April 2024 - Linux-kselftest-mirror

by Sagi Shahar

Hello, This is v4 of the patch series for TDX selftests. It has been updated for Intel’s v17 of the TDX host patches which was proposed here: https://lore.kernel.org/all/cover.1699368322.git.isaku.yamahata@intel.com/ The tree can be found at: https://github.com/googleprodkernel/linux-cc/tree/tdx-selftests-rfc-v5 Changes from RFC v4: Added patch to propagate KVM_EXIT_MEMORY_FAULT to userspace. Minor tweaks to align the tests to the new TDX 1.5 spec such as changes in the expected values in TDG.VP.INFO. In RFCv5, TDX selftest code is organized into: + headers in tools/testing/selftests/kvm/include/x86_64/tdx/ + common code in tools/testing/selftests/kvm/lib/x86_64/tdx/ + selftests in tools/testing/selftests/kvm/x86_64/tdx_* Dependencies + Peter’s patches, which provide functions for the host to allocate and track protected memory in the guest. https://lore.kernel.org/all/20230110175057.715453-1-pgonda@google.com/ Further work for this patch series/TODOs + Sean’s comments for the non-confidential UPM selftests patch series at https://lore.kernel.org/lkml/Y8dC8WDwEmYixJqt@google.com/T/#u apply here as well + Add ucall support for TDX selftests I would also like to acknowledge the following people, who helped review or test patches in previous versions: + Sean Christopherson <seanjc(a)google.com> + Zhenzhong Duan <zhenzhong.duan(a)intel.com> + Peter Gonda <pgonda(a)google.com> + Andrew Jones <drjones(a)redhat.com> + Maxim Levitsky <mlevitsk(a)redhat.com> + Xiaoyao Li <xiaoyao.li(a)intel.com> + David Matlack <dmatlack(a)google.com> + Marc Orr <marcorr(a)google.com> + Isaku Yamahata <isaku.yamahata(a)gmail.com> + Maciej S. Szmigiero <maciej.szmigiero(a)oracle.com> Links to earlier patch series + RFC v1: https://lore.kernel.org/lkml/20210726183816.1343022-1-erdemaktas@google.com… + RFC v2: https://lore.kernel.org/lkml/20220830222000.709028-1-sagis@google.com/T/#u + RFC v3: https://lore.kernel.org/lkml/20230121001542.2472357-1-ackerleytng@google.co… + RFC v4: https://lore.kernel.org/lkml/20230725220132.2310657-1-afranji@google.com/ *** BLURB HERE *** Ackerley Tng (12): KVM: selftests: Add function to allow one-to-one GVA to GPA mappings KVM: selftests: Expose function that sets up sregs based on VM's mode KVM: selftests: Store initial stack address in struct kvm_vcpu KVM: selftests: Refactor steps in vCPU descriptor table initialization KVM: selftests: TDX: Use KVM_TDX_CAPABILITIES to validate TDs' attribute configuration KVM: selftests: TDX: Update load_td_memory_region for VM memory backed by guest memfd KVM: selftests: Add functions to allow mapping as shared KVM: selftests: Expose _vm_vaddr_alloc KVM: selftests: TDX: Add support for TDG.MEM.PAGE.ACCEPT KVM: selftests: TDX: Add support for TDG.VP.VEINFO.GET KVM: selftests: TDX: Add TDX UPM selftest KVM: selftests: TDX: Add TDX UPM selftests for implicit conversion Erdem Aktas (3): KVM: selftests: Add helper functions to create TDX VMs KVM: selftests: TDX: Add TDX lifecycle test KVM: selftests: TDX: Adding test case for TDX port IO Roger Wang (1): KVM: selftests: TDX: Add TDG.VP.INFO test Ryan Afranji (2): KVM: selftests: TDX: Verify the behavior when host consumes a TD private memory KVM: selftests: TDX: Add shared memory test Sagi Shahar (11): KVM: selftests: TDX: Add report_fatal_error test KVM: selftests: TDX: Add basic TDX CPUID test KVM: selftests: TDX: Add basic get_td_vmcall_info test KVM: selftests: TDX: Add TDX IO writes test KVM: selftests: TDX: Add TDX IO reads test KVM: selftests: TDX: Add TDX MSR read/write tests KVM: selftests: TDX: Add TDX HLT exit test KVM: selftests: TDX: Add TDX MMIO reads test KVM: selftests: TDX: Add TDX MMIO writes test KVM: selftests: TDX: Add TDX CPUID TDVMCALL test KVM: selftests: Propagate KVM_EXIT_MEMORY_FAULT to userspace tools/testing/selftests/kvm/Makefile | 8 + .../selftests/kvm/include/kvm_util_base.h | 30 + .../selftests/kvm/include/x86_64/processor.h | 4 + .../kvm/include/x86_64/tdx/td_boot.h | 82 + .../kvm/include/x86_64/tdx/td_boot_asm.h | 16 + .../selftests/kvm/include/x86_64/tdx/tdcall.h | 59 + .../selftests/kvm/include/x86_64/tdx/tdx.h | 65 + .../kvm/include/x86_64/tdx/tdx_util.h | 19 + .../kvm/include/x86_64/tdx/test_util.h | 164 ++ tools/testing/selftests/kvm/lib/kvm_util.c | 101 +- .../selftests/kvm/lib/x86_64/processor.c | 77 +- .../selftests/kvm/lib/x86_64/tdx/td_boot.S | 101 ++ .../selftests/kvm/lib/x86_64/tdx/tdcall.S | 158 ++ .../selftests/kvm/lib/x86_64/tdx/tdx.c | 262 ++++ .../selftests/kvm/lib/x86_64/tdx/tdx_util.c | 558 +++++++ .../selftests/kvm/lib/x86_64/tdx/test_util.c | 101 ++ .../kvm/x86_64/tdx_shared_mem_test.c | 135 ++ .../selftests/kvm/x86_64/tdx_upm_test.c | 469 ++++++ .../selftests/kvm/x86_64/tdx_vm_tests.c | 1319 +++++++++++++++++ 19 files changed, 3693 insertions(+), 35 deletions(-) create mode 100644 tools/testing/selftests/kvm/include/x86_64/tdx/td_boot.h create mode 100644 tools/testing/selftests/kvm/include/x86_64/tdx/td_boot_asm.h create mode 100644 tools/testing/selftests/kvm/include/x86_64/tdx/tdcall.h create mode 100644 tools/testing/selftests/kvm/include/x86_64/tdx/tdx.h create mode 100644 tools/testing/selftests/kvm/include/x86_64/tdx/tdx_util.h create mode 100644 tools/testing/selftests/kvm/include/x86_64/tdx/test_util.h create mode 100644 tools/testing/selftests/kvm/lib/x86_64/tdx/td_boot.S create mode 100644 tools/testing/selftests/kvm/lib/x86_64/tdx/tdcall.S create mode 100644 tools/testing/selftests/kvm/lib/x86_64/tdx/tdx.c create mode 100644 tools/testing/selftests/kvm/lib/x86_64/tdx/tdx_util.c create mode 100644 tools/testing/selftests/kvm/lib/x86_64/tdx/test_util.c create mode 100644 tools/testing/selftests/kvm/x86_64/tdx_shared_mem_test.c create mode 100644 tools/testing/selftests/kvm/x86_64/tdx_upm_test.c create mode 100644 tools/testing/selftests/kvm/x86_64/tdx_vm_tests.c -- 2.43.0.472.g3155946c3a-goog

