October 2022 - Linux-kselftest-mirror

[PATCH v2 0/4] Some improvements of resctrl selftest

by Shaopeng Tan

Hello, The aim of this patch series is to improve the resctrl selftest. Without these fixes, some unnecessary processing will be executed and test results will be confusing. There is no behavior change in test themselves. [patch 1] Make write_schemata() run to set up shemata with 100% allocation on first run in MBM test. [patch 2] The MBA test result message is always output as "ok", make output message to be "not ok" if MBA check result is failed. [patch 3] Before exiting each test CMT/CAT/MBM/MBA, clear test result files function cat/cmt/mbm/mba_test_cleanup() are called twice. Delete once. [patch 4] When a child process is created by fork(), the buffer of the parent process is also copied. Flush the buffer before executing fork(). This patch series is based on Linux v6.0-rc7 Difference from v1: [patch 1] Make write_schemata() always be called, and use resctrl_val_param->num_of_runs instead of static num_of_runs. [patch 2] Add Reviewed-by tag. [patch 3] Remove cat/cmt/mbm/mba_test_cleanup() from run_cmt/mbm/mba_test() and modify changelog. [patch 4] Add Reviewed-by tag. Notice that I dropped the one patch from v1 in this series ("[PATCH 4/5] selftests/resctrl: Kill the child process before exiting the parent process if an exception occurs"). This is because the bug will take some time to fix, I will submit it separately in the future. Shaopeng Tan (4): selftests/resctrl: Fix set up shemata with 100% allocation on first run in MBM test. selftests/resctrl: Return MBA check result and make it to output message selftests/resctrl: Remove duplicate codes that clear each test result file selftests/resctrl: Flush stdout file buffer before executing fork() tools/testing/selftests/resctrl/cat_test.c | 1 + tools/testing/selftests/resctrl/mba_test.c | 8 ++++---- tools/testing/selftests/resctrl/mbm_test.c | 6 +++--- tools/testing/selftests/resctrl/resctrl_tests.c | 4 ---- tools/testing/selftests/resctrl/resctrl_val.c | 1 + tools/testing/selftests/resctrl/resctrlfs.c | 1 + 6 files changed, 10 insertions(+), 11 deletions(-) -- 2.27.0

1 year, 6 months

2
6
0 0

[PATCH] kunit: tool: Don't download risc-v opensbi firmware with wget

by David Gow

When running a RISC-V test kernel under QEMU, we need an OpenSBI BIOS file. In the original QEMU support patchset, kunit_tool would optionally download this file from GitHub if it didn't exist, using wget. These days, it can usually be found in the distro's qemu-system-riscv package, and is located in /usr/share/qemu on all the distros I tried (Debian, Arch, OpenSUSE). Use this file, and thereby don't do any downloading in kunit_tool. In addition, we used to shell out to whatever 'wget' was in the path, which could have potentially been used to trick the developer into running another binary. By not using wget at all, we nicely sidestep this issue. Cc: Xu Panda <xu.panda(a)zte.com.cn> Fixes: 87c9c1631788 ("kunit: tool: add support for QEMU") Reported-by: Zeal Robot <zealci(a)zte.com.cn> Signed-off-by: David Gow <davidgow(a)google.com> --- This is a replacement for "kunit: tool: use absolute path for wget": https://lore.kernel.org/linux-kselftest/20220922083610.235936-1-xu.panda@zt… Instead of just changing the path to wget, it removes the download option completely and grabs the opensbi-riscv64-generic-fw_dynamic.bin from the /usr/share/qemu directory, where the distro package manager should have put it. I _think_ this should be okay to treat as a fix: we were always grabbing this from the QEMU GitHub repository, so it should be widely available. And if you want to treat the wget use as a security issue, getting rid of it everywhere would be nice. Thoughts? -- David --- tools/testing/kunit/qemu_configs/riscv.py | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/tools/testing/kunit/qemu_configs/riscv.py b/tools/testing/kunit/qemu_configs/riscv.py index 6207be146d26..12a1d525978a 100644 --- a/tools/testing/kunit/qemu_configs/riscv.py +++ b/tools/testing/kunit/qemu_configs/riscv.py @@ -3,17 +3,13 @@ import os import os.path import sys -GITHUB_OPENSBI_URL = 'https://github.com/qemu/qemu/raw/master/pc-bios/opensbi-riscv64-generic-fw_…' -OPENSBI_FILE = os.path.basename(GITHUB_OPENSBI_URL) +OPENSBI_FILE = 'opensbi-riscv64-generic-fw_dynamic.bin' +OPENSBI_PATH = '/usr/share/qemu/' + OPENSBI_FILE -if not os.path.isfile(OPENSBI_FILE): - print('\n\nOpenSBI file is not in the current working directory.\n' - 'Would you like me to download it for you from:\n' + GITHUB_OPENSBI_URL + ' ?\n') - response = input('yes/[no]: ') - if response.strip() == 'yes': - os.system('wget ' + GITHUB_OPENSBI_URL) - else: - sys.exit() +if not os.path.isfile(OPENSBI_PATH): + print('\n\nOpenSBI bios was not found in "' + OPENSBI_PATH + '".\n' + 'Please ensure that qemu-system-riscv is installed, or edit the path in "qemu_configs/riscv.py"\n') + sys.exit() QEMU_ARCH = QemuArchParams(linux_arch='riscv', kconfig=''' @@ -29,4 +25,4 @@ CONFIG_SERIAL_EARLYCON_RISCV_SBI=y''', extra_qemu_params=[ '-machine', 'virt', '-cpu', 'rv64', - '-bios', 'opensbi-riscv64-generic-fw_dynamic.bin']) + '-bios', OPENSBI_PATH]) -- 2.37.3.998.g577e59143f-goog

