June 2024 - Linux-kselftest-mirror

[PATCH bpf-next v3 0/8] use network helpers, part 8

by Geliang Tang

From: Geliang Tang <tanggeliang(a)kylinos.cn> v3: - a new patch to add backlog for network_helper_opts. - use start_server_str in sockmap_ktls now, not start_server. v2: - address Eduard's comments in v1. (thanks) - fix errors reported by CI. This patch set uses network helpers in sockmap_ktls and sk_lookup, and drop three local helpers tcp_server(), inetaddr_len() and make_socket() in them. Geliang Tang (8): selftests/bpf: Add backlog for network_helper_opts selftests/bpf: Use start_server_str in sockmap_ktls selftests/bpf: Use connect_to_fd in sockmap_ktls selftests/bpf: Use start_server_str in sk_lookup selftests/bpf: Use connect_to_fd in sk_lookup selftests/bpf: Use connect_to_addr in sk_lookup selftests/bpf: Drop inetaddr_len in sk_lookup selftests/bpf: Drop make_socket in sk_lookup tools/testing/selftests/bpf/network_helpers.c | 2 +- tools/testing/selftests/bpf/network_helpers.h | 1 + .../selftests/bpf/prog_tests/sk_lookup.c | 138 ++++++------------ .../selftests/bpf/prog_tests/sockmap_ktls.c | 35 +---- 4 files changed, 57 insertions(+), 119 deletions(-) -- 2.43.0

1 year, 3 months

1
8
0 0

[PATCH 1/2] tools: kernel-chktaint: Fix bashism, simplify code

by Petr Vorel

'==' is bashism, '=' needs to be used for comparison. With this fix script can work on systems where the default shell is dash, busybox ash or any other strictly POSIX compatible shell. While at it, also improve: * remove "x" in the comparison (not needed for decades) * use $# for checking number of arguments * cleanup whitespace Fixes: 4ab5a5d2a4a22 ("tools: add a kernel-chktaint to tools/debugging") Signed-off-by: Petr Vorel <pvorel(a)suse.cz> --- tools/debugging/kernel-chktaint | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/debugging/kernel-chktaint b/tools/debugging/kernel-chktaint index 279be06332be9..adbb1d621ccd4 100755 --- a/tools/debugging/kernel-chktaint +++ b/tools/debugging/kernel-chktaint @@ -18,11 +18,11 @@ retrieved from /proc/sys/kernel/tainted on another system. EOF } -if [ "$1"x != "x" ]; then - if [ "$1"x == "--helpx" ] || [ "$1"x == "-hx" ] ; then +if [ $# -gt 0 ]; then + if [ "$1" = "--help" ] || [ "$1" = "-h" ]; then usage exit 1 - elif [ $1 -ge 0 ] 2>/dev/null ; then + elif [ $1 -ge 0 ] 2>/dev/null; then taint=$1 else echo "Error: Parameter '$1' not a positive integer. Aborting." >&2 -- 2.45.1

1 year, 3 months

3
3
0 0

[PATCH bpf-next v2 0/7] use network helpers, part 8

by Geliang Tang

From: Geliang Tang <tanggeliang(a)kylinos.cn> v2: - address Eduard's comments in v1. (thanks) - fix errors reported by CI. This patch set uses network helpers in sockmap_ktls and sk_lookup, and drop three local helpers tcp_server(), inetaddr_len() and make_socket() in them. Geliang Tang (7): selftests/bpf: Use start_server in sockmap_ktls selftests/bpf: Use connect_to_fd in sockmap_ktls selftests/bpf: Use start_server_str in sk_lookup selftests/bpf: Use connect_to_fd in sk_lookup selftests/bpf: Use connect_to_addr in sk_lookup selftests/bpf: Drop inetaddr_len in sk_lookup selftests/bpf: Drop make_socket in sk_lookup .../selftests/bpf/prog_tests/sk_lookup.c | 138 ++++++------------ .../selftests/bpf/prog_tests/sockmap_ktls.c | 32 +--- 2 files changed, 52 insertions(+), 118 deletions(-) -- 2.43.0

