January 2024 - Linux-kselftest-mirror

[PATCH v4 00/11] RISCV: Add kvm Sstc timer selftests

by Haibo Xu

The RISC-V arch_timer selftests is used to validate Sstc timer functionality in a guest, which sets up periodic timer interrupts and check the basic interrupt status upon its receipt. This KVM selftests was ported from aarch64 arch_timer and tested with Linux v6.7-rc4 on a Qemu riscv64 virt machine. --- Changed since v4: * Rebased to Linux 6.7-rc4 * Included Paolo's patch(01/11) to fix issues with SPLIT_TESTS * Droped the patch(KVM: selftests: Unify the makefile rule for split targets) since Paolo's patch had included the fix * Added new patch(05/11) to include header file vdso/processor.h from linux source tree to leverage the cpu_relax() definition - Conor/Andrew * Added new patch(11/11) to enable user configuration of timer error margin parameter which alleviate the intermitent failure in stress test - Andrew * Other minor fixes per Andrew's comments Haibo Xu (10): KVM: arm64: selftests: Split arch_timer test code KVM: selftests: Add CONFIG_64BIT definition for the build tools: riscv: Add header file csr.h tools: riscv: Add header file vdso/processor.h KVM: riscv: selftests: Switch to use macro from csr.h KVM: riscv: selftests: Add exception handling support KVM: riscv: selftests: Add guest helper to get vcpu id KVM: riscv: selftests: Change vcpu_has_ext to a common function KVM: riscv: selftests: Add sstc timer test KVM: selftests: Enable tunning of err_margin_us in arch timer test Paolo Bonzini (1): selftests/kvm: Fix issues with $(SPLIT_TESTS) tools/arch/riscv/include/asm/csr.h | 521 ++++++++++++++++++ tools/arch/riscv/include/asm/vdso/processor.h | 32 ++ tools/testing/selftests/kvm/Makefile | 27 +- .../selftests/kvm/aarch64/arch_timer.c | 295 +--------- tools/testing/selftests/kvm/arch_timer.c | 259 +++++++++ .../selftests/kvm/include/aarch64/processor.h | 4 - .../selftests/kvm/include/kvm_util_base.h | 9 + .../selftests/kvm/include/riscv/arch_timer.h | 71 +++ .../selftests/kvm/include/riscv/processor.h | 65 ++- .../testing/selftests/kvm/include/test_util.h | 2 + .../selftests/kvm/include/timer_test.h | 45 ++ .../selftests/kvm/lib/riscv/handlers.S | 101 ++++ .../selftests/kvm/lib/riscv/processor.c | 87 +++ .../testing/selftests/kvm/riscv/arch_timer.c | 111 ++++ .../selftests/kvm/riscv/get-reg-list.c | 11 +- 15 files changed, 1333 insertions(+), 307 deletions(-) create mode 100644 tools/arch/riscv/include/asm/csr.h create mode 100644 tools/arch/riscv/include/asm/vdso/processor.h create mode 100644 tools/testing/selftests/kvm/arch_timer.c create mode 100644 tools/testing/selftests/kvm/include/riscv/arch_timer.h create mode 100644 tools/testing/selftests/kvm/include/timer_test.h create mode 100644 tools/testing/selftests/kvm/lib/riscv/handlers.S create mode 100644 tools/testing/selftests/kvm/riscv/arch_timer.c -- 2.34.1

1 year, 4 months

5
27
0 0

[PATCH v2 net-next] selftests/net: change shebang to bash to support "source"

