February 2023 - Linux-kselftest-mirror

[PATCH v2 0/9] selftests/resctrl: Fixes to error handling logic and cleanups

by Ilpo Järvinen

This series fixes a few cleanup/error handling problems and cleans up code. v2: - Improved changelogs - Return NULL directly from malloc_and_init_memory() - Added patch to convert memalign() to posix_memalign() - Added patch to correct function comment parameter - Dropped literal -> define patch for now (likely superceded soon) Fenghua Yu (1): selftests/resctrl: Change name from CBM_MASK_PATH to INFO_PATH Ilpo Järvinen (8): selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem selftests/resctrl: Move ->setup() call outside of test specific branches selftests/resctrl: Allow ->setup() to return errors selftests/resctrl: Check for return value after write_schemata() selftests/resctrl: Replace obsolete memalign() with posix_memalign() selftests/resctrl: Change initialize_llc_perf() return type to void selftests/resctrl: Use remount_resctrlfs() consistently with boolean selftests/resctrl: Correct get_llc_perf() param in function comment tools/testing/selftests/resctrl/cache.c | 17 +++++++-------- tools/testing/selftests/resctrl/cat_test.c | 4 ++-- tools/testing/selftests/resctrl/cmt_test.c | 9 ++++---- tools/testing/selftests/resctrl/fill_buf.c | 7 +++++-- tools/testing/selftests/resctrl/mba_test.c | 11 +++++++--- tools/testing/selftests/resctrl/mbm_test.c | 4 ++-- tools/testing/selftests/resctrl/resctrl.h | 6 ++++-- tools/testing/selftests/resctrl/resctrl_val.c | 21 +++++++------------ tools/testing/selftests/resctrl/resctrlfs.c | 2 +- 9 files changed, 41 insertions(+), 40 deletions(-) -- 2.30.2

1 year, 1 month

2
20
0 0

[PATCH] selftests/mount_setattr: fix redefine struct mount_attr build error

by Shuah Khan

Fix the following build error due to redefining struct mount_attr by removing duplicate define from mount_setattr_test.c gcc -g -isystem .../tools/testing/selftests/../../../usr/include -Wall -O2 -pthread mount_setattr_test.c -o .../tools/testing/selftests/mount_setattr/mount_setattr_test mount_setattr_test.c:107:8: error: redefinition of ‘struct mount_attr’ 107 | struct mount_attr { | ^~~~~~~~~~ In file included from /usr/include/x86_64-linux-gnu/sys/mount.h:32, from mount_setattr_test.c:10: .../usr/include/linux/mount.h:129:8: note: originally defined here 129 | struct mount_attr { | ^~~~~~~~~~ make: *** [../lib.mk:145: .../tools/testing/selftests/mount_setattr/mount_setattr_test] Error 1 Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> --- tools/testing/selftests/mount_setattr/mount_setattr_test.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tools/testing/selftests/mount_setattr/mount_setattr_test.c b/tools/testing/selftests/mount_setattr/mount_setattr_test.c index 8c5fea68ae67..582669ca38e9 100644 --- a/tools/testing/selftests/mount_setattr/mount_setattr_test.c +++ b/tools/testing/selftests/mount_setattr/mount_setattr_test.c @@ -103,13 +103,6 @@ #else #define __NR_mount_setattr 442 #endif - -struct mount_attr { - __u64 attr_set; - __u64 attr_clr; - __u64 propagation; - __u64 userns_fd; -}; #endif #ifndef __NR_open_tree -- 2.37.2