1 year, 6 months

3
2
0 0

[PATCH v2 1/5] kunit: string-stream: Simplify resource use

by Daniel Latypov

From: David Gow <davidgow(a)google.com> Currently, KUnit's string streams are themselves "KUnit resources". This is redundant since the stream itself is already allocated with kunit_kzalloc() and will thus be freed automatically at the end of the test. string-stream is only used internally within KUnit, and isn't using the extra features that resources provide like reference counting, being able to locate them dynamically as "test-local variables", etc. Indeed, the resource's refcount is never incremented when the pointer is returned. The fact that it's always manually destroyed is more evidence that the reference counting is unused. Signed-off-by: David Gow <davidgow(a)google.com> Signed-off-by: Daniel Latypov <dlatypov(a)google.com> --- v1 -> v2: no changes --- lib/kunit/string-stream.c | 90 +++++++-------------------------------- lib/kunit/string-stream.h | 2 +- lib/kunit/test.c | 2 +- 3 files changed, 18 insertions(+), 76 deletions(-) diff --git a/lib/kunit/string-stream.c b/lib/kunit/string-stream.c index 141789ca8949..a2496abef152 100644 --- a/lib/kunit/string-stream.c +++ b/lib/kunit/string-stream.c @@ -12,64 +12,31 @@ #include "string-stream.h" -struct string_stream_fragment_alloc_context { - struct kunit *test; - int len; - gfp_t gfp; -}; -static int string_stream_fragment_init(struct kunit_resource *res, - void *context) +static struct string_stream_fragment *alloc_string_stream_fragment( + struct kunit *test, int len, gfp_t gfp) { - struct string_stream_fragment_alloc_context *ctx = context; struct string_stream_fragment *frag; - frag = kunit_kzalloc(ctx->test, sizeof(*frag), ctx->gfp); + frag = kunit_kzalloc(test, sizeof(*frag), gfp); if (!frag) - return -ENOMEM; + return ERR_PTR(-ENOMEM); - frag->test = ctx->test; - frag->fragment = kunit_kmalloc(ctx->test, ctx->len, ctx->gfp); + frag->test = test; + frag->fragment = kunit_kmalloc(test, len, gfp); if (!frag->fragment) - return -ENOMEM; + return ERR_PTR(-ENOMEM); - res->data = frag; - - return 0; + return frag; } -static void string_stream_fragment_free(struct kunit_resource *res) +static void string_stream_fragment_destroy(struct string_stream_fragment *frag) { - struct string_stream_fragment *frag = res->data; - list_del(&frag->node); kunit_kfree(frag->test, frag->fragment); kunit_kfree(frag->test, frag); } -static struct string_stream_fragment *alloc_string_stream_fragment( - struct kunit *test, int len, gfp_t gfp) -{ - struct string_stream_fragment_alloc_context context = { - .test = test, - .len = len, - .gfp = gfp - }; - - return kunit_alloc_resource(test, - string_stream_fragment_init, - string_stream_fragment_free, - gfp, - &context); -} - -static int string_stream_fragment_destroy(struct string_stream_fragment *frag) -{ - return kunit_destroy_resource(frag->test, - kunit_resource_instance_match, - frag); -} - int string_stream_vadd(struct string_stream *stream, const char *fmt, va_list args) @@ -169,48 +136,23 @@ struct string_stream_alloc_context { gfp_t gfp; }; -static int string_stream_init(struct kunit_resource *res, void *context) +struct string_stream *alloc_string_stream(struct kunit *test, gfp_t gfp) { struct string_stream *stream; - struct string_stream_alloc_context *ctx = context; - stream = kunit_kzalloc(ctx->test, sizeof(*stream), ctx->gfp); + stream = kunit_kzalloc(test, sizeof(*stream), gfp); if (!stream) - return -ENOMEM; + return ERR_PTR(-ENOMEM); - res->data = stream; - stream->gfp = ctx->gfp; - stream->test = ctx->test; + stream->gfp = gfp; + stream->test = test; INIT_LIST_HEAD(&stream->fragments); spin_lock_init(&stream->lock); - return 0; + return stream; } -static void string_stream_free(struct kunit_resource *res) +void string_stream_destroy(struct string_stream *stream) { - struct string_stream *stream = res->data; - string_stream_clear(stream); } - -struct string_stream *alloc_string_stream(struct kunit *test, gfp_t gfp) -{ - struct string_stream_alloc_context context = { - .test = test, - .gfp = gfp - }; - - return kunit_alloc_resource(test, - string_stream_init, - string_stream_free, - gfp, - &context); -} - -int string_stream_destroy(struct string_stream *stream) -{ - return kunit_destroy_resource(stream->test, - kunit_resource_instance_match, - stream); -} diff --git a/lib/kunit/string-stream.h b/lib/kunit/string-stream.h index 43f9508a55b4..494dee0f24bd 100644 --- a/lib/kunit/string-stream.h +++ b/lib/kunit/string-stream.h @@ -46,6 +46,6 @@ int string_stream_append(struct string_stream *stream, bool string_stream_is_empty(struct string_stream *stream); -int string_stream_destroy(struct string_stream *stream); +void string_stream_destroy(struct string_stream *stream); #endif /* _KUNIT_STRING_STREAM_H */ diff --git a/lib/kunit/test.c b/lib/kunit/test.c index b73d5bb5c473..0fb2771ca03e 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -267,7 +267,7 @@ static void kunit_fail(struct kunit *test, const struct kunit_loc *loc, kunit_print_string_stream(test, stream); - WARN_ON(string_stream_destroy(stream)); + string_stream_destroy(stream); } static void __noreturn kunit_abort(struct kunit *test) base-commit: 94681e289bf5d10c9db9db143d1a22d8717205c5 -- 2.37.1.359.gd136c6c3e2-goog

