October 2024 - Linux-kselftest-mirror

[PATCH v13 00/40] arm64/gcs: Provide support for GCS in userspace

by Mark Brown

The arm64 Guarded Control Stack (GCS) feature provides support for hardware protected stacks of return addresses, intended to provide hardening against return oriented programming (ROP) attacks and to make it easier to gather call stacks for applications such as profiling. When GCS is active a secondary stack called the Guarded Control Stack is maintained, protected with a memory attribute which means that it can only be written with specific GCS operations. The current GCS pointer can not be directly written to by userspace. When a BL is executed the value stored in LR is also pushed onto the GCS, and when a RET is executed the top of the GCS is popped and compared to LR with a fault being raised if the values do not match. GCS operations may only be performed on GCS pages, a data abort is generated if they are not. The combination of hardware enforcement and lack of extra instructions in the function entry and exit paths should result in something which has less overhead and is more difficult to attack than a purely software implementation like clang's shadow stacks. This series implements support for use of GCS by userspace, along with support for use of GCS within KVM guests. It does not enable use of GCS by either EL1 or EL2, this will be implemented separately. Executables are started without GCS and must use a prctl() to enable it, it is expected that this will be done very early in application execution by the dynamic linker or other startup code. For dynamic linking this will be done by checking that everything in the executable is marked as GCS compatible. x86 has an equivalent feature called shadow stacks, this series depends on the x86 patches for generic memory management support for the new guarded/shadow stack page type and shares APIs as much as possible. As there has been extensive discussion with the wider community around the ABI for shadow stacks I have as far as practical kept implementation decisions close to those for x86, anticipating that review would lead to similar conclusions in the absence of strong reasoning for divergence. The main divergence I am concious of is that x86 allows shadow stack to be enabled and disabled repeatedly, freeing the shadow stack for the thread whenever disabled, while this implementation keeps the GCS allocated after disable but refuses to reenable it. This is to avoid races with things actively walking the GCS during a disable, we do anticipate that some systems will wish to disable GCS at runtime but are not aware of any demand for subsequently reenabling it. x86 uses an arch_prctl() to manage enable and disable, since only x86 and S/390 use arch_prctl() a generic prctl() was proposed[1] as part of a patch set for the equivalent RISC-V Zicfiss feature which I initially adopted fairly directly but following review feedback has been revised quite a bit. We currently maintain the x86 pattern of implicitly allocating a shadow stack for threads started with shadow stack enabled, there has been some discussion of removing this support and requiring the use of clone3() with explicit allocation of shadow stacks instead. I have no strong feelings either way, implicit allocation is not really consistent with anything else we do and creates the potential for errors around thread exit but on the other hand it is existing ABI on x86 and minimises the changes needed in userspace code. glibc and bionic changes using this ABI have been implemented and tested. Headless Android systems have been validated and Ross Burton has used this code has been used to bring up a Yocto system with GCS enabed as standard, a test implementation of V8 support has also been done. uprobes are not currently supported, missing emulation was identified late in review. There is an open issue with support for CRIU, on x86 this required the ability to set the GCS mode via ptrace. This series supports configuring mode bits other than enable/disable via ptrace but it needs to be confirmed if this is sufficient. It is likely that we could relax some of the barriers added here with some more targeted placements, this is left for further study. There is an in process series adding clone3() support for shadow stacks: https://lore.kernel.org/r/20240819-clone3-shadow-stack-v9-0-962d74f99464@ke… Previous versions of this series depended on that, this dependency has been removed in order to make merging easier. [1] https://lore.kernel.org/lkml/20240403234054.2020347-1-debug@rivosinc.com/ Signed-off-by: Mark Brown <broonie(a)kernel.org> --- Changes in v13: - Rebase onto v6.12-rc1. - Allocate VM_HIGH_ARCH_6 since protection keys used all the existing bits. - Implement mm_release() and free transparently allocated GCSs there. - Use bit 32 of AT_HWCAP for GCS due to AT_HWCAP2 being filled. - Since we now only set GCSCRE0_EL1 on change ensure that it is initialised with GCSPR_EL0 accessible to EL0. - Fix OOM handling on thread copy. - Link to v12: https://lore.kernel.org/r/20240829-arm64-gcs-v12-0-42fec947436a@kernel.org Changes in v12: - Clarify and simplify the signal handling code so we work with the register state. - When checking for write aborts to shadow stack pages ensure the fault is a data abort. - Depend on !UPROBES. - Comment cleanups. - Link to v11: https://lore.kernel.org/r/20240822-arm64-gcs-v11-0-41b81947ecb5@kernel.org Changes in v11: - Remove the dependency on the addition of clone3() support for shadow stacks, rebasing onto v6.11-rc3. - Make ID_AA64PFR1_EL1.GCS writeable in KVM. - Hide GCS registers when GCS is not enabled for KVM guests. - Require HCRX_EL2.GCSEn if booting at EL1. - Require that GCSCR_EL1 and GCSCRE0_EL1 be initialised regardless of if we boot at EL2 or EL1. - Remove some stray use of bit 63 in signal cap tokens. - Warn if we see a GCS with VM_SHARED. - Remove rdundant check for VM_WRITE in fault handling. - Cleanups and clarifications in the ABI document. - Clean up and improve documentation of some sync placement. - Only set the EL0 GCS mode if it's actually changed. - Various minor fixes and tweaks. - Link to v10: https://lore.kernel.org/r/20240801-arm64-gcs-v10-0-699e2bd2190b@kernel.org Changes in v10: - Fix issues with THP. - Tighten up requirements for initialising GCSCR*. - Only generate GCS signal frames for threads using GCS. - Only context switch EL1 GCS registers if S1PIE is enabled. - Move context switch of GCSCRE0_EL1 to EL0 context switch. - Make GCS registers unconditionally visible to userspace. - Use FHU infrastructure. - Don't change writability of ID_AA64PFR1_EL1 for KVM. - Remove unused arguments from alloc_gcs(). - Typo fixes. - Link to v9: https://lore.kernel.org/r/20240625-arm64-gcs-v9-0-0f634469b8f0@kernel.org Changes in v9: - Rebase onto v6.10-rc3. - Restructure and clarify memory management fault handling. - Fix up basic-gcs for the latest clone3() changes. - Convert to newly merged KVM ID register based feature configuration. - Fixes for NV traps. - Link to v8: https://lore.kernel.org/r/20240203-arm64-gcs-v8-0-c9fec77673ef@kernel.org Changes in v8: - Invalidate signal cap token on stack when consuming. - Typo and other trivial fixes. - Don't try to use process_vm_write() on GCS, it intentionally does not work. - Fix leak of thread GCSs. - Rebase onto latest clone3() series. - Link to v7: https://lore.kernel.org/r/20231122-arm64-gcs-v7-0-201c483bd775@kernel.org Changes in v7: - Rebase onto v6.7-rc2 via the clone3() patch series. - Change the token used to cap the stack during signal handling to be compatible with GCSPOPM. - Fix flags for new page types. - Fold in support for clone3(). - Replace copy_to_user_gcs() with put_user_gcs(). - Link to v6: https://lore.kernel.org/r/20231009-arm64-gcs-v6-0-78e55deaa4dd@kernel.org Changes in v6: - Rebase onto v6.6-rc3. - Add some more gcsb_dsync() barriers following spec clarifications. - Due to ongoing discussion around clone()/clone3() I've not updated anything there, the behaviour is the same as on previous versions. - Link to v5: https://lore.kernel.org/r/20230822-arm64-gcs-v5-0-9ef181dd6324@kernel.org Changes in v5: - Don't map any permissions for user GCSs, we always use EL0 accessors or use a separate mapping of the page. - Reduce the standard size of the GCS to RLIMIT_STACK/2. - Enforce a PAGE_SIZE alignment requirement on map_shadow_stack(). - Clarifications and fixes to documentation. - More tests. - Link to v4: https://lore.kernel.org/r/20230807-arm64-gcs-v4-0-68cfa37f9069@kernel.org Changes in v4: - Implement flags for map_shadow_stack() allowing the cap and end of stack marker to be enabled independently or not at all. - Relax size and alignment requirements for map_shadow_stack(). - Add more blurb explaining the advantages of hardware enforcement. - Link to v3: https://lore.kernel.org/r/20230731-arm64-gcs-v3-0-cddf9f980d98@kernel.org Changes in v3: - Rebase onto v6.5-rc4. - Add a GCS barrier on context switch. - Add a GCS stress test. - Link to v2: https://lore.kernel.org/r/20230724-arm64-gcs-v2-0-dc2c1d44c2eb@kernel.org Changes in v2: - Rebase onto v6.5-rc3. - Rework prctl() interface to allow each bit to be locked independently. - map_shadow_stack() now places the cap token based on the size requested by the caller not the actual space allocated. - Mode changes other than enable via ptrace are now supported. - Expand test coverage. - Various smaller fixes and adjustments. - Link to v1: https://lore.kernel.org/r/20230716-arm64-gcs-v1-0-bf567f93bba6@kernel.org --- Mark Brown (40): mm: Introduce ARCH_HAS_USER_SHADOW_STACK mm: Define VM_HIGH_ARCH_6 arm64/mm: Restructure arch_validate_flags() for extensibility prctl: arch-agnostic prctl for shadow stack mman: Add map_shadow_stack() flags arm64: Document boot requirements for Guarded Control Stacks arm64/gcs: Document the ABI for Guarded Control Stacks arm64/sysreg: Add definitions for architected GCS caps arm64/gcs: Add manual encodings of GCS instructions arm64/gcs: Provide put_user_gcs() arm64/gcs: Provide basic EL2 setup to allow GCS usage at EL0 and EL1 arm64/cpufeature: Runtime detection of Guarded Control Stack (GCS) arm64/mm: Allocate PIE slots for EL0 guarded control stack mm: Define VM_SHADOW_STACK for arm64 when we support GCS arm64/mm: Map pages for guarded control stack KVM: arm64: Manage GCS access and registers for guests arm64/idreg: Add overrride for GCS arm64/hwcap: Add hwcap for GCS arm64/traps: Handle GCS exceptions arm64/mm: Handle GCS data aborts arm64/gcs: Context switch GCS state for EL0 arm64/gcs: Ensure that new threads have a GCS arm64/gcs: Implement shadow stack prctl() interface arm64/mm: Implement map_shadow_stack() arm64/signal: Set up and restore the GCS context for signal handlers arm64/signal: Expose GCS state in signal frames arm64/ptrace: Expose GCS via ptrace and core files arm64: Add Kconfig for Guarded Control Stack (GCS) kselftest/arm64: Verify the GCS hwcap kselftest/arm64: Add GCS as a detected feature in the signal tests kselftest/arm64: Add framework support for GCS to signal handling tests kselftest/arm64: Allow signals tests to specify an expected si_code kselftest/arm64: Always run signals tests with GCS enabled kselftest/arm64: Add very basic GCS test program kselftest/arm64: Add a GCS test program built with the system libc kselftest/arm64: Add test coverage for GCS mode locking kselftest/arm64: Add GCS signal tests kselftest/arm64: Add a GCS stress test kselftest/arm64: Enable GCS for the FP stress tests KVM: selftests: arm64: Add GCS registers to get-reg-list Documentation/admin-guide/kernel-parameters.txt | 3 + Documentation/arch/arm64/booting.rst | 32 + Documentation/arch/arm64/elf_hwcaps.rst | 4 + Documentation/arch/arm64/gcs.rst | 230 +++++++ Documentation/arch/arm64/index.rst | 1 + Documentation/filesystems/proc.rst | 2 +- arch/arm64/Kconfig | 21 + arch/arm64/include/asm/cpufeature.h | 6 + arch/arm64/include/asm/el2_setup.h | 30 + arch/arm64/include/asm/esr.h | 28 +- arch/arm64/include/asm/exception.h | 2 + arch/arm64/include/asm/gcs.h | 107 +++ arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/asm/kvm_host.h | 12 + arch/arm64/include/asm/mman.h | 23 +- arch/arm64/include/asm/mmu_context.h | 9 + arch/arm64/include/asm/pgtable-prot.h | 14 +- arch/arm64/include/asm/processor.h | 7 + arch/arm64/include/asm/sysreg.h | 20 + arch/arm64/include/asm/uaccess.h | 40 ++ arch/arm64/include/asm/vncr_mapping.h | 2 + arch/arm64/include/uapi/asm/hwcap.h | 3 +- arch/arm64/include/uapi/asm/ptrace.h | 8 + arch/arm64/include/uapi/asm/sigcontext.h | 9 + arch/arm64/kernel/cpufeature.c | 23 + arch/arm64/kernel/cpuinfo.c | 1 + arch/arm64/kernel/entry-common.c | 23 + arch/arm64/kernel/pi/idreg-override.c | 2 + arch/arm64/kernel/process.c | 94 +++ arch/arm64/kernel/ptrace.c | 62 +- arch/arm64/kernel/signal.c | 227 ++++++- arch/arm64/kernel/traps.c | 11 + arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 31 + arch/arm64/kvm/sys_regs.c | 27 +- arch/arm64/mm/Makefile | 1 + arch/arm64/mm/fault.c | 40 ++ arch/arm64/mm/gcs.c | 254 +++++++ arch/arm64/mm/mmap.c | 9 +- arch/arm64/tools/cpucaps | 1 + arch/x86/Kconfig | 1 + arch/x86/include/uapi/asm/mman.h | 3 - fs/proc/task_mmu.c | 2 +- include/linux/mm.h | 18 +- include/uapi/asm-generic/mman.h | 4 + include/uapi/linux/elf.h | 1 + include/uapi/linux/prctl.h | 22 + kernel/sys.c | 30 + mm/Kconfig | 6 + tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/abi/hwcap.c | 19 + tools/testing/selftests/arm64/fp/assembler.h | 15 + tools/testing/selftests/arm64/fp/fpsimd-test.S | 2 + tools/testing/selftests/arm64/fp/sve-test.S | 2 + tools/testing/selftests/arm64/fp/za-test.S | 2 + tools/testing/selftests/arm64/fp/zt-test.S | 2 + tools/testing/selftests/arm64/gcs/.gitignore | 5 + tools/testing/selftests/arm64/gcs/Makefile | 24 + tools/testing/selftests/arm64/gcs/asm-offsets.h | 0 tools/testing/selftests/arm64/gcs/basic-gcs.c | 357 ++++++++++ tools/testing/selftests/arm64/gcs/gcs-locking.c | 200 ++++++ .../selftests/arm64/gcs/gcs-stress-thread.S | 311 +++++++++ tools/testing/selftests/arm64/gcs/gcs-stress.c | 530 +++++++++++++++ tools/testing/selftests/arm64/gcs/gcs-util.h | 100 +++ tools/testing/selftests/arm64/gcs/libc-gcs.c | 728 +++++++++++++++++++++ tools/testing/selftests/arm64/signal/.gitignore | 1 + .../testing/selftests/arm64/signal/test_signals.c | 17 +- .../testing/selftests/arm64/signal/test_signals.h | 6 + .../selftests/arm64/signal/test_signals_utils.c | 32 +- .../selftests/arm64/signal/test_signals_utils.h | 39 ++ .../arm64/signal/testcases/gcs_exception_fault.c | 62 ++ .../selftests/arm64/signal/testcases/gcs_frame.c | 88 +++ .../arm64/signal/testcases/gcs_write_fault.c | 67 ++ .../selftests/arm64/signal/testcases/testcases.c | 7 + .../selftests/arm64/signal/testcases/testcases.h | 1 + tools/testing/selftests/kvm/aarch64/get-reg-list.c | 28 + 75 files changed, 4120 insertions(+), 34 deletions(-) --- base-commit: 9852d85ec9d492ebef56dc5f229416c925758edc change-id: 20230303-arm64-gcs-e311ab0d8729 Best regards, -- Mark Brown <broonie(a)kernel.org>