1 year, 3 months

1
7
0 0

[PATCH v7 00/16] selftests/resctrl: resctrl_val() related cleanups & improvements

by Ilpo Järvinen

Hi all, This series does a number of cleanups into resctrl_val() and generalizes it by removing test name specific handling from the function. v7: - Truly use "bound to", not bounded to. - Fix separator to use 3 dashes v6: - Adjust closing/rollback of the IMC perf - Move the comment in measure_vals() to function level - Capitalize MBM - binded to -> bound to - Language tweak into kerneldoc - Removed stale paragraph from commit message v5: - Open mem bw file only once and use rewind(). - Add \n to mem bw file read to allow reading fresh values from the file. - Return 0 if create_grp() is given NULL grp_name (matches the original behavior). Mention this in function's kerneldoc. - Cast pid_t to int before printing with %d. - Caps/typo fixes to kerneldoc and commit messages. - Use imperative tone in commit messages and improve them based on points that came up during review. v4: - Merged close fix into IMC READ+WRITE rework patch - Add loop to reset imc_counters_config fds to -1 to be able know which need closing - Introduce perf_close_imc_mem_bw() to close fds - Open resctrl mem bw file (twice) beforehand to avoid opening it during the test - Remove MBM .mongrp setup - Remove mongrp from CMT test v3: - Rename init functions to <testname>_init() - Replace for loops with READ+WRITE statements for clarity - Don't drop Return: entry from perf_open_imc_mem_bw() func comment - New patch: Fix closing of IMC fds in case of error - New patch: Make "bandwidth" consistent in comments & prints - New patch: Simplify mem bandwidth file code - Remove wrong comment - Changed grp_name check to return -1 on fail (internal sanity check) v2: - Resolved conflicts with kselftest/next - Spaces -> tabs correction Ilpo Järvinen (16): selftests/resctrl: Fix closing IMC fds on error and open-code R+W instead of loops selftests/resctrl: Calculate resctrl FS derived mem bw over sleep(1) only selftests/resctrl: Make "bandwidth" consistent in comments & prints selftests/resctrl: Consolidate get_domain_id() into resctrl_val() selftests/resctrl: Use correct type for pids selftests/resctrl: Cleanup bm_pid and ppid usage & limit scope selftests/resctrl: Rename measure_vals() to measure_mem_bw_vals() & document selftests/resctrl: Simplify mem bandwidth file code for MBA & MBM tests selftests/resctrl: Add ->measure() callback to resctrl_val_param selftests/resctrl: Add ->init() callback into resctrl_val_param selftests/resctrl: Simplify bandwidth report type handling selftests/resctrl: Make some strings passed to resctrlfs functions const selftests/resctrl: Convert ctrlgrp & mongrp to pointers selftests/resctrl: Remove mongrp from MBA test selftests/resctrl: Remove mongrp from CMT test selftests/resctrl: Remove test name comparing from write_bm_pid_to_resctrl() tools/testing/selftests/resctrl/cache.c | 10 +- tools/testing/selftests/resctrl/cat_test.c | 5 +- tools/testing/selftests/resctrl/cmt_test.c | 22 +- tools/testing/selftests/resctrl/mba_test.c | 26 +- tools/testing/selftests/resctrl/mbm_test.c | 26 +- tools/testing/selftests/resctrl/resctrl.h | 49 ++- tools/testing/selftests/resctrl/resctrl_val.c | 371 ++++++++---------- tools/testing/selftests/resctrl/resctrlfs.c | 67 ++-- 8 files changed, 291 insertions(+), 285 deletions(-) -- 2.39.2