by Yujie Liu

The patch set [1] added a general lib.sh in net selftests, and converted several test scripts to source the lib.sh. unicast_extensions.sh (converted in [1]) and pmtu.sh (converted in [2]) have a /bin/sh shebang which may point to various shells in different distributions, but "source" is only available in some of them. For example, "source" is a built-it function in bash, but it cannot be used in dash. Refer to other scripts that were converted together, simply change the shebang to bash to fix the following issues when the default /bin/sh points to other shells. # selftests: net: unicast_extensions.sh # ./unicast_extensions.sh: 31: source: not found # ########################################################################### # Unicast address extensions tests (behavior of reserved IPv4 addresses) # ########################################################################### # TEST: assign and ping within 240/4 (1 of 2) (is allowed) [FAIL] # TEST: assign and ping within 240/4 (2 of 2) (is allowed) [FAIL] # TEST: assign and ping within 0/8 (1 of 2) (is allowed) [FAIL] # TEST: assign and ping within 0/8 (2 of 2) (is allowed) [FAIL] # TEST: assign and ping inside 255.255/16 (is allowed) [FAIL] # TEST: assign and ping inside 255.255.255/24 (is allowed) [FAIL] # TEST: route between 240.5.6/24 and 255.1.2/24 (is allowed) [FAIL] # TEST: route between 0.200/16 and 245.99/16 (is allowed) [FAIL] # TEST: assign and ping lowest address (/24) [FAIL] # TEST: assign and ping lowest address (/26) [FAIL] # TEST: routing using lowest address [FAIL] # TEST: assigning 0.0.0.0 (is forbidden) [ OK ] # TEST: assigning 255.255.255.255 (is forbidden) [ OK ] # TEST: assign and ping inside 127/8 (is forbidden) [ OK ] # TEST: assign and ping class D address (is forbidden) [ OK ] # TEST: routing using class D (is forbidden) [ OK ] # TEST: routing using 127/8 (is forbidden) [ OK ] not ok 51 selftests: net: unicast_extensions.sh # exit=1 v1 -> v2: - Fix pmtu.sh which has the same issue as unicast_extensions.sh, suggested by Hangbin - Change the style of the "source" line to be consistent with other tests, suggested by Hangbin Link: https://lore.kernel.org/all/20231202020110.362433-1-liuhangbin@gmail.com/ [1] Link: https://lore.kernel.org/all/20231219094856.1740079-1-liuhangbin@gmail.com/ [2] Reported-by: kernel test robot <oliver.sang(a)intel.com> Signed-off-by: Yujie Liu <yujie.liu(a)intel.com> --- tools/testing/selftests/net/pmtu.sh | 4 ++-- tools/testing/selftests/net/unicast_extensions.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/net/pmtu.sh b/tools/testing/selftests/net/pmtu.sh index 175d3d1d773b..f10879788f61 100755 --- a/tools/testing/selftests/net/pmtu.sh +++ b/tools/testing/selftests/net/pmtu.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # SPDX-License-Identifier: GPL-2.0 # # Check that route PMTU values match expectations, and that initial device MTU @@ -198,7 +198,7 @@ # - pmtu_ipv6_route_change # Same as above but with IPv6 -source ./lib.sh +source lib.sh PAUSE_ON_FAIL=no VERBOSE=0 diff --git a/tools/testing/selftests/net/unicast_extensions.sh b/tools/testing/selftests/net/unicast_extensions.sh index b7a2cb9e7477..f52aa5f7da52 100755 --- a/tools/testing/selftests/net/unicast_extensions.sh +++ b/tools/testing/selftests/net/unicast_extensions.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # SPDX-License-Identifier: GPL-2.0 # # By Seth Schoen (c) 2021, for the IPv4 Unicast Extensions Project @@ -28,7 +28,7 @@ # These tests provide an easy way to flip the expected result of any # of these behaviors for testing kernel patches that change them. -source ./lib.sh +source lib.sh # nettest can be run from PATH or from same directory as this selftest if ! which nettest >/dev/null; then base-commit: cd4d7263d58ab98fd4dee876776e4da6c328faa3 -- 2.34.1

1 year, 4 months

6
10
0 0

[PATCH net-next v2 0/3] net: gro: reduce extension header parsing overhead

by Richard Gobert

This series attempts to reduce the parsing overhead of IPv6 extension headers in GRO and GSO, by removing extension header specific code and enabling the frag0 fast path. The following changes were made: - Removed some unnecessary HBH conditionals by adding HBH offload to inet6_offloads - Added a utility function to support frag0 fast path in ipv6_gro_receive - Added selftests for IPv6 packets with extension headers in GRO Richard v1 -> v2: - Added a minimum IPv6 extension header length constant to make code self documenting. - Added new selftest which checks that packets with different extension header payloads do not coalesce. - Added more info in the second commit message regarding the code changes. - v1: https://lore.kernel.org/netdev/f4eff69d-3917-4c42-8c6b-d09597ac4437@gmail.c… Richard Gobert (3): net: gso: add HBH extension header offload support net: gro: parse ipv6 ext headers without frag0 invalidation selftests/net: fix GRO coalesce test and add ext header coalesce tests include/net/ipv6.h | 1 + net/ipv6/exthdrs_offload.c | 11 ++++ net/ipv6/ip6_offload.c | 76 +++++++++++++++++-------- tools/testing/selftests/net/gro.c | 94 +++++++++++++++++++++++++++++-- 4 files changed, 152 insertions(+), 30 deletions(-) -- 2.36.1

1 year, 4 months

4
11
0 0

[PATCH v10 00/10] Add iommufd nesting (part 2/2)

