September 2022 - Linux-kselftest-mirror

[V2 PATCH 0/8] Execute hypercalls from guests according to cpu type

by Vishal Annapurve

This series is posted in context of the discussion at: https://lore.kernel.org/lkml/Ywa9T+jKUpaHLu%2Fl@google.com/ Changes in v2: * Addressed comments from Andrew and David * Common function with constructor attribute used to setup initial state * Changes are split in more logical granules as per feedback Major changes: 1) Move common startup logic to a single function in kvm_util.c 2) Introduce following APIs: kvm_selftest_arch_init: to perform arch specific common startup. kvm_arch_post_vm_elf_load: to update the guest memory state to convey common information to guests. 3) For x86, capture cpu type at startup and pass on the cpu type to guest after guest elf is loaded. 4) Execute hypercall instruction from within guest VMs according to the cpu type. This will help prevent an extra kvm exit during hypercall execution. Vishal Annapurve (8): KVM: selftests: move common startup logic to kvm_util.c KVM: selftests: Add arch specific initialization KVM: selftests: Add arch specific post vm load setup KVM: selftests: x86: Precompute the result for is_{intel,amd}_cpu() KVM: selftests: x86: delete svm_vmcall_test KVM: selftests: x86: Execute cpu specific hypercall from nested guests Kvm: selftests: x86: Execute cpu specific vmcall instruction KVM: selftests: x86: xen: Execute cpu specific vmcall instruction tools/testing/selftests/kvm/.gitignore | 1 - .../selftests/kvm/aarch64/arch_timer.c | 3 - .../selftests/kvm/aarch64/hypercalls.c | 2 - .../testing/selftests/kvm/aarch64/vgic_irq.c | 3 - .../selftests/kvm/include/kvm_util_base.h | 9 +++ .../selftests/kvm/include/x86_64/processor.h | 10 +++ .../selftests/kvm/include/x86_64/vmx.h | 9 --- .../selftests/kvm/lib/aarch64/processor.c | 22 +++--- tools/testing/selftests/kvm/lib/elf.c | 2 + tools/testing/selftests/kvm/lib/kvm_util.c | 8 ++ .../selftests/kvm/lib/riscv/processor.c | 8 ++ .../selftests/kvm/lib/s390x/processor.c | 8 ++ .../selftests/kvm/lib/x86_64/perf_test_util.c | 2 +- .../selftests/kvm/lib/x86_64/processor.c | 38 +++++++++- .../testing/selftests/kvm/memslot_perf_test.c | 3 - tools/testing/selftests/kvm/rseq_test.c | 3 - tools/testing/selftests/kvm/s390x/memop.c | 2 - tools/testing/selftests/kvm/s390x/resets.c | 2 - .../selftests/kvm/s390x/sync_regs_test.c | 3 - .../selftests/kvm/set_memory_region_test.c | 3 - .../kvm/x86_64/cr4_cpuid_sync_test.c | 3 - .../kvm/x86_64/emulator_error_test.c | 3 - .../selftests/kvm/x86_64/hyperv_cpuid.c | 3 - .../selftests/kvm/x86_64/platform_info_test.c | 3 - .../kvm/x86_64/pmu_event_filter_test.c | 3 - .../selftests/kvm/x86_64/set_sregs_test.c | 3 - tools/testing/selftests/kvm/x86_64/smm_test.c | 2 +- .../testing/selftests/kvm/x86_64/state_test.c | 8 +- .../kvm/x86_64/svm_nested_soft_inject_test.c | 3 - .../selftests/kvm/x86_64/svm_vmcall_test.c | 74 ------------------- .../selftests/kvm/x86_64/sync_regs_test.c | 3 - .../selftests/kvm/x86_64/userspace_io_test.c | 3 - .../kvm/x86_64/userspace_msr_exit_test.c | 3 - .../kvm/x86_64/vmx_apic_access_test.c | 2 +- .../selftests/kvm/x86_64/vmx_dirty_log_test.c | 2 +- .../kvm/x86_64/vmx_nested_tsc_scaling_test.c | 2 +- .../kvm/x86_64/vmx_preemption_timer_test.c | 2 +- .../kvm/x86_64/vmx_tsc_adjust_test.c | 2 +- .../selftests/kvm/x86_64/xen_shinfo_test.c | 64 ++++++---------- .../selftests/kvm/x86_64/xen_vmcall_test.c | 14 +++- 40 files changed, 138 insertions(+), 205 deletions(-) delete mode 100644 tools/testing/selftests/kvm/x86_64/svm_vmcall_test.c -- 2.37.2.789.g6183377224-goog

2 years, 2 months

4
32
0 0

[PATCH v6 net-next 0/9] Extend locked port feature with FDB locked flag (MAC-Auth/MAB)