1 year, 3 months

3
19
0 0

[PATCH bpf-next 0/6] use network helpers, part 8

by Geliang Tang

From: Geliang Tang <tanggeliang(a)kylinos.cn> This patch set uses network helpers in sockmap_ktls and sk_lookup, and drop three local helpers tcp_server(), inetaddr_len() and make_socket() in them. Geliang Tang (6): selftests/bpf: Use start_server in sockmap_ktls selftests/bpf: Use connect_to_fd in sockmap_ktls selftests/bpf: Use start_server_str in sk_lookup selftests/bpf: Drop inetaddr_len in sk_lookup selftests/bpf: Use connect_to_fd in sk_lookup selftests/bpf: Drop make_socket in sk_lookup .../selftests/bpf/prog_tests/sk_lookup.c | 144 ++++++------------ .../selftests/bpf/prog_tests/sockmap_ktls.c | 32 +--- 2 files changed, 53 insertions(+), 123 deletions(-) -- 2.43.0

1 year, 3 months

2
11
0 0

[PATCH net-next] selftests: net: change shebang to bash in amt.sh

by Taehee Yoo

amt.sh is written in bash, not sh. So, shebang should be bash. Signed-off-by: Taehee Yoo <ap420073(a)gmail.com> --- tools/testing/selftests/net/amt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/amt.sh b/tools/testing/selftests/net/amt.sh index 7e7ed6c558da..d458b45c775b 100755 --- a/tools/testing/selftests/net/amt.sh +++ b/tools/testing/selftests/net/amt.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # SPDX-License-Identifier: GPL-2.0 # Author: Taehee Yoo <ap420073(a)gmail.com> -- 2.34.1

