User space can use the MEM_OP ioctl to make storage key checked reads
and writes to the guest, however, it has no way of performing atomic,
key checked, accesses to the guest.
Extend the MEM_OP ioctl in order to allow for this, by adding a cmpxchg
mode. For now, support this mode for absolute accesses only.
This mode can be use, for example, to set the device-state-change
indicator and the adapter-local-summary indicator atomically.
Janis Schoetterl-Glausch (9):
s390/uaccess: Add storage key checked cmpxchg access to user space
KVM: s390: Extend MEM_OP ioctl by storage key checked cmpxchg
Documentation: KVM: s390: Describe KVM_S390_MEMOP_F_CMPXCHG
KVM: s390: selftest: memop: Pass mop_desc via pointer
KVM: s390: selftest: memop: Replace macros by functions
KVM: s390: selftest: memop: Add bad address test
KVM: s390: selftest: memop: Add cmpxchg tests
KVM: s390: selftest: memop: Fix typo
KVM: s390: selftest: memop: Fix wrong address being used in test
Documentation/virt/kvm/api.rst | 18 +-
include/uapi/linux/kvm.h | 5 +
arch/s390/include/asm/uaccess.h | 187 ++++++
arch/s390/kvm/gaccess.h | 4 +
arch/s390/kvm/gaccess.c | 56 ++
arch/s390/kvm/kvm-s390.c | 50 +-
tools/testing/selftests/kvm/s390x/memop.c | 704 +++++++++++++++++-----
7 files changed, 874 insertions(+), 150 deletions(-)
base-commit: f76349cf41451c5c42a99f18a9163377e4b364ff
--
2.34.1
From: Roberto Sassu <roberto.sassu(a)huawei.com>
Add the _opts variant for bpf_*_get_fd_by_id() functions, to be able to
pass to the kernel more options, when requesting a fd of an eBPF object to
the kernel.
Pass the options through a newly introduced structure, bpf_get_fd_opts,
which currently contains open_flags (the other two members are for
compatibility and for padding).
open_flags allows the caller to request specific permissions to access a
map (e.g. read-only). This is useful for example in the situation where a
map is write-protected.
Besides patches 2-6, which introduce the new variants and the data
structure, patch 1 fixes the LIBBPF_1.0.0 declaration in libbpf.map.
Roberto Sassu (6):
libbpf: Fix LIBBPF_1.0.0 declaration in libbpf.map
libbpf: Define bpf_get_fd_opts and introduce
bpf_map_get_fd_by_id_opts()
libbpf: Introduce bpf_prog_get_fd_by_id_opts()
libbpf: Introduce bpf_btf_get_fd_by_id_opts()
libbpf: Introduce bpf_link_get_fd_by_id_opts()
selftests/bpf: Add tests for _opts variants of bpf_*_get_fd_by_id()
tools/lib/bpf/bpf.c | 47 +++++++++-
tools/lib/bpf/bpf.h | 16 ++++
tools/lib/bpf/libbpf.map | 6 +-
.../bpf/prog_tests/libbpf_get_fd_opts.c | 88 +++++++++++++++++++
.../bpf/progs/test_libbpf_get_fd_opts.c | 36 ++++++++
5 files changed, 188 insertions(+), 5 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/libbpf_get_fd_opts.c
create mode 100644 tools/testing/selftests/bpf/progs/test_libbpf_get_fd_opts.c
--
2.25.1
Hi Dear,
Nice to meet you, hope you’re enjoying a blissful day? I'm Ann
Ghallagher. I'm a U.S. Army officer from the United States of America,
I am supportive and caring, I like swimming and cooking am gentle
although I am a soldier but I'm kind, wanting to get a good friend, I
would like to establish mutual friendship with you.I want to make a
deal with you so if you are interested contact my email
(annghallaghe(a)gmail.com) or should I tell you about the deal here?
Regards,
Ann
From: Kyle Huey <me(a)kylehuey.com>
When management of the PKRU register was moved away from XSTATE, emulation
of PKRU's existence in XSTATE was added for reading PKRU through ptrace,
but not for writing PKRU through ptrace. This can be seen by running gdb
and executing `p $pkru`, `set $pkru = 42`, and `p $pkru`. On affected
kernels (5.14+) the write to the PKRU register (which gdb performs through
ptrace) is ignored.
There are three APIs that write PKRU: sigreturn, PTRACE_SETREGSET with
NT_X86_XSTATE, and KVM_SET_XSAVE. sigreturn still uses XRSTOR to write to
PKRU. KVM_SET_XSAVE has its own special handling to make PKRU writes take
effect (in fpu_copy_uabi_to_guest_fpstate). Push that down into
copy_uabi_to_xstate and have PTRACE_SETREGSET with NT_X86_XSTATE pass in
a pointer to the appropriate PKRU slot. copy_sigframe_from_user_to_xstate
depends on copy_uabi_to_xstate populating the PKRU field in the task's
XSTATE so that __fpu_restore_sig can do a XRSTOR from it, so continue doing
that.
This also adds code to initialize the PKRU value to the hardware init value
(namely 0) if the PKRU bit is not set in the XSTATE header provided to
ptrace, to match XRSTOR.
Fixes: e84ba47e313d ("x86/fpu: Hook up PKRU into ptrace()")
Signed-off-by: Kyle Huey <me(a)kylehuey.com>
Cc: Dave Hansen <dave.hansen(a)linux.intel.com>
Cc: Thomas Gleixner <tglx(a)linutronix.de>
Cc: Borislav Petkov <bp(a)suse.de>
Cc: stable(a)vger.kernel.org # 5.14+
---
arch/x86/kernel/fpu/core.c | 20 +++++++++-----------
arch/x86/kernel/fpu/regset.c | 2 +-
arch/x86/kernel/fpu/signal.c | 2 +-
arch/x86/kernel/fpu/xstate.c | 25 ++++++++++++++++++++-----
arch/x86/kernel/fpu/xstate.h | 4 ++--
5 files changed, 33 insertions(+), 20 deletions(-)
diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
index 3b28c5b25e12..c273669e8a00 100644
--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
@@ -391,8 +391,6 @@ int fpu_copy_uabi_to_guest_fpstate(struct fpu_guest *gfpu, const void *buf,
{
struct fpstate *kstate = gfpu->fpstate;
const union fpregs_state *ustate = buf;
- struct pkru_state *xpkru;
- int ret;
if (!cpu_feature_enabled(X86_FEATURE_XSAVE)) {
if (ustate->xsave.header.xfeatures & ~XFEATURE_MASK_FPSSE)
@@ -406,16 +404,16 @@ int fpu_copy_uabi_to_guest_fpstate(struct fpu_guest *gfpu, const void *buf,
if (ustate->xsave.header.xfeatures & ~xcr0)
return -EINVAL;
- ret = copy_uabi_from_kernel_to_xstate(kstate, ustate);
- if (ret)
- return ret;
+ /*
+ * Nullify @vpkru to preserve its current value if PKRU's bit isn't set
+ * in the header. KVM's odd ABI is to leave PKRU untouched in this
+ * case (all other components are eventually re-initialized).
+ * (Not clear that this is actually necessary for compat).
+ */
+ if (!(ustate->xsave.header.xfeatures & XFEATURE_MASK_PKRU))
+ vpkru = NULL;
- /* Retrieve PKRU if not in init state */
- if (kstate->regs.xsave.header.xfeatures & XFEATURE_MASK_PKRU) {
- xpkru = get_xsave_addr(&kstate->regs.xsave, XFEATURE_PKRU);
- *vpkru = xpkru->pkru;
- }
- return 0;
+ return copy_uabi_from_kernel_to_xstate(kstate, ustate, vpkru);
}
EXPORT_SYMBOL_GPL(fpu_copy_uabi_to_guest_fpstate);
#endif /* CONFIG_KVM */
diff --git a/arch/x86/kernel/fpu/regset.c b/arch/x86/kernel/fpu/regset.c
index 75ffaef8c299..6d056b68f4ed 100644
--- a/arch/x86/kernel/fpu/regset.c
+++ b/arch/x86/kernel/fpu/regset.c
@@ -167,7 +167,7 @@ int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
}
fpu_force_restore(fpu);
- ret = copy_uabi_from_kernel_to_xstate(fpu->fpstate, kbuf ?: tmpbuf);
+ ret = copy_uabi_from_kernel_to_xstate(fpu->fpstate, kbuf ?: tmpbuf, &target->thread.pkru);
out:
vfree(tmpbuf);
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index 91d4b6de58ab..558076dbde5b 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -396,7 +396,7 @@ static bool __fpu_restore_sig(void __user *buf, void __user *buf_fx,
fpregs = &fpu->fpstate->regs;
if (use_xsave() && !fx_only) {
- if (copy_sigframe_from_user_to_xstate(fpu->fpstate, buf_fx))
+ if (copy_sigframe_from_user_to_xstate(tsk, buf_fx))
return false;
} else {
if (__copy_from_user(&fpregs->fxsave, buf_fx,
diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
index c8340156bfd2..8f14981a3936 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -1197,7 +1197,7 @@ static int copy_from_buffer(void *dst, unsigned int offset, unsigned int size,
static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf,
- const void __user *ubuf)
+ const void __user *ubuf, u32 *pkru)
{
struct xregs_state *xsave = &fpstate->regs.xsave;
unsigned int offset, size;
@@ -1246,6 +1246,21 @@ static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf,
}
}
+ /*
+ * Update the user protection key storage. Allow KVM to
+ * pass in a NULL pkru pointer if the mask bit is unset
+ * for its legacy ABI behavior.
+ */
+ if (pkru)
+ *pkru = 0;
+
+ if (hdr.xfeatures & XFEATURE_MASK_PKRU) {
+ struct pkru_state *xpkru;
+
+ xpkru = __raw_xsave_addr(xsave, XFEATURE_PKRU);
+ *pkru = xpkru->pkru;
+ }
+
/*
* The state that came in from userspace was user-state only.
* Mask all the user states out of 'xfeatures':
@@ -1264,9 +1279,9 @@ static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf,
* Convert from a ptrace standard-format kernel buffer to kernel XSAVE[S]
* format and copy to the target thread. Used by ptrace and KVM.
*/
-int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf)
+int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf, u32 *pkru)
{
- return copy_uabi_to_xstate(fpstate, kbuf, NULL);
+ return copy_uabi_to_xstate(fpstate, kbuf, NULL, pkru);
}
/*
@@ -1274,10 +1289,10 @@ int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf)
* XSAVE[S] format and copy to the target thread. This is called from the
* sigreturn() and rt_sigreturn() system calls.
*/
-int copy_sigframe_from_user_to_xstate(struct fpstate *fpstate,
+int copy_sigframe_from_user_to_xstate(struct task_struct *tsk,
const void __user *ubuf)
{
- return copy_uabi_to_xstate(fpstate, NULL, ubuf);
+ return copy_uabi_to_xstate(tsk->thread.fpu.fpstate, NULL, ubuf, &tsk->thread.pkru);
}
static bool validate_independent_components(u64 mask)
diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h
index 5ad47031383b..a4ecb04d8d64 100644
--- a/arch/x86/kernel/fpu/xstate.h
+++ b/arch/x86/kernel/fpu/xstate.h
@@ -46,8 +46,8 @@ extern void __copy_xstate_to_uabi_buf(struct membuf to, struct fpstate *fpstate,
u32 pkru_val, enum xstate_copy_mode copy_mode);
extern void copy_xstate_to_uabi_buf(struct membuf to, struct task_struct *tsk,
enum xstate_copy_mode mode);
-extern int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf);
-extern int copy_sigframe_from_user_to_xstate(struct fpstate *fpstate, const void __user *ubuf);
+extern int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf, u32 *pkru);
+extern int copy_sigframe_from_user_to_xstate(struct task_struct *tsk, const void __user *ubuf);
extern void fpu__init_cpu_xstate(void);
--
2.37.2
Changelog since v5:
- Avoids a second copy from the uabi buffer as suggested.
- Preserves old KVM_SET_XSAVE behavior where leaving the PKRU bit in the
XSTATE header results in PKRU remaining unchanged instead of
reinitializing it.
- Fixed up patch metadata as requested.
Changelog since v4:
- Selftest additionally checks PKRU readbacks through ptrace.
- Selftest flips all PKRU bits (except the default key).
Changelog since v3:
- The v3 patch is now part 1 of 2.
- Adds a selftest in part 2 of 2.
Changelog since v2:
- Removed now unused variables in fpu_copy_uabi_to_guest_fpstate
Changelog since v1:
- Handles the error case of copy_to_buffer().
When writing tests, it'd often be very useful to be able to intercept
calls to a function in the code being tested and replace it with a
test-specific stub. This has always been an obviously missing piece of
KUnit, and the solutions always involve some tradeoffs with cleanliness,
performance, or impact on non-test code. See the folowing document for
some of the challenges:
https://kunit.dev/mocking.html
This series consists of two prototype patches which add support for this
sort of redirection to KUnit tests:
1: static_stub: Any function which might want to be intercepted adds a
call to a macro which checks if a test has redirected calls to it, and
calls the corresponding replacement.
2: ftrace_stub: Functions are intercepted using ftrace.
This doesn't require adding a new prologue to each function being
replaced, but does have more dependencies (which restricts it to a small
number of architectures, not including UML), and doesn't work well with
inline functions.
The API for both implementations is very similar, so it should be easy
to migrate from one to the other if necessary. Both of these
implementations restrict the redirection to the test context: it is
automatically undone after the KUnit test completes, and does not affect
calls in other threads. If CONFIG_KUNIT is not enabled, there should be
no overhead in either implementation.
Does either (or both) of these features sound useful, and is this
sort-of API the right model? (Personally, I think there's a reasonable
scope for both.) Is anything obviously missing or wrong? Do the names,
descriptions etc. make any sense?
Note that these patches are definitely still at the "prototype" level,
and things like error-handling, documentation, and testing are still
pretty sparse. There is also quite a bit of room for optimisation.
These'll all be improved for v1 if the concept seems good.
We're going to be talking about this again at LPC, so it's worth having
another look before then if you're interested and/or will be attending:
https://lpc.events/event/16/contributions/1308/
Cheers,
-- David
---
Changes since RFC v1:
https://lore.kernel.org/lkml/20220318021314.3225240-1-davidgow@google.com/
- Fix some typos (thanks Daniel)
- Use typecheck_fn() to fix typechecking in some cases (thanks Brendan)
- Use ftrace_instruction_pointer_set() in place of kernel livepatch,
which seems to have disappeared:
https://lore.kernel.org/lkml/0a76550d-008d-0364-8244-4dae2981ea05@csgroup.e…
- Fix a copy-paste name error in the resource finding function.
- Rebase on top of torvalds/master, as it wasn't applying cleanly.
Note that the Kernel Livepatch -> ftrace change seems to allow more
architectures to work, but while they compile, there still seems to be
issues. So, this will compile on (e.g.) arm64, but fails:
$ ./tools/testing/kunit/kunit.py run 'example*' --kunitconfig lib/kunit/stubs_example.kunitconfig --arch arm64 --make_options LLVM=1
[05:00:13] # example_ftrace_stub_test: initializing
[05:00:13] # example_ftrace_stub_test: EXPECTATION FAILED at lib/kunit/kunit-example-test.c:179
[05:00:13] Expected add_one(1) == 0, but
[05:00:13] add_one(1) == 2
[05:00:13] not ok 6 - example_ftrace_stub_test
[05:00:13] [FAILED] example_ftrace_stub_test
Daniel Latypov (1):
kunit: expose ftrace-based API for stubbing out functions during tests
David Gow (1):
kunit: Expose 'static stub' API to redirect functions
include/kunit/ftrace_stub.h | 84 +++++++++++++++++
include/kunit/static_stub.h | 106 +++++++++++++++++++++
lib/kunit/Kconfig | 11 +++
lib/kunit/Makefile | 5 +
lib/kunit/ftrace_stub.c | 137 ++++++++++++++++++++++++++++
lib/kunit/kunit-example-test.c | 63 +++++++++++++
lib/kunit/static_stub.c | 125 +++++++++++++++++++++++++
lib/kunit/stubs_example.kunitconfig | 10 ++
8 files changed, 541 insertions(+)
create mode 100644 include/kunit/ftrace_stub.h
create mode 100644 include/kunit/static_stub.h
create mode 100644 lib/kunit/ftrace_stub.c
create mode 100644 lib/kunit/static_stub.c
create mode 100644 lib/kunit/stubs_example.kunitconfig
--
2.37.2.789.g6183377224-goog
kunit_tool's --alltests option was changed in commit
980ac3ad0512 ("kunit: tool: rename all_test_uml.config, use it for --alltests")
to use a manually curated list of architecture-indpendent Kconfig
options, rather than attempting to use make allyesconfig on UML, which
was broken.
Update the kunit_tool documentation to reflect the new behaviour of
--alltests.
Signed-off-by: David Gow <davidgow(a)google.com>
---
Documentation/dev-tools/kunit/run_wrapper.rst | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/Documentation/dev-tools/kunit/run_wrapper.rst b/Documentation/dev-tools/kunit/run_wrapper.rst
index 6b33caf6c8ab..dafe8eb28d30 100644
--- a/Documentation/dev-tools/kunit/run_wrapper.rst
+++ b/Documentation/dev-tools/kunit/run_wrapper.rst
@@ -251,14 +251,15 @@ command line arguments:
compiling a kernel (using ``build`` or ``run`` commands). For example:
to enable compiler warnings, we can pass ``--make_options W=1``.
-- ``--alltests``: Builds a UML kernel with all config options enabled
- using ``make allyesconfig``. This allows us to run as many tests as
- possible.
-
- .. note:: It is slow and prone to breakage as new options are
- added or modified. Instead, enable all tests
- which have satisfied dependencies by adding
- ``CONFIG_KUNIT_ALL_TESTS=y`` to your ``.kunitconfig``.
+- ``--alltests``: Enable a predefined set of options in order to build
+ as many tests as possible.
+
+ .. note:: The list of enabled options can be found in
+ ``tools/testing/kunit/configs/all_tests.config``.
+
+ If you only want to enable all tests with otherwise satisfied
+ dependencies, instead add ``CONFIG_KUNIT_ALL_TESTS=y`` to your
+ ``.kunitconfig``.
- ``--kunitconfig``: Specifies the path or the directory of the ``.kunitconfig``
file. For example:
--
2.38.0.rc1.362.ged0d419d3c-goog
As suggested by Thomas Gleixner, I'm following up to move on with
the SPDX tag needed for copyleft-next-0.3.1. I've split this out
from the test_sysfs selftest so to separate review from that.
Changes on this v10:
o embraced paragraph from Thomas Gleixner which helps explain why
the OR operator in the SPDX license name
o dropped the GPL-2.0 and GPL-2.0+ tags as suggested by Thomas Gleixner
as these are outdated (still valid) in the SPDX spec
o trimmed the Cc list to remove the test_sysfs / block layer / fs folks as
the test_sysfs stuff is now dropped from consideration in this series
The last series was at v9 but it also had the test_sysfs and its
changes, its history can be found here:
https://lore.kernel.org/all/20211029184500.2821444-1-mcgrof@kernel.org/
Luis Chamberlain (2):
LICENSES: Add the copyleft-next-0.3.1 license
testing: use the copyleft-next-0.3.1 SPDX tag
LICENSES/dual/copyleft-next-0.3.1 | 236 +++++++++++++++++++++++
lib/test_kmod.c | 12 +-
lib/test_sysctl.c | 12 +-
tools/testing/selftests/kmod/kmod.sh | 13 +-
tools/testing/selftests/sysctl/sysctl.sh | 12 +-
5 files changed, 240 insertions(+), 45 deletions(-)
create mode 100644 LICENSES/dual/copyleft-next-0.3.1
--
2.35.1
In the test_icr() function in xapic_state_test, one of the for loops is
initialized with vcpu->id. Fix this assumption that vcpu->id is 0 so
that IPIs are correctly sent to non-existent vCPUs [1].
Suggested-by: Sean Christopherson <seanjc(a)google.com>
Signed-off-by: Gautam Menghani <gautammenghani201(a)gmail.com>
---
[1] https://lore.kernel.org/kvm/YyoZr9rXSSMEtdh5@google.com/
tools/testing/selftests/kvm/x86_64/xapic_state_test.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/kvm/x86_64/xapic_state_test.c b/tools/testing/selftests/kvm/x86_64/xapic_state_test.c
index 6f7a5ef66718..d7d37dae3eeb 100644
--- a/tools/testing/selftests/kvm/x86_64/xapic_state_test.c
+++ b/tools/testing/selftests/kvm/x86_64/xapic_state_test.c
@@ -114,7 +114,9 @@ static void test_icr(struct xapic_vcpu *x)
* vCPUs, not vcpu.id + 1. Arbitrarily use vector 0xff.
*/
icr = APIC_INT_ASSERT | 0xff;
- for (i = vcpu->id + 1; i < 0xff; i++) {
+ for (i = 0; i < 0xff; i++) {
+ if (i == vcpu->id)
+ continue;
for (j = 0; j < 8; j++)
__test_icr(x, i << (32 + 24) | icr | (j << 8));
}
--
2.34.1
The wordings of step-by-step instructions on writing the first Kunit test
are instructing readers to write codes without knowing what these are about.
Rewrite these instructions to include the purpose of written code.
While at it, align the code blocks of these contents.
Signed-off-by: Bagas Sanjaya <bagasdotme(a)gmail.com>
---
Changes since v1 [1]:
- Fix jumped list numbering on writing the feature
This patch is based on Khalid's full path to .kunitconfig patch [2].
[1]: https://lore.kernel.org/linux-doc/20220929125458.52979-1-bagasdotme@gmail.c…
[2]: https://lore.kernel.org/linux-doc/20220929085332.4155-1-khalid.masum.92@gma…
Documentation/dev-tools/kunit/start.rst | 40 ++++++++++++++-----------
1 file changed, 22 insertions(+), 18 deletions(-)
diff --git a/Documentation/dev-tools/kunit/start.rst b/Documentation/dev-tools/kunit/start.rst
index 7999874dc4ddb3..c0a5adf6d8d665 100644
--- a/Documentation/dev-tools/kunit/start.rst
+++ b/Documentation/dev-tools/kunit/start.rst
@@ -131,17 +131,19 @@ are built-in. Otherwise the module will need to be loaded.
Writing Your First Test
=======================
-In your kernel repository, let's add some code that we can test.
+In your kernel repository, let's add some code that we can test. For this
+purpose, we are going to add simple addition driver.
-1. Create a file ``drivers/misc/example.h``, which includes:
+1. Write the feature that will be tested. First, write the declaration
+ for ``misc_example_add()`` in ``drivers/misc/example.h``:
-.. code-block:: c
+ .. code-block:: c
int misc_example_add(int left, int right);
-2. Create a file ``drivers/misc/example.c``, which includes:
+ Then implement the function in ``drivers/misc/example.c``:
-.. code-block:: c
+ .. code-block:: c
#include <linux/errno.h>
@@ -152,24 +154,25 @@ In your kernel repository, let's add some code that we can test.
return left + right;
}
-3. Add the following lines to ``drivers/misc/Kconfig``:
+2. Add Kconfig menu entry for the feature to ``drivers/misc/Kconfig``:
-.. code-block:: kconfig
+ .. code-block:: kconfig
config MISC_EXAMPLE
bool "My example"
-4. Add the following lines to ``drivers/misc/Makefile``:
+3. Add the kbuild goal that will build the feature to
+ ``drivers/misc/Makefile``:
-.. code-block:: make
+ .. code-block:: make
obj-$(CONFIG_MISC_EXAMPLE) += example.o
Now we are ready to write the test cases.
-1. Add the below test case in ``drivers/misc/example_test.c``:
+1. Write the test in ``drivers/misc/example_test.c``:
-.. code-block:: c
+ .. code-block:: c
#include <kunit/test.h>
#include "example.h"
@@ -202,31 +205,32 @@ Now we are ready to write the test cases.
};
kunit_test_suite(misc_example_test_suite);
-2. Add the following lines to ``drivers/misc/Kconfig``:
+2. Add following Kconfig entry for the test to ``drivers/misc/Kconfig``:
-.. code-block:: kconfig
+ .. code-block:: kconfig
config MISC_EXAMPLE_TEST
tristate "Test for my example" if !KUNIT_ALL_TESTS
depends on MISC_EXAMPLE && KUNIT=y
default KUNIT_ALL_TESTS
-3. Add the following lines to ``drivers/misc/Makefile``:
+3. Add kbuild goal of the test to ``drivers/misc/Makefile``:
-.. code-block:: make
+ .. code-block:: make
obj-$(CONFIG_MISC_EXAMPLE_TEST) += example_test.o
-4. Add following configuration fragments to ``.kunit/.kunitconfig``:
+4. Add following configuration fragments for the test to
+ ``.kunit/.kunitconfig``:
-.. code-block:: none
+ .. code-block:: none
CONFIG_MISC_EXAMPLE=y
CONFIG_MISC_EXAMPLE_TEST=y
5. Run the test:
-.. code-block:: bash
+ .. code-block:: bash
./tools/testing/kunit/kunit.py run
--
An old man doll... just what I always wanted! - Clara
There a couple of spelling mistakes, one in a literal string and one
in a comment. Fix them.
Signed-off-by: Colin Ian King <colin.i.king(a)gmail.com>
---
tools/testing/selftests/bpf/verifier/calls.c | 2 +-
tools/testing/selftests/bpf/verifier/var_off.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/bpf/verifier/calls.c b/tools/testing/selftests/bpf/verifier/calls.c
index 3fb4f69b1962..e1a937277b54 100644
--- a/tools/testing/selftests/bpf/verifier/calls.c
+++ b/tools/testing/selftests/bpf/verifier/calls.c
@@ -284,7 +284,7 @@
.result = ACCEPT,
},
{
- "calls: not on unpriviledged",
+ "calls: not on unprivileged",
.insns = {
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 2),
BPF_MOV64_IMM(BPF_REG_0, 1),
diff --git a/tools/testing/selftests/bpf/verifier/var_off.c b/tools/testing/selftests/bpf/verifier/var_off.c
index 187c6f6e32bc..d37f512fad16 100644
--- a/tools/testing/selftests/bpf/verifier/var_off.c
+++ b/tools/testing/selftests/bpf/verifier/var_off.c
@@ -121,7 +121,7 @@
BPF_EXIT_INSN(),
},
.fixup_map_hash_8b = { 1 },
- /* The unpriviledged case is not too interesting; variable
+ /* The unprivileged case is not too interesting; variable
* stack access is rejected.
*/
.errstr_unpriv = "R2 variable stack access prohibited for !root",
--
2.37.1
From: Roberto Sassu <roberto.sassu(a)huawei.com>
===
All credits of this patch set go to Lorenz Bauer <oss(a)lmb.io>, as he
identified this issue and proposed a number of solutions.
===
Lorenz presented at the Linux Plumbers EU 2022 a talk with title 'Closing
the BPF map permission loophole', where he reported that read-only fds can
be used for map update operations, if they were provided to eBPF programs.
This work initially started as PoC to reproduce the reported bug, and
became the test for validating an idea on how to fix the bug.
Patch 1 adds a dependency necessary for the tests.
The actual fix, in patch 2, is relatively simple. It is based on an already
existing enforcement mechanism in the eBPF verifier for map flags. As
Lorenz mentioned, a problem would be backporting this fix to stable kernels
which don't have that enforcement mechanism. However, backporting just the
enforcement mechanism itself (without introducing the new map flags and
allowing user space to use them) could meet the stable kernel criteria.
Alternatively, a completely different fix can be developed for older stable
kernels, like what Lorenz suggested, to refuse fds which are not
read/write.
Finally, patch 3 introduces the tests.
Roberto Sassu (3):
libbpf: Define bpf_get_fd_opts and introduce
bpf_map_get_fd_by_id_opts()
bpf: Enforce granted permissions in a map fd at verifier level
selftests/bpf: Test enforcement of map fd permissions at verifier
level
include/linux/bpf.h | 13 +
include/linux/bpf_verifier.h | 1 +
kernel/bpf/verifier.c | 26 +-
tools/lib/bpf/bpf.c | 12 +-
tools/lib/bpf/bpf.h | 10 +
tools/lib/bpf/libbpf.map | 3 +-
.../selftests/bpf/prog_tests/map_fd_perm.c | 227 ++++++++++++++++++
7 files changed, 288 insertions(+), 4 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/map_fd_perm.c
--
2.25.1
Hi!
>
> On 30.09.22 08:35, Zhao Gongyi wrote:
> > Some momory will be left in offline state when calling
> > offline_memory_expect_fail() failed. Restore it before exit.
> >
> > Signed-off-by: Zhao Gongyi <zhaogongyi(a)huawei.com>
> > ---
> > .../memory-hotplug/mem-on-off-test.sh | 21
> ++++++++++++++-----
> > 1 file changed, 16 insertions(+), 5 deletions(-)
> >
> > diff --git a/tools/testing/selftests/memory-hotplug/mem-on-off-test.sh
> b/tools/testing/selftests/memory-hotplug/mem-on-off-test.sh
> > index 1d87611a7d52..91a7457616bb 100755
> > --- a/tools/testing/selftests/memory-hotplug/mem-on-off-test.sh
> > +++ b/tools/testing/selftests/memory-hotplug/mem-on-off-test.sh
> > @@ -134,6 +134,16 @@ offline_memory_expect_fail()
> > return 0
> > }
> >
> > +online_all_offline_memory()
> > +{
> > + for memory in `hotpluggable_offline_memory`; do
> > + if ! online_memory_expect_success $memory; then
> > + echo "$FUNCNAME $memory: unexpected fail" >&2
>
> Do we need that output?
In my opinion, if online a memory node failed ,it should be a kernel bug catched, so, I think the output here is needed.
Thanks!
Gongyi
1. Add checking after online or offline
2. Restore memory before exit
3. Adjust log info for maintainability
4. Correct test's name
Changes in v5:
- Adjust log info for maintainability
Changes in v4:
- Remove redundant log information
Changes in v3:
- Remove 2 obselute patches
Zhao Gongyi (4):
selftests/memory-hotplug: Add checking after online or offline
selftests/memory-hotplug: Restore memory before exit
selftests/memory-hotplug: Adjust log info for maintainability
docs: notifier-error-inject: Correct test's name
.../fault-injection/notifier-error-inject.rst | 4 +--
.../memory-hotplug/mem-on-off-test.sh | 34 +++++++++++++++----
2 files changed, 29 insertions(+), 9 deletions(-)
--
2.17.1
The fourth list item on writing test cases instructs adding Kconfig
fragments to .kunitconfig, which should have been full path to the file
(.kunit/.kunitconfig).
Cc: Sadiya Kazi <sadiyakazi(a)google.com>
Cc: David Gow <davidgow(a)google.com>
Suggested-by: Bagas Sanjaya <bagasdotme(a)gmail.com>
Signed-off-by: Khalid Masum <khalid.masum.92(a)gmail.com>
---
Changes since v1:
- Update commit message
- Make the instruction more descriptive
Documentation/dev-tools/kunit/start.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/dev-tools/kunit/start.rst b/Documentation/dev-tools/kunit/start.rst
index 867a4bba6bf6..69361065cda6 100644
--- a/Documentation/dev-tools/kunit/start.rst
+++ b/Documentation/dev-tools/kunit/start.rst
@@ -217,7 +217,7 @@ Now we are ready to write the test cases.
obj-$(CONFIG_MISC_EXAMPLE_TEST) += example_test.o
-4. Add the following lines to ``.kunitconfig``:
+4. Add following configuration fragments to ``.kunit/.kunitconfig``:
.. code-block:: none
--
2.37.3
This patch set extends the locked port feature for devices
that are behind a locked port, but do not have the ability to
authorize themselves as a supplicant using IEEE 802.1X.
Such devices can be printers, meters or anything related to
fixed installations. Instead of 802.1X authorization, devices
can get access based on their MAC addresses being whitelisted.
For an authorization daemon to detect that a device is trying
to get access through a locked port, the bridge will add the
MAC address of the device to the FDB with a locked flag to it.
Thus the authorization daemon can catch the FDB add event and
check if the MAC address is in the whitelist and if so replace
the FDB entry without the locked flag enabled, and thus open
the port for the device.
This feature is known as MAC-Auth or MAC Authentication Bypass
(MAB) in Cisco terminology, where the full MAB concept involves
additional Cisco infrastructure for authorization. There is no
real authentication process, as the MAC address of the device
is the only input the authorization daemon, in the general
case, has to base the decision if to unlock the port or not.
With this patch set, an implementation of the offloaded case is
supplied for the mv88e6xxx driver. When a packet ingresses on
a locked port, an ATU miss violation event will occur. When
handling such ATU miss violation interrupts, the MAC address of
the device is added to the FDB with a zero destination port
vector (DPV) and the MAC address is communicated through the
switchdev layer to the bridge, so that a FDB entry with the
locked flag enabled can be added.
Log:
v3: Added timers and lists in the driver (mv88e6xxx)
to keep track of and remove locked entries.
v4: Leave out enforcing a limit to the number of
locked entries in the bridge.
Removed the timers in the driver and use the
worker only. Add locked FDB flag to all drivers
using port_fdb_add() from the dsa api and let
all drivers ignore entries with this flag set.
Change how to get the ageing timeout of locked
entries. See global1_atu.c and switchdev.c.
Use struct mv88e6xxx_port for locked entries
variables instead of struct dsa_port.
v5: Added 'mab' flag to enable MAB/MacAuth feature,
in a similar way to the locked feature flag.
In these implementations for the mv88e6xxx, the
switchport must be configured with learning on.
To tell userspace about the behavior of the
locked entries in the driver, a 'blackhole'
FDB flag has been added, which locked FDB
entries coming from the driver gets. Also the
'sticky' flag comes with those locked entries,
as the drivers locked entries cannot roam.
Fixed issues with taking mutex locks, and added
a function to read the fid, that supports all
versions of the chipset family.
Hans Schultz (6):
net: bridge: add locked entry fdb flag to extend locked port feature
net: switchdev: add support for offloading of fdb locked flag
drivers: net: dsa: add locked fdb entry flag to drivers
net: dsa: mv88e6xxx: allow reading FID when handling ATU violations
net: dsa: mv88e6xxx: MacAuth/MAB implementation
selftests: forwarding: add test of MAC-Auth Bypass to locked port
tests
drivers/net/dsa/b53/b53_common.c | 5 +
drivers/net/dsa/b53/b53_priv.h | 1 +
drivers/net/dsa/hirschmann/hellcreek.c | 5 +
drivers/net/dsa/lan9303-core.c | 5 +
drivers/net/dsa/lantiq_gswip.c | 5 +
drivers/net/dsa/microchip/ksz_common.c | 5 +
drivers/net/dsa/mt7530.c | 5 +
drivers/net/dsa/mv88e6xxx/Makefile | 1 +
drivers/net/dsa/mv88e6xxx/chip.c | 81 ++++-
drivers/net/dsa/mv88e6xxx/chip.h | 19 ++
drivers/net/dsa/mv88e6xxx/global1.h | 1 +
drivers/net/dsa/mv88e6xxx/global1_atu.c | 76 ++++-
drivers/net/dsa/mv88e6xxx/port.c | 15 +-
drivers/net/dsa/mv88e6xxx/port.h | 6 +
drivers/net/dsa/mv88e6xxx/switchdev.c | 285 ++++++++++++++++++
drivers/net/dsa/mv88e6xxx/switchdev.h | 37 +++
drivers/net/dsa/ocelot/felix.c | 5 +
drivers/net/dsa/qca/qca8k-common.c | 5 +
drivers/net/dsa/qca/qca8k.h | 1 +
drivers/net/dsa/sja1105/sja1105_main.c | 7 +-
include/linux/if_bridge.h | 1 +
include/net/dsa.h | 1 +
include/net/switchdev.h | 3 +
include/uapi/linux/if_link.h | 1 +
include/uapi/linux/neighbour.h | 4 +-
net/bridge/br.c | 5 +-
net/bridge/br_fdb.c | 43 ++-
net/bridge/br_input.c | 16 +-
net/bridge/br_netlink.c | 9 +-
net/bridge/br_private.h | 7 +-
net/bridge/br_switchdev.c | 5 +-
net/dsa/dsa_priv.h | 4 +-
net/dsa/port.c | 7 +-
net/dsa/slave.c | 4 +-
net/dsa/switch.c | 10 +-
.../net/forwarding/bridge_locked_port.sh | 107 ++++++-
.../net/forwarding/bridge_sticky_fdb.sh | 21 +-
37 files changed, 768 insertions(+), 50 deletions(-)
create mode 100644 drivers/net/dsa/mv88e6xxx/switchdev.c
create mode 100644 drivers/net/dsa/mv88e6xxx/switchdev.h
--
2.30.2
A few small updates for fp-stress, improving the usability with
signal handling a bit.
Mark Brown (3):
kselftest/arm64: Don't repeat termination handler for fp-stress
kselftest/arm64: Flag fp-stress as exiting when we begin finishing up
kselftest/arm64: Handle EINTR while reading data from children
tools/testing/selftests/arm64/fp/fp-stress.c | 90 ++++++++++++--------
1 file changed, 55 insertions(+), 35 deletions(-)
base-commit: ea84edbf08025e592f58b0d9b282777a9ca9fb22
--
2.30.2
Currently we set -march=armv8.5+memtag when building the MTE selftests,
allowing the compiler to emit v8.5 and MTE instructions for anything it
generates. This means that we may get code that will generate SIGILLs when
run on older systems rather than skipping on non-MTE systems as should be
the case. Most toolchains don't select any incompatible instructions but
I have seen some reports which suggest that some may be appearing which do
so. This is also potentially problematic in that if the compiler chooses to
emit any MTE instructions for the C code it may interfere with the MTE
usage we are trying to test.
Since the only reason we are specifying this option is to allow us to
assemble MTE instructions in mte_helper.S we can avoid these issues by
moving to using a .arch directive there and adding the -march explicitly to
the toolchain support check instead of the generic CFLAGS.
Signed-off-by: Mark Brown <broonie(a)kernel.org>
---
tools/testing/selftests/arm64/mte/Makefile | 5 +----
tools/testing/selftests/arm64/mte/mte_helper.S | 2 ++
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/arm64/mte/Makefile b/tools/testing/selftests/arm64/mte/Makefile
index a5a0744423d8..037046f5784e 100644
--- a/tools/testing/selftests/arm64/mte/Makefile
+++ b/tools/testing/selftests/arm64/mte/Makefile
@@ -11,11 +11,8 @@ LDFLAGS += -pthread
SRCS := $(filter-out mte_common_util.c,$(wildcard *.c))
PROGS := $(patsubst %.c,%,$(SRCS))
-#Add mte compiler option
-CFLAGS += -march=armv8.5-a+memtag
-
#check if the compiler works well
-mte_cc_support := $(shell if ($(CC) $(CFLAGS) -E -x c /dev/null -o /dev/null 2>&1) then echo "1"; fi)
+mte_cc_support := $(shell if ($(CC) $(CFLAGS) -march=armv8.5-a+memtag -E -x c /dev/null -o /dev/null 2>&1) then echo "1"; fi)
ifeq ($(mte_cc_support),1)
# Generated binaries to be installed by top KSFT script
diff --git a/tools/testing/selftests/arm64/mte/mte_helper.S b/tools/testing/selftests/arm64/mte/mte_helper.S
index a02c04cd0aac..a55dbbc56ed1 100644
--- a/tools/testing/selftests/arm64/mte/mte_helper.S
+++ b/tools/testing/selftests/arm64/mte/mte_helper.S
@@ -3,6 +3,8 @@
#include "mte_def.h"
+.arch armv8.5-a+memtag
+
#define ENTRY(name) \
.globl name ;\
.p2align 2;\
--
2.30.2
From: "Hans J. Schultz" <netdev(a)kapio-technology.com>
Verify that the MAC-Auth mechanism works by adding a FDB entry with the
locked flag set, denying access until the FDB entry is replaced with a
FDB entry without the locked flag set.
Add test of blackhole fdb entries, verifying that there is no forwarding
to a blackhole entry from any port, and that the blackhole entry can be
replaced.
Also add a test that verifies that sticky FDB entries cannot roam (this
is not needed for now, but should in general be present anyhow for future
applications).
Signed-off-by: Hans J. Schultz <netdev(a)kapio-technology.com>
---
.../net/forwarding/bridge_blackhole_fdb.sh | 102 +++++++++++++++++
.../net/forwarding/bridge_locked_port.sh | 106 +++++++++++++++++-
.../net/forwarding/bridge_sticky_fdb.sh | 21 +++-
tools/testing/selftests/net/forwarding/lib.sh | 18 +++
4 files changed, 245 insertions(+), 2 deletions(-)
create mode 100755 tools/testing/selftests/net/forwarding/bridge_blackhole_fdb.sh
diff --git a/tools/testing/selftests/net/forwarding/bridge_blackhole_fdb.sh b/tools/testing/selftests/net/forwarding/bridge_blackhole_fdb.sh
new file mode 100755
index 000000000000..54b1a51e1ed6
--- /dev/null
+++ b/tools/testing/selftests/net/forwarding/bridge_blackhole_fdb.sh
@@ -0,0 +1,102 @@
+#!/bin/bash
+# SPDX-License-Identifier: GPL-2.0
+
+ALL_TESTS="blackhole_fdb"
+NUM_NETIFS=4
+source lib.sh
+
+switch_create()
+{
+ ip link add dev br0 type bridge
+
+ ip link set dev $swp1 master br0
+ ip link set dev $swp2 master br0
+
+ ip link set dev br0 up
+ ip link set dev $h1 up
+ ip link set dev $swp1 up
+ ip link set dev $h2 up
+ ip link set dev $swp2 up
+
+ tc qdisc add dev $swp2 clsact
+}
+
+switch_destroy()
+{
+ tc qdisc del dev $swp2 clsact
+
+ ip link set dev $swp2 down
+ ip link set dev $h2 down
+ ip link set dev $swp1 down
+ ip link set dev $h1 down
+
+ ip link del dev br0
+}
+
+setup_prepare()
+{
+ h1=${NETIFS[p1]}
+ swp1=${NETIFS[p2]}
+ h2=${NETIFS[p3]}
+ swp2=${NETIFS[p4]}
+
+ switch_create
+}
+
+cleanup()
+{
+ pre_cleanup
+ switch_destroy
+}
+
+# Check that there is no egress with blackhole entry and that blackhole entries can be replaced
+blackhole_fdb()
+{
+ RET=0
+
+ check_blackhole_fdb_support || return 0
+
+ tc filter add dev $swp2 egress protocol ip pref 1 handle 1 flower \
+ dst_ip 192.0.2.2 ip_proto udp dst_port 12345 action pass
+
+ $MZ $h1 -c 1 -p 128 -t udp "sp=54321,dp=12345" \
+ -a own -b `mac_get $h2` -A 192.0.2.1 -B 192.0.2.2 -q
+
+ tc_check_packets "dev $swp2 egress" 1 1
+ check_err $? "Packet not seen on egress before adding blackhole entry"
+
+ bridge fdb add `mac_get $h2` dev br0 blackhole
+ bridge fdb get `mac_get $h2` br br0 | grep -q blackhole
+ check_err $? "Blackhole entry not found"
+
+ $MZ $h1 -c 1 -p 128 -t udp "sp=54321,dp=12345" \
+ -a own -b `mac_get $h2` -A 192.0.2.1 -B 192.0.2.2 -q
+
+ tc_check_packets "dev $swp2 egress" 1 1
+ check_err $? "Packet seen on egress after adding blackhole entry"
+
+ # Check blackhole entries can be replaced.
+ bridge fdb replace `mac_get $h2` dev $swp2 master static
+ bridge fdb get `mac_get $h2` br br0 | grep -q blackhole
+ check_fail $? "Blackhole entry found after replacement"
+
+ $MZ $h1 -c 1 -p 128 -t udp "sp=54321,dp=12345" \
+ -a own -b `mac_get $h2` -A 192.0.2.1 -B 192.0.2.2 -q
+
+ tc_check_packets "dev $swp2 egress" 1 2
+ check_err $? "Packet not seen on egress after replacing blackhole entry"
+
+ bridge fdb del `mac_get $h2` dev $swp2 master static
+ tc filter del dev $swp2 egress protocol ip pref 1 handle 1 flower
+
+ log_test "Blackhole FDB entry"
+}
+
+trap cleanup EXIT
+
+setup_prepare
+setup_wait
+
+tests_run
+
+exit $EXIT_STATUS
diff --git a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
index 5b02b6b60ce7..59b8b7666eab 100755
--- a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh
@@ -1,7 +1,15 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
-ALL_TESTS="locked_port_ipv4 locked_port_ipv6 locked_port_vlan"
+ALL_TESTS="
+ locked_port_ipv4
+ locked_port_ipv6
+ locked_port_vlan
+ locked_port_mab
+ locked_port_station_move
+ locked_port_mab_station_move
+"
+
NUM_NETIFS=4
CHECK_TC="no"
source lib.sh
@@ -166,6 +174,102 @@ locked_port_ipv6()
log_test "Locked port ipv6"
}
+locked_port_mab()
+{
+ RET=0
+ check_locked_port_support || return 0
+
+ ping_do $h1 192.0.2.2
+ check_err $? "MAB: Ping did not work before locking port"
+
+ bridge link set dev $swp1 locked on
+ check_port_mab_support $swp1 || return 0
+
+ ping_do $h1 192.0.2.2
+ check_fail $? "MAB: Ping worked on locked port without FDB entry"
+
+ bridge fdb show | grep `mac_get $h1` | grep -q "locked"
+ check_err $? "MAB: No locked fdb entry after ping on locked port"
+
+ bridge fdb replace `mac_get $h1` dev $swp1 master static
+
+ ping_do $h1 192.0.2.2
+ check_err $? "MAB: Ping did not work with fdb entry without locked flag"
+
+ bridge fdb del `mac_get $h1` dev $swp1 master
+ bridge link set dev $swp1 locked off mab off
+
+ log_test "Locked port MAB"
+}
+
+# No roaming allowed to a simple locked port
+locked_port_station_move()
+{
+ local mac=a0:b0:c0:c0:b0:a0
+
+ RET=0
+ check_locked_port_support || return 0
+
+ bridge link set dev $swp1 locked on
+
+ $MZ $h1 -q -t udp -a $mac -b rand
+ bridge fdb show dev $swp1 | grep "$mac vlan 1" | grep -q "master br0"
+ check_fail $? "Locked port station move: FDB entry on first injection"
+
+ $MZ $h2 -q -t udp -a $mac -b rand
+ bridge fdb show dev $swp2 | grep "$mac vlan 1" | grep -q "master br0"
+ check_err $? "Locked port station move: Entry not found on unlocked port"
+
+ $MZ $h1 -q -t udp -a $mac -b rand
+ bridge fdb show dev $swp1 | grep "$mac vlan 1" | grep -q "master br0"
+ check_fail $? "Locked port station move: entry roamed to locked port"
+
+ bridge link set dev $swp1 locked off
+
+ log_test "Locked port station move"
+}
+
+# Roaming to and from a MAB enabled port should work if sticky flag is not set
+locked_port_mab_station_move()
+{
+ local mac=10:20:30:30:20:10
+
+ RET=0
+ check_locked_port_support || return 0
+
+ bridge link set dev $swp1 locked on
+
+ check_port_mab_support $swp1 || return 0
+
+ $MZ $h1 -q -t udp -a $mac -b rand
+ if bridge fdb show dev $swp1 | grep "$mac vlan 1" | grep -q "permanent"; then
+ echo "SKIP: Roaming not possible with local flag, skipping test..."
+ bridge link set dev $swp1 locked off mab off
+ return $ksft_skip
+ fi
+
+ bridge fdb show dev $swp1 | grep "$mac vlan 1" | grep -q "locked"
+ check_err $? "MAB station move: no locked entry on first injection"
+
+ $MZ $h2 -q -t udp -a $mac -b rand
+ bridge fdb show dev $swp1 | grep "$mac vlan 1" | grep -q "locked"
+ check_fail $? "MAB station move: locked entry did not move"
+
+ bridge fdb show dev $swp2 | grep "$mac vlan 1" | grep -q "locked"
+ check_fail $? "MAB station move: roamed entry to unlocked port had locked flag on"
+
+ bridge fdb show dev $swp2 | grep "$mac vlan 1" | grep -q "master br0"
+ check_err $? "MAB station move: roamed entry not found"
+
+ $MZ $h1 -q -t udp -a $mac -b rand
+ bridge fdb show dev $swp1 | grep "$mac vlan 1" | grep "master br0" | grep -q "locked"
+ check_fail $? "MAB station move: entry roamed back to locked port"
+
+ bridge link set dev $swp1 locked off mab off
+
+ log_test "Locked port MAB station move"
+}
+
trap cleanup EXIT
setup_prepare
diff --git a/tools/testing/selftests/net/forwarding/bridge_sticky_fdb.sh b/tools/testing/selftests/net/forwarding/bridge_sticky_fdb.sh
index 1f8ef0eff862..bca77bc3fe09 100755
--- a/tools/testing/selftests/net/forwarding/bridge_sticky_fdb.sh
+++ b/tools/testing/selftests/net/forwarding/bridge_sticky_fdb.sh
@@ -1,7 +1,7 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
-ALL_TESTS="sticky"
+ALL_TESTS="sticky sticky_no_roaming"
NUM_NETIFS=4
TEST_MAC=de:ad:be:ef:13:37
source lib.sh
@@ -59,6 +59,25 @@ sticky()
log_test "Sticky fdb entry"
}
+# No roaming allowed with the sticky flag set
+sticky_no_roaming()
+{
+ local mac=a8:b4:c2:c2:b4:a8
+
+ RET=0
+
+ bridge link set dev $swp2 learning on
+ bridge fdb add $mac dev $swp1 master static sticky
+ bridge fdb show dev $swp1 | grep "$mac master br0" | grep -q sticky
+ check_err $? "Sticky no roaming: No sticky FDB entry found after adding"
+
+ $MZ $h2 -q -t udp -c 10 -d 100msec -a $mac -b rand
+ bridge fdb show dev $swp2 | grep "$mac master br0" | grep -q sticky
+ check_fail $? "Sticky no roaming: Sticky entry roamed"
+
+ log_test "Sticky no roaming"
+}
+
trap cleanup EXIT
setup_prepare
diff --git a/tools/testing/selftests/net/forwarding/lib.sh b/tools/testing/selftests/net/forwarding/lib.sh
index 3ffb9d6c0950..642fbf217c20 100755
--- a/tools/testing/selftests/net/forwarding/lib.sh
+++ b/tools/testing/selftests/net/forwarding/lib.sh
@@ -137,6 +137,24 @@ check_locked_port_support()
fi
}
+check_port_mab_support()
+{
+ local dev=$1;
+
+ if ! bridge link set dev $dev mab on 2>/dev/null; then
+ echo "SKIP: iproute2 too old; MacAuth feature not supported."