by Hans Schultz

From: "Hans J. Schultz" <netdev(a)kapio-technology.com> This patch set extends the locked port feature for devices that are behind a locked port, but do not have the ability to authorize themselves as a supplicant using IEEE 802.1X. Such devices can be printers, meters or anything related to fixed installations. Instead of 802.1X authorization, devices can get access based on their MAC addresses being whitelisted. For an authorization daemon to detect that a device is trying to get access through a locked port, the bridge will add the MAC address of the device to the FDB with a locked flag to it. Thus the authorization daemon can catch the FDB add event and check if the MAC address is in the whitelist and if so replace the FDB entry without the locked flag enabled, and thus open the port for the device. This feature is known as MAC-Auth or MAC Authentication Bypass (MAB) in Cisco terminology, where the full MAB concept involves additional Cisco infrastructure for authorization. There is no real authentication process, as the MAC address of the device is the only input the authorization daemon, in the general case, has to base the decision if to unlock the port or not. With this patch set, an implementation of the offloaded case is supplied for the mv88e6xxx driver. When a packet ingresses on a locked port, an ATU miss violation event will occur. When handling such ATU miss violation interrupts, the MAC address of the device is added to the FDB with a zero destination port vector (DPV) and the MAC address is communicated through the switchdev layer to the bridge, so that a FDB entry with the locked flag enabled can be added. Log: v3: Added timers and lists in the driver (mv88e6xxx) to keep track of and remove locked entries. v4: Leave out enforcing a limit to the number of locked entries in the bridge. Removed the timers in the driver and use the worker only. Add locked FDB flag to all drivers using port_fdb_add() from the dsa api and let all drivers ignore entries with this flag set. Change how to get the ageing timeout of locked entries. See global1_atu.c and switchdev.c. Use struct mv88e6xxx_port for locked entries variables instead of struct dsa_port. v5: Added 'mab' flag to enable MAB/MacAuth feature, in a similar way to the locked feature flag. In these implementations for the mv88e6xxx, the switchport must be configured with learning on. To tell userspace about the behavior of the locked entries in the driver, a 'blackhole' FDB flag has been added, which locked FDB entries coming from the driver gets. Also the 'sticky' flag comes with those locked entries, as the drivers locked entries cannot roam. Fixed issues with taking mutex locks, and added a function to read the fid, that supports all versions of the chipset family. v6: Added blackhole FDB flag instead of using sticky flag, as the blackhole flag corresponds to the behaviour of the zero-DPV locked entries in the driver. Userspace can add blackhole FDB entries with: # bridge fdb add MAC dev br0 blackhole Added FDB flags towards driver in DSA layer as u16. Hans J. Schultz (9): net: bridge: add locked entry fdb flag to extend locked port feature net: bridge: add blackhole fdb entry flag net: switchdev: add support for offloading of the FDB locked flag net: switchdev: support offloading of the FDB blackhole flag drivers: net: dsa: add fdb entry flags to drivers net: dsa: mv88e6xxx: allow reading FID when handling ATU violations net: dsa: mv88e6xxx: mac-auth/MAB implementation net: dsa: mv88e6xxx: add blackhole ATU entries selftests: forwarding: add test of MAC-Auth Bypass to locked port tests drivers/net/dsa/b53/b53_common.c | 12 +- drivers/net/dsa/b53/b53_priv.h | 4 +- drivers/net/dsa/hirschmann/hellcreek.c | 12 +- drivers/net/dsa/lan9303-core.c | 12 +- drivers/net/dsa/lantiq_gswip.c | 12 +- drivers/net/dsa/microchip/ksz9477.c | 8 +- drivers/net/dsa/microchip/ksz9477.h | 8 +- drivers/net/dsa/microchip/ksz_common.c | 14 +- drivers/net/dsa/mt7530.c | 12 +- drivers/net/dsa/mv88e6xxx/Makefile | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 158 +++++++++- drivers/net/dsa/mv88e6xxx/chip.h | 19 ++ drivers/net/dsa/mv88e6xxx/global1.h | 1 + drivers/net/dsa/mv88e6xxx/global1_atu.c | 72 ++++- drivers/net/dsa/mv88e6xxx/port.c | 15 +- drivers/net/dsa/mv88e6xxx/port.h | 6 + drivers/net/dsa/mv88e6xxx/switchdev.c | 284 ++++++++++++++++++ drivers/net/dsa/mv88e6xxx/switchdev.h | 37 +++ drivers/net/dsa/ocelot/felix.c | 12 +- drivers/net/dsa/qca/qca8k-common.c | 10 +- drivers/net/dsa/qca/qca8k.h | 4 +- drivers/net/dsa/sja1105/sja1105_main.c | 14 +- include/linux/if_bridge.h | 1 + include/net/dsa.h | 7 +- include/net/switchdev.h | 2 + include/uapi/linux/if_link.h | 1 + include/uapi/linux/neighbour.h | 11 +- net/bridge/br.c | 5 +- net/bridge/br_fdb.c | 77 ++++- net/bridge/br_input.c | 20 +- net/bridge/br_netlink.c | 12 +- net/bridge/br_private.h | 5 +- net/bridge/br_switchdev.c | 4 +- net/core/rtnetlink.c | 9 + net/dsa/dsa_priv.h | 10 +- net/dsa/port.c | 32 +- net/dsa/slave.c | 16 +- net/dsa/switch.c | 24 +- .../net/forwarding/bridge_blackhole_fdb.sh | 102 +++++++ .../net/forwarding/bridge_locked_port.sh | 106 ++++++- .../net/forwarding/bridge_sticky_fdb.sh | 21 +- tools/testing/selftests/net/forwarding/lib.sh | 18 ++ 42 files changed, 1093 insertions(+), 117 deletions(-) create mode 100644 drivers/net/dsa/mv88e6xxx/switchdev.c create mode 100644 drivers/net/dsa/mv88e6xxx/switchdev.h create mode 100755 tools/testing/selftests/net/forwarding/bridge_blackhole_fdb.sh -- 2.34.1

