May 2022 - Linux-kselftest-mirror

[PATCH 0/2] selftests/x86: AMX-related test improvements

by Chang S. Bae

A couple of test updates are included: * With this option [1,2], the kernel's altstack check becomes stringent. The x86 sigaltstack test is ignorant about this. Adjust the test now. This check was established [3] to ensure every AMX task's altstack is sufficient (regardless of that option) [4]. * The AMX test wrongly fails on non-AMX machines. Fix the code to skip the test instead. The series is available in this repository: git://github.com/intel/amx-linux.git selftest [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arc… [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Doc… [3] 3aac3ebea08f ("x86/signal: Implement sigaltstack size validation") [4] 4b7ca609a33d ("x86/signal: Use fpu::__state_user_size for sigalt stack validation") Chang S. Bae (2): selftests/x86/signal: Adjust the test to the kernel's altstack check selftests/x86/amx: Fix the test to avoid failure when AMX is unavailable tools/testing/selftests/x86/amx.c | 42 +++++++++++++++++------ tools/testing/selftests/x86/sigaltstack.c | 12 ++++++- 2 files changed, 42 insertions(+), 12 deletions(-) base-commit: f443e374ae131c168a065ea1748feac6b2e76613 -- 2.17.1

3 years

2
7
0 0

[PATCH v4 0/4] KVM: s390: selftests: Provide TAP output in tests

by Thomas Huth

This patch series is motivated by Shuah's suggestion here: https://lore.kernel.org/kvm/d576d8f7-980f-3bc6-87ad-5a6ae45609b8@linuxfound… Many s390x KVM selftests do not output any information about which tests have been run, so it's hard to say whether a test binary contains a certain sub-test or not. To improve this situation let's add some TAP output via the kselftest.h interface to these tests, so that it easier to understand what has been executed or not. v4: - Rebased to include test_termination() now in the memop test - Reworked the extension capability check in the memop test v3: - Added comments / fixed cosmetics according to Janosch's and Janis' reviews of the v2 series - Added Reviewed-by tags from the v2 series v2: - Reworked the extension checking in the first patch - Make sure to always print the TAP 13 header in the second patch - Reworked the SKIP printing in the third patch Thomas Huth (4): KVM: s390: selftests: Use TAP interface in the memop test KVM: s390: selftests: Use TAP interface in the sync_regs test KVM: s390: selftests: Use TAP interface in the tprot test KVM: s390: selftests: Use TAP interface in the reset test tools/testing/selftests/kvm/s390x/memop.c | 95 +++++++++++++++---- tools/testing/selftests/kvm/s390x/resets.c | 38 ++++++-- .../selftests/kvm/s390x/sync_regs_test.c | 87 +++++++++++++---- tools/testing/selftests/kvm/s390x/tprot.c | 29 +++++- 4 files changed, 197 insertions(+), 52 deletions(-) -- 2.31.1

3 years

4
10
0 0

[RFC V1 PATCH 0/3] selftests: KVM: sev: selftests for fd-based approach of supporting private memory

by Vishal Annapurve

This series implements selftests targeting the feature floated by Chao via: https://lore.kernel.org/linux-mm/20220519153713.819591-1-chao.p.peng@linux.… Below changes aim to test the fd based approach for guest private memory in context of SEV/SEV-ES VMs executing on AMD SEV/SEV-ES compatible platforms. This series has dependency on following patch series: 1) V6 series patches from Chao mentioned above. 2) https://lore.kernel.org/all/20211210164620.11636-1-michael.roth@amd.com/T/ - KVM: selftests: Add support for test-selectable ucall implementations series by Michael Roth 3) https://lore.kernel.org/kvm/20220104234129.dvpv3o3tihvzsqcr@amd.com/T/ - KVM: selftests: Add tests for SEV and SEV-ES guests series by Michael Roth And few additional patches: * https://github.com/vishals4gh/linux/commit/2cb215cb6b4dff7fdf70349816517962… - Confidential platforms along with the confidentiality aware software stack support a notion of private/shared accesses from the confidential VMs. Generally, a bit in the GPA conveys the shared/private-ness of the access. SEV/SEV-ES implementation doesn't expose the encryption bit information via fault address to KVM and so this hack is still needed to signal private/shared access ranges to the kvm. * https://github.com/vishals4gh/linux/commit/81a7d24231f6b8fb4174bbf97ed73368… Github link for the patches posted as part of this series: https://github.com/vishals4gh/linux/commits/sev_upm_selftests_rfc_v1 sev_priv_memfd_test.c file adds a suite of selftests to access private memory from the SEV/SEV-ES guests via private/shared accesses and checking if the contents can be leaked to/accessed by vmm via shared memory view. To allow SEV/SEV-ES VMs to toggle the encryption bit during memory conversion, support is added for mapping guest pagetables to guest va ranges and passing the mapping information to guests via shared pages. Vishal Annapurve (3): selftests: kvm: x86_64: Add support for pagetable tracking selftests: kvm: sev: Handle hypercall exit selftests: kvm: sev: Port UPM selftests onto SEV/SEV-ES VMs tools/testing/selftests/kvm/.gitignore | 1 + tools/testing/selftests/kvm/Makefile | 1 + .../selftests/kvm/include/kvm_util_base.h | 98 ++ tools/testing/selftests/kvm/lib/kvm_util.c | 81 +- .../selftests/kvm/lib/kvm_util_internal.h | 9 + .../selftests/kvm/lib/x86_64/processor.c | 36 + .../selftests/kvm/lib/x86_64/sev_exitlib.c | 39 +- .../kvm/x86_64/sev_priv_memfd_test.c | 1511 +++++++++++++++++ 8 files changed, 1770 insertions(+), 6 deletions(-) create mode 100644 tools/testing/selftests/kvm/x86_64/sev_priv_memfd_test.c -- 2.36.1.124.g0e6072fb45-goog

