December 2022 - Linux-kselftest-mirror

[PATCH RESEND] Documentation: dev-tools: Clarify requirements for result description

by Mark Brown

Currently the KTAP specification says that a test result line is <result> <number> [<description>][ # [<directive>] [<diagnostic data>]] and the description of a test can be "any sequence of words (can't include #)" which specifies that there may be more than one word but does not specify anything other than those words which might be used to separate the words which probably isn't what we want. Given that practically we have tests using a range of separators for words including combinations of spaces and combinations of other symbols like underscores or punctuation let's just clarify that the description can contain any character other than # (marking the start of the directive/diagnostic) or newline (marking the end of this test result). Signed-off-by: Mark Brown <broonie(a)kernel.org> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: David Gow <davidgow(a)google.com> --- Documentation/dev-tools/ktap.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/dev-tools/ktap.rst b/Documentation/dev-tools/ktap.rst index d0a9565b0f44..414c105b10a9 100644 --- a/Documentation/dev-tools/ktap.rst +++ b/Documentation/dev-tools/ktap.rst @@ -80,8 +80,8 @@ have the number 1 and the number then must increase by 1 for each additional subtest within the same test at the same nesting level. The description is a description of the test, generally the name of -the test, and can be any string of words (can't include #). The -description is optional, but recommended. +the test, and can be any string of characters other than # or a +newline. The description is optional, but recommended. The directive and any diagnostic data is optional. If either are present, they must follow a hash sign, "#". -- 2.30.2

1 year, 5 months

2
1
0 0

[PATCH] selftests: Fix spelling mistake "allright" -> "alright"

by Colin Ian King

There are spelling mistakes in messages in the prctl tests. Fix these. Note: One can use "all right", or "alright", I'm fixing this to use the slightly more informal and more modern form of the spelling for the fix. Signed-off-by: Colin Ian King <colin.i.king(a)gmail.com> --- tools/testing/selftests/prctl/disable-tsc-ctxt-sw-stress-test.c | 2 +- tools/testing/selftests/prctl/disable-tsc-on-off-stress-test.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/prctl/disable-tsc-ctxt-sw-stress-test.c b/tools/testing/selftests/prctl/disable-tsc-ctxt-sw-stress-test.c index 62a93cc61b7c..868f37fd1d5e 100644 --- a/tools/testing/selftests/prctl/disable-tsc-ctxt-sw-stress-test.c +++ b/tools/testing/selftests/prctl/disable-tsc-ctxt-sw-stress-test.c @@ -79,7 +79,7 @@ int main(void) { int n_tasks = 100, i; - fprintf(stderr, "[No further output means we're allright]\n"); + fprintf(stderr, "[No further output means we're alright]\n"); for (i=0; i<n_tasks; i++) if (fork() == 0) diff --git a/tools/testing/selftests/prctl/disable-tsc-on-off-stress-test.c b/tools/testing/selftests/prctl/disable-tsc-on-off-stress-test.c index 79950f9a26fd..3822532fc0c6 100644 --- a/tools/testing/selftests/prctl/disable-tsc-on-off-stress-test.c +++ b/tools/testing/selftests/prctl/disable-tsc-on-off-stress-test.c @@ -83,7 +83,7 @@ int main(void) { int n_tasks = 100, i; - fprintf(stderr, "[No further output means we're allright]\n"); + fprintf(stderr, "[No further output means we're alright]\n"); for (i=0; i<n_tasks; i++) if (fork() == 0) -- 2.38.1

1 year, 5 months

1
0
0 0

[PATCH v2] Documentation: kunit: Fix "How Do I Use This" / "Next Steps" sections

by David Gow

The "How Do I Use This" section of index.rst and "Next Steps" section of start.rst were just copies of the table of contents, and therefore weren't really useful either when looking a sphinx generated output (which already had the TOC visible) or when reading the source (where it's just a list of files that ls could give you). Instead, provide a small number of concrete next steps, and a bit more description about what the pages contain. This also removes the broken reference to 'tips.rst', which was previously removed. Fixes: 4399c737a97d ("Documentation: kunit: Remove redundant 'tips.rst' page") Signed-off-by: David Gow <davidgow(a)google.com> --- Thanks everyone for reviewing v1. Since this is pretty much a complete rewrite, I've left Reviewed-by tags off, as I don't feel the previous reviews totally apply. Feel free to review again if you have any comments. Cheers, -- David Changes since v1: https://lore.kernel.org/linux-kselftest/20221129094732.306449-1-davidgow@go… - Totally rewrite both sections to only include (and provide more context for) the most concrete next steps. - Thanks Bagas for pointing out that this basically duplicates the TOC as-is. --- Documentation/dev-tools/kunit/index.rst | 19 ++++++++----------- Documentation/dev-tools/kunit/start.rst | 19 +++++++++---------- 2 files changed, 17 insertions(+), 21 deletions(-) diff --git a/Documentation/dev-tools/kunit/index.rst b/Documentation/dev-tools/kunit/index.rst index d5629817cd72..b3593ae29ace 100644 --- a/Documentation/dev-tools/kunit/index.rst +++ b/Documentation/dev-tools/kunit/index.rst @@ -99,14 +99,11 @@ Read also :ref:`kinds-of-tests`. How do I use it? ================ -* Documentation/dev-tools/kunit/start.rst - for KUnit new users. -* Documentation/dev-tools/kunit/architecture.rst - KUnit architecture. -* Documentation/dev-tools/kunit/run_wrapper.rst - run kunit_tool. -* Documentation/dev-tools/kunit/run_manual.rst - run tests without kunit_tool. -* Documentation/dev-tools/kunit/usage.rst - write tests. -* Documentation/dev-tools/kunit/tips.rst - best practices with - examples. -* Documentation/dev-tools/kunit/api/index.rst - KUnit APIs - used for testing. -* Documentation/dev-tools/kunit/faq.rst - KUnit common questions and - answers. +You can find a step-by-step guide to writing and running KUnit tests in +Documentation/dev-tools/kunit/start.rst + +Alternatively, feel free to look through the rest of the KUnit documentation, +or to experiment with tools/testing/kunit/kunit.py and the example test under +lib/kunit/kunit-example-test.c + +Happy testing! diff --git a/Documentation/dev-tools/kunit/start.rst b/Documentation/dev-tools/kunit/start.rst index f4f504f1fb15..224387a43543 100644 --- a/Documentation/dev-tools/kunit/start.rst +++ b/Documentation/dev-tools/kunit/start.rst @@ -294,13 +294,12 @@ Congrats! You just wrote your first KUnit test. Next Steps ========== -* Documentation/dev-tools/kunit/architecture.rst - KUnit architecture. -* Documentation/dev-tools/kunit/run_wrapper.rst - run kunit_tool. -* Documentation/dev-tools/kunit/run_manual.rst - run tests without kunit_tool. -* Documentation/dev-tools/kunit/usage.rst - write tests. -* Documentation/dev-tools/kunit/tips.rst - best practices with - examples. -* Documentation/dev-tools/kunit/api/index.rst - KUnit APIs - used for testing. -* Documentation/dev-tools/kunit/faq.rst - KUnit common questions and - answers. +If you're interested in using some of the more advanced features of kunit.py, +take a look at Documentation/dev-tools/kunit/run_wrapper.rst + +If you'd like to run tests without using kunit.py, check out +Documentation/dev-tools/kunit/run_manual.rst + +For more information on writing KUnit tests (including some common techniques +for testing different things), see Documentation/dev-tools/kunit/usage.rst + -- 2.39.0.rc0.267.gcb52ba06e7-goog