2 years, 2 months

4
23
0 0

[PATCH] kunit: tool: Don't download risc-v opensbi firmware with wget

by David Gow

When running a RISC-V test kernel under QEMU, we need an OpenSBI BIOS file. In the original QEMU support patchset, kunit_tool would optionally download this file from GitHub if it didn't exist, using wget. These days, it can usually be found in the distro's qemu-system-riscv package, and is located in /usr/share/qemu on all the distros I tried (Debian, Arch, OpenSUSE). Use this file, and thereby don't do any downloading in kunit_tool. In addition, we used to shell out to whatever 'wget' was in the path, which could have potentially been used to trick the developer into running another binary. By not using wget at all, we nicely sidestep this issue. Cc: Xu Panda <xu.panda(a)zte.com.cn> Fixes: 87c9c1631788 ("kunit: tool: add support for QEMU") Reported-by: Zeal Robot <zealci(a)zte.com.cn> Signed-off-by: David Gow <davidgow(a)google.com> --- This is a replacement for "kunit: tool: use absolute path for wget": https://lore.kernel.org/linux-kselftest/20220922083610.235936-1-xu.panda@zt… Instead of just changing the path to wget, it removes the download option completely and grabs the opensbi-riscv64-generic-fw_dynamic.bin from the /usr/share/qemu directory, where the distro package manager should have put it. I _think_ this should be okay to treat as a fix: we were always grabbing this from the QEMU GitHub repository, so it should be widely available. And if you want to treat the wget use as a security issue, getting rid of it everywhere would be nice. Thoughts? -- David --- tools/testing/kunit/qemu_configs/riscv.py | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/tools/testing/kunit/qemu_configs/riscv.py b/tools/testing/kunit/qemu_configs/riscv.py index 6207be146d26..12a1d525978a 100644 --- a/tools/testing/kunit/qemu_configs/riscv.py +++ b/tools/testing/kunit/qemu_configs/riscv.py @@ -3,17 +3,13 @@ import os import os.path import sys -GITHUB_OPENSBI_URL = 'https://github.com/qemu/qemu/raw/master/pc-bios/opensbi-riscv64-generic-fw_…' -OPENSBI_FILE = os.path.basename(GITHUB_OPENSBI_URL) +OPENSBI_FILE = 'opensbi-riscv64-generic-fw_dynamic.bin' +OPENSBI_PATH = '/usr/share/qemu/' + OPENSBI_FILE -if not os.path.isfile(OPENSBI_FILE): - print('\n\nOpenSBI file is not in the current working directory.\n' - 'Would you like me to download it for you from:\n' + GITHUB_OPENSBI_URL + ' ?\n') - response = input('yes/[no]: ') - if response.strip() == 'yes': - os.system('wget ' + GITHUB_OPENSBI_URL) - else: - sys.exit() +if not os.path.isfile(OPENSBI_PATH): + print('\n\nOpenSBI bios was not found in "' + OPENSBI_PATH + '".\n' + 'Please ensure that qemu-system-riscv is installed, or edit the path in "qemu_configs/riscv.py"\n') + sys.exit() QEMU_ARCH = QemuArchParams(linux_arch='riscv', kconfig=''' @@ -29,4 +25,4 @@ CONFIG_SERIAL_EARLYCON_RISCV_SBI=y''', extra_qemu_params=[ '-machine', 'virt', '-cpu', 'rv64', - '-bios', 'opensbi-riscv64-generic-fw_dynamic.bin']) + '-bios', OPENSBI_PATH]) -- 2.37.3.998.g577e59143f-goog

2 years, 2 months

3
2
0 0

[PATCH v2 1/5] kunit: string-stream: Simplify resource use

by Daniel Latypov

From: David Gow <davidgow(a)google.com> Currently, KUnit's string streams are themselves "KUnit resources". This is redundant since the stream itself is already allocated with kunit_kzalloc() and will thus be freed automatically at the end of the test. string-stream is only used internally within KUnit, and isn't using the extra features that resources provide like reference counting, being able to locate them dynamically as "test-local variables", etc. Indeed, the resource's refcount is never incremented when the pointer is returned. The fact that it's always manually destroyed is more evidence that the reference counting is unused. Signed-off-by: David Gow <davidgow(a)google.com> Signed-off-by: Daniel Latypov <dlatypov(a)google.com> --- v1 -> v2: no changes --- lib/kunit/string-stream.c | 90 +++++++-------------------------------- lib/kunit/string-stream.h | 2 +- lib/kunit/test.c | 2 +- 3 files changed, 18 insertions(+), 76 deletions(-) diff --git a/lib/kunit/string-stream.c b/lib/kunit/string-stream.c index 141789ca8949..a2496abef152 100644 --- a/lib/kunit/string-stream.c +++ b/lib/kunit/string-stream.c @@ -12,64 +12,31 @@ #include "string-stream.h" -struct string_stream_fragment_alloc_context { - struct kunit *test; - int len; - gfp_t gfp; -}; -static int string_stream_fragment_init(struct kunit_resource *res, - void *context) +static struct string_stream_fragment *alloc_string_stream_fragment( + struct kunit *test, int len, gfp_t gfp) { - struct string_stream_fragment_alloc_context *ctx = context; struct string_stream_fragment *frag; - frag = kunit_kzalloc(ctx->test, sizeof(*frag), ctx->gfp); + frag = kunit_kzalloc(test, sizeof(*frag), gfp); if (!frag) - return -ENOMEM; + return ERR_PTR(-ENOMEM); - frag->test = ctx->test; - frag->fragment = kunit_kmalloc(ctx->test, ctx->len, ctx->gfp); + frag->test = test; + frag->fragment = kunit_kmalloc(test, len, gfp); if (!frag->fragment) - return -ENOMEM; + return ERR_PTR(-ENOMEM); - res->data = frag; - - return 0; + return frag; } -static void string_stream_fragment_free(struct kunit_resource *res) +static void string_stream_fragment_destroy(struct string_stream_fragment *frag) { - struct string_stream_fragment *frag = res->data; - list_del(&frag->node); kunit_kfree(frag->test, frag->fragment); kunit_kfree(frag->test, frag); } -static struct string_stream_fragment *alloc_string_stream_fragment( - struct kunit *test, int len, gfp_t gfp) -{ - struct string_stream_fragment_alloc_context context = { - .test = test, - .len = len, - .gfp = gfp - }; - - return kunit_alloc_resource(test, - string_stream_fragment_init, - string_stream_fragment_free, - gfp, - &context); -} - -static int string_stream_fragment_destroy(struct string_stream_fragment *frag) -{ - return kunit_destroy_resource(frag->test, - kunit_resource_instance_match, - frag); -} - int string_stream_vadd(struct string_stream *stream, const char *fmt, va_list args) @@ -169,48 +136,23 @@ struct string_stream_alloc_context { gfp_t gfp; }; -static int string_stream_init(struct kunit_resource *res, void *context) +struct string_stream *alloc_string_stream(struct kunit *test, gfp_t gfp) { struct string_stream *stream; - struct string_stream_alloc_context *ctx = context; - stream = kunit_kzalloc(ctx->test, sizeof(*stream), ctx->gfp); + stream = kunit_kzalloc(test, sizeof(*stream), gfp); if (!stream) - return -ENOMEM; + return ERR_PTR(-ENOMEM); - res->data = stream; - stream->gfp = ctx->gfp; - stream->test = ctx->test; + stream->gfp = gfp; + stream->test = test; INIT_LIST_HEAD(&stream->fragments); spin_lock_init(&stream->lock); - return 0; + return stream; } -static void string_stream_free(struct kunit_resource *res) +void string_stream_destroy(struct string_stream *stream) { - struct string_stream *stream = res->data; - string_stream_clear(stream); } - -struct string_stream *alloc_string_stream(struct kunit *test, gfp_t gfp) -{ - struct string_stream_alloc_context context = { - .test = test, - .gfp = gfp - }; - - return kunit_alloc_resource(test, - string_stream_init, - string_stream_free, - gfp, - &context); -} - -int string_stream_destroy(struct string_stream *stream) -{ - return kunit_destroy_resource(stream->test, - kunit_resource_instance_match, - stream); -} diff --git a/lib/kunit/string-stream.h b/lib/kunit/string-stream.h index 43f9508a55b4..494dee0f24bd 100644 --- a/lib/kunit/string-stream.h +++ b/lib/kunit/string-stream.h @@ -46,6 +46,6 @@ int string_stream_append(struct string_stream *stream, bool string_stream_is_empty(struct string_stream *stream); -int string_stream_destroy(struct string_stream *stream); +void string_stream_destroy(struct string_stream *stream); #endif /* _KUNIT_STRING_STREAM_H */ diff --git a/lib/kunit/test.c b/lib/kunit/test.c index b73d5bb5c473..0fb2771ca03e 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -267,7 +267,7 @@ static void kunit_fail(struct kunit *test, const struct kunit_loc *loc, kunit_print_string_stream(test, stream); - WARN_ON(string_stream_destroy(stream)); + string_stream_destroy(stream); } static void __noreturn kunit_abort(struct kunit *test) base-commit: 94681e289bf5d10c9db9db143d1a22d8717205c5 -- 2.37.1.359.gd136c6c3e2-goog

