- Linux-kselftest-mirror - lists.linaro.org

[RFC PATCH bpf-next 0/4] bpf: add bpf-based bpf_trace_printk()-like support

by Alan Maguire

This series attempts to provide a simple way for BPF programs (and in future other consumers) to utilize BPF Type Format (BTF) information to display kernel data structures in-kernel. The use case this functionality is applied to here is to support a bpf_trace_printk trace event-based method of rendering type information. There is already support in kernel/bpf/btf.c for "show" functionality; the changes here generalize that support from seq-file specific verifier display to the more generic case and add another specific use case; rather than seq_printf()ing the show data, it is traced using the bpf_trace_printk trace event. Other future uses of the show functionality could include a bpf_printk_btf() function which printk()ed the data instead. Oops messaging in particular would be an interesting application for such functionality. The above potential use case hints at a potential reply to a reasonable objection that such typed display should be solved by tracing programs, where the in-kernel tracing records data and the userspace program prints it out. While this is certainly the recommended approach for most cases, I believe having an in-kernel mechanism would be valuable also. Critically in BPF programs it greatly simplifies debugging and tracing of such data to invoking a one-line helper. One challenge raised in an earlier iteration of this work - where the BTF printing was implemented as a printk() format specifier - was that the amount of data printed per printk() was large, and other format specifiers were far simpler. This patchset tackles this by instead displaying data _as the data structure is traversed_, rathern than copying it to a string for later display. The problem in doing this however is that such output can be intermixed with other bpf_trace_printk events. The solution pursued here is to associate a trace ID with the bpf_trace_printk events. For now, the bpf_trace_printk() helper sets this trace ID to 0, and bpf_trace_btf() can specify non-zero values. This allows a BPF program to coordinate with a user-space program which creates a separate trace instance which filters trace events based on trace ID, allowing for clean display without pollution from other data sources. Future work could enhance bpf_trace_printk() to do this too, either via a new helper or by smuggling a 32-bit trace id value into the "fmt_size" argument (the latter might be problematic for 32-bit platforms though, so a new helper might be preferred). To aid in display the bpf_trace_btf() helper is passed a "struct btf_ptr *" which specifies the data to be traced (struct sk_buff * say), the BTF id of the type (the BTF id of "struct sk_buff") or a string representation of the type ("struct sk_buff"). A flags field is also present for future use. Separately a number of flags control how the output is rendered, see patch 3 for more details. A snippet of output from printing "struct sk_buff *" (see patch 3 for the full output) looks like this: <idle>-0 [023] d.s. 1825.778400: bpf_trace_printk: (struct sk_buff){ <idle>-0 [023] d.s. 1825.778409: bpf_trace_printk: (union){ <idle>-0 [023] d.s. 1825.778410: bpf_trace_printk: (struct){ <idle>-0 [023] d.s. 1825.778412: bpf_trace_printk: .prev = (struct sk_buff *)0x00000000b2a3df7e, <idle>-0 [023] d.s. 1825.778413: bpf_trace_printk: (union){ <idle>-0 [023] d.s. 1825.778414: bpf_trace_printk: .dev = (struct net_device *)0x000000001658808b, <idle>-0 [023] d.s. 1825.778416: bpf_trace_printk: .dev_scratch = (long unsigned int)18446628460391432192, <idle>-0 [023] d.s. 1825.778417: bpf_trace_printk: }, <idle>-0 [023] d.s. 1825.778417: bpf_trace_printk: }, <idle>-0 [023] d.s. 1825.778418: bpf_trace_printk: .rbnode = (struct rb_node){ <idle>-0 [023] d.s. 1825.778419: bpf_trace_printk: .rb_right = (struct rb_node *)0x00000000b2a3df7e, <idle>-0 [023] d.s. 1825.778420: bpf_trace_printk: .rb_left = (struct rb_node *)0x000000001658808b, <idle>-0 [023] d.s. 1825.778420: bpf_trace_printk: }, <idle>-0 [023] d.s. 1825.778421: bpf_trace_printk: .list = (struct list_head){ <idle>-0 [023] d.s. 1825.778422: bpf_trace_printk: .prev = (struct list_head *)0x00000000b2a3df7e, <idle>-0 [023] d.s. 1825.778422: bpf_trace_printk: }, <idle>-0 [023] d.s. 1825.778422: bpf_trace_printk: }, <idle>-0 [023] d.s. 1825.778426: bpf_trace_printk: .len = (unsigned int)168, <idle>-0 [023] d.s. 1825.778427: bpf_trace_printk: .mac_len = (__u16)14, Changes since v3: - Moved to RFC since the approach is different (and bpf-next is closed) - Rather than using a printk() format specifier as the means of invoking BTF-enabled display, a dedicated BPF helper is used. This solves the issue of printk() having to output large amounts of data using a complex mechanism such as BTF traversal, but still provides a way for the display of such data to be achieved via BPF programs. Future work could include a bpf_printk_btf() function to invoke display via printk() where the elements of a data structure are printk()ed one at a time. Thanks to Petr Mladek, Andy Shevchenko and Rasmus Villemoes who took time to look at the earlier printk() format-specifier-focused version of this and provided feedback clarifying the problems with that approach. - Added trace id to the bpf_trace_printk events as a means of separating output from standard bpf_trace_printk() events, ensuring it can be easily parsed by the reader. - Added bpf_trace_btf() helper tests which do simple verification of the various display options. Changes since v2: - Alexei and Yonghong suggested it would be good to use probe_kernel_read() on to-be-shown data to ensure safety during operation. Safe copy via probe_kernel_read() to a buffer object in "struct btf_show" is used to support this. A few different approaches were explored including dynamic allocation and per-cpu buffers. The downside of dynamic allocation is that it would be done during BPF program execution for bpf_trace_printk()s using %pT format specifiers. The problem with per-cpu buffers is we'd have to manage preemption and since the display of an object occurs over an extended period and in printk context where we'd rather not change preemption status, it seemed tricky to manage buffer safety while considering preemption. The approach of utilizing stack buffer space via the "struct btf_show" seemed like the simplest approach. The stack size of the associated functions which have a "struct btf_show" on their stack to support show operation (btf_type_snprintf_show() and btf_type_seq_show()) stays under 500 bytes. The compromise here is the safe buffer we use is small - 256 bytes - and as a result multiple probe_kernel_read()s are needed for larger objects. Most objects of interest are smaller than this (e.g. "struct sk_buff" is 224 bytes), and while task_struct is a notable exception at ~8K, performance is not the priority for BTF-based display. (Alexei and Yonghong, patch 2). - safe buffer use is the default behaviour (and is mandatory for BPF) but unsafe display - meaning no safe copy is done and we operate on the object itself - is supported via a 'u' option. - pointers are prefixed with 0x for clarity (Alexei, patch 2) - added additional comments and explanations around BTF show code, especially around determining whether objects such zeroed. Also tried to comment safe object scheme used. (Yonghong, patch 2) - added late_initcall() to initialize vmlinux BTF so that it would not have to be initialized during printk operation (Alexei, patch 5) - removed CONFIG_BTF_PRINTF config option as it is not needed; CONFIG_DEBUG_INFO_BTF can be used to gate test behaviour and determining behaviour of type-based printk can be done via retrieval of BTF data; if it's not there BTF was unavailable or broken (Alexei, patches 4,6) - fix bpf_trace_printk test to use vmlinux.h and globals via skeleton infrastructure, removing need for perf events (Andrii, patch 8) Changes since v1: - changed format to be more drgn-like, rendering indented type info along with type names by default (Alexei) - zeroed values are omitted (Arnaldo) by default unless the '0' modifier is specified (Alexei) - added an option to print pointer values without obfuscation. The reason to do this is the sysctls controlling pointer display are likely to be irrelevant in many if not most tracing contexts. Some questions on this in the outstanding questions section below... - reworked printk format specifer so that we no longer rely on format %pT<type> but instead use a struct * which contains type information (Rasmus). This simplifies the printk parsing, makes use more dynamic and also allows specification by BTF id as well as name. - removed incorrect patch which tried to fix dereferencing of resolved BTF info for vmlinux; instead we skip modifiers for the relevant case (array element type determination) (Alexei). - fixed issues with negative snprintf format length (Rasmus) - added test cases for various data structure formats; base types, typedefs, structs, etc. - tests now iterate through all typedef, enum, struct and unions defined for vmlinux BTF and render a version of the target dummy value which is either all zeros or all 0xff values; the idea is this exercises the "skip if zero" and "print everything" cases. - added support in BPF for using the %pT format specifier in bpf_trace_printk() - added BPF tests which ensure %pT format specifier use works (Alexei). Alan Maguire (4): bpf: provide function to get vmlinux BTF information bpf: make BTF show support generic, apply to seq files/bpf_trace_printk bpf: add bpf_trace_btf helper selftests/bpf: add bpf_trace_btf helper tests include/linux/bpf.h | 5 + include/linux/btf.h | 38 + include/uapi/linux/bpf.h | 63 ++ kernel/bpf/btf.c | 962 ++++++++++++++++++--- kernel/bpf/core.c | 5 + kernel/bpf/helpers.c | 4 + kernel/bpf/verifier.c | 18 +- kernel/trace/bpf_trace.c | 121 ++- kernel/trace/bpf_trace.h | 6 +- scripts/bpf_helpers_doc.py | 2 + tools/include/uapi/linux/bpf.h | 63 ++ tools/testing/selftests/bpf/prog_tests/trace_btf.c | 45 + .../selftests/bpf/progs/netif_receive_skb.c | 43 + 13 files changed, 1257 insertions(+), 118 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/trace_btf.c create mode 100644 tools/testing/selftests/bpf/progs/netif_receive_skb.c -- 1.8.3.1

4 years, 8 months

3
10
0 0

[PATCH 1/2] kunit: expect failures from dynamic analysis tools

by Uriel Guajardo

Adds support to KUnit for failure expectation for specific tools. Uses named KUnit resources to keep track of whether or not a failure expectation has been set by the user. - Adds a generic KUNIT_EXPECT_TOOL_FAIL macro that can expect failure from any supported tool that uses the same identifying name - Adds kunit_fail_from_tool which is used to flag failures for specific tools. Requires "kunit: suppport failure from dynamic analysis tools": https://lore.kernel.org/linux-kselftest/20200813205722.1384108-1-urielguaja… Signed-off-by: Uriel Guajardo <urielguajardo(a)google.com> --- include/kunit/test-bug.h | 53 ++++++++++++++++++++++++++++++++++++++++ include/kunit/test.h | 5 ++++ lib/kunit/test.c | 46 +++++++++++++++++++++++++++++----- 3 files changed, 98 insertions(+), 6 deletions(-) diff --git a/include/kunit/test-bug.h b/include/kunit/test-bug.h index 283c19ec328f..383198f70cb5 100644 --- a/include/kunit/test-bug.h +++ b/include/kunit/test-bug.h @@ -9,16 +9,69 @@ #ifndef _KUNIT_TEST_BUG_H #define _KUNIT_TEST_BUG_H +/** + * struct kunit_expectation - represents expectations in KUnit, specifically + * used to keep track of failure expectations from analysis tools + */ +struct kunit_expectation { + bool expected; + bool found; +}; + #if IS_ENABLED(CONFIG_KUNIT) extern void kunit_fail_current_test(void); +/** + * kunit_fail_from_tool() - Fails the currently running KUnit tests under the + * given tool name. + * + * Note: Uses a named KUnit resource to track state. Do not use the name + * KUNIT_TOOL_{tool} for KUnit resources outside of here. + */ +#define kunit_fail_from_tool(tool) \ + if (current->kunit_test) \ + kunit_tool_fail(current->kunit_test, #tool,\ + "KUNIT_TOOL_" #tool) + +/** + * kunit_tool_expectation() - Returns the kunit_expectation for the given + * tool. If it cannot find the expectation, it creates an expectation and + * returns it. + * + * Note: Uses a named KUnit resource to track state. Do not use the name + * KUNIT_TOOL_{tool} for KUnit resources outside of here. + */ +#define kunit_tool_expectation(test, tool) \ + kunit_find_expectation(test, "KUNIT_TOOL_" #tool) + + +/** + * KUNIT_EXPECT_TOOL_FAIL() - Fails the currently running KUnit test if the + * condition does not cause an error within the given tool. + * + * Note: 'tool' must be consistent with the name specified in + * kunit_fail_from_tool(). If the tool fails KUnit using another name, KUnit + * will treat it as a separate tool. + */ +#define KUNIT_EXPECT_TOOL_FAIL(test, condition, tool) do { \ + struct kunit_expectation *data = kunit_tool_expectation(test, tool);\ + data->expected = true; \ + data->found = false; \ + condition; \ + KUNIT_EXPECT_EQ(test, data->expected, data->found); \ + data->expected = false; \ + data->found = false; \ +} while (0) + #else static inline void kunit_fail_current_test(void) { } +#define kunit_fail_from_tool(tool) do { } while (0) + #endif #endif /* _KUNIT_TEST_BUG_H */ diff --git a/include/kunit/test.h b/include/kunit/test.h index 81bf43a1abda..3da8e17ee32b 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -511,6 +511,11 @@ static inline int kunit_destroy_named_resource(struct kunit *test, */ void kunit_remove_resource(struct kunit *test, struct kunit_resource *res); +void kunit_tool_fail(struct kunit *test, char *tool_name, char *resource_name); + +struct kunit_expectation *kunit_find_expectation(struct kunit *test, + char *resource_name); + /** * kunit_kmalloc() - Like kmalloc() except the allocation is *test managed*. * @test: The test context object. diff --git a/lib/kunit/test.c b/lib/kunit/test.c index d8189d827368..458d1ad2daf2 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -22,6 +22,45 @@ void kunit_fail_current_test(void) kunit_set_failure(current->kunit_test); } +static void kunit_data_free(struct kunit_resource *res) +{ + kfree(res->data); +} + +struct kunit_expectation *kunit_find_expectation(struct kunit *test, + char *resource_name) +{ + struct kunit_resource *resource; + struct kunit_expectation *expectation; + + struct kunit_resource *existing = kunit_find_named_resource( + test, resource_name); + if (!existing) { + expectation = kzalloc(sizeof(*expectation), GFP_KERNEL); + resource = kunit_alloc_and_get_resource(test, NULL, + kunit_data_free, GFP_KERNEL, + expectation); + resource->name = resource_name; + kunit_put_resource(resource); + return expectation; + } + kunit_put_resource(existing); + return existing->data; +} +EXPORT_SYMBOL_GPL(kunit_find_expectation); + +void kunit_tool_fail(struct kunit *test, char *tool_name, char *resource_name) +{ + struct kunit_expectation *data = kunit_find_expectation(test, + resource_name); + if (!data->expected) { + kunit_warn(test, "Dynamic analysis tool failure from %s", + tool_name); + return kunit_fail_current_test(); + } + data->found = true; +} + static void kunit_print_tap_version(void) { static bool kunit_has_printed_tap_version; @@ -538,11 +577,6 @@ static int kunit_kmalloc_init(struct kunit_resource *res, void *context) return 0; } -static void kunit_kmalloc_free(struct kunit_resource *res) -{ - kfree(res->data); -} - void *kunit_kmalloc(struct kunit *test, size_t size, gfp_t gfp) { struct kunit_kmalloc_params params = { @@ -552,7 +586,7 @@ void *kunit_kmalloc(struct kunit *test, size_t size, gfp_t gfp) return kunit_alloc_resource(test, kunit_kmalloc_init, - kunit_kmalloc_free, + kunit_data_free, gfp, &params); } -- 2.28.0.297.g1956fa8f8d-goog

4 years, 8 months

1
1
0 0

[PATCH] kunit: Customize KUNIT_EXCEPT/KUNIT_ASSERT Expected messages

by Vitor Massaru Iha

In some cases, to maintain the consistency of the Expected messages with the original runtime test, it is necessary to customize the Expected messages on KUnit. As an example test_overflow conversion to KUnit (I added 1, p->s_of+1, just to fail the test). Using KUNIT_EXPECT_EQ: Expected _of == p->s_of+1, but _of == 0 p->s_of+1 == 1 not ok 1 - overflow_calculation_test ok 2 - overflow_shift_test Using KUNIT_EXPECT_EQ_CUSTOM_MSG: Expected 0 + 0 to not overflow (type u8) not ok 1 - overflow_calculation_test Which is more similar to the error message of the original test. Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> --- include/kunit/assert.h | 8 ++- include/kunit/test.h | 151 +++++++++++++++++++++++++++++++++++++++-- lib/kunit/assert.c | 34 ++++++---- 3 files changed, 172 insertions(+), 21 deletions(-) diff --git a/include/kunit/assert.h b/include/kunit/assert.h index ad889b539ab3..b3c25b4420c8 100644 --- a/include/kunit/assert.h +++ b/include/kunit/assert.h @@ -204,6 +204,7 @@ struct kunit_binary_assert { long long left_value; const char *right_text; long long right_value; + bool custom_msg; }; void kunit_binary_assert_format(const struct kunit_assert *assert, @@ -219,6 +220,7 @@ void kunit_binary_assert_format(const struct kunit_assert *assert, * @left_val: The actual evaluated value of the expression in the left slot. * @right_str: A string representation of the expression in the right slot. * @right_val: The actual evaluated value of the expression in the right slot. + * @custom_msg_bool: Show a custom expect message instead the default message. * * Initializes a &struct kunit_binary_assert. Intended to be used in * KUNIT_EXPECT_* and KUNIT_ASSERT_* macros. @@ -229,7 +231,8 @@ void kunit_binary_assert_format(const struct kunit_assert *assert, left_str, \ left_val, \ right_str, \ - right_val) { \ + right_val, \ + custom_msg_bool) { \ .assert = KUNIT_INIT_ASSERT_STRUCT(test, \ type, \ kunit_binary_assert_format), \ @@ -237,7 +240,8 @@ void kunit_binary_assert_format(const struct kunit_assert *assert, .left_text = left_str, \ .left_value = left_val, \ .right_text = right_str, \ - .right_value = right_val \ + .right_value = right_val, \ + .custom_msg = custom_msg_bool, \ } /** diff --git a/include/kunit/test.h b/include/kunit/test.h index 59f3144f009a..ec821a57ec5b 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -699,6 +699,7 @@ void kunit_do_assertion(struct kunit *test, left, \ op, \ right, \ + custom_msg_bool, \ fmt, \ ...) \ do { \ @@ -715,7 +716,8 @@ do { \ #left, \ __left, \ #right, \ - __right), \ + __right, \ + custom_msg_bool), \ fmt, \ ##__VA_ARGS__); \ } while (0) @@ -726,6 +728,7 @@ do { \ assert_type, \ left, \ right, \ + custom_msg_bool, \ fmt, \ ...) \ KUNIT_BASE_BINARY_ASSERTION(test, \ @@ -733,6 +736,7 @@ do { \ ASSERT_CLASS_INIT, \ assert_type, \ left, ==, right, \ + custom_msg_bool, \ fmt, \ ##__VA_ARGS__) @@ -742,6 +746,7 @@ do { \ assert_type, \ left, \ right, \ + custom_msg_bool, \ fmt, \ ...) \ KUNIT_BASE_BINARY_ASSERTION(test, \ @@ -749,6 +754,7 @@ do { \ ASSERT_CLASS_INIT, \ assert_type, \ left, !=, right, \ + custom_msg_bool, \ fmt, \ ##__VA_ARGS__) @@ -765,6 +771,7 @@ do { \ ASSERT_CLASS_INIT, \ assert_type, \ left, <, right, \ + custom_msg_bool, \ fmt, \ ##__VA_ARGS__) @@ -774,6 +781,7 @@ do { \ assert_type, \ left, \ right, \ + custom_msg_bool, \ fmt, \ ...) \ KUNIT_BASE_BINARY_ASSERTION(test, \ @@ -781,6 +789,7 @@ do { \ ASSERT_CLASS_INIT, \ assert_type, \ left, <=, right, \ + custom_msg_bool, \ fmt, \ ##__VA_ARGS__) @@ -797,6 +806,7 @@ do { \ ASSERT_CLASS_INIT, \ assert_type, \ left, >, right, \ + custom_msg_bool, \ fmt, \ ##__VA_ARGS__) @@ -813,16 +823,23 @@ do { \ ASSERT_CLASS_INIT, \ assert_type, \ left, >=, right, \ + custom_msg_bool, \ fmt, \ ##__VA_ARGS__) -#define KUNIT_BINARY_EQ_MSG_ASSERTION(test, assert_type, left, right, fmt, ...)\ +#define KUNIT_BINARY_EQ_MSG_ASSERTION(test, \ + assert_type, \ + left, right, \ + custom_msg_bool, \ + fmt, \ + ...) \ KUNIT_BASE_EQ_MSG_ASSERTION(test, \ kunit_binary_assert, \ KUNIT_INIT_BINARY_ASSERT_STRUCT, \ assert_type, \ left, \ right, \ + custom_msg_bool, \ fmt, \ ##__VA_ARGS__) @@ -831,6 +848,7 @@ do { \ assert_type, \ left, \ right, \ + false, \ NULL) #define KUNIT_BINARY_PTR_EQ_MSG_ASSERTION(test, \ @@ -862,6 +880,18 @@ do { \ assert_type, \ left, \ right, \ + false, \ + fmt, \ + ##__VA_ARGS__) + +#define KUNIT_BINARY_NE_CUSTOM_MSG_ASSERTION(test, assert_type, left, right, fmt, ...)\ + KUNIT_BASE_NE_MSG_ASSERTION(test, \ + kunit_binary_assert, \ + KUNIT_INIT_BINARY_ASSERT_STRUCT, \ + assert_type, \ + left, \ + right, \ + true, \ fmt, \ ##__VA_ARGS__) @@ -870,6 +900,7 @@ do { \ assert_type, \ left, \ right, \ + false, \ NULL) #define KUNIT_BINARY_PTR_NE_MSG_ASSERTION(test, \ @@ -904,11 +935,12 @@ do { \ fmt, \ ##__VA_ARGS__) -#define KUNIT_BINARY_LT_ASSERTION(test, assert_type, left, right) \ +#define KUNIT_BINARY_LT_ASSERTION(test, assert_type, left, right, custom_msg_bool)\ KUNIT_BINARY_LT_MSG_ASSERTION(test, \ assert_type, \ left, \ right, \ + custom_msg_bool, \ NULL) #define KUNIT_BINARY_PTR_LT_MSG_ASSERTION(test, \ @@ -923,6 +955,7 @@ do { \ assert_type, \ left, \ right, \ + false, \ fmt, \ ##__VA_ARGS__) @@ -933,13 +966,20 @@ do { \ right, \ NULL) -#define KUNIT_BINARY_LE_MSG_ASSERTION(test, assert_type, left, right, fmt, ...)\ +#define KUNIT_BINARY_LE_MSG_ASSERTION(test, \ + assert_type, \ + left, \ + right, \ + custom_msg_bool, \ + fmt, \ + ...) \ KUNIT_BASE_LE_MSG_ASSERTION(test, \ kunit_binary_assert, \ KUNIT_INIT_BINARY_ASSERT_STRUCT, \ assert_type, \ left, \ right, \ + custom_msg_bool, \ fmt, \ ##__VA_ARGS__) @@ -948,6 +988,7 @@ do { \ assert_type, \ left, \ right, \ + false, \ NULL) #define KUNIT_BINARY_PTR_LE_MSG_ASSERTION(test, \ @@ -972,13 +1013,20 @@ do { \ right, \ NULL) -#define KUNIT_BINARY_GT_MSG_ASSERTION(test, assert_type, left, right, fmt, ...)\ +#define KUNIT_BINARY_GT_MSG_ASSERTION(test, \ + assert_type, \ + left, \ + right, \ + custom_msg_bool, \ + fmt, \ + ...) \ KUNIT_BASE_GT_MSG_ASSERTION(test, \ kunit_binary_assert, \ KUNIT_INIT_BINARY_ASSERT_STRUCT, \ assert_type, \ left, \ right, \ + custom_msg_bool, \ fmt, \ ##__VA_ARGS__) @@ -1001,6 +1049,7 @@ do { \ assert_type, \ left, \ right, \ + custom_msg_bool, \ fmt, \ ##__VA_ARGS__) @@ -1011,7 +1060,13 @@ do { \ right, \ NULL) -#define KUNIT_BINARY_GE_MSG_ASSERTION(test, assert_type, left, right, fmt, ...)\ +#define KUNIT_BINARY_GE_MSG_ASSERTION(test, \ + assert_type, \ + left, \ + right, \ + custom_msg_bool, \ + fmt, \ + ...) \ KUNIT_BASE_GE_MSG_ASSERTION(test, \ kunit_binary_assert, \ KUNIT_INIT_BINARY_ASSERT_STRUCT, \ @@ -1026,12 +1081,14 @@ do { \ assert_type, \ left, \ right, \ + false, \ NULL) #define KUNIT_BINARY_PTR_GE_MSG_ASSERTION(test, \ assert_type, \ left, \ right, \ + custom_msg_bool, \ fmt, \ ...) \ KUNIT_BASE_GE_MSG_ASSERTION(test, \ @@ -1040,6 +1097,7 @@ do { \ assert_type, \ left, \ right, \ + custom_msg_bool, \ fmt, \ ##__VA_ARGS__) @@ -1197,6 +1255,16 @@ do { \ KUNIT_EXPECTATION, \ left, \ right, \ + false, \ + fmt, \ + ##__VA_ARGS__) + +#define KUNIT_EXPECT_EQ_CUSTOM_MSG(test, left, right, fmt, ...) \ + KUNIT_BINARY_EQ_MSG_ASSERTION(test, \ + KUNIT_EXPECTATION, \ + left, \ + right, \ + true, \ fmt, \ ##__VA_ARGS__) @@ -1222,9 +1290,18 @@ do { \ KUNIT_EXPECTATION, \ left, \ right, \ + false, \ fmt, \ ##__VA_ARGS__) +#define KUNIT_EXPECT_PTR_EQ_CUSTOM_MSG(test, left, right, fmt, ...) \ + KUNIT_BINARY_PTR_EQ_MSG_ASSERTION(test, \ + KUNIT_EXPECTATION, \ + left, \ + right, \ + true, \ + fmt, \ + ##__VA_ARGS__) /** * KUNIT_EXPECT_NE() - An expectation that @left and @right are not equal. * @test: The test context object. @@ -1244,6 +1321,16 @@ do { \ KUNIT_EXPECTATION, \ left, \ right, \ + false, \ + fmt, \ + ##__VA_ARGS__) + +#define KUNIT_EXPECT_NE_CUSTOM_MSG(test, left, right, fmt, ...) \ + KUNIT_BINARY_NE_MSG_ASSERTION(test, \ + KUNIT_EXPECTATION, \ + left, \ + right, \ + true, \ fmt, \ ##__VA_ARGS__) @@ -1269,6 +1356,7 @@ do { \ KUNIT_EXPECTATION, \ left, \ right, \ + false, \ fmt, \ ##__VA_ARGS__) @@ -1313,6 +1401,16 @@ do { \ KUNIT_EXPECTATION, \ left, \ right, \ + false, \ + fmt, \ + ##__VA_ARGS__) + +#define KUNIT_EXPECT_LE_CUSTOM_MSG(test, left, right, fmt, ...) \ + KUNIT_BINARY_LE_MSG_ASSERTION(test, \ + KUNIT_EXPECTATION, \ + left, \ + right, \ + true, \ fmt, \ ##__VA_ARGS__) @@ -1467,6 +1565,8 @@ do { \ fmt, \ ##__VA_ARGS__) +//#define KUNIT_ASSERT_EQ_TYPE(test, ) + /** * KUNIT_ASSERT_EQ() - Sets an assertion that @left and @right are equal. * @test: The test context object. @@ -1485,6 +1585,16 @@ do { \ KUNIT_ASSERTION, \ left, \ right, \ + false, \ + fmt, \ + ##__VA_ARGS__) + +#define KUNIT_ASSERT_EQ_CUSTOM_MSG(test, left, right, fmt, ...) \ + KUNIT_BINARY_EQ_MSG_ASSERTION(test, \ + KUNIT_ASSERTION, \ + left, \ + right, \ + true, \ fmt, \ ##__VA_ARGS__) @@ -1506,9 +1616,18 @@ do { \ KUNIT_ASSERTION, \ left, \ right, \ + false, \ fmt, \ ##__VA_ARGS__) +#define KUNIT_ASSERT_PTR_EQ_CUSTOM_MSG(test, left, right, fmt, ...) \ + KUNIT_BINARY_PTR_EQ_MSG_ASSERTION(test, \ + KUNIT_ASSERTION, \ + left, \ + right, \ + true, \ + fmt, \ + ##__VA_ARGS__) /** * KUNIT_ASSERT_NE() - An assertion that @left and @right are not equal. * @test: The test context object. @@ -1527,6 +1646,7 @@ do { \ KUNIT_ASSERTION, \ left, \ right, \ + false, \ fmt, \ ##__VA_ARGS__) @@ -1549,6 +1669,7 @@ do { \ KUNIT_ASSERTION, \ left, \ right, \ + false, \ fmt, \ ##__VA_ARGS__) /** @@ -1594,6 +1715,15 @@ do { \ fmt, \ ##__VA_ARGS__) +#define KUNIT_ASSERT_LE_CUSTOM_MSG(test, left, right, fmt, ...) \ + KUNIT_BINARY_LE_MSG_ASSERTION(test, \ + KUNIT_ASSERTION, \ + left, \ + right, \ + true, \ + fmt, \ + ##__VA_ARGS__) + /** * KUNIT_ASSERT_GT() - An assertion that @left is greater than @right. * @test: The test context object. @@ -1638,6 +1768,15 @@ do { \ fmt, \ ##__VA_ARGS__) +#define KUNIT_ASSERT_GE_CUSTOM_MSG(test, left, right, fmt, ...) \ + KUNIT_BINARY_GE_MSG_ASSERTION(test, \ + KUNIT_ASSERTION, \ + left, \ + right, \ + true, \ + fmt, \ + ##__VA_ARGS__) + /** * KUNIT_ASSERT_STREQ() - An assertion that strings @left and @right are equal. * @test: The test context object. diff --git a/lib/kunit/assert.c b/lib/kunit/assert.c index 33acdaa28a7d..202f9fdeed0e 100644 --- a/lib/kunit/assert.c +++ b/lib/kunit/assert.c @@ -32,8 +32,14 @@ EXPORT_SYMBOL_GPL(kunit_base_assert_format); void kunit_assert_print_msg(const struct kunit_assert *assert, struct string_stream *stream) { - if (assert->message.fmt) - string_stream_add(stream, "\n%pV", &assert->message); + struct kunit_binary_assert *binary_assert = container_of( + assert, struct kunit_binary_assert, assert); + if (assert->message.fmt) { + if (binary_assert->custom_msg == false) + string_stream_add(stream, "\n" KUNIT_SUBSUBTEST_INDENT "%pV", &assert->message); + else + string_stream_add(stream, KUNIT_SUBTEST_INDENT "%pV", &assert->message); + } } EXPORT_SYMBOL_GPL(kunit_assert_print_msg); @@ -92,17 +98,19 @@ void kunit_binary_assert_format(const struct kunit_assert *assert, assert, struct kunit_binary_assert, assert); kunit_base_assert_format(assert, stream); - string_stream_add(stream, - KUNIT_SUBTEST_INDENT "Expected %s %s %s, but\n", - binary_assert->left_text, - binary_assert->operation, - binary_assert->right_text); - string_stream_add(stream, KUNIT_SUBSUBTEST_INDENT "%s == %lld\n", - binary_assert->left_text, - binary_assert->left_value); - string_stream_add(stream, KUNIT_SUBSUBTEST_INDENT "%s == %lld", - binary_assert->right_text, - binary_assert->right_value); + if (binary_assert->custom_msg == false) { + string_stream_add(stream, + KUNIT_SUBTEST_INDENT "Expected %s %s %s, but\n", + binary_assert->left_text, + binary_assert->operation, + binary_assert->right_text); + string_stream_add(stream, KUNIT_SUBSUBTEST_INDENT "%s == %lld\n", + binary_assert->left_text, + binary_assert->left_value); + string_stream_add(stream, KUNIT_SUBSUBTEST_INDENT "%s == %lld", + binary_assert->right_text, + binary_assert->right_value); + } kunit_assert_print_msg(assert, stream); } EXPORT_SYMBOL_GPL(kunit_binary_assert_format); base-commit: d43c7fb05765152d4d4a39a8ef957c4ea14d8847 -- 2.26.2

4 years, 8 months

2
2
0 0

[PATCH bpf-next 6/6] selftests: bpf: test sockmap update from BPF

by Lorenz Bauer

Add a test which copies a socket from a sockmap into another sockmap or sockhash. This excercises bpf_map_update_elem support from BPF context. Compare the socket cookies from source and destination to ensure that the copy succeeded. Signed-off-by: Lorenz Bauer <lmb(a)cloudflare.com> --- .../selftests/bpf/prog_tests/sockmap_basic.c | 76 +++++++++++++++++++ .../selftests/bpf/progs/test_sockmap_copy.c | 48 ++++++++++++ 2 files changed, 124 insertions(+) create mode 100644 tools/testing/selftests/bpf/progs/test_sockmap_copy.c diff --git a/tools/testing/selftests/bpf/prog_tests/sockmap_basic.c b/tools/testing/selftests/bpf/prog_tests/sockmap_basic.c index 96e7b7f84c65..d30cabc00e9e 100644 --- a/tools/testing/selftests/bpf/prog_tests/sockmap_basic.c +++ b/tools/testing/selftests/bpf/prog_tests/sockmap_basic.c @@ -4,6 +4,7 @@ #include "test_progs.h" #include "test_skmsg_load_helpers.skel.h" +#include "test_sockmap_copy.skel.h" #define TCP_REPAIR 19 /* TCP sock is under repair right now */ @@ -101,6 +102,77 @@ static void test_skmsg_helpers(enum bpf_map_type map_type) test_skmsg_load_helpers__destroy(skel); } +static void test_sockmap_copy(enum bpf_map_type map_type) +{ + struct bpf_prog_test_run_attr attr; + struct test_sockmap_copy *skel; + __u64 src_cookie, dst_cookie; + int err, prog, s, src, dst; + const __u32 zero = 0; + char dummy[14] = {0}; + + s = connected_socket_v4(); + if (CHECK_FAIL(s == -1)) + return; + + skel = test_sockmap_copy__open_and_load(); + if (CHECK_FAIL(!skel)) { + close(s); + perror("test_sockmap_copy__open_and_load"); + return; + } + + prog = bpf_program__fd(skel->progs.copy_sock_map); + src = bpf_map__fd(skel->maps.src); + if (map_type == BPF_MAP_TYPE_SOCKMAP) + dst = bpf_map__fd(skel->maps.dst_sock_map); + else + dst = bpf_map__fd(skel->maps.dst_sock_hash); + + err = bpf_map_update_elem(src, &zero, &s, BPF_NOEXIST); + if (CHECK_FAIL(err)) { + perror("bpf_map_update"); + goto out; + } + + err = bpf_map_lookup_elem(src, &zero, &src_cookie); + if (CHECK_FAIL(err)) { + perror("bpf_map_lookup_elem(src)"); + goto out; + } + + attr = (struct bpf_prog_test_run_attr){ + .prog_fd = prog, + .repeat = 1, + .data_in = dummy, + .data_size_in = sizeof(dummy), + }; + + err = bpf_prog_test_run_xattr(&attr); + if (err) { + test__fail(); + perror("bpf_prog_test_run"); + goto out; + } else if (!attr.retval) { + PRINT_FAIL("bpf_prog_test_run: program returned %u\n", + attr.retval); + goto out; + } + + err = bpf_map_lookup_elem(dst, &zero, &dst_cookie); + if (CHECK_FAIL(err)) { + perror("bpf_map_lookup_elem(dst)"); + goto out; + } + + if (dst_cookie != src_cookie) + PRINT_FAIL("cookie %llu != %llu\n", dst_cookie, src_cookie); + +out: + close(s); + test_sockmap_copy__destroy(skel); +} + void test_sockmap_basic(void) { if (test__start_subtest("sockmap create_update_free")) @@ -111,4 +183,8 @@ void test_sockmap_basic(void) test_skmsg_helpers(BPF_MAP_TYPE_SOCKMAP); if (test__start_subtest("sockhash sk_msg load helpers")) test_skmsg_helpers(BPF_MAP_TYPE_SOCKHASH); + if (test__start_subtest("sockmap copy")) + test_sockmap_copy(BPF_MAP_TYPE_SOCKMAP); + if (test__start_subtest("sockhash copy")) + test_sockmap_copy(BPF_MAP_TYPE_SOCKHASH); } diff --git a/tools/testing/selftests/bpf/progs/test_sockmap_copy.c b/tools/testing/selftests/bpf/progs/test_sockmap_copy.c new file mode 100644 index 000000000000..9d0c9f28cab2 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_sockmap_copy.c @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: GPL-2.0 +// Copyright (c) 2020 Cloudflare +#include "vmlinux.h" +#include <bpf/bpf_helpers.h> + +struct { + __uint(type, BPF_MAP_TYPE_SOCKMAP); + __uint(max_entries, 1); + __type(key, __u32); + __type(value, __u64); +} src SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_SOCKMAP); + __uint(max_entries, 1); + __type(key, __u32); + __type(value, __u64); +} dst_sock_map SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_SOCKHASH); + __uint(max_entries, 1); + __type(key, __u32); + __type(value, __u64); +} dst_sock_hash SEC(".maps"); + +SEC("classifier/copy_sock_map") +int copy_sock_map(void *ctx) +{ + struct bpf_sock *sk; + bool failed = false; + __u32 key = 0; + + sk = bpf_map_lookup_elem(&src, &key); + if (!sk) + return SK_DROP; + + if (bpf_map_update_elem(&dst_sock_map, &key, sk, 0)) + failed = true; + + if (bpf_map_update_elem(&dst_sock_hash, &key, sk, 0)) + failed = true; + + bpf_sk_release(sk); + return failed ? SK_DROP : SK_PASS; +} + +char _license[] SEC("license") = "GPL"; -- 2.25.1

4 years, 8 months

2
4
0 0

[PATCH bpf-next v2 6/6] selftests: bpf: test sockmap update from BPF

by Lorenz Bauer

Add a test which copies a socket from a sockmap into another sockmap or sockhash. This excercises bpf_map_update_elem support from BPF context. Compare the socket cookies from source and destination to ensure that the copy succeeded. Signed-off-by: Lorenz Bauer <lmb(a)cloudflare.com> --- .../selftests/bpf/prog_tests/sockmap_basic.c | 71 +++++++++++++++++++ .../selftests/bpf/progs/test_sockmap_copy.c | 48 +++++++++++++ 2 files changed, 119 insertions(+) create mode 100644 tools/testing/selftests/bpf/progs/test_sockmap_copy.c diff --git a/tools/testing/selftests/bpf/prog_tests/sockmap_basic.c b/tools/testing/selftests/bpf/prog_tests/sockmap_basic.c index 96e7b7f84c65..cd05ff5e88e1 100644 --- a/tools/testing/selftests/bpf/prog_tests/sockmap_basic.c +++ b/tools/testing/selftests/bpf/prog_tests/sockmap_basic.c @@ -4,6 +4,7 @@ #include "test_progs.h" #include "test_skmsg_load_helpers.skel.h" +#include "test_sockmap_copy.skel.h" #define TCP_REPAIR 19 /* TCP sock is under repair right now */ @@ -101,6 +102,72 @@ static void test_skmsg_helpers(enum bpf_map_type map_type) test_skmsg_load_helpers__destroy(skel); } +static void test_sockmap_copy(enum bpf_map_type map_type) +{ + struct bpf_prog_test_run_attr tattr; + struct test_sockmap_copy *skel; + __u64 src_cookie, dst_cookie; + int err, prog, src, dst; + const __u32 zero = 0; + char dummy[14] = {0}; + __s64 sk; + + sk = connected_socket_v4(); + if (CHECK_FAIL(sk == -1)) + return; + + skel = test_sockmap_copy__open_and_load(); + if (CHECK_FAIL(!skel)) { + close(sk); + perror("test_sockmap_copy__open_and_load"); + return; + } + + prog = bpf_program__fd(skel->progs.copy_sock_map); + src = bpf_map__fd(skel->maps.src); + if (map_type == BPF_MAP_TYPE_SOCKMAP) + dst = bpf_map__fd(skel->maps.dst_sock_map); + else + dst = bpf_map__fd(skel->maps.dst_sock_hash); + + err = bpf_map_update_elem(src, &zero, &sk, BPF_NOEXIST); + if (CHECK_FAIL(err)) { + perror("bpf_map_update"); + goto out; + } + + err = bpf_map_lookup_elem(src, &zero, &src_cookie); + if (CHECK_FAIL(err)) { + perror("bpf_map_lookup_elem(src)"); + goto out; + } + + tattr = (struct bpf_prog_test_run_attr){ + .prog_fd = prog, + .repeat = 1, + .data_in = dummy, + .data_size_in = sizeof(dummy), + }; + + err = bpf_prog_test_run_xattr(&tattr); + if (CHECK_ATTR(err || !tattr.retval, "bpf_prog_test_run", + "errno=%u retval=%u\n", errno, tattr.retval)) + goto out; + + err = bpf_map_lookup_elem(dst, &zero, &dst_cookie); + if (CHECK_FAIL(err)) { + perror("bpf_map_lookup_elem(dst)"); + goto out; + } + + if (dst_cookie != src_cookie) + PRINT_FAIL("cookie %llu != %llu\n", dst_cookie, src_cookie); + +out: + close(sk); + test_sockmap_copy__destroy(skel); +} + void test_sockmap_basic(void) { if (test__start_subtest("sockmap create_update_free")) @@ -111,4 +178,8 @@ void test_sockmap_basic(void) test_skmsg_helpers(BPF_MAP_TYPE_SOCKMAP); if (test__start_subtest("sockhash sk_msg load helpers")) test_skmsg_helpers(BPF_MAP_TYPE_SOCKHASH); + if (test__start_subtest("sockmap copy")) + test_sockmap_copy(BPF_MAP_TYPE_SOCKMAP); + if (test__start_subtest("sockhash copy")) + test_sockmap_copy(BPF_MAP_TYPE_SOCKHASH); } diff --git a/tools/testing/selftests/bpf/progs/test_sockmap_copy.c b/tools/testing/selftests/bpf/progs/test_sockmap_copy.c new file mode 100644 index 000000000000..9d0c9f28cab2 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_sockmap_copy.c @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: GPL-2.0 +// Copyright (c) 2020 Cloudflare +#include "vmlinux.h" +#include <bpf/bpf_helpers.h> + +struct { + __uint(type, BPF_MAP_TYPE_SOCKMAP); + __uint(max_entries, 1); + __type(key, __u32); + __type(value, __u64); +} src SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_SOCKMAP); + __uint(max_entries, 1); + __type(key, __u32); + __type(value, __u64); +} dst_sock_map SEC(".maps"); + +struct { + __uint(type, BPF_MAP_TYPE_SOCKHASH); + __uint(max_entries, 1); + __type(key, __u32); + __type(value, __u64); +} dst_sock_hash SEC(".maps"); + +SEC("classifier/copy_sock_map") +int copy_sock_map(void *ctx) +{ + struct bpf_sock *sk; + bool failed = false; + __u32 key = 0; + + sk = bpf_map_lookup_elem(&src, &key); + if (!sk) + return SK_DROP; + + if (bpf_map_update_elem(&dst_sock_map, &key, sk, 0)) + failed = true; + + if (bpf_map_update_elem(&dst_sock_hash, &key, sk, 0)) + failed = true; + + bpf_sk_release(sk); + return failed ? SK_DROP : SK_PASS; +} + +char _license[] SEC("license") = "GPL"; -- 2.25.1

4 years, 8 months

1
0
0 0

Re: WARNING in __cfg80211_connect_result

by syzbot

syzbot has bisected this issue to: commit e7096c131e5161fa3b8e52a650d7719d2857adfd Author: Jason A. Donenfeld <Jason(a)zx2c4.com> Date: Sun Dec 8 23:27:34 2019 +0000 net: WireGuard secure network tunnel bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=175ad8b1900000 start commit: e3ec1e8c net: eliminate meaningless memcpy to data in pskb.. git tree: net-next final oops: https://syzkaller.appspot.com/x/report.txt?x=14dad8b1900000 console output: https://syzkaller.appspot.com/x/log.txt?x=10dad8b1900000 kernel config: https://syzkaller.appspot.com/x/.config?x=3d400a47d1416652 dashboard link: https://syzkaller.appspot.com/bug?extid=cc4c0f394e2611edba66 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=15d9de91900000 Reported-by: syzbot+cc4c0f394e2611edba66(a)syzkaller.appspotmail.com Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") For information about bisection process see: https://goo.gl/tpsmEJ#bisection

4 years, 8 months

4
3
0 0

[PATCH AUTOSEL 4.19 15/18] tools/testing/selftests/cgroup/cgroup_util.c: cg_read_strcmp: fix null pointer dereference

by Sasha Levin

From: Gaurav Singh <gaurav1086(a)gmail.com> [ Upstream commit d830020656c5b68ced962ed3cb51a90e0a89d4c4 ] Haven't reproduced this issue. This PR is does a minor code cleanup. Signed-off-by: Gaurav Singh <gaurav1086(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Tejun Heo <tj(a)kernel.org> Cc: Michal Koutn <mkoutny(a)suse.com> Cc: Roman Gushchin <guro(a)fb.com> Cc: Christian Brauner <christian.brauner(a)ubuntu.com> Cc: Chris Down <chris(a)chrisdown.name> Link: http://lkml.kernel.org/r/20200726013808.22242-1-gaurav1086@gmail.com Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/cgroup/cgroup_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/cgroup/cgroup_util.c b/tools/testing/selftests/cgroup/cgroup_util.c index 075cb0c730149..90418d79ef676 100644 --- a/tools/testing/selftests/cgroup/cgroup_util.c +++ b/tools/testing/selftests/cgroup/cgroup_util.c @@ -95,7 +95,7 @@ int cg_read_strcmp(const char *cgroup, const char *control, /* Handle the case of comparing against empty string */ if (!expected) - size = 32; + return -1; else size = strlen(expected) + 1; -- 2.25.1

4 years, 8 months

1
0
0 0

[PATCH AUTOSEL 5.4 19/22] tools/testing/selftests/cgroup/cgroup_util.c: cg_read_strcmp: fix null pointer dereference

by Sasha Levin

From: Gaurav Singh <gaurav1086(a)gmail.com> [ Upstream commit d830020656c5b68ced962ed3cb51a90e0a89d4c4 ] Haven't reproduced this issue. This PR is does a minor code cleanup. Signed-off-by: Gaurav Singh <gaurav1086(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Tejun Heo <tj(a)kernel.org> Cc: Michal Koutn <mkoutny(a)suse.com> Cc: Roman Gushchin <guro(a)fb.com> Cc: Christian Brauner <christian.brauner(a)ubuntu.com> Cc: Chris Down <chris(a)chrisdown.name> Link: http://lkml.kernel.org/r/20200726013808.22242-1-gaurav1086@gmail.com Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/cgroup/cgroup_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/cgroup/cgroup_util.c b/tools/testing/selftests/cgroup/cgroup_util.c index bdb69599c4bdc..5e939ff1e3f95 100644 --- a/tools/testing/selftests/cgroup/cgroup_util.c +++ b/tools/testing/selftests/cgroup/cgroup_util.c @@ -105,7 +105,7 @@ int cg_read_strcmp(const char *cgroup, const char *control, /* Handle the case of comparing against empty string */ if (!expected) - size = 32; + return -1; else size = strlen(expected) + 1; -- 2.25.1

4 years, 8 months

1
0
0 0

[PATCH AUTOSEL 5.7 21/24] tools/testing/selftests/cgroup/cgroup_util.c: cg_read_strcmp: fix null pointer dereference

by Sasha Levin

From: Gaurav Singh <gaurav1086(a)gmail.com> [ Upstream commit d830020656c5b68ced962ed3cb51a90e0a89d4c4 ] Haven't reproduced this issue. This PR is does a minor code cleanup. Signed-off-by: Gaurav Singh <gaurav1086(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Tejun Heo <tj(a)kernel.org> Cc: Michal Koutn <mkoutny(a)suse.com> Cc: Roman Gushchin <guro(a)fb.com> Cc: Christian Brauner <christian.brauner(a)ubuntu.com> Cc: Chris Down <chris(a)chrisdown.name> Link: http://lkml.kernel.org/r/20200726013808.22242-1-gaurav1086@gmail.com Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/cgroup/cgroup_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/cgroup/cgroup_util.c b/tools/testing/selftests/cgroup/cgroup_util.c index 8a637ca7d73a4..05853b0b88318 100644 --- a/tools/testing/selftests/cgroup/cgroup_util.c +++ b/tools/testing/selftests/cgroup/cgroup_util.c @@ -106,7 +106,7 @@ int cg_read_strcmp(const char *cgroup, const char *control, /* Handle the case of comparing against empty string */ if (!expected) - size = 32; + return -1; else size = strlen(expected) + 1; -- 2.25.1