1 day

10
102
0 0

[PATCH v2 00/25] Enable FRED with KVM VMX

by Xin Li

This patch set enables the Intel flexible return and event delivery (FRED) architecture with KVM VMX to allow guests to utilize FRED. The FRED architecture defines simple new transitions that change privilege level (ring transitions). The FRED architecture was designed with the following goals: 1) Improve overall performance and response time by replacing event delivery through the interrupt descriptor table (IDT event delivery) and event return by the IRET instruction with lower latency transitions. 2) Improve software robustness by ensuring that event delivery establishes the full supervisor context and that event return establishes the full user context. The new transitions defined by the FRED architecture are FRED event delivery and, for returning from events, two FRED return instructions. FRED event delivery can effect a transition from ring 3 to ring 0, but it is used also to deliver events incident to ring 0. One FRED instruction (ERETU) effects a return from ring 0 to ring 3, while the other (ERETS) returns while remaining in ring 0. Collectively, FRED event delivery and the FRED return instructions are FRED transitions. Intel VMX architecture is extended to run FRED guests, and the major changes are: 1) New VMCS fields for FRED context management, which includes two new event data VMCS fields, eight new guest FRED context VMCS fields and eight new host FRED context VMCS fields. 2) VMX nested-exception support for proper virtualization of stack levels introduced with FRED architecture. Search for the latest FRED spec in most search engines with this search pattern: site:intel.com FRED (flexible return and event delivery) specification As the native FRED patches are committed in the tip tree "x86/fred" branch: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/log/?h=x86/fred, and we have received a good amount of review comments for v1, it's time to send out v2 based on this branch for further help from the community. Patch 1-2 are cleanups to VMX basic and misc MSRs, which were sent out earlier as a preparation for FRED changes: https://lore.kernel.org/kvm/20240206182032.1596-1-xin3.li@intel.com/T/#u Patch 3-15 add FRED support to VMX. Patch 16-21 add FRED support to nested VMX. Patch 22 exposes FRED and its baseline features to KVM guests. Patch 23-25 add FRED selftests. There is also a counterpart qemu patch set for FRED at: https://lore.kernel.org/qemu-devel/20231109072012.8078-1-xin3.li@intel.com/…, which works with this patch set to allow KVM to run FRED guests. Changes since v1: * Always load the secondary VM exit controls (Sean Christopherson). * Remove FRED VM entry/exit controls consistency checks in setup_vmcs_config() (Sean Christopherson). * Clear FRED VM entry/exit controls if FRED is not enumerated (Chao Gao). * Use guest_can_use() to trace FRED enumeration in a vcpu (Chao Gao). * Enable FRED MSRs intercept if FRED is no longer enumerated in CPUID (Chao Gao). * Move guest FRED states init into __vmx_vcpu_reset() (Chao Gao). * Don't use guest_cpuid_has() in vmx_prepare_switch_to_{host,guest}(), which are called from IRQ-disabled context (Chao Gao). * Reset msr_guest_fred_rsp0 in __vmx_vcpu_reset() (Chao Gao). * Fail host requested FRED MSRs access if KVM cannot virtualize FRED (Chao Gao). * Handle the case FRED MSRs are valid but KVM cannot virtualize FRED (Chao Gao). * Add sanity checks when writing to FRED MSRs. * Explain why it is ok to only check CR4.FRED in kvm_is_fred_enabled() (Chao Gao). * Document event data should be equal to CR2/DR6/IA32_XFD_ERR instead of using WARN_ON() (Chao Gao). * Zero event data if a #NM was not caused by extended feature disable (Chao Gao). * Set the nested flag when there is an original interrupt (Chao Gao). * Dump guest FRED states only if guest has FRED enabled (Nikolay Borisov). * Add a prerequisite to SHADOW_FIELD_R[OW] macros * Remove hyperv TLFS related changes (Jeremi Piotrowski). * Use kvm_cpu_cap_has() instead of cpu_feature_enabled() to decouple KVM's capability to virtualize a feature and host's enabling of a feature (Chao Gao). Xin Li (25): KVM: VMX: Cleanup VMX basic information defines and usages KVM: VMX: Cleanup VMX misc information defines and usages KVM: VMX: Add support for the secondary VM exit controls KVM: x86: Mark CR4.FRED as not reserved KVM: VMX: Initialize FRED VM entry/exit controls in vmcs_config KVM: VMX: Defer enabling FRED MSRs save/load until after set CPUID KVM: VMX: Set intercept for FRED MSRs KVM: VMX: Initialize VMCS FRED fields KVM: VMX: Switch FRED RSP0 between host and guest KVM: VMX: Add support for FRED context save/restore KVM: x86: Add kvm_is_fred_enabled() KVM: VMX: Handle FRED event data KVM: VMX: Handle VMX nested exception for FRED KVM: VMX: Disable FRED if FRED consistency checks fail KVM: VMX: Dump FRED context in dump_vmcs() KVM: VMX: Invoke vmx_set_cpu_caps() before nested setup KVM: nVMX: Add support for the secondary VM exit controls KVM: nVMX: Add a prerequisite to SHADOW_FIELD_R[OW] macros KVM: nVMX: Add FRED VMCS fields KVM: nVMX: Add support for VMX FRED controls KVM: nVMX: Add VMCS FRED states checking KVM: x86: Allow FRED/LKGS/WRMSRNS to be exposed to guests KVM: selftests: Run debug_regs test with FRED enabled KVM: selftests: Add a new VM guest mode to run user level code KVM: selftests: Add fred exception tests Documentation/virt/kvm/x86/nested-vmx.rst | 19 + arch/x86/include/asm/kvm_host.h | 8 +- arch/x86/include/asm/msr-index.h | 15 +- arch/x86/include/asm/vmx.h | 59 ++- arch/x86/kvm/cpuid.c | 4 +- arch/x86/kvm/governed_features.h | 1 + arch/x86/kvm/kvm_cache_regs.h | 17 + arch/x86/kvm/svm/svm.c | 4 +- arch/x86/kvm/vmx/capabilities.h | 30 +- arch/x86/kvm/vmx/nested.c | 329 ++++++++++++--- arch/x86/kvm/vmx/nested.h | 2 +- arch/x86/kvm/vmx/vmcs.h | 1 + arch/x86/kvm/vmx/vmcs12.c | 19 + arch/x86/kvm/vmx/vmcs12.h | 38 ++ arch/x86/kvm/vmx/vmcs_shadow_fields.h | 80 ++-- arch/x86/kvm/vmx/vmx.c | 385 +++++++++++++++--- arch/x86/kvm/vmx/vmx.h | 15 +- arch/x86/kvm/x86.c | 103 ++++- arch/x86/kvm/x86.h | 5 +- tools/testing/selftests/kvm/Makefile | 1 + .../selftests/kvm/include/kvm_util_base.h | 1 + .../selftests/kvm/include/x86_64/processor.h | 36 ++ tools/testing/selftests/kvm/lib/kvm_util.c | 5 +- .../selftests/kvm/lib/x86_64/processor.c | 15 +- tools/testing/selftests/kvm/lib/x86_64/vmx.c | 4 +- .../testing/selftests/kvm/x86_64/debug_regs.c | 50 ++- .../testing/selftests/kvm/x86_64/fred_test.c | 297 ++++++++++++++ 27 files changed, 1320 insertions(+), 223 deletions(-) create mode 100644 tools/testing/selftests/kvm/x86_64/fred_test.c base-commit: e13841907b8fda0ae0ce1ec03684665f578416a8 -- 2.43.0