by Yi Liu

Nested translation is a hardware feature that is supported by many modern IOMMU hardwares. It has two stages (stage-1, stage-2) address translation to get access to the physical address. stage-1 translation table is owned by userspace (e.g. by a guest OS), while stage-2 is owned by kernel. Changes to stage-1 translation table should be followed by an IOTLB invalidation. Take Intel VT-d as an example, the stage-1 translation table is I/O page table. As the below diagram shows, guest I/O page table pointer in GPA (guest physical address) is passed to host and be used to perform the stage-1 address translation. Along with it, modifications to present mappings in the guest I/O page table should be followed with an IOTLB invalidation. .-------------. .---------------------------. | vIOMMU | | Guest I/O page table | | | '---------------------------' .----------------/ | PASID Entry |--- PASID cache flush --+ '-------------' | | | V | | I/O page table pointer in GPA '-------------' Guest ------| Shadow |---------------------------|-------- v v v Host .-------------. .------------------------. | pIOMMU | | FS for GIOVA->GPA | | | '------------------------' .----------------/ | | PASID Entry | V (Nested xlate) '----------------\.----------------------------------. | | | SS for GPA->HPA, unmanaged domain| | | '----------------------------------' '-------------' Where: - FS = First stage page tables - SS = Second stage page tables <Intel VT-d Nested translation> This series is based on the first part which was merged [1], this series is to add the cache invalidation interface or the userspace to invalidate cache after modifying the stage-1 page table. This includes both the iommufd changes and the VT-d driver changes. Complete code can be found in [2], QEMU could can be found in [3]. At last, this is a team work together with Nicolin Chen, Lu Baolu. Thanks them for the help. ^_^. Look forward to your feedbacks. [1] https://lore.kernel.org/linux-iommu/20231026044216.64964-1-yi.l.liu@intel.c… - merged [2] https://github.com/yiliu1765/iommufd/tree/iommufd_nesting [3] https://github.com/yiliu1765/qemu/tree/zhenzhong/wip/iommufd_nesting_rfcv1 Change log: v10: - Minor tweak to patch 07 (Kevin) - Rebase on top of 6.7-rc8 v9: https://lore.kernel.org/linux-iommu/20231228150629.13149-1-yi.l.liu@intel.c… - Add a test case which sets both IOMMU_TEST_INVALIDATE_FLAG_ALL and IOMMU_TEST_INVALIDATE_FLAG_TRIGGER_ERROR in flags, and expect to succeed and see an 'error'. (Kevin) - Returns -ETIMEOUT in qi_check_fault() if caller is interested with the fault when timeout happens. If not, the qi_submit_sync() will keep retry hence unable to report the error back to user. For now, only the user cache invalidation path has interest on the time out error. So this change only affects the user cache invalidation path. Other path will still hang in qi_submit_sync() when timeout happens. (Kevin) v8: https://lore.kernel.org/linux-iommu/20231227161354.67701-1-yi.l.liu@intel.c… - Pass invalidation hint to the cache invalidation helper in the cache_invalidate_user op path (Kevin) - Move the devTLB invalidation out of info->iommu loop (Kevin, Weijiang) - Clear *fault per restart in qi_submit_sync() to avoid acroos submission error accumulation. (Kevin) - Define the vtd cache invalidation uapi structure in separate patch (Kevin) - Rename inv_error to be hw_error (Kevin) - Rename 'reqs_uptr', 'req_type', 'req_len' and 'req_num' to be 'data_uptr', 'data_type', "entry_len' and 'entry_num" (Kevin) - Allow user to set IOMMU_TEST_INVALIDATE_FLAG_ALL and IOMMU_TEST_INVALIDATE_FLAG_TRIGGER_ERROR in the same time (Kevin) v7: https://lore.kernel.org/linux-iommu/20231221153948.119007-1-yi.l.liu@intel.… - Remove domain->ops->cache_invalidate_user check in hwpt alloc path due to failure in bisect (Baolu) - Remove out_driver_error_code from struct iommu_hwpt_invalidate after discussion in v6. Should expect per-entry error code. - Rework the selftest cache invalidation part to report a per-entry error - Allow user to pass in an empty array to have a try-and-fail mechanism for user to check if a given req_type is supported by the kernel (Jason) - Define a separate enum type for cache invalidation data (Jason) - Fix the IOMMU_HWPT_INVALIDATE to always update the req_num field before returning (Nicolin) - Merge the VT-d nesting part 2/2 https://lore.kernel.org/linux-iommu/20231117131816.24359-1-yi.l.liu@intel.c… into this series to avoid defining empty enum in the middle of the series. The major difference is adding the VT-d related invalidation uapi structures together with the generic data structures in patch 02 of this series. - VT-d driver was refined to report ICE/ITE error from the bottom cache invalidation submit helpers, hence the cache_invalidate_user op could report such errors via the per-entry error field to