1 year, 3 months

3
2
0 0

[PATCH V4] rcutorture: Add CFcommon.arch for the various arch's need

by Zhouyi Zhou

Add CFcommon.arch for the various arch's need for rcutorture. In accordance with [1], [2] and [3], move x86 specific kernel option CONFIG_HYPERVISOR_GUEST to CFcommon.arch, also move kernel option CONFIG_KVM_GUEST which only exists on x86 & PowerPC to CFcommon.arch. [1] https://lore.kernel.org/all/20240427005626.1365935-1-zhouzhouyi@gmail.com/ [2] https://lore.kernel.org/all/059d36ce-6453-42be-a31e-895abd35d590@paulmck-la… [3] https://lore.kernel.org/all/ZnBkHosMDhsh4H8g@J2N7QTR9R3/ Tested in x86_64 and PPC VM of Open Source Lab of Oregon State University. Fixes: a6fda6dab93c ("rcutorture: Tweak kvm options") Suggested-by: Paul E. McKenney <paulmck(a)kernel.org> Suggested-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Zhouyi Zhou <zhouzhouyi(a)gmail.com> --- tools/testing/selftests/rcutorture/bin/kvm-test-1-run.sh | 2 ++ tools/testing/selftests/rcutorture/configs/rcu/CFcommon | 2 -- tools/testing/selftests/rcutorture/configs/rcu/CFcommon.i686 | 2 ++ tools/testing/selftests/rcutorture/configs/rcu/CFcommon.ppc64le | 1 + tools/testing/selftests/rcutorture/configs/rcu/CFcommon.x86_64 | 2 ++ 5 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 tools/testing/selftests/rcutorture/configs/rcu/CFcommon.i686 create mode 100644 tools/testing/selftests/rcutorture/configs/rcu/CFcommon.ppc64le create mode 100644 tools/testing/selftests/rcutorture/configs/rcu/CFcommon.x86_64 diff --git a/tools/testing/selftests/rcutorture/bin/kvm-test-1-run.sh b/tools/testing/selftests/rcutorture/bin/kvm-test-1-run.sh index b33cd8753689..ad79784e552d 100755 --- a/tools/testing/selftests/rcutorture/bin/kvm-test-1-run.sh +++ b/tools/testing/selftests/rcutorture/bin/kvm-test-1-run.sh @@ -68,6 +68,8 @@ config_override_param "--gdb options" KcList "$TORTURE_KCONFIG_GDB_ARG" config_override_param "--kasan options" KcList "$TORTURE_KCONFIG_KASAN_ARG" config_override_param "--kcsan options" KcList "$TORTURE_KCONFIG_KCSAN_ARG" config_override_param "--kconfig argument" KcList "$TORTURE_KCONFIG_ARG" +config_override_param "$config_dir/CFcommon.$(uname -m)" KcList \ + "`cat $config_dir/CFcommon.$(uname -m) 2> /dev/null`" cp $T/KcList $resdir/ConfigFragment base_resdir=`echo $resdir | sed -e 's/\.[0-9]\+$//'` diff --git a/tools/testing/selftests/rcutorture/configs/rcu/CFcommon b/tools/testing/selftests/rcutorture/configs/rcu/CFcommon index 0e92d85313aa..217597e84905 100644 --- a/tools/testing/selftests/rcutorture/configs/rcu/CFcommon +++ b/tools/testing/selftests/rcutorture/configs/rcu/CFcommon @@ -1,7 +1,5 @@ CONFIG_RCU_TORTURE_TEST=y CONFIG_PRINTK_TIME=y -CONFIG_HYPERVISOR_GUEST=y CONFIG_PARAVIRT=y -CONFIG_KVM_GUEST=y CONFIG_KCSAN_ASSUME_PLAIN_WRITES_ATOMIC=n CONFIG_KCSAN_REPORT_VALUE_CHANGE_ONLY=n diff --git a/tools/testing/selftests/rcutorture/configs/rcu/CFcommon.i686 b/tools/testing/selftests/rcutorture/configs/rcu/CFcommon.i686 new file mode 100644 index 000000000000..d8b2f555686f --- /dev/null +++ b/tools/testing/selftests/rcutorture/configs/rcu/CFcommon.i686 @@ -0,0 +1,2 @@ +CONFIG_HYPERVISOR_GUEST=y +CONFIG_KVM_GUEST=y diff --git a/tools/testing/selftests/rcutorture/configs/rcu/CFcommon.ppc64le b/tools/testing/selftests/rcutorture/configs/rcu/CFcommon.ppc64le new file mode 100644 index 000000000000..133da04247ee --- /dev/null +++ b/tools/testing/selftests/rcutorture/configs/rcu/CFcommon.ppc64le @@ -0,0 +1 @@ +CONFIG_KVM_GUEST=y diff --git a/tools/testing/selftests/rcutorture/configs/rcu/CFcommon.x86_64 b/tools/testing/selftests/rcutorture/configs/rcu/CFcommon.x86_64 new file mode 100644 index 000000000000..d8b2f555686f --- /dev/null +++ b/tools/testing/selftests/rcutorture/configs/rcu/CFcommon.x86_64 @@ -0,0 +1,2 @@ +CONFIG_HYPERVISOR_GUEST=y +CONFIG_KVM_GUEST=y -- 2.39.2

1 year, 3 months

3
4
0 0

[PATCH net-next v4 00/10] net: openvswitch: Add sample multicasting.