5 days, 5 hours

7
86
0 0

[PATCH v2] selftests: x86: conform test to TAP format output

by Muhammad Usama Anjum

Conform the layout, informational and status messages to TAP. No functional change is intended other than the layout of output messages. Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- Changes since v1: - No changes, sending it again as got no response on v1 even after weeks --- tools/testing/selftests/x86/vdso_restorer.c | 29 +++++++++------------ 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/tools/testing/selftests/x86/vdso_restorer.c b/tools/testing/selftests/x86/vdso_restorer.c index fe99f24341554..f621167424a9c 100644 --- a/tools/testing/selftests/x86/vdso_restorer.c +++ b/tools/testing/selftests/x86/vdso_restorer.c @@ -21,6 +21,7 @@ #include <unistd.h> #include <syscall.h> #include <sys/syscall.h> +#include "../kselftest.h" /* Open-code this -- the headers are too messy to easily use them. */ struct real_sigaction { @@ -44,17 +45,19 @@ static void handler_without_siginfo(int sig) int main() { - int nerrs = 0; struct real_sigaction sa; + ksft_print_header(); + ksft_set_plan(2); + void *vdso = dlopen("linux-vdso.so.1", RTLD_LAZY | RTLD_LOCAL | RTLD_NOLOAD); if (!vdso) vdso = dlopen("linux-gate.so.1", RTLD_LAZY | RTLD_LOCAL | RTLD_NOLOAD); if (!vdso) { - printf("[SKIP]\tFailed to find vDSO. Tests are not expected to work.\n"); - return 0; + ksft_print_msg("[SKIP]\tFailed to find vDSO. Tests are not expected to work.\n"); + return KSFT_SKIP; } memset(&sa, 0, sizeof(sa)); @@ -62,21 +65,16 @@ int main() sa.flags = SA_SIGINFO; sa.restorer = NULL; /* request kernel-provided restorer */ - printf("[RUN]\tRaise a signal, SA_SIGINFO, sa.restorer == NULL\n"); + ksft_print_msg("Raise a signal, SA_SIGINFO, sa.restorer == NULL\n"); if (syscall(SYS_rt_sigaction, SIGUSR1, &sa, NULL, 8) != 0) err(1, "raw rt_sigaction syscall"); raise(SIGUSR1); - if (handler_called) { - printf("[OK]\tSA_SIGINFO handler returned successfully\n"); - } else { - printf("[FAIL]\tSA_SIGINFO handler was not called\n"); - nerrs++; - } + ksft_test_result(handler_called, "SA_SIGINFO handler returned\n"); - printf("[RUN]\tRaise a signal, !SA_SIGINFO, sa.restorer == NULL\n"); + ksft_print_msg("Raise a signal, !SA_SIGINFO, sa.restorer == NULL\n"); sa.flags = 0; sa.handler = handler_without_siginfo; @@ -86,10 +84,7 @@ int main() raise(SIGUSR1); - if (handler_called) { - printf("[OK]\t!SA_SIGINFO handler returned successfully\n"); - } else { - printf("[FAIL]\t!SA_SIGINFO handler was not called\n"); - nerrs++; - } + ksft_test_result(handler_called, "SA_SIGINFO handler returned\n"); + + ksft_finished(); } -- 2.39.2