+ return $ksft_skip
+ fi
+}
+
+check_blackhole_fdb_support()
+{
+ if ! bridge fdb help | grep -q "blackhole"; then
+ echo "SKIP: Blackhole fdb feature not supported."
+ return $ksft_skip
+ fi
+}
+
if [[ "$(id -u)" -ne 0 ]]; then
echo "SKIP: need root privileges"
exit $ksft_skip
--
2.34.1
While running kselftest arm64 tests the following list of tests
were missing which means those test binaries not installed on to the rootfs.
Not a part of "make install" do we need to fix Makefiles ?
or am I missing something on the build machine ?
We are building on the one machine and testing on multiple arm64 target
devices. Please refer to build log [1] and test log [2].
# selftests: arm64: fp-stress
# Warning: file fp-stress is missing!
# selftests: arm64: sve-ptrace
# Warning: file sve-ptrace is missing!
# selftests: arm64: vec-syscfg
# Warning: file vec-syscfg is missing!
# selftests: arm64: za-ptrace
# Warning: file za-ptrace is missing!
# selftests: arm64: hwcap
# Warning: file hwcap is missing!
# selftests: arm64: ptrace
# Warning: file ptrace is missing!
# selftests: arm64: syscall-abi
# Warning: file syscall-abi is missing!
Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org>
[1] Build log: click on log.do_compile file link
https://storage.lkft.org/rootfs-kselftest/oe-kirkstone/20220927-202538/juno/
[2] Test log: click on full log file link
https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20220923/te…
- Naresh
Hello,
The aim of this patch series is to improve the resctrl selftest.
The first three patches clear redundant code.
The last two patches are bug fixes. Without the two fixes,
some unnecessary processing will be executed and test results
will be confusing. There is no behavior change in test themselves.
[patch 1] Because the default schemata is 100% , in MBM test
it is not necessary to reset schemata by write_schemata().
[patch 2] Delete CMT-related processing in write_schemata() which is
not called by CMT.
[patch 3] Before exiting each test CMT/CAT/MBM/MBA, clear test result
files function cat/cmt/mbm/mba_test_cleanup() are called twice.
Delete once.
[patch 4] If there is an exception occurs after creating a child
process with fork() in the CAT test, kill the child process
before terminating the parent process.
[patch 5] When a child process is created by fork(), the buffer of the
parent process is also copied. Flush the buffer before executing fork().
This patch series is based on Linux v6.0-rc5
Shaopeng Tan (5):
selftests/resctrl: Clear unused initalization code in MBM tests
selftests/resctrl: Clear unused common codes called by CAT/MBA tests
testing/selftests: Remove duplicate codes that clear each test result
file
selftests/resctrl: Kill the child process before exiting the parent
process if an exception occurs
selftests/resctrl: Flush stdout file buffer before executing fork()
tools/testing/selftests/resctrl/cat_test.c | 17 +++++++++--------
tools/testing/selftests/resctrl/cmt_test.c | 2 --
tools/testing/selftests/resctrl/mba_test.c | 2 --
tools/testing/selftests/resctrl/mbm_test.c | 19 ++++++-------------
tools/testing/selftests/resctrl/resctrl_val.c | 1 +
tools/testing/selftests/resctrl/resctrlfs.c | 7 +++----
6 files changed, 19 insertions(+), 29 deletions(-)
--
2.27.0
The wordings of step-by-step instructions on writing the first Kunit test
are instructing readers to write codes without knowing what these are about.
Rewrite these instructions to include the purpose of written code.
While at it, align the code blocks of these contents.
Signed-off-by: Bagas Sanjaya <bagasdotme(a)gmail.com>
---
This patch is based on Khalid's full path to .kunitconfig patch [1].
[1]: https://lore.kernel.org/linux-doc/20220929085332.4155-1-khalid.masum.92@gma…
Documentation/dev-tools/kunit/start.rst | 40 ++++++++++++++-----------
1 file changed, 22 insertions(+), 18 deletions(-)
diff --git a/Documentation/dev-tools/kunit/start.rst b/Documentation/dev-tools/kunit/start.rst
index 7999874dc4ddb3..9628360947507b 100644
--- a/Documentation/dev-tools/kunit/start.rst
+++ b/Documentation/dev-tools/kunit/start.rst
@@ -131,17 +131,19 @@ are built-in. Otherwise the module will need to be loaded.
Writing Your First Test
=======================
-In your kernel repository, let's add some code that we can test.
+In your kernel repository, let's add some code that we can test. For this
+purpose, we are going to add simple addition driver.
-1. Create a file ``drivers/misc/example.h``, which includes:
+1. Write the feature that will be tested. First, write the declaration
+ for ``misc_example_add()`` in ``drivers/misc/example.h``:
-.. code-block:: c
+ .. code-block:: c
int misc_example_add(int left, int right);
-2. Create a file ``drivers/misc/example.c``, which includes:
+ Then implement the function in ``drivers/misc/example.c``:
-.. code-block:: c
+ .. code-block:: c
#include <linux/errno.h>
@@ -152,24 +154,25 @@ In your kernel repository, let's add some code that we can test.
return left + right;
}
-3. Add the following lines to ``drivers/misc/Kconfig``:
+3. Add Kconfig menu entry for the feature to ``drivers/misc/Kconfig``:
-.. code-block:: kconfig
+ .. code-block:: kconfig
config MISC_EXAMPLE
bool "My example"
-4. Add the following lines to ``drivers/misc/Makefile``:
+4. Add the kbuild goal that will build the feature to
+ ``drivers/misc/Makefile``:
-.. code-block:: make
+ .. code-block:: make
obj-$(CONFIG_MISC_EXAMPLE) += example.o
Now we are ready to write the test cases.
-1. Add the below test case in ``drivers/misc/example_test.c``:
+1. Write the test in ``drivers/misc/example_test.c``:
-.. code-block:: c
+ .. code-block:: c
#include <kunit/test.h>
#include "example.h"
@@ -202,31 +205,32 @@ Now we are ready to write the test cases.
};
kunit_test_suite(misc_example_test_suite);
-2. Add the following lines to ``drivers/misc/Kconfig``:
+2. Add following Kconfig entry for the test to ``drivers/misc/Kconfig``:
-.. code-block:: kconfig
+ .. code-block:: kconfig
config MISC_EXAMPLE_TEST
tristate "Test for my example" if !KUNIT_ALL_TESTS
depends on MISC_EXAMPLE && KUNIT=y
default KUNIT_ALL_TESTS
-3. Add the following lines to ``drivers/misc/Makefile``:
+3. Add kbuild goal of the test to ``drivers/misc/Makefile``:
-.. code-block:: make
+ .. code-block:: make
obj-$(CONFIG_MISC_EXAMPLE_TEST) += example_test.o
-4. Add following configuration fragments to ``.kunit/.kunitconfig``:
+4. Add following configuration fragments for the test to
+ ``.kunit/.kunitconfig``:
-.. code-block:: none
+ .. code-block:: none
CONFIG_MISC_EXAMPLE=y
CONFIG_MISC_EXAMPLE_TEST=y
5. Run the test:
-.. code-block:: bash
+ .. code-block:: bash
./tools/testing/kunit/kunit.py run
--
An old man doll... just what I always wanted! - Clara
Hi!
>
> On 29.09.22 09:39, zhaogongyi wrote:
> > Hi,
> >
> > We can not get the EBUSY from " echo 0 >
> /sys/devices/system/memory/memoryxxx/online", maybe, redirect the error
> ouput to /dev/null is suitable when calling offline_memory_expect_success():
> >
> > # sh mem-on-off-test.sh -a
> > mem-on-off-test.sh: illegal option -- a Test scope: 2% hotplug memory
> > online all hot-pluggable memory in offline state:
> > SKIPPED - no hot-pluggable memory in offline state
> > offline 2% hot-pluggable memory in online state
> > trying to offline 4 out of 192 memory block(s):
> > online->offline memory0
> > online->offline memory10
> > online->offline memory100
> > online->offline memory101
> > online->offline memory102
> > online->offline memory103
> > online->offline memory104
> > online->offline memory105
> > online->offline memory106
> > online->offline memory107
> > online->offline memory108
> > online->offline memory109
> > online->offline memory11
> > online->offline memory110
> > online->offline memory111
> > online->offline memory112
> > online->offline memory113
> > online->offline memory114
> > online->offline memory115
> > online->offline memory116
> > online->offline memory117
> > online->offline memory118
> > online->offline memory119
> > online->offline memory12
> > online->offline memory120
> > online->offline memory121
> > online->offline memory122
> > online->offline memory123
> > online->offline memory124
>
> Can we have here an output like
>
> online->offline memory0
> -> Failure
> online->offline memory10
> -> Success
>
> That would make much more sense for debugging purposes and understanding
> what is happening here. I was primarily concerned about the misleading error
> message, that indicated that something is "unexpected" -- it's perfectly
> reasonable here to *expect* that offlining a random memory blocks just fails.
Yes, I will submit a new version of patches to implement it as your suggestiones:
1. Redirect misleading msg to /dev/null
2. Add an output for online->offline test
Thanks!
>
> --
> Thanks,
>
> David / dhildenb
Commit 6fc3a8636a7b ("kunit: tool: Enable virtio/PCI by default on UML")
made it so we enable these options by default for UML.
Specifying them here is now redundant.
Signed-off-by: Daniel Latypov <dlatypov(a)google.com>
---
tools/testing/kunit/configs/all_tests_uml.config | 2 --
1 file changed, 2 deletions(-)
diff --git a/tools/testing/kunit/configs/all_tests_uml.config b/tools/testing/kunit/configs/all_tests_uml.config
index bdee36bef4a3..f990cbb73250 100644
--- a/tools/testing/kunit/configs/all_tests_uml.config
+++ b/tools/testing/kunit/configs/all_tests_uml.config
@@ -16,8 +16,6 @@ CONFIG_EXT4_FS=y
CONFIG_MSDOS_FS=y
CONFIG_VFAT_FS=y
-CONFIG_VIRTIO_UML=y
-CONFIG_UML_PCI_OVER_VIRTIO=y
CONFIG_PCI=y
CONFIG_USB4=y
base-commit: 0b3acd1cc0222953035d18176b1e4aa06624fd6e
--
2.37.2.789.g6183377224-goog
Hi,
We can not get the EBUSY from " echo 0 > /sys/devices/system/memory/memoryxxx/online", maybe, redirect the error ouput to /dev/null is suitable when calling offline_memory_expect_success():
# sh mem-on-off-test.sh -a
mem-on-off-test.sh: illegal option -- a
Test scope: 2% hotplug memory
online all hot-pluggable memory in offline state:
SKIPPED - no hot-pluggable memory in offline state
offline 2% hot-pluggable memory in online state
trying to offline 4 out of 192 memory block(s):
online->offline memory0
online->offline memory10
online->offline memory100
online->offline memory101
online->offline memory102
online->offline memory103
online->offline memory104
online->offline memory105
online->offline memory106
online->offline memory107
online->offline memory108
online->offline memory109
online->offline memory11
online->offline memory110
online->offline memory111
online->offline memory112
online->offline memory113
online->offline memory114
online->offline memory115
online->offline memory116
online->offline memory117
online->offline memory118
online->offline memory119
online->offline memory12
online->offline memory120
online->offline memory121
online->offline memory122
online->offline memory123
online->offline memory124
online all hot-pluggable memory in offline state:
offline->online memory121
offline->online memory122
offline->online memory123
offline->online memory124
Test with memory notifier error injection
# echo $?
0
Thanks!
Gongyi
>
>
> >> Reviewed-by: David Hildenbrand <david(a)redhat.com>
> >>
> >>
> >> I am questioning the stability of the offlining test, though.
> >> Offlining a random memory block can fail easily, because
> >> "->removable" is not
> >> expressive:
> >>
> >> # tools/testing/selftests/memory-hotplug/mem-on-off-test.sh
> >> Test scope: 2% hotplug memory
> >> online all hot-pluggable memory in offline state:
> >> SKIPPED - no hot-pluggable memory in offline state
> >> offline 2% hot-pluggable memory in online state
> >> trying to offline 2 out of 96 memory block(s):
> >> online->offline memory0
> >> tools/testing/selftests/memory-hotplug/mem-on-off-test.sh: line 78: echo:
> >> write error: Invalid argument offline_memory_expect_success 0:
> >> unexpected fail
> >> online->offline memory10
> >> online->offline memory11
> >>
> >>
> >> I guess this test will almost always fail nowadays.
> >
> > Offline some memory node maybe failed as expected, but the error message
> is a bit annoying.
>
> Ah, I see it now. We try offlining two and fail offlining the first one.
> Can we silence that warning in that case somehow?
>
> --
> Thanks,
>
> David / dhildenb
The numbered list contains full path to every files that need to be
modified or created in order to implement misc-example kunit test.
Except for .kunitconfig. Which might make a newcommer confused about
where the file exists. Since there are multiple .kunitconfig files.
Fix this by using the full path to .kunitconfig.
Signed-off-by: Khalid Masum <khalid.masum.92(a)gmail.com>
---
Documentation/dev-tools/kunit/start.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/dev-tools/kunit/start.rst b/Documentation/dev-tools/kunit/start.rst
index 867a4bba6bf6..69361065cda6 100644
--- a/Documentation/dev-tools/kunit/start.rst
+++ b/Documentation/dev-tools/kunit/start.rst
@@ -217,7 +217,7 @@ Now we are ready to write the test cases.
obj-$(CONFIG_MISC_EXAMPLE_TEST) += example_test.o
-4. Add the following lines to ``.kunitconfig``:
+4. Add the following lines to ``.kunit/.kunitconfig``:
.. code-block:: none
--
2.37.3
There is a spelling mistake in some help text. Fix it.
Signed-off-by: Colin Ian King <colin.i.king(a)gmail.com>
---
tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c b/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c
index e19933ea34ca..62827d121c4f 100644
--- a/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c
+++ b/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c
@@ -211,7 +211,7 @@ static void help(char *name)
puts("");
printf("usage: %s [-h] [-p period_ms] [-t token]\n", name);
puts("");
- printf(" -p: The NX reclaim period in miliseconds.\n");
+ printf(" -p: The NX reclaim period in milliseconds.\n");
printf(" -t: The magic token to indicate environment setup is done.\n");
printf(" -r: The test has reboot permissions and can disable NX huge pages.\n");
puts("");
--
2.37.1
There is a spelling mistake in a printed message. Fix it.
Signed-off-by: Colin Ian King <colin.i.king(a)gmail.com>
---
tools/testing/selftests/sched/cs_prctl_test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/sched/cs_prctl_test.c b/tools/testing/selftests/sched/cs_prctl_test.c
index 8109b17dc764..62b579b601bf 100644
--- a/tools/testing/selftests/sched/cs_prctl_test.c
+++ b/tools/testing/selftests/sched/cs_prctl_test.c
@@ -267,7 +267,7 @@ int main(int argc, char *argv[])
if (setpgid(0, 0) != 0)
handle_error("process group");
- printf("\n## Create a thread/process/process group hiearchy\n");
+ printf("\n## Create a thread/process/process group hierarchy\n");
create_processes(num_processes, num_threads, procs);
need_cleanup = 1;
disp_processes(num_processes, procs);
--
2.37.1
v2:
- Added enable check in executor.c to prevent wrong error output from
kunit_tool.py when run against a KUnit disabled kernel
- kunit_tool.py now passes kunit.enable=1
- Flipped around logic of new config to KUNIT_DEFAULT_ENABLED
- Now load modules containing tests but not executing them
- Various message/description text clean up
There are some use cases where the kernel binary is desired to be the same
for both production and testing. This poses a problem for users of KUnit
as built-in tests will automatically run at startup and test modules
can still be loaded leaving the kernel in an unsafe state. There is a
"test" taint flag that gets set if a test runs but nothing to prevent
the execution.
This patch adds the kunit.enable module parameter that will need to be
set to true in addition to KUNIT being enabled for KUnit tests to run.
The default value is true giving backwards compatibility. However, for
the production+testing use case the new config option KUNIT_DEFAULT_ENABLED
can be set to N requiring the tester to opt-in by passing kunit.enable=1 to
the kernel.
Joe Fradley (2):
kunit: add kunit.enable to enable/disable KUnit test
kunit: no longer call module_info(test, "Y") for kunit modules
.../admin-guide/kernel-parameters.txt | 6 +++++
include/kunit/test.h | 3 ++-
lib/kunit/Kconfig | 11 +++++++++
lib/kunit/executor.c | 4 ++++
lib/kunit/test.c | 24 +++++++++++++++++++
tools/testing/kunit/kunit_kernel.py | 1 +
6 files changed, 48 insertions(+), 1 deletion(-)
--
2.37.1.595.g718a3a8f04-goog
There is a spelling mistake in a debug message. Fix it.
Signed-off-by: Colin Ian King <colin.i.king(a)gmail.com>
---
tools/testing/selftests/kvm/demand_paging_test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/kvm/demand_paging_test.c b/tools/testing/selftests/kvm/demand_paging_test.c
index 779ae54f89c4..56035d94c653 100644
--- a/tools/testing/selftests/kvm/demand_paging_test.c
+++ b/tools/testing/selftests/kvm/demand_paging_test.c
@@ -225,7 +225,7 @@ static void setup_demand_paging(struct kvm_vm *vm,
PER_PAGE_DEBUG("Userfaultfd %s mode, faults resolved with %s\n",
is_minor ? "MINOR" : "MISSING",
- is_minor ? "UFFDIO_CONINUE" : "UFFDIO_COPY");
+ is_minor ? "UFFDIO_CONTINUE" : "UFFDIO_COPY");
/* In order to get minor faults, prefault via the alias. */
if (is_minor) {
--
2.37.1
Our memory management kernel CI testing at Red Hat uses the VM
selftests and we have run into two problems:
First, our LTP tests overlap with the VM selftests.
We want to avoid unhelpful redundancy in our testing practices.
Second, we have observed the current run_vmtests.sh to report overall
failure/ambiguous results in the case that a machine lacks the necessary
hardware to perform one or more of the tests. E.g. ksm tests that
require more than one numa node.
We want to be able to run the vm selftests suitable to particular hardware.
Add the ability to run one or more groups of vm tests via run_vmtests.sh
instead of simply all-or-none in order to solve these problems.
Preserve existing default behavior of running all tests when the script
is invoked with no arguments.
Documentation of test groups is included in the patch as follows:
# ./run_vmtests.sh [ -h || --help ]
usage: ./tools/testing/selftests/vm/run_vmtests.sh [ -h | -t "<categories>"]
-t: specify specific categories to tests to run
-h: display this message
The default behavior is to run all tests.
Alternatively, specific groups tests can be run by passing a string
to the -t argument containing one or more of the following categories
separated by spaces:
- mmap
tests for mmap(2)
- gup_test
tests for gup using gup_test interface
- userfaultfd
tests for userfaultfd(2)
- compaction
a test for the patch "Allow compaction of unevictable pages"
- mlock
tests for mlock(2)
- mremap
tests for mremap(2)
- hugevm
tests for very large virtual address space
- vmalloc
vmalloc smoke tests
- hmm
hmm smoke tests
- madv_populate
test memadvise(2) MADV_POPULATE_{READ,WRITE} options
- memfd_secret
test memfd_secret(2)
- process_mrelease
test process_mrelease(2)
- ksm
ksm tests that do not require >=2 NUMA nodes
- ksm_numa
ksm tests that require >=2 NUMA nodes
- pkey
memory protection key tests
example: ./run_vmtests.sh -t "hmm mmap ksm"
Changes from v4:
- fix imprecise checking in test_selected
- drop conditional setup/cleanup of hugetlb
Changes from v3:
- rename variable TEST_ITEMS as VM_TEST_ITEMS
Changes from v2:
- rebase onto the mm-everyting branch in
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git
- integrate this functionality with new the tests
Changes from v1:
- use a command line argument to pass the test categories to the
script instead of an environmet variable
- remove novel prints to avoid messing with extant parsers of this
script
- update the usage text
Signed-off-by: Joel Savitz <jsavitz(a)redhat.com>
---
tools/testing/selftests/vm/run_vmtests.sh | 232 +++++++++++++++-------
1 file changed, 155 insertions(+), 77 deletions(-)
diff --git a/tools/testing/selftests/vm/run_vmtests.sh b/tools/testing/selftests/vm/run_vmtests.sh
index 249295a10f56..f115e9a6d3a1 100755
--- a/tools/testing/selftests/vm/run_vmtests.sh
+++ b/tools/testing/selftests/vm/run_vmtests.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
-#please run as root
+# Please run as root
# Kselftest framework requirement - SKIP code is 4.
ksft_skip=4
@@ -8,15 +8,76 @@ ksft_skip=4
mnt=./huge
exitcode=0
-#get huge pagesize and freepages from /proc/meminfo
-while read -r name size unit; do
- if [ "$name" = "HugePages_Free:" ]; then
- freepgs="$size"
+usage() {
+ cat <<EOF
+usage: ${BASH_SOURCE[0]:-$0} [ -h | -t "<categories>"]
+ -t: specify specific categories to tests to run
+ -h: display this message
+
+The default behavior is to run all tests.
+
+Alternatively, specific groups tests can be run by passing a string
+to the -t argument containing one or more of the following categories
+separated by spaces:
+- mmap
+ tests for mmap(2)
+- gup_test
+ tests for gup using gup_test interface
+- userfaultfd
+ tests for userfaultfd(2)
+- compaction
+ a test for the patch "Allow compaction of unevictable pages"
+- mlock
+ tests for mlock(2)
+- mremap
+ tests for mremap(2)
+- hugevm
+ tests for very large virtual address space
+- vmalloc
+ vmalloc smoke tests
+- hmm
+ hmm smoke tests
+- madv_populate
+ test memadvise(2) MADV_POPULATE_{READ,WRITE} options
+- memfd_secret
+ test memfd_secret(2)
+- process_mrelease
+ test process_mrelease(2)
+- ksm
+ ksm tests that do not require >=2 NUMA nodes
+- ksm_numa
+ ksm tests that require >=2 NUMA nodes
+- pkey
+ memory protection key tests
+example: ./run_vmtests.sh -t "hmm mmap ksm"
+EOF
+ exit 0
+}
+
+
+while getopts "ht:" OPT; do
+ case ${OPT} in
+ "h") usage ;;
+ "t") VM_SELFTEST_ITEMS=${OPTARG} ;;
+ esac
+done
+shift $((OPTIND -1))
+
+# default behavior: run all tests
+VM_SELFTEST_ITEMS=${VM_SELFTEST_ITEMS:-default}
+
+test_selected() {
+ if [ "$VM_SELFTEST_ITEMS" == "default" ]; then
+ # If no VM_SELFTEST_ITEMS are specified, run all tests
+ return 0
fi
- if [ "$name" = "Hugepagesize:" ]; then
- hpgsize_KB="$size"
+ # If test selected argument is one of the test items
+ if [[ " ${VM_SELFTEST_ITEMS[*]} " =~ " ${1} " ]]; then
+ return 0
+ else
+ return 1
fi
-done < /proc/meminfo
+}
# Simple hugetlbfs tests have a hardcoded minimum requirement of
# huge pages totaling 256MB (262144KB) in size. The userfaultfd
@@ -28,7 +89,17 @@ hpgsize_MB=$((hpgsize_KB / 1024))
half_ufd_size_MB=$((((nr_cpus * hpgsize_MB + 127) / 128) * 128))
needmem_KB=$((half_ufd_size_MB * 2 * 1024))
-#set proper nr_hugepages
+# get huge pagesize and freepages from /proc/meminfo
+while read -r name size unit; do
+ if [ "$name" = "HugePages_Free:" ]; then
+ freepgs="$size"
+ fi
+ if [ "$name" = "Hugepagesize:" ]; then
+ hpgsize_KB="$size"
+ fi
+done < /proc/meminfo
+
+# set proper nr_hugepages
if [ -n "$freepgs" ] && [ -n "$hpgsize_KB" ]; then
nr_hugepgs=$(cat /proc/sys/vm/nr_hugepages)
needpgs=$((needmem_KB / hpgsize_KB))
@@ -57,140 +128,147 @@ else
exit 1
fi
-#filter 64bit architectures
+# filter 64bit architectures
ARCH64STR="arm64 ia64 mips64 parisc64 ppc64 ppc64le riscv64 s390x sh64 sparc64 x86_64"
if [ -z "$ARCH" ]; then
ARCH=$(uname -m 2>/dev/null | sed -e 's/aarch64.*/arm64/')
fi
VADDR64=0
-echo "$ARCH64STR" | grep "$ARCH" && VADDR64=1
+echo "$ARCH64STR" | grep "$ARCH" &>/dev/null && VADDR64=1
# Usage: run_test [test binary] [arbitrary test arguments...]
run_test() {
- local title="running $*"
- local sep=$(echo -n "$title" | tr "[:graph:][:space:]" -)
- printf "%s\n%s\n%s\n" "$sep" "$title" "$sep"
-
- "$@"
- local ret=$?
- if [ $ret -eq 0 ]; then
- echo "[PASS]"
- elif [ $ret -eq $ksft_skip ]; then
- echo "[SKIP]"
- exitcode=$ksft_skip
- else
- echo "[FAIL]"
- exitcode=1
- fi
+ if test_selected ${CATEGORY}; then
+ echo "running: $1"
+ local title="running $*"
+ local sep=$(echo -n "$title" | tr "[:graph:][:space:]" -)
+ printf "%s\n%s\n%s\n" "$sep" "$title" "$sep"
+
+ "$@"
+ local ret=$?
+ if [ $ret -eq 0 ]; then
+ echo "[PASS]"
+ elif [ $ret -eq $ksft_skip ]; then
+ echo "[SKIP]"
+ exitcode=$ksft_skip
+ else
+ echo "[FAIL]"
+ exitcode=1
+ fi
+ fi # test_selected
}
mkdir "$mnt"
mount -t hugetlbfs none "$mnt"
-run_test ./hugepage-mmap
+CATEGORY="hugetlb" run_test ./hugepage-mmap
shmmax=$(cat /proc/sys/kernel/shmmax)
shmall=$(cat /proc/sys/kernel/shmall)
echo 268435456 > /proc/sys/kernel/shmmax
echo 4194304 > /proc/sys/kernel/shmall
-run_test ./hugepage-shm
+CATEGORY="hugetlb" run_test ./hugepage-shm
echo "$shmmax" > /proc/sys/kernel/shmmax
echo "$shmall" > /proc/sys/kernel/shmall
-run_test ./map_hugetlb
+CATEGORY="hugetlb" run_test ./map_hugetlb
-run_test ./hugepage-mremap "$mnt"/huge_mremap
-rm -f "$mnt"/huge_mremap
+CATEGORY="hugetlb" run_test ./hugepage-mremap "$mnt"/huge_mremap
+test_selected "hugetlb" && rm -f "$mnt"/huge_mremap
-run_test ./hugepage-vmemmap
+CATEGORY="hugetlb" run_test ./hugepage-vmemmap
-run_test ./hugetlb-madvise "$mnt"/madvise-test
-rm -f "$mnt"/madvise-test
+CATEGORY="hugetlb" run_test ./hugetlb-madvise "$mnt"/madvise-test
+test_selected "hugetlb" && rm -f "$mnt"/madvise-test
-echo "NOTE: The above hugetlb tests provide minimal coverage. Use"
-echo " https://github.com/libhugetlbfs/libhugetlbfs.git for"
-echo " hugetlb regression testing."
+if test_selected "hugetlb"; then
+ echo "NOTE: These hugetlb tests provide minimal coverage. Use"
+ echo " https://github.com/libhugetlbfs/libhugetlbfs.git for"
+ echo " hugetlb regression testing."
+fi
-run_test ./map_fixed_noreplace
+CATEGORY="mmap" run_test ./map_fixed_noreplace
# get_user_pages_fast() benchmark
-run_test ./gup_test -u
+CATEGORY="gup_test" run_test ./gup_test -u
# pin_user_pages_fast() benchmark
-run_test ./gup_test -a
+CATEGORY="gup_test" run_test ./gup_test -a
# Dump pages 0, 19, and 4096, using pin_user_pages:
-run_test ./gup_test -ct -F 0x1 0 19 0x1000
+CATEGORY="gup_test" run_test ./gup_test -ct -F 0x1 0 19 0x1000
-run_test ./userfaultfd anon 20 16
-run_test ./userfaultfd anon:dev 20 16
+CATEGORY="userfaultfd" run_test ./userfaultfd anon 20 16
+CATEGORY="userfaultfd" run_test ./userfaultfd anon:dev 20 16
# Hugetlb tests require source and destination huge pages. Pass in half the
# size ($half_ufd_size_MB), which is used for *each*.
-run_test ./userfaultfd hugetlb "$half_ufd_size_MB" 32
-run_test ./userfaultfd hugetlb:dev "$half_ufd_size_MB" 32
-run_test ./userfaultfd hugetlb_shared "$half_ufd_size_MB" 32 "$mnt"/uffd-test
+CATEGORY="userfaultfd" run_test ./userfaultfd hugetlb "$half_ufd_size_MB" 32
+CATEGORY="userfaultfd" run_test ./userfaultfd hugetlb:dev "$half_ufd_size_MB" 32
+CATEGORY="userfaultfd" run_test ./userfaultfd hugetlb_shared "$half_ufd_size_MB" 32 "$mnt"/uffd-test
rm -f "$mnt"/uffd-test
-run_test ./userfaultfd hugetlb_shared:dev "$half_ufd_size_MB" 32 "$mnt"/uffd-test
+CATEGORY="userfaultfd" run_test ./userfaultfd hugetlb_shared:dev "$half_ufd_size_MB" 32 "$mnt"/uffd-test
rm -f "$mnt"/uffd-test
-run_test ./userfaultfd shmem 20 16
-run_test ./userfaultfd shmem:dev 20 16
-
-#cleanup
-umount "$mnt"
-rm -rf "$mnt"
-echo "$nr_hugepgs" > /proc/sys/vm/nr_hugepages
+CATEGORY="userfaultfd" run_test ./userfaultfd shmem 20 16
+CATEGORY="userfaultfd" run_test ./userfaultfd shmem:dev 20 16
+
+# cleanup (only needed when running hugetlb tests)
+if test_selected "hugetlb"; then
+ umount "$mnt"
+ rm -rf "$mnt"
+ echo "$nr_hugepgs" > /proc/sys/vm/nr_hugepages
+fi
-run_test ./compaction_test
+CATEGORY="compaction" run_test ./compaction_test
-run_test sudo -u nobody ./on-fault-limit
+CATEGORY="mlock" run_test sudo -u nobody ./on-fault-limit
-run_test ./map_populate
+CATEGORY="mmap" run_test ./map_populate
-run_test ./mlock-random-test
+CATEGORY="mlock" run_test ./mlock-random-test
-run_test ./mlock2-tests
+CATEGORY="mlock" run_test ./mlock2-tests
-run_test ./mrelease_test
+CATEGORY="process_mrelease" run_test ./mrelease_test
-run_test ./mremap_test
+CATEGORY="mremap" run_test ./mremap_test
-run_test ./thuge-gen
+CATEGORY="hugetlb" run_test ./thuge-gen
if [ $VADDR64 -ne 0 ]; then
- run_test ./virtual_address_range
+ CATEGORY="hugevm" run_test ./virtual_address_range
# virtual address 128TB switch test
- run_test ./va_128TBswitch.sh
+ CATEGORY="hugevm" run_test ./va_128TBswitch.sh
fi # VADDR64
# vmalloc stability smoke test
-run_test ./test_vmalloc.sh smoke
+CATEGORY="vmalloc" run_test ./test_vmalloc.sh smoke
-run_test ./mremap_dontunmap
+CATEGORY="mremap" run_test ./mremap_dontunmap
-run_test ./test_hmm.sh smoke
+CATEGORY="hmm" run_test ./test_hmm.sh smoke
# MADV_POPULATE_READ and MADV_POPULATE_WRITE tests
-run_test ./madv_populate
+CATEGORY="madv_populate" run_test ./madv_populate
-run_test ./memfd_secret
+CATEGORY="memfd_secret" run_test ./memfd_secret
# KSM MADV_MERGEABLE test with 10 identical pages
-run_test ./ksm_tests -M -p 10
+CATEGORY="ksm" run_test ./ksm_tests -M -p 10
# KSM unmerge test
-run_test ./ksm_tests -U
+CATEGORY="ksm" run_test ./ksm_tests -U
# KSM test with 10 zero pages and use_zero_pages = 0
-run_test ./ksm_tests -Z -p 10 -z 0
+CATEGORY="ksm" run_test ./ksm_tests -Z -p 10 -z 0
# KSM test with 10 zero pages and use_zero_pages = 1
-run_test ./ksm_tests -Z -p 10 -z 1
+CATEGORY="ksm" run_test ./ksm_tests -Z -p 10 -z 1
# KSM test with 2 NUMA nodes and merge_across_nodes = 1
-run_test ./ksm_tests -N -m 1
+CATEGORY="ksm_numa" run_test ./ksm_tests -N -m 1
# KSM test with 2 NUMA nodes and merge_across_nodes = 0
-run_test ./ksm_tests -N -m 0
+CATEGORY="ksm_numa" run_test ./ksm_tests -N -m 0
# protection_keys tests
if [ $VADDR64 -eq 0 ]; then
- run_test ./protection_keys_32
+ CATEGORY="pkey" run_test ./protection_keys_32
else
- run_test ./protection_keys_64
+ CATEGORY="pkey" run_test ./protection_keys_64
fi
exit $exitcode
--
2.31.1
Fix the comment to accurately describe the test and recently added
SYSTEM_SUSPEND test case.
What was once psci_cpu_on_test was renamed and extended to squeeze in a
test case for PSCI SYSTEM_SUSPEND. Nonetheless, the author of those
changes (whoever they may be...) failed to update the file comment to
reflect what had changed.
Reported-by: Reiji Watanabe <reijiw(a)google.com>
Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev>
---
Forgetting the name of the darned UAPI event. Tsk tsk.
tools/testing/selftests/kvm/aarch64/psci_test.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/tools/testing/selftests/kvm/aarch64/psci_test.c b/tools/testing/selftests/kvm/aarch64/psci_test.c
index f7621f6e938e..e0b9e81a3e09 100644
--- a/tools/testing/selftests/kvm/aarch64/psci_test.c
+++ b/tools/testing/selftests/kvm/aarch64/psci_test.c
@@ -1,12 +1,14 @@
// SPDX-License-Identifier: GPL-2.0-only
/*
- * psci_cpu_on_test - Test that the observable state of a vCPU targeted by the
- * CPU_ON PSCI call matches what the caller requested.
+ * psci_test - Tests relating to KVM's PSCI implementation.
*
* Copyright (c) 2021 Google LLC.
*
- * This is a regression test for a race between KVM servicing the PSCI call and
- * userspace reading the vCPUs registers.
+ * This test includes:
+ * - A regression test for a race between KVM servicing the PSCI CPU_ON call
+ * and userspace reading the targeted vCPU's registers.
+ * - A test for KVM's handling of PSCI SYSTEM_SUSPEND and the associated
+ * KVM_SYSTEM_EVENT_SUSPEND UAPI.
*/
#define _GNU_SOURCE
base-commit: 568035b01cfb107af8d2e4bd2fb9aea22cf5b868
--
2.37.1.595.g718a3a8f04-goog
For this patchset, test cases of the qdisc modules are added to the
tc-testing test suite.
Last, thanks to Victor for testing and suggestion.
After a test case is added locally, the test result is as follows:
./tdc.py -c atm
ok 1 7628 - Create ATM with default setting
ok 2 390a - Delete ATM with valid handle
ok 3 32a0 - Show ATM class
ok 4 6310 - Dump ATM stats
./tdc.py -c choke
ok 1 8937 - Create CHOKE with default setting
ok 2 48c0 - Create CHOKE with min packet setting
ok 3 38c1 - Create CHOKE with max packet setting
ok 4 234a - Create CHOKE with ecn setting
ok 5 4380 - Create CHOKE with burst setting
ok 6 48c7 - Delete CHOKE with valid handle
ok 7 4398 - Replace CHOKE with min setting
ok 8 0301 - Change CHOKE with limit setting
./tdc.py -c codel
ok 1 983a - Create CODEL with default setting
ok 2 38aa - Create CODEL with limit packet setting
ok 3 9178 - Create CODEL with target setting
ok 4 78d1 - Create CODEL with interval setting
ok 5 238a - Create CODEL with ecn setting
ok 6 939c - Create CODEL with ce_threshold setting
ok 7 8380 - Delete CODEL with valid handle
ok 8 289c - Replace CODEL with limit setting
ok 9 0648 - Change CODEL with limit setting
./tdc.py -c etf
ok 1 34ba - Create ETF with default setting
ok 2 438f - Create ETF with delta nanos setting
ok 3 9041 - Create ETF with deadline_mode setting
ok 4 9a0c - Create ETF with skip_sock_check setting
ok 5 2093 - Delete ETF with valid handle
./tdc.py -c fq
ok 1 983b - Create FQ with default setting
ok 2 38a1 - Create FQ with limit packet setting
ok 3 0a18 - Create FQ with flow_limit setting
ok 4 2390 - Create FQ with quantum setting
ok 5 845b - Create FQ with initial_quantum setting
ok 6 9398 - Create FQ with maxrate setting
ok 7 342c - Create FQ with nopacing setting
ok 8 6391 - Create FQ with refill_delay setting
ok 9 238b - Create FQ with low_rate_threshold setting
ok 10 7582 - Create FQ with orphan_mask setting
ok 11 4894 - Create FQ with timer_slack setting
ok 12 324c - Create FQ with ce_threshold setting
ok 13 424a - Create FQ with horizon time setting
ok 14 89e1 - Create FQ with horizon_cap setting
ok 15 32e1 - Delete FQ with valid handle
ok 16 49b0 - Replace FQ with limit setting
ok 17 9478 - Change FQ with limit setting
./tdc.py -c gred
ok 1 8942 - Create GRED with default setting
ok 2 5783 - Create GRED with grio setting
ok 3 8a09 - Create GRED with limit setting
ok 4 48cb - Create GRED with ecn setting
ok 5 763a - Change GRED setting
ok 6 8309 - Show GRED class
./tdc.py -c hhf
ok 1 4812 - Create HHF with default setting
ok 2 8a92 - Create HHF with limit setting
ok 3 3491 - Create HHF with quantum setting
ok 4 ba04 - Create HHF with reset_timeout setting
ok 5 4238 - Create HHF with admit_bytes setting
ok 6 839f - Create HHF with evict_timeout setting
ok 7 a044 - Create HHF with non_hh_weight setting
ok 8 32f9 - Change HHF with limit setting
ok 9 385e - Show HHF class
./tdc.py -c pfifo_fast
ok 1 900c - Create pfifo_fast with default setting
ok 2 7470 - Dump pfifo_fast stats
ok 3 b974 - Replace pfifo_fast with different handle
ok 4 3240 - Delete pfifo_fast with valid handle
ok 5 4385 - Delete pfifo_fast with invalid handle
./tdc.py -c plug
ok 1 3289 - Create PLUG with default setting
ok 2 0917 - Create PLUG with block setting
ok 3 483b - Create PLUG with release setting
ok 4 4995 - Create PLUG with release_indefinite setting
ok 5 389c - Create PLUG with limit setting
ok 6 384a - Delete PLUG with valid handle
ok 7 439a - Replace PLUG with limit setting
ok 8 9831 - Change PLUG with limit setting
./tdc.py -c sfb
ok 1 3294 - Create SFB with default setting
ok 2 430a - Create SFB with rehash setting
ok 3 3410 - Create SFB with db setting
ok 4 49a0 - Create SFB with limit setting
ok 5 1241 - Create SFB with max setting
ok 6 3249 - Create SFB with target setting
ok 7 30a9 - Create SFB with increment setting
ok 8 239a - Create SFB with decrement setting
ok 9 9301 - Create SFB with penalty_rate setting
ok 10 2a01 - Create SFB with penalty_burst setting
ok 11 3209 - Change SFB with rehash setting
ok 12 5447 - Show SFB class
./tdc.py -c sfq
ok 1 7482 - Create SFQ with default setting
ok 2 c186 - Create SFQ with limit setting
ok 3 ae23 - Create SFQ with perturb setting
ok 4 a430 - Create SFQ with quantum setting
ok 5 4539 - Create SFQ with divisor setting
ok 6 b089 - Create SFQ with flows setting
ok 7 99a0 - Create SFQ with depth setting
ok 8 7389 - Create SFQ with headdrop setting
ok 9 6472 - Create SFQ with redflowlimit setting
ok 10 8929 - Show SFQ class
./tdc.py -c skbprio
ok 1 283e - Create skbprio with default setting
ok 2 c086 - Create skbprio with limit setting
ok 3 6733 - Change skbprio with limit setting
ok 4 2958 - Show skbprio class
./tdc.py -c taprio
ok 1 ba39 - Add taprio Qdisc to multi-queue device (8 queues)
ok 2 9462 - Add taprio Qdisc with multiple sched-entry
ok 3 8d92 - Add taprio Qdisc with txtime-delay
ok 4 d092 - Delete taprio Qdisc with valid handle
ok 5 8471 - Show taprio class
ok 6 0a85 - Add taprio Qdisc to single-queue device
./tdc.py -c tbf
ok 1 6430 - Create TBF with default setting
ok 2 0518 - Create TBF with mtu setting
ok 3 320a - Create TBF with peakrate setting
ok 4 239b - Create TBF with latency setting
ok 5 c975 - Create TBF with overhead setting
ok 6 948c - Create TBF with linklayer setting
ok 7 3549 - Replace TBF with mtu
ok 8 f948 - Change TBF with latency time
ok 9 2348 - Show TBF class
./tdc.py -c teql
ok 1 84a0 - Create TEQL with default setting
ok 2 7734 - Create TEQL with multiple device
ok 3 34a9 - Delete TEQL with valid handle
ok 4 6289 - Show TEQL stats
---
v3: add config
v2: modify subject prefix
---
Zhengchao Shao (15):
selftests/tc-testing: add selftests for atm qdisc
selftests/tc-testing: add selftests for choke qdisc
selftests/tc-testing: add selftests for codel qdisc
selftests/tc-testing: add selftests for etf qdisc
selftests/tc-testing: add selftests for fq qdisc
selftests/tc-testing: add selftests for gred qdisc
selftests/tc-testing: add selftests for hhf qdisc
selftests/tc-testing: add selftests for pfifo_fast qdisc
selftests/tc-testing: add selftests for plug qdisc
selftests/tc-testing: add selftests for sfb qdisc
selftests/tc-testing: add selftests for sfq qdisc
selftests/tc-testing: add selftests for skbprio qdisc
selftests/tc-testing: add selftests for taprio qdisc
selftests/tc-testing: add selftests for tbf qdisc
selftests/tc-testing: add selftests for teql qdisc
tools/testing/selftests/tc-testing/config | 15 +
.../tc-testing/tc-tests/qdiscs/atm.json | 94 +++++
.../tc-testing/tc-tests/qdiscs/choke.json | 188 +++++++++
.../tc-testing/tc-tests/qdiscs/codel.json | 211 ++++++++++
.../tc-testing/tc-tests/qdiscs/etf.json | 117 ++++++
.../tc-testing/tc-tests/qdiscs/fq.json | 395 ++++++++++++++++++
.../tc-testing/tc-tests/qdiscs/gred.json | 164 ++++++++
.../tc-testing/tc-tests/qdiscs/hhf.json | 210 ++++++++++
.../tc-tests/qdiscs/pfifo_fast.json | 119 ++++++
.../tc-testing/tc-tests/qdiscs/plug.json | 188 +++++++++
.../tc-testing/tc-tests/qdiscs/sfb.json | 279 +++++++++++++
.../tc-testing/tc-tests/qdiscs/sfq.json | 232 ++++++++++
.../tc-testing/tc-tests/qdiscs/skbprio.json | 95 +++++
.../tc-testing/tc-tests/qdiscs/taprio.json | 135 ++++++
.../tc-testing/tc-tests/qdiscs/tbf.json | 211 ++++++++++
.../tc-testing/tc-tests/qdiscs/teql.json | 97 +++++
16 files changed, 2750 insertions(+)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/atm.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/choke.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/codel.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/etf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/fq.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/gred.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/hhf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/pfifo_fast.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/plug.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/sfb.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/sfq.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/skbprio.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/taprio.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/tbf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/teql.json
--
2.17.1
Hi.
First, I hope you are fine and the same for your relatives.
Normally, when BPF ring buffer are full, producers cannot write anymore and
need to wait for consumer to get some data.
As a consequence, calling bpf_ringbuf_reserve() from eBPF code returns NULL.
This contribution adds a new flag to make BPF ring buffer overwritable.
Perf ring buffers already implement an option to be overwritable. In order to
avoid data corruption, the data is written backward, see
commit 9ecda41acb97 ("perf/core: Add ::write_backward attribute to perf event").
This patch series re-uses the same idea from perf ring buffers but in BPF ring
buffers.
So, calling bpf_ringbuf_reserve() on an overwritable BPF ring buffer never
returns NULL.
As a consequence, oldest data will be overwritten by the newest so consumer will
loose data.
Overwritable ring buffers are useful in BPF programs that are permanently
enabled but rarely read, only on-demand, for example in case of a user request
to investigate problems. We would like to use this in the Traceloop project [1].
The self test added in this series was tested and validated in a VM:
you@vm# ./share/linux/tools/testing/selftests/bpf/test_progs -t ringbuf_over
Can't find bpf_testmod.ko kernel module: -2
WARNING! Selftests relying on bpf_testmod.ko will be skipped.
#135 ringbuf_over_writable:OK
Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED
You can also test the libbpf implementation by using the last patch of this
series which should be applied to iovisor/bcc:
you@home$ cd /path/to/iovisor/bcc
you@home$ git am -3 v2-0005-for-test-purpose-only-Add-toy-to-play-with-BPF-ri.patch
you@home$ cd /path/to/linux/tools/lib/bpf
you@home$ make -j$(nproc)
you@home$ cp libbpf.a /path/to/iovisor/bcc/libbpf-tools/.output
you@home$ cd /path/to/iovisor/bcc/libbpf-tools/
you@home$ make -j toy
# Start your VM and copy toy executable inside it.
root@vm-amd64:~# ./share/toy &
[1] 287
root@vm-amd64:~# for i in {1..16}; do ls > /dev/null; done
16
15
14
13
12
11
10
9
root@vm-amd64:~# ls > /dev/null && ls > /dev/null
18
17
As you can see, the first eight events are overwritten.
If you see any way to improve this contribution, feel free to share.
Changes since:
v1:
* Made producers write backward like perf ring buffer, so it permits avoiding
memory corruption.
* Added libbpf implementation to consume all events available.
* Added selftest.
* Added documentation.
Francis Laniel (5):
bpf: Make ring buffer overwritable.
selftests: Add BPF overwritable ring buffer self tests.
docs/bpf: Add documentation for overwritable ring buffer.
libbpf: Add implementation to consume overwritable BPF ring buffer.
for test purpose only: Add toy to play with BPF ring.
...-only-Add-toy-to-play-with-BPF-ring-.patch | 147 ++++++++++++++++
Documentation/bpf/ringbuf.rst | 18 +-
include/uapi/linux/bpf.h | 3 +
kernel/bpf/ringbuf.c | 43 +++--
tools/include/uapi/linux/bpf.h | 3 +
tools/lib/bpf/ringbuf.c | 106 ++++++++++++
tools/testing/selftests/bpf/Makefile | 5 +-
.../bpf/prog_tests/ringbuf_overwritable.c | 158 ++++++++++++++++++
.../bpf/progs/test_ringbuf_overwritable.c | 61 +++++++
9 files changed, 531 insertions(+), 13 deletions(-)
create mode 100644 0001-for-test-purpose-only-Add-toy-to-play-with-BPF-ring-.patch
create mode 100644 tools/testing/selftests/bpf/prog_tests/ringbuf_overwritable.c
create mode 100644 tools/testing/selftests/bpf/progs/test_ringbuf_overwritable.c
Best regards and thank you in advance.
---
[1] https://github.com/kinvolk/traceloop
Traceloop was presented at LPC 2020 (https://lpc.events/event/7/contributions/667/)
--
2.25.1
QUIC requires end to end encryption of the data. The application usually
prepares the data in clear text, encrypts and calls send() which implies
multiple copies of the data before the packets hit the networking stack.
Similar to kTLS, QUIC kernel offload of cryptography reduces the memory
pressure by reducing the number of copies.
The scope of kernel support is limited to the symmetric cryptography,
leaving the handshake to the user space library. For QUIC in particular,
the application packets that require symmetric cryptography are the 1RTT
packets with short headers. Kernel will encrypt the application packets
on transmission and decrypt on receive. This series implements Tx only,
because in QUIC server applications Tx outweighs Rx by orders of
magnitude.
Supporting the combination of QUIC and GSO requires the application to
correctly place the data and the kernel to correctly slice it. The
encryption process appends an arbitrary number of bytes (tag) to the end
of the message to authenticate it. The GSO value should include this
overhead, the offload would then subtract the tag size to parse the
input on Tx before chunking and encrypting it.
With the kernel cryptography, the buffer copy operation is conjoined
with the encryption operation. The memory bandwidth is reduced by 5-8%.
When devices supporting QUIC encryption in hardware come to the market,
we will be able to free further 7% of CPU utilization which is used
today for crypto operations.
Adel Abouchaev (6):
Documentation on QUIC kernel Tx crypto.
