November 2022 - Linux-kselftest-mirror

Re: [PATCH v2 06/17] drm/tests: helpers: Switch to a platform_device

by Maíra Canal

On 11/28/22 11:53, Maxime Ripard wrote: > The device managed resources are ran if the device has bus, which is not > the case of a root_device. > > Let's use a platform_device instead. > > Reviewed-by: Javier Martinez Canillas <javierm(a)redhat.com> > Signed-off-by: Maxime Ripard <maxime(a)cerno.tech> Reviewed-by: Maíra Canal <mcanal(a)igalia.com> Best Regards, - Maíra Canal > --- > drivers/gpu/drm/tests/drm_kunit_helpers.c | 16 ++++++++++++++-- > 1 file changed, 14 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/tests/drm_kunit_helpers.c b/drivers/gpu/drm/tests/drm_kunit_helpers.c > index 9fb045fa685f..15678ab823b0 100644 > --- a/drivers/gpu/drm/tests/drm_kunit_helpers.c > +++ b/drivers/gpu/drm/tests/drm_kunit_helpers.c > @@ -7,6 +7,7 @@ > #include <kunit/resource.h> > > #include <linux/device.h> > +#include <linux/platform_device.h> > > #define KUNIT_DEVICE_NAME "drm-kunit-mock-device" > > @@ -32,7 +33,16 @@ static const struct drm_mode_config_funcs drm_mode_config_funcs = { > */ > struct device *drm_kunit_helper_alloc_device(struct kunit *test) > { > - return root_device_register(KUNIT_DEVICE_NAME); > + struct platform_device *pdev; > + int ret; > + > + pdev = platform_device_alloc(KUNIT_DEVICE_NAME, PLATFORM_DEVID_NONE); > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, pdev); > + > + ret = platform_device_add(pdev); > + KUNIT_ASSERT_EQ(test, ret, 0); > + > + return &pdev->dev; > } > EXPORT_SYMBOL(drm_kunit_helper_alloc_device); > > @@ -45,7 +55,9 @@ EXPORT_SYMBOL(drm_kunit_helper_alloc_device); > */ > void drm_kunit_helper_free_device(struct kunit *test, struct device *dev) > { > - root_device_unregister(dev); > + struct platform_device *pdev = to_platform_device(dev); > + > + platform_device_unregister(pdev); > } > EXPORT_SYMBOL(drm_kunit_helper_free_device); > >

1 year, 5 months

1
0
0 0

Re: [PATCH v2 05/17] drm/tests: helpers: Create the device in another function

by Maíra Canal

On 11/28/22 11:53, Maxime Ripard wrote: > We'll need in some tests to control when the device needs to be added > and removed, so let's split the device creation from the DRM device > creation function. > > Signed-off-by: Maxime Ripard <maxime(a)cerno.tech> Just a small nit below, Reviewed-by: Maíra Canal <mcanal(a)igalia.com> > > diff --git a/drivers/gpu/drm/tests/drm_probe_helper_test.c b/drivers/gpu/drm/tests/drm_probe_helper_test.c > index be61a92b79d2..438b1d42b843 100644 > --- a/drivers/gpu/drm/tests/drm_probe_helper_test.c > +++ b/drivers/gpu/drm/tests/drm_probe_helper_test.c > @@ -17,6 +17,7 @@ > > struct drm_probe_helper_test_priv { > struct drm_device *drm; > + struct device *dev; > struct drm_connector connector; > }; > > @@ -39,7 +40,10 @@ static int drm_probe_helper_test_init(struct kunit *test) > KUNIT_ASSERT_NOT_NULL(test, priv); > test->priv = priv; > > - priv->drm = drm_kunit_helper_alloc_drm_device(test, > + priv->dev = drm_kunit_helper_alloc_device(test); > + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, priv->dev); > + > + priv->drm = drm_kunit_helper_alloc_drm_device(test, priv->dev, > DRIVER_MODESET | DRIVER_ATOMIC); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, priv->drm); > > @@ -55,6 +59,13 @@ static int drm_probe_helper_test_init(struct kunit *test) > return 0; > } > > +static void drm_probe_helper_test_exit(struct kunit *test) > +{ > + struct drm_probe_helper_test_priv *priv = test->priv;; There are two semicolons by the end of this statement. Best Regards, - Maíra Canal > + > + drm_kunit_helper_free_device(test, priv->dev); > +} > + > typedef struct drm_display_mode *(*expected_mode_func_t)(struct drm_device *); > > struct drm_connector_helper_tv_get_modes_test { > @@ -195,6 +206,7 @@ static struct kunit_case drm_test_connector_helper_tv_get_modes_tests[] = { > static struct kunit_suite drm_test_connector_helper_tv_get_modes_suite = { > .name = "drm_connector_helper_tv_get_modes", > .init = drm_probe_helper_test_init, > + .exit = drm_probe_helper_test_exit, > .test_cases = drm_test_connector_helper_tv_get_modes_tests, > }; > > diff --git a/include/drm/drm_kunit_helpers.h b/include/drm/drm_kunit_helpers.h > index 6c12b1426ba0..b4277fe92c38 100644 > --- a/include/drm/drm_kunit_helpers.h > +++ b/include/drm/drm_kunit_helpers.h > @@ -6,8 +6,11 @@ > struct drm_device; > struct kunit; > > +struct device *drm_kunit_helper_alloc_device(struct kunit *test); > +void drm_kunit_helper_free_device(struct kunit *test, struct device *dev); > + > struct drm_device * > -drm_kunit_helper_alloc_drm_device(struct kunit *test, > +drm_kunit_helper_alloc_drm_device(struct kunit *test, struct device *dev, > u32 features); > > #endif // DRM_KUNIT_HELPERS_H_ >