2 weeks

2
7
0 0

[PATCH 0/4] selftest: x86: conform tests to TAP format output

by Muhammad Usama Anjum

In this series, 4 tests are being conformed to TAP. Muhammad Usama Anjum (4): selftests: x86: check_initial_reg_state: conform test to TAP format output selftests: x86: corrupt_xstate_header: conform test to TAP format output selftests: fsgsbase_restore: conform test to TAP format output selftests: entry_from_vm86: conform test to TAP format output .../selftests/x86/check_initial_reg_state.c | 24 ++-- .../selftests/x86/corrupt_xstate_header.c | 30 +++-- tools/testing/selftests/x86/entry_from_vm86.c | 109 ++++++++-------- .../testing/selftests/x86/fsgsbase_restore.c | 117 +++++++++--------- 4 files changed, 139 insertions(+), 141 deletions(-) -- 2.39.2

2 weeks, 1 day

2
13
0 0

[RFC] ktap_v2: KTAP specification transition method

by Frank Rowand

In the middle of the thread about a patch to add the skip test result, I suggested documenting the process of deprecating the KTAP v1 Specification method of marking a skipped test: https://lore.kernel.org/all/490271eb-1429-2217-6e38-837c6e5e328b@gmail.com/… In a reply to that email I suggested that we ought to have a process to transition the KTAP Specification from v1 to v2, and possibly v3 and future. This email is meant to be the root of that discussion. My initial thinking is that there are at least three different types of project and/or community that may have different needs in this area. Type 1 - project controls both the test output generation and the test output parsing tool. Both generation and parsing code are in the same repository and/or synchronized versions are distributed together. Devicetree unittests are an example of Type 1. I plan to maintain changes of test output to KTAP v2 format in coordination with updating the parser to process KTAP v2 data. Type 2 - project controls both the test output generation and the test output parsing tool. The test output generation and a parser modifications may be controlled by the project BUT there are one or more external testing projects that (1) may have their own parsers, and (2) may have a single framework that tests multiple versions of the tests. I think that kselftest and kunit tests are probably examples of Type 2. I also think that DT unittests will become a Type 2 project as a result of converting to KTAP v2 data. Type 3 - project may create and maintain some tests, but is primarily a consumer of tests created by other projects. Type 3 projects typically have a single framework that is able to execute and process multiple versions of the tests. The Fuego test project is an example of Type 3. Maybe adding all of this complexity of different Types in my initial thinking was silly -- maybe everything in this topic is governed by the more complex Type 3. My thinking was that the three different Types of project would be impacted in different ways by transition plans. Type 3 would be the most impacted, so I wanted to be sure that any transition plan especially considered their needs. There is an important aspect of the KTAP format that might ease the transition from one version to another: All KTAP formatted results begin with a "version line", so as soon as a parser has processed the first line of a test, it can apply the appropriate KTAP Specification version to all subsequent lines of test output. A parser implementation could choose to process all versions, could choose to invoke a version specific parser, or some other approach all together. In the "add skip test results" thread, I suggested deprecating the v1 method of marking a skipped test in v2, with a scheduled removal of the v1 method in v3. But since the KTAP format version is available in the very first line of test output, is it necessary to do a slow deprecation and removal over two versions? One argument to doing a two version deprecation/removal process is that a parser that is one version older the the test output _might_ be able to process the test output without error, but would not be able to take advantage of features added in the newer version of the Specification. My opinion is that a two version deprecation/removal process will slow the Specification update process and lead to more versions of the Specification over a given time interval. A one version deprecation/removal process puts more of a burden on Type 3 projects and external parsers for Type 2 projects to implement parsers that can process the newer Specification more quickly and puts a burden on test maintainers to delay a move to the newer Specification, or possibly pressure to support selection of more than one Specification version format for output data. One additional item... On the KTAP Specification version 2 process wiki page, I suggested that it is "desirable for test result parsers that understand the KTAP Specification version 2 data also be able to parse version 1 data." With the implication "Converting version 1 compliant data to version 2 compliant data should not require a "flag day" switch of test result parsers." If this thread discussion results in a different decision, I will update the wiki. Thoughts? -Frank