1 year, 6 months

3
10
0 0

[PATCH v1 0/9] KVM: s390: Extend MEM_OP ioctl by storage key checked cmpxchg

by Janis Schoetterl-Glausch

User space can use the MEM_OP ioctl to make storage key checked reads and writes to the guest, however, it has no way of performing atomic, key checked, accesses to the guest. Extend the MEM_OP ioctl in order to allow for this, by adding a cmpxchg mode. For now, support this mode for absolute accesses only. This mode can be use, for example, to set the device-state-change indicator and the adapter-local-summary indicator atomically. Janis Schoetterl-Glausch (9): s390/uaccess: Add storage key checked cmpxchg access to user space KVM: s390: Extend MEM_OP ioctl by storage key checked cmpxchg Documentation: KVM: s390: Describe KVM_S390_MEMOP_F_CMPXCHG KVM: s390: selftest: memop: Pass mop_desc via pointer KVM: s390: selftest: memop: Replace macros by functions KVM: s390: selftest: memop: Add bad address test KVM: s390: selftest: memop: Add cmpxchg tests KVM: s390: selftest: memop: Fix typo KVM: s390: selftest: memop: Fix wrong address being used in test Documentation/virt/kvm/api.rst | 18 +- include/uapi/linux/kvm.h | 5 + arch/s390/include/asm/uaccess.h | 187 ++++++ arch/s390/kvm/gaccess.h | 4 + arch/s390/kvm/gaccess.c | 56 ++ arch/s390/kvm/kvm-s390.c | 50 +- tools/testing/selftests/kvm/s390x/memop.c | 704 +++++++++++++++++----- 7 files changed, 874 insertions(+), 150 deletions(-) base-commit: f76349cf41451c5c42a99f18a9163377e4b364ff -- 2.34.1

1 year, 6 months

5
21
0 0

[PATCH RESEND] selftests/ftrace: func_event_triggers: fix typo in user message

by Randy Dunlap

Correct typo of "it's" to "it". Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: linux-kselftest(a)vger.kernel.org --- tools/testing/selftests/ftrace/test.d/ftrace/func_event_triggers.tc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- linux-next-20211224.orig/tools/testing/selftests/ftrace/test.d/ftrace/func_event_triggers.tc +++ linux-next-20211224/tools/testing/selftests/ftrace/test.d/ftrace/func_event_triggers.tc @@ -85,7 +85,7 @@ run_enable_disable() { echo $check_disable > $EVENT_ENABLE done sleep $SLEEP_TIME - echo " make sure it's still works" + echo " make sure it still works" test_event_enabled $check_enable_star reset_ftrace_filter

1 year, 6 months

2
1
0 0

[PATCH 0/6] Add _opts variant for bpf_*_get_fd_by_id()

by Roberto Sassu

From: Roberto Sassu <roberto.sassu(a)huawei.com> Add the _opts variant for bpf_*_get_fd_by_id() functions, to be able to pass to the kernel more options, when requesting a fd of an eBPF object to the kernel. Pass the options through a newly introduced structure, bpf_get_fd_opts, which currently contains open_flags (the other two members are for compatibility and for padding). open_flags allows the caller to request specific permissions to access a map (e.g. read-only). This is useful for example in the situation where a map is write-protected. Besides patches 2-6, which introduce the new variants and the data structure, patch 1 fixes the LIBBPF_1.0.0 declaration in libbpf.map. Roberto Sassu (6): libbpf: Fix LIBBPF_1.0.0 declaration in libbpf.map libbpf: Define bpf_get_fd_opts and introduce bpf_map_get_fd_by_id_opts() libbpf: Introduce bpf_prog_get_fd_by_id_opts() libbpf: Introduce bpf_btf_get_fd_by_id_opts() libbpf: Introduce bpf_link_get_fd_by_id_opts() selftests/bpf: Add tests for _opts variants of bpf_*_get_fd_by_id() tools/lib/bpf/bpf.c | 47 +++++++++- tools/lib/bpf/bpf.h | 16 ++++ tools/lib/bpf/libbpf.map | 6 +- .../bpf/prog_tests/libbpf_get_fd_opts.c | 88 +++++++++++++++++++ .../bpf/progs/test_libbpf_get_fd_opts.c | 36 ++++++++ 5 files changed, 188 insertions(+), 5 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/libbpf_get_fd_opts.c create mode 100644 tools/testing/selftests/bpf/progs/test_libbpf_get_fd_opts.c -- 2.25.1