1 year, 1 month

3
5
0 0

[PATCH net-next v3 0/3] vsock: add support for sockmap

by Bobby Eshleman

Add support for sockmap to vsock. We're testing usage of vsock as a way to redirect guest-local UDS requests to the host and this patch series greatly improves the performance of such a setup. Compared to copying packets via userspace, this improves throughput by 121% in basic testing. Tested as follows. Setup: guest unix dgram sender -> guest vsock redirector -> host vsock server Threads: 1 Payload: 64k No sockmap: - 76.3 MB/s - The guest vsock redirector was "socat VSOCK-CONNECT:2:1234 UNIX-RECV:/path/to/sock" Using sockmap (this patch): - 168.8 MB/s (+121%) - The guest redirector was a simple sockmap echo server, redirecting unix ingress to vsock 2:1234 egress. - Same sender and server programs *Note: these numbers are from RFC v1 Only the virtio transport has been tested. The loopback transport was used in writing bpf/selftests, but not thoroughly tested otherwise. This series requires the skb patch. Changes in v3: - vsock/bpf: Refactor wait logic in vsock_bpf_recvmsg() to avoid backwards goto - vsock/bpf: Check psock before acquiring slock - vsock/bpf: Return bool instead of int of 0 or 1 - vsock/bpf: Wrap macro args __sk/__psock in parens - vsock/bpf: Place comment trailer */ on separate line Changes in v2: - vsock/bpf: rename vsock_dgram_* -> vsock_* - vsock/bpf: change sk_psock_{get,put} and {lock,release}_sock() order to minimize slock hold time - vsock/bpf: use "new style" wait - vsock/bpf: fix bug in wait log - vsock/bpf: add check that recvmsg sk_type is one dgram, seqpacket, or stream. Return error if not one of the three. - virtio/vsock: comment __skb_recv_datagram() usage - virtio/vsock: do not init copied in read_skb() - vsock/bpf: add ifdef guard around struct proto in dgram_recvmsg() - selftests/bpf: add vsock loopback config for aarch64 - selftests/bpf: add vsock loopback config for s390x - selftests/bpf: remove vsock device from vmtest.sh qemu machine - selftests/bpf: remove CONFIG_VIRTIO_VSOCKETS=y from config.x86_64 - vsock/bpf: move transport-related (e.g., if (!vsk->transport)) checks out of fast path Signed-off-by: Bobby Eshleman <bobby.eshleman(a)bytedance.com> --- Bobby Eshleman (3): vsock: support sockmap selftests/bpf: add vsock to vmtest.sh selftests/bpf: Add a test case for vsock sockmap drivers/vhost/vsock.c | 1 + include/linux/virtio_vsock.h | 1 + include/net/af_vsock.h | 17 ++ net/vmw_vsock/Makefile | 1 + net/vmw_vsock/af_vsock.c | 55 ++++++- net/vmw_vsock/virtio_transport.c | 2 + net/vmw_vsock/virtio_transport_common.c | 24 +++ net/vmw_vsock/vsock_bpf.c | 175 +++++++++++++++++++++ net/vmw_vsock/vsock_loopback.c | 2 + tools/testing/selftests/bpf/config.aarch64 | 2 + tools/testing/selftests/bpf/config.s390x | 3 + tools/testing/selftests/bpf/config.x86_64 | 3 + .../selftests/bpf/prog_tests/sockmap_listen.c | 163 +++++++++++++++++++ 13 files changed, 443 insertions(+), 6 deletions(-) --- base-commit: d83115ce337a632f996e44c9f9e18cadfcf5a094 change-id: 20230118-support-vsock-sockmap-connectible-2e1297d2111a Best regards, -- Bobby Eshleman <bobby.eshleman(a)bytedance.com> --- Bobby Eshleman (3): vsock: support sockmap selftests/bpf: add vsock to vmtest.sh selftests/bpf: add a test case for vsock sockmap drivers/vhost/vsock.c | 1 + include/linux/virtio_vsock.h | 1 + include/net/af_vsock.h | 17 ++ net/vmw_vsock/Makefile | 1 + net/vmw_vsock/af_vsock.c | 55 ++++++- net/vmw_vsock/virtio_transport.c | 2 + net/vmw_vsock/virtio_transport_common.c | 25 +++ net/vmw_vsock/vsock_bpf.c | 174 +++++++++++++++++++++ net/vmw_vsock/vsock_loopback.c | 2 + tools/testing/selftests/bpf/config.aarch64 | 2 + tools/testing/selftests/bpf/config.s390x | 3 + tools/testing/selftests/bpf/config.x86_64 | 3 + .../selftests/bpf/prog_tests/sockmap_listen.c | 163 +++++++++++++++++++ 13 files changed, 443 insertions(+), 6 deletions(-) --- base-commit: c2ea552065e43d05bce240f53c3185fd3a066204 change-id: 20230227-vsock-sockmap-upstream-9d65c84174a2 Best regards, -- Bobby Eshleman <bobby.eshleman(a)bytedance.com>