2 years, 2 months

3
10
0 0

[PATCH v1 0/9] KVM: s390: Extend MEM_OP ioctl by storage key checked cmpxchg

by Janis Schoetterl-Glausch

User space can use the MEM_OP ioctl to make storage key checked reads and writes to the guest, however, it has no way of performing atomic, key checked, accesses to the guest. Extend the MEM_OP ioctl in order to allow for this, by adding a cmpxchg mode. For now, support this mode for absolute accesses only. This mode can be use, for example, to set the device-state-change indicator and the adapter-local-summary indicator atomically. Janis Schoetterl-Glausch (9): s390/uaccess: Add storage key checked cmpxchg access to user space KVM: s390: Extend MEM_OP ioctl by storage key checked cmpxchg Documentation: KVM: s390: Describe KVM_S390_MEMOP_F_CMPXCHG KVM: s390: selftest: memop: Pass mop_desc via pointer KVM: s390: selftest: memop: Replace macros by functions KVM: s390: selftest: memop: Add bad address test KVM: s390: selftest: memop: Add cmpxchg tests KVM: s390: selftest: memop: Fix typo KVM: s390: selftest: memop: Fix wrong address being used in test Documentation/virt/kvm/api.rst | 18 +- include/uapi/linux/kvm.h | 5 + arch/s390/include/asm/uaccess.h | 187 ++++++ arch/s390/kvm/gaccess.h | 4 + arch/s390/kvm/gaccess.c | 56 ++ arch/s390/kvm/kvm-s390.c | 50 +- tools/testing/selftests/kvm/s390x/memop.c | 704 +++++++++++++++++----- 7 files changed, 874 insertions(+), 150 deletions(-) base-commit: f76349cf41451c5c42a99f18a9163377e4b364ff -- 2.34.1