Define QUIC specific constants, control and data plane structures
Add UDP ULP operations, initialization and handling prototype
functions.
Implement QUIC offload functions
Add flow counters and Tx processing error counter
Add self tests for ULP operations, flow setup and crypto tests
Documentation/networking/index.rst | 1 +
Documentation/networking/quic.rst | 185 ++++
include/net/inet_sock.h | 2 +
include/net/netns/mib.h | 3 +
include/net/quic.h | 63 ++
include/net/snmp.h | 6 +
include/net/udp.h | 33 +
include/uapi/linux/quic.h | 60 +
include/uapi/linux/snmp.h | 9 +
include/uapi/linux/udp.h | 4 +
net/Kconfig | 1 +
net/Makefile | 1 +
net/ipv4/Makefile | 3 +-
net/ipv4/udp.c | 15 +
net/ipv4/udp_ulp.c | 192 ++++
net/quic/Kconfig | 16 +
net/quic/Makefile | 8 +
net/quic/quic_main.c | 1417 ++++++++++++++++++++++++
net/quic/quic_proc.c | 45 +
tools/testing/selftests/net/.gitignore | 4 +-
tools/testing/selftests/net/Makefile | 3 +-
tools/testing/selftests/net/quic.c | 1153 +++++++++++++++++++
tools/testing/selftests/net/quic.sh | 46 +
23 files changed, 3267 insertions(+), 3 deletions(-)
create mode 100644 Documentation/networking/quic.rst
create mode 100644 include/net/quic.h
create mode 100644 include/uapi/linux/quic.h
create mode 100644 net/ipv4/udp_ulp.c
create mode 100644 net/quic/Kconfig
create mode 100644 net/quic/Makefile
create mode 100644 net/quic/quic_main.c
create mode 100644 net/quic/quic_proc.c
create mode 100644 tools/testing/selftests/net/quic.c
create mode 100755 tools/testing/selftests/net/quic.sh
base-commit: fd78d07c7c35de260eb89f1be4a1e7487b8092ad
--
2.30.2
Page_idle uses {ptep/pmdp}_clear_young_notify which in turn calls
the mmu notifier callback ->clear_young(), which purposefully
does not flush the TLB.
When running the test in a nested guest, point 1. of the test
doc header is violated, because KVM TLB is unbounded by size
and since no flush is forced, KVM does not update the sptes
accessed/idle bits resulting in guest assertion failure.
More precisely, only the first ACCESS_WRITE in run_test() actually
makes visible changes, because sptes are created and the accessed
bit is set to 1 (or idle bit is 0). Then the first mark_memory_idle()
passes since access bit is still one, and sets all pages as idle
(or not accessed). When the next write is performed, the update
is not flushed therefore idle is still 1 and next mark_memory_idle()
fails.
Signed-off-by: Emanuele Giuseppe Esposito <eesposit(a)redhat.com>
---
.../selftests/kvm/access_tracking_perf_test.c | 25 ++++++++++++-------
1 file changed, 16 insertions(+), 9 deletions(-)
diff --git a/tools/testing/selftests/kvm/access_tracking_perf_test.c b/tools/testing/selftests/kvm/access_tracking_perf_test.c
index 1c2749b1481a..87b0bd5ebc65 100644
--- a/tools/testing/selftests/kvm/access_tracking_perf_test.c
+++ b/tools/testing/selftests/kvm/access_tracking_perf_test.c
@@ -31,8 +31,9 @@
* These limitations are worked around in this test by using a large enough
* region of memory for each vCPU such that the number of translations cached in
* the TLB and the number of pages held in pagevecs are a small fraction of the
- * overall workload. And if either of those conditions are not true this test
- * will fail rather than silently passing.
+ * overall workload. And if either of those conditions are not true (for example
+ * in nesting, where TLB size is unlimited) this test will print a warning
+ * rather than silently passing.
*/
#include <inttypes.h>
#include <limits.h>
@@ -172,17 +173,23 @@ static void mark_vcpu_memory_idle(struct kvm_vm *vm,
vcpu_idx, no_pfn, pages);
/*
- * Test that at least 90% of memory has been marked idle (the rest might
- * not be marked idle because the pages have not yet made it to an LRU
- * list or the translations are still cached in the TLB). 90% is
+ * Check that at least 90% of memory has been marked idle (the rest
+ * might not be marked idle because the pages have not yet made it to an
+ * LRU list or the translations are still cached in the TLB). 90% is
* arbitrary; high enough that we ensure most memory access went through
* access tracking but low enough as to not make the test too brittle
* over time and across architectures.
+ *
+ * Note that when run in nested virtualization, this check will trigger
+ * much more frequently because TLB size is unlimited and since no flush
+ * happens, much more pages are cached there and guest won't see the
+ * "idle" bit cleared.
*/
- TEST_ASSERT(still_idle < pages / 10,
- "vCPU%d: Too many pages still idle (%"PRIu64 " out of %"
- PRIu64 ").\n",
- vcpu_idx, still_idle, pages);
+ if (still_idle < pages / 10)
+ printf("WARNING: vCPU%d: Too many pages still idle (%"PRIu64 "
+ out of %" PRIu64 "), this will affect performance results
+ .\n",
+ vcpu_idx, still_idle, pages);
close(page_idle_fd);
close(pagemap_fd);
--
2.31.1
>
> On 26.09.22 15:03, Zhao Gongyi wrote:
> > Add checking for online_memory_expect_success()/
> > offline_memory_expect_success()/offline_memory_expect_fail(), or
> the
> > test would exit 0 although the functions return 1.
> >
> > Signed-off-by: Zhao Gongyi <zhaogongyi(a)huawei.com>
> > ---
> > .../selftests/memory-hotplug/mem-on-off-test.sh | 15
> ++++++++++++---
> > 1 file changed, 12 insertions(+), 3 deletions(-)
> >
> > diff --git a/tools/testing/selftests/memory-hotplug/mem-on-off-test.sh
> > b/tools/testing/selftests/memory-hotplug/mem-on-off-test.sh
> > index 46a97f318f58..3edda1f13f7b 100755
> > --- a/tools/testing/selftests/memory-hotplug/mem-on-off-test.sh
> > +++ b/tools/testing/selftests/memory-hotplug/mem-on-off-test.sh
> > @@ -266,7 +266,10 @@ done
> > #
> > echo $error >
> $NOTIFIER_ERR_INJECT_DIR/actions/MEM_GOING_ONLINE/error
> > for memory in `hotpluggable_offline_memory`; do
> > - online_memory_expect_fail $memory
> > + online_memory_expect_fail $memory || {
> > + echo "online memory $memory: unexpected success"
>
> The functions themself already print an error, isn't it sufficient to set
> retval=1?
Indeed, this function is only called once. It is no need to add the log info.
>
> > + retval=1
> > + }
> > done
> >
> > #
> > @@ -274,7 +277,10 @@ done
> > #
> > echo 0 >
> $NOTIFIER_ERR_INJECT_DIR/actions/MEM_GOING_ONLINE/error
> > for memory in `hotpluggable_offline_memory`; do
> > - online_memory_expect_success $memory
> > + online_memory_expect_success $memory || {
> > + echo "online memory $memory: unexpected fail"
> > + retval=1
> > + }
> > done
> >
> > #
> > @@ -283,7 +289,10 @@ done
> > echo $error >
> $NOTIFIER_ERR_INJECT_DIR/actions/MEM_GOING_OFFLINE/error
> > for memory in `hotpluggable_online_memory`; do
> > if [ $((RANDOM % 100)) -lt $ratio ]; then
> > - offline_memory_expect_fail $memory
> > + offline_memory_expect_fail $memory || {
> > + echo "offline memory $memory: unexpected success"
> > + retval=1
> > + }
>
> These functions return 0 if the result is as expected and 1 if the result is
> unexpected.
>
> ... but wouldn't we evaluate the right hand side only if the result is "0" --
> expected? I might be wrong.
>
Yes, if offline_memory_expect_fail's return value is not zero, then it will set 'retval=1'
>
> Wouldn't it be simpler do it as in "Online all hot-pluggable memory again"
>
> if ! online_memory_expect_success $memory; then
> retval=1
> fi
>
> (similarly adjusting the function name)
I will send a new version of the patch to fix it.
Kind regards,
Gongyi
In test_sockmap.c, the testcase sets socket nonblock first, and then
calls select() and recvmsg() to receive data.
If some error occur, nonblock setting will make recvmsg() return
immediately, rather than blocking forever.
However, the way to call fcntl() to set nonblock is wrong.
To set socket noblock, we need to use
> fcntl(fd, F_SETFL, O_NONBLOCK);
rather than:
> fcntl(fd, O_NONBLOCK);
Signed-off-by: Qiao Ma <mqaio(a)linux.alibaba.com>
---
tools/testing/selftests/bpf/test_sockmap.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/test_sockmap.c b/tools/testing/selftests/bpf/test_sockmap.c
index 0fbaccdc8861..abb4102f33b0 100644
--- a/tools/testing/selftests/bpf/test_sockmap.c
+++ b/tools/testing/selftests/bpf/test_sockmap.c
@@ -598,7 +598,12 @@ static int msg_loop(int fd, int iov_count, int iov_length, int cnt,
struct timeval timeout;
fd_set w;
- fcntl(fd, fd_flags);
+ err = fcntl(fd, F_SETFL, fd_flags);
+ if (err < 0) {
+ perror("fcntl failed");
+ goto out_errno;
+ }
+
/* Account for pop bytes noting each iteration of apply will
* call msg_pop_data helper so we need to account for this
* by calculating the number of apply iterations. Note user
--
1.8.3.1
For this patchset, test cases of the qdisc modules are added to the
tc-testing test suite.
After a test case is added locally, the test result is as follows:
./tdc.py -c atm
ok 1 7628 - Create ATM with default setting
ok 2 390a - Delete ATM with valid handle
ok 3 32a0 - Show ATM class
ok 4 6310 - Dump ATM stats
./tdc.py -c choke
ok 1 8937 - Create CHOKE with default setting
ok 2 48c0 - Create CHOKE with min packet setting
ok 3 38c1 - Create CHOKE with max packet setting
ok 4 234a - Create CHOKE with ecn setting
ok 5 4380 - Create CHOKE with burst setting
ok 6 48c7 - Delete CHOKE with valid handle
ok 7 4398 - Replace CHOKE with min setting
ok 8 0301 - Change CHOKE with limit setting
./tdc.py -c codel
ok 1 983a - Create CODEL with default setting
ok 2 38aa - Create CODEL with limit packet setting
ok 3 9178 - Create CODEL with target setting
ok 4 78d1 - Create CODEL with interval setting
ok 5 238a - Create CODEL with ecn setting
ok 6 939c - Create CODEL with ce_threshold setting
ok 7 8380 - Delete CODEL with valid handle
ok 8 289c - Replace CODEL with limit setting
ok 9 0648 - Change CODEL with limit setting
./tdc.py -c etf
ok 1 34ba - Create ETF with default setting
ok 2 438f - Create ETF with delta nanos setting
ok 3 9041 - Create ETF with deadline_mode setting
ok 4 9a0c - Create ETF with skip_sock_check setting
ok 5 2093 - Delete ETF with valid handle
./tdc.py -c fq
ok 1 983b - Create FQ with default setting
ok 2 38a1 - Create FQ with limit packet setting
ok 3 0a18 - Create FQ with flow_limit setting
ok 4 2390 - Create FQ with quantum setting
ok 5 845b - Create FQ with initial_quantum setting
ok 6 9398 - Create FQ with maxrate setting
ok 7 342c - Create FQ with nopacing setting
ok 8 6391 - Create FQ with refill_delay setting
ok 9 238b - Create FQ with low_rate_threshold setting
ok 10 7582 - Create FQ with orphan_mask setting
ok 11 4894 - Create FQ with timer_slack setting
ok 12 324c - Create FQ with ce_threshold setting
ok 13 424a - Create FQ with horizon time setting
ok 14 89e1 - Create FQ with horizon_cap setting
ok 15 32e1 - Delete FQ with valid handle
ok 16 49b0 - Replace FQ with limit setting
ok 17 9478 - Change FQ with limit setting
./tdc.py -c gred
ok 1 8942 - Create GRED with default setting
ok 2 5783 - Create GRED with grio setting
ok 3 8a09 - Create GRED with limit setting
ok 4 48cb - Create GRED with ecn setting
ok 5 763a - Change GRED setting
ok 6 8309 - Show GRED class
./tdc.py -c hhf
ok 1 4812 - Create HHF with default setting
ok 2 8a92 - Create HHF with limit setting
ok 3 3491 - Create HHF with quantum setting
ok 4 ba04 - Create HHF with reset_timeout setting
ok 5 4238 - Create HHF with admit_bytes setting
ok 6 839f - Create HHF with evict_timeout setting
ok 7 a044 - Create HHF with non_hh_weight setting
ok 8 32f9 - Change HHF with limit setting
ok 9 385e - Show HHF class
./tdc.py -c pfifo_fast
ok 1 900c - Create pfifo_fast with default setting
ok 2 7470 - Dump pfifo_fast stats
ok 3 b974 - Replace pfifo_fast with different handle
ok 4 3240 - Delete pfifo_fast with valid handle
ok 5 4385 - Delete pfifo_fast with invalid handle
./tdc.py -c plug
ok 1 3289 - Create PLUG with default setting
ok 2 0917 - Create PLUG with block setting
ok 3 483b - Create PLUG with release setting
ok 4 4995 - Create PLUG with release_indefinite setting
ok 5 389c - Create PLUG with limit setting
ok 6 384a - Delete PLUG with valid handle
ok 7 439a - Replace PLUG with limit setting
ok 8 9831 - Change PLUG with limit setting
./tdc.py -c sfb
ok 1 3294 - Create SFB with default setting
ok 2 430a - Create SFB with rehash setting
ok 3 3410 - Create SFB with db setting
ok 4 49a0 - Create SFB with limit setting
ok 5 1241 - Create SFB with max setting
ok 6 3249 - Create SFB with target setting
ok 7 30a9 - Create SFB with increment setting
ok 8 239a - Create SFB with decrement setting
ok 9 9301 - Create SFB with penalty_rate setting
ok 10 2a01 - Create SFB with penalty_burst setting
ok 11 3209 - Change SFB with rehash setting
ok 12 5447 - Show SFB class
./tdc.py -c sfq
ok 1 7482 - Create SFQ with default setting
ok 2 c186 - Create SFQ with limit setting
ok 3 ae23 - Create SFQ with perturb setting
ok 4 a430 - Create SFQ with quantum setting
ok 5 4539 - Create SFQ with divisor setting
ok 6 b089 - Create SFQ with flows setting
ok 7 99a0 - Create SFQ with depth setting
ok 8 7389 - Create SFQ with headdrop setting
ok 9 6472 - Create SFQ with redflowlimit setting
ok 10 8929 - Show SFQ class
./tdc.py -c skbprio
ok 1 283e - Create skbprio with default setting
ok 2 c086 - Create skbprio with limit setting
ok 3 6733 - Change skbprio with limit setting
ok 4 2958 - Show skbprio class
./tdc.py -c taprio
ok 1 ba39 - Add taprio Qdisc to multi-queue device (8 queues)
ok 2 9462 - Add taprio Qdisc with multiple sched-entry
ok 3 8d92 - Add taprio Qdisc with txtime-delay
ok 4 d092 - Delete taprio Qdisc with valid handle
ok 5 8471 - Show taprio class
ok 6 0a85 - Add taprio Qdisc to single-queue device
./tdc.py -c tbf
ok 1 6430 - Create TBF with default setting
ok 2 0518 - Create TBF with mtu setting
ok 3 320a - Create TBF with peakrate setting
ok 4 239b - Create TBF with latency setting
ok 5 c975 - Create TBF with overhead setting
ok 6 948c - Create TBF with linklayer setting
ok 7 3549 - Replace TBF with mtu
ok 8 f948 - Change TBF with latency time
ok 9 2348 - Show TBF class
./tdc.py -c teql
ok 1 84a0 - Create TEQL with default setting
ok 2 7734 - Create TEQL with multiple device
ok 3 34a9 - Delete TEQL with valid handle
ok 4 6289 - Show TEQL stats
---
v2: modify subject prefix
---
Zhengchao Shao (15):
selftests/tc-testing: add selftests for atm qdisc
selftests/tc-testing: add selftests for choke qdisc
selftests/tc-testing: add selftests for codel qdisc
selftests/tc-testing: add selftests for etf qdisc
selftests/tc-testing: add selftests for fq qdisc
selftests/tc-testing: add selftests for gred qdisc
selftests/tc-testing: add selftests for hhf qdisc
selftests/tc-testing: add selftests for pfifo_fast qdisc
selftests/tc-testing: add selftests for plug qdisc
selftests/tc-testing: add selftests for sfb qdisc
selftests/tc-testing: add selftests for sfq qdisc
selftests/tc-testing: add selftests for skbprio qdisc
selftests/tc-testing: add selftests for taprio qdisc
selftests/tc-testing: add selftests for tbf qdisc
selftests/tc-testing: add selftests for teql qdisc
.../tc-testing/tc-tests/qdiscs/atm.json | 94 +++++
.../tc-testing/tc-tests/qdiscs/choke.json | 188 +++++++++
.../tc-testing/tc-tests/qdiscs/codel.json | 211 ++++++++++
.../tc-testing/tc-tests/qdiscs/etf.json | 117 ++++++
.../tc-testing/tc-tests/qdiscs/fq.json | 395 ++++++++++++++++++
.../tc-testing/tc-tests/qdiscs/gred.json | 164 ++++++++
.../tc-testing/tc-tests/qdiscs/hhf.json | 210 ++++++++++
.../tc-tests/qdiscs/pfifo_fast.json | 119 ++++++
.../tc-testing/tc-tests/qdiscs/plug.json | 188 +++++++++
.../tc-testing/tc-tests/qdiscs/sfb.json | 279 +++++++++++++
.../tc-testing/tc-tests/qdiscs/sfq.json | 232 ++++++++++
.../tc-testing/tc-tests/qdiscs/skbprio.json | 95 +++++
.../tc-testing/tc-tests/qdiscs/taprio.json | 135 ++++++
.../tc-testing/tc-tests/qdiscs/tbf.json | 211 ++++++++++
.../tc-testing/tc-tests/qdiscs/teql.json | 97 +++++
15 files changed, 2735 insertions(+)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/atm.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/choke.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/codel.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/etf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/fq.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/gred.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/hhf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/pfifo_fast.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/plug.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/sfb.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/sfq.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/skbprio.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/taprio.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/tbf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/teql.json
--
2.17.1
Hi Linus,
This change fixes out-of-tree builds for Landlock tests, which was
initially identified here:
https://lore.kernel.org/r/CADYN=9JM1nnjC9LypHqrz7JJjbZLpm8rArDUy4zgYYrajErB…
Please pull this Landlock fix for v6.0-rc7 . This change merged
cleanly with your tree, and have been successfully tested in the latest
linux-next releases for a week.
Regards,
Mickaël
--
The following changes since commit 80e78fcce86de0288793a0ef0f6acf37656ee4cf:
Linux 6.0-rc5 (2022-09-11 16:22:01 -0400)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git tags/landlock-6.0-rc7
for you to fetch changes up to a52540522c9541bfa3e499d2edba7bc0ca73a4ca:
selftests/landlock: Fix out-of-tree builds (2022-09-14 16:37:38 +0200)
----------------------------------------------------------------
Landlock fix for v6.0-rc7
----------------------------------------------------------------
Mickaël Salaün (1):
selftests/landlock: Fix out-of-tree builds
tools/testing/selftests/landlock/Makefile | 19 ++++++++++---------
tools/testing/selftests/lib.mk | 4 ++++
2 files changed, 14 insertions(+), 9 deletions(-)
It looks like this test has been accidentally dropped when resolving
conflicts in this Makefile.
Most probably because there were 3 different patches modifying this file
in parallel:
commit 152e8ec77640 ("selftests/bonding: add a test for bonding lladdr target")
commit bbb774d921e2 ("net: Add tests for bonding and team address list management")
commit 2ffd57327ff1 ("selftests: bonding: cause oops in bond_rr_gen_slave_id")
The first one was applied in 'net-next' while the two other ones were
recently applied in the 'net' tree.
But that's alright, easy to fix by re-adding the missing one!
Fixes: 0140a7168f8b ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net")
Signed-off-by: Matthieu Baerts <matthieu.baerts(a)tessares.net>
---
tools/testing/selftests/drivers/net/bonding/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/drivers/net/bonding/Makefile b/tools/testing/selftests/drivers/net/bonding/Makefile
index d14846fcf3d1..e9dab5f9d773 100644
--- a/tools/testing/selftests/drivers/net/bonding/Makefile
+++ b/tools/testing/selftests/drivers/net/bonding/Makefile
@@ -4,6 +4,7 @@
TEST_PROGS := \
bond-arp-interval-causes-panic.sh \
bond-break-lacpdu-tx.sh \
+ bond-lladdr-target.sh \
dev_addr_lists.sh
TEST_FILES := lag_lib.sh
base-commit: d05d9eb79d0cd0f7a978621b4a56a1f2db444f86
--
2.37.2
The livepatch kselftests rely on comparing expected and actual output
from such commands as sysctl. A recent commit in procps-ng v4.0.0 [1]
changed sysctl's output to emit key pathnames like:
sysctl: setting key "/proc/sys/kernel/ftrace_enabled": Device or resource busy
versus previous dotted output:
sysctl: setting key "kernel.ftrace_enabled": Device or resource busy
The modification in output was later reverted [2], but since the change
has been tagged in procps-ng v4.0.0, update the livepatch kselftest to
handle either case.
[1] https://gitlab.com/procps-ng/procps/-/commit/6389deca5bf667f5fab5912acde78b…
[2] https://gitlab.com/procps-ng/procps/-/commit/b159c198c9160a8eb13254e2b631d0…
Reported-by: Dennis(Zhuoheng) Li <denli(a)redhat.com>
Signed-off-by: Joe Lawrence <joe.lawrence(a)redhat.com>
---
tools/testing/selftests/livepatch/functions.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/livepatch/functions.sh b/tools/testing/selftests/livepatch/functions.sh
index 9230b869371d..d5001c9eb72e 100644
--- a/tools/testing/selftests/livepatch/functions.sh
+++ b/tools/testing/selftests/livepatch/functions.sh
@@ -86,7 +86,7 @@ function set_ftrace_enabled() {
if [[ "$result" != "$1" ]] ; then
if [[ $can_fail -eq 1 ]] ; then
- echo "livepatch: $err" > /dev/kmsg
+ echo "livepatch: $err" | sed 's#/proc/sys/kernel/#kernel.#' > /dev/kmsg
return
fi
--
2.26.3
Dzień dobry,
kontaktuję się z Państwem, ponieważ chciałbym zaproponować wygodne rozwiązanie, które umożliwi Państwa firmie stabilny rozwój.
Konkurencyjne otoczenie wymaga ciągłego ulepszania i poszerzenia oferty, co z kolei wiąże się z koniecznością inwestowania. Brak odpowiedniego kapitału poważnie ogranicza tempo rozwoju firmy.
Od wielu lat z powodzeniem pomagam firmom w uzyskaniu najlepszej formy finansowania z banku oraz UE. Mam stałych Klientów, którzy nadal chętnie korzystają z moich usług, a także polecają je innym.
Czy chcieliby Państwo skorzystać z pomocy wykwalifikowanego i doświadczonego doradcy finansowego?
Pozdrawiam
Jakub Olejniczak
The walk implementation of most qdisc class modules is basically the
same. That is, the values of count and skip are checked first. If count
is greater than or equal to skip, the registered fn function is
executed. Otherwise, increase the value of count. So the code can be
refactored.
The walk function is invoked during dump. Therefore, test cases related
to the tdc filter need to be added.
Last, thanks to Victor and Toke for their review.
Add test cases locally and perform the test. The test results are listed
below:
./tdc.py -c cake
ok 1 1212 - Create CAKE with default setting
ok 2 3281 - Create CAKE with bandwidth limit
ok 3 c940 - Create CAKE with autorate-ingress flag
ok 4 2310 - Create CAKE with rtt time
ok 5 2385 - Create CAKE with besteffort flag
ok 6 a032 - Create CAKE with diffserv8 flag
ok 7 2349 - Create CAKE with diffserv4 flag
ok 8 8472 - Create CAKE with flowblind flag
ok 9 2341 - Create CAKE with dsthost and nat flag
ok 10 5134 - Create CAKE with wash flag
ok 11 2302 - Create CAKE with flowblind and no-split-gso flag
ok 12 0768 - Create CAKE with dual-srchost and ack-filter flag
ok 13 0238 - Create CAKE with dual-dsthost and ack-filter-aggressive flag
ok 14 6572 - Create CAKE with memlimit and ptm flag
ok 15 2436 - Create CAKE with fwmark and atm flag
ok 16 3984 - Create CAKE with overhead and mpu
ok 17 5421 - Create CAKE with conservative and ingress flag
ok 18 6854 - Delete CAKE with conservative and ingress flag
ok 19 2342 - Replace CAKE with mpu
ok 20 2313 - Change CAKE with mpu
ok 21 4365 - Show CAKE class
./tdc.py -c cbq
ok 1 3460 - Create CBQ with default setting
ok 2 0592 - Create CBQ with mpu
ok 3 4684 - Create CBQ with valid cell num
ok 4 4345 - Create CBQ with invalid cell num
ok 5 4525 - Create CBQ with valid ewma
ok 6 6784 - Create CBQ with invalid ewma
ok 7 5468 - Delete CBQ with handle
ok 8 492a - Show CBQ class
./tdc.py -c cbs
ok 1 1820 - Create CBS with default setting
ok 2 1532 - Create CBS with hicredit setting
ok 3 2078 - Create CBS with locredit setting
ok 4 9271 - Create CBS with sendslope setting
ok 5 0482 - Create CBS with idleslope setting
ok 6 e8f3 - Create CBS with multiple setting
ok 7 23c9 - Replace CBS with sendslope setting
ok 8 a07a - Change CBS with idleslope setting
ok 9 43b3 - Delete CBS with handle
ok 10 9472 - Show CBS class
./tdc.py -c drr
ok 1 0385 - Create DRR with default setting
ok 2 2375 - Delete DRR with handle
ok 3 3092 - Show DRR class
./tdc.py -c dsmark
ok 1 6345 - Create DSMARK with default setting
ok 2 3462 - Create DSMARK with default_index setting
ok 3 ca95 - Create DSMARK with set_tc_index flag
ok 4 a950 - Create DSMARK with multiple setting
ok 5 4092 - Delete DSMARK with handle
ok 6 5930 - Show DSMARK class
./tdc.py -c fq_codel
ok 1 4957 - Create FQ_CODEL with default setting
ok 2 7621 - Create FQ_CODEL with limit setting
ok 3 6871 - Create FQ_CODEL with memory_limit setting
ok 4 5636 - Create FQ_CODEL with target setting
ok 5 630a - Create FQ_CODEL with interval setting
ok 6 4324 - Create FQ_CODEL with quantum setting
ok 7 b190 - Create FQ_CODEL with noecn flag
ok 8 5381 - Create FQ_CODEL with ce_threshold setting
ok 9 c9d2 - Create FQ_CODEL with drop_batch setting
ok 10 523b - Create FQ_CODEL with multiple setting
ok 11 9283 - Replace FQ_CODEL with noecn setting
ok 12 3459 - Change FQ_CODEL with limit setting
ok 13 0128 - Delete FQ_CODEL with handle
ok 14 0435 - Show FQ_CODEL class
./tdc.py -c hfsc
ok 1 3254 - Create HFSC with default setting
ok 2 0289 - Create HFSC with class sc and ul rate setting
ok 3 846a - Create HFSC with class sc umax and dmax setting
ok 4 5413 - Create HFSC with class rt and ls rate setting
ok 5 9312 - Create HFSC with class rt umax and dmax setting
ok 6 6931 - Delete HFSC with handle
ok 7 8436 - Show HFSC class
./tdc.py -c htb
ok 1 0904 - Create HTB with default setting
ok 2 3906 - Create HTB with default-N setting
ok 3 8492 - Create HTB with r2q setting
ok 4 9502 - Create HTB with direct_qlen setting
ok 5 b924 - Create HTB with class rate and burst setting
ok 6 4359 - Create HTB with class mpu setting
ok 7 9048 - Create HTB with class prio setting
ok 8 4994 - Create HTB with class ceil setting
ok 9 9523 - Create HTB with class cburst setting
ok 10 5353 - Create HTB with class mtu setting
ok 11 346a - Create HTB with class quantum setting
ok 12 303a - Delete HTB with handle
./tdc.py -c mqprio
ok 1 9903 - Add mqprio Qdisc to multi-queue device (8 queues)
ok 2 453a - Delete nonexistent mqprio Qdisc
ok 3 5292 - Delete mqprio Qdisc twice
ok 4 45a9 - Add mqprio Qdisc to single-queue device
ok 5 2ba9 - Show mqprio class
./tdc.py -c multiq
ok 1 20ba - Add multiq Qdisc to multi-queue device (8 queues)
ok 2 4301 - List multiq Class
ok 3 7832 - Delete nonexistent multiq Qdisc
ok 4 2891 - Delete multiq Qdisc twice
ok 5 1329 - Add multiq Qdisc to single-queue device
./tdc.py -c netem
ok 1 cb28 - Create NETEM with default setting
ok 2 a089 - Create NETEM with limit flag
ok 3 3449 - Create NETEM with delay time
ok 4 3782 - Create NETEM with distribution and corrupt flag
ok 5 2b82 - Create NETEM with distribution and duplicate flag
ok 6 a932 - Create NETEM with distribution and loss flag
ok 7 e01a - Create NETEM with distribution and loss state flag
ok 8 ba29 - Create NETEM with loss gemodel flag
ok 9 0492 - Create NETEM with reorder flag
ok 10 7862 - Create NETEM with rate limit
ok 11 7235 - Create NETEM with multiple slot rate
ok 12 5439 - Create NETEM with multiple slot setting
ok 13 5029 - Change NETEM with loss state
ok 14 3785 - Replace NETEM with delay time
ok 15 4502 - Delete NETEM with handle
ok 16 0785 - Show NETEM class
./tdc.py -c qfq
ok 1 0582 - Create QFQ with default setting
ok 2 c9a3 - Create QFQ with class weight setting
ok 3 8452 - Create QFQ with class maxpkt setting
ok 4 d920 - Create QFQ with multiple class setting
ok 5 0548 - Delete QFQ with handle
ok 6 5901 - Show QFQ class
./tdc.py -e 0521
ok 1 0521 - Show ingress class
./tdc.py -e 1023
ok 1 1023 - Show mq class
./tdc.py -e 2410
ok 1 2410 - Show prio class
./tdc.py -e 290a
ok 1 290a - Show RED class
---
v3: adjust the order of input parameters, and modify subject
prefix of tc-testing
v2: change the ID of test case
---
Zhengchao Shao (18):
net/sched: sch_api: add helper for tc qdisc walker stats dump
net/sched: use tc_qdisc_stats_dump() in qdisc
selftests/tc-testing: add selftests for cake qdisc
selftests/tc-testing: add selftests for cbq qdisc
selftests/tc-testing: add selftests for cbs qdisc
selftests/tc-testing: add selftests for drr qdisc
selftests/tc-testing: add selftests for dsmark qdisc
selftests/tc-testing: add selftests for fq_codel qdisc
selftests/tc-testing: add selftests for hfsc qdisc
selftests/tc-testing: add selftests for htb qdisc
selftests/tc-testing: add selftests for mqprio qdisc
selftests/tc-testing: add selftests for multiq qdisc
selftests/tc-testing: add selftests for netem qdisc
selftests/tc-testing: add selftests for qfq qdisc
selftests/tc-testing: add show class case for ingress qdisc
selftests/tc-testing: add show class case for mq qdisc
selftests/tc-testing: add show class case for prio qdisc
selftests/tc-testing: add show class case for red qdisc
include/net/pkt_sched.h | 13 +
net/sched/sch_atm.c | 6 +-
net/sched/sch_cake.c | 9 +-
net/sched/sch_cbq.c | 9 +-
net/sched/sch_cbs.c | 8 +-
net/sched/sch_drr.c | 9 +-
net/sched/sch_dsmark.c | 14 +-
net/sched/sch_ets.c | 9 +-
net/sched/sch_fq_codel.c | 8 +-
net/sched/sch_hfsc.c | 9 +-
net/sched/sch_htb.c | 9 +-
net/sched/sch_mq.c | 5 +-
net/sched/sch_mqprio.c | 5 +-
net/sched/sch_multiq.c | 9 +-
net/sched/sch_netem.c | 8 +-
net/sched/sch_prio.c | 9 +-
net/sched/sch_qfq.c | 9 +-
net/sched/sch_red.c | 7 +-
net/sched/sch_sfb.c | 7 +-
net/sched/sch_sfq.c | 8 +-
net/sched/sch_skbprio.c | 9 +-
net/sched/sch_taprio.c | 5 +-
net/sched/sch_tbf.c | 7 +-
.../tc-testing/tc-tests/qdiscs/cake.json | 487 ++++++++++++++++++
.../tc-testing/tc-tests/qdiscs/cbq.json | 184 +++++++
.../tc-testing/tc-tests/qdiscs/cbs.json | 234 +++++++++
.../tc-testing/tc-tests/qdiscs/drr.json | 71 +++
.../tc-testing/tc-tests/qdiscs/dsmark.json | 140 +++++
.../tc-testing/tc-tests/qdiscs/fq_codel.json | 326 ++++++++++++
.../tc-testing/tc-tests/qdiscs/hfsc.json | 167 ++++++
.../tc-testing/tc-tests/qdiscs/htb.json | 285 ++++++++++
.../tc-testing/tc-tests/qdiscs/ingress.json | 20 +
.../tc-testing/tc-tests/qdiscs/mq.json | 24 +-
.../tc-testing/tc-tests/qdiscs/mqprio.json | 114 ++++
.../tc-testing/tc-tests/qdiscs/multiq.json | 114 ++++
.../tc-testing/tc-tests/qdiscs/netem.json | 372 +++++++++++++
.../tc-testing/tc-tests/qdiscs/prio.json | 20 +
.../tc-testing/tc-tests/qdiscs/qfq.json | 145 ++++++
.../tc-testing/tc-tests/qdiscs/red.json | 23 +
39 files changed, 2769 insertions(+), 148 deletions(-)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/cake.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/cbq.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/cbs.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/drr.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/dsmark.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/fq_codel.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/hfsc.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/htb.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/mqprio.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/multiq.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/netem.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/qfq.json
--
2.17.1
We use a local variable hwcap to refer to the element of the hwcaps array
which we are currently checking. When checking for the relevant hwcap bit
being set in testing we were dereferencing hwcaps rather than hwcap in
fetching the AT_HWCAP to use, which is perfectly valid C but means we were
always checking the bit was set in the hwcap for whichever feature is first
in the array. Remove the stray s.
Signed-off-by: Mark Brown <broonie(a)kernel.org>
---
tools/testing/selftests/arm64/abi/hwcap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/arm64/abi/hwcap.c b/tools/testing/selftests/arm64/abi/hwcap.c
index 322d9b92bbe3..75eb470eb432 100644
--- a/tools/testing/selftests/arm64/abi/hwcap.c
+++ b/tools/testing/selftests/arm64/abi/hwcap.c
@@ -307,7 +307,7 @@ int main(void)
for (i = 0; i < ARRAY_SIZE(hwcaps); i++) {
hwcap = &hwcaps[i];
- have_hwcap = getauxval(hwcaps->at_hwcap) & hwcap->hwcap_bit;
+ have_hwcap = getauxval(hwcap->at_hwcap) & hwcap->hwcap_bit;
have_cpuinfo = cpuinfo_present(hwcap->cpuinfo);
if (have_hwcap)
--
2.30.2
When SME was initially merged we did not add support for TPIDR2_EL0 to
the ptrace interface, creating difficulties for debuggers in accessing
lazy save state for ZA. This series implements that support, extending
the existing NT_ARM_TLS regset to support the register when available,
and adds kselftest coverage for the existing and new NT_ARM_TLS
functionality.
Existing programs that query the size of the register set will be able
to observe the increased size of the register set. Programs that assume
the register set is single register will see no change. On systems that
do not support SME TPIDR2_EL0 will read as 0 and writes will be ignored,
support for SME should be queried via hwcaps as normal.
v4:
- Rebase onto v6.0-rc3.
v3:
- Fix copyright date on test program.
v2:
- Rebase onto v6.0-rc1.
Mark Brown (4):
kselftest/arm64: Add test coverage for NT_ARM_TLS
arm64/ptrace: Document extension of NT_ARM_TLS to cover TPIDR2_EL0
arm64/ptrace: Support access to TPIDR2_EL0
kselftest/arm64: Add coverage of TPIDR2_EL0 ptrace interface
Documentation/arm64/sme.rst | 3 +
arch/arm64/kernel/ptrace.c | 25 +-
tools/testing/selftests/arm64/abi/.gitignore | 1 +
tools/testing/selftests/arm64/abi/Makefile | 2 +-
tools/testing/selftests/arm64/abi/ptrace.c | 241 +++++++++++++++++++
5 files changed, 266 insertions(+), 6 deletions(-)
create mode 100644 tools/testing/selftests/arm64/abi/ptrace.c
base-commit: b90cb1053190353cc30f0fef0ef1f378ccc063c5
--
2.30.2
From: Xu Panda <xu.panda(a)zte.com.cn>
Not using absolute path when invoking wget can lead to serious
security issues.
Reported-by: Zeal Robot <zealci(a)zte.com.cn>
Signed-off-by: Xu Panda <xu.panda(a)zte.com.cn>
---
tools/testing/kunit/qemu_configs/riscv.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/kunit/qemu_configs/riscv.py b/tools/testing/kunit/qemu_configs/riscv.py
index 6207be146d26..c3dcd654ca15 100644
--- a/tools/testing/kunit/qemu_configs/riscv.py
+++ b/tools/testing/kunit/qemu_configs/riscv.py
@@ -11,7 +11,7 @@ if not os.path.isfile(OPENSBI_FILE):
'Would you like me to download it for you from:\n' + GITHUB_OPENSBI_URL + ' ?\n')
response = input('yes/[no]: ')
if response.strip() == 'yes':
- os.system('wget ' + GITHUB_OPENSBI_URL)
+ os.system('/usr/bin/wget ' + GITHUB_OPENSBI_URL)
else:
sys.exit()
--
2.15.2
The simple attribute files do not accept a negative value since the
commit 488dac0c9237 ("libfs: fix error cast of negative value in
simple_attr_write()"), but some attribute files want to accept
a negative value.
Akinobu Mita (3):
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
lib/notifier-error-inject: fix error when writing -errno to debugfs
file
debugfs: fix error when writing negative value to atomic_t debugfs
file
.../fault-injection/fault-injection.rst | 10 +++----
fs/debugfs/file.c | 28 +++++++++++++++----
fs/libfs.c | 22 +++++++++++++--
include/linux/debugfs.h | 19 +++++++++++--
include/linux/fs.h | 12 ++++++--
lib/notifier-error-inject.c | 2 +-
6 files changed, 73 insertions(+), 20 deletions(-)
--
2.34.1
From: Roberto Sassu <roberto.sassu(a)huawei.com>
One of the desirable features in security is the ability to restrict import
of data to a given system based on data authenticity. If data import can be
restricted, it would be possible to enforce a system-wide policy based on
the signing keys the system owner trusts.
This feature is widely used in the kernel. For example, if the restriction
is enabled, kernel modules can be plugged in only if they are signed with a
key whose public part is in the primary or secondary keyring.
For eBPF, it can be useful as well. For example, it might be useful to
authenticate data an eBPF program makes security decisions on.
After a discussion in the eBPF mailing list, it was decided that the stated
goal should be accomplished by introducing four new kfuncs:
bpf_lookup_user_key() and bpf_lookup_system_key(), for retrieving a keyring
with keys trusted for signature verification, respectively from its serial
and from a pre-determined ID; bpf_key_put(), to release the reference
obtained with the former two kfuncs, bpf_verify_pkcs7_signature(), for
verifying PKCS#7 signatures.
Other than the key serial, bpf_lookup_user_key() also accepts key lookup
flags, that influence the behavior of the lookup. bpf_lookup_system_key()
accepts pre-determined IDs defined in include/linux/verification.h.
bpf_key_put() accepts the new bpf_key structure, introduced to tell whether
the other structure member, a key pointer, is valid or not. The reason is
that verify_pkcs7_signature() also accepts invalid pointers, set with the
pre-determined ID, to select a system-defined keyring. key_put() must be
called only for valid key pointers.
Since the two key lookup functions allocate memory and one increments a key
reference count, they must be used in conjunction with bpf_key_put(). The
latter must be called only if the lookup functions returned a non-NULL
pointer. The verifier denies the execution of eBPF programs that don't
respect this rule.
The two key lookup functions should be used in alternative, depending on
the use case. While bpf_lookup_user_key() provides great flexibility, it
seems suboptimal in terms of security guarantees, as even if the eBPF
program is assumed to be trusted, the serial used to obtain the key pointer
might come from untrusted user space not choosing one that the system
administrator approves to enforce a mandatory policy.
bpf_lookup_system_key() instead provides much stronger guarantees,
especially if the pre-determined ID is not passed by user space but is
hardcoded in the eBPF program, and that program is signed. In this case,
bpf_verify_pkcs7_signature() will always perform signature verification
with a key that the system administrator approves, i.e. the primary,
secondary or platform keyring.
Nevertheless, key permission checks need to be done accurately. Since
bpf_lookup_user_key() cannot determine how a key will be used by other
kfuncs, it has to defer the permission check to the actual kfunc using the
key. It does it by calling lookup_user_key() with KEY_DEFER_PERM_CHECK as
needed permission. Later, bpf_verify_pkcs7_signature(), if called,
completes the permission check by calling key_validate(). It does not need
to call key_task_permission() with permission KEY_NEED_SEARCH, as it is
already done elsewhere by the key subsystem. Future kfuncs using the
bpf_key structure need to implement the proper checks as well.
Finally, the last kfunc, bpf_verify_pkcs7_signature(), accepts the data and
signature to verify as eBPF dynamic pointers, to minimize the number of
kfunc parameters, and the keyring with keys for signature verification as a
bpf_key structure, returned by one of the two key lookup functions.
bpf_lookup_user_key() and bpf_verify_pkcs7_signature() can be called only
from sleepable programs, because of memory allocation and crypto
operations. For example, the lsm.s/bpf attach point is suitable,
fexit/array_map_update_elem is not.
The correctness of implementation of the new kfuncs and of their usage is
checked with the introduced tests.
The patch set includes a patch from another author (dependency) for sake of
completeness. It is organized as follows.
Patch 1 from KP Singh allows kfuncs to be used by LSM programs. Patch 2
exports the bpf_dynptr definition through BTF. Patch 3 splits
is_dynptr_reg_valid_init() and introduces is_dynptr_type_expected(), to
know more precisely the cause of a negative result of a dynamic pointer
check. Patch 4 allows dynamic pointers to be used as kfunc parameters.
Patch 5 exports bpf_dynptr_get_size(), to obtain the real size of data
carried by a dynamic pointer. Patch 6 makes available for new eBPF kfuncs
and programs some key-related definitions. Patch 7 introduces the
bpf_lookup_*_key() and bpf_key_put() kfuncs. Patch 8 introduces the
bpf_verify_pkcs7_signature() kfunc. Patch 9 changes the testing kernel
configuration to compile everything as built-in. Finally, patches 10-13
introduce the tests.
Changelog
v17:
- Remove unnecessary typedefs in test_verify_pkcs7_sig.c (suggested by KP)
- Add patch to export bpf_dynptr through BTF (reported by KP)
- Rename u{8,16,32,64} variables to __u{8,16,32,64} in the tests, for
consistency with other eBPF programs (suggested by Yonghong)
v16:
- Remove comments in include/linux/key.h for KEY_LOOKUP_*
- Change kmalloc() flag from GFP_ATOMIC to GFP_KERNEL in
bpf_lookup_user_key(), as the kfunc needs anyway to be sleepable
(suggested by Kumar)
- Test passing a dynamic pointer with NULL data to
bpf_verify_pkcs7_signature() (suggested by Kumar)
v15:
- Add kfunc_dynptr_param test to deny list for s390x
v14:
- Explain that is_dynptr_type_expected() will be useful also for BTF
(suggested by Joanne)
- Rename KEY_LOOKUP_FLAGS_ALL to KEY_LOOKUP_ALL (suggested by Jarkko)
- Swap declaration of spi and dynptr_type in is_dynptr_type_expected()
(suggested by Joanne)
- Reimplement kfunc dynptr tests with a regular eBPF program instead of
executing them with test_verifier (suggested by Joanne)
- Make key lookup flags as enum so that they are automatically exported
through BTF (suggested by Alexei)
v13:
- Split is_dynptr_reg_valid_init() and introduce is_dynptr_type_expected()
to see if the dynamic pointer type passed as argument to a kfunc is
supported (suggested by Kumar)
- Add forward declaration of struct key in include/linux/bpf.h (suggested
by Song)
- Declare mask for key lookup flags, remove key_lookup_flags_check()
(suggested by Jarkko and KP)
- Allow only certain dynamic pointer types (currently, local) to be passed
as argument to kfuncs (suggested by Kumar)
- For each dynamic pointer parameter in kfunc, additionally check if the
passed pointer is to the stack (suggested by Kumar)
- Split the validity/initialization and dynamic pointer type check also in
the verifier, and adjust the expected error message in the test (a test
for an unexpected dynptr type passed to a helper cannot be added due to
missing suitable helpers, but this case has been tested manually)
- Add verifier tests to check the dynamic pointers passed as argument to
kfuncs (suggested by Kumar)
v12:
- Put lookup_key and verify_pkcs7_sig tests in deny list for s390x (JIT
does not support calling kernel function)
v11:
- Move stringify_struct() macro to include/linux/btf.h (suggested by
Daniel)
- Change kernel configuration options in
tools/testing/selftests/bpf/config* from =m to =y
v10:
- Introduce key_lookup_flags_check() and system_keyring_id_check() inline
functions to check parameters (suggested by KP)
- Fix descriptions and comment of key-related kfuncs (suggested by KP)
- Register kfunc set only once (suggested by Alexei)
- Move needed kernel options to the architecture-independent configuration
for testing
v9:
- Drop patch to introduce KF_SLEEPABLE kfunc flag (already merged)
- Rename valid_ptr member of bpf_key to has_ref (suggested by Daniel)
- Check dynamic pointers in kfunc definition with bpf_dynptr_kern struct
definition instead of string, to detect structure renames (suggested by
Daniel)
- Explicitly say that we permit initialized dynamic pointers in kfunc
definition (suggested by Daniel)
- Remove noinline __weak from kfuncs definition (reported by Daniel)
- Simplify key lookup flags check in bpf_lookup_user_key() (suggested by
Daniel)
- Explain the reason for deferring key permission check (suggested by
Daniel)
- Allocate memory with GFP_ATOMIC in bpf_lookup_system_key(), and remove
KF_SLEEPABLE kfunc flag from kfunc declaration (suggested by Daniel)
- Define only one kfunc set and remove the loop for registration
(suggested by Alexei)
v8:
- Define the new bpf_key structure to carry the key pointer and whether
that pointer is valid or not (suggested by Daniel)
- Drop patch to mark a kfunc parameter with the __maybe_null suffix
- Improve documentation of kfuncs
- Introduce bpf_lookup_system_key() to obtain a key pointer suitable for
verify_pkcs7_signature() (suggested by Daniel)
- Use the new kfunc registration API
- Drop patch to test the __maybe_null suffix
- Add tests for bpf_lookup_system_key()
v7:
- Add support for using dynamic and NULL pointers in kfunc (suggested by
Alexei)
- Add new kfunc-related tests
v6:
- Switch back to key lookup helpers + signature verification (until v5),
and defer permission check from bpf_lookup_user_key() to
bpf_verify_pkcs7_signature()
- Add additional key lookup test to illustrate the usage of the
KEY_LOOKUP_CREATE flag and validate the flags (suggested by Daniel)
- Make description of flags of bpf_lookup_user_key() more user-friendly
(suggested by Daniel)
- Fix validation of flags parameter in bpf_lookup_user_key() (reported by
Daniel)
- Rename bpf_verify_pkcs7_signature() keyring-related parameters to
user_keyring and system_keyring to make their purpose more clear
- Accept keyring-related parameters of bpf_verify_pkcs7_signature() as
alternatives (suggested by KP)
- Replace unsigned long type with u64 in helper declaration (suggested by
Daniel)
- Extend the bpf_verify_pkcs7_signature() test by calling the helper
without data, by ensuring that the helper enforces the keyring-related
parameters as alternatives, by ensuring that the helper rejects
inaccessible and expired keyrings, and by checking all system keyrings
- Move bpf_lookup_user_key() and bpf_key_put() usage tests to
ref_tracking.c (suggested by John)
- Call bpf_lookup_user_key() and bpf_key_put() only in sleepable programs
v5:
- Move KEY_LOOKUP_ to include/linux/key.h
for validation of bpf_verify_pkcs7_signature() parameter
- Remove bpf_lookup_user_key() and bpf_key_put() helpers, and the
corresponding tests
- Replace struct key parameter of bpf_verify_pkcs7_signature() with the
keyring serial and lookup flags
- Call lookup_user_key() and key_put() in bpf_verify_pkcs7_signature()
code, to ensure that the retrieved key is used according to the
permission requested at lookup time
- Clarified keyring precedence in the description of
bpf_verify_pkcs7_signature() (suggested by John)
- Remove newline in the second argument of ASSERT_
- Fix helper prototype regular expression in bpf_doc.py
v4:
- Remove bpf_request_key_by_id(), don't return an invalid pointer that
other helpers can use
- Pass the keyring ID (without ULONG_MAX, suggested by Alexei) to
bpf_verify_pkcs7_signature()
- Introduce bpf_lookup_user_key() and bpf_key_put() helpers (suggested by
Alexei)
- Add lookup_key_norelease test, to ensure that the verifier blocks eBPF
programs which don't decrement the key reference count
- Parse raw PKCS#7 signature instead of module-style signature in the
verify_pkcs7_signature test (suggested by Alexei)
- Parse kernel module in user space and pass raw PKCS#7 signature to the
eBPF program for signature verification
v3:
- Rename bpf_verify_signature() back to bpf_verify_pkcs7_signature() to
avoid managing different parameters for each signature verification
function in one helper (suggested by Daniel)
- Use dynamic pointers and export bpf_dynptr_get_size() (suggested by
Alexei)
- Introduce bpf_request_key_by_id() to give more flexibility to the caller
of bpf_verify_pkcs7_signature() to retrieve the appropriate keyring
(suggested by Alexei)
- Fix test by reordering the gcc command line, always compile sign-file
- Improve helper support check mechanism in the test
v2:
- Rename bpf_verify_pkcs7_signature() to a more generic
bpf_verify_signature() and pass the signature type (suggested by KP)
- Move the helper and prototype declaration under #ifdef so that user
space can probe for support for the helper (suggested by Daniel)
- Describe better the keyring types (suggested by Daniel)
- Include linux/bpf.h instead of vmlinux.h to avoid implicit or
redeclaration
- Make the test selfcontained (suggested by Alexei)
v1:
- Don't define new map flag but introduce simple wrapper of
verify_pkcs7_signature() (suggested by Alexei and KP)
KP Singh (1):
bpf: Allow kfuncs to be used in LSM programs
Roberto Sassu (12):
btf: Export bpf_dynptr definition
bpf: Move dynptr type check to is_dynptr_type_expected()
btf: Allow dynamic pointer parameters in kfuncs
bpf: Export bpf_dynptr_get_size()
KEYS: Move KEY_LOOKUP_ to include/linux/key.h and define
KEY_LOOKUP_ALL
bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs
bpf: Add bpf_verify_pkcs7_signature() kfunc
selftests/bpf: Compile kernel with everything as built-in
selftests/bpf: Add verifier tests for bpf_lookup_*_key() and
bpf_key_put()
selftests/bpf: Add additional tests for bpf_lookup_*_key()
selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc
selftests/bpf: Add tests for dynamic pointers parameters in kfuncs
include/linux/bpf.h | 9 +
include/linux/bpf_verifier.h | 5 +
include/linux/btf.h | 9 +
include/linux/key.h | 6 +
include/linux/verification.h | 8 +
kernel/bpf/btf.c | 34 ++
kernel/bpf/helpers.c | 4 +-
kernel/bpf/verifier.c | 35 +-
kernel/trace/bpf_trace.c | 180 ++++++++
security/keys/internal.h | 2 -
tools/testing/selftests/bpf/DENYLIST.s390x | 3 +
tools/testing/selftests/bpf/Makefile | 14 +-
tools/testing/selftests/bpf/config | 32 +-
tools/testing/selftests/bpf/config.x86_64 | 7 +-
.../testing/selftests/bpf/prog_tests/dynptr.c | 2 +-
.../bpf/prog_tests/kfunc_dynptr_param.c | 164 +++++++
.../selftests/bpf/prog_tests/lookup_key.c | 112 +++++
.../bpf/prog_tests/verify_pkcs7_sig.c | 399 ++++++++++++++++++
.../bpf/progs/test_kfunc_dynptr_param.c | 94 +++++
.../selftests/bpf/progs/test_lookup_key.c | 46 ++
.../bpf/progs/test_verify_pkcs7_sig.c | 90 ++++
tools/testing/selftests/bpf/test_verifier.c | 3 +-
.../selftests/bpf/verifier/ref_tracking.c | 139 ++++++
.../testing/selftests/bpf/verify_sig_setup.sh | 104 +++++
24 files changed, 1466 insertions(+), 35 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/kfunc_dynptr_param.c
create mode 100644 tools/testing/selftests/bpf/prog_tests/lookup_key.c
create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
create mode 100644 tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
create mode 100644 tools/testing/selftests/bpf/progs/test_lookup_key.c
create mode 100644 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
create mode 100755 tools/testing/selftests/bpf/verify_sig_setup.sh
--
2.25.1
From: Roberto Sassu <roberto.sassu(a)huawei.com>
One of the desirable features in security is the ability to restrict import
of data to a given system based on data authenticity. If data import can be
restricted, it would be possible to enforce a system-wide policy based on
the signing keys the system owner trusts.