12 hours, 26 minutes

5
50
0 0

[PATCH bpf-next] selftests, bpf: Skip MPLS test_tc_tunnel tests if MPLS is unavailable

by Simon Horman

If MPLS is not available in the kernel then skip MPLS tests. This avoids the test failing in situations where the test is not supported by the underlying kernel. In the case where all tests are run, just skip over the MPLS tests without altering the exit code of the overall test run - there is only one exit code in this scenario. In the case where a single test is run, exit with KSFT_SKIP (4). In both cases log an informative message. Signed-off-by: Simon Horman <horms(a)kernel.org> --- tools/testing/selftests/bpf/test_tc_tunnel.sh | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/bpf/test_tc_tunnel.sh b/tools/testing/selftests/bpf/test_tc_tunnel.sh index 7989ec608454..71cddabc4ade 100755 --- a/tools/testing/selftests/bpf/test_tc_tunnel.sh +++ b/tools/testing/selftests/bpf/test_tc_tunnel.sh @@ -102,6 +102,20 @@ wait_for_port() { return 1 } +skip_mac() { + if [ "$1" = "mpls" ]; then + modprobe mpls_iptunnel || true + modprobe mpls_gso || true + + if [ ! -e /proc/sys/net/mpls/platform_labels ]; then + echo -e "skip: mpls tunnel not supported by kernel\n" + return # true + fi + fi + + false +} + set -e # no arguments: automated test, run all @@ -125,6 +139,8 @@ if [[ "$#" -eq "0" ]]; then $0 ipv6 ip6vxlan eth 2000 for mac in none mpls eth ; do + ! skip_mac "$mac" || continue + echo "ip gre $mac" $0 ipv4 gre $mac 100 @@ -193,6 +209,10 @@ readonly tuntype=$2 readonly mac=$3 readonly datalen=$4 +if skip_mac "$mac"; then + exit 4 # KSFT_SKIP=4 +fi + echo "encap ${addr1} to ${addr2}, type ${tuntype}, mac ${mac} len ${datalen}" trap cleanup EXIT @@ -278,8 +298,6 @@ elif [[ "$tuntype" =~ (gre|vxlan) && "$mac" == "eth" ]]; then awk '/ether/ { print $2 }') ip netns exec "${ns2}" ip link set testtun0 address $ethaddr elif [[ "$mac" == "mpls" ]]; then - modprobe mpls_iptunnel ||true - modprobe mpls_gso ||true ip netns exec "${ns2}" sysctl -qw net.mpls.platform_labels=65536 ip netns exec "${ns2}" ip -f mpls route add 1000 dev lo ip netns exec "${ns2}" ip link set lo up

14 hours, 55 minutes

2
2
0 0

[PATCH 00/15] KVM: x86: Introduce new ioctl KVM_TRANSLATE2

by Nikolas Wipper

This series introduces a new ioctl KVM_TRANSLATE2, which expands on KVM_TRANSLATE. It is required to implement Hyper-V's HvTranslateVirtualAddress hyper-call as part of the ongoing effort to emulate HyperV's Virtual Secure Mode (VSM) within KVM and QEMU. The hyper- call requires several new KVM APIs, one of which is KVM_TRANSLATE2, which implements the core functionality of the hyper-call. The rest of the required functionality will be implemented in subsequent series. Other than translating guest virtual addresses, the ioctl allows the caller to control whether the access and dirty bits are set during the page walk. It also allows specifying an access mode instead of returning viable access modes, which enables setting the bits up to the level that caused a failure. Additionally, the ioctl provides more information about why the page walk failed, and which page table is responsible. This functionality is not available within KVM_TRANSLATE, and can't be added without breaking backwards compatiblity, thus a new ioctl is required. The ioctl was designed to facilitate as many other use cases as possible apart from VSM. The error codes were intentionally chosen to be broad enough to avoid exposing architecture specific details. Even though HvTranslateVirtualAddress only really needs one flag to set the accessed and dirty bits whenever possible, that was split into several flags so that future users can chose more gradually when these bits should be set. Furthermore, as much information as possible is provided to the caller. The patch series includes selftests for the ioctl, as well as fuzzy testing on random garbage guest page table entries. All previously passing KVM selftests and KVM unit tests still pass. Series overview: - 1: Document the new ioctl - 2-11: Update the page walker in preparation - 12-14: Implement the ioctl - 15: Implement testing This series, alongside the series by Nicolas Saenz Julienne [1] introducing the core building blocks for VSM and the accompanying QEMU implementation [2], is capable of booting Windows Server 2019. Both series are also available on GitHub [3]. [1] https://lore.kernel.org/linux-hyperv/20240609154945.55332-1-nsaenz@amazon.c… [2] https://github.com/vianpl/qemu/tree/vsm/next [3] https://github.com/vianpl/linux/tree/vsm/next Best, Nikolas Nikolas Wipper (15): KVM: Add API documentation for KVM_TRANSLATE2 KVM: x86/mmu: Abort page walk if permission checks fail KVM: x86/mmu: Introduce exception flag for unmapped GPAs KVM: x86/mmu: Store GPA in exception if applicable KVM: x86/mmu: Introduce flags parameter to page walker KVM: x86/mmu: Implement PWALK_SET_ACCESSED in page walker KVM: x86/mmu: Implement PWALK_SET_DIRTY in page walker KVM: x86/mmu: Implement PWALK_FORCE_SET_ACCESSED in page walker KVM: x86/mmu: Introduce status parameter to page walker KVM: x86/mmu: Implement PWALK_STATUS_READ_ONLY_PTE_GPA in page walker KVM: x86: Introduce generic gva to gpa translation function KVM: Introduce KVM_TRANSLATE2 KVM: Add KVM_TRANSLATE2 stub KVM: x86: Implement KVM_TRANSLATE2 KVM: selftests: Add test for KVM_TRANSLATE2 Documentation/virt/kvm/api.rst | 131 ++++++++ arch/x86/include/asm/kvm_host.h | 18 +- arch/x86/kvm/hyperv.c | 3 +- arch/x86/kvm/kvm_emulate.h | 8 + arch/x86/kvm/mmu.h | 10 +- arch/x86/kvm/mmu/mmu.c | 7 +- arch/x86/kvm/mmu/paging_tmpl.h | 80 +++-- arch/x86/kvm/x86.c | 123 ++++++- include/linux/kvm_host.h | 6 + include/uapi/linux/kvm.h | 33 ++ tools/testing/selftests/kvm/Makefile | 1 + .../selftests/kvm/x86_64/kvm_translate2.c | 310 ++++++++++++++++++ virt/kvm/kvm_main.c | 41 +++ 13 files changed, 724 insertions(+), 47 deletions(-) create mode 100644 tools/testing/selftests/kvm/x86_64/kvm_translate2.c -- 2.40.1 Amazon Web Services Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