2 weeks, 2 days

3
2
0 0

[PATCH] selftests: tpm2: conform test to TAP output

by Muhammad Usama Anjum

The python unittest is being used for executing tests. TAP output cannot be added in the unittest framework. The python unittest is being run from a script. Add the output TAP logs to the script. Add "#" prefix to the python unittest output which will mark all output as informational TAP messages. Check exit status of the python unittest to decide if test passed or failed. Not sure why but python unittest outputs logs in stderr. So redirect the logs to stdout and then add prefix. Specify the bash explicitly instead of sh to run these tests as all of the kselftests are shifting towards using bash explicitly. Some interpreters have different syntax and cause issues. Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- tools/testing/selftests/tpm2/test_async.sh | 24 ++++++++++++++++------ tools/testing/selftests/tpm2/test_smoke.sh | 19 ++++++++++++++--- tools/testing/selftests/tpm2/test_space.sh | 19 ++++++++++++++--- 3 files changed, 50 insertions(+), 12 deletions(-) diff --git a/tools/testing/selftests/tpm2/test_async.sh b/tools/testing/selftests/tpm2/test_async.sh index 43bf5bd772fd4..0e6e5d9d649fb 100755 --- a/tools/testing/selftests/tpm2/test_async.sh +++ b/tools/testing/selftests/tpm2/test_async.sh @@ -1,10 +1,22 @@ -#!/bin/sh +#!/bin/bash # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) -# Kselftest framework requirement - SKIP code is 4. -ksft_skip=4 +DIR="$(dirname $(readlink -f "$0"))" +source "${DIR}"/../kselftest/ktap_helpers.sh -[ -e /dev/tpm0 ] || exit $ksft_skip -[ -e /dev/tpmrm0 ] || exit $ksft_skip +ktap_print_header -python3 -m unittest -v tpm2_tests.AsyncTest +[ -e /dev/tpm0 ] || ktap_finished +[ -e /dev/tpmrm0 ] || ktap_finished + +ktap_set_plan 1 + +python3 -m unittest -v tpm2_tests.AsyncTest 2>&1 | sed "s/^/# /" + +if [ ${PIPESTATUS[0]} -eq $ksft_pass ]; then + ktap_test_pass "tpm2_tests.AsyncTest" +else + ktap_test_fail "tpm2_tests.AsyncTest" +fi + +ktap_finished diff --git a/tools/testing/selftests/tpm2/test_smoke.sh b/tools/testing/selftests/tpm2/test_smoke.sh index 58af963e5b55a..2219a180de91d 100755 --- a/tools/testing/selftests/tpm2/test_smoke.sh +++ b/tools/testing/selftests/tpm2/test_smoke.sh @@ -1,9 +1,22 @@ -#!/bin/sh +#!/bin/bash # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) # Kselftest framework requirement - SKIP code is 4. -ksft_skip=4 +DIR="$(dirname $(readlink -f "$0"))" +source "${DIR}"/../kselftest/ktap_helpers.sh + +ktap_print_header [ -e /dev/tpm0 ] || exit $ksft_skip -python3 -m unittest -v tpm2_tests.SmokeTest +ktap_set_plan 1 + +python3 -m unittest -v tpm2_tests.SmokeTest 2>&1 | sed "s/^/# /" + +if [ ${PIPESTATUS[0]} -eq $ksft_pass ]; then + ktap_test_pass "tpm2_tests.AsyncTest" +else + ktap_test_fail "tpm2_tests.AsyncTest" +fi + +ktap_finished diff --git a/tools/testing/selftests/tpm2/test_space.sh b/tools/testing/selftests/tpm2/test_space.sh index 04c47b13fe8ac..6a55d13d74983 100755 --- a/tools/testing/selftests/tpm2/test_space.sh +++ b/tools/testing/selftests/tpm2/test_space.sh @@ -1,9 +1,22 @@ -#!/bin/sh +#!/bin/bash # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) # Kselftest framework requirement - SKIP code is 4. -ksft_skip=4 +DIR="$(dirname $(readlink -f "$0"))" +source "${DIR}"/../kselftest/ktap_helpers.sh + +ktap_print_header [ -e /dev/tpmrm0 ] || exit $ksft_skip -python3 -m unittest -v tpm2_tests.SpaceTest +ktap_set_plan 1 + +python3 -m unittest -v tpm2_tests.SpaceTest 2>&1 | sed "s/^/# /" + +if [ ${PIPESTATUS[0]} -eq $ksft_pass ]; then + ktap_test_pass "tpm2_tests.AsyncTest" +else + ktap_test_fail "tpm2_tests.AsyncTest" +fi + +ktap_finished -- 2.39.2

3 weeks, 4 days

2
3
0 0

[PATCH 0/3] tools/nolibc: implement strerror()

by Thomas Weißschuh

Adds a simple implementation of strerror() and makes use of it in kselftests. Shuah, could you Ack patch 3? Willy, this should work *without* your Ack. Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- Thomas Weißschuh (3): selftests/nolibc: introduce condition to run tests only on nolibc tools/nolibc: implement strerror() selftests: kselftest: also use strerror() on nolibc tools/include/nolibc/stdio.h | 10 ++++++++ tools/testing/selftests/kselftest.h | 8 ------- tools/testing/selftests/nolibc/nolibc-test.c | 36 ++++++++++++++++++---------- 3 files changed, 33 insertions(+), 21 deletions(-) --- base-commit: a3063ba97f31e0364379a3ffc567203e3f79e877 change-id: 20240425-nolibc-strerror-67f4bfa03035 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