user. VT-d driver will not stop the invalidation array walking due to the ICE/ITE errors as such errors are defined by VT-d spec, userspace should be able to handle it and let the real user (say Virtual Machine) know about it. But for other errors like invalid uapi data structure configuration, memory copy failure, such errors should stop the array walking as it may have more issues if go on. - Minor fixes per Jason and Kevin's review comments v6: https://lore.kernel.org/linux-iommu/20231117130717.19875-1-yi.l.liu@intel.c… - No much change, just rebase on top of 6.7-rc1 as part 1/2 is merged v5: https://lore.kernel.org/linux-iommu/20231020092426.13907-1-yi.l.liu@intel.c… - Split the iommufd nesting series into two parts of alloc_user and invalidation (Jason) - Split IOMMUFD_OBJ_HW_PAGETABLE to IOMMUFD_OBJ_HWPT_PAGING/_NESTED, and do the same with the structures/alloc()/abort()/destroy(). Reworked the selftest accordingly too. (Jason) - Move hwpt/data_type into struct iommu_user_data from standalone op arguments. (Jason) - Rename hwpt_type to be data_type, the HWPT_TYPE to be HWPT_ALLOC_DATA, _TYPE_DEFAULT to be _ALLOC_DATA_NONE (Jason, Kevin) - Rename iommu_copy_user_data() to iommu_copy_struct_from_user() (Kevin) - Add macro to the iommu_copy_struct_from_user() to calculate min_size (Jason) - Fix two bugs spotted by ZhaoYan v4: https://lore.kernel.org/linux-iommu/20230921075138.124099-1-yi.l.liu@intel.… - Separate HWPT alloc/destroy/abort functions between user-managed HWPTs and kernel-managed HWPTs - Rework invalidate uAPI to be a multi-request array-based design - Add a struct iommu_user_data_array and a helper for driver to sanitize and copy the entry data from user space invalidation array - Add a patch fixing TEST_LENGTH() in selftest program - Drop IOMMU_RESV_IOVA_RANGES patches - Update kdoc and inline comments - Drop the code to add IOMMU_RESV_SW_MSI to kernel-managed HWPT in nested translation, this does not change the rule that resv regions should only be added to the kernel-managed HWPT. The IOMMU_RESV_SW_MSI stuff will be added in later series as it is needed only by SMMU so far. v3: https://lore.kernel.org/linux-iommu/20230724110406.107212-1-yi.l.liu@intel.… - Add new uAPI things in alphabetical order - Pass in "enum iommu_hwpt_type hwpt_type" to op->domain_alloc_user for sanity, replacing the previous op->domain_alloc_user_data_len solution - Return ERR_PTR from domain_alloc_user instead of NULL - Only add IOMMU_RESV_SW_MSI to kernel-managed HWPT in nested translation (Kevin) - Add IOMMU_RESV_IOVA_RANGES to report resv iova ranges to userspace hence userspace is able to exclude the ranges in the stage-1 HWPT (e.g. guest I/O page table). (Kevin) - Add selftest coverage for the new IOMMU_RESV_IOVA_RANGES ioctl - Minor changes per Kevin's inputs v2: https://lore.kernel.org/linux-iommu/20230511143844.22693-1-yi.l.liu@intel.c… - Add union iommu_domain_user_data to include all user data structures to avoid passing void * in kernel APIs. - Add iommu op to return user data length for user domain allocation - Rename struct iommu_hwpt_alloc::data_type to be hwpt_type - Store the invalidation data length in iommu_domain_ops::cache_invalidate_user_data_len - Convert cache_invalidate_user op to be int instead of void - Remove @data_type in struct iommu_hwpt_invalidate - Remove out_hwpt_type_bitmap in struct iommu_hw_info hence drop patch 08 of v1 v1: https://lore.kernel.org/linux-iommu/20230309080910.607396-1-yi.l.liu@intel.… Thanks, Yi Liu Lu Baolu (4): iommu: Add cache_invalidate_user op iommu/vt-d: Allow qi_submit_sync() to return the QI faults iommu/vt-d: Convert stage-1 cache invalidation to return QI fault iommu/vt-d: Add iotlb flush for nested domain Nicolin Chen (4): iommu: Add iommu_copy_struct_from_user_array helper iommufd/selftest: Add mock_domain_cache_invalidate_user support iommufd/selftest: Add IOMMU_TEST_OP_MD_CHECK_IOTLB test op iommufd/selftest: Add coverage for IOMMU_HWPT_INVALIDATE ioctl Yi Liu (2): iommufd: Add IOMMU_HWPT_INVALIDATE iommufd: Add data structure for Intel VT-d stage-1 cache invalidation drivers/iommu/intel/dmar.c | 42 ++-- drivers/iommu/intel/iommu.c | 12 +- drivers/iommu/intel/iommu.h | 8 +- drivers/iommu/intel/irq_remapping.c | 2 +- drivers/iommu/intel/nested.c | 107 ++++++++++ drivers/iommu/intel/pasid.c | 14 +- drivers/iommu/intel/svm.c | 14 +- drivers/iommu/iommufd/hw_pagetable.c | 41 ++++ drivers/iommu/iommufd/iommufd_private.h | 10 + drivers/iommu/iommufd/iommufd_test.h | 39 ++++ drivers/iommu/iommufd/main.c | 3 + drivers/iommu/iommufd/selftest.c | 86 ++++++++ include/linux/iommu.h | 100 +++++++++ include/uapi/linux/iommufd.h | 101 ++++++++++ tools/testing/selftests/iommu/iommufd.c | 190 ++++++++++++++++++ tools/testing/selftests/iommu/iommufd_utils.h | 57 ++++++ 16 files changed, 787 insertions(+), 39 deletions(-) -- 2.34.1