2 years, 2 months

5
21
0 0

[RFC PATCH v2 0/2] kunit: Support redirecting function calls

by David Gow

When writing tests, it'd often be very useful to be able to intercept calls to a function in the code being tested and replace it with a test-specific stub. This has always been an obviously missing piece of KUnit, and the solutions always involve some tradeoffs with cleanliness, performance, or impact on non-test code. See the folowing document for some of the challenges: https://kunit.dev/mocking.html This series consists of two prototype patches which add support for this sort of redirection to KUnit tests: 1: static_stub: Any function which might want to be intercepted adds a call to a macro which checks if a test has redirected calls to it, and calls the corresponding replacement. 2: ftrace_stub: Functions are intercepted using ftrace. This doesn't require adding a new prologue to each function being replaced, but does have more dependencies (which restricts it to a small number of architectures, not including UML), and doesn't work well with inline functions. The API for both implementations is very similar, so it should be easy to migrate from one to the other if necessary. Both of these implementations restrict the redirection to the test context: it is automatically undone after the KUnit test completes, and does not affect calls in other threads. If CONFIG_KUNIT is not enabled, there should be no overhead in either implementation. Does either (or both) of these features sound useful, and is this sort-of API the right model? (Personally, I think there's a reasonable scope for both.) Is anything obviously missing or wrong? Do the names, descriptions etc. make any sense? Note that these patches are definitely still at the "prototype" level, and things like error-handling, documentation, and testing are still pretty sparse. There is also quite a bit of room for optimisation. These'll all be improved for v1 if the concept seems good. We're going to be talking about this again at LPC, so it's worth having another look before then if you're interested and/or will be attending: https://lpc.events/event/16/contributions/1308/ Cheers, -- David --- Changes since RFC v1: https://lore.kernel.org/lkml/20220318021314.3225240-1-davidgow@google.com/ - Fix some typos (thanks Daniel) - Use typecheck_fn() to fix typechecking in some cases (thanks Brendan) - Use ftrace_instruction_pointer_set() in place of kernel livepatch, which seems to have disappeared: https://lore.kernel.org/lkml/0a76550d-008d-0364-8244-4dae2981ea05@csgroup.e… - Fix a copy-paste name error in the resource finding function. - Rebase on top of torvalds/master, as it wasn't applying cleanly. Note that the Kernel Livepatch -> ftrace change seems to allow more architectures to work, but while they compile, there still seems to be issues. So, this will compile on (e.g.) arm64, but fails: $ ./tools/testing/kunit/kunit.py run 'example*' --kunitconfig lib/kunit/stubs_example.kunitconfig --arch arm64 --make_options LLVM=1 [05:00:13] # example_ftrace_stub_test: initializing [05:00:13] # example_ftrace_stub_test: EXPECTATION FAILED at lib/kunit/kunit-example-test.c:179 [05:00:13] Expected add_one(1) == 0, but [05:00:13] add_one(1) == 2 [05:00:13] not ok 6 - example_ftrace_stub_test [05:00:13] [FAILED] example_ftrace_stub_test Daniel Latypov (1): kunit: expose ftrace-based API for stubbing out functions during tests David Gow (1): kunit: Expose 'static stub' API to redirect functions include/kunit/ftrace_stub.h | 84 +++++++++++++++++ include/kunit/static_stub.h | 106 +++++++++++++++++++++ lib/kunit/Kconfig | 11 +++ lib/kunit/Makefile | 5 + lib/kunit/ftrace_stub.c | 137 ++++++++++++++++++++++++++++ lib/kunit/kunit-example-test.c | 63 +++++++++++++ lib/kunit/static_stub.c | 125 +++++++++++++++++++++++++ lib/kunit/stubs_example.kunitconfig | 10 ++ 8 files changed, 541 insertions(+) create mode 100644 include/kunit/ftrace_stub.h create mode 100644 include/kunit/static_stub.h create mode 100644 lib/kunit/ftrace_stub.c create mode 100644 lib/kunit/static_stub.c create mode 100644 lib/kunit/stubs_example.kunitconfig -- 2.37.2.789.g6183377224-goog