3 years

2
7
0 0

[PATCH] selftests/vm: Add protection_keys tests to run_vmtests

by Kalpana Shetty

Signed-off-by: Kalpana Shetty <kalpana.shetty(a)amd.com> --- tools/testing/selftests/vm/run_vmtests.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/testing/selftests/vm/run_vmtests.sh b/tools/testing/selftests/vm/run_vmtests.sh index 41fce8bea929..54a0c28f810c 100755 --- a/tools/testing/selftests/vm/run_vmtests.sh +++ b/tools/testing/selftests/vm/run_vmtests.sh @@ -179,4 +179,11 @@ run_test ./ksm_tests -N -m 1 # KSM test with 2 NUMA nodes and merge_across_nodes = 0 run_test ./ksm_tests -N -m 0 +# protection_keys tests +if [ $VADDR64 -eq 0 ]; then + run_test ./protection_keys_32 +else + run_test ./protection_keys_64 +fi + exit $exitcode -- 2.25.1

3 years

4
4
0 0

[PATCH v2] selftests/sgx: add test_encl.elf to TEST_GEN_FILES

by Jarkko Sakkinen

TEST_GEN_FILES contains files that are generated during compilation and are required to be included together with the test binaries, e.g. when performing: make -C tools/testing/selftests install INSTALL_PATH=/some/other/path [*] Add test_encl.elf to TEST_GEN_FILES because otherwise the installed test binary will fail to run. [*] https://docs.kernel.org/dev-tools/kselftest.html Cc: stable(a)vger.kernel.org Fixes: 2adcba79e69d ("selftests/x86: Add a selftest for SGX") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v2: Use TEST_GEN_FILES in the "all" target, instead of duplicating the path for test_encl.elf. --- tools/testing/selftests/sgx/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/sgx/Makefile b/tools/testing/selftests/sgx/Makefile index 75af864e07b6..7f60811b5b20 100644 --- a/tools/testing/selftests/sgx/Makefile +++ b/tools/testing/selftests/sgx/Makefile @@ -17,9 +17,10 @@ ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \ -fno-stack-protector -mrdrnd $(INCLUDES) TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx +TEST_GEN_FILES := $(OUTPUT)/test_encl.elf ifeq ($(CAN_BUILD_X86_64), 1) -all: $(TEST_CUSTOM_PROGS) $(OUTPUT)/test_encl.elf +all: $(TEST_CUSTOM_PROGS) $(TEST_GEN_FILES) endif $(OUTPUT)/test_sgx: $(OUTPUT)/main.o \ -- 2.36.1

3 years

2
2
0 0

[PATCH AUTOSEL 5.17 089/135] kunit: bail out of test filtering logic quicker if OOM