4 years, 8 months

1
0
0 0

[PATCH AUTOSEL 5.8 23/27] tools/testing/selftests/cgroup/cgroup_util.c: cg_read_strcmp: fix null pointer dereference

by Sasha Levin

From: Gaurav Singh <gaurav1086(a)gmail.com> [ Upstream commit d830020656c5b68ced962ed3cb51a90e0a89d4c4 ] Haven't reproduced this issue. This PR is does a minor code cleanup. Signed-off-by: Gaurav Singh <gaurav1086(a)gmail.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Tejun Heo <tj(a)kernel.org> Cc: Michal Koutn <mkoutny(a)suse.com> Cc: Roman Gushchin <guro(a)fb.com> Cc: Christian Brauner <christian.brauner(a)ubuntu.com> Cc: Chris Down <chris(a)chrisdown.name> Link: http://lkml.kernel.org/r/20200726013808.22242-1-gaurav1086@gmail.com Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/cgroup/cgroup_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/cgroup/cgroup_util.c b/tools/testing/selftests/cgroup/cgroup_util.c index 8a637ca7d73a4..05853b0b88318 100644 --- a/tools/testing/selftests/cgroup/cgroup_util.c +++ b/tools/testing/selftests/cgroup/cgroup_util.c @@ -106,7 +106,7 @@ int cg_read_strcmp(const char *cgroup, const char *control, /* Handle the case of comparing against empty string */ if (!expected) - size = 32; + return -1; else size = strlen(expected) + 1; -- 2.25.1

4 years, 8 months

1
0
0 0

[PATCH] kunit: fix: kunit_binary_assert_format() only prints signed int

by Vitor Massaru Iha

Some tests, such as overflow_kunit(), uses unsigned int, But kunit_binary_assert_format() only prints signed int, this commit also deals with the unsigned int print. Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> --- lib/kunit/assert.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/lib/kunit/assert.c b/lib/kunit/assert.c index 202f9fdeed0e..3ae90c09986a 100644 --- a/lib/kunit/assert.c +++ b/lib/kunit/assert.c @@ -104,12 +104,23 @@ void kunit_binary_assert_format(const struct kunit_assert *assert, binary_assert->left_text, binary_assert->operation, binary_assert->right_text); - string_stream_add(stream, KUNIT_SUBSUBTEST_INDENT "%s == %lld\n", + + if (binary_assert->left_value - 1 < 0) { + string_stream_add(stream, KUNIT_SUBSUBTEST_INDENT "%s == %lld\n", + binary_assert->left_text, + binary_assert->left_value); + string_stream_add(stream, KUNIT_SUBSUBTEST_INDENT "%s == %lld", + binary_assert->right_text, + binary_assert->right_value); + } + else { + string_stream_add(stream, KUNIT_SUBSUBTEST_INDENT "%s == %llu\n", binary_assert->left_text, binary_assert->left_value); - string_stream_add(stream, KUNIT_SUBSUBTEST_INDENT "%s == %lld", + string_stream_add(stream, KUNIT_SUBSUBTEST_INDENT "%s == %llu", binary_assert->right_text, binary_assert->right_value); + } } kunit_assert_print_msg(assert, stream); } base-commit: d43c7fb05765152d4d4a39a8ef957c4ea14d8847 prerequisite-patch-id: bf4b0962b0b955e4e45f5d25fece889562118158 -- 2.26.2

4 years, 8 months

2
4
0 0

[PATCH v2] lib: kunit: Provides a userspace memory context when tests are compiled as module

by Vitor Massaru Iha

KUnit test cases run on kthreads, and kthreads don't have an adddress space (current->mm is NULL), but processes have mm. The purpose of this patch is to allow to borrow mm to KUnit kthread after userspace is brought up, because we know that there are processes running, at least the process that loaded the module to borrow mm. This allows, for example, tests such as user_copy_kunit, which uses vm_mmap, which needs current->mm. Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> --- v2: * splitted patch in 3: - Allows to install and load modules in root filesystem; - Provides an userspace memory context when tests are compiled as module; - Convert test_user_copy to KUnit test; * added documentation; * added more explanation; * tested a pointer; * released mput(); --- Documentation/dev-tools/kunit/usage.rst | 14 ++++++++++++++ include/kunit/test.h | 12 ++++++++++++ lib/kunit/try-catch.c | 15 ++++++++++++++- 3 files changed, 40 insertions(+), 1 deletion(-) diff --git a/Documentation/dev-tools/kunit/usage.rst b/Documentation/dev-tools/kunit/usage.rst index 3c3fe8b5fecc..9f909157be34 100644 --- a/Documentation/dev-tools/kunit/usage.rst +++ b/Documentation/dev-tools/kunit/usage.rst @@ -448,6 +448,20 @@ We can now use it to test ``struct eeprom_buffer``: .. _kunit-on-non-uml: +User-space context +------------------ + +I case you need a user-space context, for now this is only possible through +tests compiled as a module. And it will be necessary to use a root filesystem +and uml_utilities. + +Example: + +.. code-block:: bash + + ./tools/testing/kunit/kunit.py run --timeout=60 --uml_rootfs_dir=.uml_rootfs + + KUnit on non-UML architectures ============================== diff --git a/include/kunit/test.h b/include/kunit/test.h index 59f3144f009a..ae3337139c65 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -222,6 +222,18 @@ struct kunit { * protect it with some type of lock. */ struct list_head resources; /* Protected by lock. */ + /* + * KUnit test cases run on kthreads, and kthreads don't have an + * adddress space (current->mm is NULL), but processes have mm. + * + * The purpose of this mm_struct is to allow to borrow mm to KUnit kthread + * after userspace is brought up, because we know that there are processes + * running, at least the process that loaded the module to borrow mm. + * + * This allows, for example, tests such as user_copy_kunit, which uses + * vm_mmap, which needs current->mm. + */ + struct mm_struct *mm; }; void kunit_init_test(struct kunit *test, const char *name, char *log); diff --git a/lib/kunit/try-catch.c b/lib/kunit/try-catch.c index 0dd434e40487..d03e2093985b 100644 --- a/lib/kunit/try-catch.c +++ b/lib/kunit/try-catch.c @@ -11,7 +11,8 @@ #include <linux/completion.h> #include <linux/kernel.h> #include <linux/kthread.h> - +#include <linux/sched/mm.h> +#include <linux/sched/task.h> #include "try-catch-impl.h" void __noreturn kunit_try_catch_throw(struct kunit_try_catch *try_catch) @@ -24,8 +25,17 @@ EXPORT_SYMBOL_GPL(kunit_try_catch_throw); static int kunit_generic_run_threadfn_adapter(void *data) { struct kunit_try_catch *try_catch = data; + struct kunit *test = try_catch->test; + + if (test != NULL && test->mm != NULL) + kthread_use_mm(test->mm); try_catch->try(try_catch->context); + if (test != NULL && test->mm != NULL) { + kthread_unuse_mm(test->mm); + mmput(test->mm); + test->mm = NULL; + } complete_and_exit(try_catch->try_completion, 0); } @@ -65,6 +75,9 @@ void kunit_try_catch_run(struct kunit_try_catch *try_catch, void *context) try_catch->context = context; try_catch->try_completion = &try_completion; try_catch->try_result = 0; + + test->mm = get_task_mm(current); + task_struct = kthread_run(kunit_generic_run_threadfn_adapter, try_catch, "kunit_try_catch_thread"); base-commit: 725aca9585956676687c4cb803e88f770b0df2b2 prerequisite-patch-id: 5e5f9a8a05c5680fda1b04c9ab1b95ce91dc88b2 prerequisite-patch-id: 4d997940f4a9f303424af9bac412de1af861f9d9 prerequisite-patch-id: 582b6d9d28ce4b71628890ec832df6522ca68de0 -- 2.26.2

4 years, 8 months

2
2
0 0

[PATCH v2] lib: Convert test_user_copy to KUnit test

by Vitor Massaru Iha

This adds the conversion of the runtime tests of test_user_copy fuctions, from `lib/test_user_copy.c` to KUnit tests. Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> --- v2: * splitted patch in 3: - Allows to install and load modules in root filesystem; - Provides an userspace memory context when tests are compiled as module; - Convert test_user_copy to KUnit test; * removed entry for CONFIG_TEST_USER_COPY; * replaced pr_warn to KUNIT_EXPECT_FALSE_MSG in test macro to decrease the diff; --- lib/Kconfig.debug | 28 ++++++++------ lib/Makefile | 2 +- lib/{test_user_copy.c => user_copy_kunit.c} | 42 +++++++++------------ 3 files changed, 35 insertions(+), 37 deletions(-) rename lib/{test_user_copy.c => user_copy_kunit.c} (91%) diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 9ad9210d70a1..f699a3624ae7 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2078,18 +2078,6 @@ config TEST_VMALLOC If unsure, say N. -config TEST_USER_COPY - tristate "Test user/kernel boundary protections" - depends on m - help - This builds the "test_user_copy" module that runs sanity checks - on the copy_to/from_user infrastructure, making sure basic - user/kernel boundary testing is working. If it fails to load, - a regression has been detected in the user/kernel memory boundary - protections. - - If unsure, say N. - config TEST_BPF tristate "Test BPF filter functionality" depends on m && NET @@ -2154,6 +2142,22 @@ config SYSCTL_KUNIT_TEST If unsure, say N. +config USER_COPY_KUNIT + tristate "KUnit Test for user/kernel boundary protections" + depends on KUNIT + depends on m + help + This builds the "user_copy_kunit" module that runs sanity checks + on the copy_to/from_user infrastructure, making sure basic + user/kernel boundary testing is working. If it fails to load, + a regression has been detected in the user/kernel memory boundary + protections. + + For more information on KUnit and unit tests in general please refer + to the KUnit documentation in Documentation/dev-tools/kunit/. + + If unsure, say N. + config LIST_KUNIT_TEST tristate "KUnit Test for Kernel Linked-list structures" if !KUNIT_ALL_TESTS depends on KUNIT diff --git a/lib/Makefile b/lib/Makefile index b1c42c10073b..8c145f85accc 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -78,7 +78,6 @@ obj-$(CONFIG_TEST_VMALLOC) += test_vmalloc.o obj-$(CONFIG_TEST_OVERFLOW) += test_overflow.o obj-$(CONFIG_TEST_RHASHTABLE) += test_rhashtable.o obj-$(CONFIG_TEST_SORT) += test_sort.o -obj-$(CONFIG_TEST_USER_COPY) += test_user_copy.o obj-$(CONFIG_TEST_STATIC_KEYS) += test_static_keys.o obj-$(CONFIG_TEST_STATIC_KEYS) += test_static_key_base.o obj-$(CONFIG_TEST_PRINTF) += test_printf.o @@ -318,3 +317,4 @@ obj-$(CONFIG_OBJAGG) += objagg.o # KUnit tests obj-$(CONFIG_LIST_KUNIT_TEST) += list-test.o obj-$(CONFIG_LINEAR_RANGES_TEST) += test_linear_ranges.o +obj-$(CONFIG_USER_COPY_KUNIT) += user_copy_kunit.o diff --git a/lib/test_user_copy.c b/lib/user_copy_kunit.c similarity index 91% rename from lib/test_user_copy.c rename to lib/user_copy_kunit.c index 5ff04d8fe971..a10ddd15b4cd 100644 --- a/lib/test_user_copy.c +++ b/lib/user_copy_kunit.c @@ -16,6 +16,7 @@ #include <linux/slab.h> #include <linux/uaccess.h> #include <linux/vmalloc.h> +#include <kunit/test.h> /* * Several 32-bit architectures support 64-bit {get,put}_user() calls. @@ -35,7 +36,7 @@ ({ \ int cond = (condition); \ if (cond) \ - pr_warn("[%d] " msg "\n", __LINE__, ##__VA_ARGS__); \ + KUNIT_EXPECT_FALSE_MSG(test, cond, msg, ##__VA_ARGS__); \ cond; \ }) @@ -44,7 +45,7 @@ static bool is_zeroed(void *from, size_t size) return memchr_inv(from, 0x0, size) == NULL; } -static int test_check_nonzero_user(char *kmem, char __user *umem, size_t size) +static int test_check_nonzero_user(struct kunit *test, char *kmem, char __user *umem, size_t size) { int ret = 0; size_t start, end, i, zero_start, zero_end; @@ -102,7 +103,7 @@ static int test_check_nonzero_user(char *kmem, char __user *umem, size_t size) return ret; } -static int test_copy_struct_from_user(char *kmem, char __user *umem, +static int test_copy_struct_from_user(struct kunit *test, char *kmem, char __user *umem, size_t size) { int ret = 0; @@ -177,7 +178,7 @@ static int test_copy_struct_from_user(char *kmem, char __user *umem, return ret; } -static int __init test_user_copy_init(void) +static void user_copy_test(struct kunit *test) { int ret = 0; char *kmem; @@ -192,16 +193,14 @@ static int __init test_user_copy_init(void) #endif kmem = kmalloc(PAGE_SIZE * 2, GFP_KERNEL); - if (!kmem) - return -ENOMEM; + KUNIT_EXPECT_FALSE_MSG(test, kmem == NULL, "kmalloc failed"); user_addr = vm_mmap(NULL, 0, PAGE_SIZE * 2, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANONYMOUS | MAP_PRIVATE, 0); if (user_addr >= (unsigned long)(TASK_SIZE)) { - pr_warn("Failed to allocate user memory\n"); kfree(kmem); - return -ENOMEM; + KUNIT_FAIL(test, "Failed to allocate user memory"); } usermem = (char __user *)user_addr; @@ -245,9 +244,9 @@ static int __init test_user_copy_init(void) #undef test_legit /* Test usage of check_nonzero_user(). */ - ret |= test_check_nonzero_user(kmem, usermem, 2 * PAGE_SIZE); + ret |= test_check_nonzero_user(test, kmem, usermem, 2 * PAGE_SIZE); /* Test usage of copy_struct_from_user(). */ - ret |= test_copy_struct_from_user(kmem, usermem, 2 * PAGE_SIZE); + ret |= test_copy_struct_from_user(test, kmem, usermem, 2 * PAGE_SIZE); /* * Invalid usage: none of these copies should succeed. @@ -309,23 +308,18 @@ static int __init test_user_copy_init(void) vm_munmap(user_addr, PAGE_SIZE * 2); kfree(kmem); - - if (ret == 0) { - pr_info("tests passed.\n"); - return 0; - } - - return -EINVAL; } -module_init(test_user_copy_init); - -static void __exit test_user_copy_exit(void) -{ - pr_info("unloaded.\n"); -} +static struct kunit_case user_copy_test_cases[] = { + KUNIT_CASE(user_copy_test), + {} +}; -module_exit(test_user_copy_exit); +static struct kunit_suite user_copy_test_suite = { + .name = "user_copy", + .test_cases = user_copy_test_cases, +}; +kunit_test_suites(&user_copy_test_suite); MODULE_AUTHOR("Kees Cook <keescook(a)chromium.org>"); MODULE_LICENSE("GPL"); base-commit: 725aca9585956676687c4cb803e88f770b0df2b2 prerequisite-patch-id: 5e5f9a8a05c5680fda1b04c9ab1b95ce91dc88b2 prerequisite-patch-id: 4d997940f4a9f303424af9bac412de1af861f9d9 prerequisite-patch-id: 582b6d9d28ce4b71628890ec832df6522ca68de0 prerequisite-patch-id: 5cd745ed9bbb0b36010c5de8adc19bfa86ad8be0 prerequisite-patch-id: 42f17b389ec15baf50dd1c43f6e30b8d2dff7964 -- 2.26.2

4 years, 8 months

2
1
0 0

[PATCH 00/11] Introduce kernel_clone(), kill _do_fork()

by Christian Brauner

Hey everyone, This is a follow-up to the do_fork() cleanup from last cycle based on a short discussion this was merged. Last cycle we removed copy_thread_tls() and the associated Kconfig option for each architecture. Now we are only left with copy_thread(). Part of this work was removing the old do_fork() legacy clone()-style calling convention in favor of the new struct kernel_clone args calling convention. The only remaining function callable outside of kernel/fork.c is _do_fork(). It doesn't really follow the naming of kernel-internal syscall helpers as Christoph righly pointed out. Switch all callers and references to kernel_clone() and remove _do_fork() once and for all. For all architectures I have done a full git rebase v5.9-rc1 -x "make -j31". There were no built failures and the changes were fairly mechanical. The only helpers we have left now are kernel_thread() and kernel_clone() where kernel_thread() just calls kernel_clone(). Thanks! Christian Christian Brauner (11): fork: introduce kernel_clone() h8300: switch to kernel_clone() ia64: switch to kernel_clone() m68k: switch to kernel_clone() nios2: switch to kernel_clone() sparc: switch to kernel_clone() x86: switch to kernel_clone() kprobes: switch to kernel_clone() kgdbts: switch to kernel_clone() tracing: switch to kernel_clone() sched: remove _do_fork() Documentation/trace/histogram.rst | 4 +- arch/h8300/kernel/process.c | 2 +- arch/ia64/kernel/process.c | 4 +- arch/m68k/kernel/process.c | 10 ++-- arch/nios2/kernel/process.c | 2 +- arch/sparc/kernel/process.c | 6 +-- arch/x86/kernel/sys_ia32.c | 2 +- drivers/misc/kgdbts.c | 48 +++++++++---------- include/linux/sched/task.h | 2 +- kernel/fork.c | 14 +++--- samples/kprobes/kprobe_example.c | 6 +-- samples/kprobes/kretprobe_example.c | 4 +- .../test.d/dynevent/add_remove_kprobe.tc | 2 +- .../test.d/dynevent/clear_select_events.tc | 2 +- .../test.d/dynevent/generic_clear_event.tc | 2 +- .../test.d/ftrace/func-filter-stacktrace.tc | 4 +- .../ftrace/test.d/kprobe/add_and_remove.tc | 2 +- .../ftrace/test.d/kprobe/busy_check.tc | 2 +- .../ftrace/test.d/kprobe/kprobe_args.tc | 4 +- .../ftrace/test.d/kprobe/kprobe_args_comm.tc | 2 +- .../test.d/kprobe/kprobe_args_string.tc | 4 +- .../test.d/kprobe/kprobe_args_symbol.tc | 10 ++-- .../ftrace/test.d/kprobe/kprobe_args_type.tc | 2 +- .../ftrace/test.d/kprobe/kprobe_ftrace.tc | 14 +++--- .../ftrace/test.d/kprobe/kprobe_multiprobe.tc | 2 +- .../test.d/kprobe/kprobe_syntax_errors.tc | 12 ++--- .../ftrace/test.d/kprobe/kretprobe_args.tc | 4 +- .../selftests/ftrace/test.d/kprobe/profile.tc | 2 +- 28 files changed, 87 insertions(+), 87 deletions(-) base-commit: 9123e3a74ec7b934a4a099e98af6a61c2f80bbf5 -- 2.28.0

4 years, 8 months

6
24
0 0

[PATCH] selftests: kvm: Fix an unexpected failure with newer gcc compiler

by Yang Weijiang

If debug_regs.c is built with newer gcc, e.g., 8.3.1 on my side, then the generated binary looks like over-optimized by gcc: asm volatile("ss_start: " "xor %%rax,%%rax\n\t" "cpuid\n\t" "movl $0x1a0,%%ecx\n\t" "rdmsr\n\t" : : : "rax", "ecx"); is translated to : 000000000040194e <ss_start>: 40194e: 31 c0 xor %eax,%eax <----- rax->eax? 401950: 0f a2 cpuid 401952: b9 a0 01 00 00 mov $0x1a0,%ecx 401957: 0f 32 rdmsr As you can see rax is replaced with eax in taret binary code. But if I replace %%rax with %%r8 or any GPR from r8~15, then I get below expected binary: 0000000000401950 <ss_start>: 401950: 45 31 ff xor %r15d,%r15d 401953: 0f a2 cpuid 401955: b9 a0 01 00 00 mov $0x1a0,%ecx 40195a: 0f 32 rdmsr The difference is the length of xor instruction(2 Byte vs 3 Byte), so this makes below hard-coded instruction length cannot pass runtime check: /* Instruction lengths starting at ss_start */ int ss_size[4] = { 3, /* xor */ <-------- 2 or 3? 2, /* cpuid */ 5, /* mov */ 2, /* rdmsr */ }; Note: Use 8.2.1 or older gcc, it generates expected 3 bytes xor target code. I use the default Makefile to build the binaries, and I cannot figure out why this happens, so it comes this patch, maybe you have better solution to resolve the issue. If you know how things work in this way, please let me know, thanks! Below is the capture from my environments: ======================================================================== gcc (GCC) 8.3.1 20190223 (Red Hat 8.3.1-2) Copyright (C) 2018 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 0000000000401950 <ss_start>: 401950: 45 31 ff xor %r15d,%r15d 401953: 0f a2 cpuid 401955: b9 a0 01 00 00 mov $0x1a0,%ecx 40195a: 0f 32 rdmsr 000000000040194f <ss_start>: 40194f: 31 db xor %ebx,%ebx 401951: 0f a2 cpuid 401953: b9 a0 01 00 00 mov $0x1a0,%ecx 401958: 0f 32 rdmsr 000000000040194e <ss_start>: 40194e: 31 c0 xor %eax,%eax 401950: 0f a2 cpuid 401952: b9 a0 01 00 00 mov $0x1a0,%ecx 401957: 0f 32 rdmsr ========================================================================== gcc (GCC) 8.2.1 20180905 (Red Hat 8.2.1-3) Copyright (C) 2018 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 0000000000401750 <ss_start>: 401750: 48 31 c0 xor %rax,%rax 401753: 0f a2 cpuid 401755: b9 a0 01 00 00 mov $0x1a0,%ecx 40175a: 0f 32 rdmsr Signed-off-by: Yang Weijiang <weijiang.yang(a)intel.com> --- tools/testing/selftests/kvm/x86_64/debug_regs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/kvm/x86_64/debug_regs.c b/tools/testing/selftests/kvm/x86_64/debug_regs.c index 8162c58a1234..74641cfa8ace 100644 --- a/tools/testing/selftests/kvm/x86_64/debug_regs.c +++ b/tools/testing/selftests/kvm/x86_64/debug_regs.c @@ -40,11 +40,11 @@ static void guest_code(void) /* Single step test, covers 2 basic instructions and 2 emulated */ asm volatile("ss_start: " - "xor %%rax,%%rax\n\t" + "xor %%r15,%%r15\n\t" "cpuid\n\t" "movl $0x1a0,%%ecx\n\t" "rdmsr\n\t" - : : : "rax", "ecx"); + : : : "r15", "ecx"); /* DR6.BD test */ asm volatile("bd_start: mov %%dr0, %%rax" : : : "rax"); -- 2.17.2

4 years, 8 months

3
3
0 0

[PATCH v3] kunit: added lockdep support

by Uriel Guajardo

From: Uriel Guajardo <urielguajardo(a)google.com> KUnit will fail tests upon observing a lockdep failure. Because lockdep turns itself off after its first failure, only fail the first test and warn users to not expect any future failures from lockdep. Similar to lib/locking-selftest [1], we check if the status of debug_locks has changed after the execution of a test case. However, we do not reset lockdep afterwards. Like the locking selftests, we also fix possible preemption count corruption from lock bugs. Depends on kunit: support failure from dynamic analysis tools [2] [1] https://elixir.bootlin.com/linux/v5.7.12/source/lib/locking-selftest.c#L1137 [2] https://lore.kernel.org/linux-kselftest/20200806174326.3577537-1-urielguaja… Signed-off-by: Uriel Guajardo <urielguajardo(a)google.com> --- v3 changes: - Moved lockdep checking to own file [Alan] - Fail if preemption count changes during test [Peter] v2 changes: - Removed lockdep_reset [Peter] - Added warning to users about lockdep shutting off --- include/kunit/kunit-lockdep.h | 38 +++++++++++++++++++++++++++++++++++ lib/kunit/Makefile | 2 ++ lib/kunit/kunit-lockdep.c | 37 ++++++++++++++++++++++++++++++++++ lib/kunit/test.c | 7 ++++++- 4 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 include/kunit/kunit-lockdep.h create mode 100644 lib/kunit/kunit-lockdep.c diff --git a/include/kunit/kunit-lockdep.h b/include/kunit/kunit-lockdep.h new file mode 100644 index 000000000000..9cb8b931a9c6 --- /dev/null +++ b/include/kunit/kunit-lockdep.h @@ -0,0 +1,38 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Lockdep integration into KUnit tests + * + * Copyright (C) 2020, Google LLC. + * Author: Uriel Guajardo <urielguajardo(a)google.com> + */ +#ifndef _KUNIT_LOCKDEP_H +#define _KUNIT_LOCKDEP_H + +#include <kunit/test.h> + +struct kunit_lockdep { + int preempt_count; + bool debug_locks; +}; + +#if IS_ENABLED(CONFIG_LOCKDEP) + +void kunit_init_lockdep(struct kunit *test, struct kunit_lockdep *lockdep); + +void kunit_check_lockdep(struct kunit *test, struct kunit_lockdep *lockdep); + +#else + +static inline void kunit_init_lockdep(struct kunit *test, + struct kunit_lockdep *lockdep) +{ +} + +static inline void kunit_check_lockdep(struct kunit *test, + struct kunit_lockdep *lockdep) +{ +} + +#endif + +#endif /* _KUNIT_LOCKDEP_H */ diff --git a/lib/kunit/Makefile b/lib/kunit/Makefile index 724b94311ca3..084806cea994 100644 --- a/lib/kunit/Makefile +++ b/lib/kunit/Makefile @@ -5,6 +5,8 @@ kunit-objs += test.o \ assert.o \ try-catch.o +obj-$(CONFIG_LOCKDEP) += kunit-lockdep.o + ifeq ($(CONFIG_KUNIT_DEBUGFS),y) kunit-objs += debugfs.o endif diff --git a/lib/kunit/kunit-lockdep.c b/lib/kunit/kunit-lockdep.c new file mode 100644 index 000000000000..cc8c1baf25cd --- /dev/null +++ b/lib/kunit/kunit-lockdep.c @@ -0,0 +1,37 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Lockdep integration into KUnit tests + * + * Copyright (C) 2020, Google LLC. + * Author: Uriel Guajardo <urielguajardo(a)google.com> + */ + +#include <kunit/kunit-lockdep.h> +#include <linux/debug_locks.h> +#include <linux/sched.h> + +void kunit_init_lockdep(struct kunit *test, struct kunit_lockdep *lockdep) { + lockdep->debug_locks = debug_locks; + lockdep->preempt_count = preempt_count(); +} + +void kunit_check_lockdep(struct kunit *test, struct kunit_lockdep *lockdep) { + int saved_preempt_count = lockdep->preempt_count; + bool saved_debug_locks = lockdep->debug_locks; + + if (DEBUG_LOCKS_WARN_ON(preempt_count() != saved_preempt_count)) + preempt_count_set(saved_preempt_count); + +#ifdef CONFIG_TRACE_IRQFLAGS + if (softirq_count()) + current->softirqs_enabled = 0; + else + current->softirqs_enabled = 1; +#endif + + if (saved_debug_locks && !debug_locks) { + kunit_set_failure(test); + kunit_warn(test, "Dynamic analysis tool failure from LOCKDEP."); + kunit_warn(test, "Further tests will have LOCKDEP disabled."); + } +} diff --git a/lib/kunit/test.c b/lib/kunit/test.c index d8189d827368..7f0af0465e6f 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -7,6 +7,7 @@ */ #include <kunit/test.h> +#include <kunit/kunit-lockdep.h> #include <linux/kernel.h> #include <linux/kref.h> #include <linux/sched/debug.h> @@ -290,6 +291,9 @@ static void kunit_try_run_case(void *data) struct kunit_suite *suite = ctx->suite; struct kunit_case *test_case = ctx->test_case; + struct kunit_lockdep lockdep; + kunit_init_lockdep(test, &lockdep); + current->kunit_test = test; /* @@ -298,7 +302,8 @@ static void kunit_try_run_case(void *data) * thread will resume control and handle any necessary clean up. */ kunit_run_case_internal(test, suite, test_case); - /* This line may never be reached. */ + /* These lines may never be reached. */ + kunit_check_lockdep(test, &lockdep); kunit_run_case_cleanup(test, suite); } -- 2.28.0.220.ged08abb693-goog

4 years, 8 months

4
6
0 0

[PATCH] mm/gup_benchmark: use pin_user_pages for FOLL_LONGTERM flag

by Barry Song

According to Documentation/core-api/pin_user_pages.rst, FOLL_PIN is a prerequisite to FOLL_LONGTERM. Another way of saying that is, FOLL_LONGTERM is a specific case, more restrictive case of FOLL_PIN. Almost all kernel modules are using pin_user_pages() with FOLL_LONGTERM, mm/gup_benchmark.c seems to the only exception in which FOLL_PIN is not a prerequisite to FOLL_LONGTERM. Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Jan Kara <jack(a)suse.cz> Cc: Jérôme Glisse <jglisse(a)redhat.com> Cc: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: Dave Chinner <david(a)fromorbit.com> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Kravetz <mike.kravetz(a)oracle.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Vlastimil Babka <vbabka(a)suse.cz> Signed-off-by: Barry Song <song.bao.hua(a)hisilicon.com> --- mm/gup_benchmark.c | 23 +++++++++++----------- tools/testing/selftests/vm/gup_benchmark.c | 14 ++++++------- 2 files changed, 19 insertions(+), 18 deletions(-) diff --git a/mm/gup_benchmark.c b/mm/gup_benchmark.c index be690fa66a46..464cae1fa3ea 100644 --- a/mm/gup_benchmark.c +++ b/mm/gup_benchmark.c @@ -6,10 +6,10 @@ #include <linux/debugfs.h> #define GUP_FAST_BENCHMARK _IOWR('g', 1, struct gup_benchmark) -#define GUP_LONGTERM_BENCHMARK _IOWR('g', 2, struct gup_benchmark) -#define GUP_BENCHMARK _IOWR('g', 3, struct gup_benchmark) -#define PIN_FAST_BENCHMARK _IOWR('g', 4, struct gup_benchmark) -#define PIN_BENCHMARK _IOWR('g', 5, struct gup_benchmark) +#define GUP_BENCHMARK _IOWR('g', 2, struct gup_benchmark) +#define PIN_FAST_BENCHMARK _IOWR('g', 3, struct gup_benchmark) +#define PIN_BENCHMARK _IOWR('g', 4, struct gup_benchmark) +#define PIN_LONGTERM_BENCHMARK _IOWR('g', 5, struct gup_benchmark) struct gup_benchmark { __u64 get_delta_usec; @@ -28,7 +28,6 @@ static void put_back_pages(unsigned int cmd, struct page **pages, switch (cmd) { case GUP_FAST_BENCHMARK: - case GUP_LONGTERM_BENCHMARK: case GUP_BENCHMARK: for (i = 0; i < nr_pages; i++) put_page(pages[i]); @@ -36,6 +35,7 @@ static void put_back_pages(unsigned int cmd, struct page **pages, case PIN_FAST_BENCHMARK: case PIN_BENCHMARK: + case PIN_LONGTERM_BENCHMARK: unpin_user_pages(pages, nr_pages); break; } @@ -50,6 +50,7 @@ static void verify_dma_pinned(unsigned int cmd, struct page **pages, switch (cmd) { case PIN_FAST_BENCHMARK: case PIN_BENCHMARK: + case PIN_LONGTERM_BENCHMARK: for (i = 0; i < nr_pages; i++) { page = pages[i]; if (WARN(!page_maybe_dma_pinned(page), @@ -101,11 +102,6 @@ static int __gup_benchmark_ioctl(unsigned int cmd, nr = get_user_pages_fast(addr, nr, gup->flags, pages + i); break; - case GUP_LONGTERM_BENCHMARK: - nr = get_user_pages(addr, nr, - gup->flags | FOLL_LONGTERM, - pages + i, NULL); - break; case GUP_BENCHMARK: nr = get_user_pages(addr, nr, gup->flags, pages + i, NULL); @@ -118,6 +114,11 @@ static int __gup_benchmark_ioctl(unsigned int cmd, nr = pin_user_pages(addr, nr, gup->flags, pages + i, NULL); break; + case PIN_LONGTERM_BENCHMARK: + nr = pin_user_pages(addr, nr, + gup->flags | FOLL_LONGTERM, + pages + i, NULL); + break; default: kvfree(pages); ret = -EINVAL; @@ -162,10 +163,10 @@ static long gup_benchmark_ioctl(struct file *filep, unsigned int cmd, switch (cmd) { case GUP_FAST_BENCHMARK: - case GUP_LONGTERM_BENCHMARK: case GUP_BENCHMARK: case PIN_FAST_BENCHMARK: case PIN_BENCHMARK: + case PIN_LONGTERM_BENCHMARK: break; default: return -EINVAL; diff --git a/tools/testing/selftests/vm/gup_benchmark.c b/tools/testing/selftests/vm/gup_benchmark.c index 43b4dfe161a2..31f8bb086907 100644 --- a/tools/testing/selftests/vm/gup_benchmark.c +++ b/tools/testing/selftests/vm/gup_benchmark.c @@ -15,12 +15,12 @@ #define PAGE_SIZE sysconf(_SC_PAGESIZE) #define GUP_FAST_BENCHMARK _IOWR('g', 1, struct gup_benchmark) -#define GUP_LONGTERM_BENCHMARK _IOWR('g', 2, struct gup_benchmark) -#define GUP_BENCHMARK _IOWR('g', 3, struct gup_benchmark) +#define GUP_BENCHMARK _IOWR('g', 2, struct gup_benchmark) /* Similar to above, but use FOLL_PIN instead of FOLL_GET. */ -#define PIN_FAST_BENCHMARK _IOWR('g', 4, struct gup_benchmark) -#define PIN_BENCHMARK _IOWR('g', 5, struct gup_benchmark) +#define PIN_FAST_BENCHMARK _IOWR('g', 3, struct gup_benchmark) +#define PIN_BENCHMARK _IOWR('g', 4, struct gup_benchmark) +#define PIN_LONGTERM_BENCHMARK _IOWR('g', 5, struct gup_benchmark) /* Just the flags we need, copied from mm.h: */ #define FOLL_WRITE 0x01 /* check pte is writable */ @@ -52,6 +52,9 @@ int main(int argc, char **argv) case 'b': cmd = PIN_BENCHMARK; break; + case 'L': + cmd = PIN_LONGTERM_BENCHMARK; + break; case 'm': size = atoi(optarg) * MB; break; @@ -67,9 +70,6 @@ int main(int argc, char **argv) case 'T': thp = 0; break; - case 'L': - cmd = GUP_LONGTERM_BENCHMARK; - break; case 'U': cmd = GUP_BENCHMARK; break; -- 2.27.0

4 years, 8 months

2
1
0 0

[PATCH 0/2] Fix S_ISDIR execve() errno

by Kees Cook

Hi Andrew, This fixes an errno change for execve() of directories, noticed by Marc Zyngier[1]. Along with the fix, include a regression test to avoid seeing this return in the future. Thanks! -Kees [1] https://lore.kernel.org/lkml/20200813151305.6191993b@why Kees Cook (2): exec: Restore EACCES of S_ISDIR execve() selftests/exec: Add file type errno tests fs/namei.c | 4 +- tools/testing/selftests/exec/.gitignore | 1 + tools/testing/selftests/exec/Makefile | 5 +- tools/testing/selftests/exec/non-regular.c | 196 +++++++++++++++++++++ 4 files changed, 203 insertions(+), 3 deletions(-) create mode 100755 tools/testing/selftests/exec/non-regular.c -- 2.25.1

4 years, 8 months

3
5
0 0

Re: BUG: unable to handle kernel paging request in fl_dump_key

by syzbot

syzbot has bisected this issue to: commit a51486266c3ba8e035a47fa96df67f274fe0c7d0 Author: Jiri Pirko <jiri(a)mellanox.com> Date: Sat Jun 15 09:03:49 2019 +0000 net: sched: remove NET_CLS_IND config option bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=17463509900000 start commit: 1ca0fafd tcp: md5: allow changing MD5 keys in all socket s.. git tree: net final oops: https://syzkaller.appspot.com/x/report.txt?x=14c63509900000 console output: https://syzkaller.appspot.com/x/log.txt?x=10c63509900000 kernel config: https://syzkaller.appspot.com/x/.config?x=bf3aec367b9ab569 dashboard link: https://syzkaller.appspot.com/bug?extid=9c1be56e9317b795e874 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1062a40b100000 Reported-by: syzbot+9c1be56e9317b795e874(a)syzkaller.appspotmail.com Fixes: a51486266c3b ("net: sched: remove NET_CLS_IND config option") For information about bisection process see: https://goo.gl/tpsmEJ#bisection

4 years, 8 months

1
0
0 0

[PATCH v2] kunit: added lockdep support

by Uriel Guajardo

KUnit will fail tests upon observing a lockdep failure. Because lockdep turns itself off after its first failure, only fail the first test and warn users to not expect any future failures from lockdep. Similar to lib/locking-selftest [1], we check if the status of debug_locks has changed after the execution of a test case. However, we do not reset lockdep afterwards. Like the locking selftests, we also fix possible preemption count corruption from lock bugs. Depends on kunit: support failure from dynamic analysis tools [2] [1] https://elixir.bootlin.com/linux/v5.7.12/source/lib/locking-selftest.c#L1137 [2] https://lore.kernel.org/linux-kselftest/20200806174326.3577537-1-urielguaja… Signed-off-by: Uriel Guajardo <urielguajardo(a)google.com> --- v2 Changes: - Removed lockdep_reset - Added warning to users about lockdep shutting off --- lib/kunit/test.c | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/lib/kunit/test.c b/lib/kunit/test.c index d8189d827368..7e477482457b 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -11,6 +11,7 @@ #include <linux/kref.h> #include <linux/sched/debug.h> #include <linux/sched.h> +#include <linux/debug_locks.h> #include "debugfs.h" #include "string-stream.h" @@ -22,6 +23,26 @@ void kunit_fail_current_test(void) kunit_set_failure(current->kunit_test); } +static void kunit_check_locking_bugs(struct kunit *test, + unsigned long saved_preempt_count, + bool saved_debug_locks) +{ + preempt_count_set(saved_preempt_count); +#ifdef CONFIG_TRACE_IRQFLAGS + if (softirq_count()) + current->softirqs_enabled = 0; + else + current->softirqs_enabled = 1; +#endif +#if IS_ENABLED(CONFIG_LOCKDEP) + if (saved_debug_locks && !debug_locks) { + kunit_set_failure(test); + kunit_warn(test, "Dynamic analysis tool failure from LOCKDEP."); + kunit_warn(test, "Further tests will have LOCKDEP disabled."); + } +#endif +} + static void kunit_print_tap_version(void) { static bool kunit_has_printed_tap_version; @@ -290,6 +311,9 @@ static void kunit_try_run_case(void *data) struct kunit_suite *suite = ctx->suite; struct kunit_case *test_case = ctx->test_case; + unsigned long saved_preempt_count = preempt_count(); + bool saved_debug_locks = debug_locks; + current->kunit_test = test; /* @@ -298,7 +322,8 @@ static void kunit_try_run_case(void *data) * thread will resume control and handle any necessary clean up. */ kunit_run_case_internal(test, suite, test_case); - /* This line may never be reached. */ + /* These lines may never be reached. */ + kunit_check_locking_bugs(test, saved_preempt_count, saved_debug_locks); kunit_run_case_cleanup(test, suite); } -- 2.28.0.236.gb10cc79966-goog

4 years, 8 months

4
5
0 0

WARNING: kernel/rcu/tree.c:618 rcu_eqs_enter.isra.67+0xd8

by Naresh Kamboju

While running kselftests bpf test_verifier on arm64 juno-r2 device the kernel BUG and WARNING noticed. metadata: git branch: linux-5.8.y git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git git commit: b30c8c9d42601af8ebeb3ad42085ff4134a111a0 git describe: v5.8-39-gb30c8c9d4260 make_kernelversion: 5.8.1-rc1 kernel-config: http://snapshots.linaro.org/openembedded/lkft/lkft/sumo/juno/lkft/linux-sta… [ 102.671323] bpf_prog_test_run_xdp+0xf4/0x1b0 [ 102.675688] __do_sys_bpf+0x708/0x1d18 [ 102.679442] __arm64_sys_bpf+0x28/0x38 [ 102.683197] el0_svc_common.constprop.3+0x7c/0x198 [ 102.687995] do_el0_svc+0x34/0xa0 [ 102.691315] el0_sync_handler+0x16c/0x210 [ 102.695329] el0_sync+0x140/0x180 [ 102.698651] Code: d4202000 d4202000 d4202000 d4202000 (d4202000) [ 102.704758] ---[ end trace 14c3fdd625b93f51 ]--- [ 102.709383] note: test_verifier[740] exited with preempt_count 2 [ 102.715399] BUG: sleeping function called from invalid context at /usr/src/kernel/include/linux/percpu-rwsem.h:49 [ 102.725680] in_atomic(): 0, irqs_disabled(): 128, non_block: 0, pid: 740, name: test_verifier [ 102.734219] INFO: lockdep is turned off. [ 102.738146] irq event stamp: 4369860 [ 102.741729] hardirqs last enabled at (4369859): [<ffff80001015ab18>] ktime_get+0xc0/0x178 [ 102.750010] hardirqs last disabled at (4369860): [<ffff800010029a04>] debug_exception_enter+0xac/0xe8 [ 102.759249] softirqs last enabled at (4369842): [<ffff8000102161d4>] bpf_ksym_add+0x12c/0x148 [ 102.767878] softirqs last disabled at (4369840): [<ffff8000102160d4>] bpf_ksym_add+0x2c/0x148 [ 102.776419] CPU: 2 PID: 740 Comm: test_verifier Tainted: G D W 5.8.1-rc1 #1 [ 102.784523] Hardware name: ARM Juno development board (r2) (DT) [ 102.790451] Call trace: [ 102.792900] dump_backtrace+0x0/0x1f8 [ 102.796567] show_stack+0x2c/0x38 [ 102.799889] dump_stack+0xf0/0x16c [ 102.803296] ___might_sleep+0x144/0x208 [ 102.807137] __might_sleep+0x54/0x90 [ 102.810719] exit_signals+0x54/0x3e8 [ 102.814301] do_exit+0xc8/0xae0 [ 102.817446] die+0x200/0x268 [ 102.820329] arm64_notify_die+0xa0/0xc0 [ 102.824172] do_debug_exception+0xf0/0x128 [ 102.828275] el1_sync_handler+0x90/0xf0 [ 102.832116] el1_sync+0x7c/0x100 [ 102.835347] 0xffff8000000129b8 [ 102.838493] bpf_prog_d53bb52e3f4483f9_F+0x38/0x8d0 [ 102.843379] bpf_dispatcher_xdp_func+0x30/0x40 [ 102.847830] bpf_test_run+0x180/0x570 [ 102.851497] bpf_prog_test_run_xdp+0xf4/0x1b0 [ 102.855861] __do_sys_bpf+0x708/0x1d18 [ 102.859615] __arm64_sys_bpf+0x28/0x38 [ 102.863369] el0_svc_common.constprop.3+0x7c/0x198 [ 102.868167] do_el0_svc+0x34/0xa0 [ 102.871486] el0_sync_handler+0x16c/0x210 [ 102.875501] el0_sync+0x140/0x180 [ 102.886823] ------------[ cut here ]------------ [ 102.887376] kauditd_printk_skb: 125 callbacks suppressed [ 102.887387] audit: type=1701 audit(1597081698.472:1942): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=738 comm=\"timeout\" exe=\"/usr/bin/timeout.coreutils\" sig=11 res=1 [ 102.891463] WARNING: CPU: 2 PID: 0 at /usr/src/kernel/kernel/rcu/tree.c:618 rcu_eqs_enter.isra.67+0xd8/0xe0 [ 102.891467] Modules linked in: rfkill tda998x cec drm_kms_helper drm crct10dif_ce fuse [ 102.891486] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D W 5.8.1-rc1 #1 [ 102.891490] Hardware name: ARM Juno development board (r2) (DT) [ 102.891495] pstate: 200003c5 (nzCv DAIF -PAN -UAO BTYPE=--) [ 102.891501] pc : rcu_eqs_enter.isra.67+0xd8/0xe0 [ 102.891511] lr : rcu_eqs_enter.isra.67+0x10/0xe0 [ 102.957881] sp : ffff800013683f20 [ 102.961198] x29: ffff800013683f20 x28: 0000000000000000 [ 102.966519] x27: 0000000000000000 x26: ffff000973033800 [ 102.971840] x25: ffff00097ef5fc80 x24: ffff800012651410 [ 102.977162] x23: ffff800011f00c78 x22: ffff800012650000 [ 102.982483] x21: ffff800012651000 x20: ffff800011f02000 [ 102.987803] x19: ffff00097ef61ec0 x18: ffffffffffffffff [ 102.993124] x17: 0000000000000000 x16: 0000000000000000 [ 102.998444] x15: 000000000000006c x14: 000000000000002a [ 103.003765] x13: 0000000000000002 x12: 0000000000000000 [ 103.009086] x11: 0000000000000000 x10: ffff80001264b1c8 [ 103.014406] x9 : 0000000000000000 x8 : ffff800012650a88 [ 103.019727] x7 : ffff80001016d09c x6 : 0000000000000000 [ 103.025048] x5 : 0000000000000000 x4 : 0000000000000000 [ 103.030368] x3 : ffff800012650a88 x2 : 00000017f0129f00 [ 103.035689] x1 : 4000000000000002 x0 : 4000000000000000 [ 103.041011] Call trace: [ 103.043461] rcu_eqs_enter.isra.67+0xd8/0xe0 [ 103.047739] rcu_idle_enter+0x44/0x70 [ 103.051406] do_idle+0x214/0x2c0 [ 103.054637] cpu_startup_entry+0x2c/0x70 [ 103.058567] secondary_start_kernel+0x1a8/0x200 [ 103.063103] irq event stamp: 449856 [ 103.066599] hardirqs last enabled at (449855): [<ffff80001016d1ec>] tick_nohz_idle_exit+0x64/0xd0 [ 103.075574] hardirqs last disabled at (449856): [<ffff800011329c08>] __schedule+0xf0/0x8f0 [ 103.083853] softirqs last enabled at (449814): [<ffff8000100019bc>] __do_softirq+0x59c/0x5dc [ 103.092396] softirqs last disabled at (449803): [<ffff80001008fbf4>] irq_exit+0x144/0x150 Full output log: https://qa-reports.linaro.org/lkft/linux-stable-rc-5.8-oe/build/v5.8-39-gb3… -- Linaro LKFT https://lkft.linaro.org