This feature is widely used in the kernel. For example, if the restriction
is enabled, kernel modules can be plugged in only if they are signed with a
key whose public part is in the primary or secondary keyring.
For eBPF, it can be useful as well. For example, it might be useful to
authenticate data an eBPF program makes security decisions on.
After a discussion in the eBPF mailing list, it was decided that the stated
goal should be accomplished by introducing four new kfuncs:
bpf_lookup_user_key() and bpf_lookup_system_key(), for retrieving a keyring
with keys trusted for signature verification, respectively from its serial
and from a pre-determined ID; bpf_key_put(), to release the reference
obtained with the former two kfuncs, bpf_verify_pkcs7_signature(), for
verifying PKCS#7 signatures.
Other than the key serial, bpf_lookup_user_key() also accepts key lookup
flags, that influence the behavior of the lookup. bpf_lookup_system_key()
accepts pre-determined IDs defined in include/linux/verification.h.
bpf_key_put() accepts the new bpf_key structure, introduced to tell whether
the other structure member, a key pointer, is valid or not. The reason is
that verify_pkcs7_signature() also accepts invalid pointers, set with the
pre-determined ID, to select a system-defined keyring. key_put() must be
called only for valid key pointers.
Since the two key lookup functions allocate memory and one increments a key
reference count, they must be used in conjunction with bpf_key_put(). The
latter must be called only if the lookup functions returned a non-NULL
pointer. The verifier denies the execution of eBPF programs that don't
respect this rule.
The two key lookup functions should be used in alternative, depending on
the use case. While bpf_lookup_user_key() provides great flexibility, it
seems suboptimal in terms of security guarantees, as even if the eBPF
program is assumed to be trusted, the serial used to obtain the key pointer
might come from untrusted user space not choosing one that the system
administrator approves to enforce a mandatory policy.
bpf_lookup_system_key() instead provides much stronger guarantees,
especially if the pre-determined ID is not passed by user space but is
hardcoded in the eBPF program, and that program is signed. In this case,
bpf_verify_pkcs7_signature() will always perform signature verification
with a key that the system administrator approves, i.e. the primary,
secondary or platform keyring.
Nevertheless, key permission checks need to be done accurately. Since
bpf_lookup_user_key() cannot determine how a key will be used by other
kfuncs, it has to defer the permission check to the actual kfunc using the
key. It does it by calling lookup_user_key() with KEY_DEFER_PERM_CHECK as
needed permission. Later, bpf_verify_pkcs7_signature(), if called,
completes the permission check by calling key_validate(). It does not need
to call key_task_permission() with permission KEY_NEED_SEARCH, as it is
already done elsewhere by the key subsystem. Future kfuncs using the
bpf_key structure need to implement the proper checks as well.
Finally, the last kfunc, bpf_verify_pkcs7_signature(), accepts the data and
signature to verify as eBPF dynamic pointers, to minimize the number of
kfunc parameters, and the keyring with keys for signature verification as a
bpf_key structure, returned by one of the two key lookup functions.
bpf_lookup_user_key() and bpf_verify_pkcs7_signature() can be called only
from sleepable programs, because of memory allocation and crypto
operations. For example, the lsm.s/bpf attach point is suitable,
fexit/array_map_update_elem is not.
The correctness of implementation of the new kfuncs and of their usage is
checked with the introduced tests.
The patch set includes a patch from another author (dependency) for sake of
completeness. It is organized as follows.
Patch 1 from KP Singh allows kfuncs to be used by LSM programs. Patch 2
splits is_dynptr_reg_valid_init() and introduces is_dynptr_type_expected(),
to know more precisely the cause of a negative result of a dynamic pointer
check. Patch 3 allows dynamic pointers to be used as kfunc parameters.
Patch 4 exports bpf_dynptr_get_size(), to obtain the real size of data
carried by a dynamic pointer. Patch 5 makes available for new eBPF kfuncs
and programs some key-related definitions. Patch 6 introduces the
bpf_lookup_*_key() and bpf_key_put() kfuncs. Patch 7 introduces the
bpf_verify_pkcs7_signature() kfunc. Patch 8 changes the testing kernel
configuration to compile everything as built-in. Finally, patches 9-12
introduce the tests.
Changelog
v16:
- Remove comments in include/linux/key.h for KEY_LOOKUP_*
- Change kmalloc() flag from GFP_ATOMIC to GFP_KERNEL in
bpf_lookup_user_key(), as the kfunc needs anyway to be sleepable
(suggested by Kumar)
- Test passing a dynamic pointer with NULL data to
bpf_verify_pkcs7_signature() (suggested by Kumar)
v15:
- Add kfunc_dynptr_param test to deny list for s390x
v14:
- Explain that is_dynptr_type_expected() will be useful also for BTF
(suggested by Joanne)
- Rename KEY_LOOKUP_FLAGS_ALL to KEY_LOOKUP_ALL (suggested by Jarkko)
- Swap declaration of spi and dynptr_type in is_dynptr_type_expected()
(suggested by Joanne)
- Reimplement kfunc dynptr tests with a regular eBPF program instead of
executing them with test_verifier (suggested by Joanne)
- Make key lookup flags as enum so that they are automatically exported
through BTF (suggested by Alexei)
v13:
- Split is_dynptr_reg_valid_init() and introduce is_dynptr_type_expected()
to see if the dynamic pointer type passed as argument to a kfunc is
supported (suggested by Kumar)
- Add forward declaration of struct key in include/linux/bpf.h (suggested
by Song)
- Declare mask for key lookup flags, remove key_lookup_flags_check()
(suggested by Jarkko and KP)
- Allow only certain dynamic pointer types (currently, local) to be passed
as argument to kfuncs (suggested by Kumar)
- For each dynamic pointer parameter in kfunc, additionally check if the
passed pointer is to the stack (suggested by Kumar)
- Split the validity/initialization and dynamic pointer type check also in
the verifier, and adjust the expected error message in the test (a test
for an unexpected dynptr type passed to a helper cannot be added due to
missing suitable helpers, but this case has been tested manually)
- Add verifier tests to check the dynamic pointers passed as argument to
kfuncs (suggested by Kumar)
v12:
- Put lookup_key and verify_pkcs7_sig tests in deny list for s390x (JIT
does not support calling kernel function)
v11:
- Move stringify_struct() macro to include/linux/btf.h (suggested by
Daniel)
- Change kernel configuration options in
tools/testing/selftests/bpf/config* from =m to =y
v10:
- Introduce key_lookup_flags_check() and system_keyring_id_check() inline
functions to check parameters (suggested by KP)
- Fix descriptions and comment of key-related kfuncs (suggested by KP)
- Register kfunc set only once (suggested by Alexei)
- Move needed kernel options to the architecture-independent configuration
for testing
v9:
- Drop patch to introduce KF_SLEEPABLE kfunc flag (already merged)
- Rename valid_ptr member of bpf_key to has_ref (suggested by Daniel)
- Check dynamic pointers in kfunc definition with bpf_dynptr_kern struct
definition instead of string, to detect structure renames (suggested by
Daniel)
- Explicitly say that we permit initialized dynamic pointers in kfunc
definition (suggested by Daniel)
- Remove noinline __weak from kfuncs definition (reported by Daniel)
- Simplify key lookup flags check in bpf_lookup_user_key() (suggested by
Daniel)
- Explain the reason for deferring key permission check (suggested by
Daniel)
- Allocate memory with GFP_ATOMIC in bpf_lookup_system_key(), and remove
KF_SLEEPABLE kfunc flag from kfunc declaration (suggested by Daniel)
- Define only one kfunc set and remove the loop for registration
(suggested by Alexei)
v8:
- Define the new bpf_key structure to carry the key pointer and whether
that pointer is valid or not (suggested by Daniel)
- Drop patch to mark a kfunc parameter with the __maybe_null suffix
- Improve documentation of kfuncs
- Introduce bpf_lookup_system_key() to obtain a key pointer suitable for
verify_pkcs7_signature() (suggested by Daniel)
- Use the new kfunc registration API
- Drop patch to test the __maybe_null suffix
- Add tests for bpf_lookup_system_key()
v7:
- Add support for using dynamic and NULL pointers in kfunc (suggested by
Alexei)
- Add new kfunc-related tests
v6:
- Switch back to key lookup helpers + signature verification (until v5),
and defer permission check from bpf_lookup_user_key() to
bpf_verify_pkcs7_signature()
- Add additional key lookup test to illustrate the usage of the
KEY_LOOKUP_CREATE flag and validate the flags (suggested by Daniel)
- Make description of flags of bpf_lookup_user_key() more user-friendly
(suggested by Daniel)
- Fix validation of flags parameter in bpf_lookup_user_key() (reported by
Daniel)
- Rename bpf_verify_pkcs7_signature() keyring-related parameters to
user_keyring and system_keyring to make their purpose more clear
- Accept keyring-related parameters of bpf_verify_pkcs7_signature() as
alternatives (suggested by KP)
- Replace unsigned long type with u64 in helper declaration (suggested by
Daniel)
- Extend the bpf_verify_pkcs7_signature() test by calling the helper
without data, by ensuring that the helper enforces the keyring-related
parameters as alternatives, by ensuring that the helper rejects
inaccessible and expired keyrings, and by checking all system keyrings
- Move bpf_lookup_user_key() and bpf_key_put() usage tests to
ref_tracking.c (suggested by John)
- Call bpf_lookup_user_key() and bpf_key_put() only in sleepable programs
v5:
- Move KEY_LOOKUP_ to include/linux/key.h
for validation of bpf_verify_pkcs7_signature() parameter
- Remove bpf_lookup_user_key() and bpf_key_put() helpers, and the
corresponding tests
- Replace struct key parameter of bpf_verify_pkcs7_signature() with the
keyring serial and lookup flags
- Call lookup_user_key() and key_put() in bpf_verify_pkcs7_signature()
code, to ensure that the retrieved key is used according to the
permission requested at lookup time
- Clarified keyring precedence in the description of
bpf_verify_pkcs7_signature() (suggested by John)
- Remove newline in the second argument of ASSERT_
- Fix helper prototype regular expression in bpf_doc.py
v4:
- Remove bpf_request_key_by_id(), don't return an invalid pointer that
other helpers can use
- Pass the keyring ID (without ULONG_MAX, suggested by Alexei) to
bpf_verify_pkcs7_signature()
- Introduce bpf_lookup_user_key() and bpf_key_put() helpers (suggested by
Alexei)
- Add lookup_key_norelease test, to ensure that the verifier blocks eBPF
programs which don't decrement the key reference count
- Parse raw PKCS#7 signature instead of module-style signature in the
verify_pkcs7_signature test (suggested by Alexei)
- Parse kernel module in user space and pass raw PKCS#7 signature to the
eBPF program for signature verification
v3:
- Rename bpf_verify_signature() back to bpf_verify_pkcs7_signature() to
avoid managing different parameters for each signature verification
function in one helper (suggested by Daniel)
- Use dynamic pointers and export bpf_dynptr_get_size() (suggested by
Alexei)
- Introduce bpf_request_key_by_id() to give more flexibility to the caller
of bpf_verify_pkcs7_signature() to retrieve the appropriate keyring
(suggested by Alexei)
- Fix test by reordering the gcc command line, always compile sign-file
- Improve helper support check mechanism in the test
v2:
- Rename bpf_verify_pkcs7_signature() to a more generic
bpf_verify_signature() and pass the signature type (suggested by KP)
- Move the helper and prototype declaration under #ifdef so that user
space can probe for support for the helper (suggested by Daniel)
- Describe better the keyring types (suggested by Daniel)
- Include linux/bpf.h instead of vmlinux.h to avoid implicit or
redeclaration
- Make the test selfcontained (suggested by Alexei)
v1:
- Don't define new map flag but introduce simple wrapper of
verify_pkcs7_signature() (suggested by Alexei and KP)
KP Singh (1):
bpf: Allow kfuncs to be used in LSM programs
Roberto Sassu (11):
bpf: Move dynptr type check to is_dynptr_type_expected()
btf: Allow dynamic pointer parameters in kfuncs
bpf: Export bpf_dynptr_get_size()
KEYS: Move KEY_LOOKUP_ to include/linux/key.h and define
KEY_LOOKUP_ALL
bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs
bpf: Add bpf_verify_pkcs7_signature() kfunc
selftests/bpf: Compile kernel with everything as built-in
selftests/bpf: Add verifier tests for bpf_lookup_*_key() and
bpf_key_put()
selftests/bpf: Add additional tests for bpf_lookup_*_key()
selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc
selftests/bpf: Add tests for dynamic pointers parameters in kfuncs
include/linux/bpf.h | 9 +
include/linux/bpf_verifier.h | 5 +
include/linux/btf.h | 9 +
include/linux/key.h | 6 +
include/linux/verification.h | 8 +
kernel/bpf/btf.c | 34 ++
kernel/bpf/helpers.c | 2 +-
kernel/bpf/verifier.c | 35 +-
kernel/trace/bpf_trace.c | 180 ++++++++
security/keys/internal.h | 2 -
tools/testing/selftests/bpf/DENYLIST.s390x | 3 +
tools/testing/selftests/bpf/Makefile | 14 +-
tools/testing/selftests/bpf/config | 32 +-
tools/testing/selftests/bpf/config.x86_64 | 7 +-
.../testing/selftests/bpf/prog_tests/dynptr.c | 2 +-
.../bpf/prog_tests/kfunc_dynptr_param.c | 164 +++++++
.../selftests/bpf/prog_tests/lookup_key.c | 112 +++++
.../bpf/prog_tests/verify_pkcs7_sig.c | 399 ++++++++++++++++++
.../bpf/progs/test_kfunc_dynptr_param.c | 99 +++++
.../selftests/bpf/progs/test_lookup_key.c | 46 ++
.../bpf/progs/test_verify_pkcs7_sig.c | 100 +++++
tools/testing/selftests/bpf/test_verifier.c | 3 +-
.../selftests/bpf/verifier/ref_tracking.c | 139 ++++++
.../testing/selftests/bpf/verify_sig_setup.sh | 104 +++++
24 files changed, 1479 insertions(+), 35 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/kfunc_dynptr_param.c
create mode 100644 tools/testing/selftests/bpf/prog_tests/lookup_key.c
create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
create mode 100644 tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
create mode 100644 tools/testing/selftests/bpf/progs/test_lookup_key.c
create mode 100644 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
create mode 100755 tools/testing/selftests/bpf/verify_sig_setup.sh
--
2.25.1
The following output can bee seen when the test is executed:
test_flush_context (tpm2_tests.SpaceTest) ... \
/usr/lib64/python3.6/unittest/case.py:605: ResourceWarning: \
unclosed file <_io.FileIO name='/dev/tpmrm0' mode='rb+' closefd=True>
An instance of Client does not implicitly close /dev/tpm* handle, once it
gets destroyed. Close the file handle in the class destructor
Client.__del__().
Fixes: 6ea3dfe1e0732 ("selftests: add TPM 2.0 tests")
Cc: Shuah Khan <shuah(a)kernel.org>
Cc: linux-kselftest(a)vger.kernel.org
Cc: Jarkko Sakkinen <jarkko(a)kernel.org>
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
tools/testing/selftests/tpm2/tpm2.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/testing/selftests/tpm2/tpm2.py b/tools/testing/selftests/tpm2/tpm2.py
index 057a4f49c79d..c7363c6764fc 100644
--- a/tools/testing/selftests/tpm2/tpm2.py
+++ b/tools/testing/selftests/tpm2/tpm2.py
@@ -371,6 +371,10 @@ class Client:
fcntl.fcntl(self.tpm, fcntl.F_SETFL, flags)
self.tpm_poll = select.poll()
+ def __del__(self):
+ if self.tpm:
+ self.tpm.close()
+
def close(self):
self.tpm.close()
--
2.36.1
The walk implementation of most qdisc class modules is basically the
same. That is, the values of count and skip are checked first. If
count is greater than or equal to skip, the registered fn function is
executed. Otherwise, increase the value of count. So we can reconstruct
them.
Signed-off-by: Zhengchao Shao <shaozhengchao(a)huawei.com>
---
include/net/pkt_sched.h | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/include/net/pkt_sched.h b/include/net/pkt_sched.h
index 29f65632ebc5..2ff80cd04c5c 100644
--- a/include/net/pkt_sched.h
+++ b/include/net/pkt_sched.h
@@ -222,4 +222,17 @@ static inline struct tc_skb_cb *tc_skb_cb(const struct sk_buff *skb)
return cb;
}
+static inline bool tc_qdisc_stats_dump(struct Qdisc *sch,
+ unsigned long cl,
+ struct qdisc_walker *arg)
+{
+ if (arg->count >= arg->skip && arg->fn(sch, cl, arg) < 0) {
+ arg->stop = 1;
+ return false;
+ }
+
+ arg->count++;
+ return true;
+}
+
#endif
--
2.17.1
Currently, in order to compare memory blocks in KUnit, the KUNIT_EXPECT_EQ or
KUNIT_EXPECT_FALSE macros are used in conjunction with the memcmp function,
such as:
KUNIT_EXPECT_EQ(test, memcmp(foo, bar, size), 0);
Although this usage produces correct results for the test cases, if the
expectation fails the error message is not very helpful, indicating only the
return of the memcmp function.
Therefore, create a new set of macros KUNIT_EXPECT_MEMEQ and
KUNIT_EXPECT_MEMNEQ that compare memory blocks until a determined size. In
case of expectation failure, those macros print the hex dump of the memory
blocks, making it easier to debug test failures for memory blocks.
The v5 doesn't have any new change, just rebasing on top of drm-misc-next.
The first patch of the series introduces the KUNIT_EXPECT_MEMEQ and
KUNIT_EXPECT_MEMNEQ. The second patch adds an example of memory block
expectations on the kunit-example-test.c. And the last patch replaces the
KUNIT_EXPECT_EQ for KUNIT_EXPECT_MEMEQ on the existing occurrences.
Best Regards,
- Maíra Canal
v1 -> v2: https://lore.kernel.org/linux-kselftest/2a0dcd75-5461-5266-2749-808f638f4c5…
- Change "determinated" to "specified" (Daniel Latypov).
- Change the macro KUNIT_EXPECT_ARREQ to KUNIT_EXPECT_MEMEQ, in order to make
it easier for users to infer the right size unit (Daniel Latypov).
- Mark the different bytes on the failure message with a <> (Daniel Latypov).
- Replace a constant number of array elements for ARRAY_SIZE() (André Almeida).
- Rename "array" and "expected" variables to "array1" and "array2" (Daniel Latypov).
v2 -> v3: https://lore.kernel.org/linux-kselftest/20220802212621.420840-1-mairacanal@…
- Make the bytes aligned at output.
- Add KUNIT_SUBSUBTEST_INDENT to the output for the indentation (Daniel Latypov).
- Line up the trailing \ at macros using tabs (Daniel Latypov).
- Line up the params to the functions (Daniel Latypov).
- Change "Increament" to "Augment" (Daniel Latypov).
- Use sizeof() for array sizes (Daniel Latypov).
- Add Daniel Latypov's tags.
v3 -> v4: https://lore.kernel.org/linux-kselftest/CABVgOSm_59Yr82deQm2C=18jjSv_akmn66…
- Fix wrapped lines by the mail client (David Gow).
- Mention on documentation that KUNIT_EXPECT_MEMEQ is not recommended for
structured data (David Gow).
- Add Muhammad Usama Anjum's tag.
v4 -> v5: https://lore.kernel.org/linux-kselftest/20220808125237.277126-1-mairacanal@…
- Rebase on top of drm-misc-next.
- Add David Gow's tags.
Maíra Canal (3):
kunit: Introduce KUNIT_EXPECT_MEMEQ and KUNIT_EXPECT_MEMNEQ macros
kunit: Add KUnit memory block assertions to the
example_all_expect_macros_test
kunit: Use KUNIT_EXPECT_MEMEQ macro
.../gpu/drm/tests/drm_format_helper_test.c | 6 +-
include/kunit/assert.h | 34 ++++++++
include/kunit/test.h | 84 +++++++++++++++++++
lib/kunit/assert.c | 56 +++++++++++++
lib/kunit/kunit-example-test.c | 7 ++
net/core/dev_addr_lists_test.c | 4 +-
6 files changed, 186 insertions(+), 5 deletions(-)
--
2.37.3
The walk implementation of most tc cls modules is basically the same.
That is, the values of count and skip are checked first. If count is
greater than or equal to skip, the registered fn function is executed.
Otherwise, increase the value of count. So the code can be refactored.
Then use helper function to replace the code of each cls module in
alphabetical order.
The walk function is invoked during dump. Therefore, test cases related
to the tdc filter need to be added.
Last, thanks to Jamal, Victor and Wang for their review.
Add test cases locally and perform the test. The test results are listed
below:
./tdc.py -e 0811
ok 1 0811 - Add multiple basic filter with cmp ematch u8/link layer and
default action and dump them
./tdc.py -e 5129
ok 1 5129 - List basic filters
./tdc.py -c bpf-filter
ok 1 23c3 - Add cBPF filter with valid bytecode
ok 2 1563 - Add cBPF filter with invalid bytecode
ok 3 2334 - Add eBPF filter with valid object-file
ok 4 2373 - Add eBPF filter with invalid object-file
ok 5 4423 - Replace cBPF bytecode
ok 6 5122 - Delete cBPF filter
ok 7 e0a9 - List cBPF filters
./tdc.py -c cgroup
ok 1 6273 - Add cgroup filter with cmp ematch u8/link layer and drop
action
ok 2 4721 - Add cgroup filter with cmp ematch u8/link layer with trans
flag and pass action
ok 3 d392 - Add cgroup filter with cmp ematch u16/link layer and pipe
action
ok 4 0234 - Add cgroup filter with cmp ematch u32/link layer and miltiple
actions
ok 5 8499 - Add cgroup filter with cmp ematch u8/network layer and pass
action
ok 6 b273 - Add cgroup filter with cmp ematch u8/network layer with trans
flag and drop action
ok 7 1934 - Add cgroup filter with cmp ematch u16/network layer and pipe
action
ok 8 2733 - Add cgroup filter with cmp ematch u32/network layer and
miltiple actions
ok 9 3271 - Add cgroup filter with NOT cmp ematch rule and pass action
ok 10 2362 - Add cgroup filter with two ANDed cmp ematch rules and single
action
ok 11 9993 - Add cgroup filter with two ORed cmp ematch rules and single
action
ok 12 2331 - Add cgroup filter with two ANDed cmp ematch rules and one
ORed ematch rule and single action
ok 13 3645 - Add cgroup filter with two ANDed cmp ematch rules and one
NOT ORed ematch rule and single action
ok 14 b124 - Add cgroup filter with u32 ematch u8/zero offset and drop
action
ok 15 7381 - Add cgroup filter with u32 ematch u8/zero offset and invalid
value >0xFF
ok 16 2231 - Add cgroup filter with u32 ematch u8/positive offset and
drop action
ok 17 1882 - Add cgroup filter with u32 ematch u8/invalid mask >0xFF
ok 18 1237 - Add cgroup filter with u32 ematch u8/missing offset
ok 19 3812 - Add cgroup filter with u32 ematch u8/missing AT keyword
ok 20 1112 - Add cgroup filter with u32 ematch u8/missing value
ok 21 3241 - Add cgroup filter with u32 ematch u8/non-numeric value
ok 22 e231 - Add cgroup filter with u32 ematch u8/non-numeric mask
ok 23 4652 - Add cgroup filter with u32 ematch u8/negative offset and
pass action
ok 24 1331 - Add cgroup filter with u32 ematch u16/zero offset and pipe
action
ok 25 e354 - Add cgroup filter with u32 ematch u16/zero offset and
invalid value >0xFFFF
ok 26 3538 - Add cgroup filter with u32 ematch u16/positive offset and
drop action
ok 27 4576 - Add cgroup filter with u32 ematch u16/invalid mask >0xFFFF
ok 28 b842 - Add cgroup filter with u32 ematch u16/missing offset
ok 29 c924 - Add cgroup filter with u32 ematch u16/missing AT keyword
ok 30 cc93 - Add cgroup filter with u32 ematch u16/missing value
ok 31 123c - Add cgroup filter with u32 ematch u16/non-numeric value
ok 32 3675 - Add cgroup filter with u32 ematch u16/non-numeric mask
ok 33 1123 - Add cgroup filter with u32 ematch u16/negative offset and
drop action
ok 34 4234 - Add cgroup filter with u32 ematch u16/nexthdr+ offset and
pass action
ok 35 e912 - Add cgroup filter with u32 ematch u32/zero offset and pipe
action
ok 36 1435 - Add cgroup filter with u32 ematch u32/positive offset and
drop action
ok 37 1282 - Add cgroup filter with u32 ematch u32/missing offset
ok 38 6456 - Add cgroup filter with u32 ematch u32/missing AT keyword
ok 39 4231 - Add cgroup filter with u32 ematch u32/missing value
ok 40 2131 - Add cgroup filter with u32 ematch u32/non-numeric value
ok 41 f125 - Add cgroup filter with u32 ematch u32/non-numeric mask
ok 42 4316 - Add cgroup filter with u32 ematch u32/negative offset and
drop action
ok 43 23ae - Add cgroup filter with u32 ematch u32/nexthdr+ offset and
pipe action
ok 44 23a1 - Add cgroup filter with canid ematch and single SFF
ok 45 324f - Add cgroup filter with canid ematch and single SFF with mask
ok 46 2576 - Add cgroup filter with canid ematch and multiple SFF
ok 47 4839 - Add cgroup filter with canid ematch and multiple SFF with
masks
ok 48 6713 - Add cgroup filter with canid ematch and single EFF
ok 49 4572 - Add cgroup filter with canid ematch and single EFF with mask
ok 50 8031 - Add cgroup filter with canid ematch and multiple EFF
ok 51 ab9d - Add cgroup filter with canid ematch and multiple EFF with
masks
ok 52 5349 - Add cgroup filter with canid ematch and a combination of
SFF/EFF
ok 53 c934 - Add cgroup filter with canid ematch and a combination of
SFF/EFF with masks
ok 54 4319 - Replace cgroup filter with diffferent match
ok 55 4636 - Detele cgroup filter
./tdc.py -c flow
ok 1 5294 - Add flow filter with map key and ops
ok 2 3514 - Add flow filter with map key or ops
ok 3 7534 - Add flow filter with map key xor ops
ok 4 4524 - Add flow filter with map key rshift ops
ok 5 0230 - Add flow filter with map key addend ops
ok 6 2344 - Add flow filter with src map key
ok 7 9304 - Add flow filter with proto map key
ok 8 9038 - Add flow filter with proto-src map key
ok 9 2a03 - Add flow filter with proto-dst map key
ok 10 a073 - Add flow filter with iif map key
ok 11 3b20 - Add flow filter with priority map key
ok 12 8945 - Add flow filter with mark map key
ok 13 c034 - Add flow filter with nfct map key
ok 14 0205 - Add flow filter with nfct-src map key
ok 15 5315 - Add flow filter with nfct-src map key
ok 16 7849 - Add flow filter with nfct-proto-src map key
ok 17 9902 - Add flow filter with nfct-proto-dst map key
ok 18 6742 - Add flow filter with rt-classid map key
ok 19 5432 - Add flow filter with sk-uid map key
ok 20 4234 - Add flow filter with sk-gid map key
ok 21 4522 - Add flow filter with vlan-tag map key
ok 22 4253 - Add flow filter with rxhash map key
ok 23 4452 - Add flow filter with hash key list
ok 24 4341 - Add flow filter with muliple ops
ok 25 4392 - List flow filters
ok 26 4322 - Change flow filter with map key num
ok 27 2320 - Replace flow filter with map key num
ok 28 3213 - Delete flow filter with map key num
./tdc.py -c route
ok 1 e122 - Add route filter with from and to tag
ok 2 6573 - Add route filter with fromif and to tag
ok 3 1362 - Add route filter with to flag and reclassify action
ok 4 4720 - Add route filter with from flag and continue actions
ok 5 2812 - Add route filter with form tag and pipe action
ok 6 7994 - Add route filter with miltiple actions
ok 7 4312 - List route filters
ok 8 2634 - Delete route filter with pipe action
./tdc.py -c rsvp
ok 1 2141 - Add rsvp filter with tcp proto and specific IP address
ok 2 5267 - Add rsvp filter with udp proto and specific IP address
ok 3 2819 - Add rsvp filter with src ip and src port
ok 4 c967 - Add rsvp filter with tunnelid and continue action
ok 5 5463 - Add rsvp filter with tunnel and pipe action
ok 6 2332 - Add rsvp filter with miltiple actions
ok 7 8879 - Add rsvp filter with tunnel and skp flag
ok 8 8261 - List rsvp filters
ok 9 8989 - Delete rsvp filter
./tdc.py -c tcindex
ok 1 8293 - Add tcindex filter with default action
ok 2 7281 - Add tcindex filter with hash size and pass action
ok 3 b294 - Add tcindex filter with mask shift and reclassify action
ok 4 0532 - Add tcindex filter with pass_on and continue actions
ok 5 d473 - Add tcindex filter with pipe action
ok 6 2940 - Add tcindex filter with miltiple actions
ok 7 1893 - List tcindex filters
ok 8 2041 - Change tcindex filter with pass action
ok 9 9203 - Replace tcindex filter with pass action
ok 10 7957 - Delete tcindex filter with drop action
---
v4: rename tc_cls_stats_update to tc_cls_stats_dump and modify the
test case format alignment
v3: modify the test case format alignment
v2: rectify spelling error; The category name bpf in filters file
is renamed to bpf-filter
---
Zhengchao Shao (9):
net/sched: cls_api: add helper for tc cls walker stats dump
net/sched: use tc_cls_stats_dump() in filter
selftests/tc-testings: add selftests for bpf filter
selftests/tc-testings: add selftests for cgroup filter
selftests/tc-testings: add selftests for flow filter
selftests/tc-testings: add selftests for route filter
selftests/tc-testings: add selftests for rsvp filter
selftests/tc-testings: add selftests for tcindex filter
selftests/tc-testings: add list case for basic filter
include/net/pkt_cls.h | 13 +
net/sched/cls_basic.c | 9 +-
net/sched/cls_bpf.c | 8 +-
net/sched/cls_flow.c | 8 +-
net/sched/cls_fw.c | 9 +-
net/sched/cls_route.c | 9 +-
net/sched/cls_rsvp.h | 9 +-
net/sched/cls_tcindex.c | 18 +-
net/sched/cls_u32.c | 20 +-
.../tc-testing/tc-tests/filters/basic.json | 47 +
.../tc-testing/tc-tests/filters/bpf.json | 171 +++
.../tc-testing/tc-tests/filters/cgroup.json | 1236 +++++++++++++++++
.../tc-testing/tc-tests/filters/flow.json | 623 +++++++++
.../tc-testing/tc-tests/filters/route.json | 181 +++
.../tc-testing/tc-tests/filters/rsvp.json | 203 +++
.../tc-testing/tc-tests/filters/tcindex.json | 227 +++
16 files changed, 2716 insertions(+), 75 deletions(-)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/bpf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/cgroup.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/flow.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/route.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/rsvp.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/tcindex.json
--
2.17.1
The walk implementation of most qdisc class modules is basically the
same. That is, the values of count and skip are checked first. If
count is greater than or equal to skip, the registered fn function is
executed. Otherwise, increase the value of count. So we can reconstruct
them.
Signed-off-by: Zhengchao Shao <shaozhengchao(a)huawei.com>
---
include/net/pkt_sched.h | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/include/net/pkt_sched.h b/include/net/pkt_sched.h
index 29f65632ebc5..243e8b0cb7ea 100644
--- a/include/net/pkt_sched.h
+++ b/include/net/pkt_sched.h
@@ -222,4 +222,17 @@ static inline struct tc_skb_cb *tc_skb_cb(const struct sk_buff *skb)
return cb;
}
+static inline bool tc_qdisc_stats_dump(struct Qdisc *sch,
+ struct qdisc_walker *arg,
+ unsigned long cl)
+{
+ if (arg->count >= arg->skip && arg->fn(sch, cl, arg) < 0) {
+ arg->stop = 1;
+ return false;
+ }
+
+ arg->count++;
+ return true;
+}
+
#endif
--
2.17.1
Hi,
here comes the v10 of the HID-BPF series.
Again, for a full explanation of HID-BPF, please refer to the last patch
in this series (23/23).
Hopefully we are getting closer to merging the bpf-core changes that
are pre-requesite of the HID work.
This revision of the series focused on those bpf-core changes with
a hopefully proper way of fixing access to ctx pointers, and a few more
selftests to cover those changes.
Once those bpf changes are in, the HID changes are pretty much self
consistent, which is a good thing, but I still wonder how we are going
to merge the selftests. I'd rather have the selftests in the bpf tree to
prevent any regression on bpf-core changes, but that might require some
coordination between the HID and bpf trees.
Anyway, let's hope we are getting closer to the end of those revisions :)
Cheers,
Benjamin
Benjamin Tissoires (23):
selftests/bpf: regroup and declare similar kfuncs selftests in an
array
bpf: split btf_check_subprog_arg_match in two
bpf/verifier: allow all functions to read user provided context
selftests/bpf: add test for accessing ctx from syscall program type
bpf/btf: bump BTF_KFUNC_SET_MAX_CNT
bpf/verifier: allow kfunc to return an allocated mem
selftests/bpf: Add tests for kfunc returning a memory pointer
HID: core: store the unique system identifier in hid_device
HID: export hid_report_type to uapi
HID: convert defines of HID class requests into a proper enum
HID: Kconfig: split HID support and hid-core compilation
HID: initial BPF implementation
selftests/bpf: add tests for the HID-bpf initial implementation
HID: bpf: allocate data memory for device_event BPF programs
selftests/bpf/hid: add test to change the report size
HID: bpf: introduce hid_hw_request()
selftests/bpf: add tests for bpf_hid_hw_request
HID: bpf: allow to change the report descriptor
selftests/bpf: add report descriptor fixup tests
selftests/bpf: Add a test for BPF_F_INSERT_HEAD
samples/bpf: HID: add new hid_mouse example
samples/bpf: HID: add Surface Dial example
Documentation: add HID-BPF docs
Documentation/hid/hid-bpf.rst | 513 +++++++++
Documentation/hid/index.rst | 1 +
drivers/Makefile | 2 +-
drivers/hid/Kconfig | 20 +-
drivers/hid/Makefile | 2 +
drivers/hid/bpf/Kconfig | 17 +
drivers/hid/bpf/Makefile | 11 +
drivers/hid/bpf/entrypoints/Makefile | 93 ++
drivers/hid/bpf/entrypoints/README | 4 +
drivers/hid/bpf/entrypoints/entrypoints.bpf.c | 66 ++
.../hid/bpf/entrypoints/entrypoints.lskel.h | 682 ++++++++++++
drivers/hid/bpf/hid_bpf_dispatch.c | 526 ++++++++++
drivers/hid/bpf/hid_bpf_dispatch.h | 28 +
drivers/hid/bpf/hid_bpf_jmp_table.c | 577 ++++++++++
drivers/hid/hid-core.c | 49 +-
include/linux/bpf.h | 11 +-
include/linux/bpf_verifier.h | 2 +
include/linux/btf.h | 10 +
include/linux/hid.h | 38 +-
include/linux/hid_bpf.h | 148 +++
include/uapi/linux/hid.h | 26 +-
include/uapi/linux/hid_bpf.h | 25 +
kernel/bpf/btf.c | 149 ++-
kernel/bpf/verifier.c | 66 +-
net/bpf/test_run.c | 37 +
samples/bpf/.gitignore | 2 +
samples/bpf/Makefile | 27 +
samples/bpf/hid_mouse.bpf.c | 134 +++
samples/bpf/hid_mouse.c | 161 +++
samples/bpf/hid_surface_dial.bpf.c | 161 +++
samples/bpf/hid_surface_dial.c | 232 ++++
tools/include/uapi/linux/hid.h | 62 ++
tools/include/uapi/linux/hid_bpf.h | 25 +
tools/testing/selftests/bpf/Makefile | 2 +-
tools/testing/selftests/bpf/config | 3 +
tools/testing/selftests/bpf/prog_tests/hid.c | 990 ++++++++++++++++++
.../selftests/bpf/prog_tests/kfunc_call.c | 182 +++-
tools/testing/selftests/bpf/progs/hid.c | 206 ++++
.../selftests/bpf/progs/kfunc_call_fail.c | 160 +++
.../selftests/bpf/progs/kfunc_call_test.c | 71 ++
40 files changed, 5416 insertions(+), 105 deletions(-)
create mode 100644 Documentation/hid/hid-bpf.rst
create mode 100644 drivers/hid/bpf/Kconfig
create mode 100644 drivers/hid/bpf/Makefile
create mode 100644 drivers/hid/bpf/entrypoints/Makefile
create mode 100644 drivers/hid/bpf/entrypoints/README
create mode 100644 drivers/hid/bpf/entrypoints/entrypoints.bpf.c
create mode 100644 drivers/hid/bpf/entrypoints/entrypoints.lskel.h
create mode 100644 drivers/hid/bpf/hid_bpf_dispatch.c
create mode 100644 drivers/hid/bpf/hid_bpf_dispatch.h
create mode 100644 drivers/hid/bpf/hid_bpf_jmp_table.c
create mode 100644 include/linux/hid_bpf.h
create mode 100644 include/uapi/linux/hid_bpf.h
create mode 100644 samples/bpf/hid_mouse.bpf.c
create mode 100644 samples/bpf/hid_mouse.c
create mode 100644 samples/bpf/hid_surface_dial.bpf.c
create mode 100644 samples/bpf/hid_surface_dial.c
create mode 100644 tools/include/uapi/linux/hid.h
create mode 100644 tools/include/uapi/linux/hid_bpf.h
create mode 100644 tools/testing/selftests/bpf/prog_tests/hid.c
create mode 100644 tools/testing/selftests/bpf/progs/hid.c
create mode 100644 tools/testing/selftests/bpf/progs/kfunc_call_fail.c
--
2.36.1
The Segment Routing (SR) architecture is based on loose source routing.
A list of instructions, called segments, can be added to the packet headers to
influence the forwarding and processing of the packets in an SR enabled
network.
In SRv6 (Segment Routing over IPv6 data plane) [1], the segment identifiers
(SIDs) are IPv6 addresses (128 bits) and the segment list (SID List) is carried
in the Segment Routing Header (SRH). A segment may correspond to a "behavior"
that is executed by a node when the packet is received.
The Linux kernel currently supports a large subset of the behaviors described
in [2] (e.g., End, End.X, End.T and so on).
Some SRv6 scenarios (i.e.: traffic-engineering, fast-rerouting, VPN, mobile
network backhaul, etc.) may require a large number of segments (i.e. up to 15).
Therefore, reducing the size of the SID List is useful to minimize the impact
on MTU (Maximum Transfer Unit) and to enable SRv6 on legacy hardware devices
with limited processing power that can suffer from long IPv6 headers.
Draft-ietf-spring-srv6-srh-compression [3] extends the SRv6 architecture by
providing different mechanisms for the efficient representation (i.e.
compression) of the SID List.
The NEXT-C-SID mechanism described in [3] offers the possibility of encoding
several SRv6 segments within a single 128 bit SID address. Such a SID address
is called a Compressed SID Container. In this way, the length of the SID List
can be drastically reduced. In some cases, the SRH can be omitted, as the IPv6
Destination Address can carry the whole Segment List, using its compressed
representation.
The NEXT-C-SID mechanism relies on the "flavors" framework defined in [2].
The flavors represent additional operations that can modify or extend a subset
of the existing behaviors.
In this patchset we extend the SRv6 Subsystem in order to support the
NEXT-C-SID mechanism.
In details the patchset is made of:
- patch 1/3: add netlink_ext_ack support in parsing SRv6 behavior attributes;
- patch 2/3: add NEXT-C-SID support for SRv6 End behavior;
- patch 3/3: add selftest for NEXT-C-SID in SRv6 End behavior.
The corresponding iproute2 patch for supporting the NEXT-C-SID in SRv6 End
behavior is provided in a separated patchset.
Comments, improvements and suggestions are always appreciated.
Thank you all,
Andrea
[1] - https://datatracker.ietf.org/doc/html/rfc8754
[2] - https://datatracker.ietf.org/doc/html/rfc8986
[3] - https://datatracker.ietf.org/doc/html/draft-ietf-spring-srv6-srh-compression
v1 -> v2:
- rename misleading variable names and macros, using the suffix '_bits' instead
of '_len', e.g. 'lcblock_len'->'lcblock_bits';
- remove unnecessary cast operations;
- get rid of the 'yoda-style' syntax;
- fix check for default C-SID configuration at compilation time;
- add selftest for NEXT-C-SID in SRv6 End behavior.
Thanks to Paolo Abeni for reviewing v1.
Andrea Mayer (3):
seg6: add netlink_ext_ack support in parsing SRv6 behavior attributes
seg6: add NEXT-C-SID support for SRv6 End behavior
selftests: seg6: add selftest for NEXT-C-SID flavor in SRv6 End
behavior
include/uapi/linux/seg6_local.h | 24 +
net/ipv6/seg6_local.c | 379 +++++-
tools/testing/selftests/net/Makefile | 1 +
.../net/srv6_end_next_csid_l3vpn_test.sh | 1145 +++++++++++++++++
4 files changed, 1530 insertions(+), 19 deletions(-)
create mode 100755 tools/testing/selftests/net/srv6_end_next_csid_l3vpn_test.sh
--
2.20.1
Version 2 changes:
- fix `make install` in sub-directories with TARGETS, but with no
TEST_LIST defined, i.e. selftests/net directory
(reported-by: kernel test robot <yujie.liu(a)intel.com>)
- vfork_exec selftest is about to be reverted, don't add .gitignore entry
From [1]:
> Please look into a wayto invoke all of them instead of adding individual
> net/* to the main Makefile. This list seems to be growing. :)
I might have misunderstood what was suggested... Here is an attempt to
let sub-selftests define their own $(TARGETS) directories.
[1]: https://lore.kernel.org/all/aa0143bc-b0d1-69fb-c117-1e7241f0ad89@linuxfound…
Version 1: https://lore.kernel.org/all/20220905202108.89338-1-dima@arista.com/T/#u
Cc: Shuah Khan <shuah(a)kernel.org>
Cc: Dmitry Safonov <0x7f454c46(a)gmail.com>
Cc: linux-kernel(a)vger.kernel.org
Cc: linux-kselftest(a)vger.kernel.org
Dmitry Safonov (2):
selftests/Make: Recursively build TARGETS list
selftests/.gitignore: Add io_uring_zerocopy_tx
tools/testing/selftests/Makefile | 71 ++++----------------
tools/testing/selftests/drivers/Makefile | 7 ++
tools/testing/selftests/filesystems/Makefile | 4 ++
tools/testing/selftests/lib.mk | 60 ++++++++++++++++-
tools/testing/selftests/net/.gitignore | 1 +
tools/testing/selftests/net/Makefile | 4 ++
6 files changed, 87 insertions(+), 60 deletions(-)
create mode 100644 tools/testing/selftests/drivers/Makefile
base-commit: 521a547ced6477c54b4b0cc206000406c221b4d6
--
2.37.2
The walk implementation of most qdisc class modules is basically the
same. That is, the values of count and skip are checked first. If count
is greater than or equal to skip, the registered fn function is
executed. Otherwise, increase the value of count. So the code can be
refactored.
The walk function is invoked during dump. Therefore, test cases related
to the tdc filter need to be added.
Last, thanks to Victor for his review.