15 hours, 34 minutes

1
16
0 0

[PATCH bpf-next v2] selftests/bpf: convert test_xdp_features.sh to test_progs

by Alexis Lothoré (eBPF Foundation)

test_xdp_features.sh is a shell script allowing to test that xdp features advertised by an interface are indeed delivered. The test works by starting two instance of the same program, both attaching specific xdp programs to each side of a veth link, and then make those programs manage packets and collect stats to check whether tested XDP feature is indeed delivered or not. However this test is not integrated in test_progs framework and so can not run automatically in CI. Rewrite test_xdp_features to integrate it in test_progs so it can run automatically in CI. The main changes brought by the rewrite are the following: - instead of running to separated processes (each one managing either the tester veth or the DUT vet), run a single process - slightly change testing direction (v0 is the tester in local namespace, v1 is the Device Under Test in remote namespace) - group all tests previously managed by test_xdp_features as subtests (one per tested XDP feature). As a consequence, run only once some steps instead of once per subtest (eg: starting/stopping the udp server). On the contrary, make sure that each subtest properly cleans up its state (ie detach xdp programs, reset test stats, etc) - since there is now a single process, get rid of the "control" tcp channel used to configure DUT. Configuring the DUT now only consists in switching to DUT network namespace and run the relevant commands - since there is no more control channel, get rid of TLVs, keep only the CMD_ECHO packet type, and set it as a magic - simplify network setup: use only ipv6 instead of both ipv4 and ipv6, force static neighbours instead of waiting for autoconfiguration, do not force gro (fetch xdp features only once xdp programs are loaded instead) The existing XDP programs are reused, with some minor changes: - tester and dut stats maps are converted to global variables for easier usage - programs do not use TLV struct anymore but the magic replacing the echo command - avoid to accidentally make tests pass: drop packets instead of forwarding them to userspace when they do not match the expected payload - make sure to perform host <-> network endianness conversion on constants rather than packet parts Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore(a)bootlin.com> --- Changes in v2: - fix endianness management in userspace packet parsing (call htonl on constant rather than packet part) The xdp_features rewrite has been tested in a x86_64 qemu environment on my machine and in CI. In my environment, the test takes a bit less than 2s to execute. # ./test_progs -a xdp_features #561/1 xdp_features/XDP_PASS:OK #561/2 xdp_features/XDP_DROP:OK #561/3 xdp_features/XDP_ABORTED:OK #561/4 xdp_features/XDP_TX:OK #561/5 xdp_features/XDP_REDIRECT:OK #561/6 xdp_features/XDP_NDO_XMIT:OK #561 xdp_features:OK Summary: 1/6 PASSED, 0 SKIPPED, 0 FAILED --- tools/testing/selftests/bpf/.gitignore | 1 - tools/testing/selftests/bpf/Makefile | 10 +- .../selftests/bpf/prog_tests/xdp_features.c | 446 +++++++++++++ tools/testing/selftests/bpf/progs/xdp_features.c | 49 +- tools/testing/selftests/bpf/test_xdp_features.sh | 107 --- tools/testing/selftests/bpf/xdp_features.c | 718 --------------------- tools/testing/selftests/bpf/xdp_features.h | 17 +- 7 files changed, 462 insertions(+), 886 deletions(-) diff --git a/tools/testing/selftests/bpf/.gitignore b/tools/testing/selftests/bpf/.gitignore index e6533b3400de..93bf35213042 100644 --- a/tools/testing/selftests/bpf/.gitignore +++ b/tools/testing/selftests/bpf/.gitignore @@ -48,4 +48,3 @@ xskxceiver xdp_redirect_multi xdp_synproxy xdp_hw_metadata -xdp_features diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile index 04716a5e43f1..db4a802c3e06 100644 --- a/tools/testing/selftests/bpf/Makefile +++ b/tools/testing/selftests/bpf/Makefile @@ -145,8 +145,7 @@ TEST_PROGS := test_kmod.sh \ test_bpftool.sh \ test_bpftool_metadata.sh \ test_doc_build.sh \ - test_xsk.sh \ - test_xdp_features.sh + test_xsk.sh TEST_PROGS_EXTENDED := with_addr.sh \ with_tunnels.sh ima_setup.sh verify_sig_setup.sh \ @@ -157,7 +156,7 @@ TEST_GEN_PROGS_EXTENDED = \ flow_dissector_load test_flow_dissector test_tcp_check_syncookie_user \ test_lirc_mode2_user xdping test_cpp runqslower bench bpf_testmod.ko \ xskxceiver xdp_redirect_multi xdp_synproxy veristat xdp_hw_metadata \ - xdp_features bpf_test_no_cfi.ko + bpf_test_no_cfi.ko TEST_GEN_FILES += liburandom_read.so urandom_read sign-file uprobe_multi @@ -519,7 +518,6 @@ test_subskeleton_lib.skel.h-deps := test_subskeleton_lib2.bpf.o test_subskeleton test_usdt.skel.h-deps := test_usdt.bpf.o test_usdt_multispec.bpf.o xsk_xdp_progs.skel.h-deps := xsk_xdp_progs.bpf.o xdp_hw_metadata.skel.h-deps := xdp_hw_metadata.bpf.o -xdp_features.skel.h-deps := xdp_features.bpf.o LINKED_BPF_OBJS := $(foreach skel,$(LINKED_SKELS),$($(skel)-deps)) LINKED_BPF_SRCS := $(patsubst %.bpf.o,%.c,$(LINKED_BPF_OBJS)) @@ -787,10 +785,6 @@ $(OUTPUT)/xdp_hw_metadata: xdp_hw_metadata.c $(OUTPUT)/network_helpers.o $(OUTPU $(call msg,BINARY,,$@) $(Q)$(CC) $(CFLAGS) $(filter %.a %.o %.c,$^) $(LDLIBS) -o $@ -$(OUTPUT)/xdp_features: xdp_features.c $(OUTPUT)/network_helpers.o $(OUTPUT)/xdp_features.skel.h | $(OUTPUT) - $(call msg,BINARY,,$@) - $(Q)$(CC) $(CFLAGS) $(filter %.a %.o %.c,$^) $(LDLIBS) -o $@ - # Make sure we are able to include and link libbpf against c++. $(OUTPUT)/test_cpp: test_cpp.cpp $(OUTPUT)/test_core_extern.skel.h $(BPFOBJ) $(call msg,CXX,,$@) diff --git a/tools/testing/selftests/bpf/prog_tests/xdp_features.c b/tools/testing/selftests/bpf/prog_tests/xdp_features.c new file mode 100644 index 000000000000..bcb36a2d2767 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/xdp_features.c @@ -0,0 +1,446 @@ +// SPDX-License-Identifier: GPL-2.0 + +/** + * Test XDP features + * + * Sets up a veth pair, and for each xdp feature under test: + * - asks the tested interface its xdp capabilities through bpf_xdp_query + * - attach and run some specific programs on both interfaces to check if + * announced capability is respected + */ +#include <pthread.h> +#include <linux/if_link.h> +#include <linux/netdev.h> +#include <linux/if_link.h> +#include <sys/socket.h> +#include "test_progs.h" +#include "network_helpers.h" +#include "xdp_features.skel.h" +#include "xdp_features.h" + +#define TESTER_VETH "v0" +#define TESTER_MAC "00:11:22:33:44:55" +#define TESTER_VETH_IPV6 "2001:db8::1" +#define DUT_NS "xdp_features_ns" +#define DUT_VETH "v1" +#define DUT_MAC "aa:bb:cc:dd:ee:ff" +#define DUT_VETH_IPV6 "2001:db8::11" +#define IP6_MASK 64 +#define LOOP_DELAY_US 10000 +#define TEST_NAME_MAX_LEN 32 +#define TEST_PACKET_COUNT 10 + +struct test_data { + struct xdp_features *skel; + pthread_t dut_echo_thread; + int echo_server_sock; + int tester_ifindex; + int dut_ifindex; + struct sockaddr_storage tester_addr; + struct sockaddr_storage dut_addr; + bool quit_dut_echo_thread; +}; + +static void *run_dut_echo_thread(void *arg) +{ + struct test_data *t = (struct test_data *)arg; + __u32 magic; + + while (!t->quit_dut_echo_thread) { + struct sockaddr_storage addr; + socklen_t addrlen; + size_t n; + + n = recvfrom(t->echo_server_sock, &magic, sizeof(magic), + MSG_WAITALL, (struct sockaddr *)&addr, &addrlen); + if (n != sizeof(magic)) { + usleep(LOOP_DELAY_US); + continue; + } + + if (magic != htonl(CMD_ECHO)) + continue; + + /* Answer echo command with the very same message */ + sendto(t->echo_server_sock, &magic, sizeof(magic), + MSG_NOSIGNAL | MSG_CONFIRM, (struct sockaddr *)&addr, + addrlen); + } + pthread_exit(NULL); +} + +static int dut_start_echo_server(struct test_data *t) +{ + struct nstoken *token; + int err = 0, flags; + + token = open_netns(DUT_NS); + if (!ASSERT_OK_PTR(token, "open dut ns")) + return -EINVAL; + + t->echo_server_sock = + start_server(AF_INET6, SOCK_DGRAM, NULL, DUT_ECHO_PORT, 0); + if (!ASSERT_OK_FD(t->echo_server_sock, "start dut echo server")) { + err = t->echo_server_sock; + goto restore_ns; + } + + flags = fcntl(t->echo_server_sock, F_GETFL, 0); + err = fcntl(t->echo_server_sock, F_SETFL, flags | O_NONBLOCK); + if (!ASSERT_OK(err, "set non-blocking socket")) + goto close_server; + + err = pthread_create(&t->dut_echo_thread, NULL, run_dut_echo_thread, t); + if (!ASSERT_OK(err, "start dut echo thread")) + goto close_server; + + close_netns(token); + return 0; + +close_server: + close(t->echo_server_sock); +restore_ns: + close_netns(token); + return err; +} + +static void dut_stop_echo_server(struct test_data *t) +{ + struct nstoken *token; + + token = open_netns(DUT_NS); + if (!ASSERT_OK_PTR(token, "open dut ns")) + return; + + t->quit_dut_echo_thread = true; + pthread_join(t->dut_echo_thread, NULL); + + close(t->echo_server_sock); + close_netns(token); +} + +static int dut_attach_xdp_prog(struct test_data *t, int flags, + enum netdev_xdp_act drv_feature, + enum xdp_action action) +{ + struct bpf_program *prog; + unsigned int key = 0; + int err, fd = 0; + + if (drv_feature == NETDEV_XDP_ACT_NDO_XMIT) { + struct bpf_devmap_val entry = { .ifindex = t->dut_ifindex }; + + err = bpf_map__update_elem(t->skel->maps.dev_map, &key, + sizeof(key), &entry, sizeof(entry), + 0); + if (!ASSERT_OK(err, "update dev map")) + return err; + + fd = bpf_program__fd(t->skel->progs.xdp_do_redirect_cpumap); + action = XDP_REDIRECT; + } + + switch (action) { + case XDP_TX: + prog = t->skel->progs.xdp_do_tx; + break; + case XDP_DROP: + prog = t->skel->progs.xdp_do_drop; + break; + case XDP_ABORTED: + prog = t->skel->progs.xdp_do_aborted; + break; + case XDP_PASS: + prog = t->skel->progs.xdp_do_pass; + break; + case XDP_REDIRECT: { + struct bpf_cpumap_val entry = { + .qsize = 4096, + .bpf_prog.fd = fd, + }; + + err = bpf_map__update_elem(t->skel->maps.cpu_map, &key, + sizeof(key), &entry, sizeof(entry), + 0); + if (!ASSERT_OK(err, "update cpu map")) + return err; + + prog = t->skel->progs.xdp_do_redirect; + break; + } + default: + return -ENOTSUP; + } + + err = bpf_xdp_attach(t->dut_ifindex, bpf_program__fd(prog), flags, + NULL); + ASSERT_OK(err, "attach xdp prog to dut"); + return err; +} + +static int dut_start_test(struct test_data *t, enum netdev_xdp_act drv_feature, + enum xdp_action action) +{ + int flags = XDP_FLAGS_UPDATE_IF_NOEXIST | XDP_FLAGS_DRV_MODE; + struct nstoken *token = open_netns(DUT_NS); + int err; + + if (!ASSERT_OK_PTR(token, "open dut ns")) + return -EINVAL; + + err = dut_attach_xdp_prog(t, flags, drv_feature, action); + ASSERT_OK(err, "attach xdp program to dut"); + close_netns(token); + + return err; +} + +static void dut_stop_test(struct test_data *t) +{ + int flags = XDP_FLAGS_UPDATE_IF_NOEXIST | XDP_FLAGS_DRV_MODE; + struct nstoken *token = open_netns(DUT_NS); + + if (!ASSERT_OK_PTR(token, "open dut ns")) + return; + + bpf_xdp_detach(t->dut_ifindex, flags, NULL); + close_netns(token); +} + +static int dut_get_xdp_features(struct test_data *t, __u64 *xdp_features) +{ + struct nstoken *token = open_netns(DUT_NS); + int err; + + if (!ASSERT_OK_PTR(token, "open dut ns")) + return -EINVAL; + + LIBBPF_OPTS(bpf_xdp_query_opts, opts); + err = bpf_xdp_query(t->dut_ifindex, XDP_FLAGS_DRV_MODE, &opts); + close_netns(token); + + if (ASSERT_OK(err, "get dut interface xdp features")) + *xdp_features = opts.feature_flags; + + return err; +} + +static int send_echo_msg(struct test_data *t) +{ + __u32 magic = htonl(CMD_ECHO); + int sockfd, n; + + sockfd = socket(AF_INET6, SOCK_DGRAM, 0); + if (!ASSERT_OK_FD(sockfd, "open tester socket")) + return sockfd; + + n = sendto(sockfd, &magic, sizeof(magic), MSG_NOSIGNAL | MSG_CONFIRM, + (struct sockaddr *)&t->dut_addr, + sizeof(struct sockaddr_storage)); + close(sockfd); + + return n == sizeof(magic) ? 