4 years, 8 months

2
1
0 0

[PATCH v12 0/6] KASAN-KUnit Integration

by David Gow

This patchset contains everything needed to integrate KASAN and KUnit. KUnit will be able to: (1) Fail tests when an unexpected KASAN error occurs (2) Pass tests when an expected KASAN error occurs Convert KASAN tests to KUnit with the exception of copy_user_test because KUnit is unable to test those. Add documentation on how to run the KASAN tests with KUnit and what to expect when running these tests. This patchset depends on: - "kunit: extend kunit resources API" [1] - This is included in the KUnit 5.9-rci pull request[8] Sorry for spamming you all with all these revisions. I'd _really_ like to get this into 5.9 if possible: we also have some other changes which depend on some things here. Changes from v11: - Rebased on top of latest -next (20200810) - Fixed a redundant memchr() call in kasan_memchr() - Added Andrey's "Tested-by" to everything. Changes from v10: - Fixed some whitespace issues in patch 2. - Split out the renaming of the KUnit test suite into a separate patch. Changes from v9: - Rebased on top of linux-next (20200731) + kselftest/kunit and [7] - Note that the kasan_rcu_uaf test has not been ported to KUnit, and remains in test_kasan_module. This is because: (a) KUnit's expect failure will not check if the RCU stacktraces show. (b) KUnit is unable to link the failure to the test, as it occurs in an RCU callback. Changes from v8: - Rebased on top of kselftest/kunit - (Which, with this patchset, should rebase cleanly on 5.8-rc7) - Renamed the KUnit test suite, config name to patch the proposed naming guidelines for KUnit tests[6] Changes from v7: - Rebased on top of kselftest/kunit - Rebased on top of v4 of the kunit resources API[1] - Rebased on top of v4 of the FORTIFY_SOURCE fix[2,3,4] - Updated the Kconfig entry to support KUNIT_ALL_TESTS Changes from v6: - Rebased on top of kselftest/kunit - Rebased on top of Daniel Axtens' fix for FORTIFY_SOURCE incompatibilites [2] - Removed a redundant report_enabled() check. - Fixed some places with out of date Kconfig names in the documentation. Changes from v5: - Split out the panic_on_warn changes to a separate patch. - Fix documentation to fewer to the new Kconfig names. - Fix some changes which were in the wrong patch. - Rebase on top of kselftest/kunit (currently identical to 5.7-rc1) Changes from v4: - KASAN no longer will panic on errors if both panic_on_warn and kasan_multishot are enabled. - As a result, the KASAN tests will no-longer disable panic_on_warn. - This also means panic_on_warn no-longer needs to be exported. - The use of temporary "kasan_data" variables has been cleaned up somewhat. - A potential refcount/resource leak should multiple KASAN errors appear during an assertion was fixed. - Some wording changes to the KASAN test Kconfig entries. Changes from v3: - KUNIT_SET_KASAN_DATA and KUNIT_DO_EXPECT_KASAN_FAIL have been combined and included in KUNIT_DO_EXPECT_KASAN_FAIL() instead. - Reordered logic in kasan_update_kunit_status() in report.c to be easier to read. - Added comment to not use the name "kasan_data" for any kunit tests outside of KUNIT_EXPECT_KASAN_FAIL(). Changes since v2: - Due to Alan's changes in [1], KUnit can be built as a module. - The name of the tests that could not be run with KUnit has been changed to be more generic: test_kasan_module. - Documentation on how to run the new KASAN tests and what to expect when running them has been added. - Some variables and functions are now static. - Now save/restore panic_on_warn in a similar way to kasan_multi_shot and renamed the init/exit functions to be more generic to accommodate. - Due to [4] in kasan_strings, kasan_memchr, and kasan_memcmp will fail if CONFIG_AMD_MEM_ENCRYPT is enabled so return early and print message explaining this circumstance. - Changed preprocessor checks to C checks where applicable. Changes since v1: - Make use of Alan Maguire's suggestion to use his patch that allows static resources for integration instead of adding a new attribute to the kunit struct - All KUNIT_EXPECT_KASAN_FAIL statements are local to each test - The definition of KUNIT_EXPECT_KASAN_FAIL is local to the test_kasan.c file since it seems this is the only place this will be used. - Integration relies on KUnit being builtin - copy_user_test has been separated into its own file since KUnit is unable to test these. This can be run as a module just as before, using CONFIG_TEST_KASAN_USER - The addition to the current task has been separated into its own patch as this is a significant enough change to be on its own. [1] https://lore.kernel.org/linux-kselftest/CAFd5g46Uu_5TG89uOm0Dj5CMq+11cwjBns… [2] https://lore.kernel.org/linux-mm/20200424145521.8203-1-dja@axtens.net/ [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [5] https://bugzilla.kernel.org/show_bug.cgi?id=206337 [6] https://lore.kernel.org/linux-kselftest/20200620054944.167330-1-davidgow@go… [7] https://lkml.org/lkml/2020/7/31/571 [8] https://lore.kernel.org/linux-kselftest/8d43e88e-1356-cd63-9152-209b81b1674… David Gow (2): kasan: test: Make KASAN KUnit test comply with naming guidelines mm: kasan: Do not panic if both panic_on_warn and kasan_multishot set Patricia Alfonso (4): Add KUnit Struct to Current Task KUnit: KASAN Integration KASAN: Port KASAN Tests to KUnit KASAN: Testing Documentation Documentation/dev-tools/kasan.rst | 70 +++ include/kunit/test.h | 5 + include/linux/kasan.h | 6 + include/linux/sched.h | 4 + lib/Kconfig.kasan | 22 +- lib/Makefile | 7 +- lib/kasan_kunit.c | 769 +++++++++++++++++++++++++ lib/kunit/test.c | 13 +- lib/test_kasan.c | 903 ------------------------------ lib/test_kasan_module.c | 111 ++++ mm/kasan/report.c | 34 +- 11 files changed, 1027 insertions(+), 917 deletions(-) create mode 100644 lib/kasan_kunit.c delete mode 100644 lib/test_kasan.c create mode 100644 lib/test_kasan_module.c -- 2.28.0.236.gb10cc79966-goog

4 years, 8 months

2
7
0 0

[PATCH] kunit: added lockdep support

by Uriel Guajardo

From: Uriel Guajardo <urielguajardo(a)google.com> KUnit tests will now fail if lockdep detects an error during a test case. The idea comes from how lib/locking-selftest [1] checks for lock errors: we first if lock debugging is turned on. If not, an error must have occurred, so we fail the test and restart lockdep for the next test case. Like the locking selftests, we also fix possible preemption count corruption from lock bugs. Depends on kunit: support failure from dynamic analysis tools [2] [1] https://elixir.bootlin.com/linux/v5.7.12/source/lib/locking-selftest.c#L1137 [2] https://lore.kernel.org/linux-kselftest/20200806174326.3577537-1-urielguaja… Signed-off-by: Uriel Guajardo <urielguajardo(a)google.com> --- lib/kunit/test.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/lib/kunit/test.c b/lib/kunit/test.c index d8189d827368..0838ececa005 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -11,6 +11,8 @@ #include <linux/kref.h> #include <linux/sched/debug.h> #include <linux/sched.h> +#include <linux/lockdep.h> +#include <linux/debug_locks.h> #include "debugfs.h" #include "string-stream.h" @@ -22,6 +24,26 @@ void kunit_fail_current_test(void) kunit_set_failure(current->kunit_test); } +static inline void kunit_check_locking_bugs(struct kunit *test, + unsigned long saved_preempt_count) +{ + preempt_count_set(saved_preempt_count); +#ifdef CONFIG_TRACE_IRQFLAGS + if (softirq_count()) + current->softirqs_enabled = 0; + else + current->softirqs_enabled = 1; +#endif +#if IS_ENABLED(CONFIG_LOCKDEP) + local_irq_disable(); + if (!debug_locks) { + kunit_set_failure(test); + lockdep_reset(); + } + local_irq_enable(); +#endif +} + static void kunit_print_tap_version(void) { static bool kunit_has_printed_tap_version; @@ -289,6 +311,7 @@ static void kunit_try_run_case(void *data) struct kunit *test = ctx->test; struct kunit_suite *suite = ctx->suite; struct kunit_case *test_case = ctx->test_case; + unsigned long saved_preempt_count = preempt_count(); current->kunit_test = test; @@ -298,7 +321,8 @@ static void kunit_try_run_case(void *data) * thread will resume control and handle any necessary clean up. */ kunit_run_case_internal(test, suite, test_case); - /* This line may never be reached. */ + /* These lines may never be reached. */ + kunit_check_locking_bugs(test, saved_preempt_count); kunit_run_case_cleanup(test, suite); } -- 2.28.0.236.gb10cc79966-goog

4 years, 8 months

4
4
0 0

[PATCH v1 1/2] kunit: tool: fix running kunit_tool from outside kernel tree

by Brendan Higgins

Currently kunit_tool does not work correctly when executed from a path outside of the kernel tree, so make sure that the current working directory is correct and the kunit_dir is properly initialized before running. Signed-off-by: Brendan Higgins <brendanhiggins(a)google.com> --- tools/testing/kunit/kunit.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tools/testing/kunit/kunit.py b/tools/testing/kunit/kunit.py index 425ef40067e7..96344a11ff1f 100755 --- a/tools/testing/kunit/kunit.py +++ b/tools/testing/kunit/kunit.py @@ -237,9 +237,14 @@ def main(argv, linux=None): cli_args = parser.parse_args(argv) + if get_kernel_root_path(): + print('cd ' + get_kernel_root_path()) + os.chdir(get_kernel_root_path()) + if cli_args.subcommand == 'run': if not os.path.exists(cli_args.build_dir): os.mkdir(cli_args.build_dir) + create_default_kunitconfig() if not linux: linux = kunit_kernel.LinuxSourceTree() @@ -257,6 +262,7 @@ def main(argv, linux=None): if cli_args.build_dir: if not os.path.exists(cli_args.build_dir): os.mkdir(cli_args.build_dir) + create_default_kunitconfig() if not linux: linux = kunit_kernel.LinuxSourceTree() @@ -273,6 +279,7 @@ def main(argv, linux=None): if cli_args.build_dir: if not os.path.exists(cli_args.build_dir): os.mkdir(cli_args.build_dir) + create_default_kunitconfig() if not linux: linux = kunit_kernel.LinuxSourceTree() @@ -291,6 +298,7 @@ def main(argv, linux=None): if cli_args.build_dir: if not os.path.exists(cli_args.build_dir): os.mkdir(cli_args.build_dir) + create_default_kunitconfig() if not linux: linux = kunit_kernel.LinuxSourceTree() base-commit: 30185b69a2d533c4ba6ca926b8390ce7de495e29 -- 2.28.0.236.gb10cc79966-goog

4 years, 8 months

3
6
0 0

[PATCH v5 0/9] Syscall User Dispatch

by Gabriel Krisman Bertazi

This is v5 of Syscall User Dispatch. It has some big changes in comparison to v4. First of all, it allows the vdso trampoline code for architectures that support it. This is exposed through an arch hook. It also addresses the concern about what happens when a bad selector is provided, instead of SIGSEGV, we fail with SIGSYS, which is more debug-able. Another major change is that it is now based on top of Gleixner's common syscall entry work, and is supposed to only be used by that code. Therefore, the entry symbol is not exported outside of kernel/entry/ code. The biggest change in this version is the attempt to avoid using one of the final TIF flags on x86 32 bit, without increasing the size of that variable to 64 bit. My expectation is that, with this work, plus the removal of TIF_IA32, TIF_X32 and TIF_FORCE_TF, we might be able to avoid changing this field to 64 bits at all. Instead, this follows the suggestion by Andy to have a generic TIF flag for SECCOMP and this mechanism, and use another field to decide which one is enabled. The code for this is not complex, so it seems like a viable approach. Finally, this version adds some documentation to the feature. Kees, I dropped your reviewed-by on patch 5, given the amount of changes. Thanks, Previous submissions are archived at: RFC/v1: https://lkml.org/lkml/2020/7/8/96 v2: https://lkml.org/lkml/2020/7/9/17 v3: https://lkml.org/lkml/2020/7/12/4 v4: https://lwn.net/ml/linux-kernel/20200712044516.2347844-1-krisman@collabora.… Gabriel Krisman Bertazi (9): kernel: Support TIF_SYSCALL_INTERCEPT flag kernel: entry: Support TIF_SYSCAL_INTERCEPT on common entry code x86: vdso: Expose sigreturn address on vdso to the kernel signal: Expose SYS_USER_DISPATCH si_code type kernel: Implement selective syscall userspace redirection kernel: entry: Support Syscall User Dispatch for common syscall entry x86: Enable Syscall User Dispatch selftests: Add kselftest for syscall user dispatch doc: Document Syscall User Dispatch .../admin-guide/syscall-user-dispatch.rst | 87 ++++++ arch/Kconfig | 21 ++ arch/x86/Kconfig | 1 + arch/x86/entry/vdso/vdso2c.c | 2 + arch/x86/entry/vdso/vdso32/sigreturn.S | 2 + arch/x86/entry/vdso/vma.c | 15 + arch/x86/include/asm/elf.h | 1 + arch/x86/include/asm/thread_info.h | 4 +- arch/x86/include/asm/vdso.h | 2 + arch/x86/kernel/signal_compat.c | 2 +- fs/exec.c | 8 + include/linux/entry-common.h | 6 +- include/linux/sched.h | 8 +- include/linux/seccomp.h | 20 +- include/linux/syscall_intercept.h | 71 +++++ include/linux/syscall_user_dispatch.h | 29 ++ include/uapi/asm-generic/siginfo.h | 3 +- include/uapi/linux/prctl.h | 5 + kernel/entry/Makefile | 1 + kernel/entry/common.c | 32 +- kernel/entry/common.h | 15 + kernel/entry/syscall_user_dispatch.c | 101 ++++++ kernel/fork.c | 10 +- kernel/seccomp.c | 7 +- kernel/sys.c | 5 + tools/testing/selftests/Makefile | 1 + .../syscall_user_dispatch/.gitignore | 2 + .../selftests/syscall_user_dispatch/Makefile | 9 + .../selftests/syscall_user_dispatch/config | 1 + .../syscall_user_dispatch.c | 292 ++++++++++++++++++ 30 files changed, 744 insertions(+), 19 deletions(-) create mode 100644 Documentation/admin-guide/syscall-user-dispatch.rst create mode 100644 include/linux/syscall_intercept.h create mode 100644 include/linux/syscall_user_dispatch.h create mode 100644 kernel/entry/common.h create mode 100644 kernel/entry/syscall_user_dispatch.c create mode 100644 tools/testing/selftests/syscall_user_dispatch/.gitignore create mode 100644 tools/testing/selftests/syscall_user_dispatch/Makefile create mode 100644 tools/testing/selftests/syscall_user_dispatch/config create mode 100644 tools/testing/selftests/syscall_user_dispatch/syscall_user_dispatch.c -- 2.28.0

4 years, 8 months

2
10
0 0

Please pick this kunit fix for stables (5.8 & 5.7)

by Shuah Khan

Hi Sasha, Please pick the following commit for stables Linux 5.8 and 5.7 kunit: capture stderr on all make subprocess calls https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… thanks, -- Shuah

4 years, 8 months

2
1
0 0

Re: [PATCH 5.8 00/38] 5.8.1-rc1 review

by Naresh Kamboju

On Mon, 10 Aug 2020 at 20:50, Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> wrote: > > This is the start of the stable review cycle for the 5.8.1 release. > There are 38 patches in this series, all will be posted as a response > to this one. If anyone has any issues with these being applied, please > let me know. > > Responses should be made by Wed, 12 Aug 2020 15:17:47 +0000. > Anything received after that time might be too late. > > The whole patch series can be found in one patch at: > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.8.1-rc1.… > or in the git tree and branch at: > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.8.y > and the diffstat can be found below. > > thanks, > > greg k-h > Results from Linaro’s test farm. No regressions on arm64, arm, x86_64, and i386. Few warnings noticed while running kselftests on arm64 juno-r2 device 1 and 3 noticed on linux mainline tree 2 and 4 seems to be specific to arm64 juno platform. 1) [ 85.834361] WARNING: CPU: 4 PID: 740 at /usr/src/kernel/kernel/bpf/verifier.c:8999 bpf_check+0x1d1c/0x2ac0 2) [ 97.854733] Unexpected kernel BRK exception at EL1 [ 97.861235] Internal error: ptrace BRK handler: f2000100 [#1] PREEMPT SMP 3) [ 102.715399] BUG: sleeping function called from invalid context at /usr/src/kernel/include/linux/percpu-rwsem.h:49 4) [ 102.891463] WARNING: CPU: 2 PID: 0 at /usr/src/kernel/kernel/rcu/tree.c:618 rcu_eqs_enter.isra.67+0xd8/0xe0 Summary ------------------------------------------------------------------------ kernel: 5.8.1-rc1 git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git git branch: linux-5.8.y git commit: b30c8c9d42601af8ebeb3ad42085ff4134a111a0 git describe: v5.8-39-gb30c8c9d4260 Test details: https://qa-reports.linaro.org/lkft/linux-stable-rc-5.8-oe/build/v5.8-39-gb3… No regressions (compared to build v5.8) No fixes (compared to build v5.8) ------------[ cut here ]------------ [ 85.826439] trace type BPF program uses run-time allocation [ 85.834361] WARNING: CPU: 4 PID: 740 at /usr/src/kernel/kernel/bpf/verifier.c:8999 bpf_check+0x1d1c/0x2ac0 [ 85.846245] Modules linked in: rfkill tda998x cec drm_kms_helper drm crct10dif_ce fuse [ 85.856955] CPU: 4 PID: 740 Comm: test_verifier Not tainted 5.8.1-rc1 #1 [ 85.866436] Hardware name: ARM Juno development board (r2) (DT) [ 85.875143] pstate: 40000005 (nZcv daif -PAN -UAO BTYPE=--) [ 85.883503] pc : bpf_check+0x1d1c/0x2ac0 [ 85.890202] lr : bpf_check+0x1d1c/0x2ac0 [ 85.896902] sp : ffff80001472bb00 [ 85.902997] x29: ffff80001472bb00 x28: 0000000000000025 [ 85.911091] x27: ffff800011382000 x26: 0000000000000000 [ 85.919186] x25: 0000000000000000 x24: ffff00096e9d8000 [ 85.927282] x23: ffff0009731d1400 x22: ffff8000135c3058 [ 85.935376] x21: 0000000000000004 x20: ffff00096e94b800 [ 85.943471] x19: ffff800012650000 x18: ffffffffffffffff [ 85.951566] x17: 00000000bd597f08 x16: 000000004476e5aa [ 85.959662] x15: ffff800012650a88 x14: ffff80009472b7e7 [ 85.967757] x13: ffff80001472b7f5 x12: ffff800012680000 [ 85.975851] x11: 0000000005f5e0ff x10: ffff00097efa5118 [ 85.983947] x9 : ffff800013134000 x8 : 00000000d7e0a7a6 [ 85.992042] x7 : ffff800012654000 x6 : ffff00097ef904a8 [ 86.000137] x5 : ffff00097ef904a8 x4 : ffff0009751597c0 [ 86.008233] x3 : ffff800012651000 x2 : 0000000000000000 [ 86.016327] x1 : ac9d7b2c4e06c300 x0 : 0000000000000000 [ 86.024423] Call trace: [ 86.029653] bpf_check+0x1d1c/0x2ac0 [ 86.036006] bpf_prog_load+0x698/0x8b8 [ 86.042533] __do_sys_bpf+0xf3c/0x1d18 [ 86.049062] __arm64_sys_bpf+0x28/0x38 [ 86.055592] el0_svc_common.constprop.3+0x7c/0x198 [ 86.063162] do_el0_svc+0x34/0xa0 [ 86.069258] el0_sync_handler+0x16c/0x210 [ 86.076045] el0_sync+0x140/0x180 [ 86.082137] irq event stamp: 60966 [ 86.088326] hardirqs last enabled at (60965): [<ffff800011332760>] _raw_spin_unlock_irq+0x48/0x90 [ 86.100075] hardirqs last disabled at (60966): [<ffff800010029a04>] debug_exception_enter+0xac/0xe8 [ 86.111909] softirqs last enabled at (60960): [<ffff8000100019bc>] __do_softirq+0x59c/0x5dc [ 86.123138] softirqs last disabled at (60925): [<ffff80001008fbf4>] irq_exit+0x144/0x150 [ 86.134011] ---[ end trace 14c3fdd625b93f50 ]--- [ 88.541693] [ 90.633700] kauditd_printk_skb: 1766 callbacks suppressed [ 90.633713] audit: type=1334 audit(1597081685.048:1803): prog-id=906 op=LOAD [ 90.651538] audit: type=1334 audit(1597081686.220:1804): prog-id=906 op=UNLOAD [ 90.661574] audit: type=1334 audit(1597081686.220:1805): prog-id=907 op=LOAD [ 90.671455] audit: type=1334 audit(1597081686.228:1806): prog-id=907 op=UNLOAD [ 95.725310] audit: type=1334 audit(1597081686.228:1807): prog-id=908 op=LOAD [ 95.734199] audit: type=1334 audit(1597081691.312:1808): prog-id=908 op=UNLOAD [ 95.760019] audit: type=1334 audit(1597081691.344:1809): prog-id=909 op=LOAD [ 95.769379] audit: type=1334 audit(1597081691.348:1810): prog-id=909 op=UNLOAD [ 95.779416] audit: type=1334 audit(1597081691.348:1811): prog-id=910 op=LOAD [ 95.789197] audit: type=1334 audit(1597081691.356:1812): prog-id=910 op=UNLOAD [ 95.799333] audit: type=1334 audit(1597081691.356:1813): prog-id=911 op=LOAD [ 95.809110] audit: type=1334 audit(1597081691.368:1814): prog-id=911 op=UNLOAD [ 95.818982] audit: type=1334 audit(1597081691.368:1815): prog-id=912 op=LOAD [ 95.828982] audit: type=1334 audit(1597081691.376:1816): prog-id=912 op=UNLOAD [ 97.854733] Unexpected kernel BRK exception at EL1 [ 97.861235] Internal error: ptrace BRK handler: f2000100 [#1] PREEMPT SMP [ 97.870587] Modules linked in: rfkill tda998x cec drm_kms_helper drm crct10dif_ce fuse [ 97.881295] CPU: 2 PID: 740 Comm: test_verifier Tainted: G W 5.8.1-rc1 #1 [ 97.892171] Hardware name: ARM Juno development board (r2) (DT) [ 97.900877] pstate: 20000005 (nzCv daif -PAN -UAO BTYPE=--) [ 97.909235] pc : 0xffff8000000129b8 [ 97.915501] lr : bpf_prog_d53bb52e3f4483f9_F+0x38/0x8d0 [ 97.923507] sp : ffff80001472bb00 [ 97.929601] x29: ffff80001472bb30 x28: ffff80001472bcd8 [ 97.937696] x27: 0000000000000001 x26: 0000000000000000 [ 97.945790] x25: ffff80001472bb00 x24: ffff8000135c3038 [ 97.953885] x23: ffff80001472bce0 x22: ffff80001472bc58 [ 97.961981] x21: ffff8000135c3038 x20: ffff80001472bce0 [ 97.970076] x19: ffff800000030730 x18: 0000000000000000 [ 97.978171] x17: 0000000000000000 x16: 0000000000000000 [ 97.986266] x15: 0000000000000000 x14: 0000000000000000 [ 97.994361] x13: 0000000000000000 x12: 0000000000000000 [ 98.002455] x11: 0000000000000001 x10: ffff800000032998 [ 98.010551] x9 : ffff800013134000 x8 : 00000000430ad605 [ 98.018646] x7 : ffff800012654000 x6 : 000000024ead2ef5 [ 98.026741] x5 : 00ffffffffffffff x4 : 001a3a31531529a9 [ 98.034836] x3 : 0000000000000000 x2 : ffff800000030730 [ 98.042931] x1 : 000000000000000a x0 : 0000000000000009 [ 98.051027] Call trace: [ 98.056252] 0xffff8000000129b8 [ 98.062172] bpf_prog_d53bb52e3f4483f9_F+0x38/0x8d0 [ 98.069837] bpf_dispatcher_xdp_func+0x30/0x40 [ 98.077057] bpf_test_run+0x180/0x570 [ 102.671323] bpf_prog_test_run_xdp+0xf4/0x1b0 [ 102.675688] __do_sys_bpf+0x708/0x1d18 [ 102.679442] __arm64_sys_bpf+0x28/0x38 [ 102.683197] el0_svc_common.constprop.3+0x7c/0x198 [ 102.687995] do_el0_svc+0x34/0xa0 [ 102.691315] el0_sync_handler+0x16c/0x210 [ 102.695329] el0_sync+0x140/0x180 [ 102.698651] Code: d4202000 d4202000 d4202000 d4202000 (d4202000) [ 102.704758] ---[ end trace 14c3fdd625b93f51 ]--- [ 102.709383] note: test_verifier[740] exited with preempt_count 2 [ 102.715399] BUG: sleeping function called from invalid context at /usr/src/kernel/include/linux/percpu-rwsem.h:49 [ 102.725680] in_atomic(): 0, irqs_disabled(): 128, non_block: 0, pid: 740, name: test_verifier [ 102.734219] INFO: lockdep is turned off. [ 102.738146] irq event stamp: 4369860 [ 102.741729] hardirqs last enabled at (4369859): [<ffff80001015ab18>] ktime_get+0xc0/0x178 [ 102.750010] hardirqs last disabled at (4369860): [<ffff800010029a04>] debug_exception_enter+0xac/0xe8 [ 102.759249] softirqs last enabled at (4369842): [<ffff8000102161d4>] bpf_ksym_add+0x12c/0x148 [ 102.767878] softirqs last disabled at (4369840): [<ffff8000102160d4>] bpf_ksym_add+0x2c/0x148 [ 102.776419] CPU: 2 PID: 740 Comm: test_verifier Tainted: G D W 5.8.1-rc1 #1 [ 102.784523] Hardware name: ARM Juno development board (r2) (DT) [ 102.790451] Call trace: [ 102.792900] dump_backtrace+0x0/0x1f8 [ 102.796567] show_stack+0x2c/0x38 [ 102.799889] dump_stack+0xf0/0x16c [ 102.803296] ___might_sleep+0x144/0x208 [ 102.807137] __might_sleep+0x54/0x90 [ 102.810719] exit_signals+0x54/0x3e8 [ 102.814301] do_exit+0xc8/0xae0 [ 102.817446] die+0x200/0x268 [ 102.820329] arm64_notify_die+0xa0/0xc0 [ 102.824172] do_debug_exception+0xf0/0x128 [ 102.828275] el1_sync_handler+0x90/0xf0 [ 102.832116] el1_sync+0x7c/0x100 [ 102.835347] 0xffff8000000129b8 [ 102.838493] bpf_prog_d53bb52e3f4483f9_F+0x38/0x8d0 [ 102.843379] bpf_dispatcher_xdp_func+0x30/0x40 [ 102.847830] bpf_test_run+0x180/0x570 [ 102.851497] bpf_prog_test_run_xdp+0xf4/0x1b0 [ 102.855861] __do_sys_bpf+0x708/0x1d18 [ 102.859615] __arm64_sys_bpf+0x28/0x38 [ 102.863369] el0_svc_common.constprop.3+0x7c/0x198 [ 102.868167] do_el0_svc+0x34/0xa0 [ 102.871486] el0_sync_handler+0x16c/0x210 [ 102.875501] el0_sync+0x140/0x180 [ 102.886823] ------------[ cut here ]------------ [[ 102.887376] kauditd_printk_skb: 125 callbacks suppressed [ 102.887387] audit: type=1701 audit(1597081698.472:1942): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=738 comm=\"timeout\" exe=\"/usr/bin/timeout.coreutils\" sig=11 res=1 [ 102.891463] WARNING: CPU: 2 PID: 0 at /usr/src/kernel/kernel/rcu/tree.c:618 rcu_eqs_enter.isra.67+0xd8/0xe0 [ 102.891467] Modules linked in: rfkill tda998x cec drm_kms_helper drm crct10dif_ce fuse [ 102.891486] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G D W 5.8.1-rc1 #1 [ 102.891490] Hardware name: ARM Juno development board (r2) (DT) [ 102.891495] pstate: 200003c5 (nzCv DAIF -PAN -UAO BTYPE=--) [ 102.891501] pc : rcu_eqs_enter.isra.67+0xd8/0xe0 [ 102.891511] lr : rcu_eqs_enter.isra.67+0x10/0xe0 [ 102.957881] sp : ffff800013683f20 [ 102.961198] x29: ffff800013683f20 x28: 0000000000000000 [ 102.966519] x27: 0000000000000000 x26: ffff000973033800 [ 102.971840] x25: ffff00097ef5fc80 x24: ffff800012651410 [ 102.977162] x23: ffff800011f00c78 x22: ffff800012650000 [ 102.982483] x21: ffff800012651000 x20: ffff800011f02000 [ 102.987803] x19: ffff00097ef61ec0 x18: ffffffffffffffff [ 102.993124] x17: 0000000000000000 x16: 0000000000000000 [ 102.998444] x15: 000000000000006c x14: 000000000000002a [ 103.003765] x13: 0000000000000002 x12: 0000000000000000 [ 103.009086] x11: 0000000000000000 x10: ffff80001264b1c8 [ 103.014406] x9 : 0000000000000000 x8 : ffff800012650a88 [ 103.019727] x7 : ffff80001016d09c x6 : 0000000000000000 [ 103.025048] x5 : 0000000000000000 x4 : 0000000000000000 [ 103.030368] x3 : ffff800012650a88 x2 : 00000017f0129f00 [ 103.035689] x1 : 4000000000000002 x0 : 4000000000000000 [ 103.041011] Call trace: [ 103.043461] rcu_eqs_enter.isra.67+0xd8/0xe0 [ 103.047739] rcu_idle_enter+0x44/0x70 [ 103.051406] do_idle+0x214/0x2c0 [ 103.054637] cpu_startup_entry+0x2c/0x70 [ 103.058567] secondary_start_kernel+0x1a8/0x200 [ 103.063103] irq event stamp: 449856 [ 103.066599] hardirqs last enabled at (449855): [<ffff80001016d1ec>] tick_nohz_idle_exit+0x64/0xd0 [ 103.075574] hardirqs last disabled at (449856): [<ffff800011329c08>] __schedule+0xf0/0x8f0 [ 103.083853] softirqs last enabled at (449814): [<ffff8000100019bc>] __do_softirq+0x59c/0x5dc [ 103.092396] softirqs last disabled at (449803): [<ffff80001008fbf4>] irq_exit+0x144/0x150 Full output log: https://qa-reports.linaro.org/lkft/linux-stable-rc-5.8-oe/build/v5.8-39-gb3… Ran 35329 total tests in the following environments and test suites. Environments -------------- - dragonboard-410c - hi6220-hikey - i386 - juno-r2 - juno-r2-compat - juno-r2-kasan - nxp-ls2088 - qemu_arm - qemu_arm64 - qemu_i386 - qemu_x86_64 - x15 - x86 - x86-kasan Test Suites ----------- * build * install-android-platform-tools-r2600 * kselftest * kselftest/drivers * kselftest/filesystems * kselftest/net * libhugetlbfs * linux-log-parser * ltp-cap_bounds-tests * ltp-commands-tests * ltp-controllers-tests * ltp-cpuhotplug-tests * ltp-crypto-tests * ltp-cve-tests * ltp-fcntl-locktests-tests * ltp-filecaps-tests * ltp-fs-tests * ltp-fs_bind-tests * ltp-fs_perms_simple-tests * ltp-fsx-tests * ltp-math-tests * ltp-nptl-tests * ltp-pty-tests * ltp-sched-tests * ltp-securebits-tests * ltp-syscalls-tests * ltp-tracing-tests * perf * ltp-hugetlb-tests * ltp-io-tests * ltp-ipc-tests * ltp-mm-tests * network-basic-tests * v4l2-compliance * ltp-containers-tests * ltp-dio-tests * ltp-open-posix-tests * igt-gpu-tools * kselftest-vsyscall-mode-native * kselftest-vsyscall-mode-native/drivers * kselftest-vsyscall-mode-native/filesystems * kselftest-vsyscall-mode-native/net * kselftest-vsyscall-mode-none * kselftest-vsyscall-mode-none/drivers * kselftest-vsyscall-mode-none/filesystems * kselftest-vsyscall-mode-none/net * ssuite -- Linaro LKFT https://lkft.linaro.org

4 years, 8 months

2
1
0 0

[PATCH] selftests/socket: Introduce simple SCM_RIGHTS tests

by Kees Cook

This makes sure that simple SCM_RIGHTS fd passing works as expected, to avoid any future regressions. This is mostly code from Michael Kerrisk's examples on how to set up and perform fd passing with SCM_RIGHTS. Add a test script and wire it up to the selftests. Signed-off-by: Kees Cook <keescook(a)chromium.org> --- FYI, this also relicenses Michael's code (with his permission) from GPL3+ to GPL2+, who is on CC to publicly confirm. :) Thank you Michael! --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/socket/.gitignore | 4 + tools/testing/selftests/socket/Makefile | 11 ++ tools/testing/selftests/socket/hello.txt | 1 + tools/testing/selftests/socket/scm_rights.h | 40 +++++ .../selftests/socket/scm_rights_recv.c | 168 ++++++++++++++++++ .../selftests/socket/scm_rights_send.c | 144 +++++++++++++++ .../selftests/socket/simple_scm_rights.sh | 30 ++++ tools/testing/selftests/socket/unix_sockets.c | 88 +++++++++ tools/testing/selftests/socket/unix_sockets.h | 23 +++ 10 files changed, 510 insertions(+) create mode 100644 tools/testing/selftests/socket/.gitignore create mode 100644 tools/testing/selftests/socket/Makefile create mode 100644 tools/testing/selftests/socket/hello.txt create mode 100644 tools/testing/selftests/socket/scm_rights.h create mode 100644 tools/testing/selftests/socket/scm_rights_recv.c create mode 100644 tools/testing/selftests/socket/scm_rights_send.c create mode 100755 tools/testing/selftests/socket/simple_scm_rights.sh create mode 100644 tools/testing/selftests/socket/unix_sockets.c create mode 100644 tools/testing/selftests/socket/unix_sockets.h diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index e03bc15ce731..97e155596660 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -51,6 +51,7 @@ TARGETS += rtc TARGETS += seccomp TARGETS += sigaltstack TARGETS += size +TARGETS += socket TARGETS += sparc64 TARGETS += splice TARGETS += static_keys diff --git a/tools/testing/selftests/socket/.gitignore b/tools/testing/selftests/socket/.gitignore new file mode 100644 index 000000000000..bc9a892956b0 --- /dev/null +++ b/tools/testing/selftests/socket/.gitignore @@ -0,0 +1,4 @@ +unix_sockets.o +scm_rights_send +scm_rights_recv +scm_rights diff --git a/tools/testing/selftests/socket/Makefile b/tools/testing/selftests/socket/Makefile new file mode 100644 index 000000000000..3eb7ef0db997 --- /dev/null +++ b/tools/testing/selftests/socket/Makefile @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0+ +TEST_PROGS := simple_scm_rights.sh +TEST_GEN_PROGS_EXTENDED := scm_rights_send scm_rights_recv + +include ../lib.mk + +$(OUTPUT)/unix_sockets.o: unix_sockets.h +$(OUTPUT)/scm_rights_recv: $(OUTPUT)/unix_sockets.o scm_rights.h +$(OUTPUT)/scm_rights_send: $(OUTPUT)/unix_sockets.o scm_rights.h + +EXTRA_CLEAN += $(OUTPUT)/unix_sockets.o $(OUTPUT)/scm_rights diff --git a/tools/testing/selftests/socket/hello.txt b/tools/testing/selftests/socket/hello.txt new file mode 100644 index 000000000000..e965047ad7c5 --- /dev/null +++ b/tools/testing/selftests/socket/hello.txt @@ -0,0 +1 @@ +Hello diff --git a/tools/testing/selftests/socket/scm_rights.h b/tools/testing/selftests/socket/scm_rights.h new file mode 100644 index 000000000000..4501a46bf1be --- /dev/null +++ b/tools/testing/selftests/socket/scm_rights.h @@ -0,0 +1,40 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * scm_rights.h + * + * Copyright (C) Michael Kerrisk, 2020. + * + * Header file used by scm_rights_send.c and scm_rights_recv.c. + */ +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdlib.h> +#include <sys/socket.h> +#include <sys/un.h> + +#include "unix_sockets.h" + +#define SOCK_PATH "scm_rights" + +#define errExit(fmt, ...) do { \ + fprintf(stderr, fmt, ## __VA_ARGS__); \ + fprintf(stderr, ": %s\n", strerror(errno)); \ + exit(EXIT_FAILURE); \ + } while (0) + +#define fatal(str) errExit("%s\n", str) + +#define usageErr(fmt, ...) do { \ + fprintf(stderr, "Usage: "); \ + fprintf(stderr, fmt, ## __VA_ARGS__); \ + exit(EXIT_FAILURE); \ + } while (0) + +static bool debugging; + +#define debug(fmt, ...) do { \ + if (debugging) \ + fprintf(stderr, fmt, ## __VA_ARGS__); \ + } while (0) diff --git a/tools/testing/selftests/socket/scm_rights_recv.c b/tools/testing/selftests/socket/scm_rights_recv.c new file mode 100644 index 000000000000..4c916e43c319 --- /dev/null +++ b/tools/testing/selftests/socket/scm_rights_recv.c @@ -0,0 +1,168 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * scm_rights_recv.c + * + * Copyright (C) Michael Kerrisk, 2020. + * + * Used in conjunction with scm_rights_send.c to demonstrate passing of + * file descriptors via a UNIX domain socket. + * + * This program receives a file descriptor sent to a UNIX domain socket. + * + * Usage is as shown in the usageErr() call below. + * + * File descriptors can be exchanged over stream or datagram sockets. This + * program uses stream sockets by default; the "-d" command-line option + * specifies that datagram sockets should be used instead. + * + * This program is Linux-specific. + */ +#include "scm_rights.h" + +#define BUF_SIZE 100 + +int +main(int argc, char *argv[]) +{ + int data, lfd, sfd, fd, opt; + ssize_t nr; + bool useDatagramSocket; + struct msghdr msgh; + struct iovec iov; + + /* Allocate a char array of suitable size to hold the ancillary data. + * However, since this buffer is in reality a 'struct cmsghdr', use a + * union to ensure that it is aligned as required for that structure. + * Alternatively, we could allocate the buffer using malloc(), which + * returns a buffer that satisfies the strictest alignment + * requirements of any type + */ + + union { + char buf[CMSG_SPACE(sizeof(int))]; + /* Space large enough to hold an 'int' */ + struct cmsghdr align; + } controlMsg; + struct cmsghdr *cmsgp; /* Pointer used to iterate through + * headers in ancillary data + */ + + /* Parse command-line options */ + + useDatagramSocket = false; + + while ((opt = getopt(argc, argv, "dD")) != -1) { + switch (opt) { + case 'd': + useDatagramSocket = true; + break; + + default: + usageErr("%s [-dD]\n" + " -D enable debugging\n" + " -d use datagram socket\n", argv[0]); + } + } + + /* Create socket bound to a well-known address. In the case where + * we are using stream sockets, also make the socket a listening + * socket and accept a connection on the socket. + */ + + if (remove(SOCK_PATH) == -1 && errno != ENOENT) + errExit("remove-%s", SOCK_PATH); + + if (useDatagramSocket) { + sfd = unixBind(SOCK_PATH, SOCK_DGRAM); + if (sfd == -1) + errExit("unixBind"); + + } else { + lfd = unixBind(SOCK_PATH, SOCK_STREAM); + if (lfd == -1) + errExit("unixBind"); + + if (listen(lfd, 5) == -1) + errExit("listen"); + + sfd = accept(lfd, NULL, NULL); + if (sfd == -1) + errExit("accept"); + } + + /* The 'msg_name' field can be set to point to a buffer where the + * kernel will place the address of the peer socket. However, we don't + * need the address of the peer, so we set this field to NULL. + */ + + msgh.msg_name = NULL; + msgh.msg_namelen = 0; + + /* Set fields of 'msgh' to point to buffer used to receive the (real) + * data read by recvmsg() + */ + + msgh.msg_iov = &iov; + msgh.msg_iovlen = 1; + iov.iov_base = &data; + iov.iov_len = sizeof(int); + + /* Set 'msgh' fields to describe the ancillary data buffer */ + + msgh.msg_control = controlMsg.buf; + msgh.msg_controllen = sizeof(controlMsg.buf); + + /* Receive real plus ancillary data */ + + nr = recvmsg(sfd, &msgh, 0); + if (nr == -1) + errExit("recvmsg"); + debug("recvmsg() returned %ld\n", (long) nr); + + if (nr > 0) + debug("Received data = %d\n", data); + + /* Get the address of the first 'cmsghdr' in the received + * ancillary data + */ + + cmsgp = CMSG_FIRSTHDR(&msgh); + + /* Check the validity of the 'cmsghdr' */ + + if (cmsgp == NULL || cmsgp->cmsg_len != CMSG_LEN(sizeof(int))) + fatal("bad cmsg header / message length"); + if (cmsgp->cmsg_level != SOL_SOCKET) + fatal("cmsg_level != SOL_SOCKET"); + if (cmsgp->cmsg_type != SCM_RIGHTS) + fatal("cmsg_type != SCM_RIGHTS"); + + /* The data area of the 'cmsghdr' is an 'int' (a file descriptor); + * copy that integer to a local variable. (The received file descriptor + * is typically a different file descriptor number than was used in the + * sending process.) + */ + + memcpy(&fd, CMSG_DATA(cmsgp), sizeof(int)); + debug("Received FD %d\n", fd); + + /* Having obtained the file descriptor, read the file's contents and + * print them on standard output + */ + + for (;;) { + char buf[BUF_SIZE]; + ssize_t numRead; + + numRead = read(fd, buf, BUF_SIZE); + if (numRead == -1) + errExit("read"); + + if (numRead == 0) + break; + + write(STDOUT_FILENO, buf, numRead); + } + + exit(EXIT_SUCCESS); +} diff --git a/tools/testing/selftests/socket/scm_rights_send.c b/tools/testing/selftests/socket/scm_rights_send.c new file mode 100644 index 000000000000..c5718d10a80d --- /dev/null +++ b/tools/testing/selftests/socket/scm_rights_send.c @@ -0,0 +1,144 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * scm_rights_send.c + * + * Copyright (C) Michael Kerrisk, 2020. + * + * Used in conjunction with scm_rights_recv.c to demonstrate passing of + * file descriptors via a UNIX domain socket. + * + * This program sends a file descriptor to a UNIX domain socket. + * + * Usage is as shown in the usageErr() call below. + * + * File descriptors can be exchanged over stream or datagram sockets. This + * program uses stream sockets by default; the "-d" command-line option + * specifies that datagram sockets should be used instead. + * + * This program is Linux-specific. + */ +#include "scm_rights.h" + +int +main(int argc, char *argv[]) +{ + int data, sfd, opt, fd; + ssize_t ns; + bool useDatagramSocket; + struct msghdr msgh; + struct iovec iov; + + /* Allocate a char array of suitable size to hold the ancillary data. + * However, since this buffer is in reality a 'struct cmsghdr', use a + * union to ensure that it is aligned as required for that structure. + * Alternatively, we could allocate the buffer using malloc(), which + * returns a buffer that satisfies the strictest alignment + * requirements of any type. + */ + + union { + char buf[CMSG_SPACE(sizeof(int))]; + /* Space large enough to hold an 'int' */ + struct cmsghdr align; + } controlMsg; + struct cmsghdr *cmsgp; /* Pointer used to iterate through + * headers in ancillary data + */ + + /* Parse command-line options */ + + useDatagramSocket = false; + + while ((opt = getopt(argc, argv, "dD")) != -1) { + switch (opt) { + case 'd': + useDatagramSocket = true; + break; + case 'D': + debugging = true; + break; + default: + usageErr("%s [-dD] file\n" + " -D enable debugging\n" + " -d use datagram socket\n", argv[0]); + } + } + + if (argc != optind + 1) + usageErr("%s [-dD] file\n", argv[0]); + + /* Open the file named on the command line */ + + fd = open(argv[optind], O_RDONLY); + if (fd == -1) + errExit("open"); + + /* The 'msg_name' field can be used to specify the address of the + * destination socket when sending a datagram. However, we do not + * need to use this field because we use connect() below, which sets + * a default outgoing address for datagrams. + */ + + msgh.msg_name = NULL; + msgh.msg_namelen = 0; + + /* On Linux, we must transmit at least 1 byte of real data in + * order to send ancillary data + */ + + msgh.msg_iov = &iov; + msgh.msg_iovlen = 1; + iov.iov_base = &data; + iov.iov_len = sizeof(int); + data = 12345; + debug("Sending data = %d\n", data); + + /* Set 'msgh' fields to describe the ancillary data buffer */ + + msgh.msg_control = controlMsg.buf; + msgh.msg_controllen = sizeof(controlMsg.buf); + + /* The control message buffer must be zero-initialized in order + * for the CMSG_NXTHDR() macro to work correctly. Although we + * don't need to use CMSG_NXTHDR() in this example (because + * there is only one block of ancillary data), we show this + * step to demonstrate best practice + */ + + memset(controlMsg.buf, 0, sizeof(controlMsg.buf)); + + /* Set message header to describe the ancillary data that + * we want to send + */ + + cmsgp = CMSG_FIRSTHDR(&msgh); + cmsgp->cmsg_len = CMSG_LEN(sizeof(int)); + cmsgp->cmsg_level = SOL_SOCKET; + cmsgp->cmsg_type = SCM_RIGHTS; + memcpy(CMSG_DATA(cmsgp), &fd, sizeof(int)); + + /* Connect to the peer socket */ + + sfd = unixConnect(SOCK_PATH, useDatagramSocket ? SOCK_DGRAM : SOCK_STREAM); + if (sfd == -1) + errExit("unixConnect"); + + debug("Sending FD %d\n", fd); + + /* Send real plus ancillary data */ + + ns = sendmsg(sfd, &msgh, 0); + if (ns == -1) + errExit("sendmsg"); + + debug("sendmsg() returned %ld\n", (long) ns); + + /* Once the file descriptor has been sent, it is no longer necessary + * to keep it open in the sending process + */ + + if (close(fd) == -1) + errExit("close"); + + exit(EXIT_SUCCESS); +} diff --git a/tools/testing/selftests/socket/simple_scm_rights.sh b/tools/testing/selftests/socket/simple_scm_rights.sh new file mode 100755 index 000000000000..31ea0fc1bb6d --- /dev/null +++ b/tools/testing/selftests/socket/simple_scm_rights.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0+ +set -e + +ret=0 +hello=$(cat hello.txt) + +rm -f scm_rights +(sleep 0.1; ./scm_rights_send hello.txt) & +out=$(./scm_rights_recv) + +if [ "$hello" != "$out" ] ; then + echo "FAIL: SCM_RIGHTS fd contents mismatch" + ret=1 +else + echo "ok: SOCK_STREAM" +fi + +rm -f scm_rights +(sleep 0.1; ./scm_rights_send -d hello.txt) & +out=$(./scm_rights_recv -d) + +if [ "$hello" != "$out" ] ; then + echo "FAIL: SCM_RIGHTS fd contents mismatch" + ret=1 +else + echo "ok: SOCK_DGRAM" +fi + +exit $ret diff --git a/tools/testing/selftests/socket/unix_sockets.c b/tools/testing/selftests/socket/unix_sockets.c new file mode 100644 index 000000000000..a7678fad1a16 --- /dev/null +++ b/tools/testing/selftests/socket/unix_sockets.c @@ -0,0 +1,88 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * unix_sockets.c + * + * Copyright (C) Michael Kerrisk, 2020. + * + * A package of useful routines for UNIX domain sockets. + */ +#include "unix_sockets.h" /* Declares functions defined here */ + +/* Build a UNIX domain socket address structure for 'path', returning + * it in 'addr'. Returns -1 on success, or 0 on error. + */ + +int +unixBuildAddress(const char *path, struct sockaddr_un *addr) +{ + if (addr == NULL || path == NULL) { + errno = EINVAL; + return -1; + } + + memset(addr, 0, sizeof(struct sockaddr_un)); + addr->sun_family = AF_UNIX; + if (strlen(path) < sizeof(addr->sun_path)) { + strncpy(addr->sun_path, path, sizeof(addr->sun_path) - 1); + return 0; + } else { + errno = ENAMETOOLONG; + return -1; + } +} + +/* Create a UNIX domain socket of type 'type' and connect it + * to the remote address specified by the 'path'. + * Return the socket descriptor on success, or -1 on error + */ + +int +unixConnect(const char *path, int type) +{ + int sd, savedErrno; + struct sockaddr_un addr; + + if (unixBuildAddress(path, &addr) == -1) + return -1; + + sd = socket(AF_UNIX, type, 0); + if (sd == -1) + return -1; + + if (connect(sd, (struct sockaddr *) &addr, + sizeof(struct sockaddr_un)) == -1) { + savedErrno = errno; + close(sd); /* Might change 'errno' */ + errno = savedErrno; + return -1; + } + + return sd; +} + +/* Create a UNIX domain socket and bind it to 'path'. + * Return the socket descriptor on success, or -1 on error. + */ + +int +unixBind(const char *path, int type) +{ + int sd, savedErrno; + struct sockaddr_un addr; + + if (unixBuildAddress(path, &addr) == -1) + return -1; + + sd = socket(AF_UNIX, type, 0); + if (sd == -1) + return -1; + + if (bind(sd, (struct sockaddr *) &addr, sizeof(struct sockaddr_un)) == -1) { + savedErrno = errno; + close(sd); /* Might change 'errno' */ + errno = savedErrno; + return -1; + } + + return sd; +} diff --git a/tools/testing/selftests/socket/unix_sockets.h b/tools/testing/selftests/socket/unix_sockets.h new file mode 100644 index 000000000000..e03a5aecd10c --- /dev/null +++ b/tools/testing/selftests/socket/unix_sockets.h @@ -0,0 +1,23 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * unix_sockets.h + * + * Copyright (C) Michael Kerrisk, 2020. + * + * Header file for unix_sockets.c. + */ +#ifndef UNIX_SOCKETS_H +#define UNIX_SOCKETS_H /* Prevent accidental double inclusion */ + +#include <errno.h> +#include <unistd.h> +#include <sys/socket.h> +#include <sys/un.h> + +int unixBuildAddress(const char *path, struct sockaddr_un *addr); + +int unixConnect(const char *path, int type); + +int unixBind(const char *path, int type); + +#endif -- 2.25.1 -- Kees Cook