1 year, 4 months

3
15
0 0

[PATCH bpf-next 0/2] bpf: add csum/ip_summed fields to __sk_buff

by Menglong Dong

For now, we have to call some helpers when we need to update the csum, such as bpf_l4_csum_replace, bpf_l3_csum_replace, etc. These helpers are not inlined, which causes poor performance. In fact, we can define our own csum update functions in BPF program instead of bpf_l3_csum_replace, which is totally inlined and efficient. However, we can't do this for bpf_l4_csum_replace for now, as we can't update skb->csum, which can cause skb->csum invalid in the rx path with CHECKSUM_COMPLETE mode. What's more, we can't use the direct data access and have to use skb_store_bytes() with the BPF_F_RECOMPUTE_CSUM flag in some case, such as modifing the vni in the vxlan header and the underlay udp header has no checksum. In the first patch, we make skb->csum readable and writable, and we make skb->ip_summed readable. For now, for tc only. With these 2 fields, we don't need to call bpf helpers for csum update any more. In the second patch, we add some testcases for the read/write testing for skb->csum and skb->ip_summed. If this series is acceptable, we can define the inlined functions for csum update in libbpf in the next step. Menglong Dong (2): bpf: add csum/ip_summed fields to __sk_buff testcases/bpf: add testcases for skb->csum to ctx_skb.c include/linux/skbuff.h | 2 + include/uapi/linux/bpf.h | 2 + net/core/filter.c | 22 ++++++++++ tools/include/uapi/linux/bpf.h | 2 + .../testing/selftests/bpf/verifier/ctx_skb.c | 43 +++++++++++++++++++ 5 files changed, 71 insertions(+) -- 2.39.2

1 year, 4 months

4
7
0 0

[PATCH v2 1/1] userfaultfd: fix move_pages_pte() splitting folio under RCU read lock

by Suren Baghdasaryan

While testing the split PMD path with lockdep enabled I've got an "Invalid wait context" error caused by split_huge_page_to_list() trying to lock anon_vma->rwsem while inside RCU read section. The issues is due to move_pages_pte() calling split_folio() under RCU read lock. Fix this by unmapping the PTEs and exiting RCU read section before splitting the folio and then retrying. The same retry pattern is used when locking the folio or anon_vma in this function. After splitting the large folio we unlock and release it because after the split the old folio might not be the one that contains the src_addr. Fixes: 94b01c885131 ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> --- Changes from v1 [1]: 1. Reset src_folio and src_folio_pte after folio is split, per Peter Xu [1] https://lore.kernel.org/all/20231230025607.2476912-1-surenb@google.com/ mm/userfaultfd.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index 5e718014e671..216ab4c8621f 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -1078,9 +1078,18 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, /* at this point we have src_folio locked */ if (folio_test_large(src_folio)) { + /* split_folio() can block */ + pte_unmap(&orig_src_pte); + pte_unmap(&orig_dst_pte); + src_pte = dst_pte = NULL; err = split_folio(src_folio); if (err) goto out; + /* have to reacquire the folio after it got split */ + folio_unlock(src_folio); + folio_put(src_folio); + src_folio = NULL; + goto retry; } if (!src_anon_vma) { -- 2.43.0.472.g3155946c3a-goog

1 year, 4 months

2
1
0 0

[PATCH 1/1] userfaultfd: fix move_pages_pte() splitting folio under RCU read lock

by Suren Baghdasaryan

While testing the split PMD path with lockdep enabled I've got an "Invalid wait context" error caused by split_huge_page_to_list() trying to lock anon_vma->rwsem while inside RCU read section. The issues is due to move_pages_pte() calling split_folio() under RCU read lock. Fix this by unmapping the PTEs and exiting RCU read section before splitting the folio and then retrying. The same retry pattern is used when locking the folio or anon_vma in this function. Fixes: 94b01c885131 ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> --- Patch applies over mm-unstable. Please note that the SHA in Fixes tag is unstable. mm/userfaultfd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index 5e718014e671..71393410e028 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -1078,9 +1078,14 @@ static int move_pages_pte(struct mm_struct *mm, pmd_t *dst_pmd, pmd_t *src_pmd, /* at this point we have src_folio locked */ if (folio_test_large(src_folio)) { + /* split_folio() can block */ + pte_unmap(&orig_src_pte); + pte_unmap(&orig_dst_pte); + src_pte = dst_pte = NULL; err = split_folio(src_folio); if (err) goto out; + goto retry; } if (!src_anon_vma) { -- 2.43.0.472.g3155946c3a-goog

