.86 insn per cycle ( +- 0.08% ) 3,404,652,345 branches # 672.199 M/sec ( +- 0.10% ) 7,864,190 branch-misses # 0.23% of all branches ( +- 0.16% ) 2.5422 +- 0.0142 seconds time elapsed ( +- 0.56% ) Performance counter stats for './ptr_ring_test_opt2 -s 1000 -m 1 -N 100000000' (1000 runs): 5,105.33 msec task-clock # 1.995 CPUs utilized ( +- 0.47% ) 589 context-switches # 0.115 K/sec ( +- 4.24% ) 11 cpu-migrations # 0.002 K/sec ( +- 4.24% ) 292 page-faults # 0.057 K/sec ( +- 0.04% ) 12,214,160,307 cycles # 2.392 GHz ( +- 0.47% ) 22,756,292,370 instructions # 1.86 insn per cycle ( +- 0.10% ) 3,429,218,233 branches # 671.694 M/sec ( +- 0.12% ) 7,921,984 branch-misses # 0.23% of all branches ( +- 0.15% ) 2.5587 +- 0.0122 seconds time elapsed ( +- 0.47% ) ------------------------------------------------------------------------------------------------- arm64(using taskset to avoid the numa effects): Performance counter stats for 'taskset -c 0-1 ./ptr_ring_test_org -s 1000 -m 1 -N 100000000' (100 runs): 4172.83 msec task-clock # 1.999 CPUs utilized ( +- 0.01% ) 54 context-switches # 0.013 K/sec ( +- 0.29% ) 1 cpu-migrations # 0.000 K/sec 115 page-faults # 0.028 K/sec ( +- 0.16% ) 10848085945 cycles # 2.600 GHz ( +- 0.01% ) 25808501369 instructions # 2.38 insn per cycle ( +- 0.00% ) <not supported> branches 11190266 branch-misses ( +- 0.02% ) 2.087205 +- 0.000130 seconds time elapsed ( +- 0.01% ) Performance counter stats for 'taskset -c 0-1 ./ptr_ring_test_opt1 -s 1000 -m 1 -N 100000000' (100 runs): 3774.91 msec task-clock # 1.999 CPUs utilized ( +- 0.03% ) 50 context-switches # 0.013 K/sec ( +- 0.36% ) 1 cpu-migrations # 0.000 K/sec 114 page-faults # 0.030 K/sec ( +- 0.15% ) 9813658996 cycles # 2.600 GHz ( +- 0.03% ) 23920189000 instructions # 2.44 insn per cycle ( +- 0.01% ) <not supported> branches 10018927 branch-misses ( +- 0.04% ) 1.888224 +- 0.000541 seconds time elapsed ( +- 0.03% ) Performance counter stats for 'taskset -c 0-1 ./ptr_ring_test_opt2 -s 1000 -m 1 -N 100000000' (100 runs): 3785.79 msec task-clock # 1.999 CPUs utilized ( +- 0.03% ) 49 context-switches # 0.013 K/sec ( +- 0.32% ) 1 cpu-migrations # 0.000 K/sec 114 page-faults # 0.030 K/sec ( +- 0.15% ) 9842067534 cycles # 2.600 GHz ( +- 0.03% ) 24074397270 instructions # 2.45 insn per cycle ( +- 0.01% ) <not supported> branches 10091918 branch-misses ( +- 0.04% ) 1.893673 +- 0.000508 seconds time elapsed ( +- 0.03% ) Yunsheng Lin (3): selftests/ptr_ring: add benchmark application for ptr_ring ptr_ring: move r->queue[] clearing after r->consumer_head updating ptr_ring: add barrier to ensure the visiblity of r->queue[] MAINTAINERS | 5 + include/linux/ptr_ring.h | 52 ++++-- tools/testing/selftests/ptr_ring/Makefile | 6 + tools/testing/selftests/ptr_ring/ptr_ring_test.c | 224 +++++++++++++++++++++++ tools/testing/selftests/ptr_ring/ptr_ring_test.h | 130 +++++++++++++ 5 files changed, 399 insertions(+), 18 deletions(-) create mode 100644 tools/testing/selftests/ptr_ring/Makefile create mode 100644 tools/testing/selftests/ptr_ring/ptr_ring_test.c create mode 100644 tools/testing/selftests/ptr_ring/ptr_ring_test.h -- 2.7.4