4 years, 8 months

2
1
0 0

[PATCH] kunit: added lockdep support

by Uriel Guajardo

From: Uriel Guajardo <urielguajardo(a)google.com> KUnit tests will now fail if lockdep detects an error during a test case. The idea comes from how lib/locking-selftest [1] checks for lock errors: we first if lock debugging is turned on. If not, an error must have occurred, so we fail the test and restart lockdep for the next test case. Like the locking selftests, we also fix possible preemption count corruption from lock bugs. Depends on kunit: support failure from dynamic analysis tools [2] [1] https://elixir.bootlin.com/linux/v5.7.12/source/lib/locking-selftest.c#L1137 [2] https://lore.kernel.org/linux-kselftest/20200806174326.3577537-1-urielguaja… Signed-off-by: Uriel Guajardo <urielguajardo(a)google.com> --- lib/kunit/test.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/lib/kunit/test.c b/lib/kunit/test.c index d8189d827368..0838ececa005 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -11,6 +11,8 @@ #include <linux/kref.h> #include <linux/sched/debug.h> #include <linux/sched.h> +#include <linux/lockdep.h> +#include <linux/debug_locks.h> #include "debugfs.h" #include "string-stream.h" @@ -22,6 +24,26 @@ void kunit_fail_current_test(void) kunit_set_failure(current->kunit_test); } +static inline void kunit_check_locking_bugs(struct kunit *test, + unsigned long saved_preempt_count) +{ + preempt_count_set(saved_preempt_count); +#ifdef CONFIG_TRACE_IRQFLAGS + if (softirq_count()) + current->softirqs_enabled = 0; + else + current->softirqs_enabled = 1; +#endif +#if IS_ENABLED(CONFIG_LOCKDEP) + local_irq_disable(); + if (!debug_locks) { + kunit_set_failure(test); + lockdep_reset(); + } + local_irq_enable(); +#endif +} + static void kunit_print_tap_version(void) { static bool kunit_has_printed_tap_version; @@ -289,6 +311,7 @@ static void kunit_try_run_case(void *data) struct kunit *test = ctx->test; struct kunit_suite *suite = ctx->suite; struct kunit_case *test_case = ctx->test_case; + unsigned long saved_preempt_count = preempt_count(); current->kunit_test = test; @@ -298,7 +321,8 @@ static void kunit_try_run_case(void *data) * thread will resume control and handle any necessary clean up. */ kunit_run_case_internal(test, suite, test_case); - /* This line may never be reached. */ + /* These lines may never be reached. */ + kunit_check_locking_bugs(test, saved_preempt_count); kunit_run_case_cleanup(test, suite); } -- 2.28.0.236.gb10cc79966-goog

4 years, 8 months

4
5
0 0

[PATCHv3] selftests/timers: Turn off timeout setting

by Po-Hsu Lin

The following 4 tests in timers can take longer than the default 45 seconds that added in commit 852c8cbf34d3 ("selftests/kselftest/runner.sh: Add 45 second timeout per test") to run: * nsleep-lat - 2m7.350s * set-timer-lat - 2m0.66s * inconsistency-check - 1m45.074s * raw_skew - 2m0.013s Thus they will be marked as failed with the current 45s setting: not ok 3 selftests: timers: nsleep-lat # TIMEOUT not ok 4 selftests: timers: set-timer-lat # TIMEOUT not ok 6 selftests: timers: inconsistency-check # TIMEOUT not ok 7 selftests: timers: raw_skew # TIMEOUT Disable the timeout setting for timers can make these tests finish properly: ok 3 selftests: timers: nsleep-lat ok 4 selftests: timers: set-timer-lat ok 6 selftests: timers: inconsistency-check ok 7 selftests: timers: raw_skew https://bugs.launchpad.net/bugs/1864626 Fixes: 852c8cbf34d3 ("selftests/kselftest/runner.sh: Add 45 second timeout per test") Signed-off-by: Po-Hsu Lin <po-hsu.lin(a)canonical.com> --- tools/testing/selftests/timers/Makefile | 1 + tools/testing/selftests/timers/settings | 1 + 2 files changed, 2 insertions(+) create mode 100644 tools/testing/selftests/timers/settings diff --git a/tools/testing/selftests/timers/Makefile b/tools/testing/selftests/timers/Makefile index 7656c7c..0e73a16 100644 --- a/tools/testing/selftests/timers/Makefile +++ b/tools/testing/selftests/timers/Makefile @@ -13,6 +13,7 @@ DESTRUCTIVE_TESTS = alarmtimer-suspend valid-adjtimex adjtick change_skew \ TEST_GEN_PROGS_EXTENDED = $(DESTRUCTIVE_TESTS) +TEST_FILES := settings include ../lib.mk diff --git a/tools/testing/selftests/timers/settings b/tools/testing/selftests/timers/settings new file mode 100644 index 0000000..e7b9417 --- /dev/null +++ b/tools/testing/selftests/timers/settings @@ -0,0 +1 @@ +timeout=0 -- 2.7.4

4 years, 8 months

3
4
0 0

[PATCH v11 0/6] KASAN-KUnit Integration

by David Gow

This patchset contains everything needed to integrate KASAN and KUnit. KUnit will be able to: (1) Fail tests when an unexpected KASAN error occurs (2) Pass tests when an expected KASAN error occurs Convert KASAN tests to KUnit with the exception of copy_user_test because KUnit is unable to test those. Add documentation on how to run the KASAN tests with KUnit and what to expect when running these tests. This patchset depends on: - "kunit: extend kunit resources API" [1] - This is included in the KUnit 5.9-rci pull request[8] I'd _really_ like to get this into 5.9 if possible: we also have some other changes which depend on some things here. Changes from v10: - Fixed some whitespace issues in patch 2. - Split out the renaming of the KUnit test suite into a separate patch. Changes from v9: - Rebased on top of linux-next (20200731) + kselftest/kunit and [7] - Note that the kasan_rcu_uaf test has not been ported to KUnit, and remains in test_kasan_module. This is because: (a) KUnit's expect failure will not check if the RCU stacktraces show. (b) KUnit is unable to link the failure to the test, as it occurs in an RCU callback. Changes from v8: - Rebased on top of kselftest/kunit - (Which, with this patchset, should rebase cleanly on 5.8-rc7) - Renamed the KUnit test suite, config name to patch the proposed naming guidelines for KUnit tests[6] Changes from v7: - Rebased on top of kselftest/kunit - Rebased on top of v4 of the kunit resources API[1] - Rebased on top of v4 of the FORTIFY_SOURCE fix[2,3,4] - Updated the Kconfig entry to support KUNIT_ALL_TESTS Changes from v6: - Rebased on top of kselftest/kunit - Rebased on top of Daniel Axtens' fix for FORTIFY_SOURCE incompatibilites [2] - Removed a redundant report_enabled() check. - Fixed some places with out of date Kconfig names in the documentation. Changes from v5: - Split out the panic_on_warn changes to a separate patch. - Fix documentation to fewer to the new Kconfig names. - Fix some changes which were in the wrong patch. - Rebase on top of kselftest/kunit (currently identical to 5.7-rc1) Changes from v4: - KASAN no longer will panic on errors if both panic_on_warn and kasan_multishot are enabled. - As a result, the KASAN tests will no-longer disable panic_on_warn. - This also means panic_on_warn no-longer needs to be exported. - The use of temporary "kasan_data" variables has been cleaned up somewhat. - A potential refcount/resource leak should multiple KASAN errors appear during an assertion was fixed. - Some wording changes to the KASAN test Kconfig entries. Changes from v3: - KUNIT_SET_KASAN_DATA and KUNIT_DO_EXPECT_KASAN_FAIL have been combined and included in KUNIT_DO_EXPECT_KASAN_FAIL() instead. - Reordered logic in kasan_update_kunit_status() in report.c to be easier to read. - Added comment to not use the name "kasan_data" for any kunit tests outside of KUNIT_EXPECT_KASAN_FAIL(). Changes since v2: - Due to Alan's changes in [1], KUnit can be built as a module. - The name of the tests that could not be run with KUnit has been changed to be more generic: test_kasan_module. - Documentation on how to run the new KASAN tests and what to expect when running them has been added. - Some variables and functions are now static. - Now save/restore panic_on_warn in a similar way to kasan_multi_shot and renamed the init/exit functions to be more generic to accommodate. - Due to [4] in kasan_strings, kasan_memchr, and kasan_memcmp will fail if CONFIG_AMD_MEM_ENCRYPT is enabled so return early and print message explaining this circumstance. - Changed preprocessor checks to C checks where applicable. Changes since v1: - Make use of Alan Maguire's suggestion to use his patch that allows static resources for integration instead of adding a new attribute to the kunit struct - All KUNIT_EXPECT_KASAN_FAIL statements are local to each test - The definition of KUNIT_EXPECT_KASAN_FAIL is local to the test_kasan.c file since it seems this is the only place this will be used. - Integration relies on KUnit being builtin - copy_user_test has been separated into its own file since KUnit is unable to test these. This can be run as a module just as before, using CONFIG_TEST_KASAN_USER - The addition to the current task has been separated into its own patch as this is a significant enough change to be on its own. [1] https://lore.kernel.org/linux-kselftest/CAFd5g46Uu_5TG89uOm0Dj5CMq+11cwjBns… [2] https://lore.kernel.org/linux-mm/20200424145521.8203-1-dja@axtens.net/ [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [5] https://bugzilla.kernel.org/show_bug.cgi?id=206337 [6] https://lore.kernel.org/linux-kselftest/20200620054944.167330-1-davidgow@go… [7] https://lkml.org/lkml/2020/7/31/571 [8] https://lore.kernel.org/linux-kselftest/8d43e88e-1356-cd63-9152-209b81b1674… David Gow (2): kasan: test: Make KASAN KUnit test comply with naming guidelines mm: kasan: Do not panic if both panic_on_warn and kasan_multishot set Patricia Alfonso (4): Add KUnit Struct to Current Task KUnit: KASAN Integration KASAN: Port KASAN Tests to KUnit KASAN: Testing Documentation Documentation/dev-tools/kasan.rst | 70 +++ include/kunit/test.h | 5 + include/linux/kasan.h | 6 + include/linux/sched.h | 4 + lib/Kconfig.kasan | 22 +- lib/Makefile | 7 +- lib/kasan_kunit.c | 770 +++++++++++++++++++++++++ lib/kunit/test.c | 13 +- lib/test_kasan.c | 903 ------------------------------ lib/test_kasan_module.c | 111 ++++ mm/kasan/report.c | 34 +- 11 files changed, 1028 insertions(+), 917 deletions(-) create mode 100644 lib/kasan_kunit.c delete mode 100644 lib/test_kasan.c create mode 100644 lib/test_kasan_module.c -- 2.28.0.163.g6104cc2f0b6-goog

4 years, 8 months

2
10
0 0

[PATCH] kvm: selftests: fix spelling mistake: "missmatch" -> "missmatch"

by Colin King

From: Colin Ian King <colin.king(a)canonical.com> There is a spelling mistake in an error message. Fix it. Signed-off-by: Colin Ian King <colin.king(a)canonical.com> --- tools/testing/selftests/kvm/lib/sparsebit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/lib/sparsebit.c b/tools/testing/selftests/kvm/lib/sparsebit.c index 031ba3c932ed..59ffba902e61 100644 --- a/tools/testing/selftests/kvm/lib/sparsebit.c +++ b/tools/testing/selftests/kvm/lib/sparsebit.c @@ -1866,7 +1866,7 @@ void sparsebit_validate_internal(struct sparsebit *s) * of total bits set. */ if (s->num_set != total_bits_set) { - fprintf(stderr, "Number of bits set missmatch,\n" + fprintf(stderr, "Number of bits set mismatch,\n" " s->num_set: 0x%lx total_bits_set: 0x%lx", s->num_set, total_bits_set); -- 2.27.0

4 years, 8 months

2
1
0 0

[PATCH v2] lib: Convert test_hexdump.c to KUnit

by Arpitha Raghunandan

Converts test lib/test_hexdump.c to KUnit. More information about KUnit can be found at https://www.kernel.org/doc/html/latest/dev-tools/kunit/index.html. KUnit provides a common framework for unit tests in the kernel. Signed-off-by: Arpitha Raghunandan <98.arpi(a)gmail.com> --- Changes v1->v2: - Replace KUNIT_EXPECT_EQ() with KUNIT_EXPECT_EQ_MSG() - Replace KUNIT_EXPECT_NE() with KUNIT_EXPECT_NE_MSG() - Prints expected and real buffer values in case of test failure lib/Kconfig.debug | 7 +- lib/Makefile | 2 +- lib/{test_hexdump.c => hexdump_kunit.c} | 85 ++++++++++--------------- 3 files changed, 40 insertions(+), 54 deletions(-) rename lib/{test_hexdump.c => hexdump_kunit.c} (74%) diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index a164785c3b48..20efea177e02 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2003,9 +2003,6 @@ config ASYNC_RAID6_TEST If unsure, say N. -config TEST_HEXDUMP - tristate "Test functions located in the hexdump module at runtime" - config TEST_STRING_HELPERS tristate "Test functions located in the string_helpers module at runtime" @@ -2224,6 +2221,10 @@ config LINEAR_RANGES_TEST If unsure, say N. +config HEXDUMP_KUNIT_TEST + tristate "KUnit test for functions located in the hexdump module at runtime" + depends on KUNIT + config TEST_UDELAY tristate "udelay test driver" help diff --git a/lib/Makefile b/lib/Makefile index f39962104036..73ae79e36cc9 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -53,7 +53,6 @@ obj-$(CONFIG_STRING_SELFTEST) += test_string.o obj-y += string_helpers.o obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o obj-y += hexdump.o -obj-$(CONFIG_TEST_HEXDUMP) += test_hexdump.o obj-y += kstrtox.o obj-$(CONFIG_FIND_BIT_BENCHMARK) += find_bit_benchmark.o obj-$(CONFIG_TEST_BPF) += test_bpf.o @@ -345,3 +344,4 @@ obj-$(CONFIG_PLDMFW) += pldmfw/ # KUnit tests obj-$(CONFIG_LIST_KUNIT_TEST) += list-test.o obj-$(CONFIG_LINEAR_RANGES_TEST) += test_linear_ranges.o +obj-$(CONFIG_HEXDUMP_KUNIT_TEST) += hexdump_kunit.o diff --git a/lib/test_hexdump.c b/lib/hexdump_kunit.c similarity index 74% rename from lib/test_hexdump.c rename to lib/hexdump_kunit.c index 5144899d3c6b..fea074b8c2e5 100644 --- a/lib/test_hexdump.c +++ b/lib/hexdump_kunit.c @@ -3,6 +3,7 @@ */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt +#include <kunit/test.h> #include <linux/init.h> #include <linux/kernel.h> #include <linux/module.h> @@ -61,10 +62,7 @@ static const char * const test_data_8_be[] __initconst = { #define FILL_CHAR '#' -static unsigned total_tests __initdata; -static unsigned failed_tests __initdata; - -static void __init test_hexdump_prepare_test(size_t len, int rowsize, +static void test_hexdump_prepare_test(size_t len, int rowsize, int groupsize, char *test, size_t testlen, bool ascii) { @@ -122,14 +120,12 @@ static void __init test_hexdump_prepare_test(size_t len, int rowsize, #define TEST_HEXDUMP_BUF_SIZE (32 * 3 + 2 + 32 + 1) -static void __init test_hexdump(size_t len, int rowsize, int groupsize, - bool ascii) +static void test_hexdump(struct kunit *kunittest, size_t len, int rowsize, + int groupsize, bool ascii) { char test[TEST_HEXDUMP_BUF_SIZE]; char real[TEST_HEXDUMP_BUF_SIZE]; - total_tests++; - memset(real, FILL_CHAR, sizeof(real)); hex_dump_to_buffer(data_b, len, rowsize, groupsize, real, sizeof(real), ascii); @@ -138,28 +134,25 @@ static void __init test_hexdump(size_t len, int rowsize, int groupsize, test_hexdump_prepare_test(len, rowsize, groupsize, test, sizeof(test), ascii); - if (memcmp(test, real, TEST_HEXDUMP_BUF_SIZE)) { - pr_err("Len: %zu row: %d group: %d\n", len, rowsize, groupsize); - pr_err("Result: '%s'\n", real); - pr_err("Expect: '%s'\n", test); - failed_tests++; - } + KUNIT_EXPECT_EQ_MSG(kunittest, 0, memcmp(test, real, TEST_HEXDUMP_BUF_SIZE), + "Len: %zu row: %d group: %d\nResult: '%s'\nExpect: '%s'\n", + len, rowsize, groupsize, real, test); } -static void __init test_hexdump_set(int rowsize, bool ascii) +static void test_hexdump_set(struct kunit *test, int rowsize, bool ascii) { size_t d = min_t(size_t, sizeof(data_b), rowsize); size_t len = get_random_int() % d + 1; - test_hexdump(len, rowsize, 4, ascii); - test_hexdump(len, rowsize, 2, ascii); - test_hexdump(len, rowsize, 8, ascii); - test_hexdump(len, rowsize, 1, ascii); + test_hexdump(test, len, rowsize, 4, ascii); + test_hexdump(test, len, rowsize, 2, ascii); + test_hexdump(test, len, rowsize, 8, ascii); + test_hexdump(test, len, rowsize, 1, ascii); } -static void __init test_hexdump_overflow(size_t buflen, size_t len, - int rowsize, int groupsize, - bool ascii) +static void test_hexdump_overflow(struct kunit *kunittest, size_t buflen, + size_t len, int rowsize, + int groupsize, bool ascii) { char test[TEST_HEXDUMP_BUF_SIZE]; char buf[TEST_HEXDUMP_BUF_SIZE]; @@ -167,8 +160,6 @@ static void __init test_hexdump_overflow(size_t buflen, size_t len, int ae, he, e, f, r; bool a; - total_tests++; - memset(buf, FILL_CHAR, sizeof(buf)); r = hex_dump_to_buffer(data_b, len, rs, gs, buf, buflen, ascii); @@ -196,16 +187,12 @@ static void __init test_hexdump_overflow(size_t buflen, size_t len, buf[sizeof(buf) - 1] = '\0'; - if (!a) { - pr_err("Len: %zu buflen: %zu strlen: %zu\n", - len, buflen, strnlen(buf, sizeof(buf))); - pr_err("Result: %d '%s'\n", r, buf); - pr_err("Expect: %d '%s'\n", e, test); - failed_tests++; - } + KUNIT_EXPECT_NE_MSG(kunittest, 0, a, + "Len: %zu buflen: %zu strlen: %zu\nResult: %d '%s'\nExpect: %d '%s", + len, buflen, strnlen(buf, sizeof(buf)), r, buf, e, test); } -static void __init test_hexdump_overflow_set(size_t buflen, bool ascii) +static void test_hexdump_overflow_set(struct kunit *test, size_t buflen, bool ascii) { unsigned int i = 0; int rs = (get_random_int() % 2 + 1) * 16; @@ -214,43 +201,41 @@ static void __init test_hexdump_overflow_set(size_t buflen, bool ascii) int gs = 1 << i; size_t len = get_random_int() % rs + gs; - test_hexdump_overflow(buflen, rounddown(len, gs), rs, gs, ascii); + test_hexdump_overflow(test, buflen, rounddown(len, gs), rs, gs, ascii); } while (i++ < 3); } -static int __init test_hexdump_init(void) +static void test_hexdump_init(struct kunit *test) { unsigned int i; int rowsize; rowsize = (get_random_int() % 2 + 1) * 16; for (i = 0; i < 16; i++) - test_hexdump_set(rowsize, false); + test_hexdump_set(test, rowsize, false); rowsize = (get_random_int() % 2 + 1) * 16; for (i = 0; i < 16; i++) - test_hexdump_set(rowsize, true); + test_hexdump_set(test, rowsize, true); for (i = 0; i <= TEST_HEXDUMP_BUF_SIZE; i++) - test_hexdump_overflow_set(i, false); + test_hexdump_overflow_set(test, i, false); for (i = 0; i <= TEST_HEXDUMP_BUF_SIZE; i++) - test_hexdump_overflow_set(i, true); + test_hexdump_overflow_set(test, i, true); +} - if (failed_tests == 0) - pr_info("all %u tests passed\n", total_tests); - else - pr_err("failed %u out of %u tests\n", failed_tests, total_tests); +static struct kunit_case hexdump_test_cases[] = { + KUNIT_CASE(test_hexdump_init), + {} +}; - return failed_tests ? -EINVAL : 0; -} -module_init(test_hexdump_init); +static struct kunit_suite hexdump_test_suite = { + .name = "hexdump-kunit-test", + .test_cases = hexdump_test_cases, +}; -static void __exit test_hexdump_exit(void) -{ - /* do nothing */ -} -module_exit(test_hexdump_exit); +kunit_test_suite(hexdump_test_suite); MODULE_AUTHOR("Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>"); MODULE_LICENSE("Dual BSD/GPL"); -- 2.25.1

4 years, 8 months

2
1
0 0

[PATCH] lib: Convert test_hexdump.c to KUnit

by Arpitha Raghunandan

Converts test lib/test_hexdump.c to KUnit. More information about KUnit can be found at https://www.kernel.org/doc/html/latest/dev-tools/kunit/index.html. KUnit provides a common framework for unit tests in the kernel. Signed-off-by: Arpitha Raghunandan <98.arpi(a)gmail.com> --- lib/Kconfig.debug | 7 ++- lib/Makefile | 2 +- lib/{test_hexdump.c => hexdump_kunit.c} | 81 ++++++++++--------------- 3 files changed, 36 insertions(+), 54 deletions(-) rename lib/{test_hexdump.c => hexdump_kunit.c} (74%) diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index a164785c3b48..20efea177e02 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2003,9 +2003,6 @@ config ASYNC_RAID6_TEST If unsure, say N. -config TEST_HEXDUMP - tristate "Test functions located in the hexdump module at runtime" - config TEST_STRING_HELPERS tristate "Test functions located in the string_helpers module at runtime" @@ -2224,6 +2221,10 @@ config LINEAR_RANGES_TEST If unsure, say N. +config HEXDUMP_KUNIT_TEST + tristate "KUnit test for functions located in the hexdump module at runtime" + depends on KUNIT + config TEST_UDELAY tristate "udelay test driver" help diff --git a/lib/Makefile b/lib/Makefile index 435f7f13b8aa..3819d42a4681 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -54,7 +54,6 @@ obj-$(CONFIG_STRING_SELFTEST) += test_string.o obj-y += string_helpers.o obj-$(CONFIG_TEST_STRING_HELPERS) += test-string_helpers.o obj-y += hexdump.o -obj-$(CONFIG_TEST_HEXDUMP) += test_hexdump.o obj-y += kstrtox.o obj-$(CONFIG_FIND_BIT_BENCHMARK) += find_bit_benchmark.o obj-$(CONFIG_TEST_BPF) += test_bpf.o @@ -346,3 +345,4 @@ obj-$(CONFIG_PLDMFW) += pldmfw/ # KUnit tests obj-$(CONFIG_LIST_KUNIT_TEST) += list-test.o obj-$(CONFIG_LINEAR_RANGES_TEST) += test_linear_ranges.o +obj-$(CONFIG_HEXDUMP_KUNIT_TEST) += hexdump_kunit.o diff --git a/lib/test_hexdump.c b/lib/hexdump_kunit.c similarity index 74% rename from lib/test_hexdump.c rename to lib/hexdump_kunit.c index 5144899d3c6b..8f8d80114a92 100644 --- a/lib/test_hexdump.c +++ b/lib/hexdump_kunit.c @@ -3,6 +3,7 @@ */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt +#include <kunit/test.h> #include <linux/init.h> #include <linux/kernel.h> #include <linux/module.h> @@ -61,10 +62,7 @@ static const char * const test_data_8_be[] __initconst = { #define FILL_CHAR '#' -static unsigned total_tests __initdata; -static unsigned failed_tests __initdata; - -static void __init test_hexdump_prepare_test(size_t len, int rowsize, +static void test_hexdump_prepare_test(size_t len, int rowsize, int groupsize, char *test, size_t testlen, bool ascii) { @@ -122,14 +120,12 @@ static void __init test_hexdump_prepare_test(size_t len, int rowsize, #define TEST_HEXDUMP_BUF_SIZE (32 * 3 + 2 + 32 + 1) -static void __init test_hexdump(size_t len, int rowsize, int groupsize, - bool ascii) +static void test_hexdump(struct kunit *kunittest, size_t len, int rowsize, + int groupsize, bool ascii) { char test[TEST_HEXDUMP_BUF_SIZE]; char real[TEST_HEXDUMP_BUF_SIZE]; - total_tests++; - memset(real, FILL_CHAR, sizeof(real)); hex_dump_to_buffer(data_b, len, rowsize, groupsize, real, sizeof(real), ascii); @@ -138,28 +134,23 @@ static void __init test_hexdump(size_t len, int rowsize, int groupsize, test_hexdump_prepare_test(len, rowsize, groupsize, test, sizeof(test), ascii); - if (memcmp(test, real, TEST_HEXDUMP_BUF_SIZE)) { - pr_err("Len: %zu row: %d group: %d\n", len, rowsize, groupsize); - pr_err("Result: '%s'\n", real); - pr_err("Expect: '%s'\n", test); - failed_tests++; - } + KUNIT_EXPECT_EQ(kunittest, 0, memcmp(test, real, TEST_HEXDUMP_BUF_SIZE)); } -static void __init test_hexdump_set(int rowsize, bool ascii) +static void test_hexdump_set(struct kunit *test, int rowsize, bool ascii) { size_t d = min_t(size_t, sizeof(data_b), rowsize); size_t len = get_random_int() % d + 1; - test_hexdump(len, rowsize, 4, ascii); - test_hexdump(len, rowsize, 2, ascii); - test_hexdump(len, rowsize, 8, ascii); - test_hexdump(len, rowsize, 1, ascii); + test_hexdump(test, len, rowsize, 4, ascii); + test_hexdump(test, len, rowsize, 2, ascii); + test_hexdump(test, len, rowsize, 8, ascii); + test_hexdump(test, len, rowsize, 1, ascii); } -static void __init test_hexdump_overflow(size_t buflen, size_t len, - int rowsize, int groupsize, - bool ascii) +static void test_hexdump_overflow(struct kunit *kunittest, size_t buflen, + size_t len, int rowsize, + int groupsize, bool ascii) { char test[TEST_HEXDUMP_BUF_SIZE]; char buf[TEST_HEXDUMP_BUF_SIZE]; @@ -167,8 +158,6 @@ static void __init test_hexdump_overflow(size_t buflen, size_t len, int ae, he, e, f, r; bool a; - total_tests++; - memset(buf, FILL_CHAR, sizeof(buf)); r = hex_dump_to_buffer(data_b, len, rs, gs, buf, buflen, ascii); @@ -196,16 +185,10 @@ static void __init test_hexdump_overflow(size_t buflen, size_t len, buf[sizeof(buf) - 1] = '\0'; - if (!a) { - pr_err("Len: %zu buflen: %zu strlen: %zu\n", - len, buflen, strnlen(buf, sizeof(buf))); - pr_err("Result: %d '%s'\n", r, buf); - pr_err("Expect: %d '%s'\n", e, test); - failed_tests++; - } + KUNIT_EXPECT_NE(kunittest, 0, a); } -static void __init test_hexdump_overflow_set(size_t buflen, bool ascii) +static void test_hexdump_overflow_set(struct kunit *test, size_t buflen, bool ascii) { unsigned int i = 0; int rs = (get_random_int() % 2 + 1) * 16; @@ -214,43 +197,41 @@ static void __init test_hexdump_overflow_set(size_t buflen, bool ascii) int gs = 1 << i; size_t len = get_random_int() % rs + gs; - test_hexdump_overflow(buflen, rounddown(len, gs), rs, gs, ascii); + test_hexdump_overflow(test, buflen, rounddown(len, gs), rs, gs, ascii); } while (i++ < 3); } -static int __init test_hexdump_init(void) +static void test_hexdump_init(struct kunit *test) { unsigned int i; int rowsize; rowsize = (get_random_int() % 2 + 1) * 16; for (i = 0; i < 16; i++) - test_hexdump_set(rowsize, false); + test_hexdump_set(test, rowsize, false); rowsize = (get_random_int() % 2 + 1) * 16; for (i = 0; i < 16; i++) - test_hexdump_set(rowsize, true); + test_hexdump_set(test, rowsize, true); for (i = 0; i <= TEST_HEXDUMP_BUF_SIZE; i++) - test_hexdump_overflow_set(i, false); + test_hexdump_overflow_set(test, i, false); for (i = 0; i <= TEST_HEXDUMP_BUF_SIZE; i++) - test_hexdump_overflow_set(i, true); + test_hexdump_overflow_set(test, i, true); +} - if (failed_tests == 0) - pr_info("all %u tests passed\n", total_tests); - else - pr_err("failed %u out of %u tests\n", failed_tests, total_tests); +static struct kunit_case hexdump_test_cases[] = { + KUNIT_CASE(test_hexdump_init), + {} +}; - return failed_tests ? -EINVAL : 0; -} -module_init(test_hexdump_init); +static struct kunit_suite hexdump_test_suite = { + .name = "hexdump-kunit-test", + .test_cases = hexdump_test_cases, +}; -static void __exit test_hexdump_exit(void) -{ - /* do nothing */ -} -module_exit(test_hexdump_exit); +kunit_test_suite(hexdump_test_suite); MODULE_AUTHOR("Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>"); MODULE_LICENSE("Dual BSD/GPL"); -- 2.25.1

4 years, 8 months

4
4
0 0

[PATCH AUTOSEL 5.4 35/40] seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID

by Sasha Levin

From: Kees Cook <keescook(a)chromium.org> [ Upstream commit 47e33c05f9f07cac3de833e531bcac9ae052c7ca ] When SECCOMP_IOCTL_NOTIF_ID_VALID was first introduced it had the wrong direction flag set. While this isn't a big deal as nothing currently enforces these bits in the kernel, it should be defined correctly. Fix the define and provide support for the old command until it is no longer needed for backward compatibility. Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") Signed-off-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/uapi/linux/seccomp.h | 3 ++- kernel/seccomp.c | 9 +++++++++ tools/testing/selftests/seccomp/seccomp_bpf.c | 2 +- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h index 90734aa5aa363..b5f901af79f0b 100644 --- a/include/uapi/linux/seccomp.h +++ b/include/uapi/linux/seccomp.h @@ -93,5 +93,6 @@ struct seccomp_notif_resp { #define SECCOMP_IOCTL_NOTIF_RECV SECCOMP_IOWR(0, struct seccomp_notif) #define SECCOMP_IOCTL_NOTIF_SEND SECCOMP_IOWR(1, \ struct seccomp_notif_resp) -#define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOR(2, __u64) +#define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOW(2, __u64) + #endif /* _UAPI_LINUX_SECCOMP_H */ diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 2c697ce7be21f..e0fd972356539 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -42,6 +42,14 @@ #include <linux/uaccess.h> #include <linux/anon_inodes.h> +/* + * When SECCOMP_IOCTL_NOTIF_ID_VALID was first introduced, it had the + * wrong direction flag in the ioctl number. This is the broken one, + * which the kernel needs to keep supporting until all userspaces stop + * using the wrong command number. + */ +#define SECCOMP_IOCTL_NOTIF_ID_VALID_WRONG_DIR SECCOMP_IOR(2, __u64) + enum notify_state { SECCOMP_NOTIFY_INIT, SECCOMP_NOTIFY_SENT, @@ -1168,6 +1176,7 @@ static long seccomp_notify_ioctl(struct file *file, unsigned int cmd, return seccomp_notify_recv(filter, buf); case SECCOMP_IOCTL_NOTIF_SEND: return seccomp_notify_send(filter, buf); + case SECCOMP_IOCTL_NOTIF_ID_VALID_WRONG_DIR: case SECCOMP_IOCTL_NOTIF_ID_VALID: return seccomp_notify_id_valid(filter, buf); default: diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 96bbda4f10fc6..19c7351eeb74b 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -177,7 +177,7 @@ struct seccomp_metadata { #define SECCOMP_IOCTL_NOTIF_RECV SECCOMP_IOWR(0, struct seccomp_notif) #define SECCOMP_IOCTL_NOTIF_SEND SECCOMP_IOWR(1, \ struct seccomp_notif_resp) -#define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOR(2, __u64) +#define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOW(2, __u64) struct seccomp_notif { __u64 id; -- 2.25.1

4 years, 8 months

1
0
0 0

[PATCH AUTOSEL 5.7 49/58] seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID

by Sasha Levin

From: Kees Cook <keescook(a)chromium.org> [ Upstream commit 47e33c05f9f07cac3de833e531bcac9ae052c7ca ] When SECCOMP_IOCTL_NOTIF_ID_VALID was first introduced it had the wrong direction flag set. While this isn't a big deal as nothing currently enforces these bits in the kernel, it should be defined correctly. Fix the define and provide support for the old command until it is no longer needed for backward compatibility. Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") Signed-off-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/uapi/linux/seccomp.h | 3 ++- kernel/seccomp.c | 9 +++++++++ tools/testing/selftests/seccomp/seccomp_bpf.c | 2 +- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h index c1735455bc536..965290f7dcc28 100644 --- a/include/uapi/linux/seccomp.h +++ b/include/uapi/linux/seccomp.h @@ -123,5 +123,6 @@ struct seccomp_notif_resp { #define SECCOMP_IOCTL_NOTIF_RECV SECCOMP_IOWR(0, struct seccomp_notif) #define SECCOMP_IOCTL_NOTIF_SEND SECCOMP_IOWR(1, \ struct seccomp_notif_resp) -#define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOR(2, __u64) +#define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOW(2, __u64) + #endif /* _UAPI_LINUX_SECCOMP_H */ diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 55a6184f59903..63e283c4c58eb 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -42,6 +42,14 @@ #include <linux/uaccess.h> #include <linux/anon_inodes.h> +/* + * When SECCOMP_IOCTL_NOTIF_ID_VALID was first introduced, it had the + * wrong direction flag in the ioctl number. This is the broken one, + * which the kernel needs to keep supporting until all userspaces stop + * using the wrong command number. + */ +#define SECCOMP_IOCTL_NOTIF_ID_VALID_WRONG_DIR SECCOMP_IOR(2, __u64) + enum notify_state { SECCOMP_NOTIFY_INIT, SECCOMP_NOTIFY_SENT, @@ -1186,6 +1194,7 @@ static long seccomp_notify_ioctl(struct file *file, unsigned int cmd, return seccomp_notify_recv(filter, buf); case SECCOMP_IOCTL_NOTIF_SEND: return seccomp_notify_send(filter, buf); + case SECCOMP_IOCTL_NOTIF_ID_VALID_WRONG_DIR: case SECCOMP_IOCTL_NOTIF_ID_VALID: return seccomp_notify_id_valid(filter, buf); default: diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index c0aa46ce14f6c..c84c7b50331c6 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -180,7 +180,7 @@ struct seccomp_metadata { #define SECCOMP_IOCTL_NOTIF_RECV SECCOMP_IOWR(0, struct seccomp_notif) #define SECCOMP_IOCTL_NOTIF_SEND SECCOMP_IOWR(1, \ struct seccomp_notif_resp) -#define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOR(2, __u64) +#define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOW(2, __u64) struct seccomp_notif { __u64 id; -- 2.25.1

4 years, 8 months

1
0
0 0

[PATCH AUTOSEL 5.8 64/72] kunit: tool: fix improper treatment of file location

by Sasha Levin

From: Brendan Higgins <brendanhiggins(a)google.com> [ Upstream commit d43c7fb05765152d4d4a39a8ef957c4ea14d8847 ] Commit 01397e822af4 ("kunit: Fix TabError, remove defconfig code and handle when there is no kunitconfig") and commit 45ba7a893ad8 ("kunit: kunit_tool: Separate out config/build/exec/parse") introduced two closely related issues which built off of each other: they excessively created the build directory when not present and modified a constant (constants in Python only exist by convention). Together these issues broken a number of unit tests for KUnit tool, so fix them. Fixed up commit log to fic checkpatch commit description style error. Shuah Khan <skhan(a)linuxfoundation.org> Fixes: 01397e822af4 ("kunit: Fix TabError, remove defconfig code and handle when there is no kunitconfig") Fixes: 45ba7a893ad8 ("kunit: kunit_tool: Separate out config/build/exec/parse") Signed-off-by: Brendan Higgins <brendanhiggins(a)google.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/kunit/kunit.py | 24 ------------------------ tools/testing/kunit/kunit_tool_test.py | 4 ++-- 2 files changed, 2 insertions(+), 26 deletions(-) diff --git a/tools/testing/kunit/kunit.py b/tools/testing/kunit/kunit.py index f9b769f3437dd..425ef40067e7e 100755 --- a/tools/testing/kunit/kunit.py +++ b/tools/testing/kunit/kunit.py @@ -240,12 +240,6 @@ def main(argv, linux=None): if cli_args.subcommand == 'run': if not os.path.exists(cli_args.build_dir): os.mkdir(cli_args.build_dir) - kunit_kernel.kunitconfig_path = os.path.join( - cli_args.build_dir, - kunit_kernel.kunitconfig_path) - - if not os.path.exists(kunit_kernel.kunitconfig_path): - create_default_kunitconfig() if not linux: linux = kunit_kernel.LinuxSourceTree() @@ -263,12 +257,6 @@ def main(argv, linux=None): if cli_args.build_dir: if not os.path.exists(cli_args.build_dir): os.mkdir(cli_args.build_dir) - kunit_kernel.kunitconfig_path = os.path.join( - cli_args.build_dir, - kunit_kernel.kunitconfig_path) - - if not os.path.exists(kunit_kernel.kunitconfig_path): - create_default_kunitconfig() if not linux: linux = kunit_kernel.LinuxSourceTree() @@ -285,12 +273,6 @@ def main(argv, linux=None): if cli_args.build_dir: if not os.path.exists(cli_args.build_dir): os.mkdir(cli_args.build_dir) - kunit_kernel.kunitconfig_path = os.path.join( - cli_args.build_dir, - kunit_kernel.kunitconfig_path) - - if not os.path.exists(kunit_kernel.kunitconfig_path): - create_default_kunitconfig() if not linux: linux = kunit_kernel.LinuxSourceTree() @@ -309,12 +291,6 @@ def main(argv, linux=None): if cli_args.build_dir: if not os.path.exists(cli_args.build_dir): os.mkdir(cli_args.build_dir) - kunit_kernel.kunitconfig_path = os.path.join( - cli_args.build_dir, - kunit_kernel.kunitconfig_path) - - if not os.path.exists(kunit_kernel.kunitconfig_path): - create_default_kunitconfig() if not linux: linux = kunit_kernel.LinuxSourceTree() diff --git a/tools/testing/kunit/kunit_tool_test.py b/tools/testing/kunit/kunit_tool_test.py index ee942d80bdd02..287c74d821c33 100755 --- a/tools/testing/kunit/kunit_tool_test.py +++ b/tools/testing/kunit/kunit_tool_test.py @@ -251,7 +251,7 @@ class KUnitMainTest(unittest.TestCase): pass def test_config_passes_args_pass(self): - kunit.main(['config'], self.linux_source_mock) + kunit.main(['config', '--build_dir=.kunit'], self.linux_source_mock) assert self.linux_source_mock.build_reconfig.call_count == 1 assert self.linux_source_mock.run_kernel.call_count == 0 @@ -326,7 +326,7 @@ class KUnitMainTest(unittest.TestCase): def test_run_builddir(self): build_dir = '.kunit' - kunit.main(['run', '--build_dir', build_dir], self.linux_source_mock) + kunit.main(['run', '--build_dir=.kunit'], self.linux_source_mock) assert self.linux_source_mock.build_reconfig.call_count == 1 self.linux_source_mock.run_kernel.assert_called_once_with( build_dir=build_dir, timeout=300) -- 2.25.1

4 years, 8 months

1
0
0 0

[PATCH AUTOSEL 5.8 63/72] kunit: tool: fix broken default args in unit tests

by Sasha Levin

From: Brendan Higgins <brendanhiggins(a)google.com> [ Upstream commit 6816fe61bda8c819c368ad2002cd27172ecb79de ] Commit ddbd60c779b4 ("kunit: use --build_dir=.kunit as default") changed the default build directory for KUnit tests, but failed to update associated unit tests for kunit_tool, so update them. Fixes: ddbd60c779b4 ("kunit: use --build_dir=.kunit as default") Signed-off-by: Brendan Higgins <brendanhiggins(a)google.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/kunit/kunit_tool_test.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/testing/kunit/kunit_tool_test.py b/tools/testing/kunit/kunit_tool_test.py index f9eeaea94cad1..ee942d80bdd02 100755 --- a/tools/testing/kunit/kunit_tool_test.py +++ b/tools/testing/kunit/kunit_tool_test.py @@ -258,14 +258,14 @@ class KUnitMainTest(unittest.TestCase): def test_build_passes_args_pass(self): kunit.main(['build'], self.linux_source_mock) assert self.linux_source_mock.build_reconfig.call_count == 0 - self.linux_source_mock.build_um_kernel.assert_called_once_with(False, 8, '', None) + self.linux_source_mock.build_um_kernel.assert_called_once_with(False, 8, '.kunit', None) assert self.linux_source_mock.run_kernel.call_count == 0 def test_exec_passes_args_pass(self): kunit.main(['exec'], self.linux_source_mock) assert self.linux_source_mock.build_reconfig.call_count == 0 assert self.linux_source_mock.run_kernel.call_count == 1 - self.linux_source_mock.run_kernel.assert_called_once_with(build_dir='', timeout=300) + self.linux_source_mock.run_kernel.assert_called_once_with(build_dir='.kunit', timeout=300) self.print_mock.assert_any_call(StrContains('Testing complete.')) def test_run_passes_args_pass(self): @@ -273,7 +273,7 @@ class KUnitMainTest(unittest.TestCase): assert self.linux_source_mock.build_reconfig.call_count == 1 assert self.linux_source_mock.run_kernel.call_count == 1 self.linux_source_mock.run_kernel.assert_called_once_with( - build_dir='', timeout=300) + build_dir='.kunit', timeout=300) self.print_mock.assert_any_call(StrContains('Testing complete.')) def test_exec_passes_args_fail(self): @@ -313,7 +313,7 @@ class KUnitMainTest(unittest.TestCase): def test_exec_timeout(self): timeout = 3453 kunit.main(['exec', '--timeout', str(timeout)], self.linux_source_mock) - self.linux_source_mock.run_kernel.assert_called_once_with(build_dir='', timeout=timeout) + self.linux_source_mock.run_kernel.assert_called_once_with(build_dir='.kunit', timeout=timeout) self.print_mock.assert_any_call(StrContains('Testing complete.')) def test_run_timeout(self): @@ -321,7 +321,7 @@ class KUnitMainTest(unittest.TestCase): kunit.main(['run', '--timeout', str(timeout)], self.linux_source_mock) assert self.linux_source_mock.build_reconfig.call_count == 1 self.linux_source_mock.run_kernel.assert_called_once_with( - build_dir='', timeout=timeout) + build_dir='.kunit', timeout=timeout) self.print_mock.assert_any_call(StrContains('Testing complete.')) def test_run_builddir(self): -- 2.25.1

4 years, 8 months

1
0
0 0

[PATCH AUTOSEL 5.8 57/72] seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID

by Sasha Levin

From: Kees Cook <keescook(a)chromium.org> [ Upstream commit 47e33c05f9f07cac3de833e531bcac9ae052c7ca ] When SECCOMP_IOCTL_NOTIF_ID_VALID was first introduced it had the wrong direction flag set. While this isn't a big deal as nothing currently enforces these bits in the kernel, it should be defined correctly. Fix the define and provide support for the old command until it is no longer needed for backward compatibility. Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") Signed-off-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/uapi/linux/seccomp.h | 3 ++- kernel/seccomp.c | 9 +++++++++ tools/testing/selftests/seccomp/seccomp_bpf.c | 2 +- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/include/uapi/linux/seccomp.h b/include/uapi/linux/seccomp.h index c1735455bc536..965290f7dcc28 100644 --- a/include/uapi/linux/seccomp.h +++ b/include/uapi/linux/seccomp.h @@ -123,5 +123,6 @@ struct seccomp_notif_resp { #define SECCOMP_IOCTL_NOTIF_RECV SECCOMP_IOWR(0, struct seccomp_notif) #define SECCOMP_IOCTL_NOTIF_SEND SECCOMP_IOWR(1, \ struct seccomp_notif_resp) -#define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOR(2, __u64) +#define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOW(2, __u64) + #endif /* _UAPI_LINUX_SECCOMP_H */ diff --git a/kernel/seccomp.c b/kernel/seccomp.c index d653d8426de90..c461ba9925136 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -42,6 +42,14 @@ #include <linux/uaccess.h> #include <linux/anon_inodes.h> +/* + * When SECCOMP_IOCTL_NOTIF_ID_VALID was first introduced, it had the + * wrong direction flag in the ioctl number. This is the broken one, + * which the kernel needs to keep supporting until all userspaces stop + * using the wrong command number. + */ +#define SECCOMP_IOCTL_NOTIF_ID_VALID_WRONG_DIR SECCOMP_IOR(2, __u64) + enum notify_state { SECCOMP_NOTIFY_INIT, SECCOMP_NOTIFY_SENT, @@ -1186,6 +1194,7 @@ static long seccomp_notify_ioctl(struct file *file, unsigned int cmd, return seccomp_notify_recv(filter, buf); case SECCOMP_IOCTL_NOTIF_SEND: return seccomp_notify_send(filter, buf); + case SECCOMP_IOCTL_NOTIF_ID_VALID_WRONG_DIR: case SECCOMP_IOCTL_NOTIF_ID_VALID: return seccomp_notify_id_valid(filter, buf); default: diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 252140a525531..ccf276e138829 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -180,7 +180,7 @@ struct seccomp_metadata { #define SECCOMP_IOCTL_NOTIF_RECV SECCOMP_IOWR(0, struct seccomp_notif) #define SECCOMP_IOCTL_NOTIF_SEND SECCOMP_IOWR(1, \ struct seccomp_notif_resp) -#define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOR(2, __u64) +#define SECCOMP_IOCTL_NOTIF_ID_VALID SECCOMP_IOW(2, __u64) struct seccomp_notif { __u64 id; -- 2.25.1

4 years, 8 months

1
0
0 0

[PATCH v7 0/9] Add seccomp notifier ioctl that enables adding fds

by Kees Cook

Hello! v7: - break out sock usage counting fixes into more cleanly backportable pieces - code style cleanups (christian) - clarify addfd commit log (christian) - add ..._SIZE_{VER0,LATEST} and BUILD_BUG_ON()s (christian) - remove undef (christian) - fix addfd embedded URL reference numbers v6: https://lore.kernel.org/lkml/20200706201720.3482959-1-keescook@chromium.org/ This continues the thread-merge between [1] and [2]. tl;dr: add a way for a seccomp user_notif process manager to inject files into the managed process in order to handle emulation of various fd-returning syscalls across security boundaries. Containers folks and Chrome are in need of the feature, and investigating this solution uncovered (and fixed) implementation issues with existing file sending routines. I intend to carry this in the for-next/seccomp tree, unless someone has objections. :) Please review and test! -Kees [1] https://lore.kernel.org/lkml/20200603011044.7972-1-sargun@sargun.me/ [2] https://lore.kernel.org/lkml/20200610045214.1175600-1-keescook@chromium.org/ Kees Cook (7): net/compat: Add missing sock updates for SCM_RIGHTS pidfd: Add missing sock updates for pidfd_getfd() net/scm: Regularize compat handling of scm_detach_fds() fs: Move __scm_install_fd() to __receive_fd() fs: Add receive_fd() wrapper for __receive_fd() pidfd: Replace open-coded receive_fd() fs: Expand __receive_fd() to accept existing fd Sargun Dhillon (2): seccomp: Introduce addfd ioctl to seccomp user notifier selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD fs/file.c | 57 +++++ include/linux/file.h | 19 ++ include/linux/seccomp.h | 4 + include/net/sock.h | 4 + include/uapi/linux/seccomp.h | 22 ++ kernel/pid.c | 14 +- kernel/seccomp.c | 173 ++++++++++++- net/compat.c | 55 ++--- net/core/scm.c | 50 +--- net/core/sock.c | 21 ++ tools/testing/selftests/seccomp/seccomp_bpf.c | 229 ++++++++++++++++++ 11 files changed, 566 insertions(+), 82 deletions(-) -- 2.25.1