by Adrian Moreno

** Background ** Currently, OVS supports several packet sampling mechanisms (sFlow, per-bridge IPFIX, per-flow IPFIX). These end up being translated into a userspace action that needs to be handled by ovs-vswitchd's handler threads only to be forwarded to some third party application that will somehow process the sample and provide observability on the datapath. A particularly interesting use-case is controller-driven per-flow IPFIX sampling where the OpenFlow controller can add metadata to samples (via two 32bit integers) and this metadata is then available to the sample-collecting system for correlation. ** Problem ** The fact that sampled traffic share netlink sockets and handler thread time with upcalls, apart from being a performance bottleneck in the sample extraction itself, can severely compromise the datapath, yielding this solution unfit for highly loaded production systems. Users are left with little options other than guessing what sampling rate will be OK for their traffic pattern and system load and dealing with the lost accuracy. Looking at available infrastructure, an obvious candidated would be to use psample. However, it's current state does not help with the use-case at stake because sampled packets do not contain user-defined metadata. ** Proposal ** This series is an attempt to fix this situation by extending the existing psample infrastructure to carry a variable length user-defined cookie. The main existing user of psample is tc's act_sample. It is also extended to forward the action's cookie to psample. Finally, a new OVS action (OVS_SAMPLE_ATTR_EMIT_SAMPLE) is created. It accepts a group and an optional cookie and uses psample to multicast the packet and the metadata. -- v3 -> v4: - Rebased. - Addressed Jakub's comment on private and unused nla attributes. v2 -> v3: - Addressed comments from Simon, Aaron and Ilya. - Dropped probability propagation in nested sample actions. - Dropped patch v2's 7/9 in favor of a userspace implementation and consume skb if emit_sample is the last action, same as we do with userspace. - Split ovs-dpctl.py features in independent patches. v1 -> v2: - Create a new action ("emit_sample") rather than reuse existing "sample" one. - Add probability semantics to psample's sampling rate. - Store sampling probability in skb's cb area and use it in emit_sample. - Test combining "emit_sample" with "trunc" - Drop group_id filtering and tracepoint in psample. rfc_v2 -> v1: - Accomodate Ilya's comments. - Split OVS's attribute in two attributes and simplify internal handling of psample arguments. - Extend psample and tc with a user-defined cookie. - Add a tracepoint to psample to facilitate troubleshooting. rfc_v1 -> rfc_v2: - Use psample instead of a new OVS-only multicast group. - Extend psample and tc with a user-defined cookie. Adrian Moreno (10): net: psample: add user cookie net: sched: act_sample: add action cookie to sample net: psample: skip packet copy if no listeners net: psample: allow using rate as probability net: openvswitch: add emit_sample action net: openvswitch: store sampling probability in cb. selftests: openvswitch: add emit_sample action selftests: openvswitch: add userspace parsing selftests: openvswitch: parse trunc action selftests: openvswitch: add emit_sample test Documentation/netlink/specs/ovs_flow.yaml | 17 ++ include/net/psample.h | 5 +- include/uapi/linux/openvswitch.h | 31 +- include/uapi/linux/psample.h | 11 +- include/uapi/linux/tc_act/tc_sample.h | 1 + net/openvswitch/Kconfig | 1 + net/openvswitch/actions.c | 63 +++- net/openvswitch/datapath.h | 3 + net/openvswitch/flow_netlink.c | 33 ++- net/openvswitch/vport.c | 1 + net/psample/psample.c | 16 +- net/sched/act_sample.c | 12 + .../selftests/net/openvswitch/openvswitch.sh | 110 ++++++- .../selftests/net/openvswitch/ovs-dpctl.py | 272 +++++++++++++++++- 14 files changed, 560 insertions(+), 16 deletions(-) -- 2.45.1

1 year, 3 months

1
4
0 0

[PATCH v5 4/4] KVM: riscv: selftests: Add Svade and Svadu Extension to get-reg-list test