1 year, 5 months

1
0
0 0

Re: [PATCH v2 04/17] drm/tests: helpers: Remove the name parameter

by Maíra Canal

On 11/28/22 11:53, Maxime Ripard wrote: > The device name isn't really useful, we can just define it instead of > exposing it in the API. > > Signed-off-by: Maxime Ripard <maxime(a)cerno.tech> Reviewed-by: Maíra Canal <mcanal(a)igalia.com> Best Regards - Maíra Canal > --- > drivers/gpu/drm/tests/drm_client_modeset_test.c | 3 +-- > drivers/gpu/drm/tests/drm_kunit_helpers.c | 7 ++++--- > drivers/gpu/drm/tests/drm_modes_test.c | 3 +-- > drivers/gpu/drm/tests/drm_probe_helper_test.c | 3 +-- > include/drm/drm_kunit_helpers.h | 3 +-- > 5 files changed, 8 insertions(+), 11 deletions(-) > > diff --git a/drivers/gpu/drm/tests/drm_client_modeset_test.c b/drivers/gpu/drm/tests/drm_client_modeset_test.c > index 6cdf08f582ce..4d475ae6dbb6 100644 > --- a/drivers/gpu/drm/tests/drm_client_modeset_test.c > +++ b/drivers/gpu/drm/tests/drm_client_modeset_test.c > @@ -59,8 +59,7 @@ static int drm_client_modeset_test_init(struct kunit *test) > > test->priv = priv; > > - priv->drm = drm_kunit_helper_alloc_drm_device(test, DRIVER_MODESET, > - "drm-client-modeset-test"); > + priv->drm = drm_kunit_helper_alloc_drm_device(test, DRIVER_MODESET); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, priv->drm); > > ret = drmm_connector_init(priv->drm, &priv->connector, > diff --git a/drivers/gpu/drm/tests/drm_kunit_helpers.c b/drivers/gpu/drm/tests/drm_kunit_helpers.c > index 2f67f6cf78d0..16c7926d83c2 100644 > --- a/drivers/gpu/drm/tests/drm_kunit_helpers.c > +++ b/drivers/gpu/drm/tests/drm_kunit_helpers.c > @@ -8,6 +8,8 @@ > > #include <linux/device.h> > > +#define KUNIT_DEVICE_NAME "drm-kunit-mock-device" > + > struct kunit_dev { > struct drm_device base; > }; > @@ -39,7 +41,6 @@ static void dev_free(struct kunit_resource *res) > * drm_kunit_helper_alloc_drm_device - Allocates a mock DRM device for Kunit tests > * @test: The test context object > * @features: Mocked DRM device driver features > - * @name: Name of the struct &device to allocate > * > * This function allocates a new struct &device, creates a struct > * &drm_driver and will create a struct &drm_device using both. > @@ -54,7 +55,7 @@ static void dev_free(struct kunit_resource *res) > */ > struct drm_device * > drm_kunit_helper_alloc_drm_device(struct kunit *test, > - u32 features, char *name) > + u32 features) > { > struct kunit_dev *kdev; > struct drm_device *drm; > @@ -62,7 +63,7 @@ drm_kunit_helper_alloc_drm_device(struct kunit *test, > struct device *dev; > int ret; > > - dev = kunit_alloc_resource(test, dev_init, dev_free, GFP_KERNEL, name); > + dev = kunit_alloc_resource(test, dev_init, dev_free, GFP_KERNEL, KUNIT_DEVICE_NAME); > if (!dev) > return ERR_PTR(-ENOMEM); > > diff --git a/drivers/gpu/drm/tests/drm_modes_test.c b/drivers/gpu/drm/tests/drm_modes_test.c > index 6723089dff9f..35965ad86188 100644 > --- a/drivers/gpu/drm/tests/drm_modes_test.c > +++ b/drivers/gpu/drm/tests/drm_modes_test.c > @@ -22,8 +22,7 @@ static int drm_test_modes_init(struct kunit *test) > priv = kunit_kzalloc(test, sizeof(*priv), GFP_KERNEL); > KUNIT_ASSERT_NOT_NULL(test, priv); > > - priv->drm = drm_kunit_helper_alloc_drm_device(test, DRIVER_MODESET, > - "drm-modes-test"); > + priv->drm = drm_kunit_helper_alloc_drm_device(test, DRIVER_MODESET); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, priv->drm); > > test->priv = priv; > diff --git a/drivers/gpu/drm/tests/drm_probe_helper_test.c b/drivers/gpu/drm/tests/drm_probe_helper_test.c > index 85236ff4744f..be61a92b79d2 100644 > --- a/drivers/gpu/drm/tests/drm_probe_helper_test.c > +++ b/drivers/gpu/drm/tests/drm_probe_helper_test.c > @@ -40,8 +40,7 @@ static int drm_probe_helper_test_init(struct kunit *test) > test->priv = priv; > > priv->drm = drm_kunit_helper_alloc_drm_device(test, > - DRIVER_MODESET | DRIVER_ATOMIC, > - "drm-probe-helper-test"); > + DRIVER_MODESET | DRIVER_ATOMIC); > KUNIT_ASSERT_NOT_ERR_OR_NULL(test, priv->drm); > > connector = &priv->connector; > diff --git a/include/drm/drm_kunit_helpers.h b/include/drm/drm_kunit_helpers.h > index e9870c7911fe..6c12b1426ba0 100644 > --- a/include/drm/drm_kunit_helpers.h > +++ b/include/drm/drm_kunit_helpers.h > @@ -8,7 +8,6 @@ struct kunit; > > struct drm_device * > drm_kunit_helper_alloc_drm_device(struct kunit *test, > - u32 features, > - char *name); > + u32 features); > > #endif // DRM_KUNIT_HELPERS_H_ >