1 year, 6 months

1
6
0 0

Hi

by Ann Ghallagher

Hi Dear, Nice to meet you, hope you’re enjoying a blissful day? I'm Ann Ghallagher. I'm a U.S. Army officer from the United States of America, I am supportive and caring, I like swimming and cooking am gentle although I am a soldier but I'm kind, wanting to get a good friend, I would like to establish mutual friendship with you.I want to make a deal with you so if you are interested contact my email (annghallaghe(a)gmail.com) or should I tell you about the deal here? Regards, Ann

1 year, 6 months

1
0
0 0

[PATCH v6 1/2] x86/fpu: Allow PKRU to be (once again) written by ptrace.

by Kyle Huey

From: Kyle Huey <me(a)kylehuey.com> When management of the PKRU register was moved away from XSTATE, emulation of PKRU's existence in XSTATE was added for reading PKRU through ptrace, but not for writing PKRU through ptrace. This can be seen by running gdb and executing `p $pkru`, `set $pkru = 42`, and `p $pkru`. On affected kernels (5.14+) the write to the PKRU register (which gdb performs through ptrace) is ignored. There are three APIs that write PKRU: sigreturn, PTRACE_SETREGSET with NT_X86_XSTATE, and KVM_SET_XSAVE. sigreturn still uses XRSTOR to write to PKRU. KVM_SET_XSAVE has its own special handling to make PKRU writes take effect (in fpu_copy_uabi_to_guest_fpstate). Push that down into copy_uabi_to_xstate and have PTRACE_SETREGSET with NT_X86_XSTATE pass in a pointer to the appropriate PKRU slot. copy_sigframe_from_user_to_xstate depends on copy_uabi_to_xstate populating the PKRU field in the task's XSTATE so that __fpu_restore_sig can do a XRSTOR from it, so continue doing that. This also adds code to initialize the PKRU value to the hardware init value (namely 0) if the PKRU bit is not set in the XSTATE header provided to ptrace, to match XRSTOR. Fixes: e84ba47e313d ("x86/fpu: Hook up PKRU into ptrace()") Signed-off-by: Kyle Huey <me(a)kylehuey.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Borislav Petkov <bp(a)suse.de> Cc: stable(a)vger.kernel.org # 5.14+ --- arch/x86/kernel/fpu/core.c | 20 +++++++++----------- arch/x86/kernel/fpu/regset.c | 2 +- arch/x86/kernel/fpu/signal.c | 2 +- arch/x86/kernel/fpu/xstate.c | 25 ++++++++++++++++++++----- arch/x86/kernel/fpu/xstate.h | 4 ++-- 5 files changed, 33 insertions(+), 20 deletions(-) diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c index 3b28c5b25e12..c273669e8a00 100644 --- a/arch/x86/kernel/fpu/core.c +++ b/arch/x86/kernel/fpu/core.c @@ -391,8 +391,6 @@ int fpu_copy_uabi_to_guest_fpstate(struct fpu_guest *gfpu, const void *buf, { struct fpstate *kstate = gfpu->fpstate; const union fpregs_state *ustate = buf; - struct pkru_state *xpkru; - int ret; if (!cpu_feature_enabled(X86_FEATURE_XSAVE)) { if (ustate->xsave.header.xfeatures & ~XFEATURE_MASK_FPSSE) @@ -406,16 +404,16 @@ int fpu_copy_uabi_to_guest_fpstate(struct fpu_guest *gfpu, const void *buf, if (ustate->xsave.header.xfeatures & ~xcr0) return -EINVAL; - ret = copy_uabi_from_kernel_to_xstate(kstate, ustate); - if (ret) - return ret; + /* + * Nullify @vpkru to preserve its current value if PKRU's bit isn't set + * in the header. KVM's odd ABI is to leave PKRU untouched in this + * case (all other components are eventually re-initialized). + * (Not clear that this is actually necessary for compat). + */ + if (!(ustate->xsave.header.xfeatures & XFEATURE_MASK_PKRU)) + vpkru = NULL; - /* Retrieve PKRU if not in init state */ - if (kstate->regs.xsave.header.xfeatures & XFEATURE_MASK_PKRU) { - xpkru = get_xsave_addr(&kstate->regs.xsave, XFEATURE_PKRU); - *vpkru = xpkru->pkru; - } - return 0; + return copy_uabi_from_kernel_to_xstate(kstate, ustate, vpkru); } EXPORT_SYMBOL_GPL(fpu_copy_uabi_to_guest_fpstate); #endif /* CONFIG_KVM */ diff --git a/arch/x86/kernel/fpu/regset.c b/arch/x86/kernel/fpu/regset.c index 75ffaef8c299..6d056b68f4ed 100644 --- a/arch/x86/kernel/fpu/regset.c +++ b/arch/x86/kernel/fpu/regset.c @@ -167,7 +167,7 @@ int xstateregs_set(struct task_struct *target, const struct user_regset *regset, } fpu_force_restore(fpu); - ret = copy_uabi_from_kernel_to_xstate(fpu->fpstate, kbuf ?: tmpbuf); + ret = copy_uabi_from_kernel_to_xstate(fpu->fpstate, kbuf ?: tmpbuf, &target->thread.pkru); out: vfree(tmpbuf); diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c index 91d4b6de58ab..558076dbde5b 100644 --- a/arch/x86/kernel/fpu/signal.c +++ b/arch/x86/kernel/fpu/signal.c @@ -396,7 +396,7 @@ static bool __fpu_restore_sig(void __user *buf, void __user *buf_fx, fpregs = &fpu->fpstate->regs; if (use_xsave() && !fx_only) { - if (copy_sigframe_from_user_to_xstate(fpu->fpstate, buf_fx)) + if (copy_sigframe_from_user_to_xstate(tsk, buf_fx)) return false; } else { if (__copy_from_user(&fpregs->fxsave, buf_fx, diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c index c8340156bfd2..8f14981a3936 100644 --- a/arch/x86/kernel/fpu/xstate.c +++ b/arch/x86/kernel/fpu/xstate.c @@ -1197,7 +1197,7 @@ static int copy_from_buffer(void *dst, unsigned int offset, unsigned int size, static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf, - const void __user *ubuf) + const void __user *ubuf, u32 *pkru) { struct xregs_state *xsave = &fpstate->regs.xsave; unsigned int offset, size; @@ -1246,6 +1246,21 @@ static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf, } } + /* + * Update the user protection key storage. Allow KVM to + * pass in a NULL pkru pointer if the mask bit is unset + * for its legacy ABI behavior. + */ + if (pkru) + *pkru = 0; + + if (hdr.xfeatures & XFEATURE_MASK_PKRU) { + struct pkru_state *xpkru; + + xpkru = __raw_xsave_addr(xsave, XFEATURE_PKRU); + *pkru = xpkru->pkru; + } + /* * The state that came in from userspace was user-state only. * Mask all the user states out of 'xfeatures': @@ -1264,9 +1279,9 @@ static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf, * Convert from a ptrace standard-format kernel buffer to kernel XSAVE[S] * format and copy to the target thread. Used by ptrace and KVM. */ -int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf) +int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf, u32 *pkru) { - return copy_uabi_to_xstate(fpstate, kbuf, NULL); + return copy_uabi_to_xstate(fpstate, kbuf, NULL, pkru); } /* @@ -1274,10 +1289,10 @@ int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf) * XSAVE[S] format and copy to the target thread. This is called from the * sigreturn() and rt_sigreturn() system calls. */ -int copy_sigframe_from_user_to_xstate(struct fpstate *fpstate, +int copy_sigframe_from_user_to_xstate(struct task_struct *tsk, const void __user *ubuf) { - return copy_uabi_to_xstate(fpstate, NULL, ubuf); + return copy_uabi_to_xstate(tsk->thread.fpu.fpstate, NULL, ubuf, &tsk->thread.pkru); } static bool validate_independent_components(u64 mask) diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h index 5ad47031383b..a4ecb04d8d64 100644 --- a/arch/x86/kernel/fpu/xstate.h +++ b/arch/x86/kernel/fpu/xstate.h @@ -46,8 +46,8 @@ extern void __copy_xstate_to_uabi_buf(struct membuf to, struct fpstate *fpstate, u32 pkru_val, enum xstate_copy_mode copy_mode); extern void copy_xstate_to_uabi_buf(struct membuf to, struct task_struct *tsk, enum xstate_copy_mode mode); -extern int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf); -extern int copy_sigframe_from_user_to_xstate(struct fpstate *fpstate, const void __user *ubuf); +extern int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf, u32 *pkru); +extern int copy_sigframe_from_user_to_xstate(struct task_struct *tsk, const void __user *ubuf); extern void fpu__init_cpu_xstate(void); -- 2.37.2 Changelog since v5: - Avoids a second copy from the uabi buffer as suggested. - Preserves old KVM_SET_XSAVE behavior where leaving the PKRU bit in the XSTATE header results in PKRU remaining unchanged instead of reinitializing it. - Fixed up patch metadata as requested. Changelog since v4: - Selftest additionally checks PKRU readbacks through ptrace. - Selftest flips all PKRU bits (except the default key). Changelog since v3: - The v3 patch is now part 1 of 2. - Adds a selftest in part 2 of 2. Changelog since v2: - Removed now unused variables in fpu_copy_uabi_to_guest_fpstate Changelog since v1: - Handles the error case of copy_to_buffer().