Add test cases locally and perform the test. The test results are listed
below:
./tdc.py -c cake
ok 1 1212 - Create CAKE with default setting
ok 2 3281 - Create CAKE with bandwidth limit
ok 3 c940 - Create CAKE with autorate-ingress flag
ok 4 2310 - Create CAKE with rtt time
ok 5 2385 - Create CAKE with besteffort flag
ok 6 a032 - Create CAKE with diffserv8 flag
ok 7 2349 - Create CAKE with diffserv4 flag
ok 8 8472 - Create CAKE with flowblind flag
ok 9 2341 - Create CAKE with dsthost and nat flag
ok 10 5134 - Create CAKE with wash flag
ok 11 2302 - Create CAKE with flowblind and no-split-gso flag
ok 12 0768 - Create CAKE with dual-srchost and ack-filter flag
ok 13 0238 - Create CAKE with dual-dsthost and ack-filter-aggressive flag
ok 14 6572 - Create CAKE with memlimit and ptm flag
ok 15 2436 - Create CAKE with fwmark and atm flag
ok 16 3984 - Create CAKE with overhead and mpu
ok 17 5421 - Create CAKE with conservative and ingress flag
ok 18 6854 - Delete CAKE with conservative and ingress flag
ok 19 2342 - Replace CAKE with mpu
ok 20 2313 - Change CAKE with mpu
ok 21 4365 - Show CAKE class
./tdc.py -c cbq
ok 1 3460 - Create CBQ with default setting
ok 2 0592 - Create CBQ with mpu
ok 3 4684 - Create CBQ with valid cell num
ok 4 4345 - Create CBQ with invalid cell num
ok 5 4525 - Create CBQ with valid ewma
ok 6 6784 - Create CBQ with invalid ewma
ok 7 5468 - Delete CBQ with handle
ok 8 492a - Show CBQ class
./tdc.py -c cbs
ok 1 1820 - Create CBS with default setting
ok 2 1532 - Create CBS with hicredit setting
ok 3 2078 - Create CBS with locredit setting
ok 4 9271 - Create CBS with sendslope setting
ok 5 0482 - Create CBS with idleslope setting
ok 6 e8f3 - Create CBS with multiple setting
ok 7 23c9 - Replace CBS with sendslope setting
ok 8 a07a - Change CBS with idleslope setting
ok 9 43b3 - Delete CBS with handle
ok 10 9472 - Show CBS class
./tdc.py -c drr
ok 1 0385 - Create DRR with default setting
ok 2 2375 - Delete DRR with handle
ok 3 3092 - Show DRR class
./tdc.py -c dsmark
ok 1 6345 - Create DSMARK with default setting
ok 2 3462 - Create DSMARK with default_index setting
ok 3 ca95 - Create DSMARK with set_tc_index flag
ok 4 a950 - Create DSMARK with multiple setting
ok 5 4092 - Delete DSMARK with handle
ok 6 5930 - Show DSMARK class
./tdc.py -c fq_codel
ok 1 4957 - Create FQ_CODEL with default setting
ok 2 7621 - Create FQ_CODEL with limit setting
ok 3 6871 - Create FQ_CODEL with memory_limit setting
ok 4 5636 - Create FQ_CODEL with target setting
ok 5 630a - Create FQ_CODEL with interval setting
ok 6 4324 - Create FQ_CODEL with quantum setting
ok 7 b190 - Create FQ_CODEL with noecn flag
ok 8 5381 - Create FQ_CODEL with ce_threshold setting
ok 9 c9d2 - Create FQ_CODEL with drop_batch setting
ok 10 523b - Create FQ_CODEL with multiple setting
ok 11 9283 - Replace FQ_CODEL with noecn setting
ok 12 3459 - Change FQ_CODEL with limit setting
ok 13 0128 - Delete FQ_CODEL with handle
ok 14 0435 - Show FQ_CODEL class
./tdc.py -c hfsc
ok 1 3254 - Create HFSC with default setting
ok 2 0289 - Create HFSC with class sc and ul rate setting
ok 3 846a - Create HFSC with class sc umax and dmax setting
ok 4 5413 - Create HFSC with class rt and ls rate setting
ok 5 9312 - Create HFSC with class rt umax and dmax setting
ok 6 6931 - Delete HFSC with handle
ok 7 8436 - Show HFSC class
./tdc.py -c htb
ok 1 0904 - Create HTB with default setting
ok 2 3906 - Create HTB with default-N setting
ok 3 8492 - Create HTB with r2q setting
ok 4 9502 - Create HTB with direct_qlen setting
ok 5 b924 - Create HTB with class rate and burst setting
ok 6 4359 - Create HTB with class mpu setting
ok 7 9048 - Create HTB with class prio setting
ok 8 4994 - Create HTB with class ceil setting
ok 9 9523 - Create HTB with class cburst setting
ok 10 5353 - Create HTB with class mtu setting
ok 11 346a - Create HTB with class quantum setting
ok 12 303a - Delete HTB with handle
./tdc.py -c mqprio
ok 1 9903 - Add mqprio Qdisc to multi-queue device (8 queues)
ok 2 453a - Delete nonexistent mqprio Qdisc
ok 3 5292 - Delete mqprio Qdisc twice
ok 4 45a9 - Add mqprio Qdisc to single-queue device
ok 5 2ba9 - Show mqprio class
./tdc.py -c multiq
ok 1 20ba - Add multiq Qdisc to multi-queue device (8 queues)
ok 2 4301 - List multiq Class
ok 3 7832 - Delete nonexistent multiq Qdisc
ok 4 2891 - Delete multiq Qdisc twice
ok 5 1329 - Add multiq Qdisc to single-queue device
./tdc.py -c netem
ok 1 cb28 - Create NETEM with default setting
ok 2 a089 - Create NETEM with limit flag
ok 3 3449 - Create NETEM with delay time
ok 4 3782 - Create NETEM with distribution and corrupt flag
ok 5 2b82 - Create NETEM with distribution and duplicate flag
ok 6 a932 - Create NETEM with distribution and loss flag
ok 7 e01a - Create NETEM with distribution and loss state flag
ok 8 ba29 - Create NETEM with loss gemodel flag
ok 9 0492 - Create NETEM with reorder flag
ok 10 7862 - Create NETEM with rate limit
ok 11 7235 - Create NETEM with multiple slot rate
ok 12 5439 - Create NETEM with multiple slot setting
ok 13 5029 - Change NETEM with loss state
ok 14 3785 - Replace NETEM with delay time
ok 15 4502 - Delete NETEM with handle
ok 16 0785 - Show NETEM class
./tdc.py -c qfq
ok 1 0582 - Create QFQ with default setting
ok 2 c9a3 - Create QFQ with class weight setting
ok 3 8452 - Create QFQ with class maxpkt setting
ok 4 d920 - Create QFQ with multiple class setting
ok 5 0548 - Delete QFQ with handle
ok 6 5901 - Show QFQ class
./tdc.py -e 0521
ok 1 0521 - Show ingress class
./tdc.py -e 1023
ok 1 1023 - Show mq class
./tdc.py -e 2410
ok 1 2410 - Show prio class
./tdc.py -e 290a
ok 1 290a - Show RED class
Zhengchao Shao (18):
net/sched: sch_api: add helper for tc qdisc walker stats dump
net/sched: use tc_qdisc_stats_dump() in qdisc
selftests/tc-testings: add selftests for cake qdisc
selftests/tc-testings: add selftests for cbq qdisc
selftests/tc-testings: add selftests for cbs qdisc
selftests/tc-testings: add selftests for drr qdisc
selftests/tc-testings: add selftests for dsmark qdisc
selftests/tc-testings: add selftests for fq_codel qdisc
selftests/tc-testings: add selftests for hfsc qdisc
selftests/tc-testings: add selftests for htb qdisc
selftests/tc-testings: add selftests for mqprio qdisc
selftests/tc-testings: add selftests for multiq qdisc
selftests/tc-testings: add selftests for netem qdisc
selftests/tc-testings: add selftests for qfq qdisc
selftests/tc-testings: add show class case for ingress qdisc
selftests/tc-testings: add show class case for mq qdisc
selftests/tc-testings: add show class case for prio qdisc
selftests/tc-testings: add show class case for red qdisc
include/net/pkt_sched.h | 13 +
net/sched/sch_atm.c | 6 +-
net/sched/sch_cake.c | 9 +-
net/sched/sch_cbq.c | 9 +-
net/sched/sch_cbs.c | 8 +-
net/sched/sch_drr.c | 9 +-
net/sched/sch_dsmark.c | 14 +-
net/sched/sch_ets.c | 9 +-
net/sched/sch_fq_codel.c | 8 +-
net/sched/sch_hfsc.c | 9 +-
net/sched/sch_htb.c | 9 +-
net/sched/sch_mq.c | 5 +-
net/sched/sch_mqprio.c | 5 +-
net/sched/sch_multiq.c | 9 +-
net/sched/sch_netem.c | 8 +-
net/sched/sch_prio.c | 9 +-
net/sched/sch_qfq.c | 9 +-
net/sched/sch_red.c | 7 +-
net/sched/sch_sfb.c | 7 +-
net/sched/sch_sfq.c | 8 +-
net/sched/sch_skbprio.c | 9 +-
net/sched/sch_taprio.c | 5 +-
net/sched/sch_tbf.c | 7 +-
.../tc-testing/tc-tests/qdiscs/cake.json | 487 ++++++++++++++++++
.../tc-testing/tc-tests/qdiscs/cbq.json | 184 +++++++
.../tc-testing/tc-tests/qdiscs/cbs.json | 234 +++++++++
.../tc-testing/tc-tests/qdiscs/drr.json | 71 +++
.../tc-testing/tc-tests/qdiscs/dsmark.json | 140 +++++
.../tc-testing/tc-tests/qdiscs/fq_codel.json | 326 ++++++++++++
.../tc-testing/tc-tests/qdiscs/hfsc.json | 167 ++++++
.../tc-testing/tc-tests/qdiscs/htb.json | 285 ++++++++++
.../tc-testing/tc-tests/qdiscs/ingress.json | 20 +
.../tc-testing/tc-tests/qdiscs/mq.json | 24 +-
.../tc-testing/tc-tests/qdiscs/mqprio.json | 114 ++++
.../tc-testing/tc-tests/qdiscs/multiq.json | 114 ++++
.../tc-testing/tc-tests/qdiscs/netem.json | 372 +++++++++++++
.../tc-testing/tc-tests/qdiscs/prio.json | 20 +
.../tc-testing/tc-tests/qdiscs/qfq.json | 145 ++++++
.../tc-testing/tc-tests/qdiscs/red.json | 23 +
39 files changed, 2769 insertions(+), 148 deletions(-)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/cake.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/cbq.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/cbs.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/drr.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/dsmark.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/fq_codel.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/hfsc.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/htb.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/mqprio.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/multiq.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/netem.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/qfq.json
--
2.17.1
This series enables the ring-based dirty memory tracking for ARM64.
The feature has been available and enabled on x86 for a while. It
is beneficial when the number of dirty pages is small in a checkpointing
system or live migration scenario. More details can be found from
fb04a1eddb1a ("KVM: X86: Implement ring-based dirty memory tracking").
The generic part has been comprehensive, meaning there isn't too much
work, needed to extend it to ARM64.
- PATCH[1] introduces KVM_REQ_RING_SOFT_FULL for x86
- PATCH[2] enables the feature on ARM64
- PATCH[3-5] improves kvm/selftests/dirty_log_test
v1: https://lore.kernel.org/lkml/20220819005601.198436-1-gshan@redhat.com
Testing
=======
(1) kvm/selftests/dirty_log_test
(2) Live migration by QEMU
Changelog
=========
v2:
* Introduce KVM_REQ_RING_SOFT_FULL (Marc)
* Changelog improvement (Marc)
* Fix dirty_log_test without knowing host page size (Drew)
Gavin Shan (5):
KVM: x86: Introduce KVM_REQ_RING_SOFT_FULL
KVM: arm64: Enable ring-based dirty memory tracking
KVM: selftests: Use host page size to map ring buffer in
dirty_log_test
KVM: selftests: Clear dirty ring states between two modes in
dirty_log_test
KVM: selftests: Automate choosing dirty ring size in dirty_log_test
Documentation/virt/kvm/api.rst | 2 +-
arch/arm64/include/uapi/asm/kvm.h | 1 +
arch/arm64/kvm/Kconfig | 1 +
arch/arm64/kvm/arm.c | 8 +++
arch/x86/kvm/x86.c | 5 +-
include/linux/kvm_host.h | 1 +
tools/testing/selftests/kvm/dirty_log_test.c | 53 ++++++++++++++------
tools/testing/selftests/kvm/lib/kvm_util.c | 2 +-
virt/kvm/dirty_ring.c | 4 ++
9 files changed, 59 insertions(+), 18 deletions(-)
--
2.23.0
For this patchset, test cases of the qdisc modules are added to the
tc-testing test suite.
After a test case is added locally, the test result is as follows:
./tdc.py -c atm
ok 1 7628 - Create ATM with default setting
ok 2 390a - Delete ATM with valid handle
ok 3 32a0 - Show ATM class
ok 4 6310 - Dump ATM stats
./tdc.py -c choke
ok 1 8937 - Create CHOKE with default setting
ok 2 48c0 - Create CHOKE with min packet setting
ok 3 38c1 - Create CHOKE with max packet setting
ok 4 234a - Create CHOKE with ecn setting
ok 5 4380 - Create CHOKE with burst setting
ok 6 48c7 - Delete CHOKE with valid handle
ok 7 4398 - Replace CHOKE with min setting
ok 8 0301 - Change CHOKE with limit setting
./tdc.py -c codel
ok 1 983a - Create CODEL with default setting
ok 2 38aa - Create CODEL with limit packet setting
ok 3 9178 - Create CODEL with target setting
ok 4 78d1 - Create CODEL with interval setting
ok 5 238a - Create CODEL with ecn setting
ok 6 939c - Create CODEL with ce_threshold setting
ok 7 8380 - Delete CODEL with valid handle
ok 8 289c - Replace CODEL with limit setting
ok 9 0648 - Change CODEL with limit setting
./tdc.py -c etf
ok 1 34ba - Create ETF with default setting
ok 2 438f - Create ETF with delta nanos setting
ok 3 9041 - Create ETF with deadline_mode setting
ok 4 9a0c - Create ETF with skip_sock_check setting
ok 5 2093 - Delete ETF with valid handle
./tdc.py -c fq
ok 1 983b - Create FQ with default setting
ok 2 38a1 - Create FQ with limit packet setting
ok 3 0a18 - Create FQ with flow_limit setting
ok 4 2390 - Create FQ with quantum setting
ok 5 845b - Create FQ with initial_quantum setting
ok 6 9398 - Create FQ with maxrate setting
ok 7 342c - Create FQ with nopacing setting
ok 8 6391 - Create FQ with refill_delay setting
ok 9 238b - Create FQ with low_rate_threshold setting
ok 10 7582 - Create FQ with orphan_mask setting
ok 11 4894 - Create FQ with timer_slack setting
ok 12 324c - Create FQ with ce_threshold setting
ok 13 424a - Create FQ with horizon time setting
ok 14 89e1 - Create FQ with horizon_cap setting
ok 15 32e1 - Delete FQ with valid handle
ok 16 49b0 - Replace FQ with limit setting
ok 17 9478 - Change FQ with limit setting
./tdc.py -c gred
ok 1 8942 - Create GRED with default setting
ok 2 5783 - Create GRED with grio setting
ok 3 8a09 - Create GRED with limit setting
ok 4 48cb - Create GRED with ecn setting
ok 5 763a - Change GRED setting
ok 6 8309 - Show GRED class
./tdc.py -c hhf
ok 1 4812 - Create HHF with default setting
ok 2 8a92 - Create HHF with limit setting
ok 3 3491 - Create HHF with quantum setting
ok 4 ba04 - Create HHF with reset_timeout setting
ok 5 4238 - Create HHF with admit_bytes setting
ok 6 839f - Create HHF with evict_timeout setting
ok 7 a044 - Create HHF with non_hh_weight setting
ok 8 32f9 - Change HHF with limit setting
ok 9 385e - Show HHF class
./tdc.py -c pfifo_fast
ok 1 900c - Create pfifo_fast with default setting
ok 2 7470 - Dump pfifo_fast stats
ok 3 b974 - Replace pfifo_fast with different handle
ok 4 3240 - Delete pfifo_fast with valid handle
ok 5 4385 - Delete pfifo_fast with invalid handle
./tdc.py -c plug
ok 1 3289 - Create PLUG with default setting
ok 2 0917 - Create PLUG with block setting
ok 3 483b - Create PLUG with release setting
ok 4 4995 - Create PLUG with release_indefinite setting
ok 5 389c - Create PLUG with limit setting
ok 6 384a - Delete PLUG with valid handle
ok 7 439a - Replace PLUG with limit setting
ok 8 9831 - Change PLUG with limit setting
./tdc.py -c sfb
ok 1 3294 - Create SFB with default setting
ok 2 430a - Create SFB with rehash setting
ok 3 3410 - Create SFB with db setting
ok 4 49a0 - Create SFB with limit setting
ok 5 1241 - Create SFB with max setting
ok 6 3249 - Create SFB with target setting
ok 7 30a9 - Create SFB with increment setting
ok 8 239a - Create SFB with decrement setting
ok 9 9301 - Create SFB with penalty_rate setting
ok 10 2a01 - Create SFB with penalty_burst setting
ok 11 3209 - Change SFB with rehash setting
ok 12 5447 - Show SFB class
./tdc.py -c sfq
ok 1 7482 - Create SFQ with default setting
ok 2 c186 - Create SFQ with limit setting
ok 3 ae23 - Create SFQ with perturb setting
ok 4 a430 - Create SFQ with quantum setting
ok 5 4539 - Create SFQ with divisor setting
ok 6 b089 - Create SFQ with flows setting
ok 7 99a0 - Create SFQ with depth setting
ok 8 7389 - Create SFQ with headdrop setting
ok 9 6472 - Create SFQ with redflowlimit setting
ok 10 2a01 - Create SFB with penalty_burst setting
ok 11 3209 - Change SFB with rehash setting
ok 12 5447 - Show SFB class
./tdc.py -c sfq
ok 1 7482 - Create SFQ with default setting
ok 2 c186 - Create SFQ with limit setting
ok 3 ae23 - Create SFQ with perturb setting
ok 4 a430 - Create SFQ with quantum setting
ok 5 4539 - Create SFQ with divisor setting
ok 6 b089 - Create SFQ with flows setting
ok 7 99a0 - Create SFQ with depth setting
ok 8 7389 - Create SFQ with headdrop setting
ok 9 6472 - Create SFQ with redflowlimit setting
ok 10 8929 - Show SFQ class
./tdc.py -c skbprio
ok 1 283e - Create skbprio with default setting
ok 2 c086 - Create skbprio with limit setting
ok 3 6733 - Change skbprio with limit setting
ok 4 2958 - Show skbprio class
./tdc.py -c taprio
ok 1 ba39 - Add taprio Qdisc to multi-queue device (8 queues)
ok 2 9462 - Add taprio Qdisc with multiple sched-entry
ok 3 8d92 - Add taprio Qdisc with txtime-delay
ok 4 d092 - Delete taprio Qdisc with valid handle
ok 5 8471 - Show taprio class
ok 6 0a85 - Add taprio Qdisc to single-queue device
./tdc.py -c tbf
ok 1 6430 - Create TBF with default setting
ok 2 0518 - Create TBF with mtu setting
ok 3 320a - Create TBF with peakrate setting
ok 4 239b - Create TBF with latency setting
ok 5 c975 - Create TBF with overhead setting
ok 6 948c - Create TBF with linklayer setting
ok 7 3549 - Replace TBF with mtu
ok 8 f948 - Change TBF with latency time
ok 9 2348 - Show TBF class
./tdc.py -c teql
ok 1 84a0 - Create TEQL with default setting
ok 2 7734 - Create TEQL with multiple device
ok 3 34a9 - Delete TEQL with valid handle
ok 4 6289 - Show TEQL stats
Zhengchao Shao (15):
selftests/tc-testings: add selftests for atm qdisc
selftests/tc-testings: add selftests for choke qdisc
selftests/tc-testings: add selftests for codel qdisc
selftests/tc-testings: add selftests for etf qdisc
selftests/tc-testings: add selftests for fq qdisc
selftests/tc-testings: add selftests for gred qdisc
selftests/tc-testings: add selftests for hhf qdisc
selftests/tc-testings: add selftests for pfifo_fast qdisc
selftests/tc-testings: add selftests for plug qdisc
selftests/tc-testings: add selftests for sfb qdisc
selftests/tc-testings: add selftests for sfq qdisc
selftests/tc-testings: add selftests for skbprio qdisc
selftests/tc-testings: add selftests for taprio qdisc
selftests/tc-testings: add selftests for tbf qdisc
selftests/tc-testings: add selftests for teql qdisc
.../tc-testing/tc-tests/qdiscs/atm.json | 94 +++++
.../tc-testing/tc-tests/qdiscs/choke.json | 188 +++++++++
.../tc-testing/tc-tests/qdiscs/codel.json | 211 ++++++++++
.../tc-testing/tc-tests/qdiscs/etf.json | 117 ++++++
.../tc-testing/tc-tests/qdiscs/fq.json | 395 ++++++++++++++++++
.../tc-testing/tc-tests/qdiscs/gred.json | 164 ++++++++
.../tc-testing/tc-tests/qdiscs/hhf.json | 210 ++++++++++
.../tc-tests/qdiscs/pfifo_fast.json | 119 ++++++
.../tc-testing/tc-tests/qdiscs/plug.json | 188 +++++++++
.../tc-testing/tc-tests/qdiscs/sfb.json | 279 +++++++++++++
.../tc-testing/tc-tests/qdiscs/sfq.json | 232 ++++++++++
.../tc-testing/tc-tests/qdiscs/skbprio.json | 95 +++++
.../tc-testing/tc-tests/qdiscs/taprio.json | 135 ++++++
.../tc-testing/tc-tests/qdiscs/tbf.json | 211 ++++++++++
.../tc-testing/tc-tests/qdiscs/teql.json | 97 +++++
15 files changed, 2735 insertions(+)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/atm.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/choke.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/codel.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/etf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/fq.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/gred.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/hhf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/pfifo_fast.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/plug.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/sfb.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/sfq.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/skbprio.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/taprio.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/tbf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/teql.json
--
2.17.1
Hi!
>
> On 17.09.22 07:39, Akinobu Mita wrote:
> > 2022年9月15日(木) 18:01 Zhao Gongyi <zhaogongyi(a)huawei.com>:
> >>
> >> Fault injection uses debugfs in a way that the provided values via
> >> sysfs are interpreted as u64. Providing negative numbers results in
> >> an error:
> >>
> >> # cd sys/kernel/debug/notifier-error-inject/memory
> >> # echo -12 > actions/MEM_GOING_ONLINE/error
> >> -bash: echo: write error: Invalid argument
> >>
> >> Update the docs and examples to use "printf %#x <val>" in these cases.
> >
> > I'd rather fix the notifier-error-inject module than change the user
> interface.
> > I'll send a patch, so could you check if that solves the problem.
> >
>
> That will also make patch #2 unnecessary, correct?
Yes. But there is another commit 005747526d4f3c2ec995891e95cb7625161022f9 that has the same problem.
Thanks!
>
> --
> Thanks,
>
> David / dhildenb
The walk implementation of most qdisc class modules is basically the
same. That is, the values of count and skip are checked first. If count
is greater than or equal to skip, the registered fn function is
executed. Otherwise, increase the value of count. So the code can be
refactored.
The walk function is invoked during dump. Therefore, test cases related
to the tdc filter need to be added.
Add test cases locally and perform the test. The test results are listed
below:
./tdc.py -c cake
ok 1 1212 - Create CAKE with default setting
ok 2 3241 - Create CAKE with bandwidth limit
ok 3 c940 - Create CAKE with autorate-ingress flag
ok 4 2310 - Create CAKE with rtt time
ok 5 2385 - Create CAKE with besteffort flag
ok 6 a032 - Create CAKE with diffserv8 flag
ok 7 2349 - Create CAKE with diffserv4 flag
ok 8 8472 - Create CAKE with flowblind flag
ok 9 2341 - Create CAKE with dsthost and nat flag
ok 10 5134 - Create CAKE with wash flag
ok 11 2302 - Create CAKE with flowblind and no-split-gso flag
ok 12 0768 - Create CAKE with dual-srchost and ack-filter flag
ok 13 0238 - Create CAKE with dual-dsthost and ack-filter-aggressive flag
ok 14 6573 - Create CAKE with memlimit and ptm flag
ok 15 2436 - Create CAKE with fwmark and atm flag
ok 16 3984 - Create CAKE with overhead and mpu
ok 17 2342 - Create CAKE with conservative and ingress flag
ok 18 2313 - Change CAKE with mpu
ok 19 4365 - Show CAKE class
./tdc.py -c cbq
ok 1 3460 - Create CBQ with default setting
ok 2 0592 - Create CBQ with mpu
ok 3 4684 - Create CBQ with valid cell num
ok 4 4345 - Create CBQ with invalid cell num
ok 5 4525 - Create CBQ with valid ewma
ok 6 6784 - Create CBQ with invalid ewma
ok 7 5468 - Delete CBQ with handle
ok 8 492a - Show CBQ class
./tdc.py -c cbs
ok 1 1820 - Create CBS with default setting
ok 2 1532 - Create CBS with hicredit setting
ok 3 2078 - Create CBS with locredit setting
ok 4 0482 - Create CBS with sendslope setting
ok 5 e8f3 - Create CBS with multiple setting
ok 6 23c9 - Replace CBS with sendslope setting
ok 7 a07a - Change CBS with idleslope setting
ok 8 43b3 - Delete CBS with handle
ok 9 9472 - Show CBS class
./tdc.py -c drr
ok 1 0385 - Create DRR with default setting
ok 2 2375 - Delete DRR with handle
ok 3 3092 - Show DRR class
./tdc.py -c dsmark
ok 1 6345 - Create DSMARK with default setting
ok 2 3462 - Create DSMARK with default_index setting
ok 3 ca95 - Create DSMARK with set_tc_index flag
ok 4 a950 - Create DSMARK with multiple setting
ok 5 4092 - Delete DSMARK with handle
ok 6 5930 - Show DSMARK class
./tdc.py -c fq_codel
ok 1 4957 - Create FQ_CODEL with default setting
ok 2 7621 - Create FQ_CODEL with limit setting
ok 3 6872 - Create FQ_CODEL with memory_limit setting
ok 4 5636 - Create FQ_CODEL with target setting
ok 5 630a - Create FQ_CODEL with interval setting
ok 6 4324 - Create FQ_CODEL with quantum setting
ok 7 b190 - Create FQ_CODEL with noecn flag
ok 8 c9d2 - Create FQ_CODEL with ce_threshold setting
ok 9 523b - Create FQ_CODEL with multiple setting
ok 10 9283 - Replace FQ_CODEL with noecn setting
ok 11 3459 - Change FQ_CODEL with limit setting
ok 12 0128 - Delete FQ_CODEL with handle
ok 13 0435 - Show FQ_CODEL class
./tdc.py -c hfsc
ok 1 3254 - Create HFSC with default setting
ok 2 0289 - Create HFSC with class sc and ul rate setting
ok 3 846a - Create HFSC with class sc umax and dmax setting
ok 4 5413 - Create HFSC with class rt and ls rate setting
ok 5 9312 - Create HFSC with class rt umax and dmax setting
ok 6 6931 - Delete HFSC with handle
ok 7 8436 - Show HFSC class
./tdc.py -c htb
ok 1 0904 - Create HTB with default setting
ok 2 3906 - Create HTB with default-N setting
ok 3 8492 - Create HTB with r2q setting
ok 4 9502 - Create HTB with direct_qlen setting
ok 5 b924 - Create HTB with class rate and burst setting
ok 6 4359 - Create HTB with class mpu setting
ok 7 9048 - Create HTB with class prio setting
ok 8 4994 - Create HTB with class ceil setting
ok 9 9523 - Create HTB with class cburst setting
ok 10 5353 - Create HTB with class mtu setting
ok 11 346a - Create HTB with class quantum setting
ok 12 303a - Delete HTB with handle
./tdc.py -c mqprio
ok 1 9903 - Add mqprio Qdisc to multi-queue device (8 queues)
ok 2 453a - Delete nonexistent mqprio Qdisc
ok 3 5294 - Delete mqprio Qdisc twice
ok 4 45a9 - Add mqprio Qdisc to single-queue device
ok 5 2ba9 - Show mqprio class
./tdc.py -c multiq
ok 1 20ba - Add multiq Qdisc to multi-queue device (8 queues)
ok 2 9903 - List multiq Class
ok 3 7832 - Delete nonexistent multiq Qdisc
ok 4 2891 - Delete multiq Qdisc twice
ok 5 1329 - Add multiq Qdisc to single-queue device
./tdc.py -c netem
ok 1 cb28 - Create NETEM with default setting
ok 2 a089 - Create NETEM with limit flag
ok 3 3449 - Create NETEM with delay time
ok 4 3782 - Create NETEM with distribution and corrupt flag
ok 5 a932 - Create NETEM with distribution and duplicate flag
ok 6 e01a - Create NETEM with distribution and loss state flag
ok 7 ba29 - Create NETEM with loss gemodel flag
ok 8 0492 - Create NETEM with reorder flag
ok 9 7862 - Create NETEM with rate limit
ok 10 7235 - Create NETEM with multiple slot rate
ok 11 5439 - Create NETEM with multiple slot setting
ok 12 5029 - Change NETEM with loss state
ok 13 3785 - Replace NETEM with delay time
ok 14 4502 - Delete NETEM with handle
ok 15 0785 - Show NETEM class
./tdc.py -c qfq
ok 1 0582 - Create QFQ with default setting
ok 2 c9a3 - Create QFQ with class weight setting
ok 3 8452 - Create QFQ with class maxpkt setting
ok 4 d920 - Create QFQ with multiple class setting
ok 5 0548 - Delete QFQ with handle
ok 6 5901 - Show QFQ class
./tdc.py -e 0521
ok 1 0521 - Show ingress class
./tdc.py -e 1023
ok 1 1023 - Show mq class
./tdc.py -e 2410
ok 1 2410 - Show prio class
./tdc.py -e 290a
ok 1 290a - Show RED class
Zhengchao Shao (18):
net/sched: sch_api: add helper for tc qdisc walker stats dump
net/sched: use tc_qdisc_stats_dump() in qdisc
selftests/tc-testings: add selftests for cake qdisc
selftests/tc-testings: add selftests for cbq qdisc
selftests/tc-testings: add selftests for cbs qdisc
selftests/tc-testings: add selftests for drr qdisc
selftests/tc-testings: add selftests for dsmark qdisc
selftests/tc-testings: add selftests for fq_codel qdisc
selftests/tc-testings: add selftests for hfsc qdisc
selftests/tc-testings: add selftests for htb qdisc
selftests/tc-testings: add selftests for mqprio qdisc
selftests/tc-testings: add selftests for multiq qdisc
selftests/tc-testings: add selftests for netem qdisc
selftests/tc-testings: add selftests for qfq qdisc
selftests/tc-testings: add show class case for ingress qdisc
selftests/tc-testings: add show class case for mq qdisc
selftests/tc-testings: add show class case for prio qdisc
selftests/tc-testings: add show class case for red qdisc
include/net/pkt_sched.h | 13 +
net/sched/sch_atm.c | 6 +-
net/sched/sch_cake.c | 9 +-
net/sched/sch_cbq.c | 9 +-
net/sched/sch_cbs.c | 8 +-
net/sched/sch_drr.c | 9 +-
net/sched/sch_dsmark.c | 14 +-
net/sched/sch_ets.c | 9 +-
net/sched/sch_fq_codel.c | 8 +-
net/sched/sch_hfsc.c | 9 +-
net/sched/sch_htb.c | 9 +-
net/sched/sch_mq.c | 5 +-
net/sched/sch_mqprio.c | 5 +-
net/sched/sch_multiq.c | 9 +-
net/sched/sch_netem.c | 8 +-
net/sched/sch_prio.c | 9 +-
net/sched/sch_qfq.c | 9 +-
net/sched/sch_red.c | 7 +-
net/sched/sch_sfb.c | 7 +-
net/sched/sch_sfq.c | 8 +-
net/sched/sch_skbprio.c | 9 +-
net/sched/sch_taprio.c | 5 +-
net/sched/sch_tbf.c | 7 +-
.../tc-testing/tc-tests/qdiscs/cake.json | 488 ++++++++++++++++++
.../tc-testing/tc-tests/qdiscs/cbq.json | 184 +++++++
.../tc-testing/tc-tests/qdiscs/cbs.json | 234 +++++++++
.../tc-testing/tc-tests/qdiscs/drr.json | 71 +++
.../tc-testing/tc-tests/qdiscs/dsmark.json | 140 +++++
.../tc-testing/tc-tests/qdiscs/fq_codel.json | 326 ++++++++++++
.../tc-testing/tc-tests/qdiscs/hfsc.json | 167 ++++++
.../tc-testing/tc-tests/qdiscs/htb.json | 285 ++++++++++
.../tc-testing/tc-tests/qdiscs/ingress.json | 20 +
.../tc-testing/tc-tests/qdiscs/mq.json | 24 +-
.../tc-testing/tc-tests/qdiscs/mqprio.json | 114 ++++
.../tc-testing/tc-tests/qdiscs/multiq.json | 114 ++++
.../tc-testing/tc-tests/qdiscs/netem.json | 372 +++++++++++++
.../tc-testing/tc-tests/qdiscs/prio.json | 20 +
.../tc-testing/tc-tests/qdiscs/qfq.json | 145 ++++++
.../tc-testing/tc-tests/qdiscs/red.json | 23 +
39 files changed, 2770 insertions(+), 148 deletions(-)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/cake.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/cbq.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/cbs.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/drr.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/dsmark.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/fq_codel.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/hfsc.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/htb.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/mqprio.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/multiq.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/netem.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/qfq.json
--
2.17.1
This series fixes an output formatting issue then adds a bunch
more hwcaps to the hwcaps test. This includes the recently added
SVE EBF16 hwcap so this requires both for-next/kselftest and
for-next/sve.
Mark Brown (3):
kselftest/arm64: Add missing newline in hwcap output
kselftest/arm64: Add SVE 2 to the tested hwcaps
kselftest/arm64: Add hwcap test for RNG
tools/testing/selftests/arm64/abi/hwcap.c | 150 +++++++++++++++++++++-
1 file changed, 149 insertions(+), 1 deletion(-)
base-commit: daecb3077f330058d1c53de32d272bc23ff61a25
--
2.30.2
This series fixes similar problems in the bonding and team drivers.
Because of missing dev_{uc,mc}_unsync() calls, addresses added to
underlying devices may be leftover after the aggregated device is deleted.
Add the missing calls and a few related tests.
v2:
* fix selftest installation, see patch 3
v3:
* Split lacpdu_multicast changes to their own patch, #1
* In ndo_{add,del}_slave methods, only perform address list changes when
the aggregated device is up (patches 2 & 3)
* Add selftest function related to the above change (patch 4)
Benjamin Poirier (4):
net: bonding: Share lacpdu_mcast_addr definition
net: bonding: Unsync device addresses on ndo_stop
net: team: Unsync device addresses on ndo_stop
net: Add tests for bonding and team address list management
MAINTAINERS | 1 +
drivers/net/bonding/bond_3ad.c | 5 +-
drivers/net/bonding/bond_main.c | 57 +++++----
drivers/net/team/team.c | 24 +++-
include/net/bond_3ad.h | 2 -
include/net/bonding.h | 3 +
tools/testing/selftests/Makefile | 1 +
.../selftests/drivers/net/bonding/Makefile | 5 +-
.../selftests/drivers/net/bonding/config | 1 +
.../drivers/net/bonding/dev_addr_lists.sh | 109 ++++++++++++++++++
.../selftests/drivers/net/bonding/lag_lib.sh | 61 ++++++++++
.../selftests/drivers/net/team/Makefile | 6 +
.../testing/selftests/drivers/net/team/config | 3 +
.../drivers/net/team/dev_addr_lists.sh | 51 ++++++++
14 files changed, 297 insertions(+), 32 deletions(-)
create mode 100755 tools/testing/selftests/drivers/net/bonding/dev_addr_lists.sh
create mode 100644 tools/testing/selftests/drivers/net/bonding/lag_lib.sh
create mode 100644 tools/testing/selftests/drivers/net/team/Makefile
create mode 100644 tools/testing/selftests/drivers/net/team/config
create mode 100755 tools/testing/selftests/drivers/net/team/dev_addr_lists.sh
--
2.37.2
For this patchset, test cases of the ctinfo, gate, and xt action modules
are added to the tc-testing test suite. Also add deleting test for
connmark, ife, nat, sample and tunnel_key action modules.
After a test case is added locally, the test result is as follows:
./tdc.py -c action ctinfo
considering category action
considering category ctinfo
Test c826: Add ctinfo action with default setting
Test 0286: Add ctinfo action with dscp
Test 4938: Add ctinfo action with valid cpmark and zone
Test 7593: Add ctinfo action with drop control
Test 2961: Replace ctinfo action zone and action control
Test e567: Delete ctinfo action with valid index
Test 6a91: Delete ctinfo action with invalid index
Test 5232: List ctinfo actions
Test 7702: Flush ctinfo actions
Test 3201: Add ctinfo action with duplicate index
Test 8295: Add ctinfo action with invalid index
Test 3964: Replace ctinfo action with invalid goto_chain control
All test results:
1..12
ok 1 c826 - Add ctinfo action with default setting
ok 2 0286 - Add ctinfo action with dscp
ok 3 4938 - Add ctinfo action with valid cpmark and zone
ok 4 7593 - Add ctinfo action with drop control
ok 5 2961 - Replace ctinfo action zone and action control
ok 6 e567 - Delete ctinfo action with valid index
ok 7 6a91 - Delete ctinfo action with invalid index
ok 8 5232 - List ctinfo actions
ok 9 7702 - Flush ctinfo actions
ok 10 3201 - Add ctinfo action with duplicate index
ok 11 8295 - Add ctinfo action with invalid index
ok 12 3964 - Replace ctinfo action with invalid goto_chain control
./tdc.py -c action gate
considering category gate
considering category action
Test 5153: Add gate action with priority and sched-entry
Test 7189: Add gate action with base-time
Test a721: Add gate action with cycle-time
Test c029: Add gate action with cycle-time-ext
Test 3719: Replace gate base-time action
Test d821: Delete gate action with valid index
Test 3128: Delete gate action with invalid index
Test 7837: List gate actions
Test 9273: Flush gate actions
Test c829: Add gate action with duplicate index
Test 3043: Add gate action with invalid index
Test 2930: Add gate action with cookie
All test results:
1..12
ok 1 5153 - Add gate action with priority and sched-entry
ok 2 7189 - Add gate action with base-time
ok 3 a721 - Add gate action with cycle-time
ok 4 c029 - Add gate action with cycle-time-ext
ok 5 3719 - Replace gate base-time action
ok 6 d821 - Delete gate action with valid index
ok 7 3128 - Delete gate action with invalid index
ok 8 7837 - List gate actions
ok 9 9273 - Flush gate actions
ok 10 c829 - Add gate action with duplicate index
ok 11 3043 - Add gate action with invalid index
ok 12 2930 - Add gate action with cookie
./tdc.py -c action xt
considering category xt
considering category action
Test 2029: Add xt action with log-prefix
Test 3562: Replace xt action log-prefix
Test 8291: Delete xt action with valid index
Test 5169: Delete xt action with invalid index
Test 7284: List xt actions
Test 5010: Flush xt actions
Test 8437: Add xt action with duplicate index
Test 2837: Add xt action with invalid index
All test results:
1..8
ok 1 2029 - Add xt action with log-prefix
ok 2 3562 - Replace xt action log-prefix
ok 3 8291 - Delete xt action with valid index
ok 4 5169 - Delete xt action with invalid index
ok 5 7284 - List xt actions
ok 6 5010 - Flush xt actions
ok 7 8437 - Add xt action with duplicate index
ok 8 2837 - Add xt action with invalid index
./tdc.py -c action connmark
considering category action
considering category connmark
Test 2002: Add valid connmark action with defaults
Test 56a5: Add valid connmark action with control pass
Test 7c66: Add valid connmark action with control drop
Test a913: Add valid connmark action with control pipe
Test bdd8: Add valid connmark action with control reclassify
Test b8be: Add valid connmark action with control continue
Test d8a6: Add valid connmark action with control jump
Test aae8: Add valid connmark action with zone argument
Test 2f0b: Add valid connmark action with invalid zone argument
Test 9305: Add connmark action with unsupported argument
Test 71ca: Add valid connmark action and replace it
Test 5f8f: Add valid connmark action with cookie
Test c506: Replace connmark with invalid goto chain control
Test 6571: Delete connmark action with valid index
Test 3426: Delete connmark action with invalid index
All test results:
1..15
ok 1 2002 - Add valid connmark action with defaults
ok 2 56a5 - Add valid connmark action with control pass
ok 3 7c66 - Add valid connmark action with control drop
ok 4 a913 - Add valid connmark action with control pipe
ok 5 bdd8 - Add valid connmark action with control reclassify
ok 6 b8be - Add valid connmark action with control continue
ok 7 d8a6 - Add valid connmark action with control jump
ok 8 aae8 - Add valid connmark action with zone argument
ok 9 2f0b - Add valid connmark action with invalid zone argument
ok 10 9305 - Add connmark action with unsupported argument
ok 11 71ca - Add valid connmark action and replace it
ok 12 5f8f - Add valid connmark action with cookie
ok 13 c506 - Replace connmark with invalid goto chain control
ok 14 6571 - Delete connmark action with valid index
ok 15 3426 - Delete connmark action with invalid index
./tdc.py -c action ife
considering category action
considering category ife
Test 7682: Create valid ife encode action with mark and pass control
Test ef47: Create valid ife encode action with mark and pipe control
Test df43: Create valid ife encode action with mark and continue control
Test e4cf: Create valid ife encode action with mark and drop control
Test ccba: Create valid ife encode action with mark and reclassify control
Test a1cf: Create valid ife encode action with mark and jump control
Test cb3d: Create valid ife encode action with mark value at 32-bit
maximum
Test 1efb: Create ife encode action with mark value exceeding 32-bit
maximum
Test 95ed: Create valid ife encode action with prio and pass control
Test aa17: Create valid ife encode action with prio and pipe control
Test 74c7: Create valid ife encode action with prio and continue control
Test 7a97: Create valid ife encode action with prio and drop control
Test f66b: Create valid ife encode action with prio and reclassify control
Test 3056: Create valid ife encode action with prio and jump control
Test 7dd3: Create valid ife encode action with prio value at 32-bit
maximum
Test 2ca1: Create ife encode action with prio value exceeding 32-bit
maximum
Test 05bb: Create valid ife encode action with tcindex and pass control
Test ce65: Create valid ife encode action with tcindex and pipe control
Test 09cd: Create valid ife encode action with tcindex and continue control
Test 8eb5: Create valid ife encode action with tcindex and continue control
Test 451a: Create valid ife encode action with tcindex and drop control
Test d76c: Create valid ife encode action with tcindex and reclassify
control
Test e731: Create valid ife encode action with tcindex and jump control
Test b7b8: Create valid ife encode action with tcindex value at 16-bit
maximum
Test d0d8: Create ife encode action with tcindex value exceeding 16-bit
maximum
Test 2a9c: Create valid ife encode action with mac src parameter
Test cf5c: Create valid ife encode action with mac dst parameter
Test 2353: Create valid ife encode action with mac src and mac dst
parameters
Test 552c: Create valid ife encode action with mark and type parameters
Test 0421: Create valid ife encode action with prio and type parameters
Test 4017: Create valid ife encode action with tcindex and type parameters
Test fac3: Create valid ife encode action with index at 32-bit maximum
Test 7c25: Create valid ife decode action with pass control
Test dccb: Create valid ife decode action with pipe control
Test 7bb9: Create valid ife decode action with continue control
Test d9ad: Create valid ife decode action with drop control
Test 219f: Create valid ife decode action with reclassify control
Test 8f44: Create valid ife decode action with jump control
Test 56cf: Create ife encode action with index exceeding 32-bit maximum
Test ee94: Create ife encode action with invalid control
Test b330: Create ife encode action with cookie
Test bbc0: Create ife encode action with invalid argument
Test d54a: Create ife encode action with invalid type argument
Test 7ee0: Create ife encode action with invalid mac src argument
Test 0a7d: Create ife encode action with invalid mac dst argument
Test a0e2: Replace ife encode action with invalid goto chain control
Test a972: Delete ife encode action with valid index
Test 1272: Delete ife encode action with invalid index
All test results:
1..48
ok 1 7682 - Create valid ife encode action with mark and pass control
ok 2 ef47 - Create valid ife encode action with mark and pipe control
ok 3 df43 - Create valid ife encode action with mark and continue control
ok 4 e4cf - Create valid ife encode action with mark and drop control
ok 5 ccba - Create valid ife encode action with mark and reclassify
control
ok 6 a1cf - Create valid ife encode action with mark and jump control
ok 7 cb3d - Create valid ife encode action with mark value at 32-bit
maximum
ok 8 1efb - Create ife encode action with mark value exceeding 32-bit
maximum
ok 9 95ed - Create valid ife encode action with prio and pass control
ok 10 aa17 - Create valid ife encode action with prio and pipe control
ok 11 74c7 - Create valid ife encode action with prio and continue control
ok 12 7a97 - Create valid ife encode action with prio and drop control
ok 13 f66b - Create valid ife encode action with prio and reclassify
control
ok 14 3056 - Create valid ife encode action with prio and jump control
ok 15 7dd3 - Create valid ife encode action with prio value at 32-bit
maximum
ok 16 2ca1 - Create ife encode action with prio value exceeding 32-bit
maximum
ok 17 05bb - Create valid ife encode action with tcindex and pass control
ok 18 ce65 - Create valid ife encode action with tcindex and pipe control
ok 19 09cd - Create valid ife encode action with tcindex and continue
control
ok 20 8eb5 - Create valid ife encode action with tcindex and continue
control
ok 21 451a - Create valid ife encode action with tcindex and drop control
ok 22 d76c - Create valid ife encode action with tcindex and reclassify
control
ok 23 e731 - Create valid ife encode action with tcindex and jump control
ok 24 b7b8 - Create valid ife encode action with tcindex value at 16-bit
maximum
ok 25 d0d8 - Create ife encode action with tcindex value exceeding 16-bit
maximum
ok 26 2a9c - Create valid ife encode action with mac src parameter
ok 27 cf5c - Create valid ife encode action with mac dst parameter
ok 28 2353 - Create valid ife encode action with mac src and mac dst
parameters
ok 29 552c - Create valid ife encode action with mark and type parameters
ok 30 0421 - Create valid ife encode action with prio and type parameters
ok 31 4017 - Create valid ife encode action with tcindex and type
parameters
ok 32 fac3 - Create valid ife encode action with index at 32-bit maximum
ok 33 7c25 - Create valid ife decode action with pass control
ok 34 dccb - Create valid ife decode action with pipe control
ok 35 7bb9 - Create valid ife decode action with continue control
ok 36 d9ad - Create valid ife decode action with drop control
ok 37 219f - Create valid ife decode action with reclassify control
ok 38 8f44 - Create valid ife decode action with jump control
ok 39 56cf - Create ife encode action with index exceeding 32-bit maximum
ok 40 ee94 - Create ife encode action with invalid control
ok 41 b330 - Create ife encode action with cookie
ok 42 bbc0 - Create ife encode action with invalid argument
ok 43 d54a - Create ife encode action with invalid type argument
ok 44 7ee0 - Create ife encode action with invalid mac src argument
ok 45 0a7d - Create ife encode action with invalid mac dst argument
ok 46 a0e2 - Replace ife encode action with invalid goto chain control
ok 47 a972 - Delete ife encode action with valid index
ok 48 1272 - Delete ife encode action with invalid index
./tdc.py -c action nat
considering category action
considering category nat
Test 7565: Add nat action on ingress with default control action
Test fd79: Add nat action on ingress with pipe control action
Test eab9: Add nat action on ingress with continue control action
Test c53a: Add nat action on ingress with reclassify control action
Test 76c9: Add nat action on ingress with jump control action
Test 24c6: Add nat action on ingress with drop control action
Test 2120: Add nat action on ingress with maximum index value
Test 3e9d: Add nat action on ingress with invalid index value
Test f6c9: Add nat action on ingress with invalid IP address
Test be25: Add nat action on ingress with invalid argument
Test a7bd: Add nat action on ingress with DEFAULT IP address
Test ee1e: Add nat action on ingress with ANY IP address
Test 1de8: Add nat action on ingress with ALL IP address
Test 8dba: Add nat action on egress with default control action
Test 19a7: Add nat action on egress with pipe control action
Test f1d9: Add nat action on egress with continue control action
Test 6d4a: Add nat action on egress with reclassify control action
Test b313: Add nat action on egress with jump control action
Test d9fc: Add nat action on egress with drop control action
Test a895: Add nat action on egress with DEFAULT IP address
Test 2572: Add nat action on egress with ANY IP address
Test 37f3: Add nat action on egress with ALL IP address
Test 6054: Add nat action on egress with cookie
Test 79d6: Add nat action on ingress with cookie
Test 4b12: Replace nat action with invalid goto chain control
Test b811: Delete nat action with valid index
Test a521: Delete nat action with invalid index
All test results:
1..27
ok 1 7565 - Add nat action on ingress with default control action
ok 2 fd79 - Add nat action on ingress with pipe control action
ok 3 eab9 - Add nat action on ingress with continue control action
ok 4 c53a - Add nat action on ingress with reclassify control action
ok 5 76c9 - Add nat action on ingress with jump control action
ok 6 24c6 - Add nat action on ingress with drop control action
ok 7 2120 - Add nat action on ingress with maximum index value
ok 8 3e9d - Add nat action on ingress with invalid index value
ok 9 f6c9 - Add nat action on ingress with invalid IP address
ok 10 be25 - Add nat action on ingress with invalid argument
ok 11 a7bd - Add nat action on ingress with DEFAULT IP address
ok 12 ee1e - Add nat action on ingress with ANY IP address
ok 13 1de8 - Add nat action on ingress with ALL IP address
ok 14 8dba - Add nat action on egress with default control action
ok 15 19a7 - Add nat action on egress with pipe control action
ok 16 f1d9 - Add nat action on egress with continue control action
ok 17 6d4a - Add nat action on egress with reclassify control action
ok 18 b313 - Add nat action on egress with jump control action
ok 19 d9fc - Add nat action on egress with drop control action
ok 20 a895 - Add nat action on egress with DEFAULT IP address
ok 21 2572 - Add nat action on egress with ANY IP address
ok 22 37f3 - Add nat action on egress with ALL IP address
ok 23 6054 - Add nat action on egress with cookie
ok 24 79d6 - Add nat action on ingress with cookie
ok 25 4b12 - Replace nat action with invalid goto chain control
ok 26 b811 - Delete nat action with valid index
ok 27 a521 - Delete nat action with invalid index
./tdc.py -c action sample
considering category action
considering category sample
Test 9784: Add valid sample action with mandatory arguments
Test 5c91: Add valid sample action with mandatory arguments and continue
control action
Test 334b: Add valid sample action with mandatory arguments and drop
control action
Test da69: Add valid sample action with mandatory arguments and reclassify
control action
Test 13ce: Add valid sample action with mandatory arguments and pipe
control action
Test 1886: Add valid sample action with mandatory arguments and jump
control action
Test 7571: Add sample action with invalid rate
Test b6d4: Add sample action with mandatory arguments and invalid control
action
Test a874: Add invalid sample action without mandatory arguments
Test ac01: Add invalid sample action without mandatory argument rate
Test 4203: Add invalid sample action without mandatory argument group
Test 14a7: Add invalid sample action without mandatory argument group
Test 8f2e: Add valid sample action with trunc argument
Test 45f8: Add sample action with maximum rate argument
Test ad0c: Add sample action with maximum trunc argument
Test 83a9: Add sample action with maximum group argument
Test ed27: Add sample action with invalid rate argument
Test 2eae: Add sample action with invalid group argument
Test 6ff3: Add sample action with invalid trunc size
Test 2b2a: Add sample action with invalid index
Test dee2: Add sample action with maximum allowed index
Test 560e: Add sample action with cookie
Test 704a: Replace existing sample action with new rate argument
Test 60eb: Replace existing sample action with new group argument
Test 2cce: Replace existing sample action with new trunc argument
Test 59d1: Replace existing sample action with new control argument
Test 0a6e: Replace sample action with invalid goto chain control
Test 3872: Delete sample action with valid index
Test a394: Delete sample action with invalid index
All test results:
1..29
ok 1 9784 - Add valid sample action with mandatory arguments
ok 2 5c91 - Add valid sample action with mandatory arguments and continue
control action
ok 3 334b - Add valid sample action with mandatory arguments and drop
control action
ok 4 da69 - Add valid sample action with mandatory arguments and
reclassify control action
ok 5 13ce - Add valid sample action with mandatory arguments and pipe
control action
ok 6 1886 - Add valid sample action with mandatory arguments and jump
control action
ok 7 7571 - Add sample action with invalid rate
ok 8 b6d4 - Add sample action with mandatory arguments and invalid control
action
ok 9 a874 - Add invalid sample action without mandatory arguments
ok 10 ac01 - Add invalid sample action without mandatory argument rate
ok 11 4203 - Add invalid sample action without mandatory argument group
ok 12 14a7 - Add invalid sample action without mandatory argument group
ok 13 8f2e - Add valid sample action with trunc argument
ok 14 45f8 - Add sample action with maximum rate argument
ok 15 ad0c - Add sample action with maximum trunc argument
ok 16 83a9 - Add sample action with maximum group argument
ok 17 ed27 - Add sample action with invalid rate argument
ok 18 2eae - Add sample action with invalid group argument
ok 19 6ff3 - Add sample action with invalid trunc size
ok 20 2b2a - Add sample action with invalid index
ok 21 dee2 - Add sample action with maximum allowed index
ok 22 560e - Add sample action with cookie
ok 23 704a - Replace existing sample action with new rate argument
ok 24 60eb - Replace existing sample action with new group argument
ok 25 2cce - Replace existing sample action with new trunc argument
ok 26 59d1 - Replace existing sample action with new control argument
ok 27 0a6e - Replace sample action with invalid goto chain control
ok 28 3872 - Delete sample action with valid index
ok 29 a394 - Delete sample action with invalid index
./tdc.py -c action tunnel_key
considering category tunnel_key
considering category action
Test 2b11: Add tunnel_key set action with mandatory parameters
Test dc6b: Add tunnel_key set action with missing mandatory src_ip
parameter
Test 7f25: Add tunnel_key set action with missing mandatory dst_ip
parameter
Test a5e0: Add tunnel_key set action with invalid src_ip parameter
Test eaa8: Add tunnel_key set action with invalid dst_ip parameter
Test 3b09: Add tunnel_key set action with invalid id parameter
Test 9625: Add tunnel_key set action with invalid dst_port parameter
Test 05af: Add tunnel_key set action with optional dst_port parameter
Test da80: Add tunnel_key set action with index at 32-bit maximum
Test d407: Add tunnel_key set action with index exceeding 32-bit maximum
Test 5cba: Add tunnel_key set action with id value at 32-bit maximum
Test e84a: Add tunnel_key set action with id value exceeding 32-bit
maximum
Test 9c19: Add tunnel_key set action with dst_port value at 16-bit maximum
Test 3bd9: Add tunnel_key set action with dst_port value exceeding 16-bit
maximum
Test 68e2: Add tunnel_key unset action
Test 6192: Add tunnel_key unset continue action
Test 061d: Add tunnel_key set continue action with cookie
Test 8acb: Add tunnel_key set continue action with invalid cookie
Test a07e: Add tunnel_key action with no set/unset command specified
Test b227: Add tunnel_key action with csum option
Test 58a7: Add tunnel_key action with nocsum option
Test 2575: Add tunnel_key action with not-supported parameter
Test 7a88: Add tunnel_key action with cookie parameter
Test 4f20: Add tunnel_key action with a single geneve option parameter
Test e33d: Add tunnel_key action with multiple geneve options parameter
Test 0778: Add tunnel_key action with invalid class geneve option
parameter
Test 4ae8: Add tunnel_key action with invalid type geneve option parameter
Test 4039: Add tunnel_key action with short data length geneve option
parameter
Test 26a6: Add tunnel_key action with non-multiple of 4 data length geneve
option parameter
Test f44d: Add tunnel_key action with incomplete geneve options parameter
Test 7afc: Replace tunnel_key set action with all parameters
Test 364d: Replace tunnel_key set action with all parameters and cookie
Test 937c: Fetch all existing tunnel_key actions
Test 6783: Flush all existing tunnel_key actions
Test 8242: Replace tunnel_key set action with invalid goto chain
Test 0cd2: Add tunnel_key set action with no_percpu flag
Test 3671: Delete tunnel_key set action with valid index
Test 8597: Delete tunnel_key set action with invalid index
All test results:
1..38
ok 1 2b11 - Add tunnel_key set action with mandatory parameters
ok 2 dc6b - Add tunnel_key set action with missing mandatory src_ip
parameter
ok 3 7f25 - Add tunnel_key set action with missing mandatory dst_ip
parameter
ok 4 a5e0 - Add tunnel_key set action with invalid src_ip parameter
ok 5 eaa8 - Add tunnel_key set action with invalid dst_ip parameter
ok 6 3b09 - Add tunnel_key set action with invalid id parameter
ok 7 9625 - Add tunnel_key set action with invalid dst_port parameter
ok 8 05af - Add tunnel_key set action with optional dst_port parameter
ok 9 da80 - Add tunnel_key set action with index at 32-bit maximum
ok 10 d407 - Add tunnel_key set action with index exceeding 32-bit maximum
ok 11 5cba - Add tunnel_key set action with id value at 32-bit maximum
ok 12 e84a - Add tunnel_key set action with id value exceeding 32-bit
maximum
ok 13 9c19 - Add tunnel_key set action with dst_port value at 16-bit
maximum
ok 14 3bd9 - Add tunnel_key set action with dst_port value exceeding
16-bit maximum
ok 15 68e2 - Add tunnel_key unset action
ok 16 6192 - Add tunnel_key unset continue action
ok 17 061d - Add tunnel_key set continue action with cookie
ok 18 8acb - Add tunnel_key set continue action with invalid cookie
ok 19 a07e - Add tunnel_key action with no set/unset command specified
ok 20 b227 - Add tunnel_key action with csum option
ok 21 58a7 - Add tunnel_key action with nocsum option
ok 22 2575 - Add tunnel_key action with not-supported parameter
ok 23 7a88 - Add tunnel_key action with cookie parameter
ok 24 4f20 - Add tunnel_key action with a single geneve option parameter
ok 25 e33d - Add tunnel_key action with multiple geneve options parameter
ok 26 0778 - Add tunnel_key action with invalid class geneve option
parameter
ok 27 4ae8 - Add tunnel_key action with invalid type geneve option
parameter
ok 28 4039 - Add tunnel_key action with short data length geneve option
parameter
ok 29 26a6 - Add tunnel_key action with non-multiple of 4 data length
geneve option parameter
ok 30 f44d - Add tunnel_key action with incomplete geneve options
parameter
ok 31 7afc - Replace tunnel_key set action with all parameters
ok 32 364d - Replace tunnel_key set action with all parameters and cookie
ok 33 937c - Fetch all existing tunnel_key actions
ok 34 6783 - Flush all existing tunnel_key actions
ok 35 8242 - Replace tunnel_key set action with invalid goto chain
ok 36 0cd2 - Add tunnel_key set action with no_percpu flag
ok 37 3671 - Delete tunnel_key set action with valid index
ok 38 8597 - Delete tunnel_key set action with invalid index
Zhengchao Shao (8):
selftests/tc-testings: add selftests for ctinfo action
selftests/tc-testings: add selftests for gate action
selftests/tc-testings: add selftests for xt action
selftests/tc-testings: add connmark action deleting test case
selftests/tc-testings: add ife action deleting test case
selftests/tc-testings: add nat action deleting test case
selftests/tc-testings: add sample action deleting test case
selftests/tc-testings: add tunnel_key action deleting test case
.../tc-testing/tc-tests/actions/connmark.json | 50 +++
.../tc-testing/tc-tests/actions/ctinfo.json | 316 ++++++++++++++++++
.../tc-testing/tc-tests/actions/gate.json | 315 +++++++++++++++++
.../tc-testing/tc-tests/actions/ife.json | 50 +++
.../tc-testing/tc-tests/actions/nat.json | 50 +++
.../tc-testing/tc-tests/actions/sample.json | 50 +++
.../tc-tests/actions/tunnel_key.json | 50 +++
.../tc-testing/tc-tests/actions/xt.json | 219 ++++++++++++
8 files changed, 1100 insertions(+)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/actions/ctinfo.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/actions/gate.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/actions/xt.json
--
2.17.1
Hi All,
Intel's Trust Domain Extensions (TDX) protect guest VMs from malicious
hosts and some physical attacks. VM guest with TDX support is called
as a TDX Guest.