4 weeks

2
8
0 0

[PATCH v4 00/14] security: digest_cache LSM

by Roberto Sassu

From: Roberto Sassu <roberto.sassu(a)huawei.com> Integrity detection and protection has long been a desirable feature, to reach a large user base and mitigate the risk of flaws in the software and attacks. However, while solutions exist, they struggle to reach the large user base, due to requiring higher than desired constraints on performance, flexibility and configurability, that only security conscious people are willing to accept. This is where the new digest_cache LSM comes into play, it offers additional support for new and existing integrity solutions, to make them faster and easier to deploy. The full documentation with the motivation and the solution details can be found in patch 14. The IMA integration patch set will be introduced separately. Also a PoC based on the current version of IPE can be provided. v3: - Rewrite documentation, and remove the installation instructions since they are now included in the README of digest-cache-tools - Add digest cache event notifier - Drop digest_cache_was_reset(), and send instead to asynchronous notifications - Fix digest_cache LSM Kconfig style issues (suggested by Randy Dunlap) - Propagate digest cache reset to directory entries - Destroy per directory entry mutex - Introduce RESET_USER bit, to clear the dig_user pointer on set/removexattr - Replace 'file content' with 'file data' (suggested by Mimi) - Introduce per digest cache mutex and replace verif_data_lock spinlock - Track changes of security.digest_list xattr - Stop tracking file_open and use file_release instead also for file writes - Add error messages in digest_cache_create() - Load/unload testing kernel module automatically during execution of test - Add tests for digest cache event notifier - Add test for ftruncate() - Remove DIGEST_CACHE_RESET_PREFETCH_BUF command in test and clear the buffer on read instead v2: - Include the TLV parser in this patch set (from user asymmetric keys and signatures) - Move from IMA and make an independent LSM - Remove IMA-specific stuff from this patch set - Add per algorithm hash table - Expect all digest lists to be in the same directory and allow changing the default directory - Support digest lookup on directories, when there is no security.digest_list xattr - Add seq num to digest list file name, to impose ordering on directory iteration - Add a new data type DIGEST_LIST_ENTRY_DATA for the nested data in the tlv digest list format - Add the concept of verification data attached to digest caches - Add the reset mechanism to track changes on digest lists and directory containing the digest lists - Add kernel selftests v1: - Add documentation in Documentation/security/integrity-digest-cache.rst - Pass the mask of IMA actions to digest_cache_alloc() - Add a reference count to the digest cache - Remove the path parameter from digest_cache_get(), and rely on the reference count to avoid the digest cache disappearing while being used - Rename the dentry_to_check parameter of digest_cache_get() to dentry - Rename digest_cache_get() to digest_cache_new() and add digest_cache_get() to set the digest cache in the iint of the inode for which the digest cache was requested - Add dig_owner and dig_user to the iint, to distinguish from which inode the digest cache was created from, and which is using it; consequently it makes the digest cache usable to measure/appraise other digest caches (support not yet enabled) - Add dig_owner_mutex and dig_user_mutex to serialize accesses to dig_owner and dig_user until they are initialized - Enforce strong synchronization and make the contenders wait until dig_owner and dig_user are assigned to the iint the first time - Move checking IMA actions on the digest list earlier, and fail if no action were performed (digest cache not usable) - Remove digest_cache_put(), not needed anymore with the introduction of the reference count - Fail immediately in digest_cache_lookup() if the digest algorithm is not set in the digest cache - Use 64 bit mask for IMA actions on the digest list instead of 8 bit - Return NULL in the inline version of digest_cache_get() - Use list_add_tail() instead of list_add() in the iterator - Copy the digest list path to a separate buffer in digest_cache_iter_dir() - Use digest list parsers verified with Frama-C - Explicitly disable (for now) the possibility in the IMA policy to use the digest cache to measure/appraise other digest lists - Replace exit(<value>) with return <value> in manage_digest_lists.c Roberto Sassu (14): lib: Add TLV parser security: Introduce the digest_cache LSM digest_cache: Add securityfs interface digest_cache: Add hash tables and operations digest_cache: Populate the digest cache from a digest list digest_cache: Parse tlv digest lists digest_cache: Parse rpm digest lists digest_cache: Add management of verification data digest_cache: Add support for directories digest cache: Prefetch digest lists if requested digest_cache: Reset digest cache on file/directory change digest_cache: Notify digest cache events selftests/digest_cache: Add selftests for digest_cache LSM docs: Add documentation of the digest_cache LSM Documentation/security/digest_cache.rst | 763 ++++++++++++++++ Documentation/security/index.rst | 1 + MAINTAINERS | 16 + include/linux/digest_cache.h | 117 +++ include/linux/kernel_read_file.h | 1 + include/linux/tlv_parser.h | 28 + include/uapi/linux/lsm.h | 1 + include/uapi/linux/tlv_digest_list.h | 72 ++ include/uapi/linux/tlv_parser.h | 59 ++ include/uapi/linux/xattr.h | 6 + lib/Kconfig | 3 + lib/Makefile | 3 + lib/tlv_parser.c | 214 +++++ lib/tlv_parser.h | 17 + security/Kconfig | 11 +- security/Makefile | 1 + security/digest_cache/Kconfig | 33 + security/digest_cache/Makefile | 11 + security/digest_cache/dir.c | 252 ++++++ security/digest_cache/htable.c | 268 ++++++ security/digest_cache/internal.h | 290 +++++++ security/digest_cache/main.c | 570 ++++++++++++ security/digest_cache/modsig.c | 66 ++ security/digest_cache/notifier.c | 135 +++ security/digest_cache/parsers/parsers.h | 15 + security/digest_cache/parsers/rpm.c | 223 +++++ security/digest_cache/parsers/tlv.c | 299 +++++++ security/digest_cache/populate.c | 163 ++++ security/digest_cache/reset.c | 235 +++++ security/digest_cache/secfs.c | 87 ++ security/digest_cache/verif.c | 119 +++ security/security.c | 3 +- tools/testing/selftests/Makefile | 1 + .../testing/selftests/digest_cache/.gitignore | 3 + tools/testing/selftests/digest_cache/Makefile | 24 + .../testing/selftests/digest_cache/all_test.c | 815 ++++++++++++++++++ tools/testing/selftests/digest_cache/common.c | 78 ++ tools/testing/selftests/digest_cache/common.h | 135 +++ .../selftests/digest_cache/common_user.c | 47 + .../selftests/digest_cache/common_user.h | 17 + tools/testing/selftests/digest_cache/config | 1 + .../selftests/digest_cache/generators.c | 248 ++++++ .../selftests/digest_cache/generators.h | 19 + .../selftests/digest_cache/testmod/Makefile | 16 + .../selftests/digest_cache/testmod/kern.c | 564 ++++++++++++ .../selftests/lsm/lsm_list_modules_test.c | 3 + 46 files changed, 6047 insertions(+), 6 deletions(-) create mode 100644 Documentation/security/digest_cache.rst create mode 100644 include/linux/digest_cache.h create mode 100644 include/linux/tlv_parser.h create mode 100644 include/uapi/linux/tlv_digest_list.h create mode 100644 include/uapi/linux/tlv_parser.h create mode 100644 lib/tlv_parser.c create mode 100644 lib/tlv_parser.h create mode 100644 security/digest_cache/Kconfig create mode 100644 security/digest_cache/Makefile create mode 100644 security/digest_cache/dir.c create mode 100644 security/digest_cache/htable.c create mode 100644 security/digest_cache/internal.h create mode 100644 security/digest_cache/main.c create mode 100644 security/digest_cache/modsig.c create mode 100644 security/digest_cache/notifier.c create mode 100644 security/digest_cache/parsers/parsers.h create mode 100644 security/digest_cache/parsers/rpm.c create mode 100644 security/digest_cache/parsers/tlv.c create mode 100644 security/digest_cache/populate.c create mode 100644 security/digest_cache/reset.c create mode 100644 security/digest_cache/secfs.c create mode 100644 security/digest_cache/verif.c create mode 100644 tools/testing/selftests/digest_cache/.gitignore create mode 100644 tools/testing/selftests/digest_cache/Makefile create mode 100644 tools/testing/selftests/digest_cache/all_test.c create mode 100644 tools/testing/selftests/digest_cache/common.c create mode 100644 tools/testing/selftests/digest_cache/common.h create mode 100644 tools/testing/selftests/digest_cache/common_user.c create mode 100644 tools/testing/selftests/digest_cache/common_user.h create mode 100644 tools/testing/selftests/digest_cache/config create mode 100644 tools/testing/selftests/digest_cache/generators.c create mode 100644 tools/testing/selftests/digest_cache/generators.h create mode 100644 tools/testing/selftests/digest_cache/testmod/Makefile create mode 100644 tools/testing/selftests/digest_cache/testmod/kern.c -- 2.34.1