1 year, 1 month

4
10
0 0

[PATCH v3 0/3] mm: process/cgroup ksm support

by Stefan Roesch

So far KSM can only be enabled by calling madvise for memory regions. To be able to use KSM for more workloads, KSM needs to have the ability to be enabled / disabled at the process / cgroup level. Use case 1: The madvise call is not available in the programming language. An example for this are programs with forked workloads using a garbage collected language without pointers. In such a language madvise cannot be made available. In addition the addresses of objects get moved around as they are garbage collected. KSM sharing needs to be enabled "from the outside" for these type of workloads. Use case 2: The same interpreter can also be used for workloads where KSM brings no benefit or even has overhead. We'd like to be able to enable KSM on a workload by workload basis. Use case 3: With the madvise call sharing opportunities are only enabled for the current process: it is a workload-local decision. A considerable number of sharing opportuniites may exist across multiple workloads or jobs. Only a higler level entity like a job scheduler or container can know for certain if its running one or more instances of a job. That job scheduler however doesn't have the necessary internal worklaod knowledge to make targeted madvise calls. Security concerns: In previous discussions security concerns have been brought up. The problem is that an individual workload does not have the knowledge about what else is running on a machine. Therefore it has to be very conservative in what memory areas can be shared or not. However, if the system is dedicated to running multiple jobs within the same security domain, its the job scheduler that has the knowledge that sharing can be safely enabled and is even desirable. Performance: Experiments with using UKSM have shown a capacity increase of around 20%. 1. New options for prctl system command This patch series adds two new options to the prctl system call. The first one allows to enable KSM at the process level and the second one to query the setting. The setting will be inherited by child processes. With the above setting, KSM can be enabled for the seed process of a cgroup and all processes in the cgroup will inherit the setting. 2. Changes to KSM processing When KSM is enabled at the process level, the KSM code will iterate over all the VMA's and enable KSM for the eligible VMA's. When forking a process that has KSM enabled, the setting will be inherited by the new child process. In addition when KSM is disabled for a process, KSM will be disabled for the VMA's where KSM has been enabled. 3. Add general_profit metric The general_profit metric of KSM is specified in the documentation, but not calculated. This adds the general profit metric to /sys/kernel/debug/mm/ksm. 4. Add more metrics to ksm_stat This adds the process profit and ksm type metric to /proc/<pid>/ksm_stat. 5. Add more tests to ksm_tests This adds an option to specify the merge type to the ksm_tests. This allows to test madvise and prctl KSM. It also adds a new option to query if prctl KSM has been enabled. It adds a fork test to verify that the KSM process setting is inherited by client processes. Changes: - V3: - folded patch 1 - 6 - folded patch 7 - 14 - folded patch 15 - 19 - Expanded on the use cases in the cover letter - Added a section on security concerns to the cover letter - V2: - Added use cases to the cover letter - Removed the tracing patch from the patch series and posted it as an individual patch - Refreshed repo Stefan Roesch (3): mm: add new api to enable ksm per process mm: add new KSM process and sysfs knobs selftests/mm: add new selftests for KSM Documentation/ABI/testing/sysfs-kernel-mm-ksm | 8 + Documentation/admin-guide/mm/ksm.rst | 8 +- fs/proc/base.c | 5 + include/linux/ksm.h | 19 +- include/linux/sched/coredump.h | 1 + include/uapi/linux/prctl.h | 2 + kernel/sys.c | 29 ++ mm/ksm.c | 114 +++++++- tools/include/uapi/linux/prctl.h | 2 + tools/testing/selftests/mm/Makefile | 3 +- tools/testing/selftests/mm/ksm_tests.c | 254 +++++++++++++++--- 11 files changed, 389 insertions(+), 56 deletions(-) base-commit: 234a68e24b120b98875a8b6e17a9dead277be16a -- 2.30.2