4 years, 8 months

5
18
0 0

[PATCH 1/1] kvm: mmu: zap pages when zapping only parent

by Ben Gardon

When the KVM MMU zaps a page, it will recursively zap the unsynced child pages, but not the synced ones. This can create problems over time when running many nested guests because it leaves unlinked pages which will not be freed until the page quota is hit. With the default page quota of 20 shadow pages per 1000 guest pages, this looks like a memory leak and can degrade MMU performance. In a recent benchmark, substantial performance degradation was observed: An L1 guest was booted with 64G memory. 2G nested Windows guests were booted, 10 at a time for 20 iterations. (200 total boots) Windows was used in this benchmark because they touch all of their memory on startup. By the end of the benchmark, the nested guests were taking ~10% longer to boot. With this patch there is no degradation in boot time. Without this patch the benchmark ends with hundreds of thousands of stale EPT02 pages cluttering up rmaps and the page hash map. As a result, VM shutdown is also much slower: deleting memslot 0 was observed to take over a minute. With this patch it takes just a few miliseconds. If TDP is enabled, zap child shadow pages when zapping the only parent shadow page. Tested by running the kvm-unit-tests suite on an Intel Haswell machine. No regressions versus commit c34b26b98cac ("KVM: MIPS: clean up redundant 'kvm_run' parameters"), or warnings. Reviewed-by: Peter Shier <pshier(a)google.com> Signed-off-by: Ben Gardon <bgardon(a)google.com> --- arch/x86/kvm/mmu/mmu.c | 49 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 5 deletions(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index fa506aaaf0194..c550bc3831dcc 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -2626,13 +2626,52 @@ static bool mmu_page_zap_pte(struct kvm *kvm, struct kvm_mmu_page *sp, return false; } -static void kvm_mmu_page_unlink_children(struct kvm *kvm, - struct kvm_mmu_page *sp) +static int kvm_mmu_page_unlink_children(struct kvm *kvm, + struct kvm_mmu_page *sp, + struct list_head *invalid_list) { unsigned i; + int zapped = 0; + + for (i = 0; i < PT64_ENT_PER_PAGE; ++i) { + u64 *sptep = sp->spt + i; + u64 spte = *sptep; + struct kvm_mmu_page *child_sp; + + /* + * Zap the page table entry, unlinking any potential child + * page + */ + mmu_page_zap_pte(kvm, sp, sptep); + + /* If there is no child page for this spte, continue */ + if (!is_shadow_present_pte(spte) || + is_last_spte(spte, sp->role.level)) + continue; + + /* + * If TDP is enabled, then any shadow pages are part of either + * the EPT01 or an EPT02. In either case, do not expect the + * same pattern of page reuse seen in x86 PTs for + * copy-on-write and similar techniques. In this case, it is + * unlikely that a parentless shadow PT will be used again in + * the near future. Zap it to keep the rmaps and page hash + * maps from filling up with stale EPT02 pages. + */ + if (!tdp_enabled) + continue; + + child_sp = to_shadow_page(spte & PT64_BASE_ADDR_MASK); + if (WARN_ON_ONCE(!child_sp)) + continue; + + /* Zap the page if it has no remaining parent pages */ + if (!child_sp->parent_ptes.val) + zapped += kvm_mmu_prepare_zap_page(kvm, child_sp, + invalid_list); + } - for (i = 0; i < PT64_ENT_PER_PAGE; ++i) - mmu_page_zap_pte(kvm, sp, sp->spt + i); + return zapped; } static void kvm_mmu_unlink_parents(struct kvm *kvm, struct kvm_mmu_page *sp) @@ -2678,7 +2717,7 @@ static bool __kvm_mmu_prepare_zap_page(struct kvm *kvm, trace_kvm_mmu_prepare_zap_page(sp); ++kvm->stat.mmu_shadow_zapped; *nr_zapped = mmu_zap_unsync_children(kvm, sp, invalid_list); - kvm_mmu_page_unlink_children(kvm, sp); + *nr_zapped += kvm_mmu_page_unlink_children(kvm, sp, invalid_list); kvm_mmu_unlink_parents(kvm, sp); /* Zapping children means active_mmu_pages has become unstable. */ -- 2.28.0.rc0.142.g3c755180ce-goog

4 years, 8 months

3
4
0 0

[PATCH 0/2] module: Correctly truncate sysfs sections output

by Kees Cook

Hi, This fixes my sysfs module sections refactoring to take into account the case where the output buffer is not PAGE_SIZE. :( Thanks to 0day and trinity for noticing. I'll let this sit in -next for a few days and then send it to Linus. -Kees Kees Cook (2): module: Correctly truncate sysfs sections output selftests: splice: Check behavior of full and short splices kernel/module.c | 22 ++++++- tools/testing/selftests/splice/.gitignore | 1 + tools/testing/selftests/splice/Makefile | 4 +- tools/testing/selftests/splice/config | 1 + tools/testing/selftests/splice/settings | 1 + .../selftests/splice/short_splice_read.sh | 56 ++++++++++++++++++ tools/testing/selftests/splice/splice_read.c | 57 +++++++++++++++++++ 7 files changed, 137 insertions(+), 5 deletions(-) create mode 100644 tools/testing/selftests/splice/config create mode 100644 tools/testing/selftests/splice/settings create mode 100755 tools/testing/selftests/splice/short_splice_read.sh create mode 100644 tools/testing/selftests/splice/splice_read.c -- 2.25.1

4 years, 8 months

3
4
0 0

[PATCH v4 00/17] Introduce partial kernel_read_file() support

by Kees Cook

v4: - add more reviews (mimi, luis) - adjusted comment (mimi) - fixed build error when not building firmware tests (0day, sfr) - fixed needless .xz read (tiwai) - rebased to driver-core-next v3: https://lore.kernel.org/lkml/20200724213640.389191-1-keescook@chromium.org/ v2: lost to the ether v1: https://lore.kernel.org/lkml/20200717174309.1164575-1-keescook@chromium.org/ Hi, Here's my tree for adding partial read support in kernel_read_file(), which fixes a number of issues along the way. It's got Scott's firmware and IMA patches ported and everything tests cleanly for me (even with CONFIG_IMA_APPRAISE=y), and now appears to pass 0day. :) The intention is for this to go via Greg's tree since Scott's driver code will depend on it. Thanks, -Kees Kees Cook (13): test_firmware: Test platform fw loading on non-EFI systems fs/kernel_read_file: Remove FIRMWARE_PREALLOC_BUFFER enum fs/kernel_read_file: Remove FIRMWARE_EFI_EMBEDDED enum fs/kernel_read_file: Split into separate source file fs/kernel_read_file: Remove redundant size argument fs/kernel_read_file: Switch buffer size arg to size_t fs/kernel_read_file: Add file_size output argument LSM: Introduce kernel_post_load_data() hook firmware_loader: Use security_post_load_data() module: Call security_kernel_post_load_data() LSM: Add "contents" flag to kernel_read_file hook fs/kernel_file_read: Add "offset" arg for partial reads firmware: Store opt_flags in fw_priv Scott Branden (4): fs/kernel_read_file: Split into separate include file IMA: Add support for file reads without contents firmware: Add request_partial_firmware_into_buf() test_firmware: Test partial read support drivers/base/firmware_loader/fallback.c | 19 +- drivers/base/firmware_loader/fallback.h | 5 +- .../base/firmware_loader/fallback_platform.c | 11 +- drivers/base/firmware_loader/firmware.h | 7 +- drivers/base/firmware_loader/main.c | 135 ++++++++++--- drivers/firmware/efi/embedded-firmware.c | 21 +- drivers/firmware/efi/embedded-firmware.h | 21 ++ fs/Makefile | 3 +- fs/exec.c | 132 +----------- fs/kernel_read_file.c | 189 ++++++++++++++++++ include/linux/efi_embedded_fw.h | 13 -- include/linux/firmware.h | 12 ++ include/linux/fs.h | 39 ---- include/linux/ima.h | 19 +- include/linux/kernel_read_file.h | 55 +++++ include/linux/lsm_hook_defs.h | 6 +- include/linux/lsm_hooks.h | 12 ++ include/linux/security.h | 19 +- kernel/kexec.c | 2 +- kernel/kexec_file.c | 19 +- kernel/module.c | 24 ++- lib/test_firmware.c | 159 +++++++++++++-- security/integrity/digsig.c | 8 +- security/integrity/ima/ima_fs.c | 10 +- security/integrity/ima/ima_main.c | 70 +++++-- security/integrity/ima/ima_policy.c | 1 + security/loadpin/loadpin.c | 17 +- security/security.c | 26 ++- security/selinux/hooks.c | 8 +- .../selftests/firmware/fw_filesystem.sh | 91 +++++++++ 30 files changed, 839 insertions(+), 314 deletions(-) create mode 100644 drivers/firmware/efi/embedded-firmware.h create mode 100644 fs/kernel_read_file.c create mode 100644 include/linux/kernel_read_file.h -- 2.25.1

4 years, 8 months

5
27
0 0

[PATCH] selftests: more general make nesting support

by Greg Thelen

selftests can be built from the toplevel kernel makefile (e.g. make kselftest-all) or directly (make -C tools/testing/selftests all). The toplevel kernel makefile explicitly disables implicit rules with "MAKEFLAGS += -rR", which is passed to tools/testing/selftests. Some selftest makefiles require implicit make rules, which is why commit 67d8712dcc70 ("selftests: Fix build failures when invoked from kselftest target") reenables implicit rules by clearing MAKEFLAGS if MAKELEVEL=1. So far so good. However, if the toplevel makefile is called from an outer makefile then MAKELEVEL will be elevated, which breaks the MAKELEVEL equality test. Example wrapped makefile error: $ cat ~/Makefile all: $(MAKE) defconfig $(MAKE) kselftest-all $ make -sf ~/Makefile futex_wait_timeout.c /src/tools/testing/selftests/kselftest_harness.h /src/tools/testing/selftests/kselftest.h ../include/futextest.h ../include/atomic.h ../include/logging.h -lpthread -lrt -o /src/tools/testing/selftests/futex/functional/futex_wait_timeout make[4]: futex_wait_timeout.c: Command not found Rather than checking $(MAKELEVEL), check for $(LINK.c), which is a more direct side effect of "make -R". This enables arbitrary makefile nesting. Signed-off-by: Greg Thelen <gthelen(a)google.com> --- tools/testing/selftests/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 1195bd85af38..289a2e4b3f6f 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -84,10 +84,10 @@ endif # of the targets gets built. FORCE_TARGETS ?= -# Clear LDFLAGS and MAKEFLAGS if called from main -# Makefile to avoid test build failures when test -# Makefile doesn't have explicit build rules. -ifeq (1,$(MAKELEVEL)) +# Clear LDFLAGS and MAKEFLAGS when implicit rules are missing. This provides +# implicit rules to sub-test Makefiles which avoids build failures in test +# Makefile that don't have explicit build rules. +ifeq (,$(LINK.c)) override LDFLAGS = override MAKEFLAGS = endif -- 2.28.0.rc0.142.g3c755180ce-goog

4 years, 8 months

2
3
0 0

[GIT PULL] Kselftest update for Linux 5.9-rc1

by Shuah Khan

Hi Linus, Please pull the following Kselftest update for Linux 5.9-rc1. This Kselftest update for Linux 5.9-rc1 consists of - TAP output reporting related fixes from Paolo Bonzini and Kees Cook. These fixes make it skip reporting consistent with TAP format. - Cleanup fixes to framework run_tests from Yauheni Kaliuta diff is attached. Please note that there is a conflict in tools/testing/selftests/seccomp/seccomp_bpf.c between commit: 4c6614dc86ad ("selftests/seccomp: Check ENOSYS under tracing") from the kselftest tree and commit: 11eb004ef7ea ("selftests/seccomp: Check ENOSYS under tracing") from the seccomp tree. thanks, -- Shuah

4 years, 8 months

3
5
0 0

[PATCH 0/2] selftests: rtnetlink: Fix for false-negative return values

by Po-Hsu Lin

This patchset will address the false-negative return value issue caused by the following: 1. The return value "ret" in this script will be reset to 0 from the beginning of each sub-test in rtnetlink.sh, therefore this rtnetlink test will always pass if the last sub-test has passed. 2. The test result from two sub-tests in kci_test_encap() were not being processed, thus they will not affect the final test result of this test. Po-Hsu Lin (2): selftests: rtnetlink: correct the final return value for the test selftests: rtnetlink: make kci_test_encap() return sub-test result tools/testing/selftests/net/rtnetlink.sh | 68 +++++++++++++++++++++----------- 1 file changed, 46 insertions(+), 22 deletions(-) -- 2.7.4

4 years, 8 months

2
3
0 0

[GIT PULL] Kunit update for Linux 5.9-rc1

by Shuah Khan

Hi Linus, Please pull the Kunit update for Linux 5.9-rc1. This Kunit update for Linux 5.9-rc1 consists of: - Adds a generic kunit_resource API extending it to support resources that are passed in to kunit in addition kunit allocated resources. In addition, KUnit resources are now refcounted to avoid passed in resources being released while in use by kunit. - Add support for named resources. - Important bug fixes from Brendan Higgins and Will Chen diff is attached. thanks, -- Shuah ---------------------------------------------------------------- The following changes since commit 48778464bb7d346b47157d21ffde2af6b2d39110: Linux 5.8-rc2 (2020-06-21 15:45:29 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-kunit-5.9-rc1 for you to fetch changes up to d43c7fb05765152d4d4a39a8ef957c4ea14d8847: kunit: tool: fix improper treatment of file location (2020-07-17 14:17:49 -0600) ---------------------------------------------------------------- linux-kselftest-kunit-5.9-rc1 This Kunit update for Linux 5.9-rc1 consists of: - Adds a generic kunit_resource API extending it to support resources that are passed in to kunit in addition kunit allocated resources. In addition, KUnit resources are now refcounted to avoid passed in resources being released while in use by kunit. - Add support for named resources. - Important bug fixes from Brendan Higgins and Will Chen ---------------------------------------------------------------- Alan Maguire (2): kunit: generalize kunit_resource API beyond allocated resources kunit: add support for named resources Brendan Higgins (2): kunit: tool: fix broken default args in unit tests kunit: tool: fix improper treatment of file location David Gow (1): Documentation: kunit: Remove references to --defconfig Will Chen (1): kunit: capture stderr on all make subprocess calls Documentation/dev-tools/kunit/kunit-tool.rst | 17 +-- Documentation/dev-tools/kunit/start.rst | 2 +- include/kunit/test.h | 210 +++++++++++++++++++++++---- lib/kunit/kunit-test.c | 111 +++++++++++--- lib/kunit/string-stream.c | 14 +- lib/kunit/test.c | 171 +++++++++++++--------- tools/testing/kunit/kunit.py | 24 --- tools/testing/kunit/kunit_kernel.py | 6 +- tools/testing/kunit/kunit_tool_test.py | 14 +- 9 files changed, 396 insertions(+), 173 deletions(-) ----------------------------------------------------------------

4 years, 8 months

2
1
0 0

[PATCH] selftests/net: skip msg_zerocopy test if we have less than 4 CPUs

by Colin King

From: Colin Ian King <colin.king(a)canonical.com> The current test will exit with a failure if it cannot set affinity on specific CPUs which is problematic when running this on single CPU systems. Add a check for the number of CPUs and skip the test if the CPU requirement is not met. Signed-off-by: Colin Ian King <colin.king(a)canonical.com> --- tools/testing/selftests/net/msg_zerocopy.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/testing/selftests/net/msg_zerocopy.sh b/tools/testing/selftests/net/msg_zerocopy.sh index 825ffec85cea..97bc527e1297 100755 --- a/tools/testing/selftests/net/msg_zerocopy.sh +++ b/tools/testing/selftests/net/msg_zerocopy.sh @@ -21,6 +21,11 @@ readonly DADDR6='fd::2' readonly path_sysctl_mem="net.core.optmem_max" +if [[ $(nproc) -lt 4 ]]; then + echo "SKIP: test requires at least 4 CPUs" + exit 4 +fi + # No arguments: automated test if [[ "$#" -eq "0" ]]; then $0 4 tcp -t 1 -- 2.27.0

4 years, 8 months

5
6
0 0

[PATCH v10 0/5] KASAN-KUnit Integration

by David Gow

This patchset contains everything needed to integrate KASAN and KUnit. KUnit will be able to: (1) Fail tests when an unexpected KASAN error occurs (2) Pass tests when an expected KASAN error occurs Convert KASAN tests to KUnit with the exception of copy_user_test because KUnit is unable to test those. Add documentation on how to run the KASAN tests with KUnit and what to expect when running these tests. This patchset depends on: - "kunit: extend kunit resources API" [1] - This is already present in the kselftest/kunit branch I'd _really_ like to get this into 5.9 if possible: we also have some other changes which depend on some things here. Changes from v9: - Rebased on top of linux-next (20200731) + kselftest/kunit and [7] - Note that the kasan_rcu_uaf test has not been ported to KUnit, and remains in test_kasan_module. This is because: (a) KUnit's expect failure will not check if the RCU stacktraces show. (b) KUnit is unable to link the failure to the test, as it occurs in an RCU callback. Changes from v8: - Rebased on top of kselftest/kunit - (Which, with this patchset, should rebase cleanly on 5.8-rc7) - Renamed the KUnit test suite, config name to patch the proposed naming guidelines for KUnit tests[6] Changes from v7: - Rebased on top of kselftest/kunit - Rebased on top of v4 of the kunit resources API[1] - Rebased on top of v4 of the FORTIFY_SOURCE fix[2,3,4] - Updated the Kconfig entry to support KUNIT_ALL_TESTS Changes from v6: - Rebased on top of kselftest/kunit - Rebased on top of Daniel Axtens' fix for FORTIFY_SOURCE incompatibilites [2] - Removed a redundant report_enabled() check. - Fixed some places with out of date Kconfig names in the documentation. Changes from v5: - Split out the panic_on_warn changes to a separate patch. - Fix documentation to fewer to the new Kconfig names. - Fix some changes which were in the wrong patch. - Rebase on top of kselftest/kunit (currently identical to 5.7-rc1) Changes from v4: - KASAN no longer will panic on errors if both panic_on_warn and kasan_multishot are enabled. - As a result, the KASAN tests will no-longer disable panic_on_warn. - This also means panic_on_warn no-longer needs to be exported. - The use of temporary "kasan_data" variables has been cleaned up somewhat. - A potential refcount/resource leak should multiple KASAN errors appear during an assertion was fixed. - Some wording changes to the KASAN test Kconfig entries. Changes from v3: - KUNIT_SET_KASAN_DATA and KUNIT_DO_EXPECT_KASAN_FAIL have been combined and included in KUNIT_DO_EXPECT_KASAN_FAIL() instead. - Reordered logic in kasan_update_kunit_status() in report.c to be easier to read. - Added comment to not use the name "kasan_data" for any kunit tests outside of KUNIT_EXPECT_KASAN_FAIL(). Changes since v2: - Due to Alan's changes in [1], KUnit can be built as a module. - The name of the tests that could not be run with KUnit has been changed to be more generic: test_kasan_module. - Documentation on how to run the new KASAN tests and what to expect when running them has been added. - Some variables and functions are now static. - Now save/restore panic_on_warn in a similar way to kasan_multi_shot and renamed the init/exit functions to be more generic to accommodate. - Due to [4] in kasan_strings, kasan_memchr, and kasan_memcmp will fail if CONFIG_AMD_MEM_ENCRYPT is enabled so return early and print message explaining this circumstance. - Changed preprocessor checks to C checks where applicable. Changes since v1: - Make use of Alan Maguire's suggestion to use his patch that allows static resources for integration instead of adding a new attribute to the kunit struct - All KUNIT_EXPECT_KASAN_FAIL statements are local to each test - The definition of KUNIT_EXPECT_KASAN_FAIL is local to the test_kasan.c file since it seems this is the only place this will be used. - Integration relies on KUnit being builtin - copy_user_test has been separated into its own file since KUnit is unable to test these. This can be run as a module just as before, using CONFIG_TEST_KASAN_USER - The addition to the current task has been separated into its own patch as this is a significant enough change to be on its own. [1] https://lore.kernel.org/linux-kselftest/CAFd5g46Uu_5TG89uOm0Dj5CMq+11cwjBns… [2] https://lore.kernel.org/linux-mm/20200424145521.8203-1-dja@axtens.net/ [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [5] https://bugzilla.kernel.org/show_bug.cgi?id=206337 [6] https://lore.kernel.org/linux-kselftest/20200620054944.167330-1-davidgow@go… [7] https://lkml.org/lkml/2020/7/31/571 David Gow (1): mm: kasan: Do not panic if both panic_on_warn and kasan_multishot set Patricia Alfonso (4): Add KUnit Struct to Current Task KUnit: KASAN Integration KASAN: Port KASAN Tests to KUnit KASAN: Testing Documentation Documentation/dev-tools/kasan.rst | 70 +++ include/kunit/test.h | 5 + include/linux/kasan.h | 6 + include/linux/sched.h | 4 + lib/Kconfig.kasan | 22 +- lib/Makefile | 7 +- lib/kasan_kunit.c | 770 +++++++++++++++++++++++++ lib/kunit/test.c | 13 +- lib/test_kasan.c | 903 ------------------------------ lib/test_kasan_module.c | 111 ++++ mm/kasan/report.c | 34 +- 11 files changed, 1028 insertions(+), 917 deletions(-) create mode 100644 lib/kasan_kunit.c delete mode 100644 lib/test_kasan.c create mode 100644 lib/test_kasan_module.c -- 2.28.0.163.g6104cc2f0b6-goog

4 years, 9 months

2
9
0 0

[PATCH v5 00/12] kunit: create a centralized executor to dispatch all KUnit tests

by Brendan Higgins

## TL;DR This patchset adds a centralized executor to dispatch tests rather than relying on late_initcall to schedule each test suite separately along with a couple of new features that depend on it. ## What am I trying to do? Conceptually, I am trying to provide a mechanism by which test suites can be grouped together so that they can be reasoned about collectively. The last two of three patches in this series add features which depend on this: PATCH 09/12 Prints out a test plan[1] right before KUnit tests are run; this is valuable because it makes it possible for a test harness to detect whether the number of tests run matches the number of tests expected to be run, ensuring that no tests silently failed. The test plan includes a count of tests that will run. With the centralized executor, the tests are located in a single data structure and thus can be counted. PATCH 10/12 Add a new kernel command-line option which allows the user to specify that the kernel poweroff, halt, or reboot after completing all KUnit tests; this is very handy for running KUnit tests on UML or a VM so that the UML/VM process exits cleanly immediately after running all tests without needing a special initramfs. The centralized executor provides a definitive point when all tests have completed and the poweroff, halt, or reboot could occur. In addition, by dispatching tests from a single location, we can guarantee that all KUnit tests run after late_init is complete, which was a concern during the initial KUnit patchset review (this has not been a problem in practice, but resolving with certainty is nevertheless desirable). Other use cases for this exist, but the above features should provide an idea of the value that this could provide. ## Changes since last revision: - Fixed a compilation error in the centralized executor patch (07/12). I had forgotten to test the patches when building as modules. I verified that works now. - I accidentally merged patches 09/12 and 10/12 in the previous revision (v4), and made them separate patches again. ## Changes since v3: - On the last revision I got some messages from 0day that showed that this patchset didn't work on several architectures, one issue that this patchset addresses is that we were aligning both memory segments as well as structures in the segments to specific byte boundaries which was incorrect. - The issue mentioned above also caused me to test on additional architectures which revealed that some architectures other than UML do not use the default init linker section macro that most architectures use. There are now several new patches (2, 3, 4, and 6). - Fixed a formatting consistency issue in the kernel params documentation patch (11/12). - Add a brief blurb on how and when the kunit_test_suite macro works. ## Remaining work to be done: The only architecture for which I was able to get a compiler, but was apparently unable to get KUnit into a section that the executor to see was m68k - not sure why. Alan Maguire (1): kunit: test: create a single centralized executor for all tests Brendan Higgins (10): vmlinux.lds.h: add linker section for KUnit test suites arch: arm64: add linker section for KUnit test suites arch: microblaze: add linker section for KUnit test suites arch: powerpc: add linker section for KUnit test suites arch: um: add linker section for KUnit test suites arch: xtensa: add linker section for KUnit test suites init: main: add KUnit to kernel init kunit: test: add test plan to KUnit TAP format Documentation: Add kunit_shutdown to kernel-parameters.txt Documentation: kunit: add a brief blurb about kunit_test_suite David Gow (1): kunit: Add 'kunit_shutdown' option .../admin-guide/kernel-parameters.txt | 8 ++ Documentation/dev-tools/kunit/usage.rst | 5 ++ arch/arm64/kernel/vmlinux.lds.S | 3 + arch/microblaze/kernel/vmlinux.lds.S | 4 + arch/powerpc/kernel/vmlinux.lds.S | 4 + arch/um/include/asm/common.lds.S | 4 + arch/xtensa/kernel/vmlinux.lds.S | 4 + include/asm-generic/vmlinux.lds.h | 8 ++ include/kunit/test.h | 76 +++++++++++++----- init/main.c | 4 + lib/kunit/Makefile | 3 +- lib/kunit/executor.c | 63 +++++++++++++++ lib/kunit/test.c | 13 +-- tools/testing/kunit/kunit_kernel.py | 2 +- tools/testing/kunit/kunit_parser.py | 74 ++++++++++++++--- .../test_is_test_passed-all_passed.log | Bin 1562 -> 1567 bytes .../test_data/test_is_test_passed-crash.log | Bin 3016 -> 3021 bytes .../test_data/test_is_test_passed-failure.log | Bin 1700 -> 1705 bytes 18 files changed, 227 insertions(+), 48 deletions(-) create mode 100644 lib/kunit/executor.c These patches are available for download with dependencies here: https://kunit-review.googlesource.com/c/linux/+/3829 [1] https://github.com/isaacs/testanything.github.io/blob/tap14/tap-version-14-… [2] https://patchwork.kernel.org/patch/11383635/ base-commit: 4333a9b0b67bb4e8bcd91bdd80da80b0ec151162 prerequisite-patch-id: 2d4b5aa9fa8ada9ae04c8584b47c299a822b9455 prerequisite-patch-id: 582b6d9d28ce4b71628890ec832df6522ca68de0 -- 2.27.0.212.ge8ba1cc988-goog

4 years, 9 months

3
29
0 0

[PATCH v4 0/2] Syscall User Redirection

by Gabriel Krisman Bertazi

Hi, This is v4 of Syscall User Redirection. The implementation itself is not modified from v3, it only applies the latest round of reviews to the selftests. __NR_syscalls is not really exported in header files other than asm-generic for every architecture, so it felt safer to optionally expose it with a fallback to a high value. Also, I didn't expose tests for PR_GET as that is not currently implemented. If possible, I'd have it supported by a future patchset, since it is not immediately necessary to support this feature. Finally, one question: Which tree would this go through? Gabriel Krisman Bertazi (2): kernel: Implement selective syscall userspace redirection selftests: Add kselftest for syscall user dispatch arch/Kconfig | 20 ++ arch/x86/Kconfig | 1 + arch/x86/entry/common.c | 5 + arch/x86/include/asm/thread_info.h | 4 +- arch/x86/kernel/signal_compat.c | 2 +- fs/exec.c | 2 + include/linux/sched.h | 3 + include/linux/syscall_user_dispatch.h | 50 ++++ include/uapi/asm-generic/siginfo.h | 3 +- include/uapi/linux/prctl.h | 5 + kernel/Makefile | 1 + kernel/fork.c | 1 + kernel/sys.c | 5 + kernel/syscall_user_dispatch.c | 92 +++++++ tools/testing/selftests/Makefile | 1 + .../syscall_user_dispatch/.gitignore | 2 + .../selftests/syscall_user_dispatch/Makefile | 9 + .../selftests/syscall_user_dispatch/config | 1 + .../syscall_user_dispatch.c | 256 ++++++++++++++++++ 19 files changed, 460 insertions(+), 3 deletions(-) create mode 100644 include/linux/syscall_user_dispatch.h create mode 100644 kernel/syscall_user_dispatch.c create mode 100644 tools/testing/selftests/syscall_user_dispatch/.gitignore create mode 100644 tools/testing/selftests/syscall_user_dispatch/Makefile create mode 100644 tools/testing/selftests/syscall_user_dispatch/config create mode 100644 tools/testing/selftests/syscall_user_dispatch/syscall_user_dispatch.c -- 2.27.0

4 years, 9 months

10
20
0 0

[PATCH v2] lib: Convert test_uuid.c to KUnit

by Arpitha Raghunandan

Converts test lib/test_uuid.c to KUnit. More information about KUnit can be found at https://www.kernel.org/doc/html/latest/dev-tools/kunit/index.html. This change is beneficial as KUnit provides a common framework for unit tests in the kernel. KUnit is fast as well. Signed-off-by: Arpitha Raghunandan <98.arpi(a)gmail.com> --- Changes v1->v2: - Add a more detailed commit message lib/Kconfig.debug | 7 +-- lib/Makefile | 2 +- lib/{test_uuid.c => uuid_kunit.c} | 84 +++++++++---------------------- 3 files changed, 28 insertions(+), 65 deletions(-) rename lib/{test_uuid.c => uuid_kunit.c} (48%) diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index f174f8887ae7..330c0d1de50b 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2070,9 +2070,6 @@ config TEST_BITFIELD If unsure, say N. -config TEST_UUID - tristate "Test functions located in the uuid module at runtime" - config TEST_XARRAY tristate "Test the XArray code at runtime" @@ -2273,6 +2270,10 @@ config BITS_TEST If unsure, say N. +config UUID_KUNIT_TEST + tristate "KUnit test for functions located in the uuid module at runtime" + depends on KUNIT + config TEST_UDELAY tristate "udelay test driver" help diff --git a/lib/Makefile b/lib/Makefile index 032cc6c71a3a..62ef383c7563 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -81,7 +81,6 @@ obj-$(CONFIG_TEST_PRINTF) += test_printf.o obj-$(CONFIG_TEST_BITMAP) += test_bitmap.o obj-$(CONFIG_TEST_STRSCPY) += test_strscpy.o obj-$(CONFIG_TEST_BITFIELD) += test_bitfield.o -obj-$(CONFIG_TEST_UUID) += test_uuid.o obj-$(CONFIG_TEST_XARRAY) += test_xarray.o obj-$(CONFIG_TEST_PARMAN) += test_parman.o obj-$(CONFIG_TEST_KMOD) += test_kmod.o @@ -342,5 +341,6 @@ obj-$(CONFIG_PLDMFW) += pldmfw/ obj-$(CONFIG_LIST_KUNIT_TEST) += list-test.o obj-$(CONFIG_LINEAR_RANGES_TEST) += test_linear_ranges.o obj-$(CONFIG_BITS_TEST) += test_bits.o +obj-$(CONFIG_UUID_KUNIT_TEST) += uuid_kunit.o obj-$(CONFIG_GENERIC_LIB_DEVMEM_IS_ALLOWED) += devmem_is_allowed.o diff --git a/lib/test_uuid.c b/lib/uuid_kunit.c similarity index 48% rename from lib/test_uuid.c rename to lib/uuid_kunit.c index cd819c397dc7..f7f219ddecc2 100644 --- a/lib/test_uuid.c +++ b/lib/uuid_kunit.c @@ -3,6 +3,7 @@ */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt +#include <kunit/test.h> #include <linux/init.h> #include <linux/kernel.h> #include <linux/module.h> @@ -39,95 +40,56 @@ static const char * const test_uuid_wrong_data[] = { "0cb4ddff-a545-4401-9d06-688af53e", /* not enough data */ }; -static unsigned total_tests __initdata; -static unsigned failed_tests __initdata; - -static void __init test_uuid_failed(const char *prefix, bool wrong, bool be, - const char *data, const char *actual) -{ - pr_err("%s test #%u %s %s data: '%s'\n", - prefix, - total_tests, - wrong ? "passed on wrong" : "failed on", - be ? "BE" : "LE", - data); - if (actual && *actual) - pr_err("%s test #%u actual data: '%s'\n", - prefix, - total_tests, - actual); - failed_tests++; -} - -static void __init test_uuid_test(const struct test_uuid_data *data) +static void test_uuid_test(struct kunit *test, const struct test_uuid_data *data) { guid_t le; uuid_t be; char buf[48]; /* LE */ - total_tests++; - if (guid_parse(data->uuid, &le)) - test_uuid_failed("conversion", false, false, data->uuid, NULL); - - total_tests++; - if (!guid_equal(&data->le, &le)) { - sprintf(buf, "%pUl", &le); - test_uuid_failed("cmp", false, false, data->uuid, buf); - } + KUNIT_EXPECT_EQ(test, 0, guid_parse(data->uuid, &le)); + KUNIT_EXPECT_TRUE(test, guid_equal(&data->le, &le)); /* BE */ - total_tests++; - if (uuid_parse(data->uuid, &be)) - test_uuid_failed("conversion", false, true, data->uuid, NULL); - - total_tests++; - if (!uuid_equal(&data->be, &be)) { - sprintf(buf, "%pUb", &be); - test_uuid_failed("cmp", false, true, data->uuid, buf); - } + KUNIT_EXPECT_EQ(test, 0, uuid_parse(data->uuid, &be)); + KUNIT_EXPECT_TRUE(test, uuid_equal(&data->be, &be)); } -static void __init test_uuid_wrong(const char *data) +static void test_uuid_wrong(struct kunit *test, const char *data) { guid_t le; uuid_t be; /* LE */ - total_tests++; - if (!guid_parse(data, &le)) - test_uuid_failed("negative", true, false, data, NULL); + KUNIT_EXPECT_NE(test, 0, guid_parse(data, &le)); /* BE */ - total_tests++; - if (!uuid_parse(data, &be)) - test_uuid_failed("negative", true, true, data, NULL); + KUNIT_EXPECT_NE(test, 0, uuid_parse(data, &be)); } -static int __init test_uuid_init(void) +static void test_uuid_init(struct kunit *test) { unsigned int i; for (i = 0; i < ARRAY_SIZE(test_uuid_test_data); i++) - test_uuid_test(&test_uuid_test_data[i]); + test_uuid_test(test, &test_uuid_test_data[i]); for (i = 0; i < ARRAY_SIZE(test_uuid_wrong_data); i++) - test_uuid_wrong(test_uuid_wrong_data[i]); + test_uuid_wrong(test, test_uuid_wrong_data[i]); +} - if (failed_tests == 0) - pr_info("all %u tests passed\n", total_tests); - else - pr_err("failed %u out of %u tests\n", failed_tests, total_tests); +static struct kunit_case uuid_test_cases[] = { + KUNIT_CASE(test_uuid_init), + {} +}; - return failed_tests ? -EINVAL : 0; -} -module_init(test_uuid_init); +static struct kunit_suite uuid_test_suite = { + .name = "uuid-kunit-test", + .test_cases = uuid_test_cases, +}; + +kunit_test_suite(uuid_test_suite); -static void __exit test_uuid_exit(void) -{ - /* do nothing */ -} -module_exit(test_uuid_exit); MODULE_AUTHOR("Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>"); MODULE_LICENSE("Dual BSD/GPL"); -- 2.25.1

4 years, 9 months

2
1
0 0

[PATCH v2] lib: kunit: Convert test_sort to KUnit test

by Vitor Massaru Iha

This adds the conversion of the test_sort.c to KUnit test. Please apply this commit first (linux-kselftest/kunit-fixes): 3f37d14b8a3152441f36b6bc74000996679f0998 kunit: kunit_config: Fix parsing of CONFIG options with space Code Style Documentation: [0] Fix these warnings Reported-by lkp(a)intel.com WARNING: modpost: vmlinux.o(.data+0x4fc70): Section mismatch in reference from the variable sort_test_cases to the variable .init.text:sort_test The variable sort_test_cases references the variable __init sort_test If the reference is valid then annotate the variable with or __refdata (see linux/init.h) or name the variable WARNING: modpost: lib/sort_kunit.o(.data+0x11c): Section mismatch in reference from the variable sort_test_cases to the function .init.text:sort_test() The variable sort_test_cases references the function __init sort_test() Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> Reported-by: kernel test robot <lkp(a)intel.com> Link: [0] https://lore.kernel.org/linux-kselftest/20200620054944.167330-1-davidgow@go… --- v2: * Add Kunit Code Style reference in commit message; * Fix lkp(a)intel.com warning report; --- lib/Kconfig.debug | 26 +++++++++++++++++--------- lib/Makefile | 2 +- lib/{test_sort.c => sort_kunit.c} | 31 +++++++++++++++---------------- 3 files changed, 33 insertions(+), 26 deletions(-) rename lib/{test_sort.c => sort_kunit.c} (55%) diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 9ad9210d70a1..1fe19e78d7ca 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1874,15 +1874,6 @@ config TEST_MIN_HEAP If unsure, say N. -config TEST_SORT - tristate "Array-based sort test" - depends on DEBUG_KERNEL || m - help - This option enables the self-test function of 'sort()' at boot, - or at module load time. - - If unsure, say N. - config KPROBES_SANITY_TEST bool "Kprobes sanity tests" depends on DEBUG_KERNEL @@ -2185,6 +2176,23 @@ config LINEAR_RANGES_TEST If unsure, say N. +config SORT_KUNIT + tristate "KUnit test for Array-based sort" + depends on DEBUG_KERNEL || m + help + This option enables the KUnit function of 'sort()' at boot, + or at module load time. + + KUnit tests run during boot and output the results to the debug log + in TAP format (http://testanything.org/). Only useful for kernel devs + running the KUnit test harness, and not intended for inclusion into a + production build. + + For more information on KUnit and unit tests in general please refer + to the KUnit documentation in Documentation/dev-tools/kunit/. + + If unsure, say N. + config TEST_UDELAY tristate "udelay test driver" help diff --git a/lib/Makefile b/lib/Makefile index b1c42c10073b..c22bb13b0a08 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -77,7 +77,6 @@ obj-$(CONFIG_TEST_LKM) += test_module.o obj-$(CONFIG_TEST_VMALLOC) += test_vmalloc.o obj-$(CONFIG_TEST_OVERFLOW) += test_overflow.o obj-$(CONFIG_TEST_RHASHTABLE) += test_rhashtable.o -obj-$(CONFIG_TEST_SORT) += test_sort.o obj-$(CONFIG_TEST_USER_COPY) += test_user_copy.o obj-$(CONFIG_TEST_STATIC_KEYS) += test_static_keys.o obj-$(CONFIG_TEST_STATIC_KEYS) += test_static_key_base.o @@ -318,3 +317,4 @@ obj-$(CONFIG_OBJAGG) += objagg.o # KUnit tests obj-$(CONFIG_LIST_KUNIT_TEST) += list-test.o obj-$(CONFIG_LINEAR_RANGES_TEST) += test_linear_ranges.o +obj-$(CONFIG_SORT_KUNIT) += sort_kunit.o diff --git a/lib/test_sort.c b/lib/sort_kunit.c similarity index 55% rename from lib/test_sort.c rename to lib/sort_kunit.c index 52edbe10f2e5..602a234f1e7d 100644 --- a/lib/test_sort.c +++ b/lib/sort_kunit.c @@ -1,7 +1,6 @@ // SPDX-License-Identifier: GPL-2.0-only #include <linux/sort.h> -#include <linux/slab.h> -#include <linux/module.h> +#include <kunit/test.h> /* a simple boot-time regression test */ @@ -12,13 +11,12 @@ static int __init cmpint(const void *a, const void *b) return *(int *)a - *(int *)b; } -static int __init test_sort_init(void) +static void __init sort_test(struct kunit *test) { - int *a, i, r = 1, err = -ENOMEM; + int *a, i, r = 1; a = kmalloc_array(TEST_LEN, sizeof(*a), GFP_KERNEL); - if (!a) - return err; + KUNIT_ASSERT_FALSE_MSG(test, a == NULL, "kmalloc_array failed"); for (i = 0; i < TEST_LEN; i++) { r = (r * 725861) % 6599; @@ -27,24 +25,25 @@ static int __init test_sort_init(void) sort(a, TEST_LEN, sizeof(*a), cmpint, NULL); - err = -EINVAL; for (i = 0; i < TEST_LEN-1; i++) if (a[i] > a[i+1]) { - pr_err("test has failed\n"); + KUNIT_FAIL(test, "test has failed"); goto exit; } - err = 0; - pr_info("test passed\n"); exit: kfree(a); - return err; } -static void __exit test_sort_exit(void) -{ -} +static struct kunit_case __refdata sort_test_cases[] = { + KUNIT_CASE(sort_test), + {} +}; + +static struct kunit_suite sort_test_suite = { + .name = "sort", + .test_cases = sort_test_cases, +}; -module_init(test_sort_init); -module_exit(test_sort_exit); +kunit_test_suites(&sort_test_suite); MODULE_LICENSE("GPL"); base-commit: d43c7fb05765152d4d4a39a8ef957c4ea14d8847 -- 2.26.2

4 years, 9 months

4
6
0 0

[PATCH] selftests/powerpc: return skip code for spectre_v2

by Thadeu Lima de Souza Cascardo

When running under older versions of qemu of under newer versions with old machine types, some security features will not be reported to the guest. This will lead the guest OS to consider itself Vulnerable to spectre_v2. So, spectre_v2 test fails in such cases when the host is mitigated and miss predictions cannot be detected as expected by the test. Make it return the skip code instead, for this particular case. We don't want to miss the case when the test fails and the system reports as mitigated or not affected. But it is not a problem to miss failures when the system reports as Vulnerable. Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> --- tools/testing/selftests/powerpc/security/spectre_v2.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tools/testing/selftests/powerpc/security/spectre_v2.c b/tools/testing/selftests/powerpc/security/spectre_v2.c index 8c6b982af2a8..d5445bfd63ed 100644 --- a/tools/testing/selftests/powerpc/security/spectre_v2.c +++ b/tools/testing/selftests/powerpc/security/spectre_v2.c @@ -183,6 +183,14 @@ int spectre_v2_test(void) if (miss_percent > 15) { printf("Branch misses > 15%% unexpected in this configuration!\n"); printf("Possible mis-match between reported & actual mitigation\n"); + /* Such a mismatch may be caused by a guest system + * reporting as vulnerable when the host is mitigated. + * Return skip code to avoid detecting this as an + * error. We are not vulnerable and reporting otherwise, + * so missing such a mismatch is safe. + */ + if (state == VULNERABLE) + return 4; return 1; } break; -- 2.25.1

4 years, 9 months

2
1
0 0

[PATCH v9 0/5] KASAN-KUnit Integration

by David Gow

This patchset contains everything needed to integrate KASAN and KUnit. KUnit will be able to: (1) Fail tests when an unexpected KASAN error occurs (2) Pass tests when an expected KASAN error occurs Convert KASAN tests to KUnit with the exception of copy_user_test because KUnit is unable to test those. Add documentation on how to run the KASAN tests with KUnit and what to expect when running these tests. This patchset depends on: - "kunit: extend kunit resources API" [1] - This is already present in the kselftest/kunit branch I'd _really_ like to get this into 5.9 if possible: we also have some other changes which depend on some things here. Changes from v8: - Rebased on top of kselftest/kunit - (Which, with this patchset, should rebase cleanly on 5.8-rc7) - Renamed the KUnit test suite, config name to patch the proposed naming guidelines for KUnit tests[6] Changes from v7: - Rebased on top of kselftest/kunit - Rebased on top of v4 of the kunit resources API[1] - Rebased on top of v4 of the FORTIFY_SOURCE fix[2,3,4] - Updated the Kconfig entry to support KUNIT_ALL_TESTS Changes from v6: - Rebased on top of kselftest/kunit - Rebased on top of Daniel Axtens' fix for FORTIFY_SOURCE incompatibilites [2] - Removed a redundant report_enabled() check. - Fixed some places with out of date Kconfig names in the documentation. Changes from v5: - Split out the panic_on_warn changes to a separate patch. - Fix documentation to fewer to the new Kconfig names. - Fix some changes which were in the wrong patch. - Rebase on top of kselftest/kunit (currently identical to 5.7-rc1) Changes from v4: - KASAN no longer will panic on errors if both panic_on_warn and kasan_multishot are enabled. - As a result, the KASAN tests will no-longer disable panic_on_warn. - This also means panic_on_warn no-longer needs to be exported. - The use of temporary "kasan_data" variables has been cleaned up somewhat. - A potential refcount/resource leak should multiple KASAN errors appear during an assertion was fixed. - Some wording changes to the KASAN test Kconfig entries. Changes from v3: - KUNIT_SET_KASAN_DATA and KUNIT_DO_EXPECT_KASAN_FAIL have been combined and included in KUNIT_DO_EXPECT_KASAN_FAIL() instead. - Reordered logic in kasan_update_kunit_status() in report.c to be easier to read. - Added comment to not use the name "kasan_data" for any kunit tests outside of KUNIT_EXPECT_KASAN_FAIL(). Changes since v2: - Due to Alan's changes in [1], KUnit can be built as a module. - The name of the tests that could not be run with KUnit has been changed to be more generic: test_kasan_module. - Documentation on how to run the new KASAN tests and what to expect when running them has been added. - Some variables and functions are now static. - Now save/restore panic_on_warn in a similar way to kasan_multi_shot and renamed the init/exit functions to be more generic to accommodate. - Due to [4] in kasan_strings, kasan_memchr, and kasan_memcmp will fail if CONFIG_AMD_MEM_ENCRYPT is enabled so return early and print message explaining this circumstance. - Changed preprocessor checks to C checks where applicable. Changes since v1: - Make use of Alan Maguire's suggestion to use his patch that allows static resources for integration instead of adding a new attribute to the kunit struct - All KUNIT_EXPECT_KASAN_FAIL statements are local to each test - The definition of KUNIT_EXPECT_KASAN_FAIL is local to the test_kasan.c file since it seems this is the only place this will be used. - Integration relies on KUnit being builtin - copy_user_test has been separated into its own file since KUnit is unable to test these. This can be run as a module just as before, using CONFIG_TEST_KASAN_USER - The addition to the current task has been separated into its own patch as this is a significant enough change to be on its own. [1] https://lore.kernel.org/linux-kselftest/CAFd5g46Uu_5TG89uOm0Dj5CMq+11cwjBns… [2] https://lore.kernel.org/linux-mm/20200424145521.8203-1-dja@axtens.net/ [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [5] https://bugzilla.kernel.org/show_bug.cgi?id=206337 [6] https://lore.kernel.org/linux-kselftest/20200620054944.167330-1-davidgow@go… David Gow (1): mm: kasan: Do not panic if both panic_on_warn and kasan_multishot set Patricia Alfonso (4): Add KUnit Struct to Current Task KUnit: KASAN Integration KASAN: Port KASAN Tests to KUnit KASAN: Testing Documentation Documentation/dev-tools/kasan.rst | 70 +++ include/kunit/test.h | 5 + include/linux/kasan.h | 6 + include/linux/sched.h | 4 + lib/Kconfig.kasan | 22 +- lib/Makefile | 7 +- lib/kunit/test.c | 13 +- lib/test_kasan.c | 858 ------------------------------ mm/kasan/report.c | 34 +- 9 files changed, 147 insertions(+), 872 deletions(-) delete mode 100644 lib/test_kasan.c -- 2.28.0.163.g6104cc2f0b6-goog

4 years, 9 months

2
7
0 0

[PATCH] lib: Convert test_uuid.c to KUnit

by Arpitha Raghunandan

Converts test lib/test_uuid.c to KUnit Signed-off-by: Arpitha Raghunandan <98.arpi(a)gmail.com> --- lib/Kconfig.debug | 7 +-- lib/Makefile | 2 +- lib/{test_uuid.c => uuid_kunit.c} | 84 +++++++++---------------------- 3 files changed, 28 insertions(+), 65 deletions(-) rename lib/{test_uuid.c => uuid_kunit.c} (48%) diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index f174f8887ae7..330c0d1de50b 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2070,9 +2070,6 @@ config TEST_BITFIELD If unsure, say N. -config TEST_UUID - tristate "Test functions located in the uuid module at runtime" - config TEST_XARRAY tristate "Test the XArray code at runtime" @@ -2273,6 +2270,10 @@ config BITS_TEST If unsure, say N. +config UUID_KUNIT_TEST + tristate "KUnit test for functions located in the uuid module at runtime" + depends on KUNIT + config TEST_UDELAY tristate "udelay test driver" help diff --git a/lib/Makefile b/lib/Makefile index 032cc6c71a3a..62ef383c7563 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -81,7 +81,6 @@ obj-$(CONFIG_TEST_PRINTF) += test_printf.o obj-$(CONFIG_TEST_BITMAP) += test_bitmap.o obj-$(CONFIG_TEST_STRSCPY) += test_strscpy.o obj-$(CONFIG_TEST_BITFIELD) += test_bitfield.o -obj-$(CONFIG_TEST_UUID) += test_uuid.o obj-$(CONFIG_TEST_XARRAY) += test_xarray.o obj-$(CONFIG_TEST_PARMAN) += test_parman.o obj-$(CONFIG_TEST_KMOD) += test_kmod.o @@ -342,5 +341,6 @@ obj-$(CONFIG_PLDMFW) += pldmfw/ obj-$(CONFIG_LIST_KUNIT_TEST) += list-test.o obj-$(CONFIG_LINEAR_RANGES_TEST) += test_linear_ranges.o obj-$(CONFIG_BITS_TEST) += test_bits.o +obj-$(CONFIG_UUID_KUNIT_TEST) += uuid_kunit.o obj-$(CONFIG_GENERIC_LIB_DEVMEM_IS_ALLOWED) += devmem_is_allowed.o diff --git a/lib/test_uuid.c b/lib/uuid_kunit.c similarity index 48% rename from lib/test_uuid.c rename to lib/uuid_kunit.c index cd819c397dc7..f7f219ddecc2 100644 --- a/lib/test_uuid.c +++ b/lib/uuid_kunit.c @@ -3,6 +3,7 @@ */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt +#include <kunit/test.h> #include <linux/init.h> #include <linux/kernel.h> #include <linux/module.h> @@ -39,95 +40,56 @@ static const char * const test_uuid_wrong_data[] = { "0cb4ddff-a545-4401-9d06-688af53e", /* not enough data */ }; -static unsigned total_tests __initdata; -static unsigned failed_tests __initdata; - -static void __init test_uuid_failed(const char *prefix, bool wrong, bool be, - const char *data, const char *actual) -{ - pr_err("%s test #%u %s %s data: '%s'\n", - prefix, - total_tests, - wrong ? "passed on wrong" : "failed on", - be ? "BE" : "LE", - data); - if (actual && *actual) - pr_err("%s test #%u actual data: '%s'\n", - prefix, - total_tests, - actual); - failed_tests++; -} - -static void __init test_uuid_test(const struct test_uuid_data *data) +static void test_uuid_test(struct kunit *test, const struct test_uuid_data *data) { guid_t le; uuid_t be; char buf[48]; /* LE */ - total_tests++; - if (guid_parse(data->uuid, &le)) - test_uuid_failed("conversion", false, false, data->uuid, NULL); - - total_tests++; - if (!guid_equal(&data->le, &le)) { - sprintf(buf, "%pUl", &le); - test_uuid_failed("cmp", false, false, data->uuid, buf); - } + KUNIT_EXPECT_EQ(test, 0, guid_parse(data->uuid, &le)); + KUNIT_EXPECT_TRUE(test, guid_equal(&data->le, &le)); /* BE */ - total_tests++; - if (uuid_parse(data->uuid, &be)) - test_uuid_failed("conversion", false, true, data->uuid, NULL); - - total_tests++; - if (!uuid_equal(&data->be, &be)) { - sprintf(buf, "%pUb", &be); - test_uuid_failed("cmp", false, true, data->uuid, buf); - } + KUNIT_EXPECT_EQ(test, 0, uuid_parse(data->uuid, &be)); + KUNIT_EXPECT_TRUE(test, uuid_equal(&data->be, &be)); } -static void __init test_uuid_wrong(const char *data) +static void test_uuid_wrong(struct kunit *test, const char *data) { guid_t le; uuid_t be; /* LE */ - total_tests++; - if (!guid_parse(data, &le)) - test_uuid_failed("negative", true, false, data, NULL); + KUNIT_EXPECT_NE(test, 0, guid_parse(data, &le)); /* BE */ - total_tests++; - if (!uuid_parse(data, &be)) - test_uuid_failed("negative", true, true, data, NULL); + KUNIT_EXPECT_NE(test, 0, uuid_parse(data, &be)); } -static int __init test_uuid_init(void) +static void test_uuid_init(struct kunit *test) { unsigned int i; for (i = 0; i < ARRAY_SIZE(test_uuid_test_data); i++) - test_uuid_test(&test_uuid_test_data[i]); + test_uuid_test(test, &test_uuid_test_data[i]); for (i = 0; i < ARRAY_SIZE(test_uuid_wrong_data); i++) - test_uuid_wrong(test_uuid_wrong_data[i]); + test_uuid_wrong(test, test_uuid_wrong_data[i]); +} - if (failed_tests == 0) - pr_info("all %u tests passed\n", total_tests); - else - pr_err("failed %u out of %u tests\n", failed_tests, total_tests); +static struct kunit_case uuid_test_cases[] = { + KUNIT_CASE(test_uuid_init), + {} +}; - return failed_tests ? -EINVAL : 0; -} -module_init(test_uuid_init); +static struct kunit_suite uuid_test_suite = { + .name = "uuid-kunit-test", + .test_cases = uuid_test_cases, +}; + +kunit_test_suite(uuid_test_suite); -static void __exit test_uuid_exit(void) -{ - /* do nothing */ -} -module_exit(test_uuid_exit); MODULE_AUTHOR("Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>"); MODULE_LICENSE("Dual BSD/GPL"); -- 2.25.1