by Sasha Levin

From: Daniel Latypov <dlatypov(a)google.com> [ Upstream commit a02353f491622e49c7ddedc6a6dc4f1d6ed2150a ] When filtering what tests to run (suites and/or cases) via kunit.filter_glob (e.g. kunit.py run <glob>), we allocate copies of suites. These allocations can fail, and we largely don't handle that. Note: realistically, this probably doesn't matter much. We're not allocating much memory and this happens early in boot, so if we can't do that, then there's likely far bigger problems. This patch makes us immediately bail out from the top-level function (kunit_filter_suites) with -ENOMEM if any of the underlying kmalloc() calls return NULL. Implementation note: we used to return NULL pointers from some functions to indicate either that all suites/tests were filtered out or there was an error allocating the new array. We'll log a short error in this case and not run any tests or print a TAP header. From a kunit.py user's perspective, they'll get a message about missing/invalid TAP output and have to dig into the test.log to see it. Since hitting this error seems so unlikely, it's probably fine to not invent a way to plumb this error message more visibly. See also: https://lore.kernel.org/linux-kselftest/20220329103919.2376818-1-lv.ruyi@zt… Signed-off-by: Daniel Latypov <dlatypov(a)google.com> Reported-by: Zeal Robot <zealci(a)zte.com.cn> Reported-by: Lv Ruyi <lv.ruyi(a)zte.com.cn> Reviewed-by: Brendan Higgins <brendanhiggins(a)google.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- lib/kunit/executor.c | 27 ++++++++++++++++++++++----- lib/kunit/executor_test.c | 4 +++- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/lib/kunit/executor.c b/lib/kunit/executor.c index 22640c9ee819..2f73a6a35a7e 100644 --- a/lib/kunit/executor.c +++ b/lib/kunit/executor.c @@ -71,9 +71,13 @@ kunit_filter_tests(struct kunit_suite *const suite, const char *test_glob) /* Use memcpy to workaround copy->name being const. */ copy = kmalloc(sizeof(*copy), GFP_KERNEL); + if (!copy) + return ERR_PTR(-ENOMEM); memcpy(copy, suite, sizeof(*copy)); filtered = kcalloc(n + 1, sizeof(*filtered), GFP_KERNEL); + if (!filtered) + return ERR_PTR(-ENOMEM); n = 0; kunit_suite_for_each_test_case(suite, test_case) { @@ -106,14 +110,16 @@ kunit_filter_subsuite(struct kunit_suite * const * const subsuite, filtered = kmalloc_array(n + 1, sizeof(*filtered), GFP_KERNEL); if (!filtered) - return NULL; + return ERR_PTR(-ENOMEM); n = 0; for (i = 0; subsuite[i] != NULL; ++i) { if (!glob_match(filter->suite_glob, subsuite[i]->name)) continue; filtered_suite = kunit_filter_tests(subsuite[i], filter->test_glob); - if (filtered_suite) + if (IS_ERR(filtered_suite)) + return ERR_CAST(filtered_suite); + else if (filtered_suite) filtered[n++] = filtered_suite; } filtered[n] = NULL; @@ -146,7 +152,8 @@ static void kunit_free_suite_set(struct suite_set suite_set) } static struct suite_set kunit_filter_suites(const struct suite_set *suite_set, - const char *filter_glob) + const char *filter_glob, + int *err) { int i; struct kunit_suite * const **copy, * const *filtered_subsuite; @@ -166,6 +173,10 @@ static struct suite_set kunit_filter_suites(const struct suite_set *suite_set, for (i = 0; i < max; ++i) { filtered_subsuite = kunit_filter_subsuite(suite_set->start[i], &filter); + if (IS_ERR(filtered_subsuite)) { + *err = PTR_ERR(filtered_subsuite); + return filtered; + } if (filtered_subsuite) *copy++ = filtered_subsuite; } @@ -236,9 +247,15 @@ int kunit_run_all_tests(void) .start = __kunit_suites_start, .end = __kunit_suites_end, }; + int err; - if (filter_glob_param) - suite_set = kunit_filter_suites(&suite_set, filter_glob_param); + if (filter_glob_param) { + suite_set = kunit_filter_suites(&suite_set, filter_glob_param, &err); + if (err) { + pr_err("kunit executor: error filtering suites: %d\n", err); + return err; + } + } if (!action_param) kunit_exec_run_tests(&suite_set); diff --git a/lib/kunit/executor_test.c b/lib/kunit/executor_test.c index 4ed57fd94e42..eac6ff480273 100644 --- a/lib/kunit/executor_test.c +++ b/lib/kunit/executor_test.c @@ -137,14 +137,16 @@ static void filter_suites_test(struct kunit *test) .end = suites + 2, }; struct suite_set filtered = {.start = NULL, .end = NULL}; + int err = 0; /* Emulate two files, each having one suite */ subsuites[0][0] = alloc_fake_suite(test, "suite0", dummy_test_cases); subsuites[1][0] = alloc_fake_suite(test, "suite1", dummy_test_cases); /* Filter out suite1 */ - filtered = kunit_filter_suites(&suite_set, "suite0"); + filtered = kunit_filter_suites(&suite_set, "suite0", &err); kfree_subsuites_at_end(test, &filtered); /* let us use ASSERTs without leaking */ + KUNIT_EXPECT_EQ(test, err, 0); KUNIT_ASSERT_EQ(test, filtered.end - filtered.start, (ptrdiff_t)1); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, filtered.start); -- 2.35.1

3 years

2
3
0 0

[PATCH v12 00/40] arm64/sme: Initial support for the Scalable Matrix Extension

by Mark Brown

This series provides initial support for the ARMv9 Scalable Matrix Extension (SME). SME takes the approach used for vectors in SVE and extends this to provide architectural support for matrix operations. A more detailed overview can be found in [1]. For the kernel SME can be thought of as a series of features which are intended to be used together by applications but operate mostly orthogonally: - The ZA matrix register. - Streaming mode, in which ZA can be accessed and a subset of SVE features are available. - A second vector length, used for streaming mode SVE and ZA and controlled using a similar interface to that for SVE. - TPIDR2, a new userspace controllable system register intended for use by the C library for storing context related to the ZA ABI. A substantial part of the series is dedicated to refactoring the existing SVE support so that we don't need to duplicate code for handling vector lengths and the SVE registers, this involves creating an array of vector types and making the users take the vector type as a parameter. I'm not 100% happy with this but wasn't able to come up with anything better, duplicating code definitely felt like a bad idea so this felt like the least bad thing. If this approach makes sense to people it might make sense to split this off into a separate series and/or merge it while the rest is pending review to try to make things a little more digestable, the series is very large so it'd probably make things easier to digest if some of the preparatory refactoring could be merged before the rest is ready. One feature of the architecture of particular note is that switching to and from streaming mode may change the size of and invalidate the contents of the SVE registers, and when in streaming mode the FFR is not accessible. This complicates aspects of the ABI like signal handling and ptrace. This initial implementation is mainly intended to get the ABI in place, there are several areas which will be worked on going forwards - some of these will be blockers, others could be handled in followup serieses: - SME is currently not supported for KVM guests, this will be done as a followup series. A host system can use SME and run KVM guests but SME is not available in the guests. - The KVM host support is done in a very simplistic way, were anyone to attempt to use it in production there would be performance impacts on hosts with SME support. As part of this we also add enumeration of fine grained traps. - There is not currently ptrace or signal support TPIDR2, this will be done as a followup series. - No support is currently provided for scheduler control of SME or SME applications, given the size of the SME register state the context switch overhead may be noticable so this may be needed especially for real time applications. Similar concerns already exist for larger SVE vector lengths but are amplified for SME, particularly as the vector length increases. - There has been no work on optimising the performance of anything the kernel does. It is not expected that any systems will be encountered that support SME but not SVE, SME is an ARMv9 feature and SVE is mandatory for ARMv9. The code attempts to handle any such systems that are encountered but this hasn't been tested extensively. v12: - Fix some typos in the ABI document. - Print a message when we skip a vector length in the signal tests. - Add note of earliest toolchain versions with SME to manual encodings for future reference now that's landed. - Drop reference to PCS in sme.rst, it's not referenced and one of the links was broken. - Encode smstop and smstart as sysregs in the kernel. - Don't redundantly flush the SVE register state when loading FPSIMD state with SME enabled for the task, the architecture will do this for us. - Introduce and use task_get_cur_vl() to get the vector length for the currently active SVE registers. - Fix support for !FA64 mode in signal and syscall tests. - Simplify instruction sequence for ssve_regs signal test. - Actually include the ZA signal test in the patch set. v11: - Rebase onto v5.17-rc3. - Provide a sme-inst.h to collect manual encodings in kselftest. v10: - Actually do the rebase of fixups from the previous version into relevant patches. v9: - Remove defensive programming around IS_ENABLED() and FGT in KVM code. - Fix naming of TPIDR2 FGT register bit. - Add patches making handling of floating point register bits more consistent (also sent as separate series). - Drop now unused enumeration of fine grained traps. v8: - Rebase onto v5.17-rc1. - Support interoperation with KVM, SME is disabled for KVM guests with minimal handling for cleaning up SME state when entering and leaving the guest. - Document and implement that signal handlers are invoked with ZA and streaming mode disabled. - Use the RDSVL instruction introduced in EAC2 of the architecture to obtain the streaming mode vector length during enumeration, ZA state loading/saving and in test programs. - Store a pointer to SVCR in fpsimd_last_state and use it in fpsimd_save() for interoperation with KVM. - Add a test case sme_trap_no_sm checking that we generate a SIGILL when using an instruction that requires streaming mode without enabling it. - Add basic ZA context form validation to testcases helper library. - Move signal tests over to validating streaming VL from ZA information. - Pulled in patch removing ARRAY_SIZE() so that kselftest builds cleanly and to avoid trivial conflicts. v7: - Rebase onto v5.16-rc3. - Reduce indentation when supporting custom triggers for signal tests as suggested by Catalin. - Change to specifying a width for all CPU features rather than adding single bit specific infrastructure. - Don't require zeroing of non-shared SVE state during syscalls. v6: - Rebase onto v5.16-rc1. - Return to disabling TIF_SVE on kernel entry even if we have SME state, this avoids the need for KVM to handle the case where TIF_SVE is set on guest entry. - Add syscall-abi.h to SME updates to syscall-abi, mistakenly omitted from commit. v5: - Rebase onto currently merged SVE and kselftest patches. - Add support for the FA64 option, introduced in the recently published EAC1 update to the specification. - Pull in test program for the syscall ABI previously sent separately with some revisions and add coverage for the SME ABI. - Fix checking for options with 1 bit fields in ID_AA64SMFR0_EL1. - Minor fixes and clarifications to the ABI documentation. v4: - Rebase onto merged patches. - Remove an uneeded NULL check in vec_proc_do_default_vl(). - Include patch to factor out utility routines in kselftests written in assembler. - Specify -ffreestanding when building TPIDR2 test. v3: - Skip FFR rather than predicate registers in sve_flush_live(). - Don't assume a bool is all zeros in sve_flush_live() as per AAPCS. - Don't redundantly specify a zero index when clearing FFR. v2: - Fix several issues with !SME and !SVE configurations. - Preserve TPIDR2 when creating a new thread/process unless CLONE_SETTLS is set. - Report traps due to using features in an invalid mode as SIGILL. - Spell out streaming mode behaviour in SVE ABI documentation more directly. - Document TPIDR2 in the ABI document. - Use SMSTART and SMSTOP rather than read/modify/write sequences. - Rework logic for exiting streaming mode on syscall. - Don't needlessly initialise SVCR on access trap. - Always restore SME VL for userspace if SME traps are disabled. - Only yield to encourage preemption every 128 iterations in za-test, otherwise do a getpid(), and validate SVCR after syscall. - Leave streaming mode disabled except when reading the vector length in za-test, and disable ZA after detecting a mismatch. - Add SME support to vlset. - Clarifications and typo fixes in comments. - Move sme_alloc() forward declaration back a patch. [1] https://community.arm.com/developer/ip-products/processors/b/processors-ip-… Mark Brown (40): arm64: Define CPACR_EL1_FPEN similarly to other floating point controls arm64: Always use individual bits in CPACR floating point enables arm64: cpufeature: Always specify and use a field width for capabilities kselftest/arm64: Remove local ARRAY_SIZE() definitions kselftest/arm64: signal: Allow tests to be incompatible with features arm64/sme: Provide ABI documentation for SME arm64/sme: System register and exception syndrome definitions arm64/sme: Manually encode SME instructions arm64/sme: Early CPU setup for SME arm64/sme: Basic enumeration support arm64/sme: Identify supported SME vector lengths at boot arm64/sme: Implement sysctl to set the default vector length arm64/sme: Implement vector length configuration prctl()s arm64/sme: Implement support for TPIDR2 arm64/sme: Implement SVCR context switching arm64/sme: Implement streaming SVE context switching arm64/sme: Implement ZA context switching arm64/sme: Implement traps and syscall handling for SME arm64/sme: Disable ZA and streaming mode when handling signals arm64/sme: Implement streaming SVE signal handling arm64/sme: Implement ZA signal handling arm64/sme: Implement ptrace support for streaming mode SVE registers arm64/sme: Add ptrace support for ZA arm64/sme: Disable streaming mode and ZA when flushing CPU state arm64/sme: Save and restore streaming mode over EFI runtime calls KVM: arm64: Hide SME system registers from guests KVM: arm64: Trap SME usage in guest KVM: arm64: Handle SME host state when running guests arm64/sme: Provide Kconfig for SME kselftest/arm64: Add manual encodings for SME instructions kselftest/arm64: sme: Add SME support to vlset kselftest/arm64: Add tests for TPIDR2 kselftest/arm64: Extend vector configuration API tests to cover SME kselftest/arm64: sme: Provide streaming mode SVE stress test kselftest/arm64: signal: Handle ZA signal context in core code kselftest/arm64: Add stress test for SME ZA context switching kselftest/arm64: signal: Add SME signal handling tests kselftest/arm64: Add streaming SVE to SVE ptrace tests kselftest/arm64: Add coverage for the ZA ptrace interface kselftest/arm64: Add SME support to syscall ABI test Documentation/arm64/elf_hwcaps.rst | 33 + Documentation/arm64/index.rst | 1 + Documentation/arm64/sme.rst | 427 +++++++++++++ Documentation/arm64/sve.rst | 70 ++- arch/arm64/Kconfig | 11 + arch/arm64/include/asm/cpu.h | 4 + arch/arm64/include/asm/cpufeature.h | 25 + arch/arm64/include/asm/el2_setup.h | 64 +- arch/arm64/include/asm/esr.h | 13 +- arch/arm64/include/asm/exception.h | 1 + arch/arm64/include/asm/fpsimd.h | 110 +++- arch/arm64/include/asm/fpsimdmacros.h | 87 +++ arch/arm64/include/asm/hwcap.h | 8 + arch/arm64/include/asm/kvm_arm.h | 5 +- arch/arm64/include/asm/kvm_host.h | 4 + arch/arm64/include/asm/processor.h | 26 +- arch/arm64/include/asm/sysreg.h | 71 ++- arch/arm64/include/asm/thread_info.h | 2 + arch/arm64/include/uapi/asm/hwcap.h | 8 + arch/arm64/include/uapi/asm/ptrace.h | 69 ++- arch/arm64/include/uapi/asm/sigcontext.h | 55 +- arch/arm64/kernel/cpufeature.c | 273 +++++++-- arch/arm64/kernel/cpuinfo.c | 13 + arch/arm64/kernel/entry-common.c | 11 + arch/arm64/kernel/entry-fpsimd.S | 36 ++ arch/arm64/kernel/fpsimd.c | 565 ++++++++++++++++-- arch/arm64/kernel/process.c | 28 +- arch/arm64/kernel/ptrace.c | 356 +++++++++-- arch/arm64/kernel/signal.c | 188 +++++- arch/arm64/kernel/syscall.c | 29 +- arch/arm64/kernel/traps.c | 1 + arch/arm64/kvm/fpsimd.c | 43 +- arch/arm64/kvm/hyp/include/hyp/switch.h | 4 +- arch/arm64/kvm/hyp/nvhe/switch.c | 30 + arch/arm64/kvm/hyp/vhe/switch.c | 15 +- arch/arm64/kvm/sys_regs.c | 9 +- arch/arm64/tools/cpucaps | 2 + include/uapi/linux/elf.h | 2 + include/uapi/linux/prctl.h | 9 + kernel/sys.c | 12 + tools/testing/selftests/arm64/abi/.gitignore | 1 + tools/testing/selftests/arm64/abi/Makefile | 9 +- .../selftests/arm64/abi/syscall-abi-asm.S | 79 ++- .../testing/selftests/arm64/abi/syscall-abi.c | 205 ++++++- .../testing/selftests/arm64/abi/syscall-abi.h | 15 + tools/testing/selftests/arm64/abi/tpidr2.c | 298 +++++++++ tools/testing/selftests/arm64/fp/.gitignore | 4 + tools/testing/selftests/arm64/fp/Makefile | 12 +- tools/testing/selftests/arm64/fp/rdvl-sme.c | 14 + tools/testing/selftests/arm64/fp/rdvl.S | 10 + tools/testing/selftests/arm64/fp/rdvl.h | 1 + tools/testing/selftests/arm64/fp/sme-inst.h | 51 ++ tools/testing/selftests/arm64/fp/ssve-stress | 59 ++ tools/testing/selftests/arm64/fp/sve-ptrace.c | 13 +- tools/testing/selftests/arm64/fp/sve-test.S | 20 + tools/testing/selftests/arm64/fp/vec-syscfg.c | 10 + tools/testing/selftests/arm64/fp/vlset.c | 10 +- tools/testing/selftests/arm64/fp/za-ptrace.c | 354 +++++++++++ tools/testing/selftests/arm64/fp/za-stress | 59 ++ tools/testing/selftests/arm64/fp/za-test.S | 388 ++++++++++++ .../testing/selftests/arm64/signal/.gitignore | 3 + .../selftests/arm64/signal/test_signals.h | 5 + .../arm64/signal/test_signals_utils.c | 40 +- .../arm64/signal/test_signals_utils.h | 2 + .../testcases/fake_sigreturn_sme_change_vl.c | 92 +++ .../arm64/signal/testcases/sme_trap_no_sm.c | 38 ++ .../signal/testcases/sme_trap_non_streaming.c | 45 ++ .../arm64/signal/testcases/sme_trap_za.c | 36 ++ .../selftests/arm64/signal/testcases/sme_vl.c | 68 +++ .../arm64/signal/testcases/ssve_regs.c | 133 +++++ .../arm64/signal/testcases/testcases.c | 36 ++ .../arm64/signal/testcases/testcases.h | 3 +- .../arm64/signal/testcases/za_regs.c | 128 ++++ 73 files changed, 4711 insertions(+), 250 deletions(-) create mode 100644 Documentation/arm64/sme.rst create mode 100644 tools/testing/selftests/arm64/abi/syscall-abi.h create mode 100644 tools/testing/selftests/arm64/abi/tpidr2.c create mode 100644 tools/testing/selftests/arm64/fp/rdvl-sme.c create mode 100644 tools/testing/selftests/arm64/fp/sme-inst.h create mode 100644 tools/testing/selftests/arm64/fp/ssve-stress create mode 100644 tools/testing/selftests/arm64/fp/za-ptrace.c create mode 100644 tools/testing/selftests/arm64/fp/za-stress create mode 100644 tools/testing/selftests/arm64/fp/za-test.S create mode 100644 tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sme_change_vl.c create mode 100644 tools/testing/selftests/arm64/signal/testcases/sme_trap_no_sm.c create mode 100644 tools/testing/selftests/arm64/signal/testcases/sme_trap_non_streaming.c create mode 100644 tools/testing/selftests/arm64/signal/testcases/sme_trap_za.c create mode 100644 tools/testing/selftests/arm64/signal/testcases/sme_vl.c create mode 100644 tools/testing/selftests/arm64/signal/testcases/ssve_regs.c create mode 100644 tools/testing/selftests/arm64/signal/testcases/za_regs.c base-commit: dfd42facf1e4ada021b939b4e19c935dcdd55566 -- 2.30.2

3 years

5
56
0 0

[PATCH 0/3] bpf: Add support for maps with authenticated values

by Roberto Sassu

One of the desirable features in security is the ability to restrict import of data to a given system based on data authenticity. If data import can be restricted, it would be possible to enforce a system-wide policy based on the signing keys the system owner trusts. This feature is widely used in the kernel. For example, if the restriction is enabled, kernel modules can be plugged in only if they are signed with a key whose public part is in the primary or secondary keyring. For eBPF, it can be useful as well. For example, it might be useful to authenticate data an eBPF program makes security decisions on. The initial idea for this feature was to provide an helper that eBPF programs might call to authenticate data whenever necessary. However, this restricts the ability to use that helper only in sleepable programs (due to crypto operations). Furthermore, data authentication would have been responsibility of eBPF programs. The proposed implementation instead shifts the responsibility of data authentication to the eBPF subsystem, upon request by the users. Whenever the users desire such feature, they just have to set a new map flag called BPF_F_VERIFY_ELEM. The eBPF subsystem ensures that only authenticated data can be added to the map. The check is performed during the execution of the bpf() system call when the commands are BPF_MAP_UPDATE_ELEM or BPF_MAP_UPDATE_BATCH. Since memory regions are not verified, usage of the BPF_F_MMAPABLE map flag is forbidden when BPF_F_VERIFY_ELEM is set. An advantage of shifting the responsibility of data authentication to the eBPF subsystem is that it can be offered to any kind of eBPF programs, not only the sleepable ones. When the new map flag BPF_F_VERIFY_ELEM is set, users have to provide a map value in the following format: +-------------------------------+---------------+-----+-----------------+ | verified data+sig size (be32) | verified data | sig | unverified data | +-------------------------------+---------------+-----+-----------------+ This is mostly the same format adopted for kernel modules, with the exception of the first field, as the size cannot be determined otherwise due to the fixed map value size. More details can be found in patch 1. Since the kernel already parses the format above, it was convenient to introduce also a new helper, called bpf_map_verified_data_size(), to return the size of verified data to the caller. This is done in patch 2. Finally, the added functionality is tested in patch 3. Roberto Sassu (3): bpf: Add BPF_F_VERIFY_ELEM to require signature verification on map values bpf: Introduce bpf_map_verified_data_size() helper bpf: Add tests for signed map values include/linux/bpf.h | 7 + include/uapi/linux/bpf.h | 11 + kernel/bpf/arraymap.c | 2 +- kernel/bpf/helpers.c | 15 ++ kernel/bpf/syscall.c | 70 ++++++ tools/include/uapi/linux/bpf.h | 11 + .../bpf/prog_tests/test_map_value_sig.c | 212 ++++++++++++++++++ .../selftests/bpf/progs/map_value_sig.c | 50 +++++ 8 files changed, 377 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/test_map_value_sig.c create mode 100644 tools/testing/selftests/bpf/progs/map_value_sig.c -- 2.25.1

3 years

4
11
0 0

[PATCH] selftests/arm64: Fix mismerge of Makefile for fp tests

by Mark Brown

The FP Makefile defines two TEST_PROGS_EXTENDED instead of one of them and one one TEST_GEN_PROGS_EXTENDED for the programs that need compilation. Fix that. Fixes: a59f7a7f76407da78 ("selftests/arm64: Use TEST_GEN_PROGS_EXTENDED in the FP Makefile") Signed-off-by: Mark Brown <broonie(a)kernel.org> --- tools/testing/selftests/arm64/fp/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/fp/Makefile b/tools/testing/selftests/arm64/fp/Makefile index a41fef2c9669..36db61358ed5 100644 --- a/tools/testing/selftests/arm64/fp/Makefile +++ b/tools/testing/selftests/arm64/fp/Makefile @@ -9,7 +9,7 @@ TEST_GEN_PROGS := fp-stress \ sve-ptrace sve-probe-vls \ vec-syscfg \ za-fork za-ptrace -TEST_PROGS_EXTENDED := fp-pidbench fpsimd-test \ +TEST_GEN_PROGS_EXTENDED := fp-pidbench fpsimd-test \ rdvl-sme rdvl-sve \ sve-test \ ssve-test \ -- 2.30.2

3 years

2
2
0 0

[PATCH v9 0/6] test_sysfs: add new selftest for sysfs

by Luis Chamberlain

On this v9 I've dropped the generic sysfs deadlock fix given Ming Lei has provided alternative fixes for the zram driver without incurring a generic lock *and* we don't yet have full assessment of how wide spread the deadlock case might be in the kernel. A full assessment effort is still underway using Coccinelle with iteration support, however that effort will take a bit more time to complete. We can re-evaluate the value of a generic fix later after the assessment is complete. This series now just adds the test_sysfs selftest and failure injection support for it on kernfs. The most valuable tests are those which confirm that once a kernfs active reference is obtained with kernfs_get_active() the pointers used there are still valid, and so using sysfs ops *are* safe if we race against module removal. Likewise it also confirms how module removal will *wait* for these ops to complete if a kernfs node is already active. This v9 series also addresses feedback mostly provided by Kees Cook and Greg. I also made a few changes to the test_sysfs driver to account for changes in the block layer. I also improved the kernfs failure injection tests with documentation of how they work and to account for the real expected return value of a write before the kernfs active reference is obtained. Upstream commit 8e141f9eb803e ("block: drain file system I/O on del_gendisk") has revealed that small minor induced delays on del_gendisk() can make a few writes succeed if the delays used are small. So we clarify the logic of why writes could either fail or succeed before the kernfs active reference is taken. These changes also availble on this tree: https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux-next.git/log/?… v9: * rebased onto linux-next tag next-20211029 * add Reviewed-by tags for the SPDX change, and the drivers which get the tag for it * drop the generic sysfs deadlock fix for now as the scope of how wide spread the issue is still needs to be assessed * drop the zram patches as they are replaced by Ming Lei's fixes * drop already merged patches * try_module_get() docs: enhanced using feedback from Kees Cook. I extended the documention to make it clear that if proper care is not taken the use of this routine could crash the kernel. * kernfs: move failure injection knobs under /sys/kernel/debug/fail_kernfs as suggested by Kees Cook * kernfs: rename failure injection file to fault_inject.c as suggested by Kees Cook * kernfs: split up documentation of failure injection knobs as suggested by Kees Cook * kernfs: move the wait into debug call, and use a simple one liner may_wait() calls to make the changes much less intrusive and more readable as suggested by Kees Cook * kernfs: drop __func__ uses as suggested by Kees Cook * test_sysfs: use sizeof() instead of open coded 16 as suggested by Kees Cook * test_sysfs: use sysfs_emit as suggested by Kees Cook * test_sysfs: drop boiler place license as suggested by Greg KH * test_sysfs: use depends instead of select as suggested by Kees Cook * test_sysfs: drop #ifdefery as suggested by Kees Cook * test_sysfs: clarified that the use of a lock on rmmod which causes a deadlock is something drivers should avoid, and its why we leave the test disabled. * test_sysfs: now that device_add_disk() returns an error, use the new error return code, otherwise this is going to prevent us from eventually embracing __must_check() on that call on the block layer. * test_syfs: testdev_submit_bio() needed to change data types as now it returns void. * test_sysfs: enhance kernfs failure injection tests with documenation and correct the expected return value for writes Luis Chamberlain (6): LICENSES: Add the copyleft-next-0.3.1 license testing: use the copyleft-next-0.3.1 SPDX tag selftests: add tests_sysfs module kernfs: add initial failure injection support test_sysfs: add support to use kernfs failure injection kernel/module: add documentation for try_module_get() .../fault-injection/fault-injection.rst | 50 + LICENSES/dual/copyleft-next-0.3.1 | 237 +++ MAINTAINERS | 9 +- fs/kernfs/Makefile | 1 + fs/kernfs/fault_inject.c | 93 ++ fs/kernfs/file.c | 9 + fs/kernfs/kernfs-internal.h | 70 + include/linux/kernfs.h | 5 + include/linux/module.h | 37 +- lib/Kconfig.debug | 23 + lib/Makefile | 1 + lib/test_kmod.c | 12 +- lib/test_sysctl.c | 12 +- lib/test_sysfs.c | 913 +++++++++++ tools/testing/selftests/kmod/kmod.sh | 13 +- tools/testing/selftests/sysctl/sysctl.sh | 12 +- tools/testing/selftests/sysfs/Makefile | 12 + tools/testing/selftests/sysfs/config | 5 + tools/testing/selftests/sysfs/settings | 1 + tools/testing/selftests/sysfs/sysfs.sh | 1411 +++++++++++++++++ 20 files changed, 2878 insertions(+), 48 deletions(-) create mode 100644 LICENSES/dual/copyleft-next-0.3.1 create mode 100644 fs/kernfs/fault_inject.c create mode 100644 lib/test_sysfs.c create mode 100644 tools/testing/selftests/sysfs/Makefile create mode 100644 tools/testing/selftests/sysfs/config create mode 100644 tools/testing/selftests/sysfs/settings create mode 100755 tools/testing/selftests/sysfs/sysfs.sh -- 2.30.2

3 years

9
35
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror May 2022