1 year, 1 month

5
15
0 0

[PATCH 0/2] selftests: bump timeout for firmware and kmod

by Luis Chamberlain

Shuah, I'd like this to go through your tree as this is timeout related. In order to help me help developers run tests against the components I maintain much easily I have enabled selftests support on kdevops [0]. kdevops deals with abstractsions like letting you pick virtualization or cloud solutions to run the tests using kconfig, installs all dependencies for you, and with just a few make target commands can get you the latest linux-next tested against selftests. If other find this useful and would like support for their selftests on kdevops feel free to send patches. Eventually the idea is to be able to run as many selftests in parallel using different guests for each main selftest to speed up tests. Prior to this I used to run tests manually, now the selftests helpers are used (./tools/testing/selftests/run_kselftest.sh -s) and with this the default selftest timeout is hit. This just increases that for the few selftests I help maintain where obviously its not enough anymore. Note: on the firmware side I am spotting an OOM triggered by running tests in a loop, so far I hit in the android configuration but its not clear if the issue is just for that setup. [0] https://github.com/linux-kdevops/kdevops Luis Chamberlain (2): selftests/kmod: increase the kmod timeout from 45 to 165 selftests/firmware: increase timeout from 165 to 230 tools/testing/selftests/firmware/settings | 8 +++++++- tools/testing/selftests/kmod/settings | 4 ++++ 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/kmod/settings -- 2.39.1

1 year, 1 month

2
8
0 0

[V2 PATCH 0/6] KVM: selftests: selftests for fd-based private memory

by Vishal Annapurve

This series implements selftests targeting the feature floated by Chao via: https://lore.kernel.org/lkml/20221202061347.1070246-10-chao.p.peng@linux.in… Below changes aim to test the fd based approach for guest private memory in context of normal (non-confidential) VMs executing on non-confidential platforms. private_mem_test.c file adds selftest to access private memory from the guest via private/shared accesses and checking if the contents can be leaked to/accessed by vmm via shared memory view before/after conversions. Updates in V2: 1) Simplified vcpu run loop implementation API 2) Removed VM creation logic from private mem library Updates in V1 (Compared to RFC v3 patches): 1) Incorporated suggestions from Sean around simplifying KVM changes 2) Addressed comments from Sean 3) Added private mem test with shared memory backed by 2MB hugepages. V1 series: https://lore.kernel.org/lkml/20221111014244.1714148-1-vannapurve@google.com… This series has dependency on following patches: 1) V10 series patches from Chao mentioned above. Github link for the patches posted as part of this series: https://github.com/vishals4gh/linux/commits/priv_memfd_selftests_v2 Vishal Annapurve (6): KVM: x86: Add support for testing private memory KVM: Selftests: Add support for private memory KVM: selftests: x86: Add IS_ALIGNED/IS_PAGE_ALIGNED helpers KVM: selftests: x86: Add helpers to execute VMs with private memory KVM: selftests: Add get_free_huge_2m_pages KVM: selftests: x86: Add selftest for private memory arch/x86/kvm/mmu/mmu_internal.h | 6 +- tools/testing/selftests/kvm/.gitignore | 1 + tools/testing/selftests/kvm/Makefile | 2 + .../selftests/kvm/include/kvm_util_base.h | 15 +- .../testing/selftests/kvm/include/test_util.h | 5 + .../kvm/include/x86_64/private_mem.h | 24 ++ .../selftests/kvm/include/x86_64/processor.h | 1 + tools/testing/selftests/kvm/lib/kvm_util.c | 58 ++++- tools/testing/selftests/kvm/lib/test_util.c | 29 +++ .../selftests/kvm/lib/x86_64/private_mem.c | 139 ++++++++++++ .../selftests/kvm/x86_64/private_mem_test.c | 212 ++++++++++++++++++ virt/kvm/Kconfig | 4 + virt/kvm/kvm_main.c | 3 +- 13 files changed, 490 insertions(+), 9 deletions(-) create mode 100644 tools/testing/selftests/kvm/include/x86_64/private_mem.h create mode 100644 tools/testing/selftests/kvm/lib/x86_64/private_mem.c create mode 100644 tools/testing/selftests/kvm/x86_64/private_mem_test.c -- 2.39.0.rc0.267.gcb52ba06e7-goog

1 year, 1 month

5
26
0 0

[PATCH v1 0/2] KVM: selftests: Fixes for broken tests

by Ryan Roberts

During the course of implementing FEAT_LPA2 within the arm64 KVM port, I found a couple of issues within the KVM selftest code, which I thought were worth posting independently. The LPA2 patches, for which I will post v2 in the next few days, depend on these fixes for its testing. Ryan Roberts (2): KVM: selftests: Fixup config fragment for access_tracking_perf_test KVM: selftests: arm64: Fix pte encode/decode for PA bits > 48 tools/testing/selftests/kvm/config | 1 + .../selftests/kvm/lib/aarch64/processor.c | 32 ++++++++++++++----- 2 files changed, 25 insertions(+), 8 deletions(-) -- 2.25.1