4 years, 9 months

2
4
0 0

[PATCH v4 0/6] mm/migrate: avoid device private invalidations

by Ralph Campbell

The goal for this series is to avoid device private memory TLB invalidations when migrating a range of addresses from system memory to device private memory and some of those pages have already been migrated. The approach taken is to introduce a new mmu notifier invalidation event type and use that in the device driver to skip invalidation callbacks from migrate_vma_setup(). The device driver is also then expected to handle device MMU invalidations as part of the migrate_vma_setup(), migrate_vma_pages(), migrate_vma_finalize() process. Note that this is opt-in. A device driver can simply invalidate its MMU in the mmu notifier callback and not handle MMU invalidations in the migration sequence. This series is based on Jason Gunthorpe's HMM tree (linux-5.8.0-rc4). Also, this replaces the need for the following two patches I sent: ("mm: fix migrate_vma_setup() src_owner and normal pages") https://lore.kernel.org/linux-mm/20200622222008.9971-1-rcampbell@nvidia.com ("nouveau: fix mixed normal and device private page migration") https://lore.kernel.org/lkml/20200622233854.10889-3-rcampbell@nvidia.com Changes in v4: Added reviewed-by from Bharata B Rao. Removed dead code checking for source device private page in lib/test_hmm.c dmirror_migrate_alloc_and_copy() since the source filter flag guarantees that. Added patch 6 to remove a redundant invalidation in migrate_vma_pages(). Changes in v3: Changed the direction field "dir" to a "flags" field and renamed src_owner to pgmap_owner. Fixed a locking issue in nouveau for the migration invalidation. Added a HMM selftest test case to exercise the HMM test driver invalidation changes. Removed reviewed-by Bharata B Rao since this version is moderately changed. Changes in v2: Rebase to Jason Gunthorpe's HMM tree. Added reviewed-by from Bharata B Rao. Rename the mmu_notifier_range::data field to migrate_pgmap_owner as suggested by Jason Gunthorpe. Ralph Campbell (6): nouveau: fix storing invalid ptes mm/migrate: add a flags parameter to migrate_vma mm/notifier: add migration invalidation type nouveau/svm: use the new migration invalidation mm/hmm/test: use the new migration invalidation mm/migrate: remove range invalidation in migrate_vma_pages() arch/powerpc/kvm/book3s_hv_uvmem.c | 4 +- drivers/gpu/drm/nouveau/nouveau_dmem.c | 19 ++++++-- drivers/gpu/drm/nouveau/nouveau_svm.c | 21 ++++----- drivers/gpu/drm/nouveau/nouveau_svm.h | 13 +++++- .../drm/nouveau/nvkm/subdev/mmu/vmmgp100.c | 13 ++++-- include/linux/migrate.h | 16 +++++-- include/linux/mmu_notifier.h | 7 +++ lib/test_hmm.c | 43 +++++++++---------- mm/migrate.c | 34 +++++---------- tools/testing/selftests/vm/hmm-tests.c | 18 ++++++-- 10 files changed, 112 insertions(+), 76 deletions(-) -- 2.20.1

4 years, 9 months

3
13
0 0

CFP open for testing/fuzzing microconference at LPC

by Kevin Hilman

Hello Linux testing enthusiasts, The CFP is open for the testing/fuzzing microconference[1] at Linux plumbers conference. Please submit your ideas for discussion topics usin the LPC CFP tool: https://www.linuxplumbersconf.org/event/7/abstracts/ Click "Submit new Proposal" at the bottom of the page. There are some suggested topics in the MC announcement[1], but feel free to submit ideas that are not on that list. And yes, LPC will be virtual this year as announced on the LPC blog: https://www.linuxplumbersconf.org/blog/2020/linux-plumbers-conference-2020-… The tools and logistics are being actively worked on, so stay tuned to the LPC blog for all the details. Thanks, Kevin [1] From: https://www.linuxplumbersconf.org/event/7/page/80-accepted-microconferences… The Testing and Fuzzing microconference focuses on advancing the current state of testing and validation of the Linux Kernel, with a focus on encouraging and facilitating collaboration between testing projects. Suggested Topics: Next steps for KernelCI (data formats, dashboards, etc) Structured data feeds for cross-project collaboration Integration with kernel.org tools (e.g. b4) Continued defragmentation of testing infrastructure Better sanitizers: KASAN improvements, KCSAN fallout, future plans. Better hardware testing, hardware sanitizers: how the USB fallout was handled, are there efforts to poke at something besides USB? Improving real-time testing: is there any testing for real time at all? MC leads Sasha Levin <sashal(a)kernel.org> Kevin Hilman <khilman(a)kernel.org>

4 years, 9 months

2
2
0 0

[PATCH 0/6] selftests: arm64: Add floating point selftests

by Mark Brown

This series imports a series of tests for FPSIMD and SVE originally written by Dave Martin to the tree. Since these extensions have some overlap in terms of register usage and must sometimes be tested together they're dropped into a single directory. I've adapted some of the tests to run within the kselftest framework but there are also some stress tests here that are intended to be run as soak tests so aren't suitable for running by default and are mostly just integrated with the build system. There doesn't seem to be a more suitable home for those stress tests and they are very useful for work on these areas of the code so it seems useful to have them somewhere in tree. Mark Brown (6): selftests: arm64: Test case for enumeration of SVE vector lengths selftests: arm64: Add test for the SVE ptrace interface selftests: arm64: Add stress tests for FPSMID and SVE context switching selftests: arm64: Add utility to set SVE vector lengths selftests: arm64: Add wrapper scripts for stress tests selftests: arm64: Add build and documentation for FP tests tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/fp/.gitignore | 5 + tools/testing/selftests/arm64/fp/Makefile | 17 + tools/testing/selftests/arm64/fp/README | 100 +++ .../testing/selftests/arm64/fp/asm-offsets.h | 11 + tools/testing/selftests/arm64/fp/assembler.h | 57 ++ .../testing/selftests/arm64/fp/fpsimd-stress | 60 ++ .../testing/selftests/arm64/fp/fpsimd-test.S | 482 +++++++++++++ .../selftests/arm64/fp/sve-probe-vls.c | 58 ++ .../selftests/arm64/fp/sve-ptrace-asm.S | 33 + tools/testing/selftests/arm64/fp/sve-ptrace.c | 336 +++++++++ tools/testing/selftests/arm64/fp/sve-stress | 59 ++ tools/testing/selftests/arm64/fp/sve-test.S | 672 ++++++++++++++++++ tools/testing/selftests/arm64/fp/vlset.c | 155 ++++ 14 files changed, 2046 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/arm64/fp/.gitignore create mode 100644 tools/testing/selftests/arm64/fp/Makefile create mode 100644 tools/testing/selftests/arm64/fp/README create mode 100644 tools/testing/selftests/arm64/fp/asm-offsets.h create mode 100644 tools/testing/selftests/arm64/fp/assembler.h create mode 100755 tools/testing/selftests/arm64/fp/fpsimd-stress create mode 100644 tools/testing/selftests/arm64/fp/fpsimd-test.S create mode 100644 tools/testing/selftests/arm64/fp/sve-probe-vls.c create mode 100644 tools/testing/selftests/arm64/fp/sve-ptrace-asm.S create mode 100644 tools/testing/selftests/arm64/fp/sve-ptrace.c create mode 100755 tools/testing/selftests/arm64/fp/sve-stress create mode 100644 tools/testing/selftests/arm64/fp/sve-test.S create mode 100644 tools/testing/selftests/arm64/fp/vlset.c base-commit: 9ebcfadb0610322ac537dd7aa5d9cbc2b2894c68 -- 2.20.1

4 years, 9 months

1
6
0 0

[PATCH v3 00/19] Introduce partial kernel_read_file() support

by Kees Cook

v3: - add reviews/acks - add "IMA: Add support for file reads without contents" patch - trim CC list, in case that's why vger ignored v2 v2: [missing from lkml archives! (CC list too long?) repeating changes here] - fix issues in firmware test suite - add firmware partial read patches - various bug fixes/cleanups v1: https://lore.kernel.org/lkml/20200717174309.1164575-1-keescook@chromium.org/ Hi, Here's my tree for adding partial read support in kernel_read_file(), which fixes a number of issues along the way. It's got Scott's firmware and IMA patches ported and everything tests cleanly for me (even with CONFIG_IMA_APPRAISE=y). I think the intention is for this to go via Greg's tree since Scott's driver code will depend on it? Thanks, -Kees Kees Cook (15): test_firmware: Test platform fw loading on non-EFI systems selftest/firmware: Add selftest timeout in settings firmware_loader: EFI firmware loader must handle pre-allocated buffer fs/kernel_read_file: Remove FIRMWARE_PREALLOC_BUFFER enum fs/kernel_read_file: Remove FIRMWARE_EFI_EMBEDDED enum fs/kernel_read_file: Split into separate source file fs/kernel_read_file: Remove redundant size argument fs/kernel_read_file: Switch buffer size arg to size_t fs/kernel_read_file: Add file_size output argument LSM: Introduce kernel_post_load_data() hook firmware_loader: Use security_post_load_data() module: Call security_kernel_post_load_data() LSM: Add "contents" flag to kernel_read_file hook fs/kernel_file_read: Add "offset" arg for partial reads firmware: Store opt_flags in fw_priv Scott Branden (4): fs/kernel_read_file: Split into separate include file IMA: Add support for file reads without contents firmware: Add request_partial_firmware_into_buf() test_firmware: Test partial read support drivers/base/firmware_loader/fallback.c | 19 +- drivers/base/firmware_loader/fallback.h | 5 +- .../base/firmware_loader/fallback_platform.c | 16 +- drivers/base/firmware_loader/firmware.h | 7 +- drivers/base/firmware_loader/main.c | 143 ++++++++++--- drivers/firmware/efi/embedded-firmware.c | 21 +- drivers/firmware/efi/embedded-firmware.h | 19 ++ fs/Makefile | 3 +- fs/exec.c | 132 +----------- fs/kernel_read_file.c | 189 ++++++++++++++++++ include/linux/efi_embedded_fw.h | 13 -- include/linux/firmware.h | 12 ++ include/linux/fs.h | 39 ---- include/linux/ima.h | 19 +- include/linux/kernel_read_file.h | 55 +++++ include/linux/lsm_hook_defs.h | 6 +- include/linux/lsm_hooks.h | 12 ++ include/linux/security.h | 19 +- kernel/kexec.c | 2 +- kernel/kexec_file.c | 19 +- kernel/module.c | 24 ++- lib/test_firmware.c | 159 +++++++++++++-- security/integrity/digsig.c | 8 +- security/integrity/ima/ima_fs.c | 10 +- security/integrity/ima/ima_main.c | 70 +++++-- security/integrity/ima/ima_policy.c | 1 + security/loadpin/loadpin.c | 17 +- security/security.c | 26 ++- security/selinux/hooks.c | 8 +- .../selftests/firmware/fw_filesystem.sh | 91 +++++++++ tools/testing/selftests/firmware/settings | 8 + tools/testing/selftests/kselftest/runner.sh | 6 +- 32 files changed, 860 insertions(+), 318 deletions(-) create mode 100644 drivers/firmware/efi/embedded-firmware.h create mode 100644 fs/kernel_read_file.c create mode 100644 include/linux/kernel_read_file.h create mode 100644 tools/testing/selftests/firmware/settings -- 2.25.1

4 years, 9 months

7
50
0 0

[PATCH] kunit: tool: adjust parse regex

by Marcelo Schmitt

kunit config subcommand terminates with error if .config has a configuration assigned with a string, for instance: CONFIG_CC_VERSION_TEXT="gcc (distro package version) ..." This patch adjusts the parse regex to consider such string assignments. Signed-off-by: Marcelo Schmitt <marcelo.schmitt1(a)gmail.com> --- tools/testing/kunit/kunit_config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/kunit/kunit_config.py b/tools/testing/kunit/kunit_config.py index e75063d603b5..8e55693fe812 100644 --- a/tools/testing/kunit/kunit_config.py +++ b/tools/testing/kunit/kunit_config.py @@ -10,7 +10,7 @@ import collections import re CONFIG_IS_NOT_SET_PATTERN = r'^# CONFIG_(\w+) is not set$' -CONFIG_PATTERN = r'^CONFIG_(\w+)=(\S+)$' +CONFIG_PATTERN = r'^CONFIG_(\w+)=((\S+)|(".*"))$' KconfigEntryBase = collections.namedtuple('KconfigEntry', ['name', 'value']) -- 2.27.0

4 years, 9 months

2
1
0 0

[PATCH v3 0/2] Selftest for cpuidle latency measurement

by Pratik Rajesh Sampat

v2: https://lkml.org/lkml/2020/7/17/369 Changelog v2-->v3 Based on comments from Gautham R. Shenoy adding the following in the selftest, 1. Grepping modules to determine if already loaded 2. Wrapper to enable/disable states 3. Preventing any operation/test on offlined CPUs --- The patch series introduces a mechanism to measure wakeup latency for IPI and timer based interrupts The motivation behind this series is to find significant deviations behind advertised latency and resisdency values To achieve this, we introduce a kernel module and expose its control knobs through the debugfs interface that the selftests can engage with. The kernel module provides the following interfaces within /sys/kernel/debug/latency_test/ for, 1. IPI test: ipi_cpu_dest # Destination CPU for the IPI ipi_cpu_src # Origin of the IPI ipi_latency_ns # Measured latency time in ns 2. Timeout test: timeout_cpu_src # CPU on which the timer to be queued timeout_expected_ns # Timer duration timeout_diff_ns # Difference of actual duration vs expected timer To include the module, check option and include as module kernel hacking -> Cpuidle latency selftests The selftest inserts the module, disables all the idle states and enables them one by one testing the following: 1. Keeping source CPU constant, iterates through all the CPUS measuring IPI latency for baseline (CPU is busy with "cat /dev/random > /dev/null" workload) and the when the CPU is allowed to be at rest 2. Iterating through all the CPUs, sending expected timer durations to be equivalent to the residency of the the deepest idle state enabled and extracting the difference in time between the time of wakeup and the expected timer duration Usage ----- Can be used in conjuction to the rest of the selftests. Default Output location in: tools/testing/cpuidle/cpuidle.log To run this test specifically: $ make -C tools/testing/selftests TARGETS="cpuidle" run_tests There are a few optinal arguments too that the script can take [-h <help>] [-m <location of the module>] [-o <location of the output>] Sample output snippet --------------------- --IPI Latency Test--- --Baseline IPI Latency measurement: CPU Busy-- SRC_CPU DEST_CPU IPI_Latency(ns) ... 0 8 1996 0 9 2125 0 10 1264 0 11 1788 0 12 2045 Baseline Average IPI latency(ns): 1843 ---Enabling state: 5--- SRC_CPU DEST_CPU IPI_Latency(ns) 0 8 621719 0 9 624752 0 10 622218 0 11 623968 0 12 621303 Expected IPI latency(ns): 100000 Observed Average IPI latency(ns): 622792 --Timeout Latency Test-- --Baseline Timeout Latency measurement: CPU Busy-- Wakeup_src Baseline_delay(ns) ... 8 2249 9 2226 10 2211 11 2183 12 2263 Baseline Average timeout diff(ns): 2226 ---Enabling state: 5--- 8 10749 9 10911 10 10912 11 12100 12 73276 Expected timeout(ns): 10000200 Observed Average timeout diff(ns): 23589 Pratik Rajesh Sampat (2): cpuidle: Trace IPI based and timer based wakeup latency from idle states selftest/cpuidle: Add support for cpuidle latency measurement drivers/cpuidle/Makefile | 1 + drivers/cpuidle/test-cpuidle_latency.c | 150 ++++++++++ lib/Kconfig.debug | 10 + tools/testing/selftests/Makefile | 1 + tools/testing/selftests/cpuidle/Makefile | 6 + tools/testing/selftests/cpuidle/cpuidle.sh | 310 +++++++++++++++++++++ tools/testing/selftests/cpuidle/settings | 1 + 7 files changed, 479 insertions(+) create mode 100644 drivers/cpuidle/test-cpuidle_latency.c create mode 100644 tools/testing/selftests/cpuidle/Makefile create mode 100755 tools/testing/selftests/cpuidle/cpuidle.sh create mode 100644 tools/testing/selftests/cpuidle/settings -- 2.25.4

4 years, 9 months

4
6
0 0

[PATCH] selftests: add mincore() tests

by Ricardo Cañuelo

Add a test suite for the mincore() syscall. It tests most of its use cases as well as its interface. Tests implemented: - basic interface test - behavior on anonymous mappings - behavior on anonymous mappings with huge tlb pages - file-backed mapping with a regular file - file-backed mapping with a tmpfs file Signed-off-by: Ricardo Cañuelo <ricardo.canuelo(a)collabora.com> --- Tested in next-20200727 with: make -C tools/testing/selftests and make -C tools/testing/selftests run_tests tools/testing/selftests/Makefile | 1 + tools/testing/selftests/mincore/.gitignore | 2 + tools/testing/selftests/mincore/Makefile | 6 + .../selftests/mincore/mincore_selftest.c | 361 ++++++++++++++++++ 4 files changed, 370 insertions(+) create mode 100644 tools/testing/selftests/mincore/.gitignore create mode 100644 tools/testing/selftests/mincore/Makefile create mode 100644 tools/testing/selftests/mincore/mincore_selftest.c diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index e03bc15ce731..9018f45d631d 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -32,6 +32,7 @@ TARGETS += lkdtm TARGETS += membarrier TARGETS += memfd TARGETS += memory-hotplug +TARGETS += mincore TARGETS += mount TARGETS += mqueue TARGETS += net diff --git a/tools/testing/selftests/mincore/.gitignore b/tools/testing/selftests/mincore/.gitignore new file mode 100644 index 000000000000..15c4dfc2df00 --- /dev/null +++ b/tools/testing/selftests/mincore/.gitignore @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: GPL-2.0+ +mincore_selftest diff --git a/tools/testing/selftests/mincore/Makefile b/tools/testing/selftests/mincore/Makefile new file mode 100644 index 000000000000..38c7db1e8926 --- /dev/null +++ b/tools/testing/selftests/mincore/Makefile @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: GPL-2.0+ + +CFLAGS += -Wall + +TEST_GEN_PROGS := mincore_selftest +include ../lib.mk diff --git a/tools/testing/selftests/mincore/mincore_selftest.c b/tools/testing/selftests/mincore/mincore_selftest.c new file mode 100644 index 000000000000..5a1e85ff5d32 --- /dev/null +++ b/tools/testing/selftests/mincore/mincore_selftest.c @@ -0,0 +1,361 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * kselftest suite for mincore(). + * + * Copyright (C) 2020 Collabora, Ltd. + */ + +#define _GNU_SOURCE + +#include <stdio.h> +#include <errno.h> +#include <unistd.h> +#include <stdlib.h> +#include <sys/mman.h> +#include <string.h> +#include <fcntl.h> +#include <string.h> + +#include "../kselftest.h" +#include "../kselftest_harness.h" + +/* Default test file size: 4MB */ +#define MB (1UL << 20) +#define FILE_SIZE (4 * MB) + + +/* + * Tests the user interface. This test triggers most of the documented + * error conditions in mincore(). + */ +TEST(basic_interface) +{ + int retval; + int page_size; + unsigned char vec[1]; + char *addr; + + page_size = sysconf(_SC_PAGESIZE); + + /* Query a 0 byte sized range */ + retval = mincore(0, 0, vec); + EXPECT_EQ(0, retval); + + /* Addresses in the specified range are invalid or unmapped */ + errno = 0; + retval = mincore(NULL, page_size, vec); + EXPECT_EQ(-1, retval); + EXPECT_EQ(ENOMEM, errno); + + errno = 0; + addr = mmap(NULL, page_size, PROT_READ | PROT_WRITE, + MAP_SHARED | MAP_ANONYMOUS, -1, 0); + ASSERT_NE(MAP_FAILED, addr) { + TH_LOG("mmap error: %s", strerror(errno)); + } + + /* <addr> argument is not page-aligned */ + errno = 0; + retval = mincore(addr + 1, page_size, vec); + EXPECT_EQ(-1, retval); + EXPECT_EQ(EINVAL, errno); + + /* <length> argument is too large */ + errno = 0; + retval = mincore(addr, -1, vec); + EXPECT_EQ(-1, retval); + EXPECT_EQ(ENOMEM, errno); + + /* <vec> argument points to an illegal address */ + errno = 0; + retval = mincore(addr, page_size, NULL); + EXPECT_EQ(-1, retval); + EXPECT_EQ(EFAULT, errno); + munmap(addr, page_size); +} + + +/* + * Test mincore() behavior on a private anonymous page mapping. + * Check that the page is not loaded into memory right after the mapping + * but after accessing it (on-demand allocation). + * Then free the page and check that it's not memory-resident. + */ +TEST(check_anonymous_locked_pages) +{ + unsigned char vec[1]; + char *addr; + int retval; + int page_size; + + page_size = sysconf(_SC_PAGESIZE); + + /* Map one page and check it's not memory-resident */ + errno = 0; + addr = mmap(NULL, page_size, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + ASSERT_NE(MAP_FAILED, addr) { + TH_LOG("mmap error: %s", strerror(errno)); + } + retval = mincore(addr, page_size, vec); + ASSERT_EQ(0, retval); + ASSERT_EQ(0, vec[0]) { + TH_LOG("Page found in memory before use"); + } + + /* Touch the page and check again. It should now be in memory */ + addr[0] = 1; + mlock(addr, page_size); + retval = mincore(addr, page_size, vec); + ASSERT_EQ(0, retval); + ASSERT_EQ(1, vec[0]) { + TH_LOG("Page not found in memory after use"); + } + + /* + * It shouldn't be memory-resident after unlocking it and + * marking it as unneeded. + */ + munlock(addr, page_size); + madvise(addr, page_size, MADV_DONTNEED); + retval = mincore(addr, page_size, vec); + ASSERT_EQ(0, retval); + ASSERT_EQ(0, vec[0]) { + TH_LOG("Page in memory after being zapped"); + } + munmap(addr, page_size); +} + + +/* + * Check mincore() behavior on huge pages. + * This test will be skipped if the mapping fails (ie. if there are no + * huge pages available). + * + * Make sure the system has at least one free huge page, check + * "HugePages_Free" in /proc/meminfo. + * Increment /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages if + * needed. + */ +TEST(check_huge_pages) +{ + unsigned char vec[1]; + char *addr; + int retval; + int page_size; + + page_size = sysconf(_SC_PAGESIZE); + + errno = 0; + addr = mmap(NULL, page_size, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS | MAP_HUGETLB, + -1, 0); + if (addr == MAP_FAILED) { + if (errno == ENOMEM) + SKIP(return, "No huge pages available."); + else + TH_LOG("mmap error: %s", strerror(errno)); + } + retval = mincore(addr, page_size, vec); + ASSERT_EQ(0, retval); + ASSERT_EQ(0, vec[0]) { + TH_LOG("Page found in memory before use"); + } + + addr[0] = 1; + mlock(addr, page_size); + retval = mincore(addr, page_size, vec); + ASSERT_EQ(0, retval); + ASSERT_EQ(1, vec[0]) { + TH_LOG("Page not found in memory after use"); + } + + munlock(addr, page_size); + munmap(addr, page_size); +} + + +/* + * Test mincore() behavior on a file-backed page. + * No pages should be loaded into memory right after the mapping. Then, + * accessing any address in the mapping range should load the page + * containing the address and a number of subsequent pages (readahead). + * + * The actual readahead settings depend on the test environment, so we + * can't make a lot of assumptions about that. This test covers the most + * general cases. + */ +TEST(check_file_mmap) +{ + unsigned char *vec; + int vec_size; + char *addr; + int retval; + int page_size; + int fd; + int i; + int ra_pages = 0; + + page_size = sysconf(_SC_PAGESIZE); + vec_size = FILE_SIZE / page_size; + if (FILE_SIZE % page_size) + vec_size++; + + vec = calloc(vec_size, sizeof(unsigned char)); + ASSERT_NE(NULL, vec) { + TH_LOG("Can't allocate array"); + } + + errno = 0; + fd = open(".", O_TMPFILE | O_RDWR, 0600); + ASSERT_NE(-1, fd) { + TH_LOG("Can't create temporary file: %s", + strerror(errno)); + } + errno = 0; + retval = fallocate(fd, 0, 0, FILE_SIZE); + ASSERT_EQ(0, retval) { + TH_LOG("Error allocating space for the temporary file: %s", + strerror(errno)); + } + + /* + * Map the whole file, the pages shouldn't be fetched yet. + */ + errno = 0; + addr = mmap(NULL, FILE_SIZE, PROT_READ | PROT_WRITE, + MAP_SHARED, fd, 0); + ASSERT_NE(MAP_FAILED, addr) { + TH_LOG("mmap error: %s", strerror(errno)); + } + retval = mincore(addr, FILE_SIZE, vec); + ASSERT_EQ(0, retval); + for (i = 0; i < vec_size; i++) { + ASSERT_EQ(0, vec[i]) { + TH_LOG("Unexpected page in memory"); + } + } + + /* + * Touch a page in the middle of the mapping. We expect the next + * few pages (the readahead window) to be populated too. + */ + addr[FILE_SIZE / 2] = 1; + retval = mincore(addr, FILE_SIZE, vec); + ASSERT_EQ(0, retval); + ASSERT_EQ(1, vec[FILE_SIZE / 2 / page_size]) { + TH_LOG("Page not found in memory after use"); + } + + i = FILE_SIZE / 2 / page_size + 1; + while (i < vec_size && vec[i]) { + ra_pages++; + i++; + } + EXPECT_GT(ra_pages, 0) { + TH_LOG("No read-ahead pages found in memory"); + } + + EXPECT_LT(i, vec_size) { + TH_LOG("Read-ahead pages reached the end of the file"); + } + /* + * End of the readahead window. The rest of the pages shouldn't + * be in memory. + */ + if (i < vec_size) { + while (i < vec_size && !vec[i]) + i++; + EXPECT_EQ(vec_size, i) { + TH_LOG("Unexpected page in memory beyond readahead window"); + } + } + + munmap(addr, FILE_SIZE); + close(fd); + free(vec); +} + + +/* + * Test mincore() behavior on a page backed by a tmpfs file. This test + * performs the same steps as the previous one. However, we don't expect + * any readahead in this case. + */ +TEST(check_tmpfs_mmap) +{ + unsigned char *vec; + int vec_size; + char *addr; + int retval; + int page_size; + int fd; + int i; + int ra_pages = 0; + + page_size = sysconf(_SC_PAGESIZE); + vec_size = FILE_SIZE / page_size; + if (FILE_SIZE % page_size) + vec_size++; + + vec = calloc(vec_size, sizeof(unsigned char)); + ASSERT_NE(NULL, vec) { + TH_LOG("Can't allocate array"); + } + + errno = 0; + fd = open("/dev/shm", O_TMPFILE | O_RDWR, 0600); + ASSERT_NE(-1, fd) { + TH_LOG("Can't create temporary file: %s", + strerror(errno)); + } + errno = 0; + retval = fallocate(fd, 0, 0, FILE_SIZE); + ASSERT_EQ(0, retval) { + TH_LOG("Error allocating space for the temporary file: %s", + strerror(errno)); + } + + /* + * Map the whole file, the pages shouldn't be fetched yet. + */ + errno = 0; + addr = mmap(NULL, FILE_SIZE, PROT_READ | PROT_WRITE, + MAP_SHARED, fd, 0); + ASSERT_NE(MAP_FAILED, addr) { + TH_LOG("mmap error: %s", strerror(errno)); + } + retval = mincore(addr, FILE_SIZE, vec); + ASSERT_EQ(0, retval); + for (i = 0; i < vec_size; i++) { + ASSERT_EQ(0, vec[i]) { + TH_LOG("Unexpected page in memory"); + } + } + + /* + * Touch a page in the middle of the mapping. We expect only + * that page to be fetched into memory. + */ + addr[FILE_SIZE / 2] = 1; + retval = mincore(addr, FILE_SIZE, vec); + ASSERT_EQ(0, retval); + ASSERT_EQ(1, vec[FILE_SIZE / 2 / page_size]) { + TH_LOG("Page not found in memory after use"); + } + + i = FILE_SIZE / 2 / page_size + 1; + while (i < vec_size && vec[i]) { + ra_pages++; + i++; + } + ASSERT_EQ(ra_pages, 0) { + TH_LOG("Read-ahead pages found in memory"); + } + + munmap(addr, FILE_SIZE); + close(fd); + free(vec); +} + +TEST_HARNESS_MAIN -- 2.18.0

4 years, 9 months

1
0
0 0

kunit compile failed on um

by Cixi Geng

Hi Brendan: When I run kunit test in um , it failed on kernel 5.8-rc* while succeeded in v5.7 with same configuration. is this a bug? Here is my operation: gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04) the kunitconfig: Cixi.Geng:~/git-projects/torvals-linux$ cat .kunitconfig CONFIG_KUNIT=y CONFIG_KUNIT_TEST=y CONFIG_KUNIT_EXAMPLE_TEST=y command: Cixi.Geng:~/git-projects/torvals-linux$ ./tools/testing/kunit/kunit.py run the Error log: [17:51:14] Configuring KUnit Kernel ... [17:51:14] Building KUnit Kernel ... ERROR:root:b"make[1]: \xe8\xbf\x9b\xe5\x85\xa5\xe7\x9b\xae\xe5\xbd\x95\xe2\x80\x9c/home/cixi.geng1/git-projects/torvals-linux/.kunit\xe2\x80\x9d\n/home/cixi.geng1/git-projects/torvals-linux/Makefile:551: recipe for target 'outputmakefile' failed\nmake[1]: \xe7\xa6\xbb\xe5\xbc\x80\xe7\x9b\xae\xe5\xbd\x95\xe2\x80\x9c/home/cixi.geng1/git-projects/torvals-linux/.kunit\xe2\x80\x9d\nMakefile:185: recipe for target '__sub-make' failed\n"

4 years, 9 months

2
2
0 0

[PATCH AUTOSEL 5.4 04/17] selftests: net: ip_defrag: modprobe missing nf_defrag_ipv6 support

by Sasha Levin

From: Paolo Pisati <paolo.pisati(a)canonical.com> [ Upstream commit aba69d49fb49c9166596dd78926514173b7f9ab5 ] Fix ip_defrag.sh when CONFIG_NF_DEFRAG_IPV6=m: $ sudo ./ip_defrag.sh + set -e + mktemp -u XXXXXX + readonly NETNS=ns-rGlXcw + trap cleanup EXIT + setup + ip netns add ns-rGlXcw + ip -netns ns-rGlXcw link set lo up + ip netns exec ns-rGlXcw sysctl -w net.ipv4.ipfrag_high_thresh=9000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv4.ipfrag_low_thresh=7000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv4.ipfrag_time=1 + ip netns exec ns-rGlXcw sysctl -w net.ipv6.ip6frag_high_thresh=9000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv6.ip6frag_low_thresh=7000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv6.ip6frag_time=1 + ip netns exec ns-rGlXcw sysctl -w net.netfilter.nf_conntrack_frag6_high_thresh=9000000 + cleanup + ip netns del ns-rGlXcw $ ls -la /proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh ls: cannot access '/proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh': No such file or directory $ sudo modprobe nf_defrag_ipv6 $ ls -la /proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh -rw-r--r-- 1 root root 0 Jul 14 12:34 /proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh Signed-off-by: Paolo Pisati <paolo.pisati(a)canonical.com> Reviewed-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/net/ip_defrag.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests/net/ip_defrag.sh b/tools/testing/selftests/net/ip_defrag.sh index 15d3489ecd9ce..ceb7ad4dbd945 100755 --- a/tools/testing/selftests/net/ip_defrag.sh +++ b/tools/testing/selftests/net/ip_defrag.sh @@ -6,6 +6,8 @@ set +x set -e +modprobe -q nf_defrag_ipv6 + readonly NETNS="ns-$(mktemp -u XXXXXX)" setup() { -- 2.25.1

4 years, 9 months

1
0
0 0

[PATCH AUTOSEL 5.4 02/17] selftests: fib_nexthop_multiprefix: fix cleanup() netns deletion

by Sasha Levin

From: Paolo Pisati <paolo.pisati(a)canonical.com> [ Upstream commit 651149f60376758a4759f761767965040f9e4464 ] During setup(): ... for ns in h0 r1 h1 h2 h3 do create_ns ${ns} done ... while in cleanup(): ... for n in h1 r1 h2 h3 h4 do ip netns del ${n} 2>/dev/null done ... and after removing the stderr redirection in cleanup(): $ sudo ./fib_nexthop_multiprefix.sh ... TEST: IPv4: host 0 to host 3, mtu 1400 [ OK ] TEST: IPv6: host 0 to host 3, mtu 1400 [ OK ] Cannot remove namespace file "/run/netns/h4": No such file or directory $ echo $? 1 and a non-zero return code, make kselftests fail (even if the test itself is fine): ... not ok 34 selftests: net: fib_nexthop_multiprefix.sh # exit=1 ... Signed-off-by: Paolo Pisati <paolo.pisati(a)canonical.com> Reviewed-by: David Ahern <dsahern(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/net/fib_nexthop_multiprefix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/fib_nexthop_multiprefix.sh b/tools/testing/selftests/net/fib_nexthop_multiprefix.sh index 9dc35a16e4159..51df5e305855a 100755 --- a/tools/testing/selftests/net/fib_nexthop_multiprefix.sh +++ b/tools/testing/selftests/net/fib_nexthop_multiprefix.sh @@ -144,7 +144,7 @@ setup() cleanup() { - for n in h1 r1 h2 h3 h4 + for n in h0 r1 h1 h2 h3 do ip netns del ${n} 2>/dev/null done -- 2.25.1

4 years, 9 months

1
0
0 0

[PATCH AUTOSEL 5.7 14/25] selftest: txtimestamp: fix net ns entry logic

by Sasha Levin

From: Paolo Pisati <paolo.pisati(a)canonical.com> [ Upstream commit b346c0c85892cb8c53e8715734f71ba5bbec3387 ] According to 'man 8 ip-netns', if `ip netns identify` returns an empty string, there's no net namespace associated with current PID: fix the net ns entrance logic. Signed-off-by: Paolo Pisati <paolo.pisati(a)canonical.com> Acked-by: Willem de Bruijn <willemb(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/net/txtimestamp.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/txtimestamp.sh b/tools/testing/selftests/net/txtimestamp.sh index eea6f5193693f..31637769f59f6 100755 --- a/tools/testing/selftests/net/txtimestamp.sh +++ b/tools/testing/selftests/net/txtimestamp.sh @@ -75,7 +75,7 @@ main() { fi } -if [[ "$(ip netns identify)" == "root" ]]; then +if [[ -z "$(ip netns identify)" ]]; then ./in_netns.sh $0 $@ else main $@ -- 2.25.1

4 years, 9 months

1
0
0 0

[PATCH AUTOSEL 5.7 06/25] selftests: net: ip_defrag: modprobe missing nf_defrag_ipv6 support

by Sasha Levin

From: Paolo Pisati <paolo.pisati(a)canonical.com> [ Upstream commit aba69d49fb49c9166596dd78926514173b7f9ab5 ] Fix ip_defrag.sh when CONFIG_NF_DEFRAG_IPV6=m: $ sudo ./ip_defrag.sh + set -e + mktemp -u XXXXXX + readonly NETNS=ns-rGlXcw + trap cleanup EXIT + setup + ip netns add ns-rGlXcw + ip -netns ns-rGlXcw link set lo up + ip netns exec ns-rGlXcw sysctl -w net.ipv4.ipfrag_high_thresh=9000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv4.ipfrag_low_thresh=7000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv4.ipfrag_time=1 + ip netns exec ns-rGlXcw sysctl -w net.ipv6.ip6frag_high_thresh=9000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv6.ip6frag_low_thresh=7000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv6.ip6frag_time=1 + ip netns exec ns-rGlXcw sysctl -w net.netfilter.nf_conntrack_frag6_high_thresh=9000000 + cleanup + ip netns del ns-rGlXcw $ ls -la /proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh ls: cannot access '/proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh': No such file or directory $ sudo modprobe nf_defrag_ipv6 $ ls -la /proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh -rw-r--r-- 1 root root 0 Jul 14 12:34 /proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh Signed-off-by: Paolo Pisati <paolo.pisati(a)canonical.com> Reviewed-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/net/ip_defrag.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests/net/ip_defrag.sh b/tools/testing/selftests/net/ip_defrag.sh index 15d3489ecd9ce..ceb7ad4dbd945 100755 --- a/tools/testing/selftests/net/ip_defrag.sh +++ b/tools/testing/selftests/net/ip_defrag.sh @@ -6,6 +6,8 @@ set +x set -e +modprobe -q nf_defrag_ipv6 + readonly NETNS="ns-$(mktemp -u XXXXXX)" setup() { -- 2.25.1

4 years, 9 months

1
0
0 0

[PATCH AUTOSEL 5.7 04/25] selftests: fib_nexthop_multiprefix: fix cleanup() netns deletion

by Sasha Levin

From: Paolo Pisati <paolo.pisati(a)canonical.com> [ Upstream commit 651149f60376758a4759f761767965040f9e4464 ] During setup(): ... for ns in h0 r1 h1 h2 h3 do create_ns ${ns} done ... while in cleanup(): ... for n in h1 r1 h2 h3 h4 do ip netns del ${n} 2>/dev/null done ... and after removing the stderr redirection in cleanup(): $ sudo ./fib_nexthop_multiprefix.sh ... TEST: IPv4: host 0 to host 3, mtu 1400 [ OK ] TEST: IPv6: host 0 to host 3, mtu 1400 [ OK ] Cannot remove namespace file "/run/netns/h4": No such file or directory $ echo $? 1 and a non-zero return code, make kselftests fail (even if the test itself is fine): ... not ok 34 selftests: net: fib_nexthop_multiprefix.sh # exit=1 ... Signed-off-by: Paolo Pisati <paolo.pisati(a)canonical.com> Reviewed-by: David Ahern <dsahern(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/net/fib_nexthop_multiprefix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/fib_nexthop_multiprefix.sh b/tools/testing/selftests/net/fib_nexthop_multiprefix.sh index 9dc35a16e4159..51df5e305855a 100755 --- a/tools/testing/selftests/net/fib_nexthop_multiprefix.sh +++ b/tools/testing/selftests/net/fib_nexthop_multiprefix.sh @@ -144,7 +144,7 @@ setup() cleanup() { - for n in h1 r1 h2 h3 h4 + for n in h0 r1 h1 h2 h3 do ip netns del ${n} 2>/dev/null done -- 2.25.1

4 years, 9 months

1
0
0 0

[PATCH RFC V2 00/17] PKS: Add Protection Keys Supervisor (PKS) support

by ira.weiny＠intel.com

From: Ira Weiny <ira.weiny(a)intel.com> This RFC series has been reviewed by Dave Hansen. Changes from RFC: Clean up commit messages based on Peter Zijlstra's and Dave Hansen's feedback Fix static branch anti-pattern New patch: (memremap: Convert devmap static branch to {inc,dec}) This was the code I used as a model for my static branch which I believe is wrong now. New Patch: (x86/entry: Preserve PKRS MSR through exceptions) This attempts to preserve the per-logical-processor MSR, and reference counting during exceptions. I'd really like feed back on this because I _think_ it should work but I'm afraid I'm missing something as my testing has shown a lot of spotty crashes which don't make sense to me. This patch set introduces a new page protection mechanism for supervisor pages, Protection Key Supervisor (PKS) and an initial user of them, persistent memory, PMEM. PKS enables protections on 'domains' of supervisor pages to limit supervisor mode access to those pages beyond the normal paging protections. They work in a similar fashion to user space pkeys. Like User page pkeys (PKU), supervisor pkeys are checked in addition to normal paging protections and Access or Writes can be disabled via a MSR update without TLB flushes when permissions change. A page mapping is assigned to a domain by setting a pkey in the page table entry. Unlike User pkeys no new instructions are added; rather WRMSR/RDMSR are used to update the PKRS register. XSAVE is not supported for the PKRS MSR. To reduce software complexity the implementation saves/restores the MSR across context switches but not during irqs. This is a compromise which results is a hardening of unwanted access without absolute restriction. For consistent behavior with current paging protections, pkey 0 is reserved and configured to allow full access via the pkey mechanism, thus preserving the default paging protections on mappings with the default pkey value of 0. Other keys, (1-15) are allocated by an allocator which prepares us for key contention from day one. Kernel users should be prepared for the allocator to fail either because of key exhaustion or due to PKS not being supported on the arch and/or CPU instance. Protecting against stray writes is particularly important for PMEM because, unlike writes to anonymous memory, writes to PMEM persists across a reboot. Thus data corruption could result in permanent loss of data. The following attributes of PKS makes it perfect as a mechanism to protect PMEM from stray access within the kernel: 1) Fast switching of permissions 2) Prevents access without page table manipulations 3) Works on a per thread basis 4) No TLB flushes required The second half of this series thus uses the PKS mechanism to protect PMEM from stray access. PKS is available with 4 and 5 level paging. Like PKRU is takes 4 bits from the PTE to store the pkey within the entry. Implementation details ---------------------- Modifications of task struct in patches: (x86/pks: Preserve the PKRS MSR on context switch) (memremap: Add zone device access protection) Because pkey access is per-thread 2 modifications are made to the task struct. The first is a saved copy of the MSR during context switches. The second reference counts access to the device domain to correctly handle kmap nesting properly. Maintain PKS setting in a re-entrant manner in patch: (memremap: Add zone device access protection) (x86/entry: Preserve PKRS MSR through exceptions) Using local_irq_save() seems to be the safest and fastest way to maintain kmap as re-entrant. But there may be a better way. spin_lock_irq() and atomic counters were considered. But atomic counters do not properly protect the pkey update and spin_lock_irq() would deadlock. Suggestions are welcome. Also preserving the pks state requires the exception handling code to store the ref count during exception processing. This seems like a layering violation but it works. The use of kmap in patch: (kmap: Add stray write protection for device pages) To keep general access to PMEM pages general, we piggy back on the kmap() interface as there are many places in the kernel who do not have, nor should be required to have, a priori knowledge that a page is PMEM. The modifications to the kmap code is careful to quickly determine which pages don't require special handling to reduce overhead for non PMEM pages. Breakdown of patches -------------------- Implement PKS within x86 arch: x86/pkeys: Create pkeys_internal.h x86/fpu: Refactor arch_set_user_pkey_access() for PKS support x86/pks: Enable Protection Keys Supervisor (PKS) x86/pks: Preserve the PKRS MSR on context switch x86/pks: Add PKS kernel API x86/pks: Add a debugfs file for allocated PKS keys Documentation/pkeys: Update documentation for kernel pkeys x86/pks: Add PKS Test code pre-req bug fixes for dax: fs/dax: Remove unused size parameter drivers/dax: Expand lock scope to cover the use of addresses Add stray write protection to PMEM: memremap: Add zone device access protection kmap: Add stray write protection for device pages dax: Stray write protection for dax_direct_access() nvdimm/pmem: Stray write protection for pmem->virt_addr [dax|pmem]: Enable stray write protection Fenghua Yu (4): x86/fpu: Refactor arch_set_user_pkey_access() for PKS support x86/pks: Enable Protection Keys Supervisor (PKS) x86/pks: Add PKS kernel API x86/pks: Add a debugfs file for allocated PKS keys Ira Weiny (13): x86/pkeys: Create pkeys_internal.h x86/pks: Preserve the PKRS MSR on context switch Documentation/pkeys: Update documentation for kernel pkeys x86/pks: Add PKS Test code memremap: Convert devmap static branch to {inc,dec} fs/dax: Remove unused size parameter drivers/dax: Expand lock scope to cover the use of addresses memremap: Add zone device access protection kmap: Add stray write protection for device pages dax: Stray write protection for dax_direct_access() nvdimm/pmem: Stray write protection for pmem->virt_addr [dax|pmem]: Enable stray write protection x86/entry: Preserve PKRS MSR across exceptions Documentation/core-api/protection-keys.rst | 81 +++- arch/x86/Kconfig | 1 + arch/x86/entry/common.c | 78 +++- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/idtentry.h | 2 + arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/pgtable.h | 13 +- arch/x86/include/asm/pgtable_types.h | 4 + arch/x86/include/asm/pkeys.h | 43 ++ arch/x86/include/asm/pkeys_internal.h | 36 ++ arch/x86/include/asm/processor.h | 13 + arch/x86/include/uapi/asm/processor-flags.h | 2 + arch/x86/kernel/cpu/common.c | 17 + arch/x86/kernel/fpu/xstate.c | 17 +- arch/x86/kernel/process.c | 34 ++ arch/x86/mm/fault.c | 16 +- arch/x86/mm/pkeys.c | 174 +++++++- drivers/dax/device.c | 2 + drivers/dax/super.c | 5 +- drivers/nvdimm/pmem.c | 6 + fs/dax.c | 13 +- include/linux/highmem.h | 32 +- include/linux/memremap.h | 1 + include/linux/mm.h | 33 ++ include/linux/pkeys.h | 18 + include/linux/sched.h | 3 + init/init_task.c | 3 + kernel/fork.c | 3 + lib/Kconfig.debug | 12 + lib/Makefile | 3 + lib/pks/Makefile | 3 + lib/pks/pks_test.c | 452 ++++++++++++++++++++ mm/Kconfig | 15 + mm/memremap.c | 105 ++++- tools/testing/selftests/x86/Makefile | 3 +- tools/testing/selftests/x86/test_pks.c | 65 +++ 36 files changed, 1243 insertions(+), 67 deletions(-) create mode 100644 arch/x86/include/asm/pkeys_internal.h create mode 100644 lib/pks/Makefile create mode 100644 lib/pks/pks_test.c create mode 100644 tools/testing/selftests/x86/test_pks.c -- 2.28.0.rc0.12.gb6a658bd00c9