1 year, 6 months

1
1
0 0

[RFC PATCH v2 0/2] kunit: Support redirecting function calls

by David Gow

When writing tests, it'd often be very useful to be able to intercept calls to a function in the code being tested and replace it with a test-specific stub. This has always been an obviously missing piece of KUnit, and the solutions always involve some tradeoffs with cleanliness, performance, or impact on non-test code. See the folowing document for some of the challenges: https://kunit.dev/mocking.html This series consists of two prototype patches which add support for this sort of redirection to KUnit tests: 1: static_stub: Any function which might want to be intercepted adds a call to a macro which checks if a test has redirected calls to it, and calls the corresponding replacement. 2: ftrace_stub: Functions are intercepted using ftrace. This doesn't require adding a new prologue to each function being replaced, but does have more dependencies (which restricts it to a small number of architectures, not including UML), and doesn't work well with inline functions. The API for both implementations is very similar, so it should be easy to migrate from one to the other if necessary. Both of these implementations restrict the redirection to the test context: it is automatically undone after the KUnit test completes, and does not affect calls in other threads. If CONFIG_KUNIT is not enabled, there should be no overhead in either implementation. Does either (or both) of these features sound useful, and is this sort-of API the right model? (Personally, I think there's a reasonable scope for both.) Is anything obviously missing or wrong? Do the names, descriptions etc. make any sense? Note that these patches are definitely still at the "prototype" level, and things like error-handling, documentation, and testing are still pretty sparse. There is also quite a bit of room for optimisation. These'll all be improved for v1 if the concept seems good. We're going to be talking about this again at LPC, so it's worth having another look before then if you're interested and/or will be attending: https://lpc.events/event/16/contributions/1308/ Cheers, -- David --- Changes since RFC v1: https://lore.kernel.org/lkml/20220318021314.3225240-1-davidgow@google.com/ - Fix some typos (thanks Daniel) - Use typecheck_fn() to fix typechecking in some cases (thanks Brendan) - Use ftrace_instruction_pointer_set() in place of kernel livepatch, which seems to have disappeared: https://lore.kernel.org/lkml/0a76550d-008d-0364-8244-4dae2981ea05@csgroup.e… - Fix a copy-paste name error in the resource finding function. - Rebase on top of torvalds/master, as it wasn't applying cleanly. Note that the Kernel Livepatch -> ftrace change seems to allow more architectures to work, but while they compile, there still seems to be issues. So, this will compile on (e.g.) arm64, but fails: $ ./tools/testing/kunit/kunit.py run 'example*' --kunitconfig lib/kunit/stubs_example.kunitconfig --arch arm64 --make_options LLVM=1 [05:00:13] # example_ftrace_stub_test: initializing [05:00:13] # example_ftrace_stub_test: EXPECTATION FAILED at lib/kunit/kunit-example-test.c:179 [05:00:13] Expected add_one(1) == 0, but [05:00:13] add_one(1) == 2 [05:00:13] not ok 6 - example_ftrace_stub_test [05:00:13] [FAILED] example_ftrace_stub_test Daniel Latypov (1): kunit: expose ftrace-based API for stubbing out functions during tests David Gow (1): kunit: Expose 'static stub' API to redirect functions include/kunit/ftrace_stub.h | 84 +++++++++++++++++ include/kunit/static_stub.h | 106 +++++++++++++++++++++ lib/kunit/Kconfig | 11 +++ lib/kunit/Makefile | 5 + lib/kunit/ftrace_stub.c | 137 ++++++++++++++++++++++++++++ lib/kunit/kunit-example-test.c | 63 +++++++++++++ lib/kunit/static_stub.c | 125 +++++++++++++++++++++++++ lib/kunit/stubs_example.kunitconfig | 10 ++ 8 files changed, 541 insertions(+) create mode 100644 include/kunit/ftrace_stub.h create mode 100644 include/kunit/static_stub.h create mode 100644 lib/kunit/ftrace_stub.c create mode 100644 lib/kunit/static_stub.c create mode 100644 lib/kunit/stubs_example.kunitconfig -- 2.37.2.789.g6183377224-goog