1 year, 5 months

3
2
0 0

[PATCH bpf-next v3 0/4] bpf: Support kernel function call in 32-bit ARM

by Yang Jihong

1. Patch1 is dependent patch to fix zext extension error in 32-bit ARM. 2. Patch2 supports bpf fkunc in 32-bit ARM for EABI. 3. Patch3 is used to add test cases to cover some parameter scenarios states by AAPCS. 4. Patch4 fix a comment error. The following is the test_progs result in the 32-bit ARM environment: # uname -m armv7l # echo 1 > /proc/sys/net/core/bpf_jit_enable # ./test_progs -t kfunc_call #1/1 kfunc_call/kfunc_syscall_test_fail:OK #1/2 kfunc_call/kfunc_syscall_test_null_fail:OK #1/3 kfunc_call/kfunc_call_test_get_mem_fail_rdonly:OK #1/4 kfunc_call/kfunc_call_test_get_mem_fail_use_after_free:OK #1/5 kfunc_call/kfunc_call_test_get_mem_fail_oob:OK #1/6 kfunc_call/kfunc_call_test_get_mem_fail_not_const:OK #1/7 kfunc_call/kfunc_call_test_mem_acquire_fail:OK #1/8 kfunc_call/kfunc_call_test1:OK #1/9 kfunc_call/kfunc_call_test2:OK #1/10 kfunc_call/kfunc_call_test4:OK #1/11 kfunc_call/kfunc_call_test5:OK #1/12 kfunc_call/kfunc_call_test6:OK #1/13 kfunc_call/kfunc_call_test_ref_btf_id:OK #1/14 kfunc_call/kfunc_call_test_get_mem:OK #1/15 kfunc_call/kfunc_syscall_test:OK #1/16 kfunc_call/kfunc_syscall_test_null:OK #1/19 kfunc_call/destructive:OK --- Changes since v2: - Remove patches to adjust sk size check for CO_RE in 32-bit arch. - Add check of kfunc's return value in insn_def_regno. - Adjust is_reg64 for insn_def_regno. - The check of CONFIG_AEABI is moved from emit_kfunc_call to bpf_jit_supports_kfunc_call. - Fix a comment error in fixup_kfunc_call. Yang Jihong (4): bpf: Adapt 32-bit return value kfunc for 32-bit ARM when zext extension bpf: Add kernel function call support in 32-bit ARM for EABI bpf:selftests: Add kfunc_call test for mixing 32-bit and 64-bit parameters bpf: Fix comment error in fixup_kfunc_call function arch/arm/net/bpf_jit_32.c | 137 ++++++++++++++++++ kernel/bpf/verifier.c | 46 +++++- net/bpf/test_run.c | 18 +++ .../selftests/bpf/prog_tests/kfunc_call.c | 3 + .../selftests/bpf/progs/kfunc_call_test.c | 52 +++++++ 5 files changed, 252 insertions(+), 4 deletions(-) -- 2.30.GIT

1 year, 5 months

2
11
0 0

[PATCH] KVM: selftests: Fix build for memstress.[ch] rename

by Mark Brown

Today's -next fails to build the KVM selftests on at least arm64 due to commit 9fda6753c9dd ("KVM: selftests: Rename perf_test_util.[ch] to memstress.[ch]") interacting poorly with commit a93871d0ea9f ("KVM: selftests: Add a userfaultfd library") which adds a new user of perf_test_util.h. Do the rename in the new user. Fixes: 9fda6753c9dd ("KVM: selftests: Rename perf_test_util.[ch] to memstress.[ch]") Fixes: a93871d0ea9f ("KVM: selftests: Add a userfaultfd library") Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: Ricardo Koller <ricarkol(a)google.com> Cc: Marc Zyngier <maz(a)kernel.org> Cc: David Matlack <dmatlack(a)google.com> Cc: Sean Christopherson <seanjc(a)google.com> Cc: Paolo Bonzini <pbonzini(a)redhat.com> Cc: Stephen Rothwell <sfr(a)canb.auug.org.au> --- tools/testing/selftests/kvm/lib/userfaultfd_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/lib/userfaultfd_util.c b/tools/testing/selftests/kvm/lib/userfaultfd_util.c index 3b44846fc277..92cef20902f1 100644 --- a/tools/testing/selftests/kvm/lib/userfaultfd_util.c +++ b/tools/testing/selftests/kvm/lib/userfaultfd_util.c @@ -20,7 +20,7 @@ #include "kvm_util.h" #include "test_util.h" -#include "perf_test_util.h" +#include "memstress.h" #include "userfaultfd_util.h" #ifdef __NR_userfaultfd -- 2.30.2