1 month

6
57
0 0

[RFC PATCH v2 0/2] Add a test to verify device probing on ACPI platforms

by Laura Nao

Hello, This v2 addresses some issues observed when running the ACPI probe kselftest proposed in v1[1] across various devices and improves the overall reliability of the test. The acpi-extract-ids script has been improved to: - Parse both .c and .h files - Add an option to print only IDs matched by a driver (i.e. defined in an ACPI match tables or in lists of IDs provided by the drivers) The test_unprobed_devices.sh script relies on sysfs information to determine if a device was successfully bound to a driver. Not all devices listed in /sys/devices are expected to have a driver folder, so the script has been adjusted to handle these cases and avoid generating false negatives. The test_unprobed_devices.sh test script logic has been modified to: - Check the status attribute (when available) to exclusively test hardware devices that are physically present, enabled and operational - Traverse only ACPI objects with a physical_node* link, to ensure testing of correctly enumerated devices - Skip devices whose HID or CID are not matched by any driver, as determined by the list generated through the acpi-extract-ids script - Skip devices with HID or CID listed in the ignored IDs list. This list has been added to contain IDs of devices that don't require a driver or cannot be represented as platform devices (e.g. ACPI container and module devices). - Skip devices that are natively enumerated and don't need a driver, such as certain PCI bridges - Skip devices unassigned to any subsystem, devices linked to other devices and class devices Some of the heuristics used by the script are suboptimal and might require adjustments over time. This kind of tests would greatly benefit from a dedicated interface that exposes information about devices expected to be matched by drivers and their probe status. Discussion regarding this matter was initiated in v1. As of now, I have not identified a suitable method for exposing this information; I plan on submitting a separate RFC to propose some options and engage in discussion. Meanwhile, this v2 focuses on utilizing already available information to provide an ACPI equivalent of the existing DT kselftest [2]. Adding in CC the people involved in the discussion at Plumbers [3], feel free to add anyone that might be interested in this. This series depends on: - https://lore.kernel.org/all/20240102141528.169947-1-laura.nao@collabora.com… - https://lore.kernel.org/all/20240131-ktap-sh-helpers-extend-v1-0-98ffb46871… Thanks, Laura [1] https://lore.kernel.org/all/20230925155806.1812249-2-laura.nao@collabora.co… [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/too… [3] https://www.youtube.com/watch?v=oE73eVSyFXQ&t=9377s Original cover letter: Regressions that prevent a driver from probing a device can significantly affect the functionality of a platform. A kselftest to verify if devices on a DT-based platform are probed correctly was recently introduced [4], but no such generic test is available for ACPI platforms yet. bootrr [5] provides device probe testing, but relies on a pre-defined list of the peripherals present on each DUT. On ACPI based hardware, a complete description of the platform is provided to the OS by the system firmware. ACPI namespace objects are mapped by the Linux ACPI subsystem into a device tree in /sys/devices/LNXSYSTEM:00; the information in this subtree can be parsed to build a list of the hw peripherals present on the DUT dynamically. This series adds a test to verify if the devices declared in the ACPI namespace and supported by the kernel are probed correctly. This work follows a similar approach to [4], adapted for the ACPI use case. The first patch introduces a script that builds a list of all ACPI device IDs supported by the kernel, by inspecting the acpi_device_id structs in the sources. This list can be used to avoid testing ACPI-enumerated devices that don't have a matching driver in the kernel. This script was highly inspired by the dt-extract-compatibles script [6]. In the second patch, a new kselftest is added. It parses the /sys/devices/LNXSYSTEM:00 tree to obtain a list of all platform peripherals and verifies which of those, if supported, are correctly bound to a driver. Feedback is much appreciated, Thank you, Laura [4] https://lore.kernel.org/all/20230828211424.2964562-1-nfraprado@collabora.co… [5] https://github.com/kernelci/bootr [6] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/scr… Laura Nao (2): acpi: Add script to extract ACPI device ids in the kernel kselftest: Add test to detect unprobed devices on ACPI platforms MAINTAINERS | 2 + scripts/acpi/acpi-extract-ids | 99 +++++++++++++ tools/testing/selftests/Makefile | 1 + tools/testing/selftests/acpi/.gitignore | 1 + tools/testing/selftests/acpi/Makefile | 21 +++ tools/testing/selftests/acpi/id_ignore_list | 3 + .../selftests/acpi/test_unprobed_devices.sh | 138 ++++++++++++++++++ 7 files changed, 265 insertions(+) create mode 100755 scripts/acpi/acpi-extract-ids create mode 100644 tools/testing/selftests/acpi/.gitignore create mode 100644 tools/testing/selftests/acpi/Makefile create mode 100644 tools/testing/selftests/acpi/id_ignore_list create mode 100755 tools/testing/selftests/acpi/test_unprobed_devices.sh -- 2.30.2