1 year, 5 months

1
0
0 0

Re: [PATCH v2 02/17] drm/tests: helpers: Document drm_kunit_device_init()

by Maíra Canal

On 11/28/22 11:53, Maxime Ripard wrote: > Commit 44a3928324e9 ("drm/tests: Add Kunit Helpers") introduced the > drm_kunit_device_init() function but didn't document it properly. Add > that documentation. > > Signed-off-by: Maxime Ripard <maxime(a)cerno.tech> Just a minor nit on naming, besides that: Reviewed-by: Maíra Canal <mcanal(a)igalia.com> > --- > drivers/gpu/drm/tests/drm_kunit_helpers.c | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > > diff --git a/drivers/gpu/drm/tests/drm_kunit_helpers.c b/drivers/gpu/drm/tests/drm_kunit_helpers.c > index 6600a4db3158..46a68c2fd80c 100644 > --- a/drivers/gpu/drm/tests/drm_kunit_helpers.c > +++ b/drivers/gpu/drm/tests/drm_kunit_helpers.c > @@ -35,6 +35,23 @@ static void dev_free(struct kunit_resource *res) > root_device_unregister(dev); > } > > +/** > + * drm_kunit_device_init - Allocates a mock DRM device for Kunit tests s/Kunit/KUnit Best Regards, - Maíra Canal > + * @test: The test context object > + * @features: Mocked DRM device driver features > + * @name: Name of the struct &device to allocate > + * > + * This function allocates a new struct &device, creates a struct > + * &drm_driver and will create a struct &drm_device using both. > + * > + * The device and driver are tied to the @test context and will get > + * cleaned at the end of the test. The drm_device is allocated through > + * devm_drm_dev_alloc() and will thus be freed through a device-managed > + * resource. > + * > + * Returns: > + * A pointer to the new drm_device, or an ERR_PTR() otherwise. > + */ > struct drm_device *drm_kunit_device_init(struct kunit *test, u32 features, char *name) > { > struct kunit_dev *kdev; >