4 years, 9 months

9
72
0 0

[PATCH v3] lib: overflow_kunit: add KUnit test conversion of check_*_overflow

by Vitor Massaru Iha

This adds the conversion of the runtime tests of check_*_overflow functions, from `lib/test_overflow.c`to KUnit tests. The log similar to the one seen in dmesg running test_overflow.c can be seen in `test.log`. Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> Tested-by: David Gow <davidgow(a)google.com> --- v2: * moved lib/test_overflow.c to lib/overflow-test.c; * back to original license; * fixed style code; * keeps __initconst and added _refdata on overflow_test_cases variable; * keeps macros intact making asserts with the variable err; * removed duplicate test_s8_overflow(); * fixed typos on commit message; v3: * changed filename to overflow_kunit.c; * replace _refdata by _inidata; * added expects/asserts on individual tests; --- lib/Kconfig.debug | 20 +++- lib/Makefile | 2 +- lib/{test_overflow.c => overflow_kunit.c} | 122 +++++++++------------- 3 files changed, 70 insertions(+), 74 deletions(-) rename lib/{test_overflow.c => overflow_kunit.c} (91%) diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 9ad9210d70a1..230aaf418dc0 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1999,9 +1999,6 @@ config TEST_UUID config TEST_XARRAY tristate "Test the XArray code at runtime" -config TEST_OVERFLOW - tristate "Test check_*_overflow() functions at runtime" - config TEST_RHASHTABLE tristate "Perform selftest on resizable hash table" help @@ -2154,6 +2151,23 @@ config SYSCTL_KUNIT_TEST If unsure, say N. +config OVERFLOW_KUNIT + tristate "KUnit test for overflow" if !KUNIT_ALL_TESTS + depends on KUNIT + default KUNIT_ALL_TESTS + help + This builds the overflow KUnit tests. + + KUnit tests run during boot and output the results to the debug log + in TAP format (http://testanything.org/). Only useful for kernel devs + running KUnit test harness and are not for inclusion into a production + build. + + For more information on KUnit and unit tests in general please refer + to the KUnit documentation in Documentation/dev-tools/kunit/. + + If unsure, say N. + config LIST_KUNIT_TEST tristate "KUnit Test for Kernel Linked-list structures" if !KUNIT_ALL_TESTS depends on KUNIT diff --git a/lib/Makefile b/lib/Makefile index b1c42c10073b..c3cf72ec6c52 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -75,7 +75,6 @@ obj-$(CONFIG_TEST_LIST_SORT) += test_list_sort.o obj-$(CONFIG_TEST_MIN_HEAP) += test_min_heap.o obj-$(CONFIG_TEST_LKM) += test_module.o obj-$(CONFIG_TEST_VMALLOC) += test_vmalloc.o -obj-$(CONFIG_TEST_OVERFLOW) += test_overflow.o obj-$(CONFIG_TEST_RHASHTABLE) += test_rhashtable.o obj-$(CONFIG_TEST_SORT) += test_sort.o obj-$(CONFIG_TEST_USER_COPY) += test_user_copy.o @@ -318,3 +317,4 @@ obj-$(CONFIG_OBJAGG) += objagg.o # KUnit tests obj-$(CONFIG_LIST_KUNIT_TEST) += list-test.o obj-$(CONFIG_LINEAR_RANGES_TEST) += test_linear_ranges.o +obj-$(CONFIG_OVERFLOW_KUNIT) += overflow_kunit.o diff --git a/lib/test_overflow.c b/lib/overflow_kunit.c similarity index 91% rename from lib/test_overflow.c rename to lib/overflow_kunit.c index 7a4b6f6c5473..475d0daeb801 100644 --- a/lib/test_overflow.c +++ b/lib/overflow_kunit.c @@ -4,14 +4,11 @@ */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt +#include <kunit/test.h> #include <linux/device.h> #include <linux/init.h> -#include <linux/kernel.h> #include <linux/mm.h> -#include <linux/module.h> #include <linux/overflow.h> -#include <linux/slab.h> -#include <linux/types.h> #include <linux/vmalloc.h> #define DEFINE_TEST_ARRAY(t) \ @@ -248,7 +245,7 @@ static int __init do_test_ ## t(const struct test_ ## t *p) \ return err; \ } \ \ -static int __init test_ ## t ## _overflow(void) { \ +static int __init test_ ## t ## _overflow(struct kunit *test) { \ int err = 0; \ unsigned i; \ \ @@ -256,6 +253,7 @@ static int __init test_ ## t ## _overflow(void) { \ ARRAY_SIZE(t ## _tests)); \ for (i = 0; i < ARRAY_SIZE(t ## _tests); ++i) \ err |= do_test_ ## t(&t ## _tests[i]); \ + KUNIT_EXPECT_FALSE(test, err); \ return err; \ } @@ -270,25 +268,25 @@ DEFINE_TEST_FUNC(u64, "%llu"); DEFINE_TEST_FUNC(s64, "%lld"); #endif -static int __init test_overflow_calculation(void) +static void __init overflow_calculation_test(struct kunit *test) { int err = 0; - err |= test_u8_overflow(); - err |= test_s8_overflow(); - err |= test_u16_overflow(); - err |= test_s16_overflow(); - err |= test_u32_overflow(); - err |= test_s32_overflow(); + err |= test_u8_overflow(test); + err |= test_s8_overflow(test); + err |= test_u16_overflow(test); + err |= test_s16_overflow(test); + err |= test_u32_overflow(test); + err |= test_s32_overflow(test); #if BITS_PER_LONG == 64 - err |= test_u64_overflow(); - err |= test_s64_overflow(); + err |= test_u64_overflow(test); + err |= test_s64_overflow(test); #endif - return err; + KUNIT_EXPECT_FALSE(test, err); } -static int __init test_overflow_shift(void) +static void __init overflow_shift_test(struct kunit *test) { int err = 0; @@ -313,9 +311,9 @@ static int __init test_overflow_shift(void) pr_warn("got %llu\n", (u64)__d); \ __failed = 1; \ } \ - if (!__failed) \ - pr_info("ok: (%s)(%s << %s) == %s\n", #t, #a, #s, \ - of ? "overflow" : #expect); \ + KUNIT_EXPECT_FALSE_MSG(test, __failed, \ + "ok: (%s)(%s << %s) == %s\n", #t, #a, #s,\ + of ? "overflow" : #expect); \ __failed; \ }) @@ -479,7 +477,7 @@ static int __init test_overflow_shift(void) err |= TEST_ONE_SHIFT(0, 31, s32, 0, false); err |= TEST_ONE_SHIFT(0, 63, s64, 0, false); - return err; + KUNIT_EXPECT_FALSE(test, err); } /* @@ -499,7 +497,7 @@ static int __init test_overflow_shift(void) #define TEST_SIZE (5 * 4096) #define DEFINE_TEST_ALLOC(func, free_func, want_arg, want_gfp, want_node)\ -static int __init test_ ## func (void *arg) \ +static int __init test_ ## func (struct kunit *test, void *arg) \ { \ volatile size_t a = TEST_SIZE; \ volatile size_t b = (SIZE_MAX / TEST_SIZE) + 1; \ @@ -507,19 +505,15 @@ static int __init test_ ## func (void *arg) \ \ /* Tiny allocation test. */ \ ptr = alloc ## want_arg ## want_gfp ## want_node (func, arg, 1);\ - if (!ptr) { \ - pr_warn(#func " failed regular allocation?!\n"); \ - return 1; \ - } \ + KUNIT_ASSERT_NOT_ERR_OR_NULL_MSG(test, ptr, \ + #func " failed regular allocation?!\n"); \ free ## want_arg (free_func, arg, ptr); \ \ /* Wrapped allocation test. */ \ ptr = alloc ## want_arg ## want_gfp ## want_node (func, arg, \ a * b); \ - if (!ptr) { \ - pr_warn(#func " unexpectedly failed bad wrapping?!\n"); \ - return 1; \ - } \ + KUNIT_ASSERT_NOT_ERR_OR_NULL_MSG(test, ptr, \ + #func " unexpectedly failed bad wrapping?!\n"); \ free ## want_arg (free_func, arg, ptr); \ \ /* Saturated allocation test. */ \ @@ -555,7 +549,7 @@ DEFINE_TEST_ALLOC(kvzalloc_node, kvfree, 0, 1, 1); DEFINE_TEST_ALLOC(devm_kmalloc, devm_kfree, 1, 1, 0); DEFINE_TEST_ALLOC(devm_kzalloc, devm_kfree, 1, 1, 0); -static int __init test_overflow_allocation(void) +static void __init overflow_allocation_test(struct kunit *test) { const char device_name[] = "overflow-test"; struct device *dev; @@ -563,52 +557,40 @@ static int __init test_overflow_allocation(void) /* Create dummy device for devm_kmalloc()-family tests. */ dev = root_device_register(device_name); - if (IS_ERR(dev)) { - pr_warn("Cannot register test device\n"); - return 1; - } - - err |= test_kmalloc(NULL); - err |= test_kmalloc_node(NULL); - err |= test_kzalloc(NULL); - err |= test_kzalloc_node(NULL); - err |= test_kvmalloc(NULL); - err |= test_kvmalloc_node(NULL); - err |= test_kvzalloc(NULL); - err |= test_kvzalloc_node(NULL); - err |= test_vmalloc(NULL); - err |= test_vmalloc_node(NULL); - err |= test_vzalloc(NULL); - err |= test_vzalloc_node(NULL); - err |= test_devm_kmalloc(dev); - err |= test_devm_kzalloc(dev); + KUNIT_ASSERT_FALSE_MSG(test, IS_ERR(dev), "Cannot register test device\n"); + + err |= test_kmalloc(test, NULL); + err |= test_kmalloc_node(test, NULL); + err |= test_kzalloc(test, NULL); + err |= test_kzalloc_node(test, NULL); + err |= test_kvmalloc(test, NULL); + err |= test_kvmalloc_node(test, NULL); + err |= test_kvzalloc(test, NULL); + err |= test_kvzalloc_node(test, NULL); + err |= test_vmalloc(test, NULL); + err |= test_vmalloc_node(test, NULL); + err |= test_vzalloc(test, NULL); + err |= test_vzalloc_node(test, NULL); + err |= test_devm_kmalloc(test, dev); + err |= test_devm_kzalloc(test, dev); device_unregister(dev); - return err; + KUNIT_EXPECT_FALSE(test, err); } -static int __init test_module_init(void) -{ - int err = 0; - - err |= test_overflow_calculation(); - err |= test_overflow_shift(); - err |= test_overflow_allocation(); - - if (err) { - pr_warn("FAIL!\n"); - err = -EINVAL; - } else { - pr_info("all tests passed\n"); - } +static struct kunit_case __initdata overflow_test_cases[] = { + KUNIT_CASE(overflow_calculation_test), + KUNIT_CASE(overflow_shift_test), + KUNIT_CASE(overflow_allocation_test), + {} +}; - return err; -} +static struct kunit_suite __initdata overflow_test_suite = { + .name = "overflow", + .test_cases = overflow_test_cases, +}; -static void __exit test_module_exit(void) -{ } +kunit_test_suites(&overflow_test_suite); -module_init(test_module_init); -module_exit(test_module_exit); MODULE_LICENSE("Dual MIT/GPL"); base-commit: c63d2dd7e134ebddce4745c51f9572b3f0d92b26 -- 2.26.2

4 years, 9 months

4
6
0 0

[PATCH] [cgroup/testing] cg_read_strcmp: Fix null pointer dereference

by Gaurav Singh

Passing NULL in strcmp will cause a segmentation fault. Fix this by returning -1 if expected is NULL pointer. Signed-off-by: Gaurav Singh <gaurav1086(a)gmail.com> --- tools/testing/selftests/cgroup/cgroup_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/cgroup/cgroup_util.c b/tools/testing/selftests/cgroup/cgroup_util.c index 8a637ca7d73a..05853b0b8831 100644 --- a/tools/testing/selftests/cgroup/cgroup_util.c +++ b/tools/testing/selftests/cgroup/cgroup_util.c @@ -106,7 +106,7 @@ int cg_read_strcmp(const char *cgroup, const char *control, /* Handle the case of comparing against empty string */ if (!expected) - size = 32; + return -1; else size = strlen(expected) + 1; -- 2.17.1

4 years, 9 months

2
2
0 0

[PATCH] lib: kunit: Convert test_sort to KUnit test

by Vitor Massaru Iha

This adds the conversion of the test_sort.c to KUnit test. Please apply this commit first (linux-kselftest/kunit-fixes): 3f37d14b8a3152441f36b6bc74000996679f0998 kunit: kunit_config: Fix parsing of CONFIG options with space Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> --- lib/Kconfig.debug | 26 +++++++++++++++++--------- lib/Makefile | 2 +- lib/{test_sort.c => sort_kunit.c} | 31 +++++++++++++++---------------- 3 files changed, 33 insertions(+), 26 deletions(-) rename lib/{test_sort.c => sort_kunit.c} (55%) diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 9ad9210d70a1..1fe19e78d7ca 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1874,15 +1874,6 @@ config TEST_MIN_HEAP If unsure, say N. -config TEST_SORT - tristate "Array-based sort test" - depends on DEBUG_KERNEL || m - help - This option enables the self-test function of 'sort()' at boot, - or at module load time. - - If unsure, say N. - config KPROBES_SANITY_TEST bool "Kprobes sanity tests" depends on DEBUG_KERNEL @@ -2185,6 +2176,23 @@ config LINEAR_RANGES_TEST If unsure, say N. +config SORT_KUNIT + tristate "KUnit test for Array-based sort" + depends on DEBUG_KERNEL || m + help + This option enables the KUnit function of 'sort()' at boot, + or at module load time. + + KUnit tests run during boot and output the results to the debug log + in TAP format (http://testanything.org/). Only useful for kernel devs + running the KUnit test harness, and not intended for inclusion into a + production build. + + For more information on KUnit and unit tests in general please refer + to the KUnit documentation in Documentation/dev-tools/kunit/. + + If unsure, say N. + config TEST_UDELAY tristate "udelay test driver" help diff --git a/lib/Makefile b/lib/Makefile index b1c42c10073b..c22bb13b0a08 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -77,7 +77,6 @@ obj-$(CONFIG_TEST_LKM) += test_module.o obj-$(CONFIG_TEST_VMALLOC) += test_vmalloc.o obj-$(CONFIG_TEST_OVERFLOW) += test_overflow.o obj-$(CONFIG_TEST_RHASHTABLE) += test_rhashtable.o -obj-$(CONFIG_TEST_SORT) += test_sort.o obj-$(CONFIG_TEST_USER_COPY) += test_user_copy.o obj-$(CONFIG_TEST_STATIC_KEYS) += test_static_keys.o obj-$(CONFIG_TEST_STATIC_KEYS) += test_static_key_base.o @@ -318,3 +317,4 @@ obj-$(CONFIG_OBJAGG) += objagg.o # KUnit tests obj-$(CONFIG_LIST_KUNIT_TEST) += list-test.o obj-$(CONFIG_LINEAR_RANGES_TEST) += test_linear_ranges.o +obj-$(CONFIG_SORT_KUNIT) += sort_kunit.o diff --git a/lib/test_sort.c b/lib/sort_kunit.c similarity index 55% rename from lib/test_sort.c rename to lib/sort_kunit.c index 52edbe10f2e5..03ba1cf1285c 100644 --- a/lib/test_sort.c +++ b/lib/sort_kunit.c @@ -1,7 +1,6 @@ // SPDX-License-Identifier: GPL-2.0-only #include <linux/sort.h> -#include <linux/slab.h> -#include <linux/module.h> +#include <kunit/test.h> /* a simple boot-time regression test */ @@ -12,13 +11,12 @@ static int __init cmpint(const void *a, const void *b) return *(int *)a - *(int *)b; } -static int __init test_sort_init(void) +static void __init sort_test(struct kunit *test) { - int *a, i, r = 1, err = -ENOMEM; + int *a, i, r = 1; a = kmalloc_array(TEST_LEN, sizeof(*a), GFP_KERNEL); - if (!a) - return err; + KUNIT_ASSERT_FALSE_MSG(test, a == NULL, "kmalloc_array failed"); for (i = 0; i < TEST_LEN; i++) { r = (r * 725861) % 6599; @@ -27,24 +25,25 @@ static int __init test_sort_init(void) sort(a, TEST_LEN, sizeof(*a), cmpint, NULL); - err = -EINVAL; for (i = 0; i < TEST_LEN-1; i++) if (a[i] > a[i+1]) { - pr_err("test has failed\n"); + KUNIT_FAIL(test, "test has failed"); goto exit; } - err = 0; - pr_info("test passed\n"); exit: kfree(a); - return err; } -static void __exit test_sort_exit(void) -{ -} +static struct kunit_case sort_test_cases[] = { + KUNIT_CASE(sort_test), + {} +}; + +static struct kunit_suite sort_test_suite = { + .name = "sort", + .test_cases = sort_test_cases, +}; -module_init(test_sort_init); -module_exit(test_sort_exit); +kunit_test_suites(&sort_test_suite); MODULE_LICENSE("GPL"); base-commit: d43c7fb05765152d4d4a39a8ef957c4ea14d8847 -- 2.26.2

4 years, 9 months

3
4
0 0

[PATCH v2 1/2] kbuild: introduce ccflags-remove-y and asflags-remove-y

by Masahiro Yamada

CFLAGS_REMOVE_<file>.o filters out flags when compiling a particular object, but there is no convenient way to do that for every object in a directory. Add ccflags-remove-y and asflags-remove-y to make it easily. Use ccflags-remove-y to clean up some Makefiles. The add/remove order works as follows: [1] KBUILD_CFLAGS specifies compiler flags used globally [2] ccflags-y adds compiler flags for all objects in the current Makefile [3] ccflags-remove-y removes compiler flags for all objects in the current Makefile (New feature) [4] CFLAGS_<file> adds compiler flags per file. [5] CFLAGS_REMOVE_<file> removes compiler flags per file. Having [3] before [4] allows us to remove flags from most (but not all) objects in the current Makefile. For example, kernel/trace/Makefile removes $(CC_FLAGS_FTRACE) from all objects in the directory, then adds it back to trace_selftest_dynamic.o and CFLAGS_trace_kprobe_selftest.o Please note ccflags-remove-y has no effect to the sub-directories. In contrast, the previous notation got rid of compiler flags also from all the sub-directories. arch/arm/boot/compressed/ arch/powerpc/xmon/ arch/sh/ kernel/trace/ ... have no sub-directories. lib/ ... has several sub-directories. To keep the behavior, I added ccflags-remove-y to all Makefiles in subdirectories of lib/, except: lib/vdso/Makefile - Kbuild does not descend into this Makefile lib/raid/test/Makefile - This is not used for the kernel build I think commit 2464a609ded0 ("ftrace: do not trace library functions") excluded too much. In later commit, I will try to remove ccflags-remove-y from sub-directory Makefiles. Suggested-by: Sami Tolvanen <samitolvanen(a)google.com> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> Acked-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Acked-by: Michael Ellerman <mpe(a)ellerman.id.au> (powerpc) --- Changes in v2: - Swap the order of [3] and [4] to keep the current behavior of kernel/trace/Makefile. - Add ccflags-remove-y to subdir Makefiles of lib/ Documentation/kbuild/makefiles.rst | 14 ++++++++++++++ arch/arm/boot/compressed/Makefile | 6 +----- arch/powerpc/xmon/Makefile | 3 +-- arch/sh/boot/compressed/Makefile | 5 +---- kernel/trace/Makefile | 4 ++-- lib/842/Makefile | 3 +++ lib/Makefile | 5 +---- lib/crypto/Makefile | 2 ++ lib/dim/Makefile | 2 ++ lib/fonts/Makefile | 2 ++ lib/kunit/Makefile | 3 +++ lib/livepatch/Makefile | 2 ++ lib/lz4/Makefile | 1 + lib/lzo/Makefile | 2 ++ lib/math/Makefile | 2 ++ lib/mpi/Makefile | 2 ++ lib/raid6/Makefile | 3 +++ lib/reed_solomon/Makefile | 2 ++ lib/xz/Makefile | 3 +++ lib/zlib_deflate/Makefile | 2 ++ lib/zlib_dfltcc/Makefile | 2 ++ lib/zlib_inflate/Makefile | 2 ++ lib/zstd/Makefile | 1 + scripts/Makefile.lib | 14 ++++++++------ 24 files changed, 64 insertions(+), 23 deletions(-) diff --git a/Documentation/kbuild/makefiles.rst b/Documentation/kbuild/makefiles.rst index 6515ebc12b6f..14d8e7d23c04 100644 --- a/Documentation/kbuild/makefiles.rst +++ b/Documentation/kbuild/makefiles.rst @@ -368,6 +368,14 @@ more details, with real examples. subdir-ccflags-y := -Werror + ccflags-remove-y, asflags-remove-y + These flags are used to remove particular flags for the compiler, + assembler invocations. + + Example:: + + ccflags-remove-$(CONFIG_MCOUNT) += -pg + CFLAGS_$@, AFLAGS_$@ CFLAGS_$@ and AFLAGS_$@ only apply to commands in current kbuild makefile. @@ -375,6 +383,9 @@ more details, with real examples. $(CFLAGS_$@) specifies per-file options for $(CC). The $@ part has a literal value which specifies the file that it is for. + CFLAGS_$@ has the higher priority than ccflags-remove-y; CFLAGS_$@ + can re-add compiler flags that were removed by ccflags-remove-y. + Example:: # drivers/scsi/Makefile @@ -387,6 +398,9 @@ more details, with real examples. $(AFLAGS_$@) is a similar feature for source files in assembly languages. + AFLAGS_$@ has the higher priority than asflags-remove-y; AFLAGS_$@ + can re-add assembler flags that were removed by asflags-remove-y. + Example:: # arch/arm/kernel/Makefile diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile index 00602a6fba04..3d5691b23951 100644 --- a/arch/arm/boot/compressed/Makefile +++ b/arch/arm/boot/compressed/Makefile @@ -103,13 +103,9 @@ clean-files += piggy_data lib1funcs.S ashldi3.S bswapsdi2.S hyp-stub.S KBUILD_CFLAGS += -DDISABLE_BRANCH_PROFILING -ifeq ($(CONFIG_FUNCTION_TRACER),y) -ORIG_CFLAGS := $(KBUILD_CFLAGS) -KBUILD_CFLAGS = $(subst -pg, , $(ORIG_CFLAGS)) -endif - ccflags-y := -fpic $(call cc-option,-mno-single-pic-base,) -fno-builtin \ -I$(obj) $(DISABLE_ARM_SSP_PER_TASK_PLUGIN) +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += -pg asflags-y := -DZIMAGE # Supply kernel BSS size to the decompressor via a linker symbol. diff --git a/arch/powerpc/xmon/Makefile b/arch/powerpc/xmon/Makefile index 89c76ca35640..eb25d7554ffd 100644 --- a/arch/powerpc/xmon/Makefile +++ b/arch/powerpc/xmon/Makefile @@ -7,8 +7,7 @@ UBSAN_SANITIZE := n KASAN_SANITIZE := n # Disable ftrace for the entire directory -ORIG_CFLAGS := $(KBUILD_CFLAGS) -KBUILD_CFLAGS = $(subst $(CC_FLAGS_FTRACE),,$(ORIG_CFLAGS)) +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) ifdef CONFIG_CC_IS_CLANG # clang stores addresses on the stack causing the frame size to blow diff --git a/arch/sh/boot/compressed/Makefile b/arch/sh/boot/compressed/Makefile index ad0e2403e56f..589d2d8a573d 100644 --- a/arch/sh/boot/compressed/Makefile +++ b/arch/sh/boot/compressed/Makefile @@ -28,10 +28,7 @@ IMAGE_OFFSET := $(shell /bin/bash -c 'printf "0x%08x" \ $(CONFIG_BOOT_LINK_OFFSET)]') endif -ifeq ($(CONFIG_MCOUNT),y) -ORIG_CFLAGS := $(KBUILD_CFLAGS) -KBUILD_CFLAGS = $(subst -pg, , $(ORIG_CFLAGS)) -endif +ccflags-remove-$(CONFIG_MCOUNT) += -pg LDFLAGS_vmlinux := --oformat $(ld-bfd) -Ttext $(IMAGE_OFFSET) -e startup \ -T $(obj)/../../kernel/vmlinux.lds diff --git a/kernel/trace/Makefile b/kernel/trace/Makefile index 6575bb0a0434..7492844a8b1b 100644 --- a/kernel/trace/Makefile +++ b/kernel/trace/Makefile @@ -2,9 +2,9 @@ # Do not instrument the tracer itself: +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + ifdef CONFIG_FUNCTION_TRACER -ORIG_CFLAGS := $(KBUILD_CFLAGS) -KBUILD_CFLAGS = $(subst $(CC_FLAGS_FTRACE),,$(ORIG_CFLAGS)) # Avoid recursion due to instrumentation. KCSAN_SANITIZE := n diff --git a/lib/842/Makefile b/lib/842/Makefile index 6f7aad269288..b815e824ae37 100644 --- a/lib/842/Makefile +++ b/lib/842/Makefile @@ -1,3 +1,6 @@ # SPDX-License-Identifier: GPL-2.0-only + +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + obj-$(CONFIG_842_COMPRESS) += 842_compress.o obj-$(CONFIG_842_DECOMPRESS) += 842_decompress.o diff --git a/lib/Makefile b/lib/Makefile index b1c42c10073b..b2ed4beddd68 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -3,10 +3,7 @@ # Makefile for some libs needed in the kernel. # -ifdef CONFIG_FUNCTION_TRACER -ORIG_CFLAGS := $(KBUILD_CFLAGS) -KBUILD_CFLAGS = $(subst $(CC_FLAGS_FTRACE),,$(ORIG_CFLAGS)) -endif +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) # These files are disabled because they produce lots of non-interesting and/or # flaky coverage that is not a function of syscall inputs. For example, diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index 3a435629d9ce..b557ef0b07c2 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -1,5 +1,7 @@ # SPDX-License-Identifier: GPL-2.0 +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + # chacha is used by the /dev/random driver which is always builtin obj-y += chacha.o obj-$(CONFIG_CRYPTO_LIB_CHACHA_GENERIC) += libchacha.o diff --git a/lib/dim/Makefile b/lib/dim/Makefile index 1d6858a108cb..97fc3e89d34e 100644 --- a/lib/dim/Makefile +++ b/lib/dim/Makefile @@ -2,6 +2,8 @@ # DIM Dynamic Interrupt Moderation library # +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + obj-$(CONFIG_DIMLIB) += dim.o dim-y := dim.o net_dim.o rdma_dim.o diff --git a/lib/fonts/Makefile b/lib/fonts/Makefile index ed95070860de..f951750c179e 100644 --- a/lib/fonts/Makefile +++ b/lib/fonts/Makefile @@ -1,6 +1,8 @@ # SPDX-License-Identifier: GPL-2.0 # Font handling +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + font-objs := fonts.o font-objs-$(CONFIG_FONT_SUN8x16) += font_sun8x16.o diff --git a/lib/kunit/Makefile b/lib/kunit/Makefile index 724b94311ca3..8c847557ab24 100644 --- a/lib/kunit/Makefile +++ b/lib/kunit/Makefile @@ -1,3 +1,6 @@ + +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + obj-$(CONFIG_KUNIT) += kunit.o kunit-objs += test.o \ diff --git a/lib/livepatch/Makefile b/lib/livepatch/Makefile index 295b94bff370..9abdf615b088 100644 --- a/lib/livepatch/Makefile +++ b/lib/livepatch/Makefile @@ -2,6 +2,8 @@ # # Makefile for livepatch test code. +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + obj-$(CONFIG_TEST_LIVEPATCH) += test_klp_atomic_replace.o \ test_klp_callbacks_demo.o \ test_klp_callbacks_demo2.o \ diff --git a/lib/lz4/Makefile b/lib/lz4/Makefile index 5b42242afaa2..53da4cab7015 100644 --- a/lib/lz4/Makefile +++ b/lib/lz4/Makefile @@ -1,5 +1,6 @@ # SPDX-License-Identifier: GPL-2.0-only ccflags-y += -O3 +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) obj-$(CONFIG_LZ4_COMPRESS) += lz4_compress.o obj-$(CONFIG_LZ4HC_COMPRESS) += lz4hc_compress.o diff --git a/lib/lzo/Makefile b/lib/lzo/Makefile index 2f58fafbbddd..9565a555275b 100644 --- a/lib/lzo/Makefile +++ b/lib/lzo/Makefile @@ -1,4 +1,6 @@ # SPDX-License-Identifier: GPL-2.0-only +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + lzo_compress-objs := lzo1x_compress.o lzo_decompress-objs := lzo1x_decompress_safe.o diff --git a/lib/math/Makefile b/lib/math/Makefile index be6909e943bd..49aa50e28185 100644 --- a/lib/math/Makefile +++ b/lib/math/Makefile @@ -1,4 +1,6 @@ # SPDX-License-Identifier: GPL-2.0-only +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + obj-y += div64.o gcd.o lcm.o int_pow.o int_sqrt.o reciprocal_div.o obj-$(CONFIG_CORDIC) += cordic.o diff --git a/lib/mpi/Makefile b/lib/mpi/Makefile index d5874a7f5ff9..df7883521619 100644 --- a/lib/mpi/Makefile +++ b/lib/mpi/Makefile @@ -3,6 +3,8 @@ # MPI multiprecision maths library (from gpg) # +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + obj-$(CONFIG_MPILIB) = mpi.o mpi-y = \ diff --git a/lib/raid6/Makefile b/lib/raid6/Makefile index b4c0df6d706d..3482d6ae3f3b 100644 --- a/lib/raid6/Makefile +++ b/lib/raid6/Makefile @@ -1,4 +1,7 @@ # SPDX-License-Identifier: GPL-2.0 + +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + obj-$(CONFIG_RAID6_PQ) += raid6_pq.o raid6_pq-y += algos.o recov.o tables.o int1.o int2.o int4.o \ diff --git a/lib/reed_solomon/Makefile b/lib/reed_solomon/Makefile index 5d4fa68f26cb..a5c9defdac7f 100644 --- a/lib/reed_solomon/Makefile +++ b/lib/reed_solomon/Makefile @@ -3,5 +3,7 @@ # This is a modified version of reed solomon lib, # +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + obj-$(CONFIG_REED_SOLOMON) += reed_solomon.o obj-$(CONFIG_REED_SOLOMON_TEST) += test_rslib.o diff --git a/lib/xz/Makefile b/lib/xz/Makefile index fa6af814a8d1..fae9b6c7c389 100644 --- a/lib/xz/Makefile +++ b/lib/xz/Makefile @@ -1,4 +1,7 @@ # SPDX-License-Identifier: GPL-2.0-only + +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + obj-$(CONFIG_XZ_DEC) += xz_dec.o xz_dec-y := xz_dec_syms.o xz_dec_stream.o xz_dec_lzma2.o xz_dec-$(CONFIG_XZ_DEC_BCJ) += xz_dec_bcj.o diff --git a/lib/zlib_deflate/Makefile b/lib/zlib_deflate/Makefile index 2622e03c0b94..1fcefe73536f 100644 --- a/lib/zlib_deflate/Makefile +++ b/lib/zlib_deflate/Makefile @@ -7,6 +7,8 @@ # decompression code. # +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + obj-$(CONFIG_ZLIB_DEFLATE) += zlib_deflate.o zlib_deflate-objs := deflate.o deftree.o deflate_syms.o diff --git a/lib/zlib_dfltcc/Makefile b/lib/zlib_dfltcc/Makefile index 8e4d5afbbb10..7a8067f6e772 100644 --- a/lib/zlib_dfltcc/Makefile +++ b/lib/zlib_dfltcc/Makefile @@ -6,6 +6,8 @@ # This is the code for s390 zlib hardware support. # +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + obj-$(CONFIG_ZLIB_DFLTCC) += zlib_dfltcc.o zlib_dfltcc-objs := dfltcc.o dfltcc_deflate.o dfltcc_inflate.o dfltcc_syms.o diff --git a/lib/zlib_inflate/Makefile b/lib/zlib_inflate/Makefile index 27327d3e9f54..a451e96f9845 100644 --- a/lib/zlib_inflate/Makefile +++ b/lib/zlib_inflate/Makefile @@ -14,6 +14,8 @@ # uncompression can be done without blocking on allocation). # +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) + obj-$(CONFIG_ZLIB_INFLATE) += zlib_inflate.o zlib_inflate-objs := inffast.o inflate.o infutil.o \ diff --git a/lib/zstd/Makefile b/lib/zstd/Makefile index f5d778e7e5c7..01be908a2d94 100644 --- a/lib/zstd/Makefile +++ b/lib/zstd/Makefile @@ -3,6 +3,7 @@ obj-$(CONFIG_ZSTD_COMPRESS) += zstd_compress.o obj-$(CONFIG_ZSTD_DECOMPRESS) += zstd_decompress.o ccflags-y += -O3 +ccflags-remove-$(CONFIG_FUNCTION_TRACER) += $(CC_FLAGS_FTRACE) zstd_compress-y := fse_compress.o huf_compress.o compress.o \ entropy_common.o fse_decompress.o zstd_common.o diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 916b2f7f7098..3629f66646d7 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -111,12 +111,14 @@ basename_flags = -DKBUILD_BASENAME=$(call name-fix,$(basetarget)) modname_flags = -DKBUILD_MODNAME=$(call name-fix,$(modname)) modfile_flags = -DKBUILD_MODFILE=$(call stringify,$(modfile)) -orig_c_flags = $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) \ - $(ccflags-y) $(CFLAGS_$(target-stem).o) -_c_flags = $(filter-out $(CFLAGS_REMOVE_$(target-stem).o), $(orig_c_flags)) -orig_a_flags = $(KBUILD_CPPFLAGS) $(KBUILD_AFLAGS) \ - $(asflags-y) $(AFLAGS_$(target-stem).o) -_a_flags = $(filter-out $(AFLAGS_REMOVE_$(target-stem).o), $(orig_a_flags)) +_c_flags = $(filter-out $(CFLAGS_REMOVE_$(target-stem).o), \ + $(filter-out $(ccflags-remove-y), \ + $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) $(ccflags-y)) \ + $(CFLAGS_$(target-stem).o)) +_a_flags = $(filter-out $(AFLAGS_REMOVE_$(target-stem).o), \ + $(filter-out $(asflags-remove-y), \ + $(KBUILD_CPPFLAGS) $(KBUILD_AFLAGS) $(asflags-y)) \ + $(AFLAGS_$(target-stem).o)) _cpp_flags = $(KBUILD_CPPFLAGS) $(cppflags-y) $(CPPFLAGS_$(target-stem).lds) # -- 2.25.1

4 years, 9 months

5
9
0 0

[PATCH] selftests: txtimestamp: tear down setup() 'tc' and 'ip' env on EXIT

by Paolo Pisati

Add a cleanup() path upon exit, making it possible to run the test twice in a row: $ sudo bash -x ./txtimestamp.sh + set -e ++ ip netns identify + [[ '' == \r\o\o\t ]] + main + [[ 0 -eq 0 ]] + run_test_all + setup + tc qdisc add dev lo root netem delay 1ms Error: Exclusivity flag on, cannot modify. Signed-off-by: Paolo Pisati <paolo.pisati(a)canonical.com> --- tools/testing/selftests/net/txtimestamp.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tools/testing/selftests/net/txtimestamp.sh b/tools/testing/selftests/net/txtimestamp.sh index eea6f5193693..77f29cabff87 100755 --- a/tools/testing/selftests/net/txtimestamp.sh +++ b/tools/testing/selftests/net/txtimestamp.sh @@ -23,6 +23,14 @@ setup() { action mirred egress redirect dev ifb_netem0 } +cleanup() { + tc filter del dev lo parent ffff: + tc qdisc del dev lo handle ffff: ingress + tc qdisc del dev ifb_netem0 root + ip link del ifb_netem0 + tc qdisc del dev lo root +} + run_test_v4v6() { # SND will be delayed 1000us # ACK will be delayed 6000us: 1 + 2 ms round-trip @@ -75,6 +83,8 @@ main() { fi } +trap cleanup EXIT + if [[ "$(ip netns identify)" == "root" ]]; then ./in_netns.sh $0 $@ else -- 2.27.0

4 years, 9 months

3
6
0 0

[PATCH v3 0/5] mm/migrate: avoid device private invalidations

by Ralph Campbell

The goal for this series is to avoid device private memory TLB invalidations when migrating a range of addresses from system memory to device private memory and some of those pages have already been migrated. The approach taken is to introduce a new mmu notifier invalidation event type and use that in the device driver to skip invalidation callbacks from migrate_vma_setup(). The device driver is also then expected to handle device MMU invalidations as part of the migrate_vma_setup(), migrate_vma_pages(), migrate_vma_finalize() process. Note that this is opt-in. A device driver can simply invalidate its MMU in the mmu notifier callback and not handle MMU invalidations in the migration sequence. This series is based on Jason Gunthorpe's HMM tree (linux-5.8.0-rc4). Also, this replaces the need for the following two patches I sent: ("mm: fix migrate_vma_setup() src_owner and normal pages") https://lore.kernel.org/linux-mm/20200622222008.9971-1-rcampbell@nvidia.com ("nouveau: fix mixed normal and device private page migration") https://lore.kernel.org/lkml/20200622233854.10889-3-rcampbell@nvidia.com Bharata Rao, let me know if I can add your reviewed-by back since I made a fair number of changes to this version of the series. Changes in v3: Changed the direction field "dir" to a "flags" field and renamed src_owner to pgmap_owner. Fixed a locking issue in nouveau for the migration invalidation. Added a HMM selftest test case to exercise the HMM test driver invalidation changes. Removed reviewed-by Bharata B Rao since this version is moderately changed. Changes in v2: Rebase to Jason Gunthorpe's HMM tree. Added reviewed-by from Bharata B Rao. Rename the mmu_notifier_range::data field to migrate_pgmap_owner as suggested by Jason Gunthorpe. Ralph Campbell (5): nouveau: fix storing invalid ptes mm/migrate: add a flags parameter to migrate_vma mm/notifier: add migration invalidation type nouveau/svm: use the new migration invalidation mm/hmm/test: use the new migration invalidation arch/powerpc/kvm/book3s_hv_uvmem.c | 4 ++- drivers/gpu/drm/nouveau/nouveau_dmem.c | 19 ++++++++--- drivers/gpu/drm/nouveau/nouveau_svm.c | 21 +++++------- drivers/gpu/drm/nouveau/nouveau_svm.h | 13 ++++++- .../drm/nouveau/nvkm/subdev/mmu/vmmgp100.c | 13 ++++--- include/linux/migrate.h | 16 ++++++--- include/linux/mmu_notifier.h | 7 ++++ lib/test_hmm.c | 34 +++++++++++-------- mm/migrate.c | 14 ++++++-- tools/testing/selftests/vm/hmm-tests.c | 18 +++++++--- 10 files changed, 112 insertions(+), 47 deletions(-) -- 2.20.1

4 years, 9 months

2
6
0 0

[PATCH v3] lib: kunit: Provides a userspace memory context when tests are compiled as module

by Vitor Massaru Iha

KUnit test cases run on kthreads, and kthreads don't have an adddress space (current->mm is NULL), but processes have mm. The purpose of this patch is to allow to borrow mm to KUnit kthread after userspace is brought up, because we know that there are processes running, at least the process that loaded the module to borrow mm. This allows, for example, tests such as user_copy_kunit, which uses vm_mmap, which needs current->mm. Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> --- v2: * splitted patch in 3: - Allows to install and load modules in root filesystem; - Provides an userspace memory context when tests are compiled as module; - Convert test_user_copy to KUnit test; * added documentation; * added more explanation; * added a missed test pointer; * released mm with mmput(); v3: * rebased with last kunit branch * Please apply this commit from kunit-fixes: 3f37d14b8a3152441f36b6bc74000996679f0998 Documentation/dev-tools/kunit/usage.rst | 14 ++++++++++++++ include/kunit/test.h | 12 ++++++++++++ lib/kunit/try-catch.c | 15 ++++++++++++++- 3 files changed, 40 insertions(+), 1 deletion(-) --- diff --git a/Documentation/dev-tools/kunit/usage.rst b/Documentation/dev-tools/kunit/usage.rst index 3c3fe8b5fecc..9f909157be34 100644 --- a/Documentation/dev-tools/kunit/usage.rst +++ b/Documentation/dev-tools/kunit/usage.rst @@ -448,6 +448,20 @@ We can now use it to test ``struct eeprom_buffer``: .. _kunit-on-non-uml: +User-space context +------------------ + +I case you need a user-space context, for now this is only possible through +tests compiled as a module. And it will be necessary to use a root filesystem +and uml_utilities. + +Example: + +.. code-block:: bash + + ./tools/testing/kunit/kunit.py run --timeout=60 --uml_rootfs_dir=.uml_rootfs + + KUnit on non-UML architectures ============================== diff --git a/include/kunit/test.h b/include/kunit/test.h index 59f3144f009a..ae3337139c65 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -222,6 +222,18 @@ struct kunit { * protect it with some type of lock. */ struct list_head resources; /* Protected by lock. */ + /* + * KUnit test cases run on kthreads, and kthreads don't have an + * adddress space (current->mm is NULL), but processes have mm. + * + * The purpose of this mm_struct is to allow to borrow mm to KUnit kthread + * after userspace is brought up, because we know that there are processes + * running, at least the process that loaded the module to borrow mm. + * + * This allows, for example, tests such as user_copy_kunit, which uses + * vm_mmap, which needs current->mm. + */ + struct mm_struct *mm; }; void kunit_init_test(struct kunit *test, const char *name, char *log); diff --git a/lib/kunit/try-catch.c b/lib/kunit/try-catch.c index 0dd434e40487..d03e2093985b 100644 --- a/lib/kunit/try-catch.c +++ b/lib/kunit/try-catch.c @@ -11,7 +11,8 @@ #include <linux/completion.h> #include <linux/kernel.h> #include <linux/kthread.h> - +#include <linux/sched/mm.h> +#include <linux/sched/task.h> #include "try-catch-impl.h" void __noreturn kunit_try_catch_throw(struct kunit_try_catch *try_catch) @@ -24,8 +25,17 @@ EXPORT_SYMBOL_GPL(kunit_try_catch_throw); static int kunit_generic_run_threadfn_adapter(void *data) { struct kunit_try_catch *try_catch = data; + struct kunit *test = try_catch->test; + + if (test != NULL && test->mm != NULL) + kthread_use_mm(test->mm); try_catch->try(try_catch->context); + if (test != NULL && test->mm != NULL) { + kthread_unuse_mm(test->mm); + mmput(test->mm); + test->mm = NULL; + } complete_and_exit(try_catch->try_completion, 0); } @@ -65,6 +75,9 @@ void kunit_try_catch_run(struct kunit_try_catch *try_catch, void *context) try_catch->context = context; try_catch->try_completion = &try_completion; try_catch->try_result = 0; + + test->mm = get_task_mm(current); + task_struct = kthread_run(kunit_generic_run_threadfn_adapter, try_catch, "kunit_try_catch_thread"); base-commit: d43c7fb05765152d4d4a39a8ef957c4ea14d8847 -- 2.26.2