2 years, 2 months

4
6
0 0

[PATCH iproute2-next 1/2] bridge: link: enable MacAuth/MAB feature

by Hans Schultz

The MAB feature can be enabled on a locked port with the command: bridge link set dev <DEV> mab on Signed-off-by: Hans Schultz <netdev(a)kapio-technology.com> --- bridge/fdb.c | 17 +++++++++++++++-- bridge/link.c | 21 ++++++++++++++++++--- include/uapi/linux/if_link.h | 1 + include/uapi/linux/neighbour.h | 7 ++++++- ip/iplink_bridge_slave.c | 16 +++++++++++++--- man/man8/bridge.8 | 10 ++++++++++ man/man8/ip-link.8.in | 8 ++++++++ 7 files changed, 71 insertions(+), 9 deletions(-) diff --git a/bridge/fdb.c b/bridge/fdb.c index 5f71bde0..0fbe9bd3 100644 --- a/bridge/fdb.c +++ b/bridge/fdb.c @@ -93,7 +93,7 @@ static int state_a2n(unsigned int *s, const char *arg) return 0; } -static void fdb_print_flags(FILE *fp, unsigned int flags) +static void fdb_print_flags(FILE *fp, unsigned int flags, __u8 ext_flags) { open_json_array(PRINT_JSON, is_json_context() ? "flags" : ""); @@ -116,6 +116,9 @@ static void fdb_print_flags(FILE *fp, unsigned int flags) if (flags & NTF_STICKY) print_string(PRINT_ANY, NULL, "%s ", "sticky"); + if (ext_flags & NTF_EXT_LOCKED) + print_string(PRINT_ANY, NULL, "%s ", "locked"); + close_json_array(PRINT_JSON, NULL); } @@ -144,6 +147,7 @@ int print_fdb(struct nlmsghdr *n, void *arg) struct ndmsg *r = NLMSG_DATA(n); int len = n->nlmsg_len; struct rtattr *tb[NDA_MAX+1]; + __u32 ext_flags = 0; __u16 vid = 0; if (n->nlmsg_type != RTM_NEWNEIGH && n->nlmsg_type != RTM_DELNEIGH) { @@ -170,6 +174,9 @@ int print_fdb(struct nlmsghdr *n, void *arg) parse_rtattr(tb, NDA_MAX, NDA_RTA(r), n->nlmsg_len - NLMSG_LENGTH(sizeof(*r))); + if (tb[NDA_FLAGS_EXT]) + ext_flags = rta_getattr_u32(tb[NDA_FLAGS_EXT]); + if (tb[NDA_VLAN]) vid = rta_getattr_u16(tb[NDA_VLAN]); @@ -266,7 +273,7 @@ int print_fdb(struct nlmsghdr *n, void *arg) if (show_stats && tb[NDA_CACHEINFO]) fdb_print_stats(fp, RTA_DATA(tb[NDA_CACHEINFO])); - fdb_print_flags(fp, r->ndm_flags); + fdb_print_flags(fp, r->ndm_flags, ext_flags); if (tb[NDA_MASTER]) @@ -414,6 +421,7 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) char *endptr; short vid = -1; __u32 nhid = 0; + __u32 ext_flags = 0; while (argc > 0) { if (strcmp(*argv, "dev") == 0) { @@ -527,6 +535,11 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) if (dst_ok) addattr_l(&req.n, sizeof(req), NDA_DST, &dst.data, dst.bytelen); + if (ext_flags && + addattr_l(&req.n, sizeof(req), NDA_FLAGS_EXT, &ext_flags, + sizeof(ext_flags)) < 0) + return -1; + if (vid >= 0) addattr16(&req.n, sizeof(req), NDA_VLAN, vid); if (nhid > 0) diff --git a/bridge/link.c b/bridge/link.c index 3810fa04..dd69d7c3 100644 --- a/bridge/link.c +++ b/bridge/link.c @@ -181,9 +181,14 @@ static void print_protinfo(FILE *fp, struct rtattr *attr) if (prtb[IFLA_BRPORT_ISOLATED]) print_on_off(PRINT_ANY, "isolated", "isolated %s ", rta_getattr_u8(prtb[IFLA_BRPORT_ISOLATED])); - if (prtb[IFLA_BRPORT_LOCKED]) - print_on_off(PRINT_ANY, "locked", "locked %s ", - rta_getattr_u8(prtb[IFLA_BRPORT_LOCKED])); + if (prtb[IFLA_BRPORT_LOCKED]) { + if (prtb[IFLA_BRPORT_MAB] && rta_getattr_u8(prtb[IFLA_BRPORT_MAB])) + print_on_off(PRINT_ANY, "locked mab", "locked mab %s ", + rta_getattr_u8(prtb[IFLA_BRPORT_LOCKED])); + else + print_on_off(PRINT_ANY, "locked", "locked %s ", + rta_getattr_u8(prtb[IFLA_BRPORT_LOCKED])); + } } else print_stp_state(rta_getattr_u8(attr)); } @@ -281,6 +286,7 @@ static void usage(void) " [ vlan_tunnel {on | off} ]\n" " [ isolated {on | off} ]\n" " [ locked {on | off} ]\n" + " [ mab {on | off} ]\n" " [ hwmode {vepa | veb} ]\n" " [ backup_port DEVICE ] [ nobackup_port ]\n" " [ self ] [ master ]\n" @@ -312,6 +318,7 @@ static int brlink_modify(int argc, char **argv) __s8 bcast_flood = -1; __s8 mcast_to_unicast = -1; __s8 locked = -1; + __s8 macauth = -1; __s8 isolated = -1; __s8 hairpin = -1; __s8 bpdu_guard = -1; @@ -437,6 +444,11 @@ static int brlink_modify(int argc, char **argv) locked = parse_on_off("locked", *argv, &ret); if (ret) return ret; + } else if (strcmp(*argv, "mab") == 0) { + NEXT_ARG(); + macauth = parse_on_off("mab", *argv, &ret); + if (ret) + return ret; } else if (strcmp(*argv, "backup_port") == 0) { NEXT_ARG(); backup_port_idx = ll_name_to_index(*argv); @@ -520,6 +532,9 @@ static int brlink_modify(int argc, char **argv) if (locked >= 0) addattr8(&req.n, sizeof(req), IFLA_BRPORT_LOCKED, locked); + if (macauth >= 0) + addattr8(&req.n, sizeof(req), IFLA_BRPORT_MAB, macauth); + if (backup_port_idx != -1) addattr32(&req.n, sizeof(req), IFLA_BRPORT_BACKUP_PORT, backup_port_idx); diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h index 7494cffb..58a002de 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h @@ -559,6 +559,7 @@ enum { IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT, IFLA_BRPORT_MCAST_EHT_HOSTS_CNT, IFLA_BRPORT_LOCKED, + IFLA_BRPORT_MAB, __IFLA_BRPORT_MAX }; #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1) diff --git a/include/uapi/linux/neighbour.h b/include/uapi/linux/neighbour.h index a998bf76..4dda051b 100644 --- a/include/uapi/linux/neighbour.h +++ b/include/uapi/linux/neighbour.h @@ -52,7 +52,8 @@ enum { #define NTF_STICKY (1 << 6) #define NTF_ROUTER (1 << 7) /* Extended flags under NDA_FLAGS_EXT: */ -#define NTF_EXT_MANAGED (1 << 0) +#define NTF_EXT_MANAGED (1 << 0) +#define NTF_EXT_LOCKED (1 << 1) /* * Neighbor Cache Entry States. @@ -86,6 +87,10 @@ enum { * NTF_EXT_MANAGED flagged neigbor entries are managed by the kernel on behalf * of a user space control plane, and automatically refreshed so that (if * possible) they remain in NUD_REACHABLE state. + * + * NTF_EXT_LOCKED flagged FDB entries are placeholder entries used with the + * locked port feature, that ensures that an entry exists while at the same + * time dropping packets on ingress with src MAC and VID matching the entry. */ struct nda_cacheinfo { diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c index 98d17213..0c0894eb 100644 --- a/ip/iplink_bridge_slave.c +++ b/ip/iplink_bridge_slave.c @@ -44,6 +44,7 @@ static void print_explain(FILE *f) " [ vlan_tunnel {on | off} ]\n" " [ isolated {on | off} ]\n" " [ locked {on | off} ]\n" + " [ mab {on | off} ]\n" " [ backup_port DEVICE ] [ nobackup_port ]\n" ); } @@ -284,9 +285,14 @@ static void bridge_slave_print_opt(struct link_util *lu, FILE *f, print_on_off(PRINT_ANY, "isolated", "isolated %s ", rta_getattr_u8(tb[IFLA_BRPORT_ISOLATED])); - if (tb[IFLA_BRPORT_LOCKED]) - print_on_off(PRINT_ANY, "locked", "locked %s ", - rta_getattr_u8(tb[IFLA_BRPORT_LOCKED])); + if (tb[IFLA_BRPORT_LOCKED]) { + if (tb[IFLA_BRPORT_MAB] && rta_getattr_u8(tb[IFLA_BRPORT_MAB])) + print_on_off(PRINT_ANY, "locked mab", "locked mab %s ", + rta_getattr_u8(tb[IFLA_BRPORT_LOCKED])); + else + print_on_off(PRINT_ANY, "locked", "locked %s ", + rta_getattr_u8(tb[IFLA_BRPORT_LOCKED])); + } if (tb[IFLA_BRPORT_BACKUP_PORT]) { int backup_p = rta_getattr_u32(tb[IFLA_BRPORT_BACKUP_PORT]); @@ -411,6 +417,10 @@ static int bridge_slave_parse_opt(struct link_util *lu, int argc, char **argv, NEXT_ARG(); bridge_slave_parse_on_off("locked", *argv, n, IFLA_BRPORT_LOCKED); + } else if (matches(*argv, "mab") == 0) { + NEXT_ARG(); + bridge_slave_parse_on_off("mab", *argv, n, + IFLA_BRPORT_MAB); } else if (matches(*argv, "backup_port") == 0) { int ifindex; diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index d4df772e..40250477 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -54,6 +54,7 @@ bridge \- show / manipulate bridge addresses and devices .BR vlan_tunnel " { " on " | " off " } ] [ " .BR isolated " { " on " | " off " } ] [ " .BR locked " { " on " | " off " } ] [ " +.BR mab " { " on " | " off " } ] [ " .B backup_port .IR DEVICE " ] [" .BR nobackup_port " ] [ " @@ -580,6 +581,15 @@ The common use is that hosts are allowed access through authentication with the IEEE 802.1X protocol or based on whitelists or like setups. By default this flag is off. +.TP +.RB "mab on " or " mab off " +Enables or disables the MAB/MacAuth feature. This feature can only be +activated on a port that is in locked mode, and when enabled it extends the +locked port feature so that MAC address can get access through a locked +port based on acceptlists, thus it is a much simpler procedure for a +device to become authorized than f.ex. the 802.1X protocol, and is used +for devices that are not capable of password or crypto based authorization +methods. .TP .BI backup_port " DEVICE" diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index fc9d62fc..187ca7ca 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -2454,6 +2454,9 @@ the following additional arguments are supported: .BR isolated " { " on " | " off " }" ] [ .BR locked " { " on " | " off " }" +] [ +.BR mab " { " on " | " off " }" +] [ .BR backup_port " DEVICE" ] [ .BR nobackup_port " ]" @@ -2560,6 +2563,11 @@ default this flag is off. behind the port cannot communicate through the port unless a FDB entry representing the host is in the FDB. By default this flag is off. +.BR mab " { " on " | " off " }" +- enables or disables the MAB/MacAuth feature on a locked port. It is +thus possible for a device to gain authorization on a locked port based +on acceptlists. + .BI backup_port " DEVICE" - if the port loses carrier all traffic will be redirected to the configured backup port -- 2.34.1