1 year, 6 months

4
6
0 0

[PATCH iproute2-next 1/2] bridge: link: enable MacAuth/MAB feature

by Hans Schultz

The MAB feature can be enabled on a locked port with the command: bridge link set dev <DEV> mab on Signed-off-by: Hans Schultz <netdev(a)kapio-technology.com> --- bridge/fdb.c | 17 +++++++++++++++-- bridge/link.c | 21 ++++++++++++++++++--- include/uapi/linux/if_link.h | 1 + include/uapi/linux/neighbour.h | 7 ++++++- ip/iplink_bridge_slave.c | 16 +++++++++++++--- man/man8/bridge.8 | 10 ++++++++++ man/man8/ip-link.8.in | 8 ++++++++ 7 files changed, 71 insertions(+), 9 deletions(-) diff --git a/bridge/fdb.c b/bridge/fdb.c index 5f71bde0..0fbe9bd3 100644 --- a/bridge/fdb.c +++ b/bridge/fdb.c @@ -93,7 +93,7 @@ static int state_a2n(unsigned int *s, const char *arg) return 0; } -static void fdb_print_flags(FILE *fp, unsigned int flags) +static void fdb_print_flags(FILE *fp, unsigned int flags, __u8 ext_flags) { open_json_array(PRINT_JSON, is_json_context() ? "flags" : ""); @@ -116,6 +116,9 @@ static void fdb_print_flags(FILE *fp, unsigned int flags) if (flags & NTF_STICKY) print_string(PRINT_ANY, NULL, "%s ", "sticky"); + if (ext_flags & NTF_EXT_LOCKED) + print_string(PRINT_ANY, NULL, "%s ", "locked"); + close_json_array(PRINT_JSON, NULL); } @@ -144,6 +147,7 @@ int print_fdb(struct nlmsghdr *n, void *arg) struct ndmsg *r = NLMSG_DATA(n); int len = n->nlmsg_len; struct rtattr *tb[NDA_MAX+1]; + __u32 ext_flags = 0; __u16 vid = 0; if (n->nlmsg_type != RTM_NEWNEIGH && n->nlmsg_type != RTM_DELNEIGH) { @@ -170,6 +174,9 @@ int print_fdb(struct nlmsghdr *n, void *arg) parse_rtattr(tb, NDA_MAX, NDA_RTA(r), n->nlmsg_len - NLMSG_LENGTH(sizeof(*r))); + if (tb[NDA_FLAGS_EXT]) + ext_flags = rta_getattr_u32(tb[NDA_FLAGS_EXT]); + if (tb[NDA_VLAN]) vid = rta_getattr_u16(tb[NDA_VLAN]); @@ -266,7 +273,7 @@ int print_fdb(struct nlmsghdr *n, void *arg) if (show_stats && tb[NDA_CACHEINFO]) fdb_print_stats(fp, RTA_DATA(tb[NDA_CACHEINFO])); - fdb_print_flags(fp, r->ndm_flags); + fdb_print_flags(fp, r->ndm_flags, ext_flags); if (tb[NDA_MASTER]) @@ -414,6 +421,7 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) char *endptr; short vid = -1; __u32 nhid = 0; + __u32 ext_flags = 0; while (argc > 0) { if (strcmp(*argv, "dev") == 0) { @@ -527,6 +535,11 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) if (dst_ok) addattr_l(&req.n, sizeof(req), NDA_DST, &dst.data, dst.bytelen); + if (ext_flags && + addattr_l(&req.n, sizeof(req), NDA_FLAGS_EXT, &ext_flags, + sizeof(ext_flags)) < 0) + return -1; + if (vid >= 0) addattr16(&req.n, sizeof(req), NDA_VLAN, vid); if (nhid > 0) diff --git a/bridge/link.c b/bridge/link.c index 3810fa04..dd69d7c3 100644 --- a/bridge/link.c +++ b/bridge/link.c @@ -181,9 +181,14 @@ static void print_protinfo(FILE *fp, struct rtattr *attr) if (prtb[IFLA_BRPORT_ISOLATED]) print_on_off(PRINT_ANY, "isolated", "isolated %s ", rta_getattr_u8(prtb[IFLA_BRPORT_ISOLATED])); - if (prtb[IFLA_BRPORT_LOCKED]) - print_on_off(PRINT_ANY, "locked", "locked %s ", - rta_getattr_u8(prtb[IFLA_BRPORT_LOCKED])); + if (prtb[IFLA_BRPORT_LOCKED]) { + if (prtb[IFLA_BRPORT_MAB] && rta_getattr_u8(prtb[IFLA_BRPORT_MAB])) + print_on_off(PRINT_ANY, "locked mab", "locked mab %s ", + rta_getattr_u8(prtb[IFLA_BRPORT_LOCKED])); + else + print_on_off(PRINT_ANY, "locked", "locked %s ", + rta_getattr_u8(prtb[IFLA_BRPORT_LOCKED])); + } } else print_stp_state(rta_getattr_u8(attr)); } @@ -281,6 +286,7 @@ static void usage(void) " [ vlan_tunnel {on | off} ]\n" " [ isolated {on | off} ]\n" " [ locked {on | off} ]\n" + " [ mab {on | off} ]\n" " [ hwmode {vepa | veb} ]\n" " [ backup_port DEVICE ] [ nobackup_port ]\n" " [ self ] [ master ]\n" @@ -312,6 +318,7 @@ static int brlink_modify(int argc, char **argv) __s8 bcast_flood = -1; __s8 mcast_to_unicast = -1; __s8 locked = -1; + __s8 macauth = -1; __s8 isolated = -1; __s8 hairpin = -1; __s8 bpdu_guard = -1; @@ -437,6 +444,11 @@ static int brlink_modify(int argc, char **argv) locked = parse_on_off("locked", *argv, &ret); if (ret) return ret; + } else if (strcmp(*argv, "mab") == 0) { + NEXT_ARG(); + macauth = parse_on_off("mab", *argv, &ret); + if (ret) + return ret; } else if (strcmp(*argv, "backup_port") == 0) { NEXT_ARG(); backup_port_idx = ll_name_to_index(*argv); @@ -520,6 +532,9 @@ static int brlink_modify(int argc, char **argv) if (locked >= 0) addattr8(&req.n, sizeof(req), IFLA_BRPORT_LOCKED, locked); + if (macauth >= 0) + addattr8(&req.n, sizeof(req), IFLA_BRPORT_MAB, macauth); + if (backup_port_idx != -1) addattr32(&req.n, sizeof(req), IFLA_BRPORT_BACKUP_PORT, backup_port_idx); diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h index 7494cffb..58a002de 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h @@ -559,6 +559,7 @@ enum { IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT, IFLA_BRPORT_MCAST_EHT_HOSTS_CNT, IFLA_BRPORT_LOCKED, + IFLA_BRPORT_MAB, __IFLA_BRPORT_MAX }; #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1) diff --git a/include/uapi/linux/neighbour.h b/include/uapi/linux/neighbour.h index a998bf76..4dda051b 100644 --- a/include/uapi/linux/neighbour.h +++ b/include/uapi/linux/neighbour.h @@ -52,7 +52,8 @@ enum { #define NTF_STICKY (1 << 6) #define NTF_ROUTER (1 << 7) /* Extended flags under NDA_FLAGS_EXT: */ -#define NTF_EXT_MANAGED (1 << 0) +#define NTF_EXT_MANAGED (1 << 0) +#define NTF_EXT_LOCKED (1 << 1) /* * Neighbor Cache Entry States. @@ -86,6 +87,10 @@ enum { * NTF_EXT_MANAGED flagged neigbor entries are managed by the kernel on behalf * of a user space control plane, and automatically refreshed so that (if * possible) they remain in NUD_REACHABLE state. + * + * NTF_EXT_LOCKED flagged FDB entries are placeholder entries used with the + * locked port feature, that ensures that an entry exists while at the same + * time dropping packets on ingress with src MAC and VID matching the entry. */ struct nda_cacheinfo { diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c index 98d17213..0c0894eb 100644 --- a/ip/iplink_bridge_slave.c +++ b/ip/iplink_bridge_slave.c @@ -44,6 +44,7 @@ static void print_explain(FILE *f) " [ vlan_tunnel {on | off} ]\n" " [ isolated {on | off} ]\n" " [ locked {on | off} ]\n" + " [ mab {on | off} ]\n" " [ backup_port DEVICE ] [ nobackup_port ]\n" ); } @@ -284,9 +285,14 @@ static void bridge_slave_print_opt(struct link_util *lu, FILE *f, print_on_off(PRINT_ANY, "isolated", "isolated %s ", rta_getattr_u8(tb[IFLA_BRPORT_ISOLATED])); - if (tb[IFLA_BRPORT_LOCKED]) - print_on_off(PRINT_ANY, "locked", "locked %s ", - rta_getattr_u8(tb[IFLA_BRPORT_LOCKED])); + if (tb[IFLA_BRPORT_LOCKED]) { + if (tb[IFLA_BRPORT_MAB] && rta_getattr_u8(tb[IFLA_BRPORT_MAB])) + print_on_off(PRINT_ANY, "locked mab", "locked mab %s ", + rta_getattr_u8(tb[IFLA_BRPORT_LOCKED])); + else + print_on_off(PRINT_ANY, "locked", "locked %s ", + rta_getattr_u8(tb[IFLA_BRPORT_LOCKED])); + } if (tb[IFLA_BRPORT_BACKUP_PORT]) { int backup_p = rta_getattr_u32(tb[IFLA_BRPORT_BACKUP_PORT]); @@ -411,6 +417,10 @@ static int bridge_slave_parse_opt(struct link_util *lu, int argc, char **argv, NEXT_ARG(); bridge_slave_parse_on_off("locked", *argv, n, IFLA_BRPORT_LOCKED); + } else if (matches(*argv, "mab") == 0) { + NEXT_ARG(); + bridge_slave_parse_on_off("mab", *argv, n, + IFLA_BRPORT_MAB); } else if (matches(*argv, "backup_port") == 0) { int ifindex; diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index d4df772e..40250477 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -54,6 +54,7 @@ bridge \- show / manipulate bridge addresses and devices .BR vlan_tunnel " { " on " | " off " } ] [ " .BR isolated " { " on " | " off " } ] [ " .BR locked " { " on " | " off " } ] [ " +.BR mab " { " on " | " off " } ] [ " .B backup_port .IR DEVICE " ] [" .BR nobackup_port " ] [ " @@ -580,6 +581,15 @@ The common use is that hosts are allowed access through authentication with the IEEE 802.1X protocol or based on whitelists or like setups. By default this flag is off. +.TP +.RB "mab on " or " mab off " +Enables or disables the MAB/MacAuth feature. This feature can only be +activated on a port that is in locked mode, and when enabled it extends the +locked port feature so that MAC address can get access through a locked +port based on acceptlists, thus it is a much simpler procedure for a +device to become authorized than f.ex. the 802.1X protocol, and is used +for devices that are not capable of password or crypto based authorization +methods. .TP .BI backup_port " DEVICE" diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index fc9d62fc..187ca7ca 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -2454,6 +2454,9 @@ the following additional arguments are supported: .BR isolated " { " on " | " off " }" ] [ .BR locked " { " on " | " off " }" +] [ +.BR mab " { " on " | " off " }" +] [ .BR backup_port " DEVICE" ] [ .BR nobackup_port " ]" @@ -2560,6 +2563,11 @@ default this flag is off. behind the port cannot communicate through the port unless a FDB entry representing the host is in the FDB. By default this flag is off. +.BR mab " { " on " | " off " }" +- enables or disables the MAB/MacAuth feature on a locked port. It is +thus possible for a device to gain authorization on a locked port based +on acceptlists. + .BI backup_port " DEVICE" - if the port loses carrier all traffic will be redirected to the configured backup port -- 2.34.1

1 year, 6 months

5
11
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror October 2022