1 year, 1 month

2
5
0 0

[PATCH] selftests: pci: pci-selftest: add support for PCI endpoint driver test

by Aman Gupta

This patch enables the support to perform selftest on PCIe endpoint driver present in the system. The following tests are currently performed by the selftest utility 1. BAR Tests (BAR0 to BAR5) 2. MSI Interrupt Tests (MSI1 to MSI32) 3. Read Tests (For 1, 1024, 1025, 1024000, 1024001 Bytes) 4. Write Tests (For 1, 1024, 1025, 1024000, 1024001 Bytes) 5. Copy Tests (For 1, 1024, 1025, 1024000, 1024001 Bytes) Signed-off-by: Aman Gupta <aman1.gupta(a)samsung.com> Signed-off-by: Padmanabhan Rajanbabu <p.rajanbabu(a)samsung.com> --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/pci/.gitignore | 1 + tools/testing/selftests/pci/Makefile | 7 + tools/testing/selftests/pci/pci-selftest.c | 167 +++++++++++++++++++++ 4 files changed, 176 insertions(+) create mode 100644 tools/testing/selftests/pci/.gitignore create mode 100644 tools/testing/selftests/pci/Makefile create mode 100644 tools/testing/selftests/pci/pci-selftest.c diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index c2064a35688b..81584169a80f 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -49,6 +49,7 @@ TARGETS += net/forwarding TARGETS += net/mptcp TARGETS += netfilter TARGETS += nsfs +TARGETS += pci TARGETS += pidfd TARGETS += pid_namespace TARGETS += powerpc diff --git a/tools/testing/selftests/pci/.gitignore b/tools/testing/selftests/pci/.gitignore new file mode 100644 index 000000000000..db01411b8200 --- /dev/null +++ b/tools/testing/selftests/pci/.gitignore @@ -0,0 +1 @@ +pci-selftest diff --git a/tools/testing/selftests/pci/Makefile b/tools/testing/selftests/pci/Makefile new file mode 100644 index 000000000000..76b7725a45ae --- /dev/null +++ b/tools/testing/selftests/pci/Makefile @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0 +CFLAGS += -O2 -Wl,-no-as-needed -Wall +LDFLAGS += -lrt -lpthread -lm + +TEST_GEN_PROGS = pci-selftest + +include ../lib.mk diff --git a/tools/testing/selftests/pci/pci-selftest.c b/tools/testing/selftests/pci/pci-selftest.c new file mode 100644 index 000000000000..73e8f3eb1982 --- /dev/null +++ b/tools/testing/selftests/pci/pci-selftest.c @@ -0,0 +1,167 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * PCI Endpoint Driver Test Program + * + * Copyright (c) 2022 Samsung Electronics Co., Ltd. + * https://www.samsung.com + * Author: Aman Gupta <aman1.gupta(a)samsung.com> + */ + +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdlib.h> +#include <sys/ioctl.h> +#include <unistd.h> + +#include "../kselftest_harness.h" + +#define PCITEST_BAR _IO('P', 0x1) +#define PCITEST_LEGACY_IRQ _IO('P', 0x2) +#define PCITEST_MSI _IOW('P', 0x3, int) +#define PCITEST_WRITE _IOW('P', 0x4, unsigned long) +#define PCITEST_READ _IOW('P', 0x5, unsigned long) +#define PCITEST_COPY _IOW('P', 0x6, unsigned long) +#define PCITEST_MSIX _IOW('P', 0x7, int) +#define PCITEST_SET_IRQTYPE _IOW('P', 0x8, int) +#define PCITEST_GET_IRQTYPE _IO('P', 0x9) +#define PCITEST_CLEAR_IRQ _IO('P', 0x10) + +static char *test_device = "/dev/pci-endpoint-test.0"; + +struct xfer_param { + unsigned long size; + unsigned char flag; + }; + +FIXTURE(device) +{ + int fd; +}; + +FIXTURE_SETUP(device) +{ + + self->fd = open(test_device, O_RDWR); + + ASSERT_NE(-1, self->fd) { + TH_LOG("Can't open PCI Endpoint Test device\n"); + } +} + +FIXTURE_TEARDOWN(device) +{ + close(self->fd); +} + +TEST_F(device, BAR_TEST) +{ + int ret = -EINVAL; + int final = 0; + + for (int i = 0; i <= 5; i++) { + ret = ioctl(self->fd, PCITEST_BAR, i); + + EXPECT_EQ(1, ret) { + TH_LOG("TEST FAILED FOR BAR %d\n", i); + final++; + } + } + + ASSERT_EQ(0, final); +} + +TEST_F(device, MSI_TEST) +{ + int ret = -EINVAL; + int final = 0; + + ret = ioctl(self->fd, PCITEST_SET_IRQTYPE, 1); + ASSERT_EQ(1, ret); + + for (int i = 1; i <= 32; i++) { + ret = ioctl(self->fd, PCITEST_MSI, i); + EXPECT_EQ(1, ret) { + TH_LOG("TEST FAILED FOR MSI%d\n", i); + final++; + } + } + + ASSERT_EQ(0, final); +} + +TEST_F(device, READ_TEST) +{ + int final = 0; + int ret = -EINVAL; + unsigned long SIZE[5] = {1, 1024, 1025, 1024000, 1024001}; + + ret = ioctl(self->fd, PCITEST_SET_IRQTYPE, 1); + ASSERT_EQ(1, ret); + + struct xfer_param param; + + param.flag = 0; + for (int i = 0; i < 5; i++) { + param.size = SIZE[i]; + ret = ioctl(self->fd, PCITEST_READ, &param); + EXPECT_EQ(1, ret) { + TH_LOG("TEST FAILED FOR size =%ld.\n", SIZE[i]); + final++; + } + } + + ASSERT_EQ(0, final); +} + +TEST_F(device, WRITE_TEST) +{ + int final = 0; + int ret = -EINVAL; + unsigned long SIZE[5] = {1, 1024, 1025, 1024000, 1024001}; + + ret = ioctl(self->fd, PCITEST_SET_IRQTYPE, 1); + ASSERT_EQ(1, ret); + + struct xfer_param param; + + param.flag = 0; + + for (int i = 0; i < 5; i++) { + param.size = SIZE[i]; + ret = ioctl(self->fd, PCITEST_WRITE, &param); + EXPECT_EQ(1, ret) { + TH_LOG("TEST FAILED FOR size =%ld.\n", SIZE[i]); + final++; + } + } + + ASSERT_EQ(0, final); +} + +TEST_F(device, COPY_TEST) +{ + int final = 0; + int ret = -EINVAL; + unsigned long SIZE[5] = {1, 1024, 1025, 1024000, 1024001}; + + ret = ioctl(self->fd, PCITEST_SET_IRQTYPE, 1); + ASSERT_EQ(1, ret); + + struct xfer_param param; + + param.flag = 0; + + for (int i = 0; i < 5; i++) { + param.size = SIZE[i]; + ret = ioctl(self->fd, PCITEST_COPY, &param); + EXPECT_EQ(1, ret) { + TH_LOG("TEST FAILED FOR size =%ld.\n", SIZE[i]); + final++; + } + } + + ASSERT_EQ(0, final); +} +TEST_HARNESS_MAIN -- 2.17.1