by Yong-Xuan Wang

Update the get-reg-list test to test the Svade and Svadu Extensions are available for guest OS. Signed-off-by: Yong-Xuan Wang <yongxuan.wang(a)sifive.com> --- tools/testing/selftests/kvm/riscv/get-reg-list.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tools/testing/selftests/kvm/riscv/get-reg-list.c b/tools/testing/selftests/kvm/riscv/get-reg-list.c index 222198dd6d04..1d32351ad55e 100644 --- a/tools/testing/selftests/kvm/riscv/get-reg-list.c +++ b/tools/testing/selftests/kvm/riscv/get-reg-list.c @@ -45,6 +45,8 @@ bool filter_reg(__u64 reg) case KVM_REG_RISCV_ISA_EXT | KVM_REG_RISCV_ISA_SINGLE | KVM_RISCV_ISA_EXT_SSAIA: case KVM_REG_RISCV_ISA_EXT | KVM_REG_RISCV_ISA_SINGLE | KVM_RISCV_ISA_EXT_SSCOFPMF: case KVM_REG_RISCV_ISA_EXT | KVM_REG_RISCV_ISA_SINGLE | KVM_RISCV_ISA_EXT_SSTC: + case KVM_REG_RISCV_ISA_EXT | KVM_REG_RISCV_ISA_SINGLE | KVM_RISCV_ISA_EXT_SVADE: + case KVM_REG_RISCV_ISA_EXT | KVM_REG_RISCV_ISA_SINGLE | KVM_RISCV_ISA_EXT_SVADU: case KVM_REG_RISCV_ISA_EXT | KVM_REG_RISCV_ISA_SINGLE | KVM_RISCV_ISA_EXT_SVINVAL: case KVM_REG_RISCV_ISA_EXT | KVM_REG_RISCV_ISA_SINGLE | KVM_RISCV_ISA_EXT_SVNAPOT: case KVM_REG_RISCV_ISA_EXT | KVM_REG_RISCV_ISA_SINGLE | KVM_RISCV_ISA_EXT_SVPBMT: @@ -411,6 +413,8 @@ static const char *isa_ext_single_id_to_str(__u64 reg_off) KVM_ISA_EXT_ARR(SSAIA), KVM_ISA_EXT_ARR(SSCOFPMF), KVM_ISA_EXT_ARR(SSTC), + KVM_ISA_EXT_ARR(SVADE), + KVM_ISA_EXT_ARR(SVADU), KVM_ISA_EXT_ARR(SVINVAL), KVM_ISA_EXT_ARR(SVNAPOT), KVM_ISA_EXT_ARR(SVPBMT), @@ -935,6 +939,8 @@ KVM_ISA_EXT_SIMPLE_CONFIG(h, H); KVM_ISA_EXT_SUBLIST_CONFIG(smstateen, SMSTATEEN); KVM_ISA_EXT_SIMPLE_CONFIG(sscofpmf, SSCOFPMF); KVM_ISA_EXT_SIMPLE_CONFIG(sstc, SSTC); +KVM_ISA_EXT_SIMPLE_CONFIG(svade, SVADE); +KVM_ISA_EXT_SIMPLE_CONFIG(svadu, SVADU); KVM_ISA_EXT_SIMPLE_CONFIG(svinval, SVINVAL); KVM_ISA_EXT_SIMPLE_CONFIG(svnapot, SVNAPOT); KVM_ISA_EXT_SIMPLE_CONFIG(svpbmt, SVPBMT); @@ -991,6 +997,8 @@ struct vcpu_reg_list *vcpu_configs[] = { &config_smstateen, &config_sscofpmf, &config_sstc, + &config_svade, + &config_svadu, &config_svinval, &config_svnapot, &config_svpbmt, -- 2.17.1