2 years, 2 months

5
11
0 0

[PATCH v10 0/2] SPDX: add copyleft-next-0.3.1

by Luis Chamberlain

As suggested by Thomas Gleixner, I'm following up to move on with the SPDX tag needed for copyleft-next-0.3.1. I've split this out from the test_sysfs selftest so to separate review from that. Changes on this v10: o embraced paragraph from Thomas Gleixner which helps explain why the OR operator in the SPDX license name o dropped the GPL-2.0 and GPL-2.0+ tags as suggested by Thomas Gleixner as these are outdated (still valid) in the SPDX spec o trimmed the Cc list to remove the test_sysfs / block layer / fs folks as the test_sysfs stuff is now dropped from consideration in this series The last series was at v9 but it also had the test_sysfs and its changes, its history can be found here: https://lore.kernel.org/all/20211029184500.2821444-1-mcgrof@kernel.org/ Luis Chamberlain (2): LICENSES: Add the copyleft-next-0.3.1 license testing: use the copyleft-next-0.3.1 SPDX tag LICENSES/dual/copyleft-next-0.3.1 | 236 +++++++++++++++++++++++ lib/test_kmod.c | 12 +- lib/test_sysctl.c | 12 +- tools/testing/selftests/kmod/kmod.sh | 13 +- tools/testing/selftests/sysctl/sysctl.sh | 12 +- 5 files changed, 240 insertions(+), 45 deletions(-) create mode 100644 LICENSES/dual/copyleft-next-0.3.1 -- 2.35.1