2 years, 4 months

3
14
0 0

[PATCH 0/4] selftests: add a new test driver for sysfs

by Luis Chamberlain

I had posted a patch to fix a theoretical race with sysfs and device removal [0]. While the issue is no longer present with the patch present, the zram driver has already a lot of enhancements, so much so, that the race alone is very difficult to reproduce. Likewise, the zram driver had a series of other races on module removal which I recently posted fixes for [1], and it makes it unclear if these paper over the possible theoretical sysfs race. Although we even have gdb output from an actual race where this issue presented itself, there are other races which could happen before that and so what we realy need is a clean separate driver where we can experiment and try to reproduce unusual races. This adds such a driver, a new sysfs_test driver, along with a set of new tests for it. We take hint of observed issues with the sysfs on the zram driver, and build sandbox based where wher can try to poke holes at the kernel with. There are two main races we're after trying to reproduce: 1) proving the deadlock is real 2) allowing for enough slack for us to try to see if we can reproduce the syfs / device removal race In order to tackle the second race, we need a bit of help from kernefs, given that the race is difficult to reproduce. So we add fault injection support to kernfs, which allows us to trigger all possible races on write. This should be enough evidence for us to drop the suggested patch for sysfs for the second race. The first race however which leads to a deadlock is clearly explained now and I hope this shows how we need a generic solution. [0] https://lkml.kernel.org/r/20210623215007.862787-1-mcgrof@kernel.org [1] https://lkml.kernel.org/r/20210702043716.2692247-1-mcgrof@kernel.org Luis Chamberlain (4): selftests: add tests_sysfs module kernfs: add initial failure injection support test_sysfs: add support to use kernfs failure injection test_sysfs: demonstrate deadlock fix .../fault-injection/fault-injection.rst | 22 + MAINTAINERS | 9 +- fs/kernfs/Makefile | 1 + fs/kernfs/failure-injection.c | 82 + fs/kernfs/file.c | 13 + fs/kernfs/kernfs-internal.h | 73 + include/linux/kernfs.h | 5 + lib/Kconfig.debug | 23 + lib/Makefile | 1 + lib/test_sysfs.c | 1037 +++++++++++++ tools/testing/selftests/sysfs/Makefile | 12 + tools/testing/selftests/sysfs/config | 5 + tools/testing/selftests/sysfs/sysfs.sh | 1376 +++++++++++++++++ 13 files changed, 2658 insertions(+), 1 deletion(-) create mode 100644 fs/kernfs/failure-injection.c create mode 100644 lib/test_sysfs.c create mode 100644 tools/testing/selftests/sysfs/Makefile create mode 100644 tools/testing/selftests/sysfs/config create mode 100755 tools/testing/selftests/sysfs/sysfs.sh -- 2.27.0

2 years, 4 months

3
9
0 0

Re: [GIT PULL] KUnit update for Linux 5.14-rc1

by pr-tracker-bot＠kernel.org

The pull request you sent on Fri, 2 Jul 2021 10:09:18 -0600: > git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-kunit-fixes-5.14-rc1 has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/a48ad6e7a35dc3f3b521249204daf4c9427628e5 Thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/prtracker.html

2 years, 5 months

1
0
0 0

[GIT PULL] Kselftest update for Linux 5.14-rc1

by Shuah Khan

Hi Linus, Please pull the following Kselftest update for Linux 5.14-rc1. This Kselftest update for Linux 5.14-rc1 consists of fixes to existing tests and framework: -- migrate sgx test to kselftest harness -- add new test cases to sgx test -- ftrace test fix event-no-pid on 1-core machine -- splice test adjust for handler fallback removal diff is attached. Apologies if this message appears to have double spacing. My email client is at fault - I am trying to figure out what changed. thanks, -- Shuah ---------------------------------------------------------------- The following changes since commit d07f6ca923ea0927a1024dfccafc5b53b61cfecc: Linux 5.13-rc2 (2021-05-16 15:27:44 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-next-5.14-rc1 for you to fetch changes up to 4896df9d53ae5521f3ce83751e828ad70bc65c80: selftests/sgx: remove checks for file execute permissions (2021-06-23 18:38:04 -0600) ---------------------------------------------------------------- linux-kselftest-next-5.14-rc1 This Kselftest update for Linux 5.14-rc1 consists of fixes to existing tests and framework: -- migrate sgx test to kselftest harness -- add new test cases to sgx test -- ftrace test fix event-no-pid on 1-core machine -- splice test adjust for handler fallback removal ---------------------------------------------------------------- Dave Hansen (1): selftests/sgx: remove checks for file execute permissions Jarkko Sakkinen (5): selftests/sgx: Rename 'eenter' and 'sgx_call_vdso' selftests/sgx: Migrate to kselftest harness selftests/sgx: Dump enclave memory map selftests/sgx: Add EXPECT_EEXIT() macro selftests/sgx: Refine the test enclave to have storage Kees Cook (3): selftests/tls: Add {} to avoid static checker warning selftests: splice: Adjust for handler fallback removal selftests: lib.mk: Also install "config" and "settings" Krzysztof Kozlowski (1): selftests/ftrace: fix event-no-pid on 1-core machine Po-Hsu Lin (1): selftests: timers: rtcpie: skip test if default RTC device does not exist Xiaochen Shen (1): selftests/resctrl: Fix incorrect parsing of option "-t" .../selftests/ftrace/test.d/event/event-no-pid.tc | 7 + tools/testing/selftests/lib.mk | 1 + tools/testing/selftests/net/tls.c | 3 +- tools/testing/selftests/resctrl/README | 2 +- tools/testing/selftests/resctrl/resctrl_tests.c | 4 +- tools/testing/selftests/sgx/call.S | 6 +- tools/testing/selftests/sgx/defines.h | 10 + tools/testing/selftests/sgx/load.c | 19 +- tools/testing/selftests/sgx/main.c | 239 +++++++++++++-------- tools/testing/selftests/sgx/main.h | 4 +- tools/testing/selftests/sgx/test_encl.c | 19 +- tools/testing/selftests/sgx/test_encl.lds | 3 +- .../testing/selftests/splice/short_splice_read.sh | 119 ++++++++-- tools/testing/selftests/timers/rtcpie.c | 10 +- 14 files changed, 308 insertions(+), 138 deletions(-) ----------------------------------------------------------------