1 month, 2 weeks

1
3
0 0

[PATCH bpf-next v3 00/11] Add check for bpf lsm return value

by Xu Kuohai

From: Xu Kuohai <xukuohai(a)huawei.com> A bpf prog returning positive number attached to file_alloc_security hook will make kernel panic. Here is a panic log: [ 441.235774] BUG: kernel NULL pointer dereference, address: 00000000000009 [ 441.236748] #PF: supervisor write access in kernel mode [ 441.237429] #PF: error_code(0x0002) - not-present page [ 441.238119] PGD 800000000b02f067 P4D 800000000b02f067 PUD b031067 PMD 0 [ 441.238990] Oops: 0002 [#1] PREEMPT SMP PTI [ 441.239546] CPU: 0 PID: 347 Comm: loader Not tainted 6.8.0-rc6-gafe0cbf23373 #22 [ 441.240496] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b4 [ 441.241933] RIP: 0010:alloc_file+0x4b/0x190 [ 441.242485] Code: 8b 04 25 c0 3c 1f 00 48 8b b0 30 0c 00 00 e8 9c fe ff ff 48 3d 00 f0 ff fb [ 441.244820] RSP: 0018:ffffc90000c67c40 EFLAGS: 00010203 [ 441.245484] RAX: ffff888006a891a0 RBX: ffffffff8223bd00 RCX: 0000000035b08000 [ 441.246391] RDX: ffff88800b95f7b0 RSI: 00000000001fc110 RDI: f089cd0b8088ffff [ 441.247294] RBP: ffffc90000c67c58 R08: 0000000000000001 R09: 0000000000000001 [ 441.248209] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000001 [ 441.249108] R13: ffffc90000c67c78 R14: ffffffff8223bd00 R15: fffffffffffffff4 [ 441.250007] FS: 00000000005f3300(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000 [ 441.251053] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 441.251788] CR2: 00000000000001a9 CR3: 000000000bdc4003 CR4: 0000000000170ef0 [ 441.252688] Call Trace: [ 441.253011] <TASK> [ 441.253296] ? __die+0x24/0x70 [ 441.253702] ? page_fault_oops+0x15b/0x480 [ 441.254236] ? fixup_exception+0x26/0x330 [ 441.254750] ? exc_page_fault+0x6d/0x1c0 [ 441.255257] ? asm_exc_page_fault+0x26/0x30 [ 441.255792] ? alloc_file+0x4b/0x190 [ 441.256257] alloc_file_pseudo+0x9f/0xf0 [ 441.256760] __anon_inode_getfile+0x87/0x190 [ 441.257311] ? lock_release+0x14e/0x3f0 [ 441.257808] bpf_link_prime+0xe8/0x1d0 [ 441.258315] bpf_tracing_prog_attach+0x311/0x570 [ 441.258916] ? __pfx_bpf_lsm_file_alloc_security+0x10/0x10 [ 441.259605] __sys_bpf+0x1bb7/0x2dc0 [ 441.260070] __x64_sys_bpf+0x20/0x30 [ 441.260533] do_syscall_64+0x72/0x140 [ 441.261004] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 441.261643] RIP: 0033:0x4b0349 [ 441.262045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 88 [ 441.264355] RSP: 002b:00007fff74daee38 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 441.265293] RAX: ffffffffffffffda RBX: 00007fff74daef30 RCX: 00000000004b0349 [ 441.266187] RDX: 0000000000000040 RSI: 00007fff74daee50 RDI: 000000000000001c [ 441.267114] RBP: 000000000000001b R08: 00000000005ef820 R09: 0000000000000000 [ 441.268018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 441.268907] R13: 0000000000000004 R14: 00000000005ef018 R15: 00000000004004e8 The reason is that the positive number returned by bpf prog is not a valid errno, and could not be filtered out with IS_ERR which is used by the file system to check errors. As a result, the filesystem mistakenly uses this random positive number as file pointer, causing panic. To fix this issue, there are two schemes: 1. Modify the calling sites of file_alloc_security to take positive return values as zero. 2. Make the bpf verifier to ensure no unpredicted value returned by lsm bpf prog. Considering that hook file_alloc_security never returned positive number before bpf lsm was introduced, and other lsm hooks may have the same problem, scheme 2 is more reasonable. So this series adds lsm return value check in verifier to fix it. v3: 1. Fix incorrect lsm hook return value ranges, and add disabled hook list for bpf lsm, and merge two LSM_RET_INT patches. (KP Singh) 2. Avoid bpf lsm progs attached to different hooks to call each other with tail call 3. Fix a CI failure caused by false rejection of AND operation 4. Add tests v2: https://lore.kernel.org/bpf/20240325095653.1720123-1-xukuohai@huaweicloud.c… fix bpf ci failure v1: https://lore.kernel.org/bpf/20240316122359.1073787-1-xukuohai@huaweicloud.c… Xu Kuohai (11): bpf, lsm: Annotate lsm hook return value range bpf, lsm: Add helper to read lsm hook return value range bpf, lsm: Check bpf lsm hook return values in verifier bpf, lsm: Add bpf lsm disabled hook list bpf: Avoid progs for different hooks calling each other with tail call bpf: Fix compare error in function retval_range_within bpf: Fix a false rejection caused by AND operation selftests/bpf: Avoid load failure for token_lsm.c selftests/bpf: Add return value checks for failed tests selftests/bpf: Add test for lsm tail call selftests/bpf: Add verifier tests for bpf lsm include/linux/bpf.h | 2 + include/linux/bpf_lsm.h | 8 + include/linux/lsm_hook_defs.h | 591 +++++++++--------- include/linux/lsm_hooks.h | 6 - kernel/bpf/bpf_lsm.c | 84 ++- kernel/bpf/btf.c | 5 +- kernel/bpf/core.c | 22 +- kernel/bpf/verifier.c | 82 ++- security/security.c | 1 + .../selftests/bpf/prog_tests/test_lsm.c | 46 +- .../selftests/bpf/prog_tests/verifier.c | 3 +- tools/testing/selftests/bpf/progs/err.h | 10 + .../selftests/bpf/progs/lsm_tailcall.c | 34 + .../selftests/bpf/progs/test_sig_in_xattr.c | 4 + .../bpf/progs/test_verify_pkcs7_sig.c | 8 +- tools/testing/selftests/bpf/progs/token_lsm.c | 4 +- .../bpf/progs/verifier_global_subprogs.c | 7 +- .../selftests/bpf/progs/verifier_lsm.c | 155 +++++ 18 files changed, 754 insertions(+), 318 deletions(-) create mode 100644 tools/testing/selftests/bpf/progs/lsm_tailcall.c create mode 100644 tools/testing/selftests/bpf/progs/verifier_lsm.c -- 2.30.2

1 month, 2 weeks

8
37
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror April 2024