1 year, 5 months

5
4
0 0

[PATCH v3 0/2] kunit: add macro to allow conditionally exposing static symbols to tests

by Rae Moar

Currently in order to test a static function, tests must be included in the same translation unit as the function. However, this can cause issues with including implementation and test code in the same file. As an alternative, the first patch in this series creates a macro that will set a function to be static or not depending on whether CONFIG_KUNIT is enabled. This allows the function to be visible during testing and static otherwise. As an example, the current status quo to test static functions is: === test.c === static void test_case(struct kunit *test) { KUNIT_EXPECT_EQ(test, my_func_to_test(), 2); } Then the tests are included in the implementation file as a workaround to the issue of testing static functions: === implementation.c === static int my_func_to_test() {...} ... #include "test.c" Instead, the function could be defined with this new macro: === implementation.c === VISIBLE_IF_KUNIT int my_func_to_test() {...} The first patch also creates a macro that will export a symbol into a kunit testing namespace only if CONFIG_KUNIT is enabled. This follows the logic above and allows symbols to be conditionally exported based on the testing status. The second patch in the series updates the policy_unpack test in AppArmor to show an example of how to use both of these macros in order to address the issue of testing static functions. Additionally, the patch allows the policy_unpack test to be built as a module. Changes since v2: - Add mention of namespacing symbols to the commit message of the second patch. - Change module name in the second patch from policy_unpack_test to apparmor_policy_unpack_test. Changes since v1: - Changed the namespace of exported symbols for the apparmor policy_unpack_test by adding the aa_ prefix. - Separated the documentation comments for macros in include/kunit/visibility.h. - Changed copyright date and author for include/kunit/visibility.h. Rae Moar (2): kunit: add macro to allow conditionally exposing static symbols to tests apparmor: test: make static symbols visible during kunit testing include/kunit/visibility.h | 33 +++ security/apparmor/Kconfig | 4 +- security/apparmor/Makefile | 3 + security/apparmor/include/policy_unpack.h | 50 +++++ security/apparmor/policy_unpack.c | 238 ++++++++++------------ security/apparmor/policy_unpack_test.c | 69 ++++--- 6 files changed, 229 insertions(+), 168 deletions(-) create mode 100644 include/kunit/visibility.h base-commit: 0f08f3e2a0186dfb8e33cb46105228eb18448a0e -- 2.39.0.rc0.267.gcb52ba06e7-goog

1 year, 5 months

3
4
0 0

[PATCH v5 0/6] mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC

by jeffxu＠chromium.org

From: Jeff Xu <jeffxu(a)chromium.org> Since Linux introduced the memfd feature, memfd have always had their execute bit set, and the memfd_create() syscall doesn't allow setting it differently. However, in a secure by default system, such as ChromeOS, (where all executables should come from the rootfs, which is protected by Verified boot), this executable nature of memfd opens a door for NoExec bypass and enables “confused deputy attack”. E.g, in VRP bug [1]: cros_vm process created a memfd to share the content with an external process, however the memfd is overwritten and used for executing arbitrary code and root escalation. [2] lists more VRP in this kind. On the other hand, executable memfd has its legit use, runc uses memfd’s seal and executable feature to copy the contents of the binary then execute them, for such system, we need a solution to differentiate runc's use of executable memfds and an attacker's [3]. To address those above, this set of patches add following: 1> Let memfd_create() set X bit at creation time. 2> Let memfd to be sealed for modifying X bit. 3> A new pid namespace sysctl: vm.memfd_noexec to control behavior of X bit. For example, if a container has vm.memfd_noexec=2, then memfd_create() without MFD_NOEXEC_SEAL will be rejected. 4> A new security hook in memfd_create(). This make it possible to a new LSM, which rejects or allows executable memfd based on its security policy. This is V4 version of patch: see [4] [5] [6] for previous versions. [1] https://crbug.com/1305411 [2] https://bugs.chromium.org/p/chromium/issues/list?q=type%3Dbug-security%20me… [3] https://lwn.net/Articles/781013/ [4] https://lwn.net/Articles/890096/ [5] https://lore.kernel.org/lkml/20220805222126.142525-1-jeffxu@chromium.org/ [6] https://lore.kernel.org/lkml/20221202013404.163143-1-jeffxu@chromium.org/ Daniel Verkamp (2): mm/memfd: add F_SEAL_EXEC selftests/memfd: add tests for F_SEAL_EXEC Jeff Xu (4): mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC mm/memfd: Add write seals when apply SEAL_EXEC to executable memfd selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC mm/memfd: security hook for memfd_create include/linux/lsm_hook_defs.h | 1 + include/linux/lsm_hooks.h | 4 + include/linux/pid_namespace.h | 19 ++ include/linux/security.h | 6 + include/uapi/linux/fcntl.h | 1 + include/uapi/linux/memfd.h | 4 + kernel/pid_namespace.c | 48 ++++ mm/memfd.c | 61 ++++- mm/shmem.c | 6 + security/security.c | 13 + tools/testing/selftests/memfd/fuse_test.c | 1 + tools/testing/selftests/memfd/memfd_test.c | 304 ++++++++++++++++++++- 12 files changed, 465 insertions(+), 3 deletions(-) base-commit: eb7081409f94a9a8608593d0fb63a1aa3d6f95d8 -- 2.39.0.rc0.267.gcb52ba06e7-goog