1 year, 5 months

1
0
0 0

[PATCH AUTOSEL 5.15 17/24] selftests/net: Find nettest in current directory

by Sasha Levin

From: Daniel Díaz <daniel.diaz(a)linaro.org> [ Upstream commit bd5e1e42826f18147afb0ba07e6a815f52cf8bcb ] The `nettest` binary, built from `selftests/net/nettest.c`, was expected to be found in the path during test execution of `fcnal-test.sh` and `pmtu.sh`, leading to tests getting skipped when the binary is not installed in the system, as can be seen in these logs found in the wild [1]: # TEST: vti4: PMTU exceptions [SKIP] [ 350.600250] IPv6: ADDRCONF(NETDEV_CHANGE): veth_b: link becomes ready [ 350.607421] IPv6: ADDRCONF(NETDEV_CHANGE): veth_a: link becomes ready # 'nettest' command not found; skipping tests # xfrm6udp not supported # TEST: vti6: PMTU exceptions (ESP-in-UDP) [SKIP] [ 351.605102] IPv6: ADDRCONF(NETDEV_CHANGE): veth_b: link becomes ready [ 351.612243] IPv6: ADDRCONF(NETDEV_CHANGE): veth_a: link becomes ready # 'nettest' command not found; skipping tests # xfrm4udp not supported The `unicast_extensions.sh` tests also rely on `nettest`, but it runs fine there because it looks for the binary in the current working directory [2]: The same mechanism that works for the Unicast extensions tests is here copied over to the PMTU and functional tests. [1] https://lkft.validation.linaro.org/scheduler/job/5839508#L6221 [2] https://lkft.validation.linaro.org/scheduler/job/5839508#L7958 Signed-off-by: Daniel Díaz <daniel.diaz(a)linaro.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/net/fcnal-test.sh | 11 +++++++---- tools/testing/selftests/net/pmtu.sh | 10 ++++++---- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 91f54112167f..364c82b797c1 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -4072,10 +4072,13 @@ elif [ "$TESTS" = "ipv6" ]; then TESTS="$TESTS_IPV6" fi -which nettest >/dev/null -if [ $? -ne 0 ]; then - echo "'nettest' command not found; skipping tests" - exit $ksft_skip +# nettest can be run from PATH or from same directory as this selftest +if ! which nettest >/dev/null; then + PATH=$PWD:$PATH + if ! which nettest >/dev/null; then + echo "'nettest' command not found; skipping tests" + exit $ksft_skip + fi fi declare -i nfail=0 diff --git a/tools/testing/selftests/net/pmtu.sh b/tools/testing/selftests/net/pmtu.sh index 694732e4b344..da6ab300207c 100755 --- a/tools/testing/selftests/net/pmtu.sh +++ b/tools/testing/selftests/net/pmtu.sh @@ -671,10 +671,12 @@ setup_xfrm() { } setup_nettest_xfrm() { - which nettest >/dev/null - if [ $? -ne 0 ]; then - echo "'nettest' command not found; skipping tests" - return 1 + if ! which nettest >/dev/null; then + PATH=$PWD:$PATH + if ! which nettest >/dev/null; then + echo "'nettest' command not found; skipping tests" + return 1 + fi fi [ ${1} -eq 6 ] && proto="-6" || proto="" -- 2.35.1

1 year, 5 months

1
0
0 0

[PATCH AUTOSEL 6.0 27/39] selftests/net: Find nettest in current directory

by Sasha Levin

From: Daniel Díaz <daniel.diaz(a)linaro.org> [ Upstream commit bd5e1e42826f18147afb0ba07e6a815f52cf8bcb ] The `nettest` binary, built from `selftests/net/nettest.c`, was expected to be found in the path during test execution of `fcnal-test.sh` and `pmtu.sh`, leading to tests getting skipped when the binary is not installed in the system, as can be seen in these logs found in the wild [1]: # TEST: vti4: PMTU exceptions [SKIP] [ 350.600250] IPv6: ADDRCONF(NETDEV_CHANGE): veth_b: link becomes ready [ 350.607421] IPv6: ADDRCONF(NETDEV_CHANGE): veth_a: link becomes ready # 'nettest' command not found; skipping tests # xfrm6udp not supported # TEST: vti6: PMTU exceptions (ESP-in-UDP) [SKIP] [ 351.605102] IPv6: ADDRCONF(NETDEV_CHANGE): veth_b: link becomes ready [ 351.612243] IPv6: ADDRCONF(NETDEV_CHANGE): veth_a: link becomes ready # 'nettest' command not found; skipping tests # xfrm4udp not supported The `unicast_extensions.sh` tests also rely on `nettest`, but it runs fine there because it looks for the binary in the current working directory [2]: The same mechanism that works for the Unicast extensions tests is here copied over to the PMTU and functional tests. [1] https://lkft.validation.linaro.org/scheduler/job/5839508#L6221 [2] https://lkft.validation.linaro.org/scheduler/job/5839508#L7958 Signed-off-by: Daniel Díaz <daniel.diaz(a)linaro.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/net/fcnal-test.sh | 11 +++++++---- tools/testing/selftests/net/pmtu.sh | 10 ++++++---- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 31c3b6ebd388..21ca91473c09 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -4196,10 +4196,13 @@ elif [ "$TESTS" = "ipv6" ]; then TESTS="$TESTS_IPV6" fi -which nettest >/dev/null -if [ $? -ne 0 ]; then - echo "'nettest' command not found; skipping tests" - exit $ksft_skip +# nettest can be run from PATH or from same directory as this selftest +if ! which nettest >/dev/null; then + PATH=$PWD:$PATH + if ! which nettest >/dev/null; then + echo "'nettest' command not found; skipping tests" + exit $ksft_skip + fi fi declare -i nfail=0 diff --git a/tools/testing/selftests/net/pmtu.sh b/tools/testing/selftests/net/pmtu.sh index 736e358dc549..dfe3d287f01d 100755 --- a/tools/testing/selftests/net/pmtu.sh +++ b/tools/testing/selftests/net/pmtu.sh @@ -686,10 +686,12 @@ setup_xfrm() { } setup_nettest_xfrm() { - which nettest >/dev/null - if [ $? -ne 0 ]; then - echo "'nettest' command not found; skipping tests" - return 1 + if ! which nettest >/dev/null; then + PATH=$PWD:$PATH + if ! which nettest >/dev/null; then + echo "'nettest' command not found; skipping tests" + return 1 + fi fi [ ${1} -eq 6 ] && proto="-6" || proto="" -- 2.35.1

1 year, 5 months

1
0
0 0

[PATCH v8 00/26] tcp: Initial support for RFC5925 auth option

by Leonard Crestez

This is similar to TCP-MD5 in functionality but it's sufficiently different that packet formats and interfaces are incompatible. Compared to TCP-MD5 more algorithms are supported and multiple keys can be used on the same connection but there is still no negotiation mechanism. Expected use-case is protecting long-duration BGP/LDP connections between routers using pre-shared keys. The goal of this series is to allow routers using the Linux TCP stack to interoperate with vendors such as Cisco and Juniper. An fully-featured userspace implementation using this patchset exists but it is not open. A completely unrelated series that implements the same features was posted recently: https://lore.kernel.org/netdev/20220818170005.747015-1-dima@arista.com/ The biggest difference is that this series puts TCP-AO key on a global instead of per-socket list and that it attempts to make kernel-mode key selection decisions instead of very strictly requiring userspace to make all decisions. I believe my approach greatly simplifies userspace implementation. The biggest difference in this iteration of the patch series is adding per-key lifetime values based on RFC8177 in order to implement kernel-mode key rollover. Older versions still required userspace to tweak the NOSEND/NORECV flags and always pick rnextkeyid explicitly, but now no active "key management" should be required on established socket - Just set correct flags and expiration dates and the kernel can perform key rollover itself. You can see a (simple) test of that behavior here: https://github.com/cdleonard/tcp-authopt-test/blob/main/tcp_authopt_test/te… The main implementation of this behavior is patch 17. Very very old versions of this series had per-socket keys but that approach was prone to an issue when key change made on a listen socket between "synack" and "accept" did not affect the new socket. My solution was to make keys global, the Arista solution is to require userspace to query the key list on accepted sockets and update them. This offloads responsibility for an ABI race to userspace. It can be made to work. Here are some known flaws and limitations: * Crypto API is used with buffers on the stack and inside struct sock, this might not work on all arches. I'm currently only testing x64 VMs * Interaction with FASTOPEN not tested. * Traffic key is not cached (reducing performance). * All lookups examine all keys, ignoring optimization opportunities * Overlaping MKTs can be configured despite what RFC5925 says. This is considered "misconfiguration by userspace" and it would make sense for the kernel to be more aggressive here. Some testing support is included in nettest and fcnal-test.sh, similar to the current level of tcp-md5 testing. A more elaborate test suite using pytest and scapy is available out of tree: https://github.com/cdleonard/tcp-authopt-test There is an automatic system that runs that test suite in vagrant in gitlab-ci: https://gitlab.com/cdleonard/vagrantcpao That test suite fully covers the ABI of this patchset. Changes for frr (obsolete): https://github.com/FRRouting/frr/pull/9442 That PR was made early for ABI feedback, it has many issues. Changes for yabgp (obsolete): https://github.com/cdleonard/yabgp/commits/tcp_authopt This was used for interoperability testing with cisco. Would need updates for global keys to avoid leaks. Changes since PATCH v7: * Add lifetime fields to struct tcp_authopt_key * Fix not checking MD5 after unexpected AO. Link to v7: https://lore.kernel.org/netdev/cover.1660852705.git.cdleonard@gmail.com/ Changes since PATCH v6: * Squash "remove unused noops" patch (forgot to do this before v5 send). * Make TCP_REPAIR_AUTHOPT fail if (!tp->repair) * Add {snd,rcv}_seq to struct tcp_repair_authopt next to {snd,rcv}_sne. The fact that internally snd_sne is maintained as a 64-bit extension of sne_nxt is a problem for TCP_REPAIR implementation in userspace which might not have access to snd_nxt during live traffic. By exposing a full 64-bit “recent sequence number” to userspace it's possible to ignore which exact SEQ number the SNE value is an extension of. * Fix ipv6_addr_is_prefix helper; it was incorrect and dependant on uninitialized stack memory. This was caught by test suite after many rebases. * Implement ipv4-mapped-ipv6 support, request by Eric Dumazet Link: https://lore.kernel.org/netdev/cover.1658815925.git.cdleonard@gmail.com/ Changes since PATCH v5: * Rebased on recent net-next, including recent changes refactoring md5 * Use to skb_drop_reason * Fix using sock_kmalloc for key alloc but regular kfree for free. Use kmalloc because keys are global * Fix mentioning non-existent copy_from_sockopt in doc for _copy_from_sockptr_tolerant * If no valid keys are available for a destination then report a socket error instead of sending unsigned traffic * Remove several noop implementations which are always called from ifdef * Fix build issues in all scenarios, including -Werror at every point. * Split "tcp: Refactor tcp_inbound_md5_hash into tcp_inbound_sig_hash" into a separate commit. * Add TCP_AUTHOPT_FLAG_ACTIVE to distinguish between "keys configured for socket" and "connection authenticated". A listen socket with authentication enabled will return other sockets with authentication enabled on accept() but if no key is configured for the peer then authentication will be inactive. * Add support for TCP_REPAIR_AUTHOPT new sockopts which loads/saves the AO-specific information. Link: https://lore.kernel.org/netdev/cover.1643026076.git.cdleonard@gmail.com/ Changes since PATCH v4: * Move the traffic_key context_bytes header to stack. If it's a constant string then ahash can fail unexpectedly. * Fix allowing unsigned traffic if all keys are marked norecv. * Fix crashing in __tcp_authopt_alg_init on failure. * Try to respect the rnextkeyid from SYN on SYNACK (new patch) * Fix incorrect check for TCP_AUTHOPT_KEY_DEL in __tcp_authopt_select_key * Improve docs on __tcp_authopt_select_key * Fix build with CONFIG_PROC_FS=n (kernel build robot) * Fix build with CONFIG_IPV6=n (kernel build robot) Link: https://lore.kernel.org/netdev/cover.1640273966.git.cdleonard@gmail.com/ Changes since PATCH v3: * Made keys global (per-netns rather than per-sock). * Add /proc/net/tcp_authopt with a table of keys (not sockets). * Fix part of the shash/ahash conversion having slipped from patch 3 to patch 5 * Fix tcp_parse_sig_options assigning NULL incorrectly when both MD5 and AO are disabled (kernel build robot) * Fix sparse endianness warnings in prefix match (kernel build robot) * Fix several incorrect RCU annotations reported by sparse (kernel build robot) Link: https://lore.kernel.org/netdev/cover.1638962992.git.cdleonard@gmail.com/ Changes since PATCH v2: * Protect tcp_authopt_alg_get/put_tfm with local_bh_disable instead of preempt_disable. This caused signature corruption when send path executing with BH enabled was interrupted by recv. * Fix accepted keyids not configured locally as "unexpected". If any key is configured that matches the peer then traffic MUST be signed. * Fix issues related to sne rollover during handshake itself. (Francesco) * Implement and test prefixlen (David) * Replace shash with ahash and reuse some of the MD5 code (Dmitry) * Parse md5+ao options only once in the same function (Dmitry) * Pass tcp_authopt_info into inbound check path, this avoids second rcu dereference for same packet. * Pass tcp_request_socket into inbound check path instead of just listen socket. This is required for SNE rollover during handshake and clearifies ISN handling. * Do not allow disabling via sysctl after enabling once, this is difficult to support well (David) * Verbose check for sysctl_tcp_authopt (Dmitry) * Use netif_index_is_l3_master (David) * Cleanup ipvx_addr_match (David) * Add a #define tcp_authopt_needed to wrap static key usage because it looks nicer. * Replace rcu_read_lock with rcu_dereference_protected in SNE updates (Eric) * Remove test suite Link: https://lore.kernel.org/netdev/cover.1635784253.git.cdleonard@gmail.com/ Changes since PATCH v1: * Implement Sequence Number Extension * Implement l3index for vrf: TCP_AUTHOPT_KEY_IFINDEX as equivalent of TCP_MD5SIG_FLAG_IFINDEX * Expand TCP-AO tests in fcnal-test.sh to near-parity with md5. * Show addr/port on failure similar to md5 * Remove tox dependency from test suite (create venv directly) * Switch default pytest output format to TAP (kselftest standard) * Fix _copy_from_sockptr_tolerant stack corruption on short sockopts. This was covered in test but error was invisible without STACKPROTECTOR=y * Fix sysctl_tcp_authopt check in tcp_get_authopt_val before memset. This was harmless because error code is checked in getsockopt anyway. * Fix dropping md5 packets on all sockets with AO enabled * Fix checking (key->recv_id & TCP_AUTHOPT_KEY_ADDR_BIND) instead of key->flags in tcp_authopt_key_match_exact * Fix PATCH 1/19 not compiling due to missing "int err" declaration * Add ratelimited message for AO and MD5 both present * Export all symbols required by CONFIG_IPV6=m (again) * Fix compilation with CONFIG_TCP_AUTHOPT=y CONFIG_TCP_MD5SIG=n * Fix checkpatch issues * Pass -rrequirements.txt to tox to avoid dependency variation. Link: https://lore.kernel.org/netdev/cover.1632240523.git.cdleonard@gmail.com/ Changes since RFCv3: * Implement TCP_AUTHOPT handling for timewait and reset replies. Write tests to execute these paths by injecting packets with scapy * Handle combining md5 and authopt: if both are configured use authopt. * Fix locking issues around send_key, introduced in on of the later patches. * Handle IPv4-mapped-IPv6 addresses: it used to be that an ipv4 SYN sent to an ipv6 socket with TCP-AO triggered WARN * Implement un-namespaced sysctl disabled this feature by default * Allocate new key before removing any old one in setsockopt (Dmitry) * Remove tcp_authopt_key_info.local_id because it's no longer used (Dmitry) * Propagate errors from TCP_AUTHOPT getsockopt (Dmitry) * Fix no-longer-correct TCP_AUTHOPT_KEY_DEL docs (Dmitry) * Simplify crypto allocation (Eric) * Use kzmalloc instead of __GFP_ZERO (Eric) * Add static_key_false tcp_authopt_needed (Eric) * Clear authopt_info copied from oldsk in __tcp_authopt_openreq (Eric) * Replace memcmp in ipv4 and ipv6 addr comparisons (Eric) * Export symbols for CONFIG_IPV6=m (kernel test robot) * Mark more functions static (kernel test robot) * Fix build with CONFIG_PROVE_RCU_LIST=y (kernel test robot) Link: https://lore.kernel.org/netdev/cover.1629840814.git.cdleonard@gmail.com/ Changes since RFCv2: * Removed local_id from ABI and match on send_id/recv_id/addr * Add all relevant out-of-tree tests to tools/testing/selftests * Return an error instead of ignoring unknown flags, hopefully this makes it easier to extend. * Check sk_family before __tcp_authopt_info_get_or_create in tcp_set_authopt_key * Use sock_owned_by_me instead of WARN_ON(!lockdep_sock_is_held(sk)) * Fix some intermediate build failures reported by kbuild robot * Improve documentation Link: https://lore.kernel.org/netdev/cover.1628544649.git.cdleonard@gmail.com/ Changes since RFC: * Split into per-topic commits for ease of review. The intermediate commits compile with a few "unused function" warnings and don't do anything useful by themselves. * Add ABI documention including kernel-doc on uapi * Fix lockdep warnings from crypto by creating pools with one shash for each cpu * Accept short options to setsockopt by padding with zeros; this approach allows increasing the size of the structs in the future. * Support for aes-128-cmac-96 * Support for binding addresses to keys in a way similar to old tcp_md5 * Add support for retrieving received keyid/rnextkeyid and controling the keyid/rnextkeyid being sent. Link: https://lore.kernel.org/netdev/01383a8751e97ef826ef2adf93bfde3a08195a43.162… Leonard Crestez (26): tcp: authopt: Initial support and key management docs: Add user documentation for tcp_authopt tcp: authopt: Add crypto initialization tcp: Refactor tcp_sig_hash_skb_data for AO tcp: authopt: Compute packet signatures tcp: Refactor tcp_inbound_md5_hash into tcp_inbound_sig_hash tcp: authopt: Hook into tcp core tcp: authopt: Disable via sysctl by default tcp: authopt: Implement Sequence Number Extension tcp: ipv6: Add AO signing for tcp_v6_send_response tcp: authopt: Add support for signing skb-less replies tcp: ipv4: Add AO signing for skb-less replies tcp: authopt: Add NOSEND/NORECV flags tcp: authopt: Add initial l3index support tcp: authopt: Add prefixlen support tcp: authopt: Add send/recv lifetime support tcp: authopt: Add key selection controls tcp: authopt: Add v4mapped ipv6 address support tcp: authopt: Add /proc/net/tcp_authopt listing all keys tcp: authopt: If no keys are valid for send report an error tcp: authopt: Try to respect rnextkeyid from SYN on SYNACK tcp: authopt: Initial support for TCP_AUTHOPT_FLAG_ACTIVE tcp: authopt: Initial implementation of TCP_REPAIR_AUTHOPT selftests: nettest: Rename md5_prefix to key_addr_prefix selftests: nettest: Initial tcp_authopt support selftests: net/fcnal: Initial tcp_authopt support Documentation/networking/index.rst | 1 + Documentation/networking/ip-sysctl.rst | 6 + Documentation/networking/tcp_authopt.rst | 95 + include/linux/tcp.h | 15 + include/net/dropreason.h | 16 + include/net/net_namespace.h | 4 + include/net/netns/tcp_authopt.h | 12 + include/net/tcp.h | 55 +- include/net/tcp_authopt.h | 269 +++ include/uapi/linux/snmp.h | 1 + include/uapi/linux/tcp.h | 188 ++ net/ipv4/Kconfig | 14 + net/ipv4/Makefile | 1 + net/ipv4/proc.c | 1 + net/ipv4/sysctl_net_ipv4.c | 39 + net/ipv4/tcp.c | 126 +- net/ipv4/tcp_authopt.c | 2044 +++++++++++++++++++++ net/ipv4/tcp_input.c | 55 +- net/ipv4/tcp_ipv4.c | 100 +- net/ipv4/tcp_minisocks.c | 12 + net/ipv4/tcp_output.c | 106 +- net/ipv6/tcp_ipv6.c | 70 +- tools/testing/selftests/net/fcnal-test.sh | 329 +++- tools/testing/selftests/net/nettest.c | 204 +- 24 files changed, 3675 insertions(+), 88 deletions(-) create mode 100644 Documentation/networking/tcp_authopt.rst create mode 100644 include/net/netns/tcp_authopt.h create mode 100644 include/net/tcp_authopt.h create mode 100644 net/ipv4/tcp_authopt.c -- 2.25.1

1 year, 5 months

6
41
0 0

Re: (subset) [PATCH 20/24] drm/vc4: crtc: Provide a CRTC name

by Maxime Ripard

On Wed, 23 Nov 2022 16:26:02 +0100, Maxime Ripard wrote: > It's fairly hard to figure out the instance of the CRTC affected by an > atomic change using the default name. > > Since we can provide our own to the CRTC initialization functions, let's > do so to make the debugging sessions easier. > > > [...] Applied to drm/drm-misc (drm-misc-next). Thanks! Maxime

1 year, 5 months

1
0
0 0

Re: (subset) [PATCH 17/24] drm/vc4: crtc: Pass the device and data in vc4_crtc_init

by Maxime Ripard

On Wed, 23 Nov 2022 16:25:59 +0100, Maxime Ripard wrote: > Both users of vc4_crtc_init need the same extra initialization to set > the pointer to the platform_device and the CRTC data. Since it's > mandatory, let's make them both arguments of vc4_crtc_init(). > > Applied to drm/drm-misc (drm-misc-next). Thanks! Maxime

1 year, 5 months

1
0
0 0

Re: (subset) [PATCH 16/24] drm/vc4: txp: Initialise the CRTC before the encoder and connector

by Maxime Ripard

On Wed, 23 Nov 2022 16:25:58 +0100, Maxime Ripard wrote: > It makes more sense to register the CRTC before the encoder and > connectors, so let's move our call around. > > Applied to drm/drm-misc (drm-misc-next). Thanks! Maxime

1 year, 5 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror November 2022