1 year, 3 months

2
1
0 0

[PATCH v4 00/14] security: digest_cache LSM

by Roberto Sassu

From: Roberto Sassu <roberto.sassu(a)huawei.com> Integrity detection and protection has long been a desirable feature, to reach a large user base and mitigate the risk of flaws in the software and attacks. However, while solutions exist, they struggle to reach the large user base, due to requiring higher than desired constraints on performance, flexibility and configurability, that only security conscious people are willing to accept. This is where the new digest_cache LSM comes into play, it offers additional support for new and existing integrity solutions, to make them faster and easier to deploy. The full documentation with the motivation and the solution details can be found in patch 14. The IMA integration patch set will be introduced separately. Also a PoC based on the current version of IPE can be provided. v3: - Rewrite documentation, and remove the installation instructions since they are now included in the README of digest-cache-tools - Add digest cache event notifier - Drop digest_cache_was_reset(), and send instead to asynchronous notifications - Fix digest_cache LSM Kconfig style issues (suggested by Randy Dunlap) - Propagate digest cache reset to directory entries - Destroy per directory entry mutex - Introduce RESET_USER bit, to clear the dig_user pointer on set/removexattr - Replace 'file content' with 'file data' (suggested by Mimi) - Introduce per digest cache mutex and replace verif_data_lock spinlock - Track changes of security.digest_list xattr - Stop tracking file_open and use file_release instead also for file writes - Add error messages in digest_cache_create() - Load/unload testing kernel module automatically during execution of test - Add tests for digest cache event notifier - Add test for ftruncate() - Remove DIGEST_CACHE_RESET_PREFETCH_BUF command in test and clear the buffer on read instead v2: - Include the TLV parser in this patch set (from user asymmetric keys and signatures) - Move from IMA and make an independent LSM - Remove IMA-specific stuff from this patch set - Add per algorithm hash table - Expect all digest lists to be in the same directory and allow changing the default directory - Support digest lookup on directories, when there is no security.digest_list xattr - Add seq num to digest list file name, to impose ordering on directory iteration - Add a new data type DIGEST_LIST_ENTRY_DATA for the nested data in the tlv digest list format - Add the concept of verification data attached to digest caches - Add the reset mechanism to track changes on digest lists and directory containing the digest lists - Add kernel selftests v1: - Add documentation in Documentation/security/integrity-digest-cache.rst - Pass the mask of IMA actions to digest_cache_alloc() - Add a reference count to the digest cache - Remove the path parameter from digest_cache_get(), and rely on the reference count to avoid the digest cache disappearing while being used - Rename the dentry_to_check parameter of digest_cache_get() to dentry - Rename digest_cache_get() to digest_cache_new() and add digest_cache_get() to set the digest cache in the iint of the inode for which the digest cache was requested - Add dig_owner and dig_user to the iint, to distinguish from which inode the digest cache was created from, and which is using it; consequently it makes the digest cache usable to measure/appraise other digest caches (support not yet enabled) - Add dig_owner_mutex and dig_user_mutex to serialize accesses to dig_owner and dig_user until they are initialized - Enforce strong synchronization and make the contenders wait until dig_owner and dig_user are assigned to the iint the first time - Move checking IMA actions on the digest list earlier, and fail if no action were performed (digest cache not usable) - Remove digest_cache_put(), not needed anymore with the introduction of the reference count - Fail immediately in digest_cache_lookup() if the digest algorithm is not set in the digest cache - Use 64 bit mask for IMA actions on the digest list instead of 8 bit - Return NULL in the inline version of digest_cache_get() - Use list_add_tail() instead of list_add() in the iterator - Copy the digest list path to a separate buffer in digest_cache_iter_dir() - Use digest list parsers verified with Frama-C - Explicitly disable (for now) the possibility in the IMA policy to use the digest cache to measure/appraise other digest lists - Replace exit(<value>) with return <value> in manage_digest_lists.c Roberto Sassu (14): lib: Add TLV