1 year, 4 months

2
4
0 0

[PATCH v8 00/24] security: Move IMA and EVM to the LSM infrastructure

by Roberto Sassu

From: Roberto Sassu <roberto.sassu(a)huawei.com> IMA and EVM are not effectively LSMs, especially due to the fact that in the past they could not provide a security blob while there is another LSM active. That changed in the recent years, the LSM stacking feature now makes it possible to stack together multiple LSMs, and allows them to provide a security blob for most kernel objects. While the LSM stacking feature has some limitations being worked out, it is already suitable to make IMA and EVM as LSMs. The main purpose of this patch set is to remove IMA and EVM function calls, hardcoded in the LSM infrastructure and other places in the kernel, and to register them as LSM hook implementations, so that those functions are called by the LSM infrastructure like other regular LSMs. This patch set introduces two new LSMs 'ima' and 'evm', so that functions can be registered to their respective LSM, and removes the 'integrity' LSM. integrity_kernel_module_request() was moved to IMA, since it was related to appraisal. integrity_inode_free() was replaced with ima_inode_free_security() (EVM does not need to free memory). In order to make 'ima' and 'evm' independent LSMs, it was necessary to split integrity metadata used by both IMA and EVM, and to let them manage their own. The special case of the IMA_NEW_FILE flag, managed by IMA and used by EVM, was handled by introducing a new flag in EVM, EVM_NEW_FILE, managed by two additional LSM hooks, evm_post_path_mknod() and evm_file_free(), equivalent to their counterparts ima_post_path_mknod() and ima_file_free(). In addition to splitting metadata, it was decided to embed the full structure into the inode security blob, rather than using a cache of objects and allocating them on demand. This opens for new possibilities, such as improving locking in IMA. Another follow-up change was removing the iint parameter from evm_verifyxattr(), that IMA used to pass integrity metadata to EVM. After splitting metadata, and aligning EVM_NEW_FILE with IMA_NEW_FILE, this parameter was not necessary anymore. The last part was to ensure that the order of IMA and EVM functions is respected after they become LSMs. Since the order of lsm_info structures in the .lsm_info.init section depends on the order object files containing those structures are passed to the linker of the kernel image, and since IMA is before EVM in the Makefile, that is sufficient to assert that IMA functions are executed before EVM ones. The patch set is organized as follows. Patches 1-9 make IMA and EVM functions suitable to be registered to the LSM infrastructure, by aligning function parameters. Patches 10-18 add new LSM hooks in the same places where IMA and EVM functions are called, if there is no LSM hook already. Patches 19-21 introduce the new standalone LSMs 'ima' and 'evm', and move hardcoded calls to IMA, EVM and integrity functions to those LSMs. Patches 22-23 remove the dependency on the 'integrity' LSM by splitting integrity metadata, so that the 'ima' and 'evm' LSMs can use their own. They also duplicate iint_lockdep_annotate() in ima_main.c, since the mutex field was moved from integrity_iint_cache to ima_iint_cache. Patch 24 finally removes the 'integrity' LSM, since 'ima' and 'evm' are now self-contained and independent. The patch set applies on top of lsm/dev, commit 80b4ff1d2c9b ("selftests: remove the LSM_ID_IMA check in lsm/lsm_list_modules_test"). The linux-integrity/next-integrity-testing at commit f17167bea279 ("ima: Remove EXPERIMENTAL from Kconfig") was merged. Changelog: v7: - Use return instead of goto in __vfs_removexattr_locked() (suggested by Casey) - Clarify in security/integrity/Makefile that the order of 'ima' and 'evm' LSMs depends on the order in which IMA and EVM are compiled - Move integrity_iint_cache flags to ima.h and evm.h in security/ and duplicate IMA_NEW_FILE to EVM_NEW_FILE - Rename evm_inode_get_iint() to evm_iint_inode() and ima_inode_get_iint() to ima_iint_inode(), check if inode->i_security is NULL, and just return the pointer from the inode security blob - Restore the non-NULL checks after ima_iint_inode() and evm_iint_inode() (suggested by Casey) - Introduce evm_file_free() to clear EVM_NEW_FILE - Remove comment about LSM_ORDER_LAST not guaranteeing the order of 'ima' and 'evm' LSMs - Lock iint->mutex before reading IMA_COLLECTED flag in __ima_inode_hash() and restored ima_policy_flag check - Remove patch about the hardcoded ordering of 'ima' and 'evm' LSMs in security.c - Add missing ima_inode_free_security() to free iint->ima_hash - Add the cases for LSM_ID_IMA and LSM_ID_EVM in lsm_list_modules_test.c - Mention about the change in IMA and EVM post functions for private inodes v6: - See v7 v5: - Rename security_file_pre_free() to security_file_release() and the LSM hook file_pre_free_security to file_release (suggested by Paul) - Move integrity_kernel_module_request() to ima_main.c (renamed to ima_kernel_module_request()) - Split the integrity_iint_cache structure into ima_iint_cache and evm_iint_cache, so that IMA and EVM can use disjoint metadata and reserve space with the LSM infrastructure - Reserve space for the entire ima_iint_cache and evm_iint_cache structures, not just the pointer (suggested by Paul) - Introduce ima_inode_get_iint() and evm_inode_get_iint() to retrieve respectively the ima_iint_cache and evm_iint_cache structure from the security blob - Remove the various non-NULL checks for the ima_iint_cache and evm_iint_cache structures, since the LSM infrastructure ensure that they always exist - Remove the iint parameter from evm_verifyxattr() since IMA and EVM use disjoint integrity metaddata - Introduce the evm_post_path_mknod() to set the IMA_NEW_FILE flag - Register the inode_alloc_security LSM hook in IMA and EVM to initialize the respective integrity