In TDX guest, attestation process is used to verify the TDX guest
trustworthiness to other entities before provisioning secrets to the
guest. For example, a key server may request for attestation before
releasing the encryption keys to mount the encrypted rootfs or
secondary drive.
This patch set adds attestation support for the TDX guest. Details
about the TDX attestation process and the steps involved are explained
in the commit log of Patch 1/3 or in Documentation/x86/tdx.rst (added
by patch 3/3).
Following are the details of the patch set:
Patch 1/3 -> Adds TDREPORT support.
Patch 2/3 -> Adds selftest support for TDREPORT feature.
Patch 3/3 -> Add attestation related documentation.
Commit log history is maintained in the individual patches.
Kuppuswamy Sathyanarayanan (3):
x86/tdx: Add TDX Guest attestation interface driver
selftests: tdx: Test TDX attestation GetReport support
Documentation/x86: Document TDX attestation process
Documentation/x86/tdx.rst | 75 +++++++++
arch/x86/coco/tdx/tdx.c | 115 +++++++++++++
arch/x86/include/uapi/asm/tdx.h | 56 +++++++
tools/arch/x86/include/uapi/asm/tdx.h | 56 +++++++
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/tdx/Makefile | 11 ++
tools/testing/selftests/tdx/config | 1 +
tools/testing/selftests/tdx/tdx_attest_test.c | 157 ++++++++++++++++++
8 files changed, 472 insertions(+)
create mode 100644 arch/x86/include/uapi/asm/tdx.h
create mode 100644 tools/arch/x86/include/uapi/asm/tdx.h
create mode 100644 tools/testing/selftests/tdx/Makefile
create mode 100644 tools/testing/selftests/tdx/config
create mode 100644 tools/testing/selftests/tdx/tdx_attest_test.c
--
2.34.1
The walk implementation of most tc cls modules is basically the same.
That is, the values of count and skip are checked first. If count is
greater than or equal to skip, the registered fn function is executed.
Otherwise, increase the value of count. So the code can be refactored.
Then use helper function to replace the code of each cls module in
alphabetical order.
The walk function is invoked during dump. Therefore, test cases related
to the tdc filter need to be added.
Last, thanks to Jamal and Victor for their review.
Add test cases locally and perform the test. The test results are listed
below:
./tdc.py -e 0811
ok 1 0811 - Add multiple basic filter with cmp ematch u8/link layer and
default action and dump them
./tdc.py -e 5129
ok 1 5129 - List basic filters
./tdc.py -c bpf-filter
ok 1 23c3 - Add cBPF filter with valid bytecode
ok 2 1563 - Add cBPF filter with invalid bytecode
ok 3 2334 - Add eBPF filter with valid object-file
ok 4 2373 - Add eBPF filter with invalid object-file
ok 5 4423 - Replace cBPF bytecode
ok 6 5122 - Delete cBPF filter
ok 7 e0a9 - List cBPF filters
./tdc.py -c cgroup
ok 1 6273 - Add cgroup filter with cmp ematch u8/link layer and drop
action
ok 2 4721 - Add cgroup filter with cmp ematch u8/link layer with trans
flag and pass action
ok 3 d392 - Add cgroup filter with cmp ematch u16/link layer and pipe
action
ok 4 0234 - Add cgroup filter with cmp ematch u32/link layer and miltiple
actions
ok 5 8499 - Add cgroup filter with cmp ematch u8/network layer and pass
action
ok 6 b273 - Add cgroup filter with cmp ematch u8/network layer with trans
flag and drop action
ok 7 1934 - Add cgroup filter with cmp ematch u16/network layer and pipe
action
ok 8 2733 - Add cgroup filter with cmp ematch u32/network layer and
miltiple actions
ok 9 3271 - Add cgroup filter with NOT cmp ematch rule and pass action
ok 10 2362 - Add cgroup filter with two ANDed cmp ematch rules and single
action
ok 11 9993 - Add cgroup filter with two ORed cmp ematch rules and single
action
ok 12 2331 - Add cgroup filter with two ANDed cmp ematch rules and one
ORed ematch rule and single action
ok 13 3645 - Add cgroup filter with two ANDed cmp ematch rules and one
NOT ORed ematch rule and single action
ok 14 b124 - Add cgroup filter with u32 ematch u8/zero offset and drop
action
ok 15 7381 - Add cgroup filter with u32 ematch u8/zero offset and invalid
value >0xFF
ok 16 2231 - Add cgroup filter with u32 ematch u8/positive offset and
drop action
ok 17 1882 - Add cgroup filter with u32 ematch u8/invalid mask >0xFF
ok 18 1237 - Add cgroup filter with u32 ematch u8/missing offset
ok 19 3812 - Add cgroup filter with u32 ematch u8/missing AT keyword
ok 20 1112 - Add cgroup filter with u32 ematch u8/missing value
ok 21 3241 - Add cgroup filter with u32 ematch u8/non-numeric value
ok 22 e231 - Add cgroup filter with u32 ematch u8/non-numeric mask
ok 23 4652 - Add cgroup filter with u32 ematch u8/negative offset and
pass action
ok 24 1331 - Add cgroup filter with u32 ematch u16/zero offset and pipe
action
ok 25 e354 - Add cgroup filter with u32 ematch u16/zero offset and
invalid value >0xFFFF
ok 26 3538 - Add cgroup filter with u32 ematch u16/positive offset and
drop action
ok 27 4576 - Add cgroup filter with u32 ematch u16/invalid mask >0xFFFF
ok 28 b842 - Add cgroup filter with u32 ematch u16/missing offset
ok 29 c924 - Add cgroup filter with u32 ematch u16/missing AT keyword
ok 30 cc93 - Add cgroup filter with u32 ematch u16/missing value
ok 31 123c - Add cgroup filter with u32 ematch u16/non-numeric value
ok 32 3675 - Add cgroup filter with u32 ematch u16/non-numeric mask
ok 33 1123 - Add cgroup filter with u32 ematch u16/negative offset and
drop action
ok 34 4234 - Add cgroup filter with u32 ematch u16/nexthdr+ offset and
pass action
ok 35 e912 - Add cgroup filter with u32 ematch u32/zero offset and pipe
action
ok 36 1435 - Add cgroup filter with u32 ematch u32/positive offset and
drop action
ok 37 1282 - Add cgroup filter with u32 ematch u32/missing offset
ok 38 6456 - Add cgroup filter with u32 ematch u32/missing AT keyword
ok 39 4231 - Add cgroup filter with u32 ematch u32/missing value
ok 40 2131 - Add cgroup filter with u32 ematch u32/non-numeric value
ok 41 f125 - Add cgroup filter with u32 ematch u32/non-numeric mask
ok 42 4316 - Add cgroup filter with u32 ematch u32/negative offset and
drop action
ok 43 23ae - Add cgroup filter with u32 ematch u32/nexthdr+ offset and
pipe action
ok 44 23a1 - Add cgroup filter with canid ematch and single SFF
ok 45 324f - Add cgroup filter with canid ematch and single SFF with mask
ok 46 2576 - Add cgroup filter with canid ematch and multiple SFF
ok 47 4839 - Add cgroup filter with canid ematch and multiple SFF with
masks
ok 48 6713 - Add cgroup filter with canid ematch and single EFF
ok 49 4572 - Add cgroup filter with canid ematch and single EFF with mask
ok 50 8031 - Add cgroup filter with canid ematch and multiple EFF
ok 51 ab9d - Add cgroup filter with canid ematch and multiple EFF with
masks
ok 52 5349 - Add cgroup filter with canid ematch and a combination of
SFF/EFF
ok 53 c934 - Add cgroup filter with canid ematch and a combination of
SFF/EFF with masks
ok 54 4319 - Replace cgroup filter with diffferent match
ok 55 4636 - Detele cgroup filter
./tdc.py -c flow
ok 1 5294 - Add flow filter with map key and ops
ok 2 3514 - Add flow filter with map key or ops
ok 3 7534 - Add flow filter with map key xor ops
ok 4 4524 - Add flow filter with map key rshift ops
ok 5 0230 - Add flow filter with map key addend ops
ok 6 2344 - Add flow filter with src map key
ok 7 9304 - Add flow filter with proto map key
ok 8 9038 - Add flow filter with proto-src map key
ok 9 2a03 - Add flow filter with proto-dst map key
ok 10 a073 - Add flow filter with iif map key
ok 11 3b20 - Add flow filter with priority map key
ok 12 8945 - Add flow filter with mark map key
ok 13 c034 - Add flow filter with nfct map key
ok 14 0205 - Add flow filter with nfct-src map key
ok 15 5315 - Add flow filter with nfct-src map key
ok 16 7849 - Add flow filter with nfct-proto-src map key
ok 17 9902 - Add flow filter with nfct-proto-dst map key
ok 18 6742 - Add flow filter with rt-classid map key
ok 19 5432 - Add flow filter with sk-uid map key
ok 20 4234 - Add flow filter with sk-gid map key
ok 21 4522 - Add flow filter with vlan-tag map key
ok 22 4253 - Add flow filter with rxhash map key
ok 23 4452 - Add flow filter with hash key list
ok 24 4341 - Add flow filter with muliple ops
ok 25 4392 - List flow filters
ok 26 4322 - Change flow filter with map key num
ok 27 2320 - Replace flow filter with map key num
ok 28 3213 - Delete flow filter with map key num
./tdc.py -c route
ok 1 e122 - Add route filter with from and to tag
ok 2 6573 - Add route filter with fromif and to tag
ok 3 1362 - Add route filter with to flag and reclassify action
ok 4 4720 - Add route filter with from flag and continue actions
ok 5 2812 - Add route filter with form tag and pipe action
ok 6 7994 - Add route filter with miltiple actions
ok 7 4312 - List route filters
ok 8 2634 - Delete route filter with pipe action
./tdc.py -c rsvp
ok 1 2141 - Add rsvp filter with tcp proto and specific IP address
ok 2 5267 - Add rsvp filter with udp proto and specific IP address
ok 3 2819 - Add rsvp filter with src ip and src port
ok 4 c967 - Add rsvp filter with tunnelid and continue action
ok 5 5463 - Add rsvp filter with tunnel and pipe action
ok 6 2332 - Add rsvp filter with miltiple actions
ok 7 8879 - Add rsvp filter with tunnel and skp flag
ok 8 8261 - List rsvp filters
ok 9 8989 - Delete rsvp filter
./tdc.py -c tcindex
ok 1 8293 - Add tcindex filter with default action
ok 2 7281 - Add tcindex filter with hash size and pass action
ok 3 b294 - Add tcindex filter with mask shift and reclassify action
ok 4 0532 - Add tcindex filter with pass_on and continue actions
ok 5 d473 - Add tcindex filter with pipe action
ok 6 2940 - Add tcindex filter with miltiple actions
ok 7 1893 - List tcindex filters
ok 8 2041 - Change tcindex filter with pass action
ok 9 9203 - Replace tcindex filter with pass action
ok 10 7957 - Delete tcindex filter with drop action
---
v3: Modify the test case format alignment
v2: rectify spelling error; The category name bpf in filters file
is renamed to bpf-filter
---
Zhengchao Shao (9):
net/sched: cls_api: add helper for tc cls walker stats updating
net/sched: use tc_cls_stats_update() in filter
selftests/tc-testings: add selftests for bpf filter
selftests/tc-testings: add selftests for cgroup filter
selftests/tc-testings: add selftests for flow filter
selftests/tc-testings: add selftests for route filter
selftests/tc-testings: add selftests for rsvp filter
selftests/tc-testings: add selftests for tcindex filter
selftests/tc-testings: add list case for basic filter
include/net/pkt_cls.h | 13 +
net/sched/cls_basic.c | 9 +-
net/sched/cls_bpf.c | 8 +-
net/sched/cls_flow.c | 8 +-
net/sched/cls_fw.c | 9 +-
net/sched/cls_route.c | 9 +-
net/sched/cls_rsvp.h | 9 +-
net/sched/cls_tcindex.c | 18 +-
net/sched/cls_u32.c | 20 +-
.../tc-testing/tc-tests/filters/basic.json | 47 +
.../tc-testing/tc-tests/filters/bpf.json | 171 +++
.../tc-testing/tc-tests/filters/cgroup.json | 1236 +++++++++++++++++
.../tc-testing/tc-tests/filters/flow.json | 623 +++++++++
.../tc-testing/tc-tests/filters/route.json | 181 +++
.../tc-testing/tc-tests/filters/rsvp.json | 203 +++
.../tc-testing/tc-tests/filters/tcindex.json | 227 +++
16 files changed, 2716 insertions(+), 75 deletions(-)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/bpf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/cgroup.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/flow.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/route.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/rsvp.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/tcindex.json
--
2.17.1
This series allows privileged Netlink operations from user namespaces. When a
non-root user configures MPTCP endpoints, the memory allocation is now accounted
to this user. See patches 4 and 5.
Apart from that, there are some cleanup:
- Patch 1 adds a macro to improve code readability
- Patch 2 regroups similar checks all together
- Patch 3 uses an explicit boolean instead of a counter to do one more check
Geliang Tang (2):
selftests: mptcp: move prefix tests of addr_nr_ns2 together
mptcp: add do_check_data_fin to replace copied
Matthieu Baerts (1):
mptcp: add mptcp_for_each_subflow_safe helper
Thomas Haller (2):
mptcp: allow privileged operations from user namespaces
mptcp: account memory allocation in mptcp_nl_cmd_add_addr() to user
net/mptcp/pm_netlink.c | 22 +++++++++----------
net/mptcp/protocol.c | 13 ++++++-----
net/mptcp/protocol.h | 2 ++
.../testing/selftests/net/mptcp/mptcp_join.sh | 10 ++++-----
4 files changed, 24 insertions(+), 23 deletions(-)
base-commit: 03fdb11da92fde0bdc0b6e9c1c642b7414d49e8d
--
2.37.2
Dear
Is the below mail from you?
-----
Dzień dobry,
dostrzegam możliwość współpracy z Państwa firmą.
Świadczymy kompleksową obsługę inwestycji w fotowoltaikę, która obniża koszty energii elektrycznej nawet o 90%.
Czy są Państwo zainteresowani weryfikacją wstępnych propozycji?
Pozdrawiam,
Norbert Karecki
----
Raj
Manager - Engineering and Projects
[cid:image001.png@01D8C8E0.52373950]
Jebel Ali Industrial Area 3, P.O.Box 51328, Dubai, UAE.
Ph: +9714-8997900 Fax: +9714-8841589 Mob: +971-56-3656857
www.tristar-group.co<http://www.tristar-group.co/>
This email and any attachments may contain confidential information. If you have received them in error, please delete them and contact Tristar. If the content of this e-mail does not relate to Tristar's business, Tristar does not endorse it. You should check attachments for virus before opening. Tristar Transport is a limited liability company incorporated in the UAE.
The walk implementation of most tc cls modules is basically the same.
That is, the values of count and skip are checked first. If count is
greater than or equal to skip, the registered fn function is executed.
Otherwise, increase the value of count. So the code can be refactored.
Then use helper function to replace the code of each cls module in
alphabetical order.
The walk function is invoked during dump. Therefore, test cases related
to the tdc filter need to be added.
Add test cases locally and perform the test. The test results are listed
below:
./tdc.py -e 0811
ok 1 0811 - Add multiple basic filter with cmp ematch u8/link layer and
default action and dump them
./tdc.py -e 5129
ok 1 5129 - List basic filters
./tdc.py -c filters bpf
ok 13 23c3 - Add cBPF filter with valid bytecode
ok 14 1563 - Add cBPF filter with invalid bytecode
ok 15 2334 - Add eBPF filter with valid object-file
ok 16 2373 - Add eBPF filter with invalid object-file
ok 17 4423 - Replace cBPF bytecode
ok 18 5122 - Delete cBPF filter
ok 19 e0a9 - List cBPF filters
./tdc.py -c filters cgroup
ok 1 6273 - Add cgroup filter with cmp ematch u8/link layer and drop
action
ok 2 4721 - Add cgroup filter with cmp ematch u8/link layer with trans
flag and pass action
ok 3 d392 - Add cgroup filter with cmp ematch u16/link layer and pipe
action
ok 4 0234 - Add cgroup filter with cmp ematch u32/link layer and miltiple
actions
ok 5 8499 - Add cgroup filter with cmp ematch u8/network layer and pass
action
ok 6 b273 - Add cgroup filter with cmp ematch u8/network layer with trans
flag and drop action
ok 7 1934 - Add cgroup filter with cmp ematch u16/network layer and pipe
action
ok 8 2733 - Add cgroup filter with cmp ematch u32/network layer and
miltiple actions
ok 9 3271 - Add cgroup filter with NOT cmp ematch rule and pass action
ok 10 2362 - Add cgroup filter with two ANDed cmp ematch rules and single
action
ok 11 9993 - Add cgroup filter with two ORed cmp ematch rules and single
action
ok 12 2331 - Add cgroup filter with two ANDed cmp ematch rules and one
ORed ematch rule and single action
ok 13 3645 - Add cgroup filter with two ANDed cmp ematch rules and one
NOT ORed ematch rule and single action
ok 14 b124 - Add cgroup filter with u32 ematch u8/zero offset and drop
action
ok 15 7381 - Add cgroup filter with u32 ematch u8/zero offset and invalid
value >0xFF
ok 16 2231 - Add cgroup filter with u32 ematch u8/positive offset and
drop action
ok 17 1882 - Add cgroup filter with u32 ematch u8/invalid mask >0xFF
ok 18 1237 - Add cgroup filter with u32 ematch u8/missing offset
ok 19 3812 - Add cgroup filter with u32 ematch u8/missing AT keyword
ok 20 1112 - Add cgroup filter with u32 ematch u8/missing value
ok 21 3241 - Add cgroup filter with u32 ematch u8/non-numeric value
ok 22 e231 - Add cgroup filter with u32 ematch u8/non-numeric mask
ok 23 4652 - Add cgroup filter with u32 ematch u8/negative offset and
pass action
ok 24 1331 - Add cgroup filter with u32 ematch u16/zero offset and pipe
action
ok 25 e354 - Add cgroup filter with u32 ematch u16/zero offset and
invalid value >0xFFFF
ok 26 3538 - Add cgroup filter with u32 ematch u16/positive offset and
drop action
ok 27 4576 - Add cgroup filter with u32 ematch u16/invalid mask >0xFFFF
ok 28 b842 - Add cgroup filter with u32 ematch u16/missing offset
ok 29 c924 - Add cgroup filter with u32 ematch u16/missing AT keyword
ok 30 cc93 - Add cgroup filter with u32 ematch u16/missing value
ok 31 123c - Add cgroup filter with u32 ematch u16/non-numeric value
ok 32 3675 - Add cgroup filter with u32 ematch u16/non-numeric mask
ok 33 1123 - Add cgroup filter with u32 ematch u16/negative offset and
drop action
ok 34 4234 - Add cgroup filter with u32 ematch u16/nexthdr+ offset and
pass action
ok 35 e912 - Add cgroup filter with u32 ematch u32/zero offset and pipe
action
ok 36 1435 - Add cgroup filter with u32 ematch u32/positive offset and
drop action
ok 37 1282 - Add cgroup filter with u32 ematch u32/missing offset
ok 38 6456 - Add cgroup filter with u32 ematch u32/missing AT keyword
ok 39 4231 - Add cgroup filter with u32 ematch u32/missing value
ok 40 2131 - Add cgroup filter with u32 ematch u32/non-numeric value
ok 41 f125 - Add cgroup filter with u32 ematch u32/non-numeric mask
ok 42 4316 - Add cgroup filter with u32 ematch u32/negative offset and
drop action
ok 43 23ae - Add cgroup filter with u32 ematch u32/nexthdr+ offset and
pipe action
ok 44 23a1 - Add cgroup filter with canid ematch and single SFF
ok 45 324f - Add cgroup filter with canid ematch and single SFF with mask
ok 46 2576 - Add cgroup filter with canid ematch and multiple SFF
ok 47 4839 - Add cgroup filter with canid ematch and multiple SFF with
masks
ok 48 6713 - Add cgroup filter with canid ematch and single EFF
ok 49 4572 - Add cgroup filter with canid ematch and single EFF with mask
ok 50 8031 - Add cgroup filter with canid ematch and multiple EFF
ok 51 ab9d - Add cgroup filter with canid ematch and multiple EFF with
masks
ok 52 5349 - Add cgroup filter with canid ematch and a combination of
SFF/EFF
ok 53 c934 - Add cgroup filter with canid ematch and a combination of
SFF/EFF with masks
ok 54 4319 - Replace cgroup filter with diffferent match
ok 55 4636 - Detele cgroup filter
./tdc.py -c filters flow
ok 1 5294 - Add flow filter with map key and ops
ok 2 3514 - Add flow filter with map key or ops
ok 3 7534 - Add flow filter with map key xor ops
ok 4 4524 - Add flow filter with map key rshift ops
ok 5 0230 - Add flow filter with map key addend ops
ok 6 2344 - Add flow filter with src map key
ok 7 9304 - Add flow filter with proto map key
ok 8 9038 - Add flow filter with proto-src map key
ok 9 2a03 - Add flow filter with proto-dst map key
ok 10 a073 - Add flow filter with iif map key
ok 11 3b20 - Add flow filter with priority map key
ok 12 8945 - Add flow filter with mark map key
ok 13 c034 - Add flow filter with nfct map key
ok 14 0205 - Add flow filter with nfct-src map key
ok 15 5315 - Add flow filter with nfct-src map key
ok 16 7849 - Add flow filter with nfct-proto-src map key
ok 17 9902 - Add flow filter with nfct-proto-dst map key
ok 18 6742 - Add flow filter with rt-classid map key
ok 19 5432 - Add flow filter with sk-uid map key
ok 20 4234 - Add flow filter with sk-gid map key
ok 21 4522 - Add flow filter with vlan-tag map key
ok 22 4253 - Add flow filter with rxhash map key
ok 23 4452 - Add flow filter with hash key list
ok 24 4341 - Add flow filter with muliple ops
ok 25 4322 - List flow filters
ok 26 2320 - Replace flow filter with map key num
ok 27 3213 - Delete flow filter with map key num
./tdc.py -c filters route
ok 1 e122 - Add route filter with from and to tag
ok 2 6573 - Add route filter with fromif and to tag
ok 3 1362 - Add route filter with to flag and reclassify action
ok 4 4720 - Add route filter with from flag and continue actions
ok 5 2812 - Add route filter with form tag and pipe action
ok 6 7994 - Add route filter with miltiple actions
ok 7 4312 - List route filters
ok 8 2634 - Delete route filters with pipe action
./tdc.py -c filters rsvp
ok 1 2141 - Add rsvp filter with tcp proto and specific IP address
ok 2 5267 - Add rsvp filter with udp proto and specific IP address
ok 3 2819 - Add rsvp filter with src ip and src port
ok 4 c967 - Add rsvp filter with tunnelid and continue action
ok 5 5463 - Add rsvp filter with tunnel and pipe action
ok 6 2332 - Add rsvp filter with miltiple actions
ok 7 8879 - Add rsvp filter with tunnel and skp flag
ok 8 8261 - List rsvp filters
ok 9 8989 - Delete rsvp filters
./tdc.py -c filters tcindex
ok 1 8293 - Add tcindex filter with default action
ok 2 7281 - Add tcindex filter with hash size and pass action
ok 3 b294 - Add tcindex filter with mask shift and reclassify action
ok 4 0532 - Add tcindex filter with pass_on and continue actions
ok 5 d473 - Add tcindex filter with pipe action
ok 6 2940 - Add tcindex filter with miltiple actions
ok 7 1893 - List tcindex filters
ok 8 2041 - Change tcindex filters with pass action
ok 9 9203 - Replace tcindex filters with pass action
ok 10 7957 - Delete tcindex filters with drop action
Zhengchao Shao (9):
net/sched: cls_api: add helper for tc cls walker stats updating
net/sched: use tc_cls_stats_update() in filter
selftests/tc-testings: add selftests for bpf filter
selftests/tc-testings: add selftests for cgroup filter
selftests/tc-testings: add selftests for flow filter
selftests/tc-testings: add selftests for route filter
selftests/tc-testings: add selftests for rsvp filter
selftests/tc-testings: add selftests for tcindex filter
selftests/tc-testings: add list case for basic filter
include/net/pkt_cls.h | 13 +
net/sched/cls_basic.c | 9 +-
net/sched/cls_bpf.c | 8 +-
net/sched/cls_flow.c | 8 +-
net/sched/cls_fw.c | 9 +-
net/sched/cls_route.c | 9 +-
net/sched/cls_rsvp.h | 9 +-
net/sched/cls_tcindex.c | 18 +-
net/sched/cls_u32.c | 20 +-
.../tc-testing/tc-tests/filters/basic.json | 47 +
.../tc-testing/tc-tests/filters/bpf.json | 171 +++
.../tc-testing/tc-tests/filters/cgroup.json | 1236 +++++++++++++++++
.../tc-testing/tc-tests/filters/flow.json | 623 +++++++++
.../tc-testing/tc-tests/filters/route.json | 181 +++
.../tc-testing/tc-tests/filters/rsvp.json | 203 +++
.../tc-testing/tc-tests/filters/tcindex.json | 227 +++
16 files changed, 2716 insertions(+), 75 deletions(-)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/bpf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/cgroup.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/flow.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/route.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/rsvp.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/tcindex.json
--
2.17.1
The walk implementation of most tc cls modules is basically the same.
That is, the values of count and skip are checked first. If count is
greater than or equal to skip, the registered fn function is executed.
Otherwise, increase the value of count. So the code can be refactored.
Then use helper function to replace the code of each cls module in
alphabetical order.
The walk function is invoked during dump. Therefore, test cases related
to the tdc filter need to be added.
Add test cases locally and perform the test. The test results are listed
below:
./tdc.py -e 0811
ok 1 0811 - Add multiple basic filter with cmp ematch u8/link layer and
default action and dump them
./tdc.py -e 5129
ok 1 5129 - List basic filters
./tdc.py -c bpf-filter
ok 1 23c3 - Add cBPF filter with valid bytecode
ok 2 1563 - Add cBPF filter with invalid bytecode
ok 3 2334 - Add eBPF filter with valid object-file
ok 4 2373 - Add eBPF filter with invalid object-file
ok 5 4423 - Replace cBPF bytecode
ok 6 5122 - Delete cBPF filter
ok 7 e0a9 - List cBPF filters
./tdc.py -c cgroup
ok 1 6273 - Add cgroup filter with cmp ematch u8/link layer and drop
action
ok 2 4721 - Add cgroup filter with cmp ematch u8/link layer with trans
flag and pass action
ok 3 d392 - Add cgroup filter with cmp ematch u16/link layer and pipe
action
ok 4 0234 - Add cgroup filter with cmp ematch u32/link layer and miltiple
actions
ok 5 8499 - Add cgroup filter with cmp ematch u8/network layer and pass
action
ok 6 b273 - Add cgroup filter with cmp ematch u8/network layer with trans
flag and drop action
ok 7 1934 - Add cgroup filter with cmp ematch u16/network layer and pipe
action
ok 8 2733 - Add cgroup filter with cmp ematch u32/network layer and
miltiple actions
ok 9 3271 - Add cgroup filter with NOT cmp ematch rule and pass action
ok 10 2362 - Add cgroup filter with two ANDed cmp ematch rules and single
action
ok 11 9993 - Add cgroup filter with two ORed cmp ematch rules and single
action
ok 12 2331 - Add cgroup filter with two ANDed cmp ematch rules and one
ORed ematch rule and single action
ok 13 3645 - Add cgroup filter with two ANDed cmp ematch rules and one
NOT ORed ematch rule and single action
ok 14 b124 - Add cgroup filter with u32 ematch u8/zero offset and drop
action
ok 15 7381 - Add cgroup filter with u32 ematch u8/zero offset and invalid
value >0xFF
ok 16 2231 - Add cgroup filter with u32 ematch u8/positive offset and
drop action
ok 17 1882 - Add cgroup filter with u32 ematch u8/invalid mask >0xFF
ok 18 1237 - Add cgroup filter with u32 ematch u8/missing offset
ok 19 3812 - Add cgroup filter with u32 ematch u8/missing AT keyword
ok 20 1112 - Add cgroup filter with u32 ematch u8/missing value
ok 21 3241 - Add cgroup filter with u32 ematch u8/non-numeric value
ok 22 e231 - Add cgroup filter with u32 ematch u8/non-numeric mask
ok 23 4652 - Add cgroup filter with u32 ematch u8/negative offset and
pass action
ok 24 1331 - Add cgroup filter with u32 ematch u16/zero offset and pipe
action
ok 25 e354 - Add cgroup filter with u32 ematch u16/zero offset and
invalid value >0xFFFF
ok 26 3538 - Add cgroup filter with u32 ematch u16/positive offset and
drop action
ok 27 4576 - Add cgroup filter with u32 ematch u16/invalid mask >0xFFFF
ok 28 b842 - Add cgroup filter with u32 ematch u16/missing offset
ok 29 c924 - Add cgroup filter with u32 ematch u16/missing AT keyword
ok 30 cc93 - Add cgroup filter with u32 ematch u16/missing value
ok 31 123c - Add cgroup filter with u32 ematch u16/non-numeric value
ok 32 3675 - Add cgroup filter with u32 ematch u16/non-numeric mask
ok 33 1123 - Add cgroup filter with u32 ematch u16/negative offset and
drop action
ok 34 4234 - Add cgroup filter with u32 ematch u16/nexthdr+ offset and
pass action
ok 35 e912 - Add cgroup filter with u32 ematch u32/zero offset and pipe
action
ok 36 1435 - Add cgroup filter with u32 ematch u32/positive offset and
drop action
ok 37 1282 - Add cgroup filter with u32 ematch u32/missing offset
ok 38 6456 - Add cgroup filter with u32 ematch u32/missing AT keyword
ok 39 4231 - Add cgroup filter with u32 ematch u32/missing value
ok 40 2131 - Add cgroup filter with u32 ematch u32/non-numeric value
ok 41 f125 - Add cgroup filter with u32 ematch u32/non-numeric mask
ok 42 4316 - Add cgroup filter with u32 ematch u32/negative offset and
drop action
ok 43 23ae - Add cgroup filter with u32 ematch u32/nexthdr+ offset and
pipe action
ok 44 23a1 - Add cgroup filter with canid ematch and single SFF
ok 45 324f - Add cgroup filter with canid ematch and single SFF with mask
ok 46 2576 - Add cgroup filter with canid ematch and multiple SFF
ok 47 4839 - Add cgroup filter with canid ematch and multiple SFF with
masks
ok 48 6713 - Add cgroup filter with canid ematch and single EFF
ok 49 4572 - Add cgroup filter with canid ematch and single EFF with mask
ok 50 8031 - Add cgroup filter with canid ematch and multiple EFF
ok 51 ab9d - Add cgroup filter with canid ematch and multiple EFF with
masks
ok 52 5349 - Add cgroup filter with canid ematch and a combination of
SFF/EFF
ok 53 c934 - Add cgroup filter with canid ematch and a combination of
SFF/EFF with masks
ok 54 4319 - Replace cgroup filter with diffferent match
ok 55 4636 - Detele cgroup filter
./tdc.py -c flow
ok 1 5294 - Add flow filter with map key and ops
ok 2 3514 - Add flow filter with map key or ops
ok 3 7534 - Add flow filter with map key xor ops
ok 4 4524 - Add flow filter with map key rshift ops
ok 5 0230 - Add flow filter with map key addend ops
ok 6 2344 - Add flow filter with src map key
ok 7 9304 - Add flow filter with proto map key
ok 8 9038 - Add flow filter with proto-src map key
ok 9 2a03 - Add flow filter with proto-dst map key
ok 10 a073 - Add flow filter with iif map key
ok 11 3b20 - Add flow filter with priority map key
ok 12 8945 - Add flow filter with mark map key
ok 13 c034 - Add flow filter with nfct map key
ok 14 0205 - Add flow filter with nfct-src map key
ok 15 5315 - Add flow filter with nfct-src map key
ok 16 7849 - Add flow filter with nfct-proto-src map key
ok 17 9902 - Add flow filter with nfct-proto-dst map key
ok 18 6742 - Add flow filter with rt-classid map key
ok 19 5432 - Add flow filter with sk-uid map key
ok 20 4234 - Add flow filter with sk-gid map key
ok 21 4522 - Add flow filter with vlan-tag map key
ok 22 4253 - Add flow filter with rxhash map key
ok 23 4452 - Add flow filter with hash key list
ok 24 4341 - Add flow filter with muliple ops
ok 25 4392 - List flow filters
ok 26 4322 - Change flow filter with map key num
ok 27 2320 - Replace flow filter with map key num
ok 28 3213 - Delete flow filter with map key num
./tdc.py -c route
ok 1 e122 - Add route filter with from and to tag
ok 2 6573 - Add route filter with fromif and to tag
ok 3 1362 - Add route filter with to flag and reclassify action
ok 4 4720 - Add route filter with from flag and continue actions
ok 5 2812 - Add route filter with form tag and pipe action
ok 6 7994 - Add route filter with miltiple actions
ok 7 4312 - List route filters
ok 8 2634 - Delete route filter with pipe action
./tdc.py -c rsvp
ok 1 2141 - Add rsvp filter with tcp proto and specific IP address
ok 2 5267 - Add rsvp filter with udp proto and specific IP address
ok 3 2819 - Add rsvp filter with src ip and src port
ok 4 c967 - Add rsvp filter with tunnelid and continue action
ok 5 5463 - Add rsvp filter with tunnel and pipe action
ok 6 2332 - Add rsvp filter with miltiple actions
ok 7 8879 - Add rsvp filter with tunnel and skp flag
ok 8 8261 - List rsvp filters
ok 9 8989 - Delete rsvp filter
./tdc.py -c tcindex
ok 1 8293 - Add tcindex filter with default action
ok 2 7281 - Add tcindex filter with hash size and pass action
ok 3 b294 - Add tcindex filter with mask shift and reclassify action
ok 4 0532 - Add tcindex filter with pass_on and continue actions
ok 5 d473 - Add tcindex filter with pipe action
ok 6 2940 - Add tcindex filter with miltiple actions
ok 7 1893 - List tcindex filters
ok 8 2041 - Change tcindex filter with pass action
ok 9 9203 - Replace tcindex filter with pass action
ok 10 7957 - Delete tcindex filter with drop action
---
v2: rectify spelling error; The category name bpf in filters file
is renamed to bpf-filter
---
Zhengchao Shao (9):
net/sched: cls_api: add helper for tc cls walker stats updating
net/sched: use tc_cls_stats_update() in filter
selftests/tc-testings: add selftests for bpf filter
selftests/tc-testings: add selftests for cgroup filter
selftests/tc-testings: add selftests for flow filter
selftests/tc-testings: add selftests for route filter
selftests/tc-testings: add selftests for rsvp filter
selftests/tc-testings: add selftests for tcindex filter
selftests/tc-testings: add list case for basic filter
include/net/pkt_cls.h | 13 +
net/sched/cls_basic.c | 9 +-
net/sched/cls_bpf.c | 8 +-
net/sched/cls_flow.c | 8 +-
net/sched/cls_fw.c | 9 +-
net/sched/cls_route.c | 9 +-
net/sched/cls_rsvp.h | 9 +-
net/sched/cls_tcindex.c | 18 +-
net/sched/cls_u32.c | 20 +-
.../tc-testing/tc-tests/filters/basic.json | 47 +
.../tc-testing/tc-tests/filters/bpf.json | 171 +++
.../tc-testing/tc-tests/filters/cgroup.json | 1236 +++++++++++++++++
.../tc-testing/tc-tests/filters/flow.json | 623 +++++++++
.../tc-testing/tc-tests/filters/route.json | 181 +++
.../tc-testing/tc-tests/filters/rsvp.json | 203 +++
.../tc-testing/tc-tests/filters/tcindex.json | 227 +++
16 files changed, 2716 insertions(+), 75 deletions(-)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/bpf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/cgroup.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/flow.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/route.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/rsvp.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/tcindex.json
--
2.17.1
From: Kyle Huey <me(a)kylehuey.com>
When management of the PKRU register was moved away from XSTATE, emulation
of PKRU's existence in XSTATE was added for reading PKRU through ptrace,
but not for writing PKRU through ptrace. This can be seen by running gdb
and executing `p $pkru`, `set $pkru = 42`, and `p $pkru`. On affected
kernels (5.14+) the write to the PKRU register (which gdb performs through
ptrace) is ignored.
There are three APIs that write PKRU: sigreturn, PTRACE_SETREGSET with
NT_X86_XSTATE, and KVM_SET_XSAVE. sigreturn still uses XRSTOR to write to
PKRU. KVM_SET_XSAVE has its own special handling to make PKRU writes take
effect (in fpu_copy_uabi_to_guest_fpstate). Push that down into
copy_uabi_to_xstate and have PTRACE_SETREGSET with NT_X86_XSTATE pass in
a pointer to the appropriate PKRU slot. copy_sigframe_from_user_to_xstate
depends on copy_uabi_to_xstate populating the PKRU field in the task's
XSTATE so that __fpu_restore_sig can do a XRSTOR from it, so continue doing
that.
This also adds code to initialize the PKRU value to the hardware init value
(namely 0) if the PKRU bit is not set in the XSTATE header provided to
ptrace, to match XRSTOR.
Fixes: e84ba47e313d ("x86/fpu: Hook up PKRU into ptrace()")
Signed-off-by: Kyle Huey <me(a)kylehuey.com>
Cc: Dave Hansen <dave.hansen(a)linux.intel.com>
Cc: Thomas Gleixner <tglx(a)linutronix.de>
Cc: Borislav Petkov <bp(a)suse.de>
Cc: stable(a)vger.kernel.org # 5.14+
---
arch/x86/kernel/fpu/core.c | 20 +++++++++-----------
arch/x86/kernel/fpu/regset.c | 2 +-
arch/x86/kernel/fpu/signal.c | 2 +-
arch/x86/kernel/fpu/xstate.c | 25 ++++++++++++++++++++-----
arch/x86/kernel/fpu/xstate.h | 4 ++--
5 files changed, 33 insertions(+), 20 deletions(-)
diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
index 3b28c5b25e12..c273669e8a00 100644
--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
@@ -391,8 +391,6 @@ int fpu_copy_uabi_to_guest_fpstate(struct fpu_guest *gfpu, const void *buf,
{
struct fpstate *kstate = gfpu->fpstate;
const union fpregs_state *ustate = buf;
- struct pkru_state *xpkru;
- int ret;
if (!cpu_feature_enabled(X86_FEATURE_XSAVE)) {
if (ustate->xsave.header.xfeatures & ~XFEATURE_MASK_FPSSE)
@@ -406,16 +404,16 @@ int fpu_copy_uabi_to_guest_fpstate(struct fpu_guest *gfpu, const void *buf,
if (ustate->xsave.header.xfeatures & ~xcr0)
return -EINVAL;
- ret = copy_uabi_from_kernel_to_xstate(kstate, ustate);
- if (ret)
- return ret;
+ /*
+ * Nullify @vpkru to preserve its current value if PKRU's bit isn't set
+ * in the header. KVM's odd ABI is to leave PKRU untouched in this
+ * case (all other components are eventually re-initialized).
+ * (Not clear that this is actually necessary for compat).
+ */
+ if (!(ustate->xsave.header.xfeatures & XFEATURE_MASK_PKRU))
+ vpkru = NULL;
- /* Retrieve PKRU if not in init state */
- if (kstate->regs.xsave.header.xfeatures & XFEATURE_MASK_PKRU) {
- xpkru = get_xsave_addr(&kstate->regs.xsave, XFEATURE_PKRU);
- *vpkru = xpkru->pkru;
- }
- return 0;
+ return copy_uabi_from_kernel_to_xstate(kstate, ustate, vpkru);
}
EXPORT_SYMBOL_GPL(fpu_copy_uabi_to_guest_fpstate);
#endif /* CONFIG_KVM */
diff --git a/arch/x86/kernel/fpu/regset.c b/arch/x86/kernel/fpu/regset.c
index 75ffaef8c299..6d056b68f4ed 100644
--- a/arch/x86/kernel/fpu/regset.c
+++ b/arch/x86/kernel/fpu/regset.c
@@ -167,7 +167,7 @@ int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
}
fpu_force_restore(fpu);
- ret = copy_uabi_from_kernel_to_xstate(fpu->fpstate, kbuf ?: tmpbuf);
+ ret = copy_uabi_from_kernel_to_xstate(fpu->fpstate, kbuf ?: tmpbuf, &target->thread.pkru);
out:
vfree(tmpbuf);
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index 91d4b6de58ab..558076dbde5b 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -396,7 +396,7 @@ static bool __fpu_restore_sig(void __user *buf, void __user *buf_fx,
fpregs = &fpu->fpstate->regs;
if (use_xsave() && !fx_only) {
- if (copy_sigframe_from_user_to_xstate(fpu->fpstate, buf_fx))
+ if (copy_sigframe_from_user_to_xstate(tsk, buf_fx))
return false;
} else {
if (__copy_from_user(&fpregs->fxsave, buf_fx,
diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
index c8340156bfd2..8f14981a3936 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -1197,7 +1197,7 @@ static int copy_from_buffer(void *dst, unsigned int offset, unsigned int size,
static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf,
- const void __user *ubuf)
+ const void __user *ubuf, u32 *pkru)
{
struct xregs_state *xsave = &fpstate->regs.xsave;
unsigned int offset, size;
@@ -1246,6 +1246,21 @@ static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf,
}
}
+ /*
+ * Update the user protection key storage. Allow KVM to
+ * pass in a NULL pkru pointer if the mask bit is unset
+ * for its legacy ABI behavior.