1 year, 5 months

4
12
0 0

[PATCH] KVM: selftests: Fix build due to ucall_uninit() removal

by Mark Brown

Today's -next fails to build on arm64 due to: In file included from include/kvm_util.h:11, from aarch64/page_fault_test.c:15: include/ucall_common.h:36:47: note: expected ‘vm_paddr_t’ {aka ‘long unsigned int’} but argument is of type ‘void *’ 36 | void ucall_init(struct kvm_vm *vm, vm_paddr_t mmio_gpa); | ~~~~~~~~~~~^~~~~~~~ aarch64/page_fault_test.c:725:2: warning: implicit declaration of function ‘ucall_uninit’; did you mean ‘ucall_init’? [-Wimplicit-function-declaration] 725 | ucall_uninit(vm); | ^~~~~~~~~~~~ | ucall_init which is caused by commit interacting poorly with commit 28a65567acb5 ("KVM: selftests: Drop now-unnecessary ucall_uninit()") As is done for other ucall_uninit() users remove the call in the newly added page_fault_test.c. Fixes: 28a65567acb5 ("KVM: selftests: Drop now-unnecessary ucall_uninit()") Fixes: 35c581015712 ("KVM: selftests: aarch64: Add aarch64/page_fault_test") Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: Sean Christopherson <seanjc(a)google.com> Cc: Ricardo Koller <ricarkol(a)google.com> Cc: Marc Zyngier <maz(a)kernel.org> --- tools/testing/selftests/kvm/aarch64/page_fault_test.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/testing/selftests/kvm/aarch64/page_fault_test.c b/tools/testing/selftests/kvm/aarch64/page_fault_test.c index 05bb6a6369c2..4ef89c57a937 100644 --- a/tools/testing/selftests/kvm/aarch64/page_fault_test.c +++ b/tools/testing/selftests/kvm/aarch64/page_fault_test.c @@ -722,7 +722,6 @@ static void run_test(enum vm_guest_mode mode, void *arg) vcpu_run_loop(vm, vcpu, test); - ucall_uninit(vm); kvm_vm_free(vm); free_uffd(test, pt_uffd, data_uffd); -- 2.30.2