metadata structures - Remove the 'integrity' LSM completely and instead make 'ima' and 'evm' proper standalone LSMs - Add the inode parameter to ima_get_verity_digest(), since the inode field is not present in ima_iint_cache - Move iint_lockdep_annotate() to ima_main.c (renamed to ima_iint_lockdep_annotate()) - Remove ima_get_lsm_id() and evm_get_lsm_id(), since IMA and EVM directly register the needed LSM hooks - Enforce 'ima' and 'evm' LSM ordering at LSM infrastructure level v4: - Improve short and long description of security_inode_post_create_tmpfile(), security_inode_post_set_acl(), security_inode_post_remove_acl() and security_file_post_open() (suggested by Mimi) - Improve commit message of 'ima: Move to LSM infrastructure' (suggested by Mimi) v3: - Drop 'ima: Align ima_post_path_mknod() definition with LSM infrastructure' and 'ima: Align ima_post_create_tmpfile() definition with LSM infrastructure', define the new LSM hooks with the same IMA parameters instead (suggested by Mimi) - Do IS_PRIVATE() check in security_path_post_mknod() and security_inode_post_create_tmpfile() on the new inode rather than the parent directory (in the post method it is available) - Don't export ima_file_check() (suggested by Stefan) - Remove redundant check of file mode in ima_post_path_mknod() (suggested by Mimi) - Mention that ima_post_path_mknod() is now conditionally invoked when CONFIG_SECURITY_PATH=y (suggested by Mimi) - Mention when a LSM hook will be introduced in the IMA/EVM alignment patches (suggested by Mimi) - Simplify the commit messages when introducing a new LSM hook - Still keep the 'extern' in the function declaration, until the declaration is removed (suggested by Mimi) - Improve documentation of security_file_pre_free() - Register 'ima' and 'evm' as standalone LSMs (suggested by Paul) - Initialize the 'ima' and 'evm' LSMs from 'integrity', to keep the original ordering of IMA and EVM functions as when they were hardcoded - Return the IMA and EVM LSM IDs to 'integrity' for registration of the integrity-specific hooks - Reserve an xattr slot from the 'evm' LSM instead of 'integrity' - Pass the LSM ID to init_ima_appraise_lsm() v2: - Add description for newly introduced LSM hooks (suggested by Casey) - Clarify in the description of security_file_pre_free() that actions can be performed while the file is still open v1: - Drop 'evm: Complete description of evm_inode_setattr()', 'fs: Fix description of vfs_tmpfile()' and 'security: Introduce LSM_ORDER_LAST', they were sent separately (suggested by Christian Brauner) - Replace dentry with file descriptor parameter for security_inode_post_create_tmpfile() - Introduce mode_stripped and pass it as mode argument to security_path_mknod() and security_path_post_mknod() - Use goto in do_mknodat() and __vfs_removexattr_locked() (suggested by Mimi) - Replace __lsm_ro_after_init with __ro_after_init - Modify short description of security_inode_post_create_tmpfile() and security_inode_post_set_acl() (suggested by Stefan) - Move security_inode_post_setattr() just after security_inode_setattr() (suggested by Mimi) - Modify short description of security_key_post_create_or_update() (suggested by Mimi) - Add back exported functions ima_file_check() and evm_inode_init_security() respectively to ima.h and evm.h (reported by kernel robot) - Remove extern from prototype declarations and fix style issues - Remove unnecessary include of linux/lsm_hooks.h in ima_main.c and ima_appraise.c Roberto Sassu (24): ima: Align ima_inode_post_setattr() definition with LSM infrastructure ima: Align ima_file_mprotect() definition with LSM infrastructure ima: Align ima_inode_setxattr() definition with LSM infrastructure ima: Align ima_inode_removexattr() definition with LSM infrastructure ima: Align ima_post_read_file() definition with LSM infrastructure evm: Align evm_inode_post_setattr() definition with LSM infrastructure evm: Align evm_inode_setxattr() definition with LSM infrastructure evm: Align evm_inode_post_setxattr() definition with LSM infrastructure security: Align inode_setattr hook definition with EVM security: Introduce inode_post_setattr hook security: Introduce inode_post_removexattr hook security: Introduce file_post_open hook security: Introduce file_release hook security: Introduce path_post_mknod hook security: Introduce inode_post_create_tmpfile hook security: Introduce inode_post_set_acl hook security: Introduce inode_post_remove_acl hook security: Introduce key_post_create_or_update hook ima: Move to LSM infrastructure ima: Move IMA-Appraisal to LSM infrastructure evm: Move to LSM infrastructure evm: Make it independent from 'integrity' LSM ima: Make it independent from 'integrity' LSM integrity: Remove LSM fs/attr.c | 5 +- fs/file_table.c | 3 +- fs/namei.c | 12 +- fs/nfsd/vfs.c | 3 +- fs/open.c | 1 - fs/posix_acl.c | 5 +- fs/xattr.c | 9 +- include/linux/evm.h | 111 +------- include/linux/fs.h | 2 - include/linux/ima.h | 142 ---------- include/linux/integrity.h | 27 -- include/linux/lsm_hook_defs.h | 20 +- include/linux/security.h | 59 ++++ include/uapi/linux/lsm.h | 2 + security/integrity/Makefile | 1 + security/integrity/digsig_asymmetric.c | 23 -- security/integrity/evm/evm.h | 19 ++ security/integrity/evm/evm_crypto.c | 4 +- security/integrity/evm/evm_main.c | 195 ++++++++++--- security/integrity/iint.c | 197 +------------ security/integrity/ima/ima.h | 120 +++++++- security/integrity/ima/ima_api.c | 15 +- security/integrity/ima/ima_appraise.c | 64 +++-- security/integrity/ima/ima_init.c | 2 +- security/integrity/ima/ima_main.c | 201 +++++++++++--- security/integrity/ima/ima_policy.c | 2 +- security/integrity/integrity.h | 80 +----- security/keys/key.c | 10 +- security/security.c | 261 +++++++++++------- security/selinux/hooks.c | 3 +- security/smack/smack_lsm.c | 4 +- .../selftests/lsm/lsm_list_modules_test.c | 6 + 32 files changed, 783 insertions(+), 825 deletions(-) -- 2.34.1