+ */
+ if (pkru)
+ *pkru = 0;
+
+ if (hdr.xfeatures & XFEATURE_MASK_PKRU) {
+ struct pkru_state *xpkru;
+
+ xpkru = __raw_xsave_addr(xsave, XFEATURE_PKRU);
+ *pkru = xpkru->pkru;
+ }
+
/*
* The state that came in from userspace was user-state only.
* Mask all the user states out of 'xfeatures':
@@ -1264,9 +1279,9 @@ static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf,
* Convert from a ptrace standard-format kernel buffer to kernel XSAVE[S]
* format and copy to the target thread. Used by ptrace and KVM.
*/
-int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf)
+int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf, u32 *pkru)
{
- return copy_uabi_to_xstate(fpstate, kbuf, NULL);
+ return copy_uabi_to_xstate(fpstate, kbuf, NULL, pkru);
}
/*
@@ -1274,10 +1289,10 @@ int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf)
* XSAVE[S] format and copy to the target thread. This is called from the
* sigreturn() and rt_sigreturn() system calls.
*/
-int copy_sigframe_from_user_to_xstate(struct fpstate *fpstate,
+int copy_sigframe_from_user_to_xstate(struct task_struct *tsk,
const void __user *ubuf)
{
- return copy_uabi_to_xstate(fpstate, NULL, ubuf);
+ return copy_uabi_to_xstate(tsk->thread.fpu.fpstate, NULL, ubuf, &tsk->thread.pkru);
}
static bool validate_independent_components(u64 mask)
diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h
index 5ad47031383b..a4ecb04d8d64 100644
--- a/arch/x86/kernel/fpu/xstate.h
+++ b/arch/x86/kernel/fpu/xstate.h
@@ -46,8 +46,8 @@ extern void __copy_xstate_to_uabi_buf(struct membuf to, struct fpstate *fpstate,
u32 pkru_val, enum xstate_copy_mode copy_mode);
extern void copy_xstate_to_uabi_buf(struct membuf to, struct task_struct *tsk,
enum xstate_copy_mode mode);
-extern int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf);
-extern int copy_sigframe_from_user_to_xstate(struct fpstate *fpstate, const void __user *ubuf);
+extern int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf, u32 *pkru);
+extern int copy_sigframe_from_user_to_xstate(struct task_struct *tsk, const void __user *ubuf);
extern void fpu__init_cpu_xstate(void);
--
2.37.2
Changelog since v5:
- Avoids a second copy from the uabi buffer as suggested.
- Preserves old KVM_SET_XSAVE behavior where leaving the PKRU bit in the
XSTATE header results in PKRU remaining unchanged instead of
reinitializing it.
- Fixed up patch metadata as requested.
Changelog since v4:
- Selftest additionally checks PKRU readbacks through ptrace.
- Selftest flips all PKRU bits (except the default key).
Changelog since v3:
- The v3 patch is now part 1 of 2.
- Adds a selftest in part 2 of 2.
Changelog since v2:
- Removed now unused variables in fpu_copy_uabi_to_guest_fpstate
Changelog since v1:
- Handles the error case of copy_to_buffer().
hi,
The test error is caused by g_vsyscall set failed.
Error output:
selftests: proc: proc-pid-vm
proc-pid-vm: proc-pid-vm.c:389: main: Assertion `rv == len' failed.
Aborted
g_vsyscall is set to 0.
In proc-pid-vm.c:
/*
* 0: vsyscall VMA doesn't exist vsyscall=none
* 1: vsyscall VMA is r-xp vsyscall=emulate
* 2: vsyscall VMA is --xp vsyscall=xonly
*/
static int g_vsyscall;
static const char *str_vsyscall;
static const char str_vsyscall_0[] = "";
static const char str_vsyscall_1[] =
"ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]\n";
static const char str_vsyscall_2[] =
"ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0 [vsyscall]\n";
The /proc/%u/maps output is:
buf=100000000-100001000 r-xp 00000000 00:2d 2 /tmp/#2 (deleted)
ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0 [vsyscall]
So the g_vsyscall should be 2 according to commentary(2: vsyscall VMA is --xp).
Is it a bug?
best regards,
Libhugetlbfs is not being maintained actively, and some distro is
dropping support for it. There are some tests that are good for testing
hugetlb functionality in kernel, which can be migrated to either kernel
kselftests or LTP.
I am submitting this patch to get comments from community on the
following
1. The test framework in ltp is most suitable for the tests that are
in libhugetlbfs/tests/ which follow similar test framework. And there
is already a section for hugetlb specific tests in LTP. So it makes
more sense and less effort to migrate the test to LTP. Though I
recommend migrating these tests to LTP, I would like to discuss tests
should be migrated to LTP or kselftests.
2. Libhugetlbfs tests has license GNU Lesser GPL 2.1 or later, while
kernel and LTP has license GPL2 or later, so can the test be
migrated to kernel/kselftests or LTP.
The below patch is libhugetlbfs/tests/direct.c which has been migrated
to ltp/testcases/kernel/mem/hugetlb/hugemmap/hugemmap07.c
Signed-off-by: Tarun Sahu <tsahu(a)linux.ibm.com>
---
runtest/hugetlb | 2 +
testcases/kernel/mem/.gitignore | 1 +
.../kernel/mem/hugetlb/hugemmap/hugemmap07.c | 106 ++++++++++++++++++
3 files changed, 109 insertions(+)
create mode 100644 testcases/kernel/mem/hugetlb/hugemmap/hugemmap07.c
diff --git a/runtest/hugetlb b/runtest/hugetlb
index f719217ab..ee02835d3 100644
--- a/runtest/hugetlb
+++ b/runtest/hugetlb
@@ -3,6 +3,8 @@ hugemmap02 hugemmap02
hugemmap04 hugemmap04
hugemmap05 hugemmap05
hugemmap06 hugemmap06
+hugemmap07 hugemmap07
+
hugemmap05_1 hugemmap05 -m
hugemmap05_2 hugemmap05 -s
hugemmap05_3 hugemmap05 -s -m
diff --git a/testcases/kernel/mem/.gitignore b/testcases/kernel/mem/.gitignore
index ff2910533..df5256ec8 100644
--- a/testcases/kernel/mem/.gitignore
+++ b/testcases/kernel/mem/.gitignore
@@ -4,6 +4,7 @@
/hugetlb/hugemmap/hugemmap04
/hugetlb/hugemmap/hugemmap05
/hugetlb/hugemmap/hugemmap06
+/hugetlb/hugemmap/hugemmap07
/hugetlb/hugeshmat/hugeshmat01
/hugetlb/hugeshmat/hugeshmat02
/hugetlb/hugeshmat/hugeshmat03
diff --git a/testcases/kernel/mem/hugetlb/hugemmap/hugemmap07.c b/testcases/kernel/mem/hugetlb/hugemmap/hugemmap07.c
new file mode 100644
index 000000000..798735ed0
--- /dev/null
+++ b/testcases/kernel/mem/hugetlb/hugemmap/hugemmap07.c
@@ -0,0 +1,106 @@
+/*
+ * License/Copyright Details
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <sys/mount.h>
+#include <limits.h>
+#include <sys/param.h>
+#include <sys/types.h>
+
+#include "tst_test.h"
+
+#define P0 "ffffffff"
+#define IOSZ 4096
+char buf[IOSZ] __attribute__((aligned(IOSZ)));
+static int fildes = -1, nfildes = -1;
+static char TEMPFILE[MAXPATHLEN];
+static char NTEMPFILE[MAXPATHLEN];
+
+void test_directio(void)
+{
+ long hpage_size;
+ void *p;
+ int ret;
+
+ hpage_size = SAFE_READ_MEMINFO("Hugepagesize:");
+
+ fildes = SAFE_OPEN(TEMPFILE, O_RDWR | O_CREAT, 0600);
+ nfildes = SAFE_OPEN(NTEMPFILE, O_CREAT|O_EXCL|O_RDWR|O_DIRECT, 0600);
+
+ p = mmap(NULL, hpage_size, PROT_READ|PROT_WRITE, MAP_PRIVATE, fildes, 0);
+ if (p == MAP_FAILED)
+ tst_brk(TFAIL | TERRNO, "mmap() Failed on %s", TEMPFILE);
+
+ memcpy(p, P0, 8);
+
+ /* Direct write from huge page */
+ ret = write(nfildes, p, IOSZ);
+ if (ret == -1)
+ tst_brk(TFAIL | TERRNO, "Direct-IO write from huge page");
+ if (ret != IOSZ)
+ tst_brk(TFAIL, "Short direct-IO write from huge page");
+ if (lseek(nfildes, 0, SEEK_SET) == -1)
+ tst_brk(TFAIL | TERRNO, "lseek");
+
+ /* Check for accuracy */
+ ret = read(nfildes, buf, IOSZ);
+ if (ret == -1)
+ tst_brk(TFAIL | TERRNO, "Direct-IO read to normal memory");
+ if (ret != IOSZ)
+ tst_brk(TFAIL, "Short direct-IO read to normal memory");
+ if (memcmp(P0, buf, 8))
+ tst_brk(TFAIL, "Memory mismatch after Direct-IO write");
+ if (lseek(nfildes, 0, SEEK_SET) == -1)
+ tst_brk(TFAIL | TERRNO, "lseek");
+
+ /* Direct read to huge page */
+ memset(p, 0, IOSZ);
+ ret = read(nfildes, p, IOSZ);
+ if (ret == -1)
+ tst_brk(TFAIL | TERRNO, "Direct-IO read to huge page");
+ if (ret != IOSZ)
+ tst_brk(TFAIL, "Short direct-IO read to huge page");
+
+ /* Check for accuracy */
+ if (memcmp(p, P0, 8))
+ tst_brk(TFAIL, "Memory mismatch after Direct-IO read");
+ tst_res(TPASS, "Successfully tested Hugepage Direct I/O");
+}
+
+void setup(void)
+{
+ if (tst_hugepages == 0)
+ tst_brk(TCONF, "Not enough hugepages for testing.");
+
+ if (!Hopt)
+ Hopt = tst_get_tmpdir();
+ SAFE_MOUNT("none", Hopt, "hugetlbfs", 0, NULL);
+
+ snprintf(TEMPFILE, sizeof(TEMPFILE), "%s/mmapfile%d", Hopt, getpid());
+ snprintf(NTEMPFILE, sizeof(NTEMPFILE), "%s/nmmapfile%d", "/home/", getpid());
+}
+
+void cleanup(void)
+{
+ close(fildes);
+ close(nfildes);
+ remove(TEMPFILE);
+ remove(NTEMPFILE);
+ umount2(Hopt, MNT_DETACH);
+}
+
+static struct tst_test test = {
+ .needs_root = 1,
+ .needs_tmpdir = 1,
+ .options = (struct tst_option[]) {
+ {"H:", &Hopt, "Location of hugetlbfs, i.e. -H /var/hugetlbfs"},
+ {"s:", &nr_opt, "Set the number of the been allocated hugepages"},
+ {}
+ },
+ .setup = setup,
+ .cleanup = cleanup,
+ .test_all = test_directio,
+ .hugepages = {2, TST_REQUEST},
+};
--
2.31.1
This patchset contains minor fixes and cleanups for DAMON including
- selftest for a bug we found before (Patch 1),
- fix of region holes in vaddr corner case and a kunit test for it
(Patches 2 and 3), and
- documents/Kconfig updates for title wordsmithing (Patch 4) and more
aggressive DAMON debugfs interface deprecation announcement
(Patches 5-7).
SeongJae Park (7):
selftest/damon: add a test for duplicate context dirs creation
mm/damon/core: avoid holes in newly set monitoring target ranges
mm/damon/core-test: test damon_set_regions
Docs/admin-guide/mm/damon: rename the title of the document
mm/damon/Kconfig: Notify debugfs deprecation plan
Docs/DAMON/start: mention the dependency as sysfs instead of debugfs
Docs/admin-guide/mm/damon/usage: note DAMON debugfs interface
deprecation plan
Documentation/admin-guide/mm/damon/index.rst | 6 ++---
Documentation/admin-guide/mm/damon/start.rst | 13 +++------
Documentation/admin-guide/mm/damon/usage.rst | 5 ++++
mm/damon/Kconfig | 3 +++
mm/damon/core-test.h | 23 ++++++++++++++++
mm/damon/core.c | 24 +++++++++++++++++
tools/testing/selftests/damon/Makefile | 1 +
.../debugfs_duplicate_context_creation.sh | 27 +++++++++++++++++++
8 files changed, 89 insertions(+), 13 deletions(-)
create mode 100644 tools/testing/selftests/damon/debugfs_duplicate_context_creation.sh
--
2.25.1
Hi All,
Intel's Trust Domain Extensions (TDX) protect guest VMs from malicious
hosts and some physical attacks. VM guest with TDX support is called
as a TDX Guest.
In TDX guest, attestation process is used to verify the TDX guest
trustworthiness to other entities before provisioning secrets to the
guest. For example, a key server may request for attestation before
releasing the encryption keys to mount the encrypted rootfs or
secondary drive.
This patch set adds attestation support for the TDX guest. Details
about the TDX attestation process and the steps involved are explained
in the commit log of Patch 1/3 or in Documentation/x86/tdx.rst (added
by patch 3/3).
Following are the details of the patch set:
Patch 1/3 -> Adds TDREPORT support.
Patch 2/3 -> Adds selftest support for TDREPORT feature.
Patch 3/3 -> Add attestation related documentation.
Commit log history is maintained in the individual patches.
Kuppuswamy Sathyanarayanan (3):
x86/tdx: Add TDX Guest attestation interface driver
selftests: tdx: Test TDX attestation GetReport support
Documentation/x86: Document TDX attestation process
Documentation/x86/tdx.rst | 75 +++++++++
arch/x86/coco/tdx/tdx.c | 112 +++++++++++++
arch/x86/include/uapi/asm/tdx.h | 54 ++++++
tools/arch/x86/include/uapi/asm/tdx.h | 54 ++++++
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/tdx/Makefile | 11 ++
tools/testing/selftests/tdx/config | 1 +
tools/testing/selftests/tdx/tdx_attest_test.c | 155 ++++++++++++++++++
8 files changed, 463 insertions(+)
create mode 100644 arch/x86/include/uapi/asm/tdx.h
create mode 100644 tools/arch/x86/include/uapi/asm/tdx.h
create mode 100644 tools/testing/selftests/tdx/Makefile
create mode 100644 tools/testing/selftests/tdx/config
create mode 100644 tools/testing/selftests/tdx/tdx_attest_test.c
--
2.34.1
Hi Linus,
Please pull the following KUnit fixes update for Linux 6.0-rc5.
This KUnit fixes update for Linux 6.0-rc5 consists of 2 fixes to test
build and a fix to incorrect taint reason reporting.
Please note that this update touches drivers/thunderbolt and drivers/virt
Kconfig files.
diff is attached.
thanks,
-- Shuah
----------------------------------------------------------------
The following changes since commit 41a55567b9e31cb852670684404654ec4fd0d8d6:
module: kunit: Load .kunit_test_suites section when CONFIG_KUNIT=m (2022-08-15 13:51:07 -0600)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-kunit-fixes-6.0-rc5
for you to fetch changes up to 2a2dfc869d3345ccdd91322b023f4b0da84acbe7:
tools: Add new "test" taint to kernel-chktaint (2022-09-07 14:51:12 -0600)
----------------------------------------------------------------
linux-kselftest-kunit-fixes-6.0-rc5
This KUnit fixes update for Linux 6.0-rc5 consists of 2 fixes to test
build and a fix to incorrect taint reason reporting.
----------------------------------------------------------------
Joe Fradley (1):
tools: Add new "test" taint to kernel-chktaint
Nico Pache (1):
kunit: fix Kconfig for build-in tests USB4 and Nitro Enclaves
Sander Vanheule (1):
kunit: fix assert_type for comparison macros
drivers/thunderbolt/Kconfig | 3 +--
drivers/virt/nitro_enclaves/Kconfig | 2 +-
include/kunit/test.h | 6 +++---
tools/debugging/kernel-chktaint | 9 +++++++++
4 files changed, 14 insertions(+), 6 deletions(-)
----------------------------------------------------------------
QUIC requires end to end encryption of the data. The application usually
prepares the data in clear text, encrypts and calls send() which implies
multiple copies of the data before the packets hit the networking stack.
Similar to kTLS, QUIC kernel offload of cryptography reduces the memory
pressure by reducing the number of copies.
The scope of kernel support is limited to the symmetric cryptography,
leaving the handshake to the user space library. For QUIC in particular,
the application packets that require symmetric cryptography are the 1RTT
packets with short headers. Kernel will encrypt the application packets
on transmission and decrypt on receive. This series implements Tx only,
because in QUIC server applications Tx outweighs Rx by orders of
magnitude.
Supporting the combination of QUIC and GSO requires the application to
correctly place the data and the kernel to correctly slice it. The
encryption process appends an arbitrary number of bytes (tag) to the end
of the message to authenticate it. The GSO value should include this
overhead, the offload would then subtract the tag size to parse the
input on Tx before chunking and encrypting it.
With the kernel cryptography, the buffer copy operation is conjoined
with the encryption operation. The memory bandwidth is reduced by 5-8%.
When devices supporting QUIC encryption in hardware come to the market,
we will be able to free further 7% of CPU utilization which is used
today for crypto operations.
Adel Abouchaev (6):
Documentation on QUIC kernel Tx crypto.
Define QUIC specific constants, control and data plane structures
Add UDP ULP operations, initialization and handling prototype
functions.
Implement QUIC offload functions
Add flow counters and Tx processing error counter
Add self tests for ULP operations, flow setup and crypto tests
Documentation/networking/index.rst | 1 +
Documentation/networking/quic.rst | 215 ++++
include/net/inet_sock.h | 2 +
include/net/netns/mib.h | 3 +
include/net/quic.h | 63 +
include/net/snmp.h | 6 +
include/net/udp.h | 33 +
include/uapi/linux/quic.h | 68 ++
include/uapi/linux/snmp.h | 9 +
include/uapi/linux/udp.h | 4 +
net/Kconfig | 1 +
net/Makefile | 1 +
net/ipv4/Makefile | 3 +-
net/ipv4/udp.c | 15 +
net/ipv4/udp_ulp.c | 192 +++
net/quic/Kconfig | 16 +
net/quic/Makefile | 8 +
net/quic/quic_main.c | 1533 ++++++++++++++++++++++++
net/quic/quic_proc.c | 45 +
security/security.c | 1 +
tools/testing/selftests/net/.gitignore | 1 +
tools/testing/selftests/net/Makefile | 3 +-
tools/testing/selftests/net/quic.c | 1369 +++++++++++++++++++++
tools/testing/selftests/net/quic.sh | 46 +
24 files changed, 3636 insertions(+), 2 deletions(-)
create mode 100644 Documentation/networking/quic.rst
create mode 100644 include/net/quic.h
create mode 100644 include/uapi/linux/quic.h
create mode 100644 net/ipv4/udp_ulp.c
create mode 100644 net/quic/Kconfig
create mode 100644 net/quic/Makefile
create mode 100644 net/quic/quic_main.c
create mode 100644 net/quic/quic_proc.c
create mode 100644 tools/testing/selftests/net/quic.c
create mode 100755 tools/testing/selftests/net/quic.sh
--
2.30.2
From: Vijay Dhanraj <vijay.dhanraj(a)intel.com>
Add a new test case which is same as augment_via_eaccept but adds a
larger number of EPC pages to stress test EAUG via EACCEPT.
Signed-off-by: Vijay Dhanraj <vijay.dhanraj(a)intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org>
---
v8:
- Specify dynamic heap size in side the test case.
v7:
- Contains now only the test case. Support for dynamic heap is
prepared in prepending patches.
v6:
- Address Reinette's feedback:
https://lore.kernel.org/linux-sgx/Yw6%2FiTzSdSw%2FY%2FVO@kernel.org/
v5:
- Add the klog dump and sysctl option to the commit message.
v4:
- Explain expectations for dirty_page_list in the function header, instead
of an inline comment.
- Improve commit message to explain the conditions better.
- Return the number of pages left dirty to ksgxd() and print warning after
the 2nd call, if there are any.
v3:
- Remove WARN_ON().
- Tuned comments and the commit message a bit.
v2:
- Replaced WARN_ON() with optional pr_info() inside
__sgx_sanitize_pages().
- Rewrote the commit message.
- Added the fixes tag.
---
tools/testing/selftests/sgx/main.c | 112 ++++++++++++++++++++++++++++-
1 file changed, 111 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c
index 78c3b913ce10..e596b45bc5f8 100644
--- a/tools/testing/selftests/sgx/main.c
+++ b/tools/testing/selftests/sgx/main.c
@@ -22,8 +22,10 @@
#include "main.h"
static const size_t ENCL_HEAP_SIZE_DEFAULT = PAGE_SIZE;
+static const unsigned long TIMEOUT_DEFAULT = 900;
static const uint64_t MAGIC = 0x1122334455667788ULL;
static const uint64_t MAGIC2 = 0x8877665544332211ULL;
+
vdso_sgx_enter_enclave_t vdso_sgx_enter_enclave;
/*
@@ -387,7 +389,7 @@ TEST_F(enclave, unclobbered_vdso_oversubscribed)
EXPECT_EQ(self->run.user_data, 0);
}
-TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900)
+TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, TIMEOUT_DEFAULT)
{
struct sgx_enclave_remove_pages remove_ioc;
struct sgx_enclave_modify_types modt_ioc;
@@ -1245,6 +1247,114 @@ TEST_F(enclave, augment_via_eaccept)
munmap(addr, PAGE_SIZE);
}
+/*
+ * Test for the addition of large number of pages to an initialized enclave via
+ * a pre-emptive run of EACCEPT on every page to be added.
+ */
+TEST_F_TIMEOUT(enclave, augment_via_eaccept_long, TIMEOUT_DEFAULT)
+{
+ /*
+ * The dynamic heap size was chosen based on a bug report:
+ * Message-ID:
+ * <DM8PR11MB55912A7F47A84EC9913A6352F6999(a)DM8PR11MB5591.namprd11.prod.outlook.com>
+ */
+ static const unsigned long DYNAMIC_HEAP_SIZE = 0x200000L * PAGE_SIZE;
+ struct encl_op_get_from_addr get_addr_op;
+ struct encl_op_put_to_addr put_addr_op;
+ struct encl_op_eaccept eaccept_op;
+ size_t total_size = 0;
+ unsigned long i;
+ void *addr;
+
+ if (!sgx2_supported())
+ SKIP(return, "SGX2 not supported");
+
+ ASSERT_TRUE(setup_test_encl_dynamic(ENCL_HEAP_SIZE_DEFAULT, DYNAMIC_HEAP_SIZE,
+ &self->encl, _metadata));
+
+ memset(&self->run, 0, sizeof(self->run));
+ self->run.tcs = self->encl.encl_base;
+
+ for (i = 0; i < self->encl.nr_segments; i++) {
+ struct encl_segment *seg = &self->encl.segment_tbl[i];
+
+ total_size += seg->size;
+ }
+
+ /*
+ * mmap() every page at end of existing enclave to be used for
+ * EDMM.
+ */
+ addr = mmap((void *)self->encl.encl_base + total_size, DYNAMIC_HEAP_SIZE,
+ PROT_READ | PROT_WRITE | PROT_EXEC, MAP_SHARED | MAP_FIXED,
+ self->encl.fd, 0);
+ EXPECT_NE(addr, MAP_FAILED);
+
+ self->run.exception_vector = 0;
+ self->run.exception_error_code = 0;
+ self->run.exception_addr = 0;
+
+ /*
+ * Run EACCEPT on every page to trigger the #PF->EAUG->EACCEPT(again
+ * without a #PF). All should be transparent to userspace.
+ */
+ eaccept_op.flags = SGX_SECINFO_R | SGX_SECINFO_W | SGX_SECINFO_REG | SGX_SECINFO_PENDING;
+ eaccept_op.ret = 0;
+ eaccept_op.header.type = ENCL_OP_EACCEPT;
+
+ for (i = 0; i < DYNAMIC_HEAP_SIZE; i += PAGE_SIZE) {
+ eaccept_op.epc_addr = (uint64_t)(addr + i);
+
+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0);
+ if (self->run.exception_vector == 14 &&
+ self->run.exception_error_code == 4 &&
+ self->run.exception_addr == self->encl.encl_base) {
+ munmap(addr, DYNAMIC_HEAP_SIZE);
+ SKIP(return, "Kernel does not support adding pages to initialized enclave");
+ }
+
+ EXPECT_EQ(self->run.exception_vector, 0);
+ EXPECT_EQ(self->run.exception_error_code, 0);
+ EXPECT_EQ(self->run.exception_addr, 0);
+ ASSERT_EQ(eaccept_op.ret, 0);
+ ASSERT_EQ(self->run.function, EEXIT);
+ }
+
+ /*
+ * Pool of pages were successfully added to enclave. Perform sanity
+ * check on first page of the pool only to ensure data can be written
+ * to and read from a dynamically added enclave page.
+ */
+ put_addr_op.value = MAGIC;
+ put_addr_op.addr = (unsigned long)addr;
+ put_addr_op.header.type = ENCL_OP_PUT_TO_ADDRESS;
+
+ EXPECT_EQ(ENCL_CALL(&put_addr_op, &self->run, true), 0);
+
+ EXPECT_EEXIT(&self->run);
+ EXPECT_EQ(self->run.exception_vector, 0);
+ EXPECT_EQ(self->run.exception_error_code, 0);
+ EXPECT_EQ(self->run.exception_addr, 0);
+
+ /*
+ * Read memory from newly added page that was just written to,
+ * confirming that data previously written (MAGIC) is present.
+ */
+ get_addr_op.value = 0;
+ get_addr_op.addr = (unsigned long)addr;
+ get_addr_op.header.type = ENCL_OP_GET_FROM_ADDRESS;
+
+ EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0);
+
+ EXPECT_EQ(get_addr_op.value, MAGIC);
+ EXPECT_EEXIT(&self->run);
+ EXPECT_EQ(self->run.exception_vector, 0);
+ EXPECT_EQ(self->run.exception_error_code, 0);
+ EXPECT_EQ(self->run.exception_addr, 0);
+
+ munmap(addr, DYNAMIC_HEAP_SIZE);
+}
+
/*
* SGX2 page type modification test in two phases:
* Phase 1:
--
2.37.2
From: Roberto Sassu <roberto.sassu(a)huawei.com>
Add a missing fd modes check in map iterators, potentially causing
unauthorized map writes by eBPF programs attached to the iterator. Use this
patch set as an opportunity to start a discussion with the cgroup
developers about whether a security check is missing or not for their
iterator.
Also, extend libbpf with the _opts variant of bpf_*_get_fd_by_id(). Only
bpf_map_get_fd_by_id_opts() is really useful in this patch set, to ensure
that the creation of a map iterator fails with a read-only fd.
Add all variants in this patch set for symmetry with
bpf_map_get_fd_by_id_opts(), and because all the variants share the same
opts structure. Also, add all the variants here, to shrink the patch set
fixing map permissions requested by bpftool, so that the remaining patches
are only about the latter.
Finally, extend the bpf_iter test with the read-only fd check, and test
each _opts variant of bpf_*_get_fd_by_id().
Roberto Sassu (7):
bpf: Add missing fd modes check for map iterators
libbpf: Define bpf_get_fd_opts and introduce
bpf_map_get_fd_by_id_opts()
libbpf: Introduce bpf_prog_get_fd_by_id_opts()
libbpf: Introduce bpf_btf_get_fd_by_id_opts()
libbpf: Introduce bpf_link_get_fd_by_id_opts()
selftests/bpf: Ensure fd modes are checked for map iters and destroy
links
selftests/bpf: Add tests for _opts variants of libbpf
include/linux/bpf.h | 2 +-
kernel/bpf/inode.c | 2 +-
kernel/bpf/map_iter.c | 3 +-
kernel/bpf/syscall.c | 8 +-
net/core/bpf_sk_storage.c | 3 +-
net/core/sock_map.c | 3 +-
tools/lib/bpf/bpf.c | 47 +++++-
tools/lib/bpf/bpf.h | 16 ++
tools/lib/bpf/libbpf.map | 10 +-
tools/lib/bpf/libbpf_version.h | 2 +-
.../selftests/bpf/prog_tests/bpf_iter.c | 34 +++-
.../bpf/prog_tests/libbpf_get_fd_opts.c | 145 ++++++++++++++++++
.../bpf/progs/test_libbpf_get_fd_opts.c | 49 ++++++
13 files changed, 309 insertions(+), 15 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/libbpf_get_fd_opts.c
create mode 100644 tools/testing/selftests/bpf/progs/test_libbpf_get_fd_opts.c
--
2.25.1
Delete the redundant word 'in'.
Signed-off-by: wangjianli <wangjianli(a)cdjrlc.com>
---
tools/testing/selftests/cgroup/test_freezer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/cgroup/test_freezer.c b/tools/testing/selftests/cgroup/test_freezer.c
index ff519029f6f4..b479434e87b7 100644
--- a/tools/testing/selftests/cgroup/test_freezer.c
+++ b/tools/testing/selftests/cgroup/test_freezer.c
@@ -740,7 +740,7 @@ static int test_cgfreezer_ptraced(const char *root)
/*
* cg_check_frozen(cgroup, true) will fail here,
- * because the task in in the TRACEd state.
+ * because the task in the TRACEd state.
*/
if (cg_freeze_wait(cgroup, false))
goto cleanup;
--
2.36.1
1. Correct log info
2. Replace exit with return to make the test exit gracefully
3. Delete fault injection related code
4. Reserve one cpu online when the test offline all cpus
5. Add log info when run full test successfully
Changes in v3:
- Remove config file for patch 2
- Update information of cover letter
Changes in v2:
- Update change log of patch 2
- Update exiting value to avoid incorrect report for patch 2
- Keep online_cpu_expect_fail() and offline_cpu_expect_fail() for
patch 3
Zhao Gongyi (5):
selftests/cpu-hotplug: Correct log info
selftests/cpu-hotplug: Use return instead of exit
selftests/cpu-hotplug: Delete fault injection related code
selftests/cpu-hotplug: Reserve one cpu online at least
selftests/cpu-hotplug: Add log info when test success
tools/testing/selftests/cpu-hotplug/Makefile | 2 +-
tools/testing/selftests/cpu-hotplug/config | 1 -
.../selftests/cpu-hotplug/cpu-on-off-test.sh | 140 +++++-------------
3 files changed, 37 insertions(+), 106 deletions(-)
delete mode 100644 tools/testing/selftests/cpu-hotplug/config
--
2.17.1
Hi,
well, given that the HID changes haven't moved a lot in the past
revisions and that I am cc-ing a bunch of people, I have dropped them
while we focus on the last 2 requirements in bpf-core changes.
I'll submit a HID targeted series when we get these in tree, which
would make things a lore more independent.
For reference, the whole reasons for these 2 main changes are at
https://lore.kernel.org/bpf/20220902132938.2409206-1-benjamin.tissoires@red…
Compared to v10 (in addition of dropping the HID changes), I have
changed the selftests so we can test both light skeletons and libbbpf
calls.
Cheers,
Benjamin
Benjamin Tissoires (7):
selftests/bpf: regroup and declare similar kfuncs selftests in an
array
bpf: split btf_check_subprog_arg_match in two
bpf/verifier: allow all functions to read user provided context
selftests/bpf: add test for accessing ctx from syscall program type
bpf/btf: bump BTF_KFUNC_SET_MAX_CNT
bpf/verifier: allow kfunc to return an allocated mem
selftests/bpf: Add tests for kfunc returning a memory pointer
include/linux/bpf.h | 11 +-
include/linux/bpf_verifier.h | 2 +
include/linux/btf.h | 10 +
kernel/bpf/btf.c | 149 ++++++++++--
kernel/bpf/verifier.c | 66 +++--
net/bpf/test_run.c | 37 +++
tools/testing/selftests/bpf/Makefile | 5 +-
.../selftests/bpf/prog_tests/kfunc_call.c | 227 ++++++++++++++++--
.../selftests/bpf/progs/kfunc_call_fail.c | 160 ++++++++++++
.../selftests/bpf/progs/kfunc_call_test.c | 71 ++++++
10 files changed, 678 insertions(+), 60 deletions(-)
create mode 100644 tools/testing/selftests/bpf/progs/kfunc_call_fail.c
--
2.36.1
QUIC requires end to end encryption of the data. The application usually
prepares the data in clear text, encrypts and calls send() which implies
multiple copies of the data before the packets hit the networking stack.
Similar to kTLS, QUIC kernel offload of cryptography reduces the memory
pressure by reducing the number of copies.
The scope of kernel support is limited to the symmetric cryptography,
leaving the handshake to the user space library. For QUIC in particular,
the application packets that require symmetric cryptography are the 1RTT
packets with short headers. Kernel will encrypt the application packets
on transmission and decrypt on receive. This series implements Tx only,
because in QUIC server applications Tx outweighs Rx by orders of
magnitude.
Supporting the combination of QUIC and GSO requires the application to
correctly place the data and the kernel to correctly slice it. The
encryption process appends an arbitrary number of bytes (tag) to the end
of the message to authenticate it. The GSO value should include this
overhead, the offload would then subtract the tag size to parse the
input on Tx before chunking and encrypting it.
With the kernel cryptography, the buffer copy operation is conjoined
with the encryption operation. The memory bandwidth is reduced by 5-8%.
When devices supporting QUIC encryption in hardware come to the market,
we will be able to free further 7% of CPU utilization which is used
today for crypto operations.
Adel Abouchaev (6):
Documentation on QUIC kernel Tx crypto.
Define QUIC specific constants, control and data plane structures
Add UDP ULP operations, initialization and handling prototype
functions.
Implement QUIC offload functions
Add flow counters and Tx processing error counter
Add self tests for ULP operations, flow setup and crypto tests
Documentation/networking/index.rst | 1 +
Documentation/networking/quic.rst | 211 ++++
include/net/inet_sock.h | 2 +
include/net/netns/mib.h | 3 +
include/net/quic.h | 63 +
include/net/snmp.h | 6 +
include/net/udp.h | 33 +
include/uapi/linux/quic.h | 66 +
include/uapi/linux/snmp.h | 9 +
include/uapi/linux/udp.h | 4 +
net/Kconfig | 1 +
net/Makefile | 1 +
net/ipv4/Makefile | 3 +-
net/ipv4/udp.c | 15 +
net/ipv4/udp_ulp.c | 192 +++
net/quic/Kconfig | 16 +
net/quic/Makefile | 8 +
net/quic/quic_main.c | 1533 ++++++++++++++++++++++++
net/quic/quic_proc.c | 45 +
tools/testing/selftests/net/.gitignore | 1 +
tools/testing/selftests/net/Makefile | 3 +-
tools/testing/selftests/net/quic.c | 1370 +++++++++++++++++++++
tools/testing/selftests/net/quic.sh | 46 +
23 files changed, 3630 insertions(+), 2 deletions(-)
create mode 100644 Documentation/networking/quic.rst
create mode 100644 include/net/quic.h
create mode 100644 include/uapi/linux/quic.h
create mode 100644 net/ipv4/udp_ulp.c
create mode 100644 net/quic/Kconfig
create mode 100644 net/quic/Makefile
create mode 100644 net/quic/quic_main.c
create mode 100644 net/quic/quic_proc.c
create mode 100644 tools/testing/selftests/net/quic.c
create mode 100755 tools/testing/selftests/net/quic.sh
--
2.30.2
From: Roberto Sassu <roberto.sassu(a)huawei.com>
One of the desirable features in security is the ability to restrict import
of data to a given system based on data authenticity. If data import can be
restricted, it would be possible to enforce a system-wide policy based on
the signing keys the system owner trusts.
This feature is widely used in the kernel. For example, if the restriction
is enabled, kernel modules can be plugged in only if they are signed with a
key whose public part is in the primary or secondary keyring.
For eBPF, it can be useful as well. For example, it might be useful to
authenticate data an eBPF program makes security decisions on.
After a discussion in the eBPF mailing list, it was decided that the stated
goal should be accomplished by introducing four new kfuncs:
bpf_lookup_user_key() and bpf_lookup_system_key(), for retrieving a keyring
with keys trusted for signature verification, respectively from its serial
and from a pre-determined ID; bpf_key_put(), to release the reference
obtained with the former two kfuncs, bpf_verify_pkcs7_signature(), for
verifying PKCS#7 signatures.
Other than the key serial, bpf_lookup_user_key() also accepts key lookup
flags, that influence the behavior of the lookup. bpf_lookup_system_key()
accepts pre-determined IDs defined in include/linux/verification.h.
bpf_key_put() accepts the new bpf_key structure, introduced to tell whether
the other structure member, a key pointer, is valid or not. The reason is
that verify_pkcs7_signature() also accepts invalid pointers, set with the
pre-determined ID, to select a system-defined keyring. key_put() must be
called only for valid key pointers.
Since the two key lookup functions allocate memory and one increments a key
reference count, they must be used in conjunction with bpf_key_put(). The
latter must be called only if the lookup functions returned a non-NULL
pointer. The verifier denies the execution of eBPF programs that don't
respect this rule.
The two key lookup functions should be used in alternative, depending on
the use case. While bpf_lookup_user_key() provides great flexibility, it
seems suboptimal in terms of security guarantees, as even if the eBPF
program is assumed to be trusted, the serial used to obtain the key pointer
might come from untrusted user space not choosing one that the system
administrator approves to enforce a mandatory policy.
bpf_lookup_system_key() instead provides much stronger guarantees,
especially if the pre-determined ID is not passed by user space but is
hardcoded in the eBPF program, and that program is signed. In this case,
bpf_verify_pkcs7_signature() will always perform signature verification
with a key that the system administrator approves, i.e. the primary,
secondary or platform keyring.
Nevertheless, key permission checks need to be done accurately. Since
bpf_lookup_user_key() cannot determine how a key will be used by other
kfuncs, it has to defer the permission check to the actual kfunc using the
key. It does it by calling lookup_user_key() with KEY_DEFER_PERM_CHECK as
needed permission. Later, bpf_verify_pkcs7_signature(), if called,
completes the permission check by calling key_validate(). It does not need
to call key_task_permission() with permission KEY_NEED_SEARCH, as it is
already done elsewhere by the key subsystem. Future kfuncs using the
bpf_key structure need to implement the proper checks as well.
Finally, the last kfunc, bpf_verify_pkcs7_signature(), accepts the data and
signature to verify as eBPF dynamic pointers, to minimize the number of
kfunc parameters, and the keyring with keys for signature verification as a
bpf_key structure, returned by one of the two key lookup functions.
bpf_lookup_user_key() and bpf_verify_pkcs7_signature() can be called only
from sleepable programs, because of memory allocation and crypto
operations. For example, the lsm.s/bpf attach point is suitable,
fexit/array_map_update_elem is not.
The correctness of implementation of the new kfuncs and of their usage is
checked with the introduced tests.
The patch set includes a patch from another author (dependency) for sake of
completeness. It is organized as follows.
Patch 1 from KP Singh allows kfuncs to be used by LSM programs. Patch 2
splits is_dynptr_reg_valid_init() and introduces is_dynptr_type_expected(),
to know more precisely the cause of a negative result of a dynamic pointer
check. Patch 3 allows dynamic pointers to be used as kfunc parameters.
Patch 4 exports bpf_dynptr_get_size(), to obtain the real size of data
carried by a dynamic pointer. Patch 5 makes available for new eBPF kfuncs
and programs some key-related definitions. Patch 6 introduces the
bpf_lookup_*_key() and bpf_key_put() kfuncs. Patch 7 introduces the
bpf_verify_pkcs7_signature() kfunc. Patch 8 changes the testing kernel
configuration to compile everything as built-in. Finally, patches 9-12
introduce the tests.
Changelog
v15:
- Add kfunc_dynptr_param test to deny list for s390x
v14:
- Explain that is_dynptr_type_expected() will be useful also for BTF
(suggested by Joanne)
- Rename KEY_LOOKUP_FLAGS_ALL to KEY_LOOKUP_ALL (suggested by Jarkko)
- Swap declaration of spi and dynptr_type in is_dynptr_type_expected()
(suggested by Joanne)
- Reimplement kfunc dynptr tests with a regular eBPF program instead of
executing them with test_verifier (suggested by Joanne)
- Make key lookup flags as enum so that they are automatically exported
through BTF (suggested by Alexei)
v13:
- Split is_dynptr_reg_valid_init() and introduce is_dynptr_type_expected()
to see if the dynamic pointer type passed as argument to a kfunc is
supported (suggested by Kumar)
- Add forward declaration of struct key in include/linux/bpf.h (suggested
by Song)
- Declare mask for key lookup flags, remove key_lookup_flags_check()
(suggested by Jarkko and KP)
- Allow only certain dynamic pointer types (currently, local) to be passed
as argument to kfuncs (suggested by Kumar)
- For each dynamic pointer parameter in kfunc, additionally check if the
passed pointer is to the stack (suggested by Kumar)
- Split the validity/initialization and dynamic pointer type check also in
the verifier, and adjust the expected error message in the test (a test
for an unexpected dynptr type passed to a helper cannot be added due to
missing suitable helpers, but this case has been tested manually)
- Add verifier tests to check the dynamic pointers passed as argument to
kfuncs (suggested by Kumar)
v12:
- Put lookup_key and verify_pkcs7_sig tests in deny list for s390x (JIT
does not support calling kernel function)
v11:
- Move stringify_struct() macro to include/linux/btf.h (suggested by
Daniel)
- Change kernel configuration options in
tools/testing/selftests/bpf/config* from =m to =y
v10:
- Introduce key_lookup_flags_check() and system_keyring_id_check() inline
functions to check parameters (suggested by KP)
- Fix descriptions and comment of key-related kfuncs (suggested by KP)
- Register kfunc set only once (suggested by Alexei)
- Move needed kernel options to the architecture-independent configuration
for testing
v9:
- Drop patch to introduce KF_SLEEPABLE kfunc flag (already merged)
- Rename valid_ptr member of bpf_key to has_ref (suggested by Daniel)
- Check dynamic pointers in kfunc definition with bpf_dynptr_kern struct
definition instead of string, to detect structure renames (suggested by
Daniel)
- Explicitly say that we permit initialized dynamic pointers in kfunc
definition (suggested by Daniel)
- Remove noinline __weak from kfuncs definition (reported by Daniel)
- Simplify key lookup flags check in bpf_lookup_user_key() (suggested by
Daniel)
- Explain the reason for deferring key permission check (suggested by
Daniel)
- Allocate memory with GFP_ATOMIC in bpf_lookup_system_key(), and remove
KF_SLEEPABLE kfunc flag from kfunc declaration (suggested by Daniel)
- Define only one kfunc set and remove the loop for registration
(suggested by Alexei)
v8:
- Define the new bpf_key structure to carry the key pointer and whether
that pointer is valid or not (suggested by Daniel)
- Drop patch to mark a kfunc parameter with the __maybe_null suffix
- Improve documentation of kfuncs
- Introduce bpf_lookup_system_key() to obtain a key pointer suitable for
verify_pkcs7_signature() (suggested by Daniel)
- Use the new kfunc registration API
- Drop patch to test the __maybe_null suffix
- Add tests for bpf_lookup_system_key()
v7:
- Add support for using dynamic and NULL pointers in kfunc (suggested by
Alexei)
- Add new kfunc-related tests
v6:
- Switch back to key lookup helpers + signature verification (until v5),
and defer permission check from bpf_lookup_user_key() to
bpf_verify_pkcs7_signature()
- Add additional key lookup test to illustrate the usage of the
KEY_LOOKUP_CREATE flag and validate the flags (suggested by Daniel)
- Make description of flags of bpf_lookup_user_key() more user-friendly
(suggested by Daniel)
- Fix validation of flags parameter in bpf_lookup_user_key() (reported by
Daniel)
- Rename bpf_verify_pkcs7_signature() keyring-related parameters to
user_keyring and system_keyring to make their purpose more clear
- Accept keyring-related parameters of bpf_verify_pkcs7_signature() as
alternatives (suggested by KP)
- Replace unsigned long type with u64 in helper declaration (suggested by
Daniel)
- Extend the bpf_verify_pkcs7_signature() test by calling the helper
without data, by ensuring that the helper enforces the keyring-related
parameters as alternatives, by ensuring that the helper rejects
inaccessible and expired keyrings, and by checking all system keyrings
- Move bpf_lookup_user_key() and bpf_key_put() usage tests to
ref_tracking.c (suggested by John)
- Call bpf_lookup_user_key() and bpf_key_put() only in sleepable programs
v5:
- Move KEY_LOOKUP_ to include/linux/key.h
for validation of bpf_verify_pkcs7_signature() parameter
- Remove bpf_lookup_user_key() and bpf_key_put() helpers, and the
corresponding tests
- Replace struct key parameter of bpf_verify_pkcs7_signature() with the
keyring serial and lookup flags
- Call lookup_user_key() and key_put() in bpf_verify_pkcs7_signature()
code, to ensure that the retrieved key is used according to the
permission requested at lookup time
- Clarified keyring precedence in the description of
bpf_verify_pkcs7_signature() (suggested by John)
- Remove newline in the second argument of ASSERT_
- Fix helper prototype regular expression in bpf_doc.py
v4:
- Remove bpf_request_key_by_id(), don't return an invalid pointer that
other helpers can use
- Pass the keyring ID (without ULONG_MAX, suggested by Alexei) to
bpf_verify_pkcs7_signature()
- Introduce bpf_lookup_user_key() and bpf_key_put() helpers (suggested by
Alexei)
- Add lookup_key_norelease test, to ensure that the verifier blocks eBPF
programs which don't decrement the key reference count
- Parse raw PKCS#7 signature instead of module-style signature in the
verify_pkcs7_signature test (suggested by Alexei)
- Parse kernel module in user space and pass raw PKCS#7 signature to the
eBPF program for signature verification
v3:
- Rename bpf_verify_signature() back to bpf_verify_pkcs7_signature() to
avoid managing different parameters for each signature verification
function in one helper (suggested by Daniel)
- Use dynamic pointers and export bpf_dynptr_get_size() (suggested by
Alexei)
- Introduce bpf_request_key_by_id() to give more flexibility to the caller
of bpf_verify_pkcs7_signature() to retrieve the appropriate keyring
(suggested by Alexei)
- Fix test by reordering the gcc command line, always compile sign-file
- Improve helper support check mechanism in the test
v2:
- Rename bpf_verify_pkcs7_signature() to a more generic
bpf_verify_signature() and pass the signature type (suggested by KP)
- Move the helper and prototype declaration under #ifdef so that user
space can probe for support for the helper (suggested by Daniel)
- Describe better the keyring types (suggested by Daniel)
- Include linux/bpf.h instead of vmlinux.h to avoid implicit or
redeclaration
- Make the test selfcontained (suggested by Alexei)
v1:
- Don't define new map flag but introduce simple wrapper of
verify_pkcs7_signature() (suggested by Alexei and KP)
KP Singh (1):
bpf: Allow kfuncs to be used in LSM programs
Roberto Sassu (11):
bpf: Move dynptr type check to is_dynptr_type_expected()
btf: Allow dynamic pointer parameters in kfuncs
bpf: Export bpf_dynptr_get_size()
KEYS: Move KEY_LOOKUP_ to include/linux/key.h and define
KEY_LOOKUP_ALL
bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs
bpf: Add bpf_verify_pkcs7_signature() kfunc
selftests/bpf: Compile kernel with everything as built-in
selftests/bpf: Add verifier tests for bpf_lookup_*_key() and
bpf_key_put()
selftests/bpf: Add additional tests for bpf_lookup_*_key()
selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc
selftests/bpf: Add tests for dynamic pointers parameters in kfuncs
include/linux/bpf.h | 9 +
include/linux/bpf_verifier.h | 5 +
include/linux/btf.h | 9 +
include/linux/key.h | 6 +
include/linux/verification.h | 8 +
kernel/bpf/btf.c | 34 ++
kernel/bpf/helpers.c | 2 +-
kernel/bpf/verifier.c | 35 +-
kernel/trace/bpf_trace.c | 180 ++++++++
security/keys/internal.h | 2 -
tools/testing/selftests/bpf/DENYLIST.s390x | 3 +
tools/testing/selftests/bpf/Makefile | 14 +-
tools/testing/selftests/bpf/config | 32 +-
tools/testing/selftests/bpf/config.x86_64 | 7 +-
.../testing/selftests/bpf/prog_tests/dynptr.c | 2 +-
.../bpf/prog_tests/kfunc_dynptr_param.c | 103 +++++
.../selftests/bpf/prog_tests/lookup_key.c | 112 +++++
.../bpf/prog_tests/verify_pkcs7_sig.c | 399 ++++++++++++++++++
.../bpf/progs/test_kfunc_dynptr_param.c | 57 +++
.../selftests/bpf/progs/test_lookup_key.c | 46 ++
.../bpf/progs/test_verify_pkcs7_sig.c | 100 +++++
tools/testing/selftests/bpf/test_verifier.c | 3 +-
.../selftests/bpf/verifier/ref_tracking.c | 139 ++++++
.../testing/selftests/bpf/verify_sig_setup.sh | 104 +++++
24 files changed, 1376 insertions(+), 35 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/kfunc_dynptr_param.c
create mode 100644 tools/testing/selftests/bpf/prog_tests/lookup_key.c
create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
create mode 100644 tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
create mode 100644 tools/testing/selftests/bpf/progs/test_lookup_key.c
create mode 100644 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
create mode 100755 tools/testing/selftests/bpf/verify_sig_setup.sh
--
2.25.1
The fix for commit e923b0537d28 ("KVM: selftests: Fix target thread to be migrated in rseq_test")
added a call to gettid() which was only added to glibc-2.30 and fails to
compile with older glibc versions.
rseq_test.c: In function 'main':
rseq_test.c:230:33: warning: implicit declaration of function 'gettid'; did you mean 'getgid'? [-Wimplicit-function-declaration]
(void *)(unsigned long)gettid());
^~~~~~
getgid
Switch the call to syscall(SYS_gettid) which was the original advice in the
gettid(2) NOTES section and which works with both new and older glibc versions.