1 year, 1 month

9
18
0 0

Re: [PATCH bpf-next v2 0/8] Support defragmenting IPv(4|6) packets in BPF

by Alexei Starovoitov

On Mon, Feb 27, 2023 at 5:57 PM Daniel Xu <dxu(a)dxuuu.xyz> wrote: > > Hi Alexei, > > On Mon, Feb 27, 2023 at 03:03:38PM -0800, Alexei Starovoitov wrote: > > On Mon, Feb 27, 2023 at 12:51:02PM -0700, Daniel Xu wrote: > > > === Context === > > > > > > In the context of a middlebox, fragmented packets are tricky to handle. > > > The full 5-tuple of a packet is often only available in the first > > > fragment which makes enforcing consistent policy difficult. There are > > > really only two stateless options, neither of which are very nice: > > > > > > 1. Enforce policy on first fragment and accept all subsequent fragments. > > > This works but may let in certain attacks or allow data exfiltration. > > > > > > 2. Enforce policy on first fragment and drop all subsequent fragments. > > > This does not really work b/c some protocols may rely on > > > fragmentation. For example, DNS may rely on oversized UDP packets for > > > large responses. > > > > > > So stateful tracking is the only sane option. RFC 8900 [0] calls this > > > out as well in section 6.3: > > > > > > Middleboxes [...] should process IP fragments in a manner that is > > > consistent with [RFC0791] and [RFC8200]. In many cases, middleboxes > > > must maintain state in order to achieve this goal. > > > > > > === BPF related bits === > > > > > > However, when policy is enforced through BPF, the prog is run before the > > > kernel reassembles fragmented packets. This leaves BPF developers in a > > > awkward place: implement reassembly (possibly poorly) or use a stateless > > > method as described above. > > > > > > Fortunately, the kernel has robust support for fragmented IP packets. > > > This patchset wraps the existing defragmentation facilities in kfuncs so > > > that BPF progs running on middleboxes can reassemble fragmented packets > > > before applying policy. > > > > > > === Patchset details === > > > > > > This patchset is (hopefully) relatively straightforward from BPF perspective. > > > One thing I'd like to call out is the skb_copy()ing of the prog skb. I > > > did this to maintain the invariant that the ctx remains valid after prog > > > has run. This is relevant b/c ip_defrag() and ip_check_defrag() may > > > consume the skb if the skb is a fragment. > > > > Instead of doing all that with extra skb copy can you hook bpf prog after > > the networking stack already handled ip defrag? > > What kind of middle box are you doing? Why does it have to run at TC layer? > > Unless I'm missing something, the only other relevant hooks would be > socket hooks, right? > > Unfortunately I don't think my use case can do that. We are running the > kernel as a router, so no sockets are involved. Are you using bpf_fib_lookup and populating kernel routing table and doing everything on your own including neigh ? Have you considered to skb redirect to another netdev that does ip defrag? Like macvlan does it under some conditions. This can be generalized. Recently Florian proposed to allow calling bpf progs from all existing netfilter hooks. You can pretend to local deliver and hook in NF_INET_LOCAL_IN ? I feel it would be so much cleaner if stack does ip_defrag normally. The general issue of skb ownership between bpf prog and defrag logic isn't really solved with skb_copy. It's still an issue.

1 year, 1 month

4
6
0 0

[PATCH] selftests: amd-pstate: fix TEST_FILES

by Guillaume Tucker

Bring back the Python scripts that were initially added with TEST_GEN_FILES but now with TEST_FILES to avoid having them deleted when doing a clean. Also fix the way the architecture is being determined as they should also be installed when ARCH=x86_64 is provided explicitly. Then also append extra files to TEST_FILES and TEST_PROGS with += so they don't get discarded. Fixes: ba2d788aa873 ("selftests: amd-pstate: Trigger tbench benchmark and test cpus") Fixes: ac527cee87c9 ("selftests: amd-pstate: Don't delete source files via Makefile") Signed-off-by: Guillaume Tucker <guillaume.tucker(a)collabora.com> --- tools/testing/selftests/amd-pstate/Makefile | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/amd-pstate/Makefile b/tools/testing/selftests/amd-pstate/Makefile index 5fd1424db37d..c382f579fe94 100644 --- a/tools/testing/selftests/amd-pstate/Makefile +++ b/tools/testing/selftests/amd-pstate/Makefile @@ -4,10 +4,15 @@ # No binaries, but make sure arg-less "make" doesn't trigger "run_tests" all: -uname_M := $(shell uname -m 2>/dev/null || echo not) -ARCH ?= $(shell echo $(uname_M) | sed -e s/i.86/x86/ -e s/x86_64/x86/) +ARCH ?= $(shell uname -m 2>/dev/null || echo not) +ARCH := $(shell echo $(ARCH) | sed -e s/i.86/x86/ -e s/x86_64/x86/) -TEST_PROGS := run.sh -TEST_FILES := basic.sh tbench.sh gitsource.sh +ifeq (x86,$(ARCH)) +TEST_FILES += ../../../power/x86/amd_pstate_tracer/amd_pstate_trace.py +TEST_FILES += ../../../power/x86/intel_pstate_tracer/intel_pstate_tracer.py +endif + +TEST_PROGS += run.sh +TEST_FILES += basic.sh tbench.sh gitsource.sh include ../lib.mk -- 2.30.2

1 year, 1 month

3
4
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror February 2023