0 : -EINVAL; +} + +static bool tester_collect_detected_cap(struct test_data *t, + enum netdev_xdp_act drv_feature, + enum xdp_action action) +{ + if (!t->skel->bss->dut_stats) + return false; + + if (drv_feature == NETDEV_XDP_ACT_NDO_XMIT) + return t->skel->bss->tester_stats > 0; + + switch (action) { + case XDP_PASS: + case XDP_TX: + case XDP_REDIRECT: + return t->skel->bss->tester_stats > 0; + case XDP_DROP: + case XDP_ABORTED: + return t->skel->bss->tester_stats == 0; + default: + break; + } + + return false; +} + +static void reset_test_stats(struct test_data *t, + struct sockaddr_storage *tester_addr, + struct sockaddr_storage *dut_addr) +{ + t->skel->bss->tester_stats = 0; + t->skel->bss->dut_stats = 0; +} + +static int setup_network(struct test_data *t) +{ + struct nstoken *token; + int err; + + err = make_sockaddr(AF_INET6, DUT_VETH_IPV6, DUT_ECHO_PORT, + &t->dut_addr, NULL); + if (!ASSERT_OK(err, "dut data addr")) + return -1; + + err = make_sockaddr(AF_INET6, TESTER_VETH_IPV6, 0, &t->tester_addr, + NULL); + if (!ASSERT_OK(err, "tester addr")) + return -1; + + /* Create interfaces and testing namespace */ + SYS(fail, "ip netns add %s", DUT_NS); + SYS(cleanup_ns, + "ip link add %s address %s type veth peer name %s netns %s address %s", + TESTER_VETH, TESTER_MAC, DUT_VETH, DUT_NS, DUT_MAC); + + /* Configure tester side in local namespace */ + SYS(cleanup_interfaces, "ip a add %s/%d nodad dev %s", TESTER_VETH_IPV6, + IP6_MASK, TESTER_VETH); + SYS(cleanup_interfaces, "ip link set %s up", TESTER_VETH); + SYS(cleanup_interfaces, + "ethtool -K %s tx-checksumming off > /dev/null 2>&1", TESTER_VETH); + SYS(cleanup_interfaces, "ip neigh add %s dev %s lladdr %s", + DUT_VETH_IPV6, TESTER_VETH, DUT_MAC); + t->tester_ifindex = if_nametoindex(TESTER_VETH); + if (!ASSERT_NEQ(t->tester_ifindex, 0, + "get tester veth interface index")) + goto cleanup_interfaces; + + /* Configure dut side in remote namespace */ + token = open_netns(DUT_NS); + if (!ASSERT_OK_PTR(token, "switch to dut ns")) + goto cleanup_interfaces; + SYS(restore_ns, "ip link set %s up", DUT_VETH); + SYS(restore_ns, "ip a add %s/%d nodad dev %s", DUT_VETH_IPV6, IP6_MASK, + DUT_VETH); + SYS(restore_ns, "ethtool -K %s tx-checksumming off > /dev/null 2>&1", + DUT_VETH); + SYS(restore_ns, "ip neigh add %s dev %s lladdr %s", TESTER_VETH_IPV6, + DUT_VETH, TESTER_MAC); + t->dut_ifindex = if_nametoindex(DUT_VETH); + if (!ASSERT_NEQ(t->dut_ifindex, 0, "get dut veth interface index")) + goto restore_ns; + close_netns(token); + + return 0; + +restore_ns: + close_netns(token); +cleanup_interfaces: + SYS_NOFAIL("ip link del %s", TESTER_VETH); +cleanup_ns: + SYS_NOFAIL("ip netns del %s", DUT_NS); +fail: + return 1; +} + +static void cleanup_network(void) +{ + SYS_NOFAIL("ip netns del %s", DUT_NS); + SYS_NOFAIL("ip link del %s", TESTER_VETH); +} + +static int tester_run(char *name, struct test_data *t, + enum netdev_xdp_act drv_feature, enum xdp_action action) +{ + int flags = XDP_FLAGS_UPDATE_IF_NOEXIST | XDP_FLAGS_DRV_MODE; + unsigned long long advertised_feature; + + char test_name[TEST_NAME_MAX_LEN]; + struct bpf_program *prog; + int i, err = -EINVAL; + bool detected_cap; + + if (drv_feature == NETDEV_XDP_ACT_NDO_XMIT || action == XDP_TX) + prog = t->skel->progs.xdp_tester_check_tx; + else + prog = t->skel->progs.xdp_tester_check_rx; + + err = bpf_xdp_attach(t->tester_ifindex, bpf_program__fd(prog), flags, + NULL); + if (!ASSERT_OK(err, "attach xdp program to tester")) + goto out; + + err = dut_start_test(t, drv_feature, action); + if (!ASSERT_OK(err, "send CMD_START to DUT")) + goto out; + + err = dut_get_xdp_features(t, &advertised_feature); + if (!ASSERT_OK(err, "get tester XDP capabilities")) + goto out; + + for (i = 0; i < TEST_PACKET_COUNT; i++) { + err = send_echo_msg(t); + if (!ASSERT_OK(err, "send echo message")) + goto out; + + usleep(LOOP_DELAY_US); + } + dut_stop_test(t); + + detected_cap = tester_collect_detected_cap(t, drv_feature, action); + + snprintf(test_name, TEST_NAME_MAX_LEN, "%s advertised capabilities", + name); + ASSERT_EQ(advertised_feature & drv_feature, drv_feature, test_name); + snprintf(test_name, TEST_NAME_MAX_LEN, "%s detected capabilities", + name); + ASSERT_TRUE(detected_cap, test_name); +out: + reset_test_stats(t, &t->tester_addr, &t->dut_addr); + bpf_xdp_detach(t->tester_ifindex, flags, NULL); + return err < 0 ? err : 0; +} + +void serial_test_xdp_features(void) +{ + struct test_data t = { 0 }; + + if (!ASSERT_OK(setup_network(&t), "setup network")) + return; + + t.skel = xdp_features__open(); + if (!ASSERT_OK_PTR(t.skel, "open skel")) + goto cleanup_network; + t.skel->rodata->tester_addr = + ((struct sockaddr_in6 *)&t.tester_addr)->sin6_addr; + t.skel->rodata->dut_addr = + ((struct sockaddr_in6 *)&t.dut_addr)->sin6_addr; + if (!ASSERT_OK(xdp_features__load(t.skel), "load progs")) + goto cleanup_progs; + if (!ASSERT_OK(xdp_features__attach(t.skel), "attach progs")) + goto cleanup_progs; + + if (!ASSERT_OK(dut_start_echo_server(&t), "start DUT main thread")) + goto cleanup_progs; + + if (test__start_subtest("XDP_PASS")) + tester_run("XDP_PASS", &t, NETDEV_XDP_ACT_BASIC, XDP_PASS); + + if (test__start_subtest("XDP_DROP")) + tester_run("XDP_DROP", &t, NETDEV_XDP_ACT_BASIC, XDP_DROP); + + if (test__start_subtest("XDP_ABORTED")) + tester_run("XDP_ABORTED", &t, NETDEV_XDP_ACT_BASIC, + XDP_ABORTED); + + if (test__start_subtest("XDP_TX")) + tester_run("XDP_TX", &t, NETDEV_XDP_ACT_BASIC, XDP_TX); + + if (test__start_subtest("XDP_REDIRECT")) + tester_run("XDP_REDIRECT", &t, NETDEV_XDP_ACT_REDIRECT, + XDP_REDIRECT); + + if (test__start_subtest("XDP_NDO_XMIT")) + tester_run("XDP_NDO_XMIT", &t, NETDEV_XDP_ACT_NDO_XMIT, 0); + + dut_stop_echo_server(&t); + +cleanup_progs: + xdp_features__destroy(t.skel); +cleanup_network: + cleanup_network(); +} diff --git a/tools/testing/selftests/bpf/progs/xdp_features.c b/tools/testing/selftests/bpf/progs/xdp_features.c index 67424084a38a..acfadd711921 100644 --- a/tools/testing/selftests/bpf/progs/xdp_features.c +++ b/tools/testing/selftests/bpf/progs/xdp_features.c @@ -30,19 +30,9 @@ struct xdp_cpumap_stats { unsigned int drop; }; -struct { - __uint(type, BPF_MAP_TYPE_ARRAY); - __type(key, __u32); - __type(value, __u32); - __uint(max_entries, 1); -} stats SEC(".maps"); +__u32 tester_stats; +__u32 dut_stats; -struct { - __uint(type, BPF_MAP_TYPE_ARRAY); - __type(key, __u32); - __type(value, __u32); - __uint(max_entries, 1); -} dut_stats SEC(".maps"); struct { __uint(type, BPF_MAP_TYPE_CPUMAP); @@ -67,7 +57,7 @@ xdp_process_echo_packet(struct xdp_md *xdp, bool dut) void *data_end = (void *)(long)xdp->data_end; void *data = (void *)(long)xdp->data; struct ethhdr *eh = data; - struct tlv_hdr *tlv; + __u32 *magic; struct udphdr *uh; __be16 port; @@ -124,28 +114,23 @@ xdp_process_echo_packet(struct xdp_md *xdp, bool dut) if (port != bpf_htons(DUT_ECHO_PORT)) return -EINVAL; - tlv = (struct tlv_hdr *)(uh + 1); - if (tlv + 1 > data_end) + magic = (__u32 *)(uh + 1); + if (magic + 1 > data_end) return -EINVAL; - return bpf_htons(tlv->type) == CMD_ECHO ? 0 : -EINVAL; + return *magic == bpf_htonl(CMD_ECHO) ? 0 : -EINVAL; } static __always_inline int xdp_update_stats(struct xdp_md *xdp, bool tx, bool dut) { - __u32 *val, key = 0; - if (xdp_process_echo_packet(xdp, tx)) return -EINVAL; if (dut) - val = bpf_map_lookup_elem(&dut_stats, &key); + __sync_add_and_fetch(&dut_stats, 1); else - val = bpf_map_lookup_elem(&stats, &key); - - if (val) - __sync_add_and_fetch(val, 1); + __sync_add_and_fetch(&tester_stats, 1); return 0; } @@ -204,7 +189,7 @@ int xdp_do_tx(struct xdp_md *xdp) __u8 tmp_mac[ETH_ALEN]; if (xdp_update_stats(xdp, true, true)) - return XDP_PASS; + return XDP_DROP; __builtin_memcpy(tmp_mac, eh->h_source, ETH_ALEN); __builtin_memcpy(eh->h_source, eh->h_dest, ETH_ALEN); @@ -217,7 +202,7 @@ SEC("xdp") int xdp_do_redirect(struct xdp_md *xdp) { if (xdp_process_echo_packet(xdp, true)) - return XDP_PASS; + return XDP_DROP; return bpf_redirect_map(&cpu_map, 0, 0); } @@ -226,11 +211,7 @@ SEC("tp_btf/xdp_exception") int BPF_PROG(xdp_exception, const struct net_device *dev, const struct bpf_prog *xdp, __u32 act) { - __u32 *val, key = 0; - - val = bpf_map_lookup_elem(&dut_stats, &key); - if (val) - __sync_add_and_fetch(val, 1); + __sync_add_and_fetch(&dut_stats, 1); return 0; } @@ -239,11 +220,7 @@ SEC("tp_btf/xdp_cpumap_kthread") int BPF_PROG(tp_xdp_cpumap_kthread, int map_id, unsigned int processed, unsigned int drops, int sched, struct xdp_cpumap_stats *xdp_stats) { - __u32 *val, key = 0; - - val = bpf_map_lookup_elem(&dut_stats, &key); - if (val) - __sync_add_and_fetch(val, 1); + __sync_add_and_fetch(&dut_stats, 1); return 0; } @@ -256,7 +233,7 @@ int xdp_do_redirect_cpumap(struct xdp_md *xdp) __u8 tmp_mac[ETH_ALEN]; if (xdp_process_echo_packet(xdp, true)) - return XDP_PASS; + return