Fixes: e923b0537d28 ("KVM: selftests: Fix target thread to be migrated in rseq_test")
Cc: stable(a)vger.kernel.org # v5.15
Signed-off-by: Liam Merwick <liam.merwick(a)oracle.com>
---
Verified with glibc-2.28 and glibc-2.34 and ensured test case from e923b0537d28 still passes.
tools/testing/selftests/kvm/rseq_test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/kvm/rseq_test.c b/tools/testing/selftests/kvm/rseq_test.c
index fac248a43666..6f88da7e60be 100644
--- a/tools/testing/selftests/kvm/rseq_test.c
+++ b/tools/testing/selftests/kvm/rseq_test.c
@@ -227,7 +227,7 @@ int main(int argc, char *argv[])
ucall_init(vm, NULL);
pthread_create(&migration_thread, NULL, migration_worker,
- (void *)(unsigned long)gettid());
+ (void *)(unsigned long)syscall(SYS_gettid));
for (i = 0; !done; i++) {
vcpu_run(vcpu);
--
2.31.1
ATTENTION
BUSINESS PARTNER,
I AM LUMAR CASEY WORKING WITH AN INSURANCE FINANCIAL INSTITUTE, WITH
MY POSITION AND PRIVILEGES I WAS ABLE TO SOURCE OUT AN OVER DUE
PAYMENT OF 12.8 MILLION POUNDS THAT IS NOW SECURED WITH A SHIPPING
DIPLOMATIC OUTLET.
I AM SEEKING YOUR PARTNERSHIP TO RECEIVE THIS CONSIGNMENT AS AS MY
PARTNER TO INVEST THIS FUND INTO A PROSPEROUS INVESTMENT VENTURE IN
YOUR COUNTRY.
I AWAIT YOUR REPLY TO ENABLE US PROCEED WITH THIS BUSINESS PARTNERSHIP TOGETHER.
REGARDS,
LUMAR CASEY
On Wed, Sep 07, 2022 at 01:42:16PM +0800, kernel test robot wrote:
Hi!
>
> Hi Kees Cook,
>
> the patch "[PATCH 1/2] fortify: Add run-time WARN for cross-field memcpy()"
> raises a persistent WARNING as below report in our tests.
>
> according to commit message, we understand this is kind of expected. but
> we don't have enough knowledge if it reveals a real issue in kernel source
> code and what the next step could be.
>
> so we still report FYI.
>
> if you think it's unnecessary for us to make out this kind of report, please
> let us know. we will consider how to refine our report rules. Thanks a lot!
>
> below is the full report.
It seems that the idea is to continue reporting these warnings, as they
help us identify the places that need to be audited and determine how to
refactor the code (in case it's a false positive), or how to properly fix
it (in case it's an actual bug).
In this case, it seems that the issue was already addressed by this patch:
https://lore.kernel.org/linux-hardening/20220903043749.3102675-1-keescook@c…
Thanks
--
Gustavo
¿Necesita un préstamo?
Ofrecemos todo tipo de préstamos al 3%, envíenos un correo electrónico ahora si está interesado para obtener más información. solo a través de este correo electrónico: suntrustinvestmentloans(a)gmail.com
Hi, Reinette, thanks for your great contribution for EDMM Linux kernel patch. I am trying to follow the newest patch now, and I have some questions on it.
It seems that `sgx_enclave_restrict_permissions()` is able to do permission restrictions for multiple enclave’s pages. After driver invokes ENCLS[EMODPR] to restrict the page’s permission, it should then invoke ENCLS[ETRACK] and send IPIs to ensure stale TLB entries have been flushed. Only in this way, ENCLU[EACCEPT] inside enclave can only succeed.
Current implementation invokes `sgx_enclave_etrack(encl)` after every `__emodpr(…)` in the for loop. My question is:
Can we move the `sgx_enclave_etrack(encl)` out of the for loop? After doing so, `sgx_enclave_etrack(encl)` is invoked **one** time for multiple enclave pages’ permission restriction, instead of N times (N = `modp -> length / PAGE_SIZE`). We may gain some performance optimization from it.
Please correct my if my understanding is incorrect. Looking forward to your reply and Thanks for your time!
BR,
Bojun
Currently our SVE syscall ABI documentation does not reflect the actual
implemented ABI, it says that register state not shared with FPSIMD
becomes undefined on syscall when in reality we always clear it. Since
changing this would cause a change in the observed kernel behaviour
there is a substantial desire to avoid taking advantage of the
documented ABI so instead let's document what we actually do so it's
clear that it is in reality an ABI.
There has been some pushback on tightening the documentation in the past
but it is hard to see who that helps, it makes the implementation
decisions less clear and makes it harder for people to discover and make
use of the actual ABI. The main practical concern is that qemu's user
mode does not currently flush the registers.
v3:
- Rebase onto v6.0-rc3.
v2:
- Rebase onto v6.0-rc1.
Mark Brown (3):
kselftest/arm64: Correct buffer allocation for SVE Z registers
arm64/sve: Document our actual ABI for clearing registers on syscall
kselftest/arm64: Enforce actual ABI for SVE syscalls
Documentation/arm64/sve.rst | 2 +-
.../testing/selftests/arm64/abi/syscall-abi.c | 61 ++++++++++++-------
2 files changed, 41 insertions(+), 22 deletions(-)
base-commit: b90cb1053190353cc30f0fef0ef1f378ccc063c5
--
2.30.2
This series has a few small enhancements for the existing standalone
floating point stress tests and then builds on those with a kselftest
integrated program which gives those a very quick spin from within
kselftest, as well as having an option to set a custom timeout to allow
for use with longer soak testing. This makes it much easier to get
thorough testing of the floating point state management logic, rather
than requiring custom setup for coverage of the various vector lengths
in the system as is needed at present.
It might be nice in future to extend this to attach to some or all of
the test programs with ptrace and read/write their registers as another
means of potentially triggering race conditions or corruption but that's
definitely another step.
v2:
- Rebase onto v6.0-rc3.
- Announce the results of enumeration before we start everything.
Mark Brown (4):
kselftest/arm64: Always encourage preemption for za-test
kselftest/arm64: Count SIGUSR2 deliveries in FP stress tests
kselftest/arm64: Install signal handlers before output in FP stress
tests
kselftest/arm64: kselftest harness for FP stress tests
tools/testing/selftests/arm64/fp/.gitignore | 1 +
tools/testing/selftests/arm64/fp/Makefile | 5 +-
.../testing/selftests/arm64/fp/asm-offsets.h | 1 +
tools/testing/selftests/arm64/fp/fp-stress.c | 535 ++++++++++++++++++
.../testing/selftests/arm64/fp/fpsimd-test.S | 51 +-
tools/testing/selftests/arm64/fp/sve-test.S | 51 +-
tools/testing/selftests/arm64/fp/za-test.S | 58 +-
7 files changed, 641 insertions(+), 61 deletions(-)
create mode 100644 tools/testing/selftests/arm64/fp/fp-stress.c
base-commit: b90cb1053190353cc30f0fef0ef1f378ccc063c5
--
2.30.2
These patches improve the coverage of ZA signal contexts a bit, adding
some validation that the actual data is correct and covering the case
where ZA is not enabled.
v2:
- Rebase onto v6.0-rc3.
Mark Brown (2):
kselftest/arm64: Tighten up validation of ZA signal context
kselftest/arm64: Add a test for signal frames with ZA disabled
.../arm64/signal/testcases/za_no_regs.c | 119 ++++++++++++++++++
.../arm64/signal/testcases/za_regs.c | 16 ++-
2 files changed, 134 insertions(+), 1 deletion(-)
create mode 100644 tools/testing/selftests/arm64/signal/testcases/za_no_regs.c
base-commit: b90cb1053190353cc30f0fef0ef1f378ccc063c5
--
2.30.2
The arm64 architecture originally made the signal context a fixed size
structure containing a linked list of records with the various kinds of
register and other state which may be present. When SVE was implemented
it was realised that it supported implementations with more state than
could fit in that structure so a new record type EXTRA_CONTEXT was
introduced allowing the signal context to be extended beyond the
original size. Unfortunately the signal handling tests can not cope with
these EXTRA_CONTEXT records at all - some support was implemented but it
simply never worked.
v2:
- Rebase onto v6.0-rc3
Mark Brown (10):
kselftest/arm64: Enumerate SME rather than SVE vector lengths for
za_regs
kselftest/arm64: Validate signal ucontext in place
kselftest/arm64: Fix validatation termination record after
EXTRA_CONTEXT
kselftest/arm64: Fix validation of EXTRA_CONTEXT signal context
location
kselftest/arm64: Remove unneeded protype for validate_extra_context()
kselftest/arm64: Only validate each signal context once
kselftest/arm64: Validate contents of EXTRA_CONTEXT blocks
kselftest/arm64: Preserve any EXTRA_CONTEXT in handle_signal_copyctx()
kselftest/arm64: Allow larger buffers in get_signal_context()
kselftest/arm64: Include larger SVE and SME VLs in signal tests
.../arm64/signal/test_signals_utils.c | 59 +++++++++++++++++--
.../arm64/signal/test_signals_utils.h | 5 +-
.../testcases/fake_sigreturn_bad_magic.c | 2 +-
.../testcases/fake_sigreturn_bad_size.c | 2 +-
.../fake_sigreturn_bad_size_for_magic0.c | 2 +-
.../fake_sigreturn_duplicated_fpsimd.c | 2 +-
.../testcases/fake_sigreturn_misaligned_sp.c | 2 +-
.../testcases/fake_sigreturn_missing_fpsimd.c | 2 +-
.../testcases/fake_sigreturn_sme_change_vl.c | 2 +-
.../testcases/fake_sigreturn_sve_change_vl.c | 2 +-
.../selftests/arm64/signal/testcases/sme_vl.c | 2 +-
.../arm64/signal/testcases/ssve_regs.c | 25 +++-----
.../arm64/signal/testcases/sve_regs.c | 23 +++-----
.../selftests/arm64/signal/testcases/sve_vl.c | 2 +-
.../arm64/signal/testcases/testcases.c | 48 +++++++++++----
.../arm64/signal/testcases/testcases.h | 9 ++-
.../arm64/signal/testcases/za_regs.c | 28 ++++-----
17 files changed, 137 insertions(+), 80 deletions(-)
base-commit: b90cb1053190353cc30f0fef0ef1f378ccc063c5
--
2.30.2
v12:
- Change patch 1 to enable update_tasks_cpumask() for top_cpuset except
for percpu kthreads.
- Add 2 more patches to make exclusivity rule violations invalidate the
partition and its siblings instead of failing the change to make it
consistent with other cpuset changes.
- Update documentation and test script accordingly.
v11:
- Fix incorrect spacing in patch 7 and include documentation suggestions
by Michal.
- Move partition_is_populated() check to the last one in list of
conditions to be checked.
v10:
- Relax constraints for changes made to "cpuset.cpus"
and "cpuset.cpus.partition" as suggested. Now almost all changes
are allowed.
- Add patch 1 to signal that we may need to do additional work in
the future to relax the constraint that tasks' cpumask may need
some adjustment if child partitions are present.
- Add patch 2 for miscellaneous cleanups.
The first patch fixes the problem that tasks in the top_cpuset
will not have its cpus_mask properly set to reflect the reduced
set of cpus available in the top_cpuset when a partition is enabled.
This patchset also includes the following enhancements to the cpuset
v2 partition code.
1) Allow partitions that have no task to have empty effective cpus.
2) Relax the constraints on what changes are allowed in cpuset.cpus
and cpuset.cpus.partition. However, the partition remain invalid
until the constraints of a valid partition root is satisfied.
3) Add a new "isolated" partition type for partitions with no load
balancing which is available in v1 but not yet in v2.
4) Allow the reading of cpuset.cpus.partition to include a reason
string as to why the partition remain invalid.
In addition, the cgroup-v2.rst documentation file is updated and a self
test is added to verify the correctness the partition code.
Waiman Long (10):
cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset
cgroup/cpuset: Miscellaneous cleanups & add helper functions
cgroup/cpuset: Allow no-task partition to have empty
cpuset.cpus.effective
cgroup/cpuset: Relax constraints to partition & cpus changes
cgroup/cpuset: Add a new isolated cpus.partition type
cgroup/cpuset: Show invalid partition reason string
cgroup/cpuset: Relocate a code block in validate_change()
cgroup/cpuset: Make partition invalid if cpumask change violates
exclusivity rule
cgroup/cpuset: Update description of cpuset.cpus.partition in
cgroup-v2.rst
kselftest/cgroup: Add cpuset v2 partition root state test
Documentation/admin-guide/cgroup-v2.rst | 150 ++--
kernel/cgroup/cpuset.c | 817 ++++++++++++------
tools/testing/selftests/cgroup/.gitignore | 1 +
tools/testing/selftests/cgroup/Makefile | 5 +-
.../selftests/cgroup/test_cpuset_prs.sh | 674 +++++++++++++++
tools/testing/selftests/cgroup/wait_inotify.c | 87 ++
6 files changed, 1385 insertions(+), 349 deletions(-)
create mode 100755 tools/testing/selftests/cgroup/test_cpuset_prs.sh
create mode 100644 tools/testing/selftests/cgroup/wait_inotify.c
--
2.31.1
From [1]:
> Please look into a wayto invoke all of them instead of adding individual
> net/* to the main Makefile. This list seems to be growing. :)
I might have misunderstood what was suggested... Here is an attempt to
let sub-selftests define their own $(TARGETS) directories.
[1]: https://lore.kernel.org/all/aa0143bc-b0d1-69fb-c117-1e7241f0ad89@linuxfound…
Cc: Shuah Khan <shuah(a)kernel.org>
Cc: Dmitry Safonov <0x7f454c46(a)gmail.com>
Cc: linux-kernel(a)vger.kernel.org
Cc: linux-kselftest(a)vger.kernel.org
Dmitry Safonov (3):
selftests/Make: Recursively build TARGETS list
selftests/.gitignore: Add vfork_exec
selftests/.gitignore: Add io_uring_zerocopy_tx
tools/testing/selftests/Makefile | 71 ++++----------------
tools/testing/selftests/drivers/Makefile | 7 ++
tools/testing/selftests/filesystems/Makefile | 4 ++
tools/testing/selftests/lib.mk | 59 +++++++++++++++-
tools/testing/selftests/net/.gitignore | 1 +
tools/testing/selftests/net/Makefile | 4 ++
tools/testing/selftests/timens/.gitignore | 1 +
7 files changed, 87 insertions(+), 60 deletions(-)
create mode 100644 tools/testing/selftests/drivers/Makefile
base-commit: 42e66b1cc3a070671001f8a1e933a80818a192bf
--
2.37.2
1. Correct log info
2. Add checking of invalid options
3. Replace exit with return to make the test exit gracefully
4. Delete fault injection related code
5. Reserve one cpu online when the test offline all cpus
Changes in v2:
- Update change log of patch 2
- Update exiting value to avoid incorrect report for patch 2
- Keep online_cpu_expect_fail() and offline_cpu_expect_fail() for
patch 3
Zhao Gongyi (5):
selftests/cpu-hotplug: Correct log info
selftests/cpu-hotplug: Use return instead of exit
selftests/cpu-hotplug: Delete fault injection related code
selftests/cpu-hotplug: Reserve one cpu online at least
selftests/cpu-hotplug: Add log info when test success
tools/testing/selftests/cpu-hotplug/Makefile | 2 +-
.../selftests/cpu-hotplug/cpu-on-off-test.sh | 140 +++++-------------
2 files changed, 37 insertions(+), 105 deletions(-)
--
2.17.1
From: Vijay Dhanraj <vijay.dhanraj(a)intel.com>
Add a new test case which is same as augment_via_eaccept but adds a
larger number of EPC pages to stress test EAUG via EACCEPT.
Signed-off-by: Vijay Dhanraj <vijay.dhanraj(a)intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org>
---
v7:
- Contains now only the test case. Support for dynamic heap is
prepared in prepending patches.
v6:
- Address Reinette's feedback:
https://lore.kernel.org/linux-sgx/Yw6%2FiTzSdSw%2FY%2FVO@kernel.org/
v5:
- Add the klog dump and sysctl option to the commit message.
v4:
- Explain expectations for dirty_page_list in the function header, instead
of an inline comment.
- Improve commit message to explain the conditions better.
- Return the number of pages left dirty to ksgxd() and print warning after
the 2nd call, if there are any.
v3:
- Remove WARN_ON().
- Tuned comments and the commit message a bit.
v2:
- Replaced WARN_ON() with optional pr_info() inside
__sgx_sanitize_pages().
- Rewrote the commit message.
- Added the fixes tag.
---
tools/testing/selftests/sgx/main.c | 112 ++++++++++++++++++++++++++++-
1 file changed, 111 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c
index 4feffe7cd8fb..48976bb7bd79 100644
--- a/tools/testing/selftests/sgx/main.c
+++ b/tools/testing/selftests/sgx/main.c
@@ -23,8 +23,15 @@
static const size_t ENCL_HEAP_SIZE_DEFAULT = PAGE_SIZE;
static const size_t ENCL_DYNAMIC_SIZE_DEFAULT = PAGE_SIZE;
+/*
+ * The size was chosen based on a bug report:
+ * Message-ID: <DM8PR11MB55912A7F47A84EC9913A6352F6999(a)DM8PR11MB5591.namprd11.prod.outlook.com>
+ */
+static const size_t ENCL_DYNAMIC_SIZE_LONG = 8L * 1024L * 1024L * 1024L;
+static const unsigned long TIMEOUT_DEFAULT = 900;
static const uint64_t MAGIC = 0x1122334455667788ULL;
static const uint64_t MAGIC2 = 0x8877665544332211ULL;
+
vdso_sgx_enter_enclave_t vdso_sgx_enter_enclave;
/*
@@ -388,7 +395,7 @@ TEST_F(enclave, unclobbered_vdso_oversubscribed)
EXPECT_EQ(self->run.user_data, 0);
}
-TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900)
+TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, TIMEOUT_DEFAULT)
{
struct sgx_enclave_remove_pages remove_ioc;
struct sgx_enclave_modify_types modt_ioc;
@@ -1248,6 +1255,109 @@ TEST_F(enclave, augment_via_eaccept)
munmap(addr, PAGE_SIZE);
}
+/*
+ * Test for the addition of large number of pages to an initialized enclave via
+ * a pre-emptive run of EACCEPT on every page to be added.
+ */
+TEST_F_TIMEOUT(enclave, augment_via_eaccept_long, TIMEOUT_DEFAULT)
+{
+ struct encl_op_get_from_addr get_addr_op;
+ struct encl_op_put_to_addr put_addr_op;
+ struct encl_op_eaccept eaccept_op;
+ size_t total_size = 0;
+ unsigned long i;
+ void *addr;
+
+ if (!sgx2_supported())
+ SKIP(return, "SGX2 not supported");
+
+ ASSERT_TRUE(setup_test_encl_dynamic(ENCL_HEAP_SIZE_DEFAULT,
+ ENCL_DYNAMIC_SIZE_LONG,
+ &self->encl, _metadata));
+
+ memset(&self->run, 0, sizeof(self->run));
+ self->run.tcs = self->encl.encl_base;
+
+ for (i = 0; i < self->encl.nr_segments; i++) {
+ struct encl_segment *seg = &self->encl.segment_tbl[i];
+
+ total_size += seg->size;
+ }
+
+ /*
+ * mmap() every page at end of existing enclave to be used for
+ * EDMM.
+ */
+ addr = mmap((void *)self->encl.encl_base + total_size, ENCL_DYNAMIC_SIZE_LONG,
+ PROT_READ | PROT_WRITE | PROT_EXEC, MAP_SHARED | MAP_FIXED,
+ self->encl.fd, 0);
+ EXPECT_NE(addr, MAP_FAILED);
+
+ self->run.exception_vector = 0;
+ self->run.exception_error_code = 0;
+ self->run.exception_addr = 0;
+
+ /*
+ * Run EACCEPT on every page to trigger the #PF->EAUG->EACCEPT(again
+ * without a #PF). All should be transparent to userspace.
+ */
+ eaccept_op.flags = SGX_SECINFO_R | SGX_SECINFO_W | SGX_SECINFO_REG | SGX_SECINFO_PENDING;
+ eaccept_op.ret = 0;
+ eaccept_op.header.type = ENCL_OP_EACCEPT;
+
+ for (i = 0; i < ENCL_DYNAMIC_SIZE_LONG; i += 4096) {
+ eaccept_op.epc_addr = (uint64_t)(addr + i);
+
+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0);
+ if (self->run.exception_vector == 14 &&
+ self->run.exception_error_code == 4 &&
+ self->run.exception_addr == self->encl.encl_base) {
+ munmap(addr, ENCL_DYNAMIC_SIZE_LONG);
+ SKIP(return, "Kernel does not support adding pages to initialized enclave");
+ }
+
+ EXPECT_EQ(self->run.exception_vector, 0);
+ EXPECT_EQ(self->run.exception_error_code, 0);
+ EXPECT_EQ(self->run.exception_addr, 0);
+ ASSERT_EQ(eaccept_op.ret, 0);
+ ASSERT_EQ(self->run.function, EEXIT);
+ }
+
+ /*
+ * Pool of pages were successfully added to enclave. Perform sanity
+ * check on first page of the pool only to ensure data can be written
+ * to and read from a dynamically added enclave page.
+ */
+ put_addr_op.value = MAGIC;
+ put_addr_op.addr = (unsigned long)addr;
+ put_addr_op.header.type = ENCL_OP_PUT_TO_ADDRESS;
+
+ EXPECT_EQ(ENCL_CALL(&put_addr_op, &self->run, true), 0);
+
+ EXPECT_EEXIT(&self->run);
+ EXPECT_EQ(self->run.exception_vector, 0);
+ EXPECT_EQ(self->run.exception_error_code, 0);
+ EXPECT_EQ(self->run.exception_addr, 0);
+
+ /*
+ * Read memory from newly added page that was just written to,
+ * confirming that data previously written (MAGIC) is present.
+ */
+ get_addr_op.value = 0;
+ get_addr_op.addr = (unsigned long)addr;
+ get_addr_op.header.type = ENCL_OP_GET_FROM_ADDRESS;
+
+ EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0);
+
+ EXPECT_EQ(get_addr_op.value, MAGIC);
+ EXPECT_EEXIT(&self->run);
+ EXPECT_EQ(self->run.exception_vector, 0);
+ EXPECT_EQ(self->run.exception_error_code, 0);
+ EXPECT_EQ(self->run.exception_addr, 0);
+
+ munmap(addr, ENCL_DYNAMIC_SIZE_LONG);
+}
+
/*
* SGX2 page type modification test in two phases:
* Phase 1:
--
2.37.2
While user namespaces do not make the kernel more vulnerable, they are however
used to initiate exploits. Some users do not want to block namespace creation
for the entirety of the system, which some distributions provide. Instead, we
needed a way to have some applications be blocked, and others allowed. This is
not possible with those tools. Managing hierarchies also did not fit our case
because we're determining which tasks are allowed based on their attributes.
While exploring a solution, we first leveraged the LSM cred_prepare hook
because that is the closest hook to prevent a call to create_user_ns().
The calls look something like this:
cred = prepare_creds()
security_prepare_creds()
call_int_hook(cred_prepare, ...
if (cred)
create_user_ns(cred)
We noticed that error codes were not propagated from this hook and
introduced a patch [1] to propagate those errors.
The discussion notes that security_prepare_creds() is not appropriate for
MAC policies, and instead the hook is meant for LSM authors to prepare
credentials for mutation. [2]
Additionally, cred_prepare hook is not without problems. Handling the clone3
case is a bit more tricky due to the user space pointer passed to it. This
makes checking the syscall subject to a possible TOCTTOU attack.
Ultimately, we concluded that a better course of action is to introduce
a new security hook for LSM authors. [3]
This patch set first introduces a new security_create_user_ns() function
and userns_create LSM hook, then marks the hook as sleepable in BPF. The
following patches after include a BPF test and a patch for an SELinux
implementation.
We want to encourage use of user namespaces, and also cater the needs
of users/administrators to observe and/or control access. There is no
expectation of an impact on user space applications because access control
is opt-in, and users wishing to observe within a LSM context
Links:
1. https://lore.kernel.org/all/20220608150942.776446-1-fred@cloudflare.com/
2. https://lore.kernel.org/all/87y1xzyhub.fsf@email.froward.int.ebiederm.org/
3. https://lore.kernel.org/all/9fe9cd9f-1ded-a179-8ded-5fde8960a586@cloudflare…
Past discussions:
V4: https://lore.kernel.org/all/20220801180146.1157914-1-fred@cloudflare.com/
V3: https://lore.kernel.org/all/20220721172808.585539-1-fred@cloudflare.com/
V2: https://lore.kernel.org/all/20220707223228.1940249-1-fred@cloudflare.com/
V1: https://lore.kernel.org/all/20220621233939.993579-1-fred@cloudflare.com/
Changes since v4:
- Update commit description
- Update cover letter
Changes since v3:
- Explicitly set CAP_SYS_ADMIN to test namespace is created given
permission
- Simplify BPF test to use sleepable hook only
- Prefer unshare() over clone() for tests
Changes since v2:
- Rename create_user_ns hook to userns_create
- Use user_namespace as an object opposed to a generic namespace object
- s/domB_t/domA_t in commit message
Changes since v1:
- Add selftests/bpf: Add tests verifying bpf lsm create_user_ns hook patch
- Add selinux: Implement create_user_ns hook patch
- Change function signature of security_create_user_ns() to only take
struct cred
- Move security_create_user_ns() call after id mapping check in
create_user_ns()
- Update documentation to reflect changes
Frederick Lawler (4):
security, lsm: Introduce security_create_user_ns()
bpf-lsm: Make bpf_lsm_userns_create() sleepable
selftests/bpf: Add tests verifying bpf lsm userns_create hook
selinux: Implement userns_create hook
include/linux/lsm_hook_defs.h | 1 +
include/linux/lsm_hooks.h | 4 +
include/linux/security.h | 6 ++
kernel/bpf/bpf_lsm.c | 1 +
kernel/user_namespace.c | 5 +
security/security.c | 5 +
security/selinux/hooks.c | 9 ++
security/selinux/include/classmap.h | 2 +
.../selftests/bpf/prog_tests/deny_namespace.c | 102 ++++++++++++++++++
.../selftests/bpf/progs/test_deny_namespace.c | 33 ++++++
10 files changed, 168 insertions(+)
create mode 100644 tools/testing/selftests/bpf/prog_tests/deny_namespace.c
create mode 100644 tools/testing/selftests/bpf/progs/test_deny_namespace.c
--
2.30.2
The put lowers the reference count to 0 and frees ctx, reading it
afterwards is invalid. Move the put after the uses and determine the
last use by the reference count being 1.
Fixes: 39e940d4abfa ("selftests/xsk: Destroy BPF resources only when ctx refcount drops to 0")
Signed-off-by: Ian Rogers <irogers(a)google.com>
---
tools/testing/selftests/bpf/xsk.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/bpf/xsk.c b/tools/testing/selftests/bpf/xsk.c
index f2721a4ae7c5..0b3ff49c740d 100644
--- a/tools/testing/selftests/bpf/xsk.c
+++ b/tools/testing/selftests/bpf/xsk.c
@@ -1237,15 +1237,15 @@ void xsk_socket__delete(struct xsk_socket *xsk)
ctx = xsk->ctx;
umem = ctx->umem;
- xsk_put_ctx(ctx, true);
-
- if (!ctx->refcount) {
+ if (ctx->refcount == 1) {
xsk_delete_bpf_maps(xsk);
close(ctx->prog_fd);
if (ctx->has_bpf_link)
close(ctx->link_fd);
}
+ xsk_put_ctx(ctx, true);
+
err = xsk_get_mmap_offsets(xsk->fd, &off);
if (!err) {
if (xsk->rx) {
--
2.37.2.789.g6183377224-goog
Hi,
here comes the v9 of the HID-BPF series.
Again, for a full explanation of HID-BPF, please refer to the last patch
in this series (23/23).
This version sees some minor improvements compared to v7 and v8, only
focusing on the reviews I got. (v8 was a single patch update)
- patch 1/24 in v7 was dropped as it is already fixed upstream
- patch 1/23 in v9 is now capable of handling all functions, not just
kfuncs (tested with the selftests only)
- some minor nits from Greg's review
- a rebase on top of the current bpf-next tree as the kfunc definition
changed (for the better).
Cheers,
Benjamin
Benjamin Tissoires (23):
bpf/verifier: allow all functions to read user provided context
bpf/verifier: do not clear meta in check_mem_size
selftests/bpf: add test for accessing ctx from syscall program type
bpf/verifier: allow kfunc to return an allocated mem
selftests/bpf: Add tests for kfunc returning a memory pointer
bpf: prepare for more bpf syscall to be used from kernel and user
space.
libbpf: add map_get_fd_by_id and map_delete_elem in light skeleton
HID: core: store the unique system identifier in hid_device
HID: export hid_report_type to uapi
HID: convert defines of HID class requests into a proper enum
HID: Kconfig: split HID support and hid-core compilation
HID: initial BPF implementation
selftests/bpf: add tests for the HID-bpf initial implementation
HID: bpf: allocate data memory for device_event BPF programs
selftests/bpf/hid: add test to change the report size
HID: bpf: introduce hid_hw_request()
selftests/bpf: add tests for bpf_hid_hw_request
HID: bpf: allow to change the report descriptor
selftests/bpf: add report descriptor fixup tests
selftests/bpf: Add a test for BPF_F_INSERT_HEAD
samples/bpf: HID: add new hid_mouse example
samples/bpf: HID: add Surface Dial example
Documentation: add HID-BPF docs
Documentation/hid/hid-bpf.rst | 512 +++++++++
Documentation/hid/index.rst | 1 +
drivers/Makefile | 2 +-
drivers/hid/Kconfig | 20 +-
drivers/hid/Makefile | 2 +
drivers/hid/bpf/Kconfig | 17 +
drivers/hid/bpf/Makefile | 11 +
drivers/hid/bpf/entrypoints/Makefile | 93 ++
drivers/hid/bpf/entrypoints/README | 4 +
drivers/hid/bpf/entrypoints/entrypoints.bpf.c | 66 ++
.../hid/bpf/entrypoints/entrypoints.lskel.h | 682 ++++++++++++
drivers/hid/bpf/hid_bpf_dispatch.c | 526 ++++++++++
drivers/hid/bpf/hid_bpf_dispatch.h | 28 +
drivers/hid/bpf/hid_bpf_jmp_table.c | 577 ++++++++++
drivers/hid/hid-core.c | 49 +-
include/linux/bpf.h | 9 +-
include/linux/btf.h | 10 +
include/linux/hid.h | 38 +-
include/linux/hid_bpf.h | 148 +++
include/uapi/linux/hid.h | 26 +-
include/uapi/linux/hid_bpf.h | 25 +
kernel/bpf/btf.c | 109 +-
kernel/bpf/syscall.c | 10 +-
kernel/bpf/verifier.c | 64 +-
net/bpf/test_run.c | 21 +
samples/bpf/.gitignore | 2 +
samples/bpf/Makefile | 27 +
samples/bpf/hid_mouse.bpf.c | 134 +++
samples/bpf/hid_mouse.c | 161 +++
samples/bpf/hid_surface_dial.bpf.c | 161 +++
samples/bpf/hid_surface_dial.c | 232 ++++
tools/include/uapi/linux/hid.h | 62 ++
tools/include/uapi/linux/hid_bpf.h | 25 +
tools/lib/bpf/skel_internal.h | 23 +
tools/testing/selftests/bpf/Makefile | 5 +-
tools/testing/selftests/bpf/config | 3 +
tools/testing/selftests/bpf/prog_tests/hid.c | 990 ++++++++++++++++++
.../selftests/bpf/prog_tests/kfunc_call.c | 76 ++
tools/testing/selftests/bpf/progs/hid.c | 206 ++++
.../selftests/bpf/progs/kfunc_call_test.c | 125 +++
40 files changed, 5198 insertions(+), 84 deletions(-)
create mode 100644 Documentation/hid/hid-bpf.rst
create mode 100644 drivers/hid/bpf/Kconfig
create mode 100644 drivers/hid/bpf/Makefile
create mode 100644 drivers/hid/bpf/entrypoints/Makefile
create mode 100644 drivers/hid/bpf/entrypoints/README
create mode 100644 drivers/hid/bpf/entrypoints/entrypoints.bpf.c
create mode 100644 drivers/hid/bpf/entrypoints/entrypoints.lskel.h
create mode 100644 drivers/hid/bpf/hid_bpf_dispatch.c
create mode 100644 drivers/hid/bpf/hid_bpf_dispatch.h
create mode 100644 drivers/hid/bpf/hid_bpf_jmp_table.c
create mode 100644 include/linux/hid_bpf.h
create mode 100644 include/uapi/linux/hid_bpf.h
create mode 100644 samples/bpf/hid_mouse.bpf.c
create mode 100644 samples/bpf/hid_mouse.c
create mode 100644 samples/bpf/hid_surface_dial.bpf.c
create mode 100644 samples/bpf/hid_surface_dial.c
create mode 100644 tools/include/uapi/linux/hid.h
create mode 100644 tools/include/uapi/linux/hid_bpf.h
create mode 100644 tools/testing/selftests/bpf/prog_tests/hid.c
create mode 100644 tools/testing/selftests/bpf/progs/hid.c
--
2.36.1
Dzień dobry,
dostrzegam możliwość współpracy z Państwa firmą.
Świadczymy kompleksową obsługę inwestycji w fotowoltaikę, która obniża koszty energii elektrycznej nawet o 90%.
Czy są Państwo zainteresowani weryfikacją wstępnych propozycji?
Pozdrawiam,
Norbert Karecki
From: Roberto Sassu <roberto.sassu(a)huawei.com>
One of the desirable features in security is the ability to restrict import
of data to a given system based on data authenticity. If data import can be
restricted, it would be possible to enforce a system-wide policy based on
the signing keys the system owner trusts.
This feature is widely used in the kernel. For example, if the restriction
is enabled, kernel modules can be plugged in only if they are signed with a
key whose public part is in the primary or secondary keyring.
For eBPF, it can be useful as well. For example, it might be useful to
authenticate data an eBPF program makes security decisions on.
After a discussion in the eBPF mailing list, it was decided that the stated
goal should be accomplished by introducing four new kfuncs:
bpf_lookup_user_key() and bpf_lookup_system_key(), for retrieving a keyring
with keys trusted for signature verification, respectively from its serial
and from a pre-determined ID; bpf_key_put(), to release the reference
obtained with the former two kfuncs, bpf_verify_pkcs7_signature(), for
verifying PKCS#7 signatures.
Other than the key serial, bpf_lookup_user_key() also accepts key lookup
flags, that influence the behavior of the lookup. bpf_lookup_system_key()
accepts pre-determined IDs defined in include/linux/verification.h.
bpf_key_put() accepts the new bpf_key structure, introduced to tell whether
the other structure member, a key pointer, is valid or not. The reason is
that verify_pkcs7_signature() also accepts invalid pointers, set with the
pre-determined ID, to select a system-defined keyring. key_put() must be
called only for valid key pointers.
Since the two key lookup functions allocate memory and one increments a key
reference count, they must be used in conjunction with bpf_key_put(). The
latter must be called only if the lookup functions returned a non-NULL
pointer. The verifier denies the execution of eBPF programs that don't
respect this rule.
The two key lookup functions should be used in alternative, depending on
the use case. While bpf_lookup_user_key() provides great flexibility, it
seems suboptimal in terms of security guarantees, as even if the eBPF
program is assumed to be trusted, the serial used to obtain the key pointer
might come from untrusted user space not choosing one that the system
administrator approves to enforce a mandatory policy.
bpf_lookup_system_key() instead provides much stronger guarantees,
especially if the pre-determined ID is not passed by user space but is
hardcoded in the eBPF program, and that program is signed. In this case,
bpf_verify_pkcs7_signature() will always perform signature verification
with a key that the system administrator approves, i.e. the primary,
secondary or platform keyring.
Nevertheless, key permission checks need to be done accurately. Since
bpf_lookup_user_key() cannot determine how a key will be used by other
kfuncs, it has to defer the permission check to the actual kfunc using the
key. It does it by calling lookup_user_key() with KEY_DEFER_PERM_CHECK as
needed permission. Later, bpf_verify_pkcs7_signature(), if called,
completes the permission check by calling key_validate(). It does not need
to call key_task_permission() with permission KEY_NEED_SEARCH, as it is
already done elsewhere by the key subsystem. Future kfuncs using the
bpf_key structure need to implement the proper checks as well.
Finally, the last kfunc, bpf_verify_pkcs7_signature(), accepts the data and
signature to verify as eBPF dynamic pointers, to minimize the number of
kfunc parameters, and the keyring with keys for signature verification as a
bpf_key structure, returned by one of the two key lookup functions.
bpf_lookup_user_key() and bpf_verify_pkcs7_signature() can be called only
from sleepable programs, because of memory allocation and crypto
operations. For example, the lsm.s/bpf attach point is suitable,
fexit/array_map_update_elem is not.
The correctness of implementation of the new kfuncs and of their usage is
checked with the introduced tests.
The patch set includes a patch from another author (dependency) for sake of
completeness. It is organized as follows.
Patch 1 from KP Singh allows kfuncs to be used by LSM programs. Patch 2
splits is_dynptr_reg_valid_init() and introduces is_dynptr_type_expected(),
to know more precisely the cause of a negative result of a dynamic pointer
check. Patch 3 allows dynamic pointers to be used as kfunc parameters.
Patch 4 exports bpf_dynptr_get_size(), to obtain the real size of data
carried by a dynamic pointer. Patch 5 makes available for new eBPF kfuncs
some key-related definitions. Patch 6 introduces the bpf_lookup_*_key() and
bpf_key_put() kfuncs. Patch 7 introduces the bpf_verify_pkcs7_signature()
kfunc. Patch 8 changes the testing kernel configuration to compile
everything as built-in. Finally, patches 9-12 introduce the tests.
Changelog
v13:
- Split is_dynptr_reg_valid_init() and introduce is_dynptr_type_expected()
to see if the dynamic pointer type passed as argument to a kfunc is
supported (suggested by Kumar)
- Add forward declaration of struct key in include/linux/bpf.h (suggested
by Song)
- Declare mask for key lookup flags, remove key_lookup_flags_check()
(suggested by Jarkko and KP)
- Allow only certain dynamic pointer types (currently, local) to be passed
as argument to kfuncs (suggested by Kumar)
- For each dynamic pointer parameter in kfunc, additionally check if the
passed pointer is to the stack (suggested by Kumar)
- Split the validity/initialization and dynamic pointer type check also in
the verifier, and adjust the expected error message in the test (a test
for an unexpected dynptr type passed to a helper cannot be added due to
missing suitable helpers, but this case has been tested manually)
- Add verifier tests to check the dynamic pointers passed as argument to
kfuncs (suggested by Kumar)
v12:
- Put lookup_key and verify_pkcs7_sig tests in deny list for s390x (JIT
does not support calling kernel function)
v11:
- Move stringify_struct() macro to include/linux/btf.h (suggested by
Daniel)
- Change kernel configuration options in
tools/testing/selftests/bpf/config* from =m to =y
v10:
- Introduce key_lookup_flags_check() and system_keyring_id_check() inline
functions to check parameters (suggested by KP)
- Fix descriptions and comment of key-related kfuncs (suggested by KP)
- Register kfunc set only once (suggested by Alexei)
- Move needed kernel options to the architecture-independent configuration
for testing
v9:
- Drop patch to introduce KF_SLEEPABLE kfunc flag (already merged)
- Rename valid_ptr member of bpf_key to has_ref (suggested by Daniel)
- Check dynamic pointers in kfunc definition with bpf_dynptr_kern struct
definition instead of string, to detect structure renames (suggested by
Daniel)
- Explicitly say that we permit initialized dynamic pointers in kfunc
definition (suggested by Daniel)
- Remove noinline __weak from kfuncs definition (reported by Daniel)
- Simplify key lookup flags check in bpf_lookup_user_key() (suggested by
Daniel)
- Explain the reason for deferring key permission check (suggested by
Daniel)
- Allocate memory with GFP_ATOMIC in bpf_lookup_system_key(), and remove
KF_SLEEPABLE kfunc flag from kfunc declaration (suggested by Daniel)
- Define only one kfunc set and remove the loop for registration
(suggested by Alexei)
v8:
- Define the new bpf_key structure to carry the key pointer and whether
that pointer is valid or not (suggested by Daniel)
- Drop patch to mark a kfunc parameter with the __maybe_null suffix
- Improve documentation of kfuncs
- Introduce bpf_lookup_system_key() to obtain a key pointer suitable for
verify_pkcs7_signature() (suggested by Daniel)
- Use the new kfunc registration API
- Drop patch to test the __maybe_null suffix
- Add tests for bpf_lookup_system_key()
v7:
- Add support for using dynamic and NULL pointers in kfunc (suggested by
Alexei)
- Add new kfunc-related tests
v6:
- Switch back to key lookup helpers + signature verification (until v5),
and defer permission check from bpf_lookup_user_key() to
bpf_verify_pkcs7_signature()
- Add additional key lookup test to illustrate the usage of the
KEY_LOOKUP_CREATE flag and validate the flags (suggested by Daniel)
- Make description of flags of bpf_lookup_user_key() more user-friendly
(suggested by Daniel)
- Fix validation of flags parameter in bpf_lookup_user_key() (reported by
Daniel)
- Rename bpf_verify_pkcs7_signature() keyring-related parameters to
user_keyring and system_keyring to make their purpose more clear
- Accept keyring-related parameters of bpf_verify_pkcs7_signature() as
alternatives (suggested by KP)
- Replace unsigned long type with u64 in helper declaration (suggested by
Daniel)
- Extend the bpf_verify_pkcs7_signature() test by calling the helper
without data, by ensuring that the helper enforces the keyring-related
parameters as alternatives, by ensuring that the helper rejects
inaccessible and expired keyrings, and by checking all system keyrings
- Move bpf_lookup_user_key() and bpf_key_put() usage tests to
ref_tracking.c (suggested by John)
- Call bpf_lookup_user_key() and bpf_key_put() only in sleepable programs
v5:
- Move KEY_LOOKUP_ to include/linux/key.h
for validation of bpf_verify_pkcs7_signature() parameter
- Remove bpf_lookup_user_key() and bpf_key_put() helpers, and the
corresponding tests
- Replace struct key parameter of bpf_verify_pkcs7_signature() with the
keyring serial and lookup flags
- Call lookup_user_key() and key_put() in bpf_verify_pkcs7_signature()
code, to ensure that the retrieved key is used according to the
permission requested at lookup time
- Clarified keyring precedence in the description of
bpf_verify_pkcs7_signature() (suggested by John)
- Remove newline in the second argument of ASSERT_
- Fix helper prototype regular expression in bpf_doc.py
v4:
- Remove bpf_request_key_by_id(), don't return an invalid pointer that
other helpers can use
- Pass the keyring ID (without ULONG_MAX, suggested by Alexei) to
bpf_verify_pkcs7_signature()
- Introduce bpf_lookup_user_key() and bpf_key_put() helpers (suggested by
Alexei)
- Add lookup_key_norelease test, to ensure that the verifier blocks eBPF
programs which don't decrement the key reference count
- Parse raw PKCS#7 signature instead of module-style signature in the
verify_pkcs7_signature test (suggested by Alexei)
- Parse kernel module in user space and pass raw PKCS#7 signature to the
eBPF program for signature verification
v3:
- Rename bpf_verify_signature() back to bpf_verify_pkcs7_signature() to
avoid managing different parameters for each signature verification
function in one helper (suggested by Daniel)
- Use dynamic pointers and export bpf_dynptr_get_size() (suggested by
Alexei)
- Introduce bpf_request_key_by_id() to give more flexibility to the caller
of bpf_verify_pkcs7_signature() to retrieve the appropriate keyring
(suggested by Alexei)
- Fix test by reordering the gcc command line, always compile sign-file
- Improve helper support check mechanism in the test
v2:
- Rename bpf_verify_pkcs7_signature() to a more generic
bpf_verify_signature() and pass the signature type (suggested by KP)
- Move the helper and prototype declaration under #ifdef so that user
space can probe for support for the helper (suggested by Daniel)
- Describe better the keyring types (suggested by Daniel)
- Include linux/bpf.h instead of vmlinux.h to avoid implicit or
redeclaration
- Make the test selfcontained (suggested by Alexei)
v1:
- Don't define new map flag but introduce simple wrapper of
verify_pkcs7_signature() (suggested by Alexei and KP)
KP Singh (1):
bpf: Allow kfuncs to be used in LSM programs
Roberto Sassu (11):
bpf: Move dynptr type check to is_dynptr_type_expected()
btf: Allow dynamic pointer parameters in kfuncs
bpf: Export bpf_dynptr_get_size()
KEYS: Move KEY_LOOKUP_ to include/linux/key.h and set
KEY_LOOKUP_FLAGS_ALL
bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs
bpf: Add bpf_verify_pkcs7_signature() kfunc
selftests/bpf: Compile kernel with everything as built-in
selftests/bpf: Add verifier tests for bpf_lookup_*_key() and
bpf_key_put()
selftests/bpf: Add additional tests for bpf_lookup_*_key()
selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc
selftests/bpf: Add verifier tests for dynamic pointers parameters in
kfuncs
include/linux/bpf.h | 9 +
include/linux/bpf_verifier.h | 5 +
include/linux/btf.h | 9 +
include/linux/key.h | 4 +
include/linux/verification.h | 8 +
kernel/bpf/btf.c | 34 ++
kernel/bpf/helpers.c | 2 +-
kernel/bpf/verifier.c | 35 +-
kernel/trace/bpf_trace.c | 180 ++++++++
security/keys/internal.h | 2 -
tools/testing/selftests/bpf/DENYLIST.s390x | 2 +
tools/testing/selftests/bpf/Makefile | 14 +-
tools/testing/selftests/bpf/config | 32 +-
tools/testing/selftests/bpf/config.x86_64 | 7 +-
.../testing/selftests/bpf/prog_tests/dynptr.c | 2 +-
.../selftests/bpf/prog_tests/lookup_key.c | 112 +++++
.../bpf/prog_tests/verify_pkcs7_sig.c | 399 ++++++++++++++++++
.../selftests/bpf/progs/test_lookup_key.c | 46 ++
.../bpf/progs/test_verify_pkcs7_sig.c | 100 +++++
tools/testing/selftests/bpf/test_verifier.c | 3 +-
.../bpf/verifier/kfunc_dynptr_param.c | 72 ++++
.../selftests/bpf/verifier/ref_tracking.c | 139 ++++++
.../testing/selftests/bpf/verify_sig_setup.sh | 104 +++++
23 files changed, 1285 insertions(+), 35 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/lookup_key.c
create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
create mode 100644 tools/testing/selftests/bpf/progs/test_lookup_key.c
create mode 100644 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
create mode 100644 tools/testing/selftests/bpf/verifier/kfunc_dynptr_param.c
create mode 100755 tools/testing/selftests/bpf/verify_sig_setup.sh
--
2.25.1
This series enables the ring-based dirty memory tracking for ARM64.
The feature has been available and enabled on x86 for a while. It
is beneficial when the number of dirty pages is small in a checkpointing
system or live migration scenario. More details can be found from
fb04a1eddb1a ("KVM: X86: Implement ring-based dirty memory tracking").
The generic part has been comprehensive enough, meaning there isn't too
much work, needed to extend it to ARM64.
- PATCH[1] enables the feature on ARM64
- PATCH[2-5] improves kvm/selftests/dirty_log_test
Testing
=======
- kvm/selftests/dirty_log_test
- Live migration by QEMU
- Host with 4KB or 64KB base page size
Gavin Shan (5):
KVM: arm64: Enable ring-based dirty memory tracking
KVM: selftests: Use host page size to map ring buffer in
dirty_log_test
KVM: selftests: Dirty host pages in dirty_log_test
KVM: selftests: Clear dirty ring states between two modes in
dirty_log_test
KVM: selftests: Automate choosing dirty ring size in dirty_log_test
Documentation/virt/kvm/api.rst | 2 +-
arch/arm64/include/uapi/asm/kvm.h | 1 +
arch/arm64/kvm/Kconfig | 1 +
arch/arm64/kvm/arm.c | 8 ++
tools/testing/selftests/kvm/dirty_log_test.c | 101 ++++++++++++++-----
tools/testing/selftests/kvm/lib/kvm_util.c | 2 +-
6 files changed, 88 insertions(+), 27 deletions(-)
--
2.23.0
Commit c272612cb4a2 ("kunit: Taint the kernel when KUnit tests are run")
added a new taint flag for when in-kernel tests run. This commit adds
recognition of this new flag in kernel-chktaint.
Reviewed-by: David Gow <davidgow(a)google.com>
Signed-off-by: Joe Fradley <joefradley(a)google.com>
---
Changes in v2:
- based off of kselftest/kunit branch
- Added David's Reviewed-by tag
tools/debugging/kernel-chktaint | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/tools/debugging/kernel-chktaint b/tools/debugging/kernel-chktaint
index f1af27ce9f20..279be06332be 100755
--- a/tools/debugging/kernel-chktaint
+++ b/tools/debugging/kernel-chktaint
@@ -187,6 +187,7 @@ else
echo " * auxiliary taint, defined for and used by distros (#16)"
fi
+
T=`expr $T / 2`
if [ `expr $T % 2` -eq 0 ]; then
addout " "
@@ -195,6 +196,14 @@ else
echo " * kernel was built with the struct randomization plugin (#17)"
fi
+T=`expr $T / 2`
+if [ `expr $T % 2` -eq 0 ]; then
+ addout " "
+else
+ addout "N"
+ echo " * an in-kernel test (such as a KUnit test) has been run (#18)"
+fi
+
echo "For a more detailed explanation of the various taint flags see"
echo " Documentation/admin-guide/tainted-kernels.rst in the Linux kernel sources"
echo " or https://kernel.org/doc/html/latest/admin-guide/tainted-kernels.html"
--
2.37.1.595.g718a3a8f04-goog