1 year, 5 months

2
1
0 0

[PATCH v5 00/19] IOMMUFD Generic interface

by Jason Gunthorpe

[ This update is primarily collecting remarks from the mailing list, lots of doc fixes and it is now stably in linux-next without warnings/etc. syzbot has taken over and is running now, the remaining static tool feedback has been collected. s390, Intel x86, ARM and all the VFIO mdevs have been tested now. ] iommufd is the user API to control the IOMMU subsystem as it relates to managing IO page tables that point at user space memory. It takes over from drivers/vfio/vfio_iommu_type1.c (aka the VFIO container) which is the VFIO specific interface for a similar idea. We see a broad need for extended features, some being highly IOMMU device specific: - Binding iommu_domain's to PASID/SSID - Userspace IO page tables, for ARM, x86 and S390 - Kernel bypassed invalidation of user page tables - Re-use of the KVM page table in the IOMMU - Dirty page tracking in the IOMMU - Runtime Increase/Decrease of IOPTE size - PRI support with faults resolved in userspace Many of these HW features exist to support VM use cases - for instance the combination of PASID, PRI and Userspace IO Page Tables allows an implementation of DMA Shared Virtual Addressing (vSVA) within a guest. Dirty tracking enables VM live migration with SRIOV devices and PASID support allow creating "scalable IOV" devices, among other things. As these features are fundamental to a VM platform they need to be uniformly exposed to all the driver families that do DMA into VMs, which is currently VFIO and VDPA. The pre-v1 series proposed re-using the VFIO type 1 data structure, however it was suggested that if we are doing this big update then we should also come with an improved data structure that solves the limitations that VFIO type1 has. Notably this addresses: - Multiple IOAS/'containers' and multiple domains inside a single FD - Single-pin operation no matter how many domains and containers use a page - A fine grained locking scheme supporting user managed concurrency for multi-threaded map/unmap - A pre-registration mechanism to optimize vIOMMU use cases by pre-pinning pages - Extended ioctl API that can manage these new objects and exposes domains directly to user space - domains are sharable between subsystems, eg VFIO and VDPA The bulk of this code is a new data structure design to track how the IOVAs are mapped to PFNs. iommufd intends to be general and consumable by any driver that wants to DMA to userspace. From a driver perspective it can largely be dropped in in-place of iommu_attach_device() and provides a uniform full feature set to all consumers. As this is a larger project this series is the first step. This series provides the iommfd "generic interface" which is designed to be suitable for applications like DPDK and VMM flows that are not optimized to specific HW scenarios. It is close to being a drop in replacement for the existing VFIO type 1 and supports existing qemu based VM flows. Several follow-on series are being prepared: - Patches integrating with qemu in native mode: https://github.com/yiliu1765/qemu/commits/qemu-iommufd-6.0-rc2 - A completed integration with VFIO now exists that covers "emulated" mdev use cases now, and can pass testing with qemu/etc in compatability mode: https://github.com/jgunthorpe/linux/commits/vfio_iommufd - A draft providing system iommu dirty tracking on top of iommufd, including iommu driver implementations: https://github.com/jpemartins/linux/commits/x86-iommufd This pairs with patches for providing a similar API to support VFIO-device tracking to give a complete vfio solution: https://lore.kernel.org/kvm/20220901093853.60194-1-yishaih@nvidia.com/ - Userspace page tables aka 'nested translation' for ARM and Intel iommu drivers: https://github.com/nicolinc/iommufd/commits/iommufd_nesting - "device centric" vfio series to expose the vfio_device FD directly as a normal cdev, and provide an extended API allowing dynamically changing the IOAS binding: https://github.com/yiliu1765/iommufd/commits/iommufd-v6.0-rc2-nesting-0901 - Drafts for PASID and PRI interfaces are included above as well Overall enough work is done now to show the merit of the new API design and at least draft solutions to many of the main problems. Several people have contributed directly to this work: Eric Auger, Joao Martins, Kevin Tian, Lu Baolu, Nicolin Chen, Yi L Liu. Many more have participated in the discussions that lead here, and provided ideas. Thanks to all! The v1/v2 iommufd series has been used to guide a large amount of preparatory work that has now been merged. The general theme is to organize things in a way that makes injecting iommufd natural: - VFIO live migration support with mlx5 and hisi_acc drivers. These series need a dirty tracking solution to be really usable. https://lore.kernel.org/kvm/20220224142024.147653-1-yishaih@nvidia.com/ https://lore.kernel.org/kvm/20220308184902.2242-1-shameerali.kolothum.thodi… - Significantly rework the VFIO gvt mdev and remove struct mdev_parent_ops https://lore.kernel.org/lkml/20220411141403.86980-1-hch@lst.de/ - Rework how PCIe no-snoop blocking works https://lore.kernel.org/kvm/0-v3-2cf356649677+a32-intel_no_snoop_jgg@nvidia… - Consolidate dma ownership into the iommu core code https://lore.kernel.org/linux-iommu/20220418005000.897664-1-baolu.lu@linux.