XDP_DROP; __builtin_memcpy(tmp_mac, eh->h_source, ETH_ALEN); __builtin_memcpy(eh->h_source, eh->h_dest, ETH_ALEN); diff --git a/tools/testing/selftests/bpf/test_xdp_features.sh b/tools/testing/selftests/bpf/test_xdp_features.sh deleted file mode 100755 index 0aa71c4455c0..000000000000 --- a/tools/testing/selftests/bpf/test_xdp_features.sh +++ /dev/null @@ -1,107 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: GPL-2.0 - -readonly NS="ns1-$(mktemp -u XXXXXX)" -readonly V0_IP4=10.10.0.11 -readonly V1_IP4=10.10.0.1 -readonly V0_IP6=2001:db8::11 -readonly V1_IP6=2001:db8::1 - -ret=1 - -setup() { - { - ip netns add ${NS} - - ip link add v1 type veth peer name v0 netns ${NS} - - ip link set v1 up - ip addr add $V1_IP4/24 dev v1 - ip addr add $V1_IP6/64 nodad dev v1 - ip -n ${NS} link set dev v0 up - ip -n ${NS} addr add $V0_IP4/24 dev v0 - ip -n ${NS} addr add $V0_IP6/64 nodad dev v0 - - # Enable XDP mode and disable checksum offload - ethtool -K v1 gro on - ethtool -K v1 tx-checksumming off - ip netns exec ${NS} ethtool -K v0 gro on - ip netns exec ${NS} ethtool -K v0 tx-checksumming off - } > /dev/null 2>&1 -} - -cleanup() { - ip link del v1 2> /dev/null - ip netns del ${NS} 2> /dev/null - [ "$(pidof xdp_features)" = "" ] || kill $(pidof xdp_features) 2> /dev/null -} - -wait_for_dut_server() { - while sleep 1; do - ss -tlp | grep -q xdp_features - [ $? -eq 0 ] && break - done -} - -test_xdp_features() { - setup - - ## XDP_PASS - ./xdp_features -f XDP_PASS -D $V1_IP6 -T $V0_IP6 v1 & - wait_for_dut_server - ip netns exec ${NS} ./xdp_features -t -f XDP_PASS \ - -D $V1_IP6 -C $V1_IP6 \ - -T $V0_IP6 v0 - [ $? -ne 0 ] && exit - - ## XDP_DROP - ./xdp_features -f XDP_DROP -D ::ffff:$V1_IP4 -T ::ffff:$V0_IP4 v1 & - wait_for_dut_server - ip netns exec ${NS} ./xdp_features -t -f XDP_DROP \ - -D ::ffff:$V1_IP4 \ - -C ::ffff:$V1_IP4 \ - -T ::ffff:$V0_IP4 v0 - [ $? -ne 0 ] && exit - - ## XDP_ABORTED - ./xdp_features -f XDP_ABORTED -D $V1_IP6 -T $V0_IP6 v1 & - wait_for_dut_server - ip netns exec ${NS} ./xdp_features -t -f XDP_ABORTED \ - -D $V1_IP6 -C $V1_IP6 \ - -T $V0_IP6 v0 - [ $? -ne 0 ] && exit - - ## XDP_TX - ./xdp_features -f XDP_TX -D ::ffff:$V1_IP4 -T ::ffff:$V0_IP4 v1 & - wait_for_dut_server - ip netns exec ${NS} ./xdp_features -t -f XDP_TX \ - -D ::ffff:$V1_IP4 \ - -C ::ffff:$V1_IP4 \ - -T ::ffff:$V0_IP4 v0 - [ $? -ne 0 ] && exit - - ## XDP_REDIRECT - ./xdp_features -f XDP_REDIRECT -D $V1_IP6 -T $V0_IP6 v1 & - wait_for_dut_server - ip netns exec ${NS} ./xdp_features -t -f XDP_REDIRECT \ - -D $V1_IP6 -C $V1_IP6 \ - -T $V0_IP6 v0 - [ $? -ne 0 ] && exit - - ## XDP_NDO_XMIT - ./xdp_features -f XDP_NDO_XMIT -D ::ffff:$V1_IP4 -T ::ffff:$V0_IP4 v1 & - wait_for_dut_server - ip netns exec ${NS} ./xdp_features -t -f XDP_NDO_XMIT \ - -D ::ffff:$V1_IP4 \ - -C ::ffff:$V1_IP4 \ - -T ::ffff:$V0_IP4 v0 - ret=$? - cleanup -} - -set -e -trap cleanup 2 3 6 9 - -test_xdp_features - -exit $ret diff --git a/tools/testing/selftests/bpf/xdp_features.c b/tools/testing/selftests/bpf/xdp_features.c deleted file mode 100644 index 595c79141cf3..000000000000 --- a/tools/testing/selftests/bpf/xdp_features.c +++ /dev/null @@ -1,718 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -#include <uapi/linux/bpf.h> -#include <uapi/linux/netdev.h> -#include <linux/if_link.h> -#include <signal.h> -#include <argp.h> -#include <net/if.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <netinet/tcp.h> -#include <unistd.h> -#include <arpa/inet.h> -#include <bpf/bpf.h> -#include <bpf/libbpf.h> -#include <pthread.h> - -#include <network_helpers.h> - -#include "xdp_features.skel.h" -#include "xdp_features.h" - -#define RED(str) "\033[0;31m" str "\033[0m" -#define GREEN(str) "\033[0;32m" str "\033[0m" -#define YELLOW(str) "\033[0;33m" str "\033[0m" - -static struct env { - bool verbosity; - char ifname[IF_NAMESIZE]; - int ifindex; - bool is_tester; - struct { - enum netdev_xdp_act drv_feature; - enum xdp_action action; - } feature; - struct sockaddr_storage dut_ctrl_addr; - struct sockaddr_storage dut_addr; - struct sockaddr_storage tester_addr; -} env; - -#define BUFSIZE 128 - -void test__fail(void) { /* for network_helpers.c */ } - -static int libbpf_print_fn(enum libbpf_print_level level, - const char *format, va_list args) -{ - if (level == LIBBPF_DEBUG && !env.verbosity) - return 0; - return vfprintf(stderr, format, args); -} - -static volatile bool exiting; - -static void sig_handler(int sig) -{ - exiting = true; -} - -const char *argp_program_version = "xdp-features 0.0"; -const char argp_program_doc[] = -"XDP features detection application.\n" -"\n" -"XDP features application checks the XDP advertised features match detected ones.\n" -"\n" -"USAGE: ./xdp-features [-vt] [-f <xdp-feature>] [-D <dut-data-ip>] [-T <tester-data-ip>] [-C <dut-ctrl-ip>] <iface-name>\n" -"\n" -"dut-data-ip, tester-data-ip, dut-ctrl-ip: IPv6 or IPv4-mapped-IPv6 addresses;\n" -"\n" -"XDP features\n:" -"- XDP_PASS\n" -"- XDP_DROP\n" -"- XDP_ABORTED\n" -"- XDP_REDIRECT\n" -"- XDP_NDO_XMIT\n" -"- XDP_TX\n"; - -static const struct argp_option opts[] = { - { "verbose", 'v', NULL, 0, "Verbose debug output" }, - { "tester", 't', NULL, 0, "Tester mode" }, - { "feature", 'f', "XDP-FEATURE", 0, "XDP feature to test" }, - { "dut_data_ip", 'D', "DUT-DATA-IP", 0, "DUT IP data channel" }, - { "dut_ctrl_ip", 'C', "DUT-CTRL-IP", 0, "DUT IP control channel" }, - { "tester_data_ip", 'T', "TESTER-DATA-IP", 0, "Tester IP data channel" }, - {}, -}; - -static int get_xdp_feature(const char *arg) -{ - if (!strcmp(arg, "XDP_PASS")) { - env.feature.action = XDP_PASS; - env.feature.drv_feature = NETDEV_XDP_ACT_BASIC; - } else if (!strcmp(arg, "XDP_DROP")) { - env.feature.drv_feature = NETDEV_XDP_ACT_BASIC; - env.feature.action = XDP_DROP; - } else if (!strcmp(arg, "XDP_ABORTED")) { - env.feature.drv_feature = NETDEV_XDP_ACT_BASIC; - env.feature.action = XDP_ABORTED; - } else if (!strcmp(arg, "XDP_TX")) { - env.feature.drv_feature = NETDEV_XDP_ACT_BASIC; - env.feature.action = XDP_TX; - } else if (!strcmp(arg, "XDP_REDIRECT")) { - env.feature.drv_feature = NETDEV_XDP_ACT_REDIRECT; - env.feature.action = XDP_REDIRECT; - } else if (!strcmp(arg, "XDP_NDO_XMIT")) { - env.feature.drv_feature = NETDEV_XDP_ACT_NDO_XMIT; - } else { - return -EINVAL; - } - - return 0; -} - -static char *get_xdp_feature_str(void) -{ - switch (env.feature.action) { - case XDP_PASS: - return YELLOW("XDP_PASS"); - case XDP_DROP: - return YELLOW("XDP_DROP"); - case XDP_ABORTED: - return YELLOW("XDP_ABORTED"); - case XDP_TX: - return YELLOW("XDP_TX"); - case XDP_REDIRECT: - return YELLOW("XDP_REDIRECT"); - default: - break; - } - - if (env.feature.drv_feature == NETDEV_XDP_ACT_NDO_XMIT) - return YELLOW("XDP_NDO_XMIT"); - - return ""; -} - -static error_t parse_arg(int key, char *arg, struct argp_state *state) -{ - switch (key) { - case 'v': - env.verbosity = true; - break; - case 't': - env.is_tester = true; - break; - case 'f': - if (get_xdp_feature(arg) < 0) { - fprintf(stderr, "Invalid xdp feature: %s\n", arg); - argp_usage(state); - return ARGP_ERR_UNKNOWN; - } - break; - case 'D': - if (make_sockaddr(AF_INET6, arg, DUT_ECHO_PORT, - &env.dut_addr, NULL)) { - fprintf(stderr, - "Invalid address assigned to the Device Under Test: %s\n", - arg); - return ARGP_ERR_UNKNOWN; - } - break; - case 'C': - if (make_sockaddr(AF_INET6, arg, DUT_CTRL_PORT, - &env.dut_ctrl_addr, NULL)) { - fprintf(stderr, - "Invalid address assigned to the Device Under Test: %s\n", - arg); - return ARGP_ERR_UNKNOWN; - } - break; - case 'T': - if (make_sockaddr(AF_INET6, arg, 0, &env.tester_addr, NULL)) { - fprintf(stderr, - "Invalid address assigned to the Tester device: %s\n", - arg); - return ARGP_ERR_UNKNOWN; - } - break; - case ARGP_KEY_ARG: - errno = 0; - if (strlen(arg) >= IF_NAMESIZE) { - fprintf(stderr, "Invalid device name: %s\n", arg); - argp_usage(state); - return ARGP_ERR_UNKNOWN; - } - - env.ifindex = if_nametoindex(arg); - if (!env.ifindex) - env.ifindex = strtoul(arg, NULL, 0); - if (!env.ifindex || !if_indextoname(env.ifindex, env.ifname)) { - fprintf(stderr, - "Bad interface index or name (%d): %s\n", - errno, strerror(errno)); - argp_usage(state); - return ARGP_ERR_UNKNOWN; - } - break; - default: - return ARGP_ERR_UNKNOWN; - } - - return 0; -} - -static const struct argp argp = { - .options = opts, - .parser = parse_arg, - .doc = argp_program_doc, -}; - -static void set_env_default(void) -{ - env.feature.drv_feature = NETDEV_XDP_ACT_NDO_XMIT; - env.feature.action = -EINVAL; - env.ifindex = -ENODEV; - strcpy(env.ifname, "unknown"); - make_sockaddr(AF_INET6, "::ffff:127.0.0.1", DUT_CTRL_PORT, - &env.dut_ctrl_addr, NULL); - make_sockaddr(AF_INET6, "::ffff:127.0.0.1", DUT_ECHO_PORT, - &env.dut_addr, NULL); - make_sockaddr(AF_INET6, "::ffff:127.0.0.1", 0, &env.tester_addr, NULL); -} - -static void *dut_echo_thread(void *arg) -{ - unsigned char buf[sizeof(struct tlv_hdr)]; - int sockfd = *(int *)arg; - - while (!exiting) { - struct tlv_hdr *tlv = (struct tlv_hdr *)buf; - struct sockaddr_storage addr; - socklen_t addrlen; - size_t n; - - n = recvfrom(sockfd, buf, sizeof(buf), MSG_WAITALL, - (struct sockaddr *)&addr, &addrlen); - if (n != ntohs(tlv->len)) - continue; - - if (ntohs(tlv->type) != CMD_ECHO) - continue; - - sendto(sockfd, buf, sizeof(buf), MSG_NOSIGNAL | MSG_CONFIRM, - (struct sockaddr *)&addr, addrlen); - } - - pthread_exit((void *)0); - close(sockfd); - - return NULL; -} - -static int dut_run_echo_thread(pthread_t *t, int *sockfd) -{ - int err; - - sockfd = start_reuseport_server(AF_INET6, SOCK_DGRAM, NULL, - DUT_ECHO_PORT, 0, 1); - if (!sockfd) { - fprintf(stderr, - "Failed creating data UDP socket on device %s\n", - env.ifname); - return -errno; - } - - /* start echo channel */ - err = pthread_create(t, NULL, dut_echo_thread, sockfd); - if (err) { - fprintf(stderr, - "Failed creating data UDP thread on device %s: %s\n", - env.ifname, strerror(-err)); - free_fds(sockfd, 1); - return -EINVAL; - } - - return 0; -} - -static int dut_attach_xdp_prog(struct xdp_features *skel, int flags) -{ - enum xdp_action action = env.feature.action; - struct bpf_program *prog; - unsigned int key = 0; - int err, fd = 0; - - if (env.feature.drv_feature == NETDEV_XDP_ACT_NDO_XMIT) { - struct bpf_devmap_val entry = { - .ifindex = env.ifindex, - }; - - err = bpf_map__update_elem(skel->maps.dev_map, - &key, sizeof(key), - &entry, sizeof(entry), 