1 year, 4 months

3
41
0 0

[PATCH net-next 0/4] mptcp: add CurrEstab MIB counter

by Matthieu Baerts

This MIB counter is similar to the one of TCP -- CurrEstab -- available in /proc/net/snmp. This is useful to quickly list the number of MPTCP connections without having to iterate over all of them. Patch 1 prepares its support by adding new helper functions: - MPTCP_DEC_STATS(): similar to MPTCP_INC_STATS(), but this time to decrement a counter. - mptcp_set_state(): similar to tcp_set_state(), to change the state of an MPTCP socket, and to inc/decrement the new counter when needed. Patch 2 uses mptcp_set_state() instead of directly calling inet_sk_state_store() to change the state of MPTCP sockets. Patch 3 and 4 validate the new feature in MPTCP "join" and "diag" selftests. Signed-off-by: Matthieu Baerts <matttbe(a)kernel.org> --- Geliang Tang (4): mptcp: add CurrEstab MIB counter support mptcp: use mptcp_set_state selftests: mptcp: join: check CURRESTAB counters selftests: mptcp: diag: check CURRESTAB counters net/mptcp/mib.c | 1 + net/mptcp/mib.h | 8 ++++ net/mptcp/pm_netlink.c | 5 +++ net/mptcp/protocol.c | 56 ++++++++++++++++--------- net/mptcp/protocol.h | 1 + net/mptcp/subflow.c | 2 +- tools/testing/selftests/net/mptcp/diag.sh | 17 +++++++- tools/testing/selftests/net/mptcp/mptcp_join.sh | 46 +++++++++++++++++--- 8 files changed, 110 insertions(+), 26 deletions(-) --- base-commit: 56794e5358542b7c652f202946e53bfd2373b5e0 change-id: 20231221-upstream-net-next-20231221-mptcp-currestab-5a2867b4020b Best regards, -- Matthieu Baerts <matttbe(a)kernel.org>

1 year, 4 months

2
5
0 0

[PATCH net-next 0/2] selftest/net: Some more TCP-AO selftest post-merge fixups

by Dmitry Safonov

Note that there's another post-merge fix for TCP-AO selftests, but that doesn't conflict with these, so I don't resend that: https://lore.kernel.org/all/20231219-b4-tcp-ao-selftests-out-of-tree-v1-1-0… Signed-off-by: Dmitry Safonov <dima(a)arista.com> --- Dmitry Safonov (2): selftest/tcp-ao: Set routes in a proper VRF table id selftest/tcp-ao: Work on namespace-ified sysctl_optmem_max tools/testing/selftests/net/tcp_ao/bench-lookups.c | 4 ++- tools/testing/selftests/net/tcp_ao/lib/netlink.c | 4 +-- tools/testing/selftests/net/tcp_ao/lib/setup.c | 35 +++++++++++++++++----- tools/testing/selftests/net/tcp_ao/unsigned-md5.c | 11 ++++--- 4 files changed, 36 insertions(+), 18 deletions(-) --- base-commit: 857647efa9be89a13cf8963c7e167fab062b28bb change-id: 20231222-selftests-tcp-ao-fixups-ce70a60e6f57 Best regards, -- Dmitry Safonov <dima(a)arista.com>

1 year, 4 months

3
4
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror January 2024