2 years, 5 months

2
1
0 0

[PATCH] KVM: selftests: do not require 64GB in set_memory_region_test

by Christian Borntraeger

Unless the user sets overcommit_memory or has plenty of swap, the latest changes to the testcase will result in ENOMEM failures for hosts with less than 64GB RAM. As we do not use much of the allocated memory, we can use MAP_NORESERVE to avoid this error. Cc: Zenghui Yu <yuzenghui(a)huawei.com> Cc: vkuznets(a)redhat.com Cc: wanghaibin.wang(a)huawei.com Cc: stable(a)vger.kernel.org Fixes: 309505dd5685 ("KVM: selftests: Fix mapping length truncation in m{,un}map()") Signed-off-by: Christian Borntraeger <borntraeger(a)de.ibm.com> --- tools/testing/selftests/kvm/set_memory_region_test.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/set_memory_region_test.c b/tools/testing/selftests/kvm/set_memory_region_test.c index d8812f27648c..d31f54ac4e98 100644 --- a/tools/testing/selftests/kvm/set_memory_region_test.c +++ b/tools/testing/selftests/kvm/set_memory_region_test.c @@ -377,7 +377,8 @@ static void test_add_max_memory_regions(void) (max_mem_slots - 1), MEM_REGION_SIZE >> 10); mem = mmap(NULL, (size_t)max_mem_slots * MEM_REGION_SIZE + alignment, - PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE, -1, 0); TEST_ASSERT(mem != MAP_FAILED, "Failed to mmap() host"); mem_aligned = (void *)(((size_t) mem + alignment - 1) & ~(alignment - 1)); -- 2.31.1

2 years, 5 months

2
1
0 0

[PATCH] selftests/memfd: remove unused variable

by Greg Thelen

Commit 544029862cbb ("selftests/memfd: add tests for F_SEAL_FUTURE_WRITE seal") added an unused variable to mfd_assert_reopen_fd(). Delete the unused variable. Fixes: 544029862cbb ("selftests/memfd: add tests for F_SEAL_FUTURE_WRITE seal") Signed-off-by: Greg Thelen <gthelen(a)google.com> --- tools/testing/selftests/memfd/memfd_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c index 74baab83fec3..192a2899bae8 100644 --- a/tools/testing/selftests/memfd/memfd_test.c +++ b/tools/testing/selftests/memfd/memfd_test.c @@ -56,7 +56,7 @@ static int mfd_assert_new(const char *name, loff_t sz, unsigned int flags) static int mfd_assert_reopen_fd(int fd_in) { - int r, fd; + int fd; char path[100]; sprintf(path, "/proc/self/fd/%d", fd_in); -- 2.32.0.93.g670b81a890-goog

2 years, 5 months

1
0
0 0

[PATCH v2] kunit: tool: Fix error messages for cases of no tests and wrong TAP header