0); - if (err < 0) - return err; - - fd = bpf_program__fd(skel->progs.xdp_do_redirect_cpumap); - action = XDP_REDIRECT; - } - - switch (action) { - case XDP_TX: - prog = skel->progs.xdp_do_tx; - break; - case XDP_DROP: - prog = skel->progs.xdp_do_drop; - break; - case XDP_ABORTED: - prog = skel->progs.xdp_do_aborted; - break; - case XDP_PASS: - prog = skel->progs.xdp_do_pass; - break; - case XDP_REDIRECT: { - struct bpf_cpumap_val entry = { - .qsize = 2048, - .bpf_prog.fd = fd, - }; - - err = bpf_map__update_elem(skel->maps.cpu_map, - &key, sizeof(key), - &entry, sizeof(entry), 0); - if (err < 0) - return err; - - prog = skel->progs.xdp_do_redirect; - break; - } - default: - return -EINVAL; - } - - err = bpf_xdp_attach(env.ifindex, bpf_program__fd(prog), flags, NULL); - if (err) - fprintf(stderr, "Failed attaching XDP program to device %s\n", - env.ifname); - return err; -} - -static int recv_msg(int sockfd, void *buf, size_t bufsize, void *val, - size_t val_size) -{ - struct tlv_hdr *tlv = (struct tlv_hdr *)buf; - size_t len; - - len = recv(sockfd, buf, bufsize, 0); - if (len != ntohs(tlv->len) || len < sizeof(*tlv)) - return -EINVAL; - - if (val) { - len -= sizeof(*tlv); - if (len > val_size) - return -ENOMEM; - - memcpy(val, tlv->data, len); - } - - return 0; -} - -static int dut_run(struct xdp_features *skel) -{ - int flags = XDP_FLAGS_UPDATE_IF_NOEXIST | XDP_FLAGS_DRV_MODE; - int state, err = 0, *sockfd, ctrl_sockfd, echo_sockfd; - struct sockaddr_storage ctrl_addr; - pthread_t dut_thread = 0; - socklen_t addrlen; - - sockfd = start_reuseport_server(AF_INET6, SOCK_STREAM, NULL, - DUT_CTRL_PORT, 0, 1); - if (!sockfd) { - fprintf(stderr, - "Failed creating control socket on device %s\n", env.ifname); - return -errno; - } - - ctrl_sockfd = accept(*sockfd, (struct sockaddr *)&ctrl_addr, &addrlen); - if (ctrl_sockfd < 0) { - fprintf(stderr, - "Failed accepting connections on device %s control socket\n", - env.ifname); - free_fds(sockfd, 1); - return -errno; - } - - /* CTRL loop */ - while (!exiting) { - unsigned char buf[BUFSIZE] = {}; - struct tlv_hdr *tlv = (struct tlv_hdr *)buf; - - err = recv_msg(ctrl_sockfd, buf, BUFSIZE, NULL, 0); - if (err) - continue; - - switch (ntohs(tlv->type)) { - case CMD_START: { - if (state == CMD_START) - continue; - - state = CMD_START; - /* Load the XDP program on the DUT */ - err = dut_attach_xdp_prog(skel, flags); - if (err) - goto out; - - err = dut_run_echo_thread(&dut_thread, &echo_sockfd); - if (err < 0) - goto out; - - tlv->type = htons(CMD_ACK); - tlv->len = htons(sizeof(*tlv)); - err = send(ctrl_sockfd, buf, sizeof(*tlv), 0); - if (err < 0) - goto end_thread; - break; - } - case CMD_STOP: - if (state != CMD_START) - break; - - state = CMD_STOP; - - exiting = true; - bpf_xdp_detach(env.ifindex, flags, NULL); - - tlv->type = htons(CMD_ACK); - tlv->len = htons(sizeof(*tlv)); - err = send(ctrl_sockfd, buf, sizeof(*tlv), 0); - goto end_thread; - case CMD_GET_XDP_CAP: { - LIBBPF_OPTS(bpf_xdp_query_opts, opts); - unsigned long long val; - size_t n; - - err = bpf_xdp_query(env.ifindex, XDP_FLAGS_DRV_MODE, - &opts); - if (err) { - fprintf(stderr, - "Failed querying XDP cap for device %s\n", - env.ifname); - goto end_thread; - } - - tlv->type = htons(CMD_ACK); - n = sizeof(*tlv) + sizeof(opts.feature_flags); - tlv->len = htons(n); - - val = htobe64(opts.feature_flags); - memcpy(tlv->data, &val, sizeof(val)); - - err = send(ctrl_sockfd, buf, n, 0); - if (err < 0) - goto end_thread; - break; - } - case CMD_GET_STATS: { - unsigned int key = 0, val; - size_t n; - - err = bpf_map__lookup_elem(skel->maps.dut_stats, - &key, sizeof(key), - &val, sizeof(val), 0); - if (err) { - fprintf(stderr, - "bpf_map_lookup_elem failed (%d)\n", err); - goto end_thread; - } - - tlv->type = htons(CMD_ACK); - n = sizeof(*tlv) + sizeof(val); - tlv->len = htons(n); - - val = htonl(val); - memcpy(tlv->data, &val, sizeof(val)); - - err = send(ctrl_sockfd, buf, n, 0); - if (err < 0) - goto end_thread; - break; - } - default: - break; - } - } - -end_thread: - pthread_join(dut_thread, NULL); -out: - bpf_xdp_detach(env.ifindex, flags, NULL); - close(ctrl_sockfd); - free_fds(sockfd, 1); - - return err; -} - -static bool tester_collect_detected_cap(struct xdp_features *skel, - unsigned int dut_stats) -{ - unsigned int err, key = 0, val; - - if (!dut_stats) - return false; - - err = bpf_map__lookup_elem(skel->maps.stats, &key, sizeof(key), - &val, sizeof(val), 0); - if (err) { - fprintf(stderr, "bpf_map_lookup_elem failed (%d)\n", err); - return false; - } - - switch (env.feature.action) { - case XDP_PASS: - case XDP_TX: - case XDP_REDIRECT: - return val > 0; - case XDP_DROP: - case XDP_ABORTED: - return val == 0; - default: - break; - } - - if (env.feature.drv_feature == NETDEV_XDP_ACT_NDO_XMIT) - return val > 0; - - return false; -} - -static int send_and_recv_msg(int sockfd, enum test_commands cmd, void *val, - size_t val_size) -{ - unsigned char buf[BUFSIZE] = {}; - struct tlv_hdr *tlv = (struct tlv_hdr *)buf; - int err; - - tlv->type = htons(cmd); - tlv->len = htons(sizeof(*tlv)); - - err = send(sockfd, buf, sizeof(*tlv), 0); - if (err < 0) - return err; - - err = recv_msg(sockfd, buf, BUFSIZE, val, val_size); - if (err < 0) - return err; - - return ntohs(tlv->type) == CMD_ACK ? 0 : -EINVAL; -} - -static int send_echo_msg(void) -{ - unsigned char buf[sizeof(struct tlv_hdr)]; - struct tlv_hdr *tlv = (struct tlv_hdr *)buf; - int sockfd, n; - - sockfd = socket(AF_INET6, SOCK_DGRAM, 0); - if (sockfd < 0) { - fprintf(stderr, - "Failed creating data UDP socket on device %s\n", - env.ifname); - return -errno; - } - - tlv->type = htons(CMD_ECHO); - tlv->len = htons(sizeof(*tlv)); - - n = sendto(sockfd, buf, sizeof(*tlv), MSG_NOSIGNAL | MSG_CONFIRM, - (struct sockaddr *)&env.dut_addr, sizeof(env.dut_addr)); - close(sockfd); - - return n == ntohs(tlv->len) ? 0 : -EINVAL; -} - -static int tester_run(struct xdp_features *skel) -{ - int flags = XDP_FLAGS_UPDATE_IF_NOEXIST | XDP_FLAGS_DRV_MODE; - unsigned long long advertised_feature; - struct bpf_program *prog; - unsigned int stats; - int i, err, sockfd; - bool detected_cap; - - sockfd = socket(AF_INET6, SOCK_STREAM, 0); - if (sockfd < 0) { - fprintf(stderr, - "Failed creating tester service control socket\n"); - return -errno; - } - - if (settimeo(sockfd, 1000) < 0) - return -EINVAL; - - err = connect(sockfd, (struct sockaddr *)&env.dut_ctrl_addr, - sizeof(env.dut_ctrl_addr)); - if (err) { - fprintf(stderr, - "Failed connecting to the Device Under Test control socket\n"); - return -errno; - } - - err = send_and_recv_msg(sockfd, CMD_GET_XDP_CAP, &advertised_feature, - sizeof(advertised_feature)); - if (err < 0) { - close(sockfd); - return err; - } - - advertised_feature = be64toh(advertised_feature); - - if (env.feature.drv_feature == NETDEV_XDP_ACT_NDO_XMIT || - env.feature.action == XDP_TX) - prog = skel->progs.xdp_tester_check_tx; - else - prog = skel->progs.xdp_tester_check_rx; - - err = bpf_xdp_attach(env.ifindex, bpf_program__fd(prog), flags, NULL); - if (err) { - fprintf(stderr, "Failed attaching XDP program to device %s\n", - env.ifname); - goto out; - } - - err = send_and_recv_msg(sockfd, CMD_START, NULL, 0); - if (err) - goto out; - - for (i = 0; i < 10 && !exiting; i++) { - err = send_echo_msg(); - if (err < 0) - goto out; - - sleep(1); - } - - err = send_and_recv_msg(sockfd, CMD_GET_STATS, &stats, sizeof(stats)); - if (err) - goto out; - - /* stop the test */ - err = send_and_recv_msg(sockfd, CMD_STOP, NULL, 0); - /* send a new echo message to wake echo thread of the dut */ - send_echo_msg(); - - detected_cap = tester_collect_detected_cap(skel, ntohl(stats)); - - fprintf(stdout, "Feature %s: [%s][%s]\n", get_xdp_feature_str(), - detected_cap ? GREEN("DETECTED") : RED("NOT DETECTED"), - env.feature.drv_feature & advertised_feature ? GREEN("ADVERTISED") - : RED("NOT ADVERTISED")); -out: - bpf_xdp_detach(env.ifindex, flags, NULL); - close(sockfd); - return err < 0 ? err : 0; -} - -int main(int argc, char **argv) -{ - struct xdp_features *skel; - int err; - - libbpf_set_strict_mode(LIBBPF_STRICT_ALL); - libbpf_set_print(libbpf_print_fn); - - signal(SIGINT, sig_handler); - signal(SIGTERM, sig_handler); - - set_env_default(); - - /* Parse command line arguments */ - err = argp_parse(&argp, argc, argv, 0, NULL, NULL); - if (err) - return err; - - if (env.ifindex < 0) { - fprintf(stderr, "Invalid device name %s\n", env.ifname); - return -ENODEV; - } - - /* Load and verify BPF application */ - skel = xdp_features__open(); - if (!skel) { - fprintf(stderr, "Failed to open and load BPF skeleton\n"); - return -EINVAL; - } - - skel->rodata->tester_addr = - ((struct sockaddr_in6 *)&env.tester_addr)->sin6_addr; - skel->rodata->dut_addr = - ((struct sockaddr_in6 *)&env.dut_addr)->sin6_addr; - - /* Load & verify BPF programs */ - err = xdp_features__load(skel); - if (err) { - fprintf(stderr, "Failed to load and verify BPF skeleton\n"); - goto cleanup; - } - - err = xdp_features__attach(skel); - if (err) { - fprintf(stderr, "Failed to attach BPF skeleton\n"); - goto cleanup; - } - - if (env.is_tester) { - /* Tester */ - fprintf(stdout, "Starting tester service on device %s\n", - env.ifname); - err = tester_run(skel); - } else { - /* DUT */ - fprintf(stdout, "Starting test on device %s\n", env.ifname); - err = dut_run(skel); - } - -cleanup: - xdp_features__destroy(skel); - - return err < 0 ? -err : 0; -} diff --git a/tools/testing/selftests/bpf/xdp_features.h b/tools/testing/selftests/bpf/xdp_features.h index 2670c541713b..2fa7a2e156c7 100644 --- a/tools/testing/selftests/bpf/xdp_features.h +++ b/tools/testing/selftests/bpf/xdp_features.h @@ -1,20 +1,5 @@ /* SPDX-License-Identifier: GPL-2.0 */ -/* test commands */ -enum test_commands { - CMD_STOP, /* CMD */ - CMD_START, /* CMD */ - CMD_ECHO, /* CMD */ - CMD_ACK, /* CMD + data */ - CMD_GET_XDP_CAP, /* CMD */ - CMD_GET_STATS, /* CMD */ -}; +#define CMD_ECHO 0x4543484F /* 4 bytes magic */ -#define DUT_CTRL_PORT 12345 #define DUT_ECHO_PORT 12346 - -struct tlv_hdr { - __be16 type; - __be16 len; - __u8 data[]; -}; --- base-commit: b9a1776000bbc3b794a398e1ef8bec3dd6ed57ab change-id: 20240730-convert_xdp_tests-ccd66bfe33db Best regards, -- Alexis Lothoré, Bootlin Embedded Linux and Kernel engineering https://bootlin.com