2 years, 2 months

3
6
0 0

[PATCH v2] Documentation: kunit: rewrite writing first test instructions

by Bagas Sanjaya

The wordings of step-by-step instructions on writing the first Kunit test are instructing readers to write codes without knowing what these are about. Rewrite these instructions to include the purpose of written code. While at it, align the code blocks of these contents. Signed-off-by: Bagas Sanjaya <bagasdotme(a)gmail.com> --- Changes since v1 [1]: - Fix jumped list numbering on writing the feature This patch is based on Khalid's full path to .kunitconfig patch [2]. [1]: https://lore.kernel.org/linux-doc/20220929125458.52979-1-bagasdotme@gmail.c… [2]: https://lore.kernel.org/linux-doc/20220929085332.4155-1-khalid.masum.92@gma… Documentation/dev-tools/kunit/start.rst | 40 ++++++++++++++----------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/Documentation/dev-tools/kunit/start.rst b/Documentation/dev-tools/kunit/start.rst index 7999874dc4ddb3..c0a5adf6d8d665 100644 --- a/Documentation/dev-tools/kunit/start.rst +++ b/Documentation/dev-tools/kunit/start.rst @@ -131,17 +131,19 @@ are built-in. Otherwise the module will need to be loaded. Writing Your First Test ======================= -In your kernel repository, let's add some code that we can test. +In your kernel repository, let's add some code that we can test. For this +purpose, we are going to add simple addition driver. -1. Create a file ``drivers/misc/example.h``, which includes: +1. Write the feature that will be tested. First, write the declaration + for ``misc_example_add()`` in ``drivers/misc/example.h``: -.. code-block:: c + .. code-block:: c int misc_example_add(int left, int right); -2. Create a file ``drivers/misc/example.c``, which includes: + Then implement the function in ``drivers/misc/example.c``: -.. code-block:: c + .. code-block:: c #include <linux/errno.h> @@ -152,24 +154,25 @@ In your kernel repository, let's add some code that we can test. return left + right; } -3. Add the following lines to ``drivers/misc/Kconfig``: +2. Add Kconfig menu entry for the feature to ``drivers/misc/Kconfig``: -.. code-block:: kconfig + .. code-block:: kconfig config MISC_EXAMPLE bool "My example" -4. Add the following lines to ``drivers/misc/Makefile``: +3. Add the kbuild goal that will build the feature to + ``drivers/misc/Makefile``: -.. code-block:: make + .. code-block:: make obj-$(CONFIG_MISC_EXAMPLE) += example.o Now we are ready to write the test cases. -1. Add the below test case in ``drivers/misc/example_test.c``: +1. Write the test in ``drivers/misc/example_test.c``: -.. code-block:: c + .. code-block:: c #include <kunit/test.h> #include "example.h" @@ -202,31 +205,32 @@ Now we are ready to write the test cases. }; kunit_test_suite(misc_example_test_suite); -2. Add the following lines to ``drivers/misc/Kconfig``: +2. Add following Kconfig entry for the test to ``drivers/misc/Kconfig``: -.. code-block:: kconfig + .. code-block:: kconfig config MISC_EXAMPLE_TEST tristate "Test for my example" if !KUNIT_ALL_TESTS depends on MISC_EXAMPLE && KUNIT=y default KUNIT_ALL_TESTS -3. Add the following lines to ``drivers/misc/Makefile``: +3. Add kbuild goal of the test to ``drivers/misc/Makefile``: -.. code-block:: make + .. code-block:: make obj-$(CONFIG_MISC_EXAMPLE_TEST) += example_test.o -4. Add following configuration fragments to ``.kunit/.kunitconfig``: +4. Add following configuration fragments for the test to + ``.kunit/.kunitconfig``: -.. code-block:: none + .. code-block:: none CONFIG_MISC_EXAMPLE=y CONFIG_MISC_EXAMPLE_TEST=y 5. Run the test: -.. code-block:: bash + .. code-block:: bash ./tools/testing/kunit/kunit.py run -- An old man doll... just what I always wanted! - Clara

2 years, 2 months

2
5
0 0

[PATCH net-next,v2] selftests/tc-testing: update qdisc/cls/action features in config

by Zhengchao Shao

Since three patchsets "add tc-testing test cases", "refactor duplicate codes in the tc cls walk function", and "refactor duplicate codes in the qdisc class walk function" are merged to net-next tree, the list of supported features needs to be updated in config file. Signed-off-by: Zhengchao Shao <shaozhengchao(a)huawei.com> --- v2: modify typos --- tools/testing/selftests/tc-testing/config | 25 ++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/tc-testing/config b/tools/testing/selftests/tc-testing/config index 2b2c2a835757..4638c63a339f 100644 --- a/tools/testing/selftests/tc-testing/config +++ b/tools/testing/selftests/tc-testing/config @@ -13,15 +13,28 @@ CONFIG_NET_SCHED=y # Queueing/Scheduling # CONFIG_NET_SCH_ATM=m +CONFIG_NET_SCH_CAKE=m +CONFIG_NET_SCH_CBQ=m +CONFIG_NET_SCH_CBS=m CONFIG_NET_SCH_CHOKE=m CONFIG_NET_SCH_CODEL=m +CONFIG_NET_SCH_DRR=m +CONFIG_NET_SCH_DSMARK=m CONFIG_NET_SCH_ETF=m CONFIG_NET_SCH_FQ=m +CONFIG_NET_SCH_FQ_CODEL=m CONFIG_NET_SCH_GRED=m +CONFIG_NET_SCH_HFSC=m CONFIG_NET_SCH_HHF=m +CONFIG_NET_SCH_HTB=m +CONFIG_NET_SCH_INGRESS=m +CONFIG_NET_SCH_MQPRIO=m +CONFIG_NET_SCH_MULTIQ=m +CONFIG_NET_SCH_NETEM=m +CONFIG_NET_SCH_PIE=m CONFIG_NET_SCH_PLUG=m CONFIG_NET_SCH_PRIO=m -CONFIG_NET_SCH_INGRESS=m +CONFIG_NET_SCH_QFQ=m CONFIG_NET_SCH_SFB=m CONFIG_NET_SCH_SFQ=m CONFIG_NET_SCH_SKBPRIO=m @@ -37,6 +50,15 @@ CONFIG_NET_CLS_FW=m CONFIG_NET_CLS_U32=m CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y +CONFIG_NET_CLS_BASIC=m +CONFIG_NET_CLS_BPF=m +CONFIG_NET_CLS_CGROUP=m +CONFIG_NET_CLS_FLOW=m +CONFIG_NET_CLS_FLOWER=m +CONFIG_NET_CLS_MATCHALL=m +CONFIG_NET_CLS_ROUTE4=m +CONFIG_NET_CLS_RSVP=m +CONFIG_NET_CLS_TCINDEX=m CONFIG_NET_EMATCH=y CONFIG_NET_EMATCH_STACK=32 CONFIG_NET_EMATCH_CMP=m @@ -68,6 +90,7 @@ CONFIG_NET_ACT_IFE=m CONFIG_NET_ACT_TUNNEL_KEY=m CONFIG_NET_ACT_CT=m CONFIG_NET_ACT_MPLS=m +CONFIG_NET_ACT_GATE=m CONFIG_NET_IFE_SKBMARK=m CONFIG_NET_IFE_SKBPRIO=m CONFIG_NET_IFE_SKBTCINDEX=m -- 2.17.1

2 years, 2 months

5
4
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror September 2022