by Rae Moar

This patch addresses misleading error messages reported by kunit_tool in two cases. First, in the case of TAP output having an incorrect header format or missing a header, the parser used to output an error message of 'no tests run!'. Now the parser outputs an error message of 'could not parse test results!'. As an example: Before: $ ./tools/testing/kunit/kunit.py parse /dev/null [ERROR] no tests run! ... After: $ ./tools/testing/kunit/kunit.py parse /dev/null [ERROR] could not parse test results! ... Second, in the case of TAP output with the correct header but no tests, the parser used to output an error message of 'could not parse test results!'. Now the parser outputs an error message of 'no tests run!'. As an example: Before: $ echo -e 'TAP version 14\n1..0' | ./tools/testing/kunit/kunit.py parse [ERROR] could not parse test results! After: $ echo -e 'TAP version 14\n1..0' | ./tools/testing/kunit/kunit.py parse [ERROR] no tests run! Additionally, this patch also corrects the tests in kunit_tool_test.py and adds a test to check the error in the case of TAP output with the correct header but no tests. Signed-off-by: Rae Moar <rmoar(a)google.com> Reviewed-by: David Gow <davidgow(a)google.com> Reviewed-by: Daniel Latypov <dlatypov(a)google.com> --- V1 -> V2: * Simplified log for the test for TAP output with the correct header but no tests * Added examples in commit message of error messages before and after --- tools/testing/kunit/kunit_parser.py | 6 ++++-- tools/testing/kunit/kunit_tool_test.py | 16 +++++++++++++--- ...st_is_test_passed-no_tests_run_no_header.log} | 0 ...t_is_test_passed-no_tests_run_with_header.log | 2 ++ 4 files changed, 19 insertions(+), 5 deletions(-) rename tools/testing/kunit/test_data/{test_is_test_passed-no_tests_run.log => test_is_test_passed-no_tests_run_no_header.log} (100%) create mode 100644 tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log diff --git a/tools/testing/kunit/kunit_parser.py b/tools/testing/kunit/kunit_parser.py index c3c524b79db8..b88db3f51dc5 100644 --- a/tools/testing/kunit/kunit_parser.py +++ b/tools/testing/kunit/kunit_parser.py @@ -338,9 +338,11 @@ def bubble_up_suite_errors(test_suites: Iterable[TestSuite]) -> TestStatus: def parse_test_result(lines: LineStream) -> TestResult: consume_non_diagnostic(lines) if not lines or not parse_tap_header(lines): - return TestResult(TestStatus.NO_TESTS, [], lines) + return TestResult(TestStatus.FAILURE_TO_PARSE_TESTS, [], lines) expected_test_suite_num = parse_test_plan(lines) - if not expected_test_suite_num: + if expected_test_suite_num == 0: + return TestResult(TestStatus.NO_TESTS, [], lines) + elif expected_test_suite_num is None: return TestResult(TestStatus.FAILURE_TO_PARSE_TESTS, [], lines) test_suites = [] for i in range(1, expected_test_suite_num + 1): diff --git a/tools/testing/kunit/kunit_tool_test.py b/tools/testing/kunit/kunit_tool_test.py index bdae0e5f6197..75045aa0f8a1 100755 --- a/tools/testing/kunit/kunit_tool_test.py +++ b/tools/testing/kunit/kunit_tool_test.py @@ -157,8 +157,18 @@ class KUnitParserTest(unittest.TestCase): kunit_parser.TestStatus.FAILURE, result.status) + def test_no_header(self): + empty_log = test_data_path('test_is_test_passed-no_tests_run_no_header.log') + with open(empty_log) as file: + result = kunit_parser.parse_run_tests( + kunit_parser.extract_tap_lines(file.readlines())) + self.assertEqual(0, len(result.suites)) + self.assertEqual( + kunit_parser.TestStatus.FAILURE_TO_PARSE_TESTS, + result.status) + def test_no_tests(self): - empty_log = test_data_path('test_is_test_passed-no_tests_run.log') + empty_log = test_data_path('test_is_test_passed-no_tests_run_with_header.log') with open(empty_log) as file: result = kunit_parser.parse_run_tests( kunit_parser.extract_tap_lines(file.readlines())) @@ -173,7 +183,7 @@ class KUnitParserTest(unittest.TestCase): with open(crash_log) as file: result = kunit_parser.parse_run_tests( kunit_parser.extract_tap_lines(file.readlines())) - print_mock.assert_any_call(StrContains('no tests run!')) + print_mock.assert_any_call(StrContains('could not parse test results!')) print_mock.stop() file.close() @@ -309,7 +319,7 @@ class KUnitJsonTest(unittest.TestCase): result["sub_groups"][1]["test_cases"][0]) def test_no_tests_json(self): - result = self._json_for('test_is_test_passed-no_tests_run.log') + result = self._json_for('test_is_test_passed-no_tests_run_with_header.log') self.assertEqual(0, len(result['sub_groups'])) class StrContains(str): diff --git a/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run.log b/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_no_header.log similarity index 100% rename from tools/testing/kunit/test_data/test_is_test_passed-no_tests_run.log rename to tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_no_header.log diff --git a/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log b/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log new file mode 100644 index 000000000000..5f48ee659d40 --- /dev/null +++ b/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log @@ -0,0 +1,2 @@ +TAP version 14 +1..0 -- 2.32.0.93.g670b81a890-goog

2 years, 5 months

2
1
0 0

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror July 2021