19 hours, 54 minutes

6
12
0 0

[PATCH v3 0/4] Add support for the Bus Lock Threshold

by Manali Shukla

Misbehaving guests can cause bus locks to degrade the performance of a system. Non-WB (write-back) and misaligned locked RMW (read-modify-write) instructions are referred to as "bus locks" and require system wide synchronization among all processors to guarantee the atomicity. The bus locks can impose notable performance penalties for all processors within the system. Support for the Bus Lock Threshold is indicated by CPUID Fn8000_000A_EDX[29] BusLockThreshold=1, the VMCB provides a Bus Lock Threshold enable bit and an unsigned 16-bit Bus Lock Threshold count. VMCB intercept bit VMCB Offset Bits Function 14h 5 Intercept bus lock operations Bus lock threshold count VMCB Offset Bits Function 120h 15:0 Bus lock counter During VMRUN, the bus lock threshold count is fetched and stored in an internal count register. Prior to executing a bus lock within the guest, the processor verifies the count in the bus lock register. If the count is greater than zero, the processor executes the bus lock, reducing the count. However, if the count is zero, the bus lock operation is not performed, and instead, a Bus Lock Threshold #VMEXIT is triggered to transfer control to the Virtual Machine Monitor (VMM). A Bus Lock Threshold #VMEXIT is reported to the VMM with VMEXIT code 0xA5h, VMEXIT_BUSLOCK. EXITINFO1 and EXITINFO2 are set to 0 on a VMEXIT_BUSLOCK. On a #VMEXIT, the processor writes the current value of the Bus Lock Threshold Counter to the VMCB. More details about the Bus Lock Threshold feature can be found in AMD APM [1]. v2 -> v3 - Drop parch to add virt tag in /proc/cpuinfo. - Incorporated Tom's review comments. v1 -> v2 - Incorporated misc review comments from Sean. - Removed bus_lock_counter module parameter. - Set the value of bus_lock_counter to zero by default and reload the value by 1 in bus lock exit handler. - Add documentation for the behavioral difference for KVM_EXIT_BUS_LOCK. - Improved selftest for buslock to work on SVM and VMX. - Rewrite the commit messages. Patches are prepared on kvm-next/next (efbc6bd090f4). Testing done: - Added a selftest for the Bus Lock Threshold functionality. - The bus lock threshold selftest has been tested on both Intel and AMD platforms. - Tested the Bus Lock Threshold functionality on SEV, SEV-ES, SEV-SNP guests. - Tested the Bus Lock Threshold functionality on nested guests. v1: https://lore.kernel.org/kvm/20240709175145.9986-4-manali.shukla@amd.com/T/ v2: https://lore.kernel.org/kvm/20241001063413.687787-4-manali.shukla@amd.com/T/ [1]: AMD64 Architecture Programmer's Manual Pub. 24593, April 2024, Vol 2, 15.14.5 Bus Lock Threshold. https://bugzilla.kernel.org/attachment.cgi?id=306250 Manali Shukla (2): x86/cpufeatures: Add CPUID feature bit for the Bus Lock Threshold KVM: X86: Add documentation about behavioral difference for KVM_EXIT_BUS_LOCK Nikunj A Dadhania (2): KVM: SVM: Enable Bus lock threshold exit KVM: selftests: Add bus lock exit test Documentation/virt/kvm/api.rst | 4 + arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/svm.h | 5 +- arch/x86/include/uapi/asm/svm.h | 2 + arch/x86/kvm/svm/nested.c | 10 ++ arch/x86/kvm/svm/svm.c | 27 ++++ tools/testing/selftests/kvm/Makefile | 1 + .../selftests/kvm/x86_64/kvm_buslock_test.c | 130 ++++++++++++++++++ 8 files changed, 179 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/kvm/x86_64/kvm_buslock_test.c base-commit: efbc6bd090f48ccf64f7a8dd5daea775821d57ec -- 2.34.1

20 hours, 45 minutes

1
4
0 0

[PATCH v8 0/8] clk: Add kunit tests for fixed rate and parent data

by Stephen Boyd

This patch series adds unit tests for the clk fixed rate basic type and the clk registration functions that use struct clk_parent_data. To get there, we add support for loading device tree overlays onto the live DTB along with probing platform drivers to bind to device nodes in the overlays. With this series, we're able to exercise some of the code in the common clk framework that uses devicetree lookups to find parents and the fixed rate clk code that scans device tree directly and creates clks. Please review. I Cced everyone to all the patches so they get the full context. I'm hoping I can take the whole pile through the clk tree as they all build upon each other. Or the DT part can be merged through the DT tree to reduce the dependencies. Changes from v7: https://lore.kernel.org/r/20240710201246.1802189-1-sboyd@kernel.org * Support modular builds properly by compiling overlay with tests into one .ko * Fold in thinko fix from Geert to DT overlay application patch * Export device_is_bound() to fix module build * Add more module license and description Changes from v6: https://lore.kernel.org/r/20240706045454.215701-1-sboyd@kernel.org * Fix kasan error in platform test by fixing the condition to check for correct free callback * Add module descriptions to new modules Changes from v5: https://lore.kernel.org/r/20240603223811.3815762-1-sboyd@kernel.org * Pick up reviewed-by tags * Drop test vendor prefix bindings as dtschema allows anything now * Use of_node_put_kunit() more to plug some reference leaks * Select DTC config to avoid compile fails because of missing dtc * Don't skip for OF_OVERLAY in overlay tests because they depend on it Changes from v4: https://lore.kernel.org/r/20240422232404.213174-1-sboyd@kernel.org * Picked up reviewed-by tags * Check for non-NULL device pointers before calling put_device() * Fix CFI issues with kunit actions * Introduce platform_device_prepare_wait_for_probe() helper to wait for a platform device to probe * Move platform code to lib/kunit and rename functions to have kunit prefix * Fix issue with platform wrappers messing up reference counting because they used kunit actions * New patch to populate overlay devices on root node for powerpc * Make fixed-rate binding generic single clk consumer binding Changes from v3: https://lore.kernel.org/r/20230327222159.3509818-1-sboyd@kernel.org * No longer depend on Frank's series[1] because it was merged upstream[2] * Use kunit_add_action_or_reset() to shorten code * Skip tests properly when CONFIG_OF_OVERLAY isn't set Changes from v2: https://lore.kernel.org/r/20230315183729.2376178-1-sboyd@kernel.org * Overlays don't depend on __symbols__ node * Depend on Frank's always create root node if CONFIG_OF series[1] * Added kernel-doc to KUnit API doc * Fixed some kernel-doc on functions * More test cases for fixed rate clk Changes from v1: https://lore.kernel.org/r/20230302013822.1808711-1-sboyd@kernel.org * Don't depend on UML, use unittest data approach to attach nodes * Introduce overlay loading API for KUnit * Move platform_device KUnit code to drivers/base/test * Use #define macros for constants shared between unit tests and overlays * Settle on "test" as a vendor prefix * Make KUnit wrappers have "_kunit" postfix [1] https://lore.kernel.org/r/20230317053415.2254616-1-frowand.list@gmail.com [2] https://lore.kernel.org/r/20240308195737.GA1174908-robh@kernel.org Stephen Boyd (8): of/platform: Allow overlays to create platform devices from the root node of: Add test managed wrappers for of_overlay_apply()/of_node_put() dt-bindings: vendor-prefixes: Add "test" vendor for KUnit and friends of: Add a KUnit test for overlays and test managed APIs platform: Add test managed platform_device/driver APIs clk: Add test managed clk provider/consumer APIs clk: Add KUnit tests for clk fixed rate basic type clk: Add KUnit tests for clks registered with struct clk_parent_data Documentation/dev-tools/kunit/api/clk.rst | 10 + Documentation/dev-tools/kunit/api/index.rst | 21 + Documentation/dev-tools/kunit/api/of.rst | 13 + .../dev-tools/kunit/api/platformdevice.rst | 10 + .../devicetree/bindings/vendor-prefixes.yaml | 2 + drivers/base/dd.c | 1 + drivers/clk/.kunitconfig | 2 + drivers/clk/Kconfig | 11 + drivers/clk/Makefile | 11 +- drivers/clk/clk-fixed-rate_test.c | 380 +++++++++++++++ drivers/clk/clk-fixed-rate_test.h | 8 + drivers/clk/clk_kunit_helpers.c | 207 ++++++++ drivers/clk/clk_parent_data_test.h | 10 + drivers/clk/clk_test.c | 453 +++++++++++++++++- drivers/clk/kunit_clk_fixed_rate_test.dtso | 19 + drivers/clk/kunit_clk_parent_data_test.dtso | 28 ++ drivers/of/.kunitconfig | 1 + drivers/of/Kconfig | 10 + drivers/of/Makefile | 3 + drivers/of/kunit_overlay_test.dtso | 9 + drivers/of/of_kunit_helpers.c | 77 +++ drivers/of/overlay_test.c | 115 +++++ drivers/of/platform.c | 9 +- include/kunit/clk.h | 28 ++ include/kunit/of.h | 115 +++++ include/kunit/platform_device.h | 20 + lib/kunit/Makefile | 4 +- lib/kunit/platform-test.c | 224 +++++++++ lib/kunit/platform.c | 302 ++++++++++++ 29 files changed, 2097 insertions(+), 6 deletions(-) create mode 100644 Documentation/dev-tools/kunit/api/clk.rst create mode 100644 Documentation/dev-tools/kunit/api/of.rst create mode 100644 Documentation/dev-tools/kunit/api/platformdevice.rst create mode 100644 drivers/clk/clk-fixed-rate_test.c create mode 100644 drivers/clk/clk-fixed-rate_test.h create mode 100644 drivers/clk/clk_kunit_helpers.c create mode 100644 drivers/clk/clk_parent_data_test.h create mode 100644 drivers/clk/kunit_clk_fixed_rate_test.dtso create mode 100644 drivers/clk/kunit_clk_parent_data_test.dtso create mode 100644 drivers/of/kunit_overlay_test.dtso create mode 100644 drivers/of/of_kunit_helpers.c create mode 100644 drivers/of/overlay_test.c create mode 100644 include/kunit/clk.h create mode 100644 include/kunit/of.h create mode 100644 include/kunit/platform_device.h create mode 100644 lib/kunit/platform-test.c create mode 100644 lib/kunit/platform.c base-commit: 1613e604df0cd359cf2a7fbd9be7a0bcfacfabd0 -- https://git.kernel.org/pub/scm/linux/kernel/git/clk/linux.git/ https://git.kernel.org/pub/scm/linux/kernel/git/sboyd/spmi.git

21 hours, 26 minutes

3
30
0 0

[PATCH bpf-next v4 0/2] Support eliding map lookup nullness

by Daniel Xu

This patch allows progs to elide a null check on statically known map lookup keys. In other words, if the verifier can statically prove that the lookup will be in-bounds, allow the prog to drop the null check. This is useful for two reasons: 1. Large numbers of nullness checks (especially when they cannot fail) unnecessarily pushes prog towards BPF_COMPLEXITY_LIMIT_JMP_SEQ. 2. It forms a tighter contract between programmer and verifier. For (1), bpftrace is starting to make heavier use of percpu scratch maps. As a result, for user scripts with large number of unrolled loops, we are starting to hit jump complexity verification errors. These percpu lookups cannot fail anyways, as we only use static key values. Eliding nullness probably results in less work for verifier as well. For (2), percpu scratch maps are often used as a larger stack, as the currrent stack is limited to 512 bytes. In these situations, it is desirable for the programmer to express: "this lookup should never fail, and if it does, it means I messed up the code". By omitting the null check, the programmer can "ask" the verifier to double check the logic. Changes in v4: * Only allow for CAP_BPF * Add test for stack growing upwards * Improve comment about stack growing upwards Changes in v3: * Check if stack is (erroneously) growing upwards * Mention in commit message why existing tests needed change Changes in v2: * Added a check for when R2 is not a ptr to stack * Added a check for when stack is uninitialized (no stack slot yet) * Updated existing tests to account for null elision * Added test case for when R2 can be both const and non-const Daniel Xu (2): bpf: verifier: Support eliding map lookup nullness bpf: selftests: verifier: Add nullness elision tests kernel/bpf/verifier.c | 73 ++++++- tools/testing/selftests/bpf/progs/iters.c | 14 +- .../selftests/bpf/progs/map_kptr_fail.c | 2 +- .../bpf/progs/verifier_array_access.c | 183 ++++++++++++++++++ .../selftests/bpf/progs/verifier_map_in_map.c | 2 +- .../testing/selftests/bpf/verifier/map_kptr.c | 2 +- 6 files changed, 265 insertions(+), 11 deletions(-) -- 2.46.0

1 day, 1 hour

2
3
0 0

[PATCH] selftests: Makefile: create OUTPUT dir

by Anders Roxell

When cross building kselftest out-of-tree the following issue can be seen: [...] make[4]: Entering directory '/src/kernel/linux/tools/testing/selftests/net/lib' CC csum /usr/lib/gcc-cross/aarch64-linux-gnu/13/../../../../aarch64-linux-gnu/bin/ld: cannot open output file /tmp/build/kselftest/net/lib/csum: No such file or directory collect2: error: ld returned 1 exit status [...] Create the output build directory before building the targets, solves this issue with building 'net/lib/csum'. Suggested-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Anders Roxell <anders.roxell(a)linaro.org> --- tools/testing/selftests/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index b38199965f99..05c143bcff6a 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -261,6 +261,7 @@ ifdef INSTALL_PATH @ret=1; \ for TARGET in $(TARGETS) $(INSTALL_DEP_TARGETS); do \ BUILD_TARGET=$$BUILD/$$TARGET; \ + mkdir -p $$BUILD_TARGET; \ $(MAKE) OUTPUT=$$BUILD_TARGET -C $$TARGET install \ INSTALL_PATH=$(INSTALL_PATH)/$$TARGET \ SRC_PATH=$(shell readlink -e $$(pwd)) \ -- 2.45.2

1 day, 2 hours

3
5
0 0

[PATCH net-next] selftests: net: csum: Clean up recv_verify_packet_ipv6

by Sean Anderson

Rename ip_len to payload_len since the length in this case refers only to the payload, and not the entire IP packet like for IPv4. While we're at it, just use the variable directly when calling recv_verify_packet_udp/tcp. Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> --- tools/testing/selftests/net/lib/csum.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/net/lib/csum.c b/tools/testing/selftests/net/lib/csum.c index e0a34e5e8dd5..27437590eeb5 100644 --- a/tools/testing/selftests/net/lib/csum.c +++ b/tools/testing/selftests/net/lib/csum.c @@ -675,22 +675,20 @@ static int recv_verify_packet_ipv6(void *nh, int len) { struct ipv6hdr *ip6h = nh; uint16_t proto = cfg_encap ? IPPROTO_UDP : cfg_proto; - uint16_t ip_len; + uint16_t payload_len; if (len < sizeof(*ip6h) || ip6h->nexthdr != proto) return -1; - ip_len = ntohs(ip6h->payload_len); - if (ip_len > len - sizeof(*ip6h)) + payload_len = ntohs(ip6h->payload_len); + if (payload_len > len - sizeof(*ip6h)) return -1; - len = ip_len; iph_addr_p = &ip6h->saddr; - if (proto == IPPROTO_TCP) - return recv_verify_packet_tcp(ip6h + 1, len); + return recv_verify_packet_tcp(ip6h + 1, payload_len); else - return recv_verify_packet_udp(ip6h + 1, len); + return recv_verify_packet_udp(ip6h + 1, payload_len); } /* return whether auxdata includes TP_STATUS_CSUM_VALID */ -- 2.35.1.1320.gc452695387.dirty

1 day, 2 hours

3
4
0 0

[PATCH net-next] selftests: mlxsw: rtnetlink: Use devlink_reload() API

by Petr Machata

From: Amit Cohen <amcohen(a)nvidia.com> The test runs "devlink reload" explicitly. Instead, it is better to use devlink_reload() which waits for udev events to be processed. Do not sleep after reload, as devlink_reload() blocks until all the netdevs are renamed. Signed-off-by: Amit Cohen <amcohen(a)nvidia.com> Reviewed-by: Ido Schimmel <idosch(a)nvidia.com> Signed-off-by: Petr Machata <petrm(a)nvidia.com> --- tools/testing/selftests/drivers/net/mlxsw/rtnetlink.sh | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/drivers/net/mlxsw/rtnetlink.sh b/tools/testing/selftests/drivers/net/mlxsw/rtnetlink.sh index 893a693ad805..45a569618424 100755 --- a/tools/testing/selftests/drivers/net/mlxsw/rtnetlink.sh +++ b/tools/testing/selftests/drivers/net/mlxsw/rtnetlink.sh @@ -186,10 +186,7 @@ bridge_vlan_flags_test() # If we did not handle references correctly, then this should produce a # trace - devlink dev reload "$DEVLINK_DEV" - - # Allow netdevices to be re-created following the reload - sleep 20 + devlink_reload log_test "bridge vlan flags" } @@ -923,12 +920,9 @@ devlink_reload_test() # devlink reload can be performed without errors RET=0 - devlink dev reload "$DEVLINK_DEV" - check_err $? "devlink reload failed" + devlink_reload log_test "devlink reload - last test" - - sleep 20 } trap cleanup EXIT -- 2.45.0

1 day, 2 hours

2
1
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror October 2024