… - Make all vfio driver interfaces use struct vfio_device consistently https://lore.kernel.org/kvm/0-v4-8045e76bf00b+13d-vfio_mdev_no_group_jgg@nv… - Remove the vfio_group from the kvm/vfio interface https://lore.kernel.org/kvm/0-v3-f7729924a7ea+25e33-vfio_kvm_no_group_jgg@n… - Simplify locking in vfio https://lore.kernel.org/kvm/0-v2-d035a1842d81+1bf-vfio_group_locking_jgg@nv… - Remove the vfio notifiter scheme that faces drivers https://lore.kernel.org/kvm/0-v4-681e038e30fd+78-vfio_unmap_notif_jgg@nvidi… - Improve the driver facing API for vfio pin/unpin pages to make the presence of struct page clear https://lore.kernel.org/kvm/20220723020256.30081-1-nicolinc@nvidia.com/ - Clean up in the Intel IOMMU driver https://lore.kernel.org/linux-iommu/20220301020159.633356-1-baolu.lu@linux.… https://lore.kernel.org/linux-iommu/20220510023407.2759143-1-baolu.lu@linux… https://lore.kernel.org/linux-iommu/20220514014322.2927339-1-baolu.lu@linux… https://lore.kernel.org/linux-iommu/20220706025524.2904370-1-baolu.lu@linux… https://lore.kernel.org/linux-iommu/20220702015610.2849494-1-baolu.lu@linux… - Rework s390 vfio drivers https://lore.kernel.org/kvm/20220707135737.720765-1-farman@linux.ibm.com/ - Normalize vfio ioctl handling https://lore.kernel.org/kvm/0-v2-0f9e632d54fb+d6-vfio_ioctl_split_jgg@nvidi… - VFIO API for dirty tracking (aka dma logging) managed inside a PCI device, with mlx5 implementation https://lore.kernel.org/kvm/20220901093853.60194-1-yishaih@nvidia.com - Introduce a struct device sysfs presence for struct vfio_device https://lore.kernel.org/kvm/20220901143747.32858-1-kevin.tian@intel.com/ - Complete restructuring the vfio mdev model https://lore.kernel.org/kvm/20220822062208.152745-1-hch@lst.de/ - Isolate VFIO container code in preperation for iommufd to provide an alternative implementation of it all https://lore.kernel.org/kvm/0-v1-a805b607f1fb+17b-vfio_container_split_jgg@… - Simplify and consolidate iommu_domain/device compatability checking https://lore.kernel.org/linux-iommu/cover.1666042872.git.nicolinc@nvidia.co… - Align iommu SVA support with the domain-centric model https://lore.kernel.org/all/20221031005917.45690-1-baolu.lu@linux.intel.com/ This is about 233 patches applied since March, thank you to everyone involved in all this work! Currently there are a number of supporting series still in progress: - DMABUF exporter support for VFIO to allow PCI P2P with VFIO https://lore.kernel.org/r/0-v2-472615b3877e+28f7-vfio_dma_buf_jgg@nvidia.com - Start to provide iommu_domain ops for POWER https://lore.kernel.org/all/20220714081822.3717693-1-aik@ozlabs.ru/ However, these are not necessary for this series to advance. Syzkaller coverage has been merged and is now running in the syzbot environment on linux-next: https://github.com/google/syzkaller/pull/3515 https://github.com/google/syzkaller/pull/3521 This is on github: https://github.com/jgunthorpe/linux/commits/iommufd v5: - Move WARN_ON in __iommu_group_alloc_blocking_domain() - Fix rebase error of pfn_batch::npfns - iopt_pages_add/remove_access() is now iopt_area_add/remove_access() - Change iopt_pages_access::refcount into an unsigned int - Lower mutex/etc into iopt_area_add_access() - Match VFIO error codes for some map failure modes - Block area split if accesses are present - Match VFIO behavior for pin/unpin when the IOVA is unaligned. Round down the IOVA to PAGE_SIZE and assume the caller will take an offset into the first page based on IOVA % PAGE_SIZE - Increase VFIO_IOMMU_TYPE1_INFO_DMA_AVAIL to U32_MAX for s390 - Enforce that access->ops->unmap is set if pin_pages is used - Split the test code into several patches to stay below the 100k mailing list message size limit - A few code naming changes for clarity - Use double span for IOVA allocation - Lots of comment and doc updates v4: https://lore.kernel.org/r/0-v4-0de2f6c78ed0+9d1-iommufd_jgg@nvidia.com - Rebase to v6.1-rc3, include the iommu branch with the needed EINVAL patch series and also the SVA rework - All bug fixes and comments with no API or behavioral changes - gvt tests are passing again - Syzkaller is no longer finding issues and achieved high coverage of 69%(75%) - Coverity has been run by two people - new "nth failure" test that systematically sweeps all error unwind paths looking for splats - All fixes noted in the mailing list If you sent an email and I didn't reply please ping it, I have lost it. - The selftest patch has been broken into three to make the additional modification to the main code clearer - The interdiff is 1.8k lines for the main code, with another 3k of test suite changes v3: https://lore.kernel.org/r/0-v3-402a7d6459de+24b-iommufd_jgg@nvidia.com - Rebase to v6.1-rc1 - Improve documentation - Use EXPORT_SYMBOL_NS - Fix W1, checkpatch stuff - Revise pages.c to resolve the FIXMEs. Create a interval_tree_double_span_iter which allows a simple expression of the previously problematic algorithms - Consistently use the word 'access' instead of user to refer to an access from an in-kernel user (eg vfio mdev) - Support two forms of rlimit accounting and make the vfio compatible one the default in compatability mode (following series) - Support old VFIO type1 by disabling huge pages and implementing a simple algorithm to split a struct iopt_area - Full implementation of access support, test coverage and optimizations - Complete COPY to be able to copy across contiguous areas. Improve all the algorithms around contiguous areas with a dedicated iterator - Functional ENFORCED_COHERENT support - Support multi-device groups - Lots of smaller changes (the interdiff is 5k lines) v2: https://lore.kernel.org/r/0-v2-f9436d0bde78+4bb-iommufd_jgg@nvidia.com - Rebase to v6.0-rc3 - Improve comments - Change to an iterative destruction approach to avoid cycles - Near rewrite of the vfio facing implementation, supported by a complete implementation on the vfio side - New IOMMU_IOAS_ALLOW_IOVAS API as discussed. Allows userspace