4 years, 9 months

3
3
0 0

[RFC v3] kunit: Allows to install and load modules in root filesystem

by Vitor Massaru Iha

This makes possible to install and load KUnit tests as modules in a root filesystem and boot UML with this filesystem. The filesystem was created using debootstrap: sudo debootstrap buster .uml_rootfs And change the owner of the root filesystem files for your user: sudo chown -R $USER:$USER .uml_rootfs For the kunit-tool to correctly capture the test results, uml_utilities must be installed on the host to halt uml. Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> Reviewed-by: Brendan Higgins <brendanhiggins(a)google.com> --- v2: * splitted patch in 3: - Allows to install and load modules in root filesystem; - Provides an userspace memory context when tests are compiled as module; - Convert test_user_copy to KUnit test; * added documentation; * removed the use of global variable; * capitalized make_cmd to look like a constant; * adjusted unit tests to the new parameter (--uml_rootfs_dir); v3: * rebased with last kunit branch * Please apply this commit from kunit-fixes: 3f37d14b8a3152441f36b6bc74000996679f0998 --- Documentation/dev-tools/kunit/start.rst | 15 ++++ tools/testing/kunit/kunit.py | 40 +++++++-- tools/testing/kunit/kunit_kernel.py | 106 ++++++++++++++++++++---- tools/testing/kunit/kunit_tool_test.py | 16 ++-- 4 files changed, 146 insertions(+), 31 deletions(-) diff --git a/Documentation/dev-tools/kunit/start.rst b/Documentation/dev-tools/kunit/start.rst index d23385e3e159..3704f8de07a5 100644 --- a/Documentation/dev-tools/kunit/start.rst +++ b/Documentation/dev-tools/kunit/start.rst @@ -9,6 +9,21 @@ Installing dependencies KUnit has the same dependencies as the Linux kernel. As long as you can build the kernel, you can run KUnit. +Unless you need to run the tests with a root filesystem, in this case you will +need to install debootsrap and uml_tools (uml-tools in Debian flavor distro). + +To install the root filesystem: + +.. code-block:: bash + + sudo debootstrap buster .uml_rootfs + +And change the owner of the root filesystem for your user: + +.. code-block:: bash + + sudo chown -R $USER:$USER .uml_rootfs + Running tests with the KUnit Wrapper ==================================== Included with KUnit is a simple Python wrapper which runs tests under User Mode diff --git a/tools/testing/kunit/kunit.py b/tools/testing/kunit/kunit.py index 2ece17e9eab5..8abe3a61f798 100755 --- a/tools/testing/kunit/kunit.py +++ b/tools/testing/kunit/kunit.py @@ -23,16 +23,16 @@ import kunit_parser KunitResult = namedtuple('KunitResult', ['status','result','elapsed_time']) KunitConfigRequest = namedtuple('KunitConfigRequest', - ['build_dir', 'make_options']) + ['build_dir', 'uml_rootfs_path', 'make_options']) KunitBuildRequest = namedtuple('KunitBuildRequest', - ['jobs', 'build_dir', 'alltests', + ['jobs', 'build_dir', 'uml_rootfs_path', 'alltests', 'make_options']) KunitExecRequest = namedtuple('KunitExecRequest', - ['timeout', 'build_dir', 'alltests']) + ['timeout', 'build_dir', 'uml_rootfs_path', 'alltests']) KunitParseRequest = namedtuple('KunitParseRequest', ['raw_output', 'input_data']) KunitRequest = namedtuple('KunitRequest', ['raw_output','timeout', 'jobs', - 'build_dir', 'alltests', + 'build_dir', 'uml_rootfs_path', 'alltests', 'make_options']) KernelDirectoryPath = sys.argv[0].split('tools/testing/kunit/')[0] @@ -47,7 +47,6 @@ def create_default_kunitconfig(): if not os.path.exists(kunit_kernel.kunitconfig_path): shutil.copyfile('arch/um/configs/kunit_defconfig', kunit_kernel.kunitconfig_path) - def get_kernel_root_path(): parts = sys.argv[0] if not __file__ else __file__ parts = os.path.realpath(parts).split('tools/testing/kunit') @@ -61,7 +60,8 @@ def config_tests(linux: kunit_kernel.LinuxSourceTree, config_start = time.time() create_default_kunitconfig() - success = linux.build_reconfig(request.build_dir, request.make_options) + + success = linux.build_reconfig(request.build_dir, request.uml_rootfs_path, request.make_options) config_end = time.time() if not success: return KunitResult(KunitStatus.CONFIG_FAILURE, @@ -79,10 +79,9 @@ def build_tests(linux: kunit_kernel.LinuxSourceTree, success = linux.build_um_kernel(request.alltests, request.jobs, request.build_dir, + request.uml_rootfs_path, request.make_options) build_end = time.time() - if not success: - return KunitResult(KunitStatus.BUILD_FAILURE, 'could not build kernel') if not success: return KunitResult(KunitStatus.BUILD_FAILURE, 'could not build kernel', @@ -97,7 +96,8 @@ def exec_tests(linux: kunit_kernel.LinuxSourceTree, test_start = time.time() result = linux.run_kernel( timeout=None if request.alltests else request.timeout, - build_dir=request.build_dir) + build_dir=request.build_dir, + uml_rootfs_path=request.uml_rootfs_path) test_end = time.time() @@ -130,12 +130,14 @@ def run_tests(linux: kunit_kernel.LinuxSourceTree, run_start = time.time() config_request = KunitConfigRequest(request.build_dir, + request.uml_rootfs_path, request.make_options) config_result = config_tests(linux, config_request) if config_result.status != KunitStatus.SUCCESS: return config_result build_request = KunitBuildRequest(request.jobs, request.build_dir, + request.uml_rootfs_path, request.alltests, request.make_options) build_result = build_tests(linux, build_request) @@ -143,6 +145,7 @@ def run_tests(linux: kunit_kernel.LinuxSourceTree, return build_result exec_request = KunitExecRequest(request.timeout, request.build_dir, + request.uml_rootfs_path, request.alltests) exec_result = exec_tests(linux, exec_request) if exec_result.status != KunitStatus.SUCCESS: @@ -168,6 +171,10 @@ def add_common_opts(parser): help='As in the make command, it specifies the build ' 'directory.', type=str, default='.kunit', metavar='build_dir') + parser.add_argument('--uml_rootfs_dir', + help='To load modules, a root filesystem is ' + 'required to install and load these modules.', + type=str, default=None, metavar='uml_rootfs_dir') parser.add_argument('--make_options', help='X=Y make option, can be repeated.', action='append') @@ -196,6 +203,7 @@ def add_parse_opts(parser): def main(argv, linux=None): + uml_rootfs_path = None parser = argparse.ArgumentParser( description='Helps writing and running KUnit tests.') subparser = parser.add_subparsers(dest='subcommand') @@ -235,6 +243,16 @@ def main(argv, linux=None): cli_args = parser.parse_args(argv) + if cli_args.uml_rootfs_dir \ + and os.path.exists(cli_args.uml_rootfs_dir) \ + and os.path.abspath(cli_args.uml_rootfs_dir) != \ + os.path.abspath(os.getcwd()) \ + and os.path.abspath(cli_args.uml_rootfs_dir) != '/': + uml_rootfs_path = os.path.abspath(cli_args.uml_rootfs_dir) + elif cli_args.uml_rootfs_dir != None: + print("Invalid uml_rootfs_dir: {}".format(cli_args.uml_rootfs_dir)) + sys.exit(1) + if cli_args.subcommand == 'run': if not os.path.exists(cli_args.build_dir): os.mkdir(cli_args.build_dir) @@ -246,6 +264,7 @@ def main(argv, linux=None): cli_args.timeout, cli_args.jobs, cli_args.build_dir, + uml_rootfs_path, cli_args.alltests, cli_args.make_options) result = run_tests(linux, request) @@ -260,6 +279,7 @@ def main(argv, linux=None): linux = kunit_kernel.LinuxSourceTree() request = KunitConfigRequest(cli_args.build_dir, + uml_rootfs_path, cli_args.make_options) result = config_tests(linux, request) kunit_parser.print_with_timestamp(( @@ -277,6 +297,7 @@ def main(argv, linux=None): request = KunitBuildRequest(cli_args.jobs, cli_args.build_dir, + uml_rootfs_path, cli_args.alltests, cli_args.make_options) result = build_tests(linux, request) @@ -295,6 +316,7 @@ def main(argv, linux=None): exec_request = KunitExecRequest(cli_args.timeout, cli_args.build_dir, + uml_rootfs_path, cli_args.alltests) exec_result = exec_tests(linux, exec_request) parse_request = KunitParseRequest(cli_args.raw_output, diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py index e20e2056cb38..0f21f7e879ed 100644 --- a/tools/testing/kunit/kunit_kernel.py +++ b/tools/testing/kunit/kunit_kernel.py @@ -11,6 +11,7 @@ import logging import subprocess import os import signal +import time from contextlib import ExitStack @@ -19,8 +20,58 @@ import kunit_parser KCONFIG_PATH = '.config' kunitconfig_path = '.kunitconfig' +X86_64_DEFCONFIG_PATH = 'arch/um/configs/x86_64_defconfig' BROKEN_ALLCONFIG_PATH = 'tools/testing/kunit/configs/broken_on_uml.config' +MAKE_CMD = { + 'make': { + 'command': ['make', 'ARCH=um'], + 'msg_error': 'Could not call execute make: ', + }, + 'make_modules': { + 'command': ['make', 'modules', 'ARCH=um'], + 'msg_error': 'Could not call execute make modules: ', + }, + 'make_modules_install': { + 'command': ['make', 'modules_install', 'ARCH=um'], + 'msg_error': 'Could not call execute make modules_install: ', + } +} + +def halt_uml(): + try: + subprocess.call(['uml_mconsole', 'kunitid', 'halt']) + except OSError as e: + raise ConfigError('Could not call uml_mconsole ' + e) + except subprocess.CalledProcessError as e: + raise ConfigError(e.output) + +def enable_uml_modules_on_boot(output_command, uml_rootfs_path): + uml_modules_path = None + found_kernel_version = False + modules = [] + for i in output_command.decode('utf-8').split(): + if found_kernel_version: + kernel_version = i + uml_modules_path = os.path.join(uml_rootfs_path, + 'lib/modules/', kernel_version, 'kernel/lib/') + break + if 'DEPMOD' in i: + found_kernel_version = True + + try: + if os.path.exists(uml_modules_path): + modules = subprocess.check_output(['ls', + uml_modules_path]).decode('utf-8').split() + except OSError as e: + raise ConfigError('Could not list directory ' + e) + except subprocess.CalledProcessError as e: + raise ConfigError(e.output) + + with open(os.path.join(uml_rootfs_path, 'etc/modules'), 'w') as f: + for i in modules: + f.write(i.replace('.ko', '')) + class ConfigError(Exception): """Represents an error trying to configure the Linux kernel.""" @@ -70,20 +121,28 @@ class LinuxSourceTreeOperations(object): kunit_parser.print_with_timestamp( 'Starting Kernel with all configs takes a few minutes...') - def make(self, jobs, build_dir, make_options): - command = ['make', 'ARCH=um', '--jobs=' + str(jobs)] + def make(self, cmd, jobs, build_dir, uml_rootfs_path, make_options): + command = MAKE_CMD[cmd]['command'] + ['--jobs=' + str(jobs)] + if make_options: command.extend(make_options) if build_dir: command += ['O=' + build_dir] + + if cmd == 'make_modules_install': + command += ['INSTALL_MOD_PATH=' + uml_rootfs_path] + try: - subprocess.check_output(command, stderr=subprocess.STDOUT) + output = subprocess.check_output(command, stderr=subprocess.STDOUT) + if cmd == 'make_modules_install': + enable_uml_modules_on_boot(output, + uml_rootfs_path) except OSError as e: - raise BuildError('Could not call execute make: ' + e) + raise BuildError(MAKE_CMD[cmd]['msg_error'] + e) except subprocess.CalledProcessError as e: raise BuildError(e.output) - def linux_bin(self, params, timeout, build_dir, outfile): + def linux_bin(self, params, timeout, build_dir, uml_rootfs_path, outfile): """Runs the Linux UML binary. Must be named 'linux'.""" linux_bin = './linux' if build_dir: @@ -92,7 +151,11 @@ class LinuxSourceTreeOperations(object): process = subprocess.Popen([linux_bin] + params, stdout=output, stderr=subprocess.STDOUT) - process.wait(timeout) + if uml_rootfs_path: + time.sleep(timeout) + halt_uml() + else: + process.wait(timeout) def get_kconfig_path(build_dir): @@ -132,11 +195,16 @@ class LinuxSourceTree(object): return False return True - def build_config(self, build_dir, make_options): + def build_config(self, build_dir, uml_rootfs_path, make_options): kconfig_path = get_kconfig_path(build_dir) if build_dir and not os.path.exists(build_dir): os.mkdir(build_dir) self._kconfig.write_to_file(kconfig_path) + + if uml_rootfs_path: + with open(kconfig_path, 'a') as fw: + with open(X86_64_DEFCONFIG_PATH, 'r') as fr: + fw.write(fr.read()) try: self._ops.make_olddefconfig(build_dir, make_options) except ConfigError as e: @@ -144,7 +212,7 @@ class LinuxSourceTree(object): return False return self.validate_config(build_dir) - def build_reconfig(self, build_dir, make_options): + def build_reconfig(self, build_dir, uml_rootfs_path, make_options): """Creates a new .config if it is not a subset of the .kunitconfig.""" kconfig_path = get_kconfig_path(build_dir) if os.path.exists(kconfig_path): @@ -153,28 +221,38 @@ class LinuxSourceTree(object): if not self._kconfig.is_subset_of(existing_kconfig): print('Regenerating .config ...') os.remove(kconfig_path) - return self.build_config(build_dir, make_options) + return self.build_config(build_dir, uml_rootfs_path, + make_options) else: return True else: print('Generating .config ...') - return self.build_config(build_dir, make_options) + return self.build_config(build_dir, uml_rootfs_path, make_options) - def build_um_kernel(self, alltests, jobs, build_dir, make_options): + def build_um_kernel(self, alltests, jobs, build_dir, + uml_rootfs_path, make_options): if alltests: self._ops.make_allyesconfig() try: self._ops.make_olddefconfig(build_dir, make_options) - self._ops.make(jobs, build_dir, make_options) + self._ops.make('make', jobs, build_dir, uml_rootfs_path, make_options) + if uml_rootfs_path: + self._ops.make('make_modules', jobs, build_dir, + uml_rootfs_path, make_options) + self._ops.make('make_modules_install', jobs, + build_dir, uml_rootfs_path, make_options) except (ConfigError, BuildError) as e: logging.error(e) return False return self.validate_config(build_dir) - def run_kernel(self, args=[], build_dir='', timeout=None): + def run_kernel(self, args=[], build_dir='', uml_rootfs_path=None, timeout=None): args.extend(['mem=1G']) + if uml_rootfs_path: + args.extend(['root=/dev/root', 'rootfstype=hostfs', + 'rootflags=' + uml_rootfs_path, 'umid=kunitid']) outfile = 'test.log' - self._ops.linux_bin(args, timeout, build_dir, outfile) + self._ops.linux_bin(args, timeout, build_dir, uml_rootfs_path, outfile) subprocess.call(['stty', 'sane']) with open(outfile, 'r') as file: for line in file: diff --git a/tools/testing/kunit/kunit_tool_test.py b/tools/testing/kunit/kunit_tool_test.py index ebedfc57a39b..2359c77c8efb 100755 --- a/tools/testing/kunit/kunit_tool_test.py +++ b/tools/testing/kunit/kunit_tool_test.py @@ -247,14 +247,14 @@ class KUnitMainTest(unittest.TestCase): def test_build_passes_args_pass(self): kunit.main(['build'], self.linux_source_mock) assert self.linux_source_mock.build_reconfig.call_count == 0 - self.linux_source_mock.build_um_kernel.assert_called_once_with(False, 8, '.kunit', None) + self.linux_source_mock.build_um_kernel.assert_called_once_with(False, 8, '.kunit', None, None) assert self.linux_source_mock.run_kernel.call_count == 0 def test_exec_passes_args_pass(self): kunit.main(['exec'], self.linux_source_mock) assert self.linux_source_mock.build_reconfig.call_count == 0 assert self.linux_source_mock.run_kernel.call_count == 1 - self.linux_source_mock.run_kernel.assert_called_once_with(build_dir='.kunit', timeout=300) + self.linux_source_mock.run_kernel.assert_called_once_with(build_dir='.kunit', uml_rootfs_path=None, timeout=300) self.print_mock.assert_any_call(StrContains('Testing complete.')) def test_run_passes_args_pass(self): @@ -262,7 +262,7 @@ class KUnitMainTest(unittest.TestCase): assert self.linux_source_mock.build_reconfig.call_count == 1 assert self.linux_source_mock.run_kernel.call_count == 1 self.linux_source_mock.run_kernel.assert_called_once_with( - build_dir='.kunit', timeout=300) + build_dir='.kunit', uml_rootfs_path=None, timeout=300) self.print_mock.assert_any_call(StrContains('Testing complete.')) def test_exec_passes_args_fail(self): @@ -302,7 +302,7 @@ class KUnitMainTest(unittest.TestCase): def test_exec_timeout(self): timeout = 3453 kunit.main(['exec', '--timeout', str(timeout)], self.linux_source_mock) - self.linux_source_mock.run_kernel.assert_called_once_with(build_dir='.kunit', timeout=timeout) + self.linux_source_mock.run_kernel.assert_called_once_with(build_dir='.kunit', uml_rootfs_path=None, timeout=timeout) self.print_mock.assert_any_call(StrContains('Testing complete.')) def test_run_timeout(self): @@ -310,7 +310,7 @@ class KUnitMainTest(unittest.TestCase): kunit.main(['run', '--timeout', str(timeout)], self.linux_source_mock) assert self.linux_source_mock.build_reconfig.call_count == 1 self.linux_source_mock.run_kernel.assert_called_once_with( - build_dir='.kunit', timeout=timeout) + build_dir='.kunit', uml_rootfs_path=None, timeout=timeout) self.print_mock.assert_any_call(StrContains('Testing complete.')) def test_run_builddir(self): @@ -318,7 +318,7 @@ class KUnitMainTest(unittest.TestCase): kunit.main(['run', '--build_dir=.kunit'], self.linux_source_mock) assert self.linux_source_mock.build_reconfig.call_count == 1 self.linux_source_mock.run_kernel.assert_called_once_with( - build_dir=build_dir, timeout=300) + build_dir=build_dir, uml_rootfs_path=None, timeout=300) self.print_mock.assert_any_call(StrContains('Testing complete.')) def test_config_builddir(self): @@ -329,12 +329,12 @@ class KUnitMainTest(unittest.TestCase): def test_build_builddir(self): build_dir = '.kunit' kunit.main(['build', '--build_dir', build_dir], self.linux_source_mock) - self.linux_source_mock.build_um_kernel.assert_called_once_with(False, 8, build_dir, None) + self.linux_source_mock.build_um_kernel.assert_called_once_with(False, 8, build_dir, None, None) def test_exec_builddir(self): build_dir = '.kunit' kunit.main(['exec', '--build_dir', build_dir], self.linux_source_mock) - self.linux_source_mock.run_kernel.assert_called_once_with(build_dir=build_dir, timeout=300) + self.linux_source_mock.run_kernel.assert_called_once_with(build_dir=build_dir, uml_rootfs_path=None, timeout=300) self.print_mock.assert_any_call(StrContains('Testing complete.')) if __name__ == '__main__': base-commit: d43c7fb05765152d4d4a39a8ef957c4ea14d8847 -- 2.26.2

4 years, 9 months

1
0
0 0

[RFC PATCH bpf-next 0/2] BTF support for ksyms

by Hao Luo

This patch series extends the previously add __ksym externs with btf info. Right now the __ksym externs are treated as pure 64-bit scalar value. Libbpf replaces ld_imm64 insn of __ksym by its kernel address at load time. This patch series extend those extern with their btf info. Note that btf support for __ksym must come with the btf that has VARs encoded to work properly. Therefore, these patches are tested against a btf generated by a patched pahole, whose change will available in released pahole soon. There are a couple of design choices that I would like feedbacks from bpf/btf experts. 1. Because the newly added pseudo_btf_id needs to carry both a kernel address (64 bits) and a btf id (32 bits), I used the 'off' fields of ld_imm insn to carry btf id. I wonder if this breaks anything or if there is a better idea. 2. Since only a subset of vars are going to be encoded into the new btf, if a ksym that doesn't find its btf id, it doesn't get converted into pseudo_btf_id. It is still treated as pure scalar value. But we require kernel btf to be loaded in libbpf if there is any ksym in the bpf prog. This is RFC as it requires pahole changes that encode kernel vars into btf. Hao Luo (2): bpf: BTF support for __ksym externs selftests/bpf: Test __ksym externs with BTF include/uapi/linux/bpf.h | 37 ++++++++++---- kernel/bpf/verifier.c | 26 ++++++++-- tools/include/uapi/linux/bpf.h | 37 ++++++++++---- tools/lib/bpf/libbpf.c | 50 ++++++++++++++++++- .../testing/selftests/bpf/prog_tests/ksyms.c | 2 + .../testing/selftests/bpf/progs/test_ksyms.c | 14 ++++++ 6 files changed, 143 insertions(+), 23 deletions(-) -- 2.27.0.389.gc38d7665816-goog

4 years, 9 months

2
8
0 0

[PATCH v2 0/2] Selftest for cpuidle latency measurement

by Pratik Rajesh Sampat

v1: https://lkml.org/lkml/2020/7/7/1036 Changelog v1 --> v2 1. Based on Shuah Khan's comment, changed exit code to ksft_skip to indicate the test is being skipped 2. Change the busy workload for baseline measurement from "yes > /dev/null" to "cat /dev/random to /dev/null", based on observed CPU utilization for "yes" consuming ~60% CPU while the latter consumes 100% of CPUs, giving more accurate baseline numbers --- The patch series introduces a mechanism to measure wakeup latency for IPI and timer based interrupts The motivation behind this series is to find significant deviations behind advertised latency and resisdency values To achieve this, we introduce a kernel module and expose its control knobs through the debugfs interface that the selftests can engage with. The kernel module provides the following interfaces within /sys/kernel/debug/latency_test/ for, 1. IPI test: ipi_cpu_dest # Destination CPU for the IPI ipi_cpu_src # Origin of the IPI ipi_latency_ns # Measured latency time in ns 2. Timeout test: timeout_cpu_src # CPU on which the timer to be queued timeout_expected_ns # Timer duration timeout_diff_ns # Difference of actual duration vs expected timer To include the module, check option and include as module kernel hacking -> Cpuidle latency selftests The selftest inserts the module, disables all the idle states and enables them one by one testing the following: 1. Keeping source CPU constant, iterates through all the CPUS measuring IPI latency for baseline (CPU is busy with "cat /dev/random > /dev/null" workload) and the when the CPU is allowed to be at rest 2. Iterating through all the CPUs, sending expected timer durations to be equivalent to the residency of the the deepest idle state enabled and extracting the difference in time between the time of wakeup and the expected timer duration Usage ----- Can be used in conjuction to the rest of the selftests. Default Output location in: tools/testing/cpuidle/cpuidle.log To run this test specifically: $ make -C tools/testing/selftests TARGETS="cpuidle" run_tests There are a few optinal arguments too that the script can take [-h <help>] [-m <location of the module>] [-o <location of the output>] Sample output snippet --------------------- --IPI Latency Test--- --Baseline IPI Latency measurement: CPU Busy-- SRC_CPU DEST_CPU IPI_Latency(ns) ... 0 8 1996 0 9 2125 0 10 1264 0 11 1788 0 12 2045 Baseline Average IPI latency(ns): 1843 ---Enabling state: 5--- SRC_CPU DEST_CPU IPI_Latency(ns) 0 8 621719 0 9 624752 0 10 622218 0 11 623968 0 12 621303 Expected IPI latency(ns): 100000 Observed Average IPI latency(ns): 622792 --Timeout Latency Test-- --Baseline Timeout Latency measurement: CPU Busy-- Wakeup_src Baseline_delay(ns) ... 8 2249 9 2226 10 2211 11 2183 12 2263 Baseline Average timeout diff(ns): 2226 ---Enabling state: 5--- 8 10749 9 10911 10 10912 11 12100 12 73276 Expected timeout(ns): 10000200 Observed Average timeout diff(ns): 23589 Pratik Rajesh Sampat (2): cpuidle: Trace IPI based and timer based wakeup latency from idle states selftest/cpuidle: Add support for cpuidle latency measurement drivers/cpuidle/Makefile | 1 + drivers/cpuidle/test-cpuidle_latency.c | 150 ++++++++++++ lib/Kconfig.debug | 10 + tools/testing/selftests/Makefile | 1 + tools/testing/selftests/cpuidle/Makefile | 6 + tools/testing/selftests/cpuidle/cpuidle.sh | 257 +++++++++++++++++++++ tools/testing/selftests/cpuidle/settings | 1 + 7 files changed, 426 insertions(+) create mode 100644 drivers/cpuidle/test-cpuidle_latency.c create mode 100644 tools/testing/selftests/cpuidle/Makefile create mode 100755 tools/testing/selftests/cpuidle/cpuidle.sh create mode 100644 tools/testing/selftests/cpuidle/settings -- 2.25.4

4 years, 9 months

3
5
0 0

[PATCH v2 0/5] mm/migrate: avoid device private invalidations

by Ralph Campbell

The goal for this series is to avoid device private memory TLB invalidations when migrating a range of addresses from system memory to device private memory and some of those pages have already been migrated. The approach taken is to introduce a new mmu notifier invalidation event type and use that in the device driver to skip invalidation callbacks from migrate_vma_setup(). The device driver is also then expected to handle device MMU invalidations as part of the migrate_vma_setup(), migrate_vma_pages(), migrate_vma_finalize() process. Note that this is opt-in. A device driver can simply invalidate its MMU in the mmu notifier callback and not handle MMU invalidations in the migration sequence. This series is based on Jason Gunthorpe's HMM tree (linux-5.8.0-rc4). Also, this replaces the need for the following two patches I sent: ("mm: fix migrate_vma_setup() src_owner and normal pages") https://lore.kernel.org/linux-mm/20200622222008.9971-1-rcampbell@nvidia.com ("nouveau: fix mixed normal and device private page migration") https://lore.kernel.org/lkml/20200622233854.10889-3-rcampbell@nvidia.com Changes in v2: Rebase to Jason Gunthorpe's HMM tree. Added reviewed-by from Bharata B Rao. Rename the mmu_notifier_range::data field to migrate_pgmap_owner as suggested by Jason Gunthorpe. Ralph Campbell (5): nouveau: fix storing invalid ptes mm/migrate: add a direction parameter to migrate_vma mm/notifier: add migration invalidation type nouveau/svm: use the new migration invalidation mm/hmm/test: use the new migration invalidation arch/powerpc/kvm/book3s_hv_uvmem.c | 2 ++ drivers/gpu/drm/nouveau/nouveau_dmem.c | 13 ++++++-- drivers/gpu/drm/nouveau/nouveau_svm.c | 10 +++++- drivers/gpu/drm/nouveau/nouveau_svm.h | 1 + .../drm/nouveau/nvkm/subdev/mmu/vmmgp100.c | 13 +++++--- include/linux/migrate.h | 12 +++++-- include/linux/mmu_notifier.h | 7 ++++ lib/test_hmm.c | 33 +++++++++++-------- mm/migrate.c | 13 ++++++-- 9 files changed, 77 insertions(+), 27 deletions(-) -- 2.20.1

4 years, 9 months

3
15
0 0

[RFC v2] kunit: tool: Allows to install and load modules in root filesystem

by Vitor Massaru Iha

This makes possible to install and load KUnit tests as modules in a root filesystem and boot UML with this filesystem. The filesystem was created using debootstrap: sudo debootstrap buster .uml_rootfs And change the owner of the root filesystem files for your user: sudo chown -R $USER:$USER .uml_rootfs For the kunit-tool to correctly capture the test results, uml_utilities must be installed on the host to halt uml. Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> Reviewed-by: Brendan Higgins <brendanhiggins(a)google.com> --- v2: * splitted patch in 3: - Allows to install and load modules in root filesystem; - Provides an userspace memory context when tests are compiled as module; - Convert test_user_copy to KUnit test; * added documentation; * removed the use of global variable; * capitalized make_cmd to look like a constant; * adjusted unit tests to the new parameter (--uml_rootfs_dir); --- Documentation/dev-tools/kunit/start.rst | 15 ++++ tools/testing/kunit/kunit.py | 40 +++++++-- tools/testing/kunit/kunit_kernel.py | 106 ++++++++++++++++++++---- tools/testing/kunit/kunit_tool_test.py | 16 ++-- 4 files changed, 146 insertions(+), 31 deletions(-) diff --git a/Documentation/dev-tools/kunit/start.rst b/Documentation/dev-tools/kunit/start.rst index bb112cf70624..af2b6b9f870f 100644 --- a/Documentation/dev-tools/kunit/start.rst +++ b/Documentation/dev-tools/kunit/start.rst @@ -9,6 +9,21 @@ Installing dependencies KUnit has the same dependencies as the Linux kernel. As long as you can build the kernel, you can run KUnit. +Unless you need to run the tests with a root filesystem, in this case you will +need to install debootsrap and uml_tools (uml-tools in Debian flavor distro). + +To install the root filesystem: + +.. code-block:: bash + + sudo debootstrap buster .uml_rootfs + +And change the owner of the root filesystem for your user: + +.. code-block:: bash + + sudo chown -R $USER:$USER .uml_rootfs + Running tests with the KUnit Wrapper ==================================== Included with KUnit is a simple Python wrapper which runs tests under User Mode diff --git a/tools/testing/kunit/kunit.py b/tools/testing/kunit/kunit.py index 2ece17e9eab5..8abe3a61f798 100755 --- a/tools/testing/kunit/kunit.py +++ b/tools/testing/kunit/kunit.py @@ -23,16 +23,16 @@ import kunit_parser KunitResult = namedtuple('KunitResult', ['status','result','elapsed_time']) KunitConfigRequest = namedtuple('KunitConfigRequest', - ['build_dir', 'make_options']) + ['build_dir', 'uml_rootfs_path', 'make_options']) KunitBuildRequest = namedtuple('KunitBuildRequest', - ['jobs', 'build_dir', 'alltests', + ['jobs', 'build_dir', 'uml_rootfs_path', 'alltests', 'make_options']) KunitExecRequest = namedtuple('KunitExecRequest', - ['timeout', 'build_dir', 'alltests']) + ['timeout', 'build_dir', 'uml_rootfs_path', 'alltests']) KunitParseRequest = namedtuple('KunitParseRequest', ['raw_output', 'input_data']) KunitRequest = namedtuple('KunitRequest', ['raw_output','timeout', 'jobs', - 'build_dir', 'alltests', + 'build_dir', 'uml_rootfs_path', 'alltests', 'make_options']) KernelDirectoryPath = sys.argv[0].split('tools/testing/kunit/')[0] @@ -47,7 +47,6 @@ def create_default_kunitconfig(): if not os.path.exists(kunit_kernel.kunitconfig_path): shutil.copyfile('arch/um/configs/kunit_defconfig', kunit_kernel.kunitconfig_path) - def get_kernel_root_path(): parts = sys.argv[0] if not __file__ else __file__ parts = os.path.realpath(parts).split('tools/testing/kunit') @@ -61,7 +60,8 @@ def config_tests(linux: kunit_kernel.LinuxSourceTree, config_start = time.time() create_default_kunitconfig() - success = linux.build_reconfig(request.build_dir, request.make_options) + + success = linux.build_reconfig(request.build_dir, request.uml_rootfs_path, request.make_options) config_end = time.time() if not success: return KunitResult(KunitStatus.CONFIG_FAILURE, @@ -79,10 +79,9 @@ def build_tests(linux: kunit_kernel.LinuxSourceTree, success = linux.build_um_kernel(request.alltests, request.jobs, request.build_dir, + request.uml_rootfs_path, request.make_options) build_end = time.time() - if not success: - return KunitResult(KunitStatus.BUILD_FAILURE, 'could not build kernel') if not success: return KunitResult(KunitStatus.BUILD_FAILURE, 'could not build kernel', @@ -97,7 +96,8 @@ def exec_tests(linux: kunit_kernel.LinuxSourceTree, test_start = time.time() result = linux.run_kernel( timeout=None if request.alltests else request.timeout, - build_dir=request.build_dir) + build_dir=request.build_dir, + uml_rootfs_path=request.uml_rootfs_path) test_end = time.time() @@ -130,12 +130,14 @@ def run_tests(linux: kunit_kernel.LinuxSourceTree, run_start = time.time() config_request = KunitConfigRequest(request.build_dir, + request.uml_rootfs_path, request.make_options) config_result = config_tests(linux, config_request) if config_result.status != KunitStatus.SUCCESS: return config_result build_request = KunitBuildRequest(request.jobs, request.build_dir, + request.uml_rootfs_path, request.alltests, request.make_options) build_result = build_tests(linux, build_request) @@ -143,6 +145,7 @@ def run_tests(linux: kunit_kernel.LinuxSourceTree, return build_result exec_request = KunitExecRequest(request.timeout, request.build_dir, + request.uml_rootfs_path, request.alltests) exec_result = exec_tests(linux, exec_request) if exec_result.status != KunitStatus.SUCCESS: @@ -168,6 +171,10 @@ def add_common_opts(parser): help='As in the make command, it specifies the build ' 'directory.', type=str, default='.kunit', metavar='build_dir') + parser.add_argument('--uml_rootfs_dir', + help='To load modules, a root filesystem is ' + 'required to install and load these modules.', + type=str, default=None, metavar='uml_rootfs_dir') parser.add_argument('--make_options', help='X=Y make option, can be repeated.', action='append') @@ -196,6 +203,7 @@ def add_parse_opts(parser): def main(argv, linux=None): + uml_rootfs_path = None parser = argparse.ArgumentParser( description='Helps writing and running KUnit tests.') subparser = parser.add_subparsers(dest='subcommand') @@ -235,6 +243,16 @@ def main(argv, linux=None): cli_args = parser.parse_args(argv) + if cli_args.uml_rootfs_dir \ + and os.path.exists(cli_args.uml_rootfs_dir) \ + and os.path.abspath(cli_args.uml_rootfs_dir) != \ + os.path.abspath(os.getcwd()) \ + and os.path.abspath(cli_args.uml_rootfs_dir) != '/': + uml_rootfs_path = os.path.abspath(cli_args.uml_rootfs_dir) + elif cli_args.uml_rootfs_dir != None: + print("Invalid uml_rootfs_dir: {}".format(cli_args.uml_rootfs_dir)) + sys.exit(1) + if cli_args.subcommand == 'run': if not os.path.exists(cli_args.build_dir): os.mkdir(cli_args.build_dir) @@ -246,6 +264,7 @@ def main(argv, linux=None): cli_args.timeout, cli_args.jobs, cli_args.build_dir, + uml_rootfs_path, cli_args.alltests, cli_args.make_options) result = run_tests(linux, request) @@ -260,6 +279,7 @@ def main(argv, linux=None): linux = kunit_kernel.LinuxSourceTree() request = KunitConfigRequest(cli_args.build_dir, + uml_rootfs_path, cli_args.make_options) result = config_tests(linux, request) kunit_parser.print_with_timestamp(( @@ -277,6 +297,7 @@ def main(argv, linux=None): request = KunitBuildRequest(cli_args.jobs, cli_args.build_dir, + uml_rootfs_path, cli_args.alltests, cli_args.make_options) result = build_tests(linux, request) @@ -295,6 +316,7 @@ def main(argv, linux=None): exec_request = KunitExecRequest(cli_args.timeout, cli_args.build_dir, + uml_rootfs_path, cli_args.alltests) exec_result = exec_tests(linux, exec_request) parse_request = KunitParseRequest(cli_args.raw_output, diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py index 63dbda2d029f..aeffd024816c 100644 --- a/tools/testing/kunit/kunit_kernel.py +++ b/tools/testing/kunit/kunit_kernel.py @@ -11,6 +11,7 @@ import logging import subprocess import os import signal +import time from contextlib import ExitStack @@ -19,8 +20,58 @@ import kunit_parser KCONFIG_PATH = '.config' kunitconfig_path = '.kunitconfig' +X86_64_DEFCONFIG_PATH = 'arch/um/configs/x86_64_defconfig' BROKEN_ALLCONFIG_PATH = 'tools/testing/kunit/configs/broken_on_uml.config' +MAKE_CMD = { + 'make': { + 'command': ['make', 'ARCH=um'], + 'msg_error': 'Could not call execute make: ', + }, + 'make_modules': { + 'command': ['make', 'modules', 'ARCH=um'], + 'msg_error': 'Could not call execute make modules: ', + }, + 'make_modules_install': { + 'command': ['make', 'modules_install', 'ARCH=um'], + 'msg_error': 'Could not call execute make modules_install: ', + } +} + +def halt_uml(): + try: + subprocess.call(['uml_mconsole', 'kunitid', 'halt']) + except OSError as e: + raise ConfigError('Could not call uml_mconsole ' + e) + except subprocess.CalledProcessError as e: + raise ConfigError(e.output) + +def enable_uml_modules_on_boot(output_command, uml_rootfs_path): + uml_modules_path = None + found_kernel_version = False + modules = [] + for i in output_command.decode('utf-8').split(): + if found_kernel_version: + kernel_version = i + uml_modules_path = os.path.join(uml_rootfs_path, + 'lib/modules/', kernel_version, 'kernel/lib/') + break + if 'DEPMOD' in i: + found_kernel_version = True + + try: + if os.path.exists(uml_modules_path): + modules = subprocess.check_output(['ls', + uml_modules_path]).decode('utf-8').split() + except OSError as e: + raise ConfigError('Could not list directory ' + e) + except subprocess.CalledProcessError as e: + raise ConfigError(e.output) + + with open(os.path.join(uml_rootfs_path, 'etc/modules'), 'w') as f: + for i in modules: + f.write(i.replace('.ko', '')) + class ConfigError(Exception): """Represents an error trying to configure the Linux kernel.""" @@ -70,20 +121,28 @@ class LinuxSourceTreeOperations(object): kunit_parser.print_with_timestamp( 'Starting Kernel with all configs takes a few minutes...') - def make(self, jobs, build_dir, make_options): - command = ['make', 'ARCH=um', '--jobs=' + str(jobs)] + def make(self, cmd, jobs, build_dir, uml_rootfs_path, make_options): + command = MAKE_CMD[cmd]['command'] + ['--jobs=' + str(jobs)] + if make_options: command.extend(make_options) if build_dir: command += ['O=' + build_dir] + + if cmd == 'make_modules_install': + command += ['INSTALL_MOD_PATH=' + uml_rootfs_path] + try: - subprocess.check_output(command) + output = subprocess.check_output(command) + if cmd == 'make_modules_install': + enable_uml_modules_on_boot(output, + uml_rootfs_path) except OSError as e: - raise BuildError('Could not call execute make: ' + e) + raise BuildError(MAKE_CMD[cmd]['msg_error'] + e) except subprocess.CalledProcessError as e: raise BuildError(e.output) - def linux_bin(self, params, timeout, build_dir, outfile): + def linux_bin(self, params, timeout, build_dir, uml_rootfs_path, outfile): """Runs the Linux UML binary. Must be named 'linux'.""" linux_bin = './linux' if build_dir: @@ -92,7 +151,11 @@ class LinuxSourceTreeOperations(object): process = subprocess.Popen([linux_bin] + params, stdout=output, stderr=subprocess.STDOUT) - process.wait(timeout) + if uml_rootfs_path: + time.sleep(timeout) + halt_uml() + else: + process.wait(timeout) def get_kconfig_path(build_dir): @@ -132,11 +195,16 @@ class LinuxSourceTree(object): return False return True - def build_config(self, build_dir, make_options): + def build_config(self, build_dir, uml_rootfs_path, make_options): kconfig_path = get_kconfig_path(build_dir) if build_dir and not os.path.exists(build_dir): os.mkdir(build_dir) self._kconfig.write_to_file(kconfig_path) + + if uml_rootfs_path: + with open(kconfig_path, 'a') as fw: + with open(X86_64_DEFCONFIG_PATH, 'r') as fr: + fw.write(fr.read()) try: self._ops.make_olddefconfig(build_dir, make_options) except ConfigError as e: @@ -144,7 +212,7 @@ class LinuxSourceTree(object): return False return self.validate_config(build_dir) - def build_reconfig(self, build_dir, make_options): + def build_reconfig(self, build_dir, uml_rootfs_path, make_options): """Creates a new .config if it is not a subset of the .kunitconfig.""" kconfig_path = get_kconfig_path(build_dir) if os.path.exists(kconfig_path): @@ -153,28 +221,38 @@ class LinuxSourceTree(object): if not self._kconfig.is_subset_of(existing_kconfig): print('Regenerating .config ...') os.remove(kconfig_path) - return self.build_config(build_dir, make_options) + return self.build_config(build_dir, uml_rootfs_path, + make_options) else: return True else: print('Generating .config ...') - return self.build_config(build_dir, make_options) + return self.build_config(build_dir, uml_rootfs_path, make_options) - def build_um_kernel(self, alltests, jobs, build_dir, make_options): + def build_um_kernel(self, alltests, jobs, build_dir, + uml_rootfs_path, make_options): if alltests: self._ops.make_allyesconfig() try: self._ops.make_olddefconfig(build_dir, make_options) - self._ops.make(jobs, build_dir, make_options) + self._ops.make('make', jobs, build_dir, uml_rootfs_path, make_options) + if uml_rootfs_path: + self._ops.make('make_modules', jobs, build_dir, + uml_rootfs_path, make_options) + self._ops.make('make_modules_install', jobs, + build_dir, uml_rootfs_path, make_options) except (ConfigError, BuildError) as e: logging.error(e) return False return self.validate_config(build_dir) - def run_kernel(self, args=[], build_dir='', timeout=None): + def run_kernel(self, args=[], build_dir='', uml_rootfs_path=None, timeout=None): args.extend(['mem=1G']) + if uml_rootfs_path: + args.extend(['root=/dev/root', 'rootfstype=hostfs', + 'rootflags=' + uml_rootfs_path, 'umid=kunitid']) outfile = 'test.log' - self._ops.linux_bin(args, timeout, build_dir, outfile) + self._ops.linux_bin(args, timeout, build_dir, uml_rootfs_path, outfile) subprocess.call(['stty', 'sane']) with open(outfile, 'r') as file: for line in file: diff --git a/tools/testing/kunit/kunit_tool_test.py b/tools/testing/kunit/kunit_tool_test.py index ebedfc57a39b..2359c77c8efb 100755 --- a/tools/testing/kunit/kunit_tool_test.py +++ b/tools/testing/kunit/kunit_tool_test.py @@ -247,14 +247,14 @@ class KUnitMainTest(unittest.TestCase): def test_build_passes_args_pass(self): kunit.main(['build'], self.linux_source_mock) assert self.linux_source_mock.build_reconfig.call_count == 0 - self.linux_source_mock.build_um_kernel.assert_called_once_with(False, 8, '.kunit', None) + self.linux_source_mock.build_um_kernel.assert_called_once_with(False, 8, '.kunit', None, None) assert self.linux_source_mock.run_kernel.call_count == 0 def test_exec_passes_args_pass(self): kunit.main(['exec'], self.linux_source_mock) assert self.linux_source_mock.build_reconfig.call_count == 0 assert self.linux_source_mock.run_kernel.call_count == 1 - self.linux_source_mock.run_kernel.assert_called_once_with(build_dir='.kunit', timeout=300) + self.linux_source_mock.run_kernel.assert_called_once_with(build_dir='.kunit', uml_rootfs_path=None, timeout=300) self.print_mock.assert_any_call(StrContains('Testing complete.')) def test_run_passes_args_pass(self): @@ -262,7 +262,7 @@ class KUnitMainTest(unittest.TestCase): assert self.linux_source_mock.build_reconfig.call_count == 1 assert self.linux_source_mock.run_kernel.call_count == 1 self.linux_source_mock.run_kernel.assert_called_once_with( - build_dir='.kunit', timeout=300) + build_dir='.kunit', uml_rootfs_path=None, timeout=300) self.print_mock.assert_any_call(StrContains('Testing complete.')) def test_exec_passes_args_fail(self): @@ -302,7 +302,7 @@ class KUnitMainTest(unittest.TestCase): def test_exec_timeout(self): timeout = 3453 kunit.main(['exec', '--timeout', str(timeout)], self.linux_source_mock) - self.linux_source_mock.run_kernel.assert_called_once_with(build_dir='.kunit', timeout=timeout) + self.linux_source_mock.run_kernel.assert_called_once_with(build_dir='.kunit', uml_rootfs_path=None, timeout=timeout) self.print_mock.assert_any_call(StrContains('Testing complete.')) def test_run_timeout(self): @@ -310,7 +310,7 @@ class KUnitMainTest(unittest.TestCase): kunit.main(['run', '--timeout', str(timeout)], self.linux_source_mock) assert self.linux_source_mock.build_reconfig.call_count == 1 self.linux_source_mock.run_kernel.assert_called_once_with( - build_dir='.kunit', timeout=timeout) + build_dir='.kunit', uml_rootfs_path=None, timeout=timeout) self.print_mock.assert_any_call(StrContains('Testing complete.')) def test_run_builddir(self): @@ -318,7 +318,7 @@ class KUnitMainTest(unittest.TestCase): kunit.main(['run', '--build_dir=.kunit'], self.linux_source_mock) assert self.linux_source_mock.build_reconfig.call_count == 1 self.linux_source_mock.run_kernel.assert_called_once_with( - build_dir=build_dir, timeout=300) + build_dir=build_dir, uml_rootfs_path=None, timeout=300) self.print_mock.assert_any_call(StrContains('Testing complete.')) def test_config_builddir(self): @@ -329,12 +329,12 @@ class KUnitMainTest(unittest.TestCase): def test_build_builddir(self): build_dir = '.kunit' kunit.main(['build', '--build_dir', build_dir], self.linux_source_mock) - self.linux_source_mock.build_um_kernel.assert_called_once_with(False, 8, build_dir, None) + self.linux_source_mock.build_um_kernel.assert_called_once_with(False, 8, build_dir, None, None) def test_exec_builddir(self): build_dir = '.kunit' kunit.main(['exec', '--build_dir', build_dir], self.linux_source_mock) - self.linux_source_mock.run_kernel.assert_called_once_with(build_dir=build_dir, timeout=300) + self.linux_source_mock.run_kernel.assert_called_once_with(build_dir=build_dir, uml_rootfs_path=None, timeout=300) self.print_mock.assert_any_call(StrContains('Testing complete.')) if __name__ == '__main__': base-commit: 725aca9585956676687c4cb803e88f770b0df2b2 prerequisite-patch-id: 5e5f9a8a05c5680fda1b04c9ab1b95ce91dc88b2 prerequisite-patch-id: 4d997940f4a9f303424af9bac412de1af861f9d9 prerequisite-patch-id: 582b6d9d28ce4b71628890ec832df6522ca68de0 -- 2.26.2

4 years, 9 months

1
0
0 0

[PATCH v2] selftests: net: ip_defrag: modprobe missing nf_defrag_ipv6 support

by Paolo Pisati

Fix ip_defrag.sh when CONFIG_NF_DEFRAG_IPV6=m: $ sudo ./ip_defrag.sh + set -e + mktemp -u XXXXXX + readonly NETNS=ns-rGlXcw + trap cleanup EXIT + setup + ip netns add ns-rGlXcw + ip -netns ns-rGlXcw link set lo up + ip netns exec ns-rGlXcw sysctl -w net.ipv4.ipfrag_high_thresh=9000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv4.ipfrag_low_thresh=7000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv4.ipfrag_time=1 + ip netns exec ns-rGlXcw sysctl -w net.ipv6.ip6frag_high_thresh=9000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv6.ip6frag_low_thresh=7000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv6.ip6frag_time=1 + ip netns exec ns-rGlXcw sysctl -w net.netfilter.nf_conntrack_frag6_high_thresh=9000000 + cleanup + ip netns del ns-rGlXcw $ ls -la /proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh ls: cannot access '/proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh': No such file or directory $ sudo modprobe nf_defrag_ipv6 $ ls -la /proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh -rw-r--r-- 1 root root 0 Jul 14 12:34 /proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh Signed-off-by: Paolo Pisati <paolo.pisati(a)canonical.com> --- tools/testing/selftests/net/ip_defrag.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests/net/ip_defrag.sh b/tools/testing/selftests/net/ip_defrag.sh index 15d3489ecd9c..ceb7ad4dbd94 100755 --- a/tools/testing/selftests/net/ip_defrag.sh +++ b/tools/testing/selftests/net/ip_defrag.sh @@ -6,6 +6,8 @@ set +x set -e +modprobe -q nf_defrag_ipv6 + readonly NETNS="ns-$(mktemp -u XXXXXX)" setup() { -- 2.25.1

4 years, 9 months

3
2
0 0

[RFC 0/3] kunit: add support to use modules

by Vitor Massaru Iha

Currently, KUnit does not allow the use of tests as a module. This prevents the implementation of tests that require userspace. This patchset makes this possible by introducing the use of the root filesystem in KUnit. And it allows the use of tests that can be compiled as a module Vitor Massaru Iha (3): kunit: tool: Add support root filesystem in kunit-tool lib: Allows to borrow mm in userspace on KUnit lib: Convert test_user_copy to KUnit test include/kunit/test.h | 1 + lib/Kconfig.debug | 17 ++ lib/Makefile | 2 +- lib/kunit/try-catch.c | 15 +- lib/{test_user_copy.c => user_copy_kunit.c} | 196 +++++++++----------- tools/testing/kunit/kunit.py | 37 +++- tools/testing/kunit/kunit_kernel.py | 105 +++++++++-- 7 files changed, 238 insertions(+), 135 deletions(-) rename lib/{test_user_copy.c => user_copy_kunit.c} (55%) base-commit: 725aca9585956676687c4cb803e88f770b0df2b2 prerequisite-patch-id: 582b6d9d28ce4b71628890ec832df6522ca68de0 -- 2.26.2

4 years, 9 months

4
16
0 0

[PATCH] selftests: net: ip_defrag: modprobe missing nf_defrag_ipv6 support

by Paolo Pisati

Fix ip_defrag.sh when CONFIG_NF_DEFRAG_IPV6=m: $ sudo ./ip_defrag.sh + set -e + mktemp -u XXXXXX + readonly NETNS=ns-rGlXcw + trap cleanup EXIT + setup + ip netns add ns-rGlXcw + ip -netns ns-rGlXcw link set lo up + ip netns exec ns-rGlXcw sysctl -w net.ipv4.ipfrag_high_thresh=9000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv4.ipfrag_low_thresh=7000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv4.ipfrag_time=1 + ip netns exec ns-rGlXcw sysctl -w net.ipv6.ip6frag_high_thresh=9000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv6.ip6frag_low_thresh=7000000 + ip netns exec ns-rGlXcw sysctl -w net.ipv6.ip6frag_time=1 + ip netns exec ns-rGlXcw sysctl -w net.netfilter.nf_conntrack_frag6_high_thresh=9000000 + cleanup + ip netns del ns-rGlXcw $ ls -la /proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh ls: cannot access '/proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh': No such file or directory $ sudo modprobe nf_defrag_ipv6 $ ls -la /proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh -rw-r--r-- 1 root root 0 Jul 14 12:34 /proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh Signed-off-by: Paolo Pisati <paolo.pisati(a)canonical.com> --- tools/testing/selftests/net/ip_defrag.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests/net/ip_defrag.sh b/tools/testing/selftests/net/ip_defrag.sh index 15d3489ecd9c..6919afe47e0a 100755 --- a/tools/testing/selftests/net/ip_defrag.sh +++ b/tools/testing/selftests/net/ip_defrag.sh @@ -3,6 +3,8 @@ # # Run a couple of IP defragmentation tests. +modprobe -q nf_defrag_ipv6 + set +x set -e -- 2.25.1

4 years, 9 months

2
4
0 0

[PATCH v3 0/3] selftests: powerpc: Fixes and execute-disable test for pkeys

by Sandipan Das

This fixes the way the Authority Mask Register (AMR) is updated by the existing pkey tests and adds a new test to verify the functionality of execute-disabled pkeys. Previous versions can be found at: v2: https://lore.kernel.org/linuxppc-dev/20200527030342.13712-1-sandipan@linux.… v1: https://lore.kernel.org/linuxppc-dev/20200508162332.65316-1-sandipan@linux.… Changes in v3: - Fixed AMR writes for existing pkey tests (new patch). - Moved Hash MMU check under utilities (new patch) and removed duplicate code. - Fixed comments on why the pkey permission bits were redefined. - Switched to existing mfspr() macro for reading AMR. - Switched to sig_atomic_t as data type for variables updated in the signal handlers. - Switched to exit()-ing if the signal handlers come across an unexpected condition instead of trying to reset page and pkey permissions. - Switched to write() from printf() for printing error messages from the signal handlers. - Switched to getpagesize(). - Renamed fault counter to denote remaining faults. - Dropped unnecessary randomization for choosing an address to fault at. - Added additional information on change in permissions due to AMR and IAMR bits in comments. - Switched the first instruction word of the executable region to a trap to test if it is actually overwritten by a no-op later. - Added an new test scenario where the pkey imposes no restrictions and an attempt is made to jump to the executable region again. Changes in v2: - Added .gitignore entry for test binary. - Fixed builds for older distros where siginfo_t might not have si_pkey as a formal member based on discussion with Michael. Sandipan Das (3): selftests: powerpc: Fix pkey access right updates selftests: powerpc: Move Hash MMU check to utilities selftests: powerpc: Add test for execute-disabled pkeys tools/testing/selftests/powerpc/include/reg.h | 6 + .../testing/selftests/powerpc/include/utils.h | 1 + tools/testing/selftests/powerpc/mm/.gitignore | 1 + tools/testing/selftests/powerpc/mm/Makefile | 5 +- .../selftests/powerpc/mm/bad_accesses.c | 28 -- .../selftests/powerpc/mm/pkey_exec_prot.c | 388 ++++++++++++++++++ .../selftests/powerpc/ptrace/core-pkey.c | 2 +- .../selftests/powerpc/ptrace/ptrace-pkey.c | 2 +- tools/testing/selftests/powerpc/utils.c | 28 ++ 9 files changed, 429 insertions(+), 32 deletions(-) create mode 100644 tools/testing/selftests/powerpc/mm/pkey_exec_prot.c -- 2.25.1

4 years, 9 months

2
4
0 0

Re: [PATCH 2/4] KVM: x86: Introduce paravirt feature CR0/CR4 pinning

by Andersen, John

On Thu, Jul 09, 2020 at 09:27:43AM -0700, Andy Lutomirski wrote: > On Thu, Jul 9, 2020 at 9:22 AM Dave Hansen <dave.hansen(a)intel.com> wrote: > > > > On 7/9/20 9:07 AM, Andy Lutomirski wrote: > > > On Thu, Jul 9, 2020 at 8:56 AM Dave Hansen <dave.hansen(a)intel.com> wrote: