June 2022 - Linux-kselftest-mirror

[PATCH 0/3] bpf: Add support for maps with authenticated values

by Roberto Sassu

One of the desirable features in security is the ability to restrict import of data to a given system based on data authenticity. If data import can be restricted, it would be possible to enforce a system-wide policy based on the signing keys the system owner trusts. This feature is widely used in the kernel. For example, if the restriction is enabled, kernel modules can be plugged in only if they are signed with a key whose public part is in the primary or secondary keyring. For eBPF, it can be useful as well. For example, it might be useful to authenticate data an eBPF program makes security decisions on. The initial idea for this feature was to provide an helper that eBPF programs might call to authenticate data whenever necessary. However, this restricts the ability to use that helper only in sleepable programs (due to crypto operations). Furthermore, data authentication would have been responsibility of eBPF programs. The proposed implementation instead shifts the responsibility of data authentication to the eBPF subsystem, upon request by the users. Whenever the users desire such feature, they just have to set a new map flag called BPF_F_VERIFY_ELEM. The eBPF subsystem ensures that only authenticated data can be added to the map. The check is performed during the execution of the bpf() system call when the commands are BPF_MAP_UPDATE_ELEM or BPF_MAP_UPDATE_BATCH. Since memory regions are not verified, usage of the BPF_F_MMAPABLE map flag is forbidden when BPF_F_VERIFY_ELEM is set. An advantage of shifting the responsibility of data authentication to the eBPF subsystem is that it can be offered to any kind of eBPF programs, not only the sleepable ones. When the new map flag BPF_F_VERIFY_ELEM is set, users have to provide a map value in the following format: +-------------------------------+---------------+-----+-----------------+ | verified data+sig size (be32) | verified data | sig | unverified data | +-------------------------------+---------------+-----+-----------------+ This is mostly the same format adopted for kernel modules, with the exception of the first field, as the size cannot be determined otherwise due to the fixed map value size. More details can be found in patch 1. Since the kernel already parses the format above, it was convenient to introduce also a new helper, called bpf_map_verified_data_size(), to return the size of verified data to the caller. This is done in patch 2. Finally, the added functionality is tested in patch 3. Roberto Sassu (3): bpf: Add BPF_F_VERIFY_ELEM to require signature verification on map values bpf: Introduce bpf_map_verified_data_size() helper bpf: Add tests for signed map values include/linux/bpf.h | 7 + include/uapi/linux/bpf.h | 11 + kernel/bpf/arraymap.c | 2 +- kernel/bpf/helpers.c | 15 ++ kernel/bpf/syscall.c | 70 ++++++ tools/include/uapi/linux/bpf.h | 11 + .../bpf/prog_tests/test_map_value_sig.c | 212 ++++++++++++++++++ .../selftests/bpf/progs/map_value_sig.c | 50 +++++ 8 files changed, 377 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/test_map_value_sig.c create mode 100644 tools/testing/selftests/bpf/progs/map_value_sig.c -- 2.25.1

1 year, 11 months

4
11
0 0

[PATCH] selftests/arm64: Fix mismerge of Makefile for fp tests

by Mark Brown

The FP Makefile defines two TEST_PROGS_EXTENDED instead of one of them and one one TEST_GEN_PROGS_EXTENDED for the programs that need compilation. Fix that. Fixes: a59f7a7f76407da78 ("selftests/arm64: Use TEST_GEN_PROGS_EXTENDED in the FP Makefile") Signed-off-by: Mark Brown <broonie(a)kernel.org> --- tools/testing/selftests/arm64/fp/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/fp/Makefile b/tools/testing/selftests/arm64/fp/Makefile index a41fef2c9669..36db61358ed5 100644 --- a/tools/testing/selftests/arm64/fp/Makefile +++ b/tools/testing/selftests/arm64/fp/Makefile @@ -9,7 +9,7 @@ TEST_GEN_PROGS := fp-stress \ sve-ptrace sve-probe-vls \ vec-syscfg \ za-fork za-ptrace -TEST_PROGS_EXTENDED := fp-pidbench fpsimd-test \ +TEST_GEN_PROGS_EXTENDED := fp-pidbench fpsimd-test \ rdvl-sme rdvl-sve \ sve-test \ ssve-test \ -- 2.30.2

1 year, 11 months

2
2
0 0

[PATCH v9 0/6] test_sysfs: add new selftest for sysfs

by Luis Chamberlain

On this v9 I've dropped the generic sysfs deadlock fix given Ming Lei has provided alternative fixes for the zram driver without incurring a generic lock *and* we don't yet have full assessment of how wide spread the deadlock case might be in the kernel. A full assessment effort is still underway using Coccinelle with iteration support, however that effort will take a bit more time to complete. We can re-evaluate the value of a generic fix later after the assessment is complete. This series now just adds the test_sysfs selftest and failure injection support for it on kernfs. The most valuable tests are those which confirm that once a kernfs active reference is obtained with kernfs_get_active() the pointers used there are still valid, and so using sysfs ops *are* safe if we race against module removal. Likewise it also confirms how module removal will *wait* for these ops to complete if a kernfs node is already active. This v9 series also addresses feedback mostly provided by Kees Cook and Greg. I also made a few changes to the test_sysfs driver to account for changes in the block layer. I also improved the kernfs failure injection tests with documentation of how they work and to account for the real expected return value of a write before the kernfs active reference is obtained. Upstream commit 8e141f9eb803e ("block: drain file system I/O on del_gendisk") has revealed that small minor induced delays on del_gendisk() can make a few writes succeed if the delays used are small. So we clarify the logic of why writes could either fail or succeed before the kernfs active reference is taken. These changes also availble on this tree: https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux-next.git/log/?… v9: * rebased onto linux-next tag next-20211029 * add Reviewed-by tags for the SPDX change, and the drivers which get the tag for it * drop the generic sysfs deadlock fix for now as the scope of how wide spread the issue is still needs to be assessed * drop the zram patches as they are replaced by Ming Lei's fixes * drop already merged patches * try_module_get() docs: enhanced using feedback from Kees Cook. I extended the documention to make it clear that if proper care is not taken the use of this routine could crash the kernel. * kernfs: move failure injection knobs under /sys/kernel/debug/fail_kernfs as suggested by Kees Cook * kernfs: rename failure injection file to fault_inject.c as suggested by Kees Cook * kernfs: split up documentation of failure injection knobs as suggested by Kees Cook * kernfs: move the wait into debug call, and use a simple one liner may_wait() calls to make the changes much less intrusive and more readable as suggested by Kees Cook * kernfs: drop __func__ uses as suggested by Kees Cook * test_sysfs: use sizeof() instead of open coded 16 as suggested by Kees Cook * test_sysfs: use sysfs_emit as suggested by Kees Cook * test_sysfs: drop boiler place license as suggested by Greg KH * test_sysfs: use depends instead of select as suggested by Kees Cook * test_sysfs: drop #ifdefery as suggested by Kees Cook * test_sysfs: clarified that the use of a lock on rmmod which causes a deadlock is something drivers should avoid, and its why we leave the test disabled. * test_sysfs: now that device_add_disk() returns an error, use the new error return code, otherwise this is going to prevent us from eventually embracing __must_check() on that call on the block layer. * test_syfs: testdev_submit_bio() needed to change data types as now it returns void. * test_sysfs: enhance kernfs failure injection tests with documenation and correct the expected return value for writes Luis Chamberlain (6): LICENSES: Add the copyleft-next-0.3.1 license testing: use the copyleft-next-0.3.1 SPDX tag selftests: add tests_sysfs module kernfs: add initial failure injection support test_sysfs: add support to use kernfs failure injection kernel/module: add documentation for try_module_get() .../fault-injection/fault-injection.rst | 50 + LICENSES/dual/copyleft-next-0.3.1 | 237 +++ MAINTAINERS | 9 +- fs/kernfs/Makefile | 1 + fs/kernfs/fault_inject.c | 93 ++ fs/kernfs/file.c | 9 + fs/kernfs/kernfs-internal.h | 70 + include/linux/kernfs.h | 5 + include/linux/module.h | 37 +- lib/Kconfig.debug | 23 + lib/Makefile | 1 + lib/test_kmod.c | 12 +- lib/test_sysctl.c | 12 +- lib/test_sysfs.c | 913 +++++++++++ tools/testing/selftests/kmod/kmod.sh | 13 +- tools/testing/selftests/sysctl/sysctl.sh | 12 +- tools/testing/selftests/sysfs/Makefile | 12 + tools/testing/selftests/sysfs/config | 5 + tools/testing/selftests/sysfs/settings | 1 + tools/testing/selftests/sysfs/sysfs.sh | 1411 +++++++++++++++++ 20 files changed, 2878 insertions(+), 48 deletions(-) create mode 100644 LICENSES/dual/copyleft-next-0.3.1 create mode 100644 fs/kernfs/fault_inject.c create mode 100644 lib/test_sysfs.c create mode 100644 tools/testing/selftests/sysfs/Makefile create mode 100644 tools/testing/selftests/sysfs/config create mode 100644 tools/testing/selftests/sysfs/settings create mode 100755 tools/testing/selftests/sysfs/sysfs.sh -- 2.30.2

1 year, 11 months

9
35
0 0

[PATCH] kselftest/arm64: signal: Skip SVE signal test if not enough VLs supported

by Cristian Marussi

On platform where SVE is supported but there are less than 2 VLs available the signal SVE change test should be skipped instead of failing. Reported-by: Andre Przywara <andre.przywara(a)arm.com> Tested-by: Andre Przywara <andre.przywara(a)arm.com> Cc: Mark Brown <broonie(a)kernel.org> Signed-off-by: Cristian Marussi <cristian.marussi(a)arm.com> --- .../arm64/signal/testcases/fake_sigreturn_sve_change_vl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sve_change_vl.c b/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sve_change_vl.c index bb50b5adbf10..915821375b0a 100644 --- a/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sve_change_vl.c +++ b/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sve_change_vl.c @@ -6,6 +6,7 @@ * supported and is expected to segfault. */ +#include <kselftest.h> #include <signal.h> #include <ucontext.h> #include <sys/prctl.h> @@ -40,6 +41,7 @@ static bool sve_get_vls(struct tdescr *td) /* We need at least two VLs */ if (nvls < 2) { fprintf(stderr, "Only %d VL supported\n", nvls); + td->result = KSFT_SKIP; return false; } -- 2.36.1

1 year, 11 months

3
2
0 0

[ANN] Discord server for testing Linux with kdevops

by Luis Chamberlain

I've setup a discord server for general discussions around Linux kernel testing with kdevops. This should help with coordination around kdevops in an accessible way for: * The shared kdevops repository and dependent trees on the linux-kdevops organization: https://github.com/linux-kdevops/ * Sharing of expunges for fstests / blktests for different filesystems / configuration / kernel releases * Shared hardware resources such as the public Super Micro bigtwin server currently used to help test fstests and blktests * Future potential shared cloud credits * Streamlining reports for new issues found on stable kernels or Linus's tree or linux-next * Storing / sharing test failure artifacts The discord server: https://discord.gg/pWgZZhRp Luis

1 year, 11 months

1
0
0 0

[REGRESSION] lkft kselftest for next-20220602

by lkft＠linaro.org

## Build * kernel: 5.18.0 * git: ['', 'https://gitlab.com/Linaro/lkft/mirrors/next/linux-next'] * git branch: master * git commit: 2e776ccffa840ce53ee1c21bde54cbe4bc102c3b * git describe: next-20220602 * test details: https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20220602 ## Test Regressions (compared to next-20220601) * qemu_arm, kselftest-seccomp - seccomp.seccomp_benchmark ## Metric Regressions (compared to next-20220601) No metric regressions found. Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> ## Test Fixes (compared to next-20220601) No test fixes found. ## Metric Fixes (compared to next-20220601) No metric fixes found. ## Test result summary total: 508, pass: 253, fail: 105, skip: 150, xfail: 0 ## Build Summary ## Test suites summary * kselftest-android * kselftest-breakpoints * kselftest-capabilities * kselftest-cgroup * kselftest-clone3 * kselftest-core * kselftest-cpu-hotplug * kselftest-cpufreq * kselftest-drivers * kselftest-efivarfs * kselftest-filesystems * kselftest-firmware * kselftest-fpu * kselftest-gpio * kselftest-ipc * kselftest-ir * kselftest-kcmp * kselftest-kvm * kselftest-lib * kselftest-membarrier * kselftest-openat2 * kselftest-pid_namespace * kselftest-pidfd * kselftest-proc * kselftest-pstore * kselftest-rseq * kselftest-rtc * kselftest-seccomp * kselftest-sigaltstack * kselftest-size * kselftest-splice * kselftest-static_keys * kselftest-sync * kselftest-sysctl * kselftest-timens * kselftest-timers * kselftest-tmpfs * kselftest-tpm2 * kselftest-user * kselftest-vm -- Linaro LKFT https://lkft.linaro.org

1 year, 11 months

1
0
0 0

[PATCH net-next v2] selftests: net: fib_rule_tests: fix support for running individual tests

by Alaa Mohamed

parsing and usage of -t got missed in the previous patch. this patch fixes it Signed-off-by: Alaa Mohamed <eng.alaamohamedsoliman.am(a)gmail.com> --- changes in v2: edit commit subject and message. --- tools/testing/selftests/net/fib_rule_tests.sh | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tools/testing/selftests/net/fib_rule_tests.sh b/tools/testing/selftests/net/fib_rule_tests.sh index bbe3b379927a..c245476fa29d 100755 --- a/tools/testing/selftests/net/fib_rule_tests.sh +++ b/tools/testing/selftests/net/fib_rule_tests.sh @@ -303,6 +303,29 @@ run_fibrule_tests() log_section "IPv6 fib rule" fib_rule6_test } +################################################################################ +# usage + +usage() +{ + cat <<EOF +usage: ${0##*/} OPTS + + -t <test> Test(s) to run (default: all) + (options: $TESTS) +EOF +} + +################################################################################ +# main + +while getopts ":t:h" opt; do + case $opt in + t) TESTS=$OPTARG;; + h) usage; exit 0;; + *) usage; exit 1;; + esac +done if [ "$(id -u)" -ne 0 ];then echo "SKIP: Need root privileges" -- 2.25.1

1 year, 11 months

2
1
0 0

[PATCH AUTOSEL 4.14 04/14] selftests/resctrl: Change the default limited time to 120 seconds

by Sasha Levin

From: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> [ Upstream commit e2e3fb6ef0d6548defbe0be6e092397aaa92f3a1 ] When testing on a Intel(R) Xeon(R) Gold 6254 CPU @ 3.10GHz the resctrl selftests fail due to timeout after exceeding the default time limit of 45 seconds. On this system the test takes about 68 seconds. Since the failing test by default accesses a fixed size of memory, the execution time should not vary significantly between different environment. A new default of 120 seconds should be sufficient yet easy to customize with the introduction of the "settings" file for reference. Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Reviewed-by: Fenghua Yu <fenghua.yu(a)intel.com> Signed-off-by: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/resctrl/settings | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 tools/testing/selftests/resctrl/settings diff --git a/tools/testing/selftests/resctrl/settings b/tools/testing/selftests/resctrl/settings new file mode 100644 index 000000000000..a383f3d4565b --- /dev/null +++ b/tools/testing/selftests/resctrl/settings @@ -0,0 +1,3 @@ +# If running time is longer than 120 seconds when new tests are added in +# the future, increase timeout here. +timeout=120 -- 2.35.1

1 year, 11 months

1
0
0 0

[PATCH AUTOSEL 4.19 05/15] selftests/resctrl: Change the default limited time to 120 seconds

by Sasha Levin

From: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> [ Upstream commit e2e3fb6ef0d6548defbe0be6e092397aaa92f3a1 ] When testing on a Intel(R) Xeon(R) Gold 6254 CPU @ 3.10GHz the resctrl selftests fail due to timeout after exceeding the default time limit of 45 seconds. On this system the test takes about 68 seconds. Since the failing test by default accesses a fixed size of memory, the execution time should not vary significantly between different environment. A new default of 120 seconds should be sufficient yet easy to customize with the introduction of the "settings" file for reference. Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Reviewed-by: Fenghua Yu <fenghua.yu(a)intel.com> Signed-off-by: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/resctrl/settings | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 tools/testing/selftests/resctrl/settings diff --git a/tools/testing/selftests/resctrl/settings b/tools/testing/selftests/resctrl/settings new file mode 100644 index 000000000000..a383f3d4565b --- /dev/null +++ b/tools/testing/selftests/resctrl/settings @@ -0,0 +1,3 @@ +# If running time is longer than 120 seconds when new tests are added in +# the future, increase timeout here. +timeout=120 -- 2.35.1

1 year, 11 months

1
0
0 0

[PATCH AUTOSEL 5.4 07/20] selftests/resctrl: Change the default limited time to 120 seconds

by Sasha Levin

From: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> [ Upstream commit e2e3fb6ef0d6548defbe0be6e092397aaa92f3a1 ] When testing on a Intel(R) Xeon(R) Gold 6254 CPU @ 3.10GHz the resctrl selftests fail due to timeout after exceeding the default time limit of 45 seconds. On this system the test takes about 68 seconds. Since the failing test by default accesses a fixed size of memory, the execution time should not vary significantly between different environment. A new default of 120 seconds should be sufficient yet easy to customize with the introduction of the "settings" file for reference. Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Reviewed-by: Fenghua Yu <fenghua.yu(a)intel.com> Signed-off-by: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/resctrl/settings | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 tools/testing/selftests/resctrl/settings diff --git a/tools/testing/selftests/resctrl/settings b/tools/testing/selftests/resctrl/settings new file mode 100644 index 000000000000..a383f3d4565b --- /dev/null +++ b/tools/testing/selftests/resctrl/settings @@ -0,0 +1,3 @@ +# If running time is longer than 120 seconds when new tests are added in +# the future, increase timeout here. +timeout=120 -- 2.35.1

1 year, 11 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror June 2022