to assert that ranges of IOVA must always be mappable. To be used by a VMM that has promised a guest a certain availability of IOVA. May help guide PPC's multi-window implementation. - Rework how unmap_iova works, user can unmap the whole ioas now - The no-snoop / wbinvd support is implemented - Bug fixes - Test suite improvements - Lots of smaller changes (the interdiff is 3k lines) v1: https://lore.kernel.org/r/0-v1-e79cd8d168e8+6-iommufd_jgg@nvidia.com # S390 in-kernel page table walker Cc: Niklas Schnelle <schnelle(a)linux.ibm.com> Cc: Matthew Rosato <mjrosato(a)linux.ibm.com> # AMD Dirty page tracking Cc: Joao Martins <joao.m.martins(a)oracle.com> # ARM SMMU Dirty page tracking Cc: Keqian Zhu <zhukeqian1(a)huawei.com> Cc: Shameerali Kolothum Thodi <shameerali.kolothum.thodi(a)huawei.com> # ARM SMMU nesting Cc: Eric Auger <eric.auger(a)redhat.com> Cc: Jean-Philippe Brucker <jean-philippe(a)linaro.org> # Map/unmap performance Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> # VDPA Cc: "Michael S. Tsirkin" <mst(a)redhat.com> Cc: Jason Wang <jasowang(a)redhat.com> # Power Cc: David Gibson <david(a)gibson.dropbear.id.au> # vfio Cc: Alex Williamson <alex.williamson(a)redhat.com> Cc: Cornelia Huck <cohuck(a)redhat.com> Cc: kvm(a)vger.kernel.org # iommu Cc: iommu(a)lists.linux.dev # Collaborators Cc: "Chaitanya Kulkarni" <chaitanyak(a)nvidia.com> Cc: Nicolin Chen <nicolinc(a)nvidia.com> Cc: Lu Baolu <baolu.lu(a)linux.intel.com> Cc: Kevin Tian <kevin.tian(a)intel.com> Cc: Yi Liu <yi.l.liu(a)intel.com> # s390 Cc: Eric Farman <farman(a)linux.ibm.com> Cc: Anthony Krowiak <akrowiak(a)linux.ibm.com> Cc: Halil Pasic <pasic(a)linux.ibm.com> Cc: Jason Herne <jjherne(a)linux.ibm.com> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> Jason Gunthorpe (17): iommu: Add IOMMU_CAP_ENFORCE_CACHE_COHERENCY interval-tree: Add a utility to iterate over spans in an interval tree scripts/kernel-doc: support EXPORT_SYMBOL_NS_GPL() with -export iommufd: File descriptor, context, kconfig and makefiles kernel/user: Allow user::locked_vm to be usable for iommufd iommufd: PFN handling for iopt_pages iommufd: Algorithms for PFN storage iommufd: Data structure to provide IOVA to PFN mapping iommufd: IOCTLs for the io_pagetable iommufd: Add a HW pagetable object iommufd: Add kAPI toward external drivers for physical devices iommufd: Add kAPI toward external drivers for kernel access iommufd: vfio container FD ioctl compatibility iommufd: Add kernel support for testing iommufd iommufd: Add some fault injection points iommufd: Add additional invariant assertions iommufd: Add a selftest Kevin Tian (1): iommufd: Document overview of iommufd Lu Baolu (1): iommu: Add device-centric DMA ownership interfaces .clang-format | 3 + Documentation/userspace-api/index.rst | 1 + .../userspace-api/ioctl/ioctl-number.rst | 1 + Documentation/userspace-api/iommufd.rst | 223 ++ MAINTAINERS | 12 + drivers/iommu/Kconfig | 1 + drivers/iommu/Makefile | 2 +- drivers/iommu/amd/iommu.c | 2 + drivers/iommu/intel/iommu.c | 16 +- drivers/iommu/iommu.c | 121 +- drivers/iommu/iommufd/Kconfig | 23 + drivers/iommu/iommufd/Makefile | 13 + drivers/iommu/iommufd/device.c | 774 +++++++ drivers/iommu/iommufd/double_span.h | 53 + drivers/iommu/iommufd/hw_pagetable.c | 57 + drivers/iommu/iommufd/io_pagetable.c | 1212 ++++++++++ drivers/iommu/iommufd/io_pagetable.h | 241 ++ drivers/iommu/iommufd/ioas.c | 390 ++++ drivers/iommu/iommufd/iommufd_private.h | 307 +++ drivers/iommu/iommufd/iommufd_test.h | 93 + drivers/iommu/iommufd/main.c | 419 ++++ drivers/iommu/iommufd/pages.c | 1981 +++++++++++++++++ drivers/iommu/iommufd/selftest.c | 853 +++++++ drivers/iommu/iommufd/vfio_compat.c | 458 ++++ include/linux/interval_tree.h | 58 + include/linux/iommu.h | 17 + include/linux/iommufd.h | 102 + include/linux/sched/user.h | 2 +- include/uapi/linux/iommufd.h | 335 +++ kernel/user.c | 1 + lib/Kconfig | 4 + lib/interval_tree.c | 132 ++ scripts/kernel-doc | 12 +- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/iommu/.gitignore | 3 + tools/testing/selftests/iommu/Makefile | 12 + tools/testing/selftests/iommu/config | 2 + tools/testing/selftests/iommu/iommufd.c | 1627 ++++++++++++++ .../selftests/iommu/iommufd_fail_nth.c | 580 +++++ tools/testing/selftests/iommu/iommufd_utils.h | 278 +++ 40 files changed, 10385 insertions(+), 37 deletions(-) create mode 100644 Documentation/userspace-api/iommufd.rst create mode 100644 drivers/iommu/iommufd/Kconfig create mode 100644 drivers/iommu/iommufd/Makefile create mode 100644 drivers/iommu/iommufd/device.c create mode 100644 drivers/iommu/iommufd/double_span.h create mode 100644 drivers/iommu/iommufd/hw_pagetable.c create mode 100644 drivers/iommu/iommufd/io_pagetable.c create mode 100644 drivers/iommu/iommufd/io_pagetable.h create mode 100644 drivers/iommu/iommufd/ioas.c create mode 100644 drivers/iommu/iommufd/iommufd_private.h create mode 100644 drivers/iommu/iommufd/iommufd_test.h create mode 100644 drivers/iommu/iommufd/main.c create mode 100644 drivers/iommu/iommufd/pages.c create mode 100644 drivers/iommu/iommufd/selftest.c create mode 100644 drivers/iommu/iommufd/vfio_compat.c create mode 100644 include/linux/iommufd.h create mode 100644 include/uapi/linux/iommufd.h create mode 100644 tools/testing/selftests/iommu/.gitignore create mode 100644 tools/testing/selftests/iommu/Makefile create mode 100644 tools/testing/selftests/iommu/config create mode 100644 tools/testing/selftests/iommu/iommufd.c create mode 100644 tools/testing/selftests/iommu/iommufd_fail_nth.c create mode 100644 tools/testing/selftests/iommu/iommufd_utils.h base-commit: 69e61edebea030f177de7a23b8d5d9b8c4a90bda -- 2.38.1

1 year, 5 months

6
58
0 0

[PATCH v4 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC

by jeffxu＠chromium.org

From: Jeff Xu <jeffxu(a)chromium.org> The new MFD_NOEXEC_SEAL and MFD_EXEC flags allows application to set executable bit at creation time (memfd_create). When MFD_NOEXEC_SEAL is set, memfd is created without executable bit (mode:0666), and sealed with F_SEAL_EXEC, so it can't be chmod to be executable (mode: 0777) after creation. when MFD_EXEC flag is set, memfd is created with executable bit (mode:0777), this is the same as the old behavior of memfd_create. The new pid namespaced sysctl vm.memfd_noexec has 3 values: 0: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like MFD_EXEC was set. 1: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like MFD_NOEXEC_SEAL was set. 2: memfd_create() without MFD_NOEXEC_SEAL will be rejected. The sysctl allows finer control of memfd_create for old-software that doesn't set the executable bit, for example, a container with vm.memfd_noexec=1 means the old-software will create non-executable memfd by default. Signed-off-by: Jeff Xu <jeffxu(a)chromium.org> Co-developed-by: Daniel Verkamp <dverkamp(a)chromium.org> Signed-off-by: Daniel Verkamp <dverkamp(a)chromium.org> Reported-by: kernel test robot <lkp(a)intel.com> --- include/linux/pid_namespace.h | 19 ++++++++++++++ include/uapi/linux/memfd.h | 4 +++ kernel/pid_namespace.c | 48 +++++++++++++++++++++++++++++++++++ mm/memfd.c | 48 +++++++++++++++++++++++++++++++++-- 4 files changed, 117 insertions(+), 2 deletions(-) diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h index 07481bb87d4e..a4789a7b34a9 100644 --- a/include/linux/pid_namespace.h +++ b/include/linux/pid_namespace.h @@ -16,6 +16,21 @@ struct fs_pin; +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) +/* + * sysctl for vm.memfd_noexec + * 0: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL + * acts like MFD_EXEC was set. + * 1: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL + * acts like MFD_NOEXEC_SEAL was set. + * 2: memfd_create() without MFD_NOEXEC_SEAL will be + * rejected. + */ +#define MEMFD_NOEXEC_SCOPE_EXEC 0 +#define MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL 1 +#define MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED 2 +#endif + struct pid_namespace { struct idr idr; struct rcu_head rcu; @@ -31,6 +46,10 @@ struct pid_namespace { struct ucounts *ucounts; int reboot; /* group exit code if this pidns was rebooted */ struct ns_common ns; +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) + /* sysctl for vm.memfd_noexec */ + int memfd_noexec_scope; +#endif } __randomize_layout; extern struct pid_namespace init_pid_ns; diff --git a/include/uapi/linux/memfd.h b/include/uapi/linux/memfd.h index 7a8a26751c23..273a4e15dfcf 100644 --- a/include/uapi/linux/memfd.h +++ b/include/uapi/linux/memfd.h @@ -8,6 +8,10 @@ #define MFD_CLOEXEC 0x0001U #define MFD_ALLOW_SEALING 0x0002U #define MFD_HUGETLB 0x0004U +/* not executable and sealed to prevent changing to executable. */ +#define MFD_NOEXEC_SEAL 0x0008U +/* executable */ +#define MFD_EXEC 0x0010U /* * Huge page size encoding when MFD_HUGETLB is specified, and a huge page diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c index f4f8cb0435b4..2b7563ddd22c 100644 --- a/kernel/pid_namespace.c +++ b/kernel/pid_namespace.c @@ -110,6 +110,11 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns ns->ucounts = ucounts; ns->pid_allocated = PIDNS_ADDING; +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) + ns->memfd_noexec_scope = + task_active_pid_ns(current)->memfd_noexec_scope; +#endif + return ns; out_free_idr: @@ -255,6 +260,45 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns) return; } +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) +static int pid_mfd_noexec_dointvec_minmax(struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos) +{ + struct pid_namespace *ns = task_active_pid_ns(current); + struct ctl_table table_copy; + + if (write && !capable(CAP_SYS_ADMIN)) + return -EPERM; + + table_copy = *table; + if (ns != &init_pid_ns) + table_copy.data = &ns->memfd_noexec_scope; + + /* + * set minimum to current value, the effect is only bigger + * value is accepted. + */ + if (*(int *)table_copy.data > *(int *)table_copy.extra1) + table_copy.extra1 = table_copy.data; + + return proc_dointvec_minmax(&table_copy, write, buffer, lenp, ppos); +} + +static struct ctl_table pid_ns_ctl_table_vm[] = { + { + .procname = "memfd_noexec", + .data = &init_pid_ns.memfd_noexec_scope, + .maxlen = sizeof(init_pid_ns.memfd_noexec_scope), + .mode = 0644, + .proc_handler = pid_mfd_noexec_dointvec_minmax, + .extra1 = SYSCTL_ZERO, + .extra2 = SYSCTL_TWO, + }, + { } +}; +static struct ctl_path vm_path[] = { { .procname = "vm", }, { } }; +#endif + #ifdef CONFIG_CHECKPOINT_RESTORE static int pid_ns_ctl_handler(struct ctl_table *table, int write, void *buffer, size_t *lenp, loff_t *ppos) @@ -455,6 +499,10 @@ static __init int pid_namespaces_init(void) #ifdef CONFIG_CHECKPOINT_RESTORE register_sysctl_paths(kern_path, pid_ns_ctl_table); #endif + +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) + register_sysctl_paths(vm_path, pid_ns_ctl_table_vm); +#endif return 0; } diff --git a/mm/memfd.c b/mm/memfd.c index 4ebeab94aa74..ec70675a7069 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -18,6 +18,7 @@ #include <linux/hugetlb.h> #include <linux/shmem_fs.h> #include <linux/memfd.h> +#include <linux/pid_namespace.h> #include <uapi/linux/memfd.h> /* @@ -263,12 +264,14 @@ long memfd_fcntl(struct file *file, unsigned int cmd, unsigned long arg) #define MFD_NAME_PREFIX_LEN (sizeof(MFD_NAME_PREFIX) - 1) #define MFD_NAME_MAX_LEN (NAME_MAX - MFD_NAME_PREFIX_LEN) -#define MFD_ALL_FLAGS (MFD_CLOEXEC | MFD_ALLOW_SEALING | MFD_HUGETLB) +#define MFD_ALL_FLAGS (MFD_CLOEXEC | MFD_ALLOW_SEALING | MFD_HUGETLB | MFD_NOEXEC_SEAL | MFD_EXEC) SYSCALL_DEFINE2(memfd_create, const char __user *, uname, unsigned int, flags) { + char comm[TASK_COMM_LEN]; + struct pid_namespace *ns; unsigned int *file_seals; struct file *file; int fd, error; @@ -285,6 +288,39 @@ SYSCALL_DEFINE2(memfd_create, return -EINVAL; } + /* Invalid if both EXEC and NOEXEC_SEAL are set.*/ + if ((flags & MFD_EXEC) && (flags & MFD_NOEXEC_SEAL)) + return -EINVAL; + + if (!(flags & (MFD_EXEC | MFD_NOEXEC_SEAL))) { +#ifdef CONFIG_SYSCTL + int sysctl = MEMFD_NOEXEC_SCOPE_EXEC; + + ns = task_active_pid_ns(current); + if (ns) + sysctl = ns->memfd_noexec_scope; + + switch (sysctl) { + case MEMFD_NOEXEC_SCOPE_EXEC: + flags |= MFD_EXEC; + break; + case MEMFD_NOEXEC_SCOPE_NOEXEC_SEAL: + flags |= MFD_NOEXEC_SEAL; + break; + default: + pr_warn_ratelimited( + "memfd_create(): MFD_NOEXEC_SEAL is enforced, pid=%d '%s'\n", + task_pid_nr(current), get_task_comm(comm, current)); + return -EINVAL; + } +#else + flags |= MFD_EXEC; +#endif + pr_warn_ratelimited( + "memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=%d '%s'\n", + task_pid_nr(current), get_task_comm(comm, current)); + } + /* length includes terminating zero */ len = strnlen_user(uname, MFD_NAME_MAX_LEN + 1); if (len <= 0) @@ -328,7 +364,15 @@ SYSCALL_DEFINE2(memfd_create, file->f_mode |= FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE; file->f_flags |= O_LARGEFILE; - if (flags & MFD_ALLOW_SEALING) { + if (flags & MFD_NOEXEC_SEAL) { + struct inode *inode = file_inode(file); + + inode->i_mode &= ~0111; + file_seals = memfd_file_seals_ptr(file); + *file_seals &= ~F_SEAL_SEAL; + *file_seals |= F_SEAL_EXEC; + } else if (flags & MFD_ALLOW_SEALING) { + /* MFD_EXEC and MFD_ALLOW_SEALING are set */ file_seals = memfd_file_seals_ptr(file); *file_seals &= ~F_SEAL_SEAL; } -- 2.39.0.rc0.267.gcb52ba06e7-goog

1 year, 5 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror December 2022