parser security: Introduce the digest_cache LSM digest_cache: Add securityfs interface digest_cache: Add hash tables and operations digest_cache: Populate the digest cache from a digest list digest_cache: Parse tlv digest lists digest_cache: Parse rpm digest lists digest_cache: Add management of verification data digest_cache: Add support for directories digest cache: Prefetch digest lists if requested digest_cache: Reset digest cache on file/directory change digest_cache: Notify digest cache events selftests/digest_cache: Add selftests for digest_cache LSM docs: Add documentation of the digest_cache LSM Documentation/security/digest_cache.rst | 763 ++++++++++++++++ Documentation/security/index.rst | 1 + MAINTAINERS | 16 + include/linux/digest_cache.h | 117 +++ include/linux/kernel_read_file.h | 1 + include/linux/tlv_parser.h | 28 + include/uapi/linux/lsm.h | 1 + include/uapi/linux/tlv_digest_list.h | 72 ++ include/uapi/linux/tlv_parser.h | 59 ++ include/uapi/linux/xattr.h | 6 + lib/Kconfig | 3 + lib/Makefile | 3 + lib/tlv_parser.c | 214 +++++ lib/tlv_parser.h | 17 + security/Kconfig | 11 +- security/Makefile | 1 + security/digest_cache/Kconfig | 33 + security/digest_cache/Makefile | 11 + security/digest_cache/dir.c | 252 ++++++ security/digest_cache/htable.c | 268 ++++++ security/digest_cache/internal.h | 290 +++++++ security/digest_cache/main.c | 570 ++++++++++++ security/digest_cache/modsig.c | 66 ++ security/digest_cache/notifier.c | 135 +++ security/digest_cache/parsers/parsers.h | 15 + security/digest_cache/parsers/rpm.c | 223 +++++ security/digest_cache/parsers/tlv.c | 299 +++++++ security/digest_cache/populate.c | 163 ++++ security/digest_cache/reset.c | 235 +++++ security/digest_cache/secfs.c | 87 ++ security/digest_cache/verif.c | 119 +++ security/security.c | 3 +- tools/testing/selftests/Makefile | 1 + .../testing/selftests/digest_cache/.gitignore | 3 + tools/testing/selftests/digest_cache/Makefile | 24 + .../testing/selftests/digest_cache/all_test.c | 815 ++++++++++++++++++ tools/testing/selftests/digest_cache/common.c | 78 ++ tools/testing/selftests/digest_cache/common.h | 135 +++ .../selftests/digest_cache/common_user.c | 47 + .../selftests/digest_cache/common_user.h | 17 + tools/testing/selftests/digest_cache/config | 1 + .../selftests/digest_cache/generators.c | 248 ++++++ .../selftests/digest_cache/generators.h | 19 + .../selftests/digest_cache/testmod/Makefile | 16 + .../selftests/digest_cache/testmod/kern.c | 564 ++++++++++++ .../selftests/lsm/lsm_list_modules_test.c | 3 + 46 files changed, 6047 insertions(+), 6 deletions(-) create mode 100644 Documentation/security/digest_cache.rst create mode 100644 include/linux/digest_cache.h create mode 100644 include/linux/tlv_parser.h create mode 100644 include/uapi/linux/tlv_digest_list.h create mode 100644 include/uapi/linux/tlv_parser.h create mode 100644 lib/tlv_parser.c create mode 100644 lib/tlv_parser.h create mode 100644 security/digest_cache/Kconfig create mode 100644 security/digest_cache/Makefile create mode 100644 security/digest_cache/dir.c create mode 100644 security/digest_cache/htable.c create mode 100644 security/digest_cache/internal.h create mode 100644 security/digest_cache/main.c create mode 100644 security/digest_cache/modsig.c create mode 100644 security/digest_cache/notifier.c create mode 100644 security/digest_cache/parsers/parsers.h create mode 100644 security/digest_cache/parsers/rpm.c create mode 100644 security/digest_cache/parsers/tlv.c create mode 100644 security/digest_cache/populate.c create mode 100644 security/digest_cache/reset.c create mode 100644 security/digest_cache/secfs.c create mode 100644 security/digest_cache/verif.c create mode 100644 tools/testing/selftests/digest_cache/.gitignore create mode 100644 tools/testing/selftests/digest_cache/Makefile create mode 100644 tools/testing/selftests/digest_cache/all_test.c create mode 100644 tools/testing/selftests/digest_cache/common.c create mode 100644 tools/testing/selftests/digest_cache/common.h create mode 100644 tools/testing/selftests/digest_cache/common_user.c create mode 100644 tools/testing/selftests/digest_cache/common_user.h create mode 100644 tools/testing/selftests/digest_cache/config create mode 100644 tools/testing/selftests/digest_cache/generators.c create mode 100644 tools/testing/selftests/digest_cache/generators.h create mode 100644 tools/testing/selftests/digest_cache/testmod/Makefile create mode 100644 tools/testing/selftests/digest_cache/testmod/kern.c -- 2.34.1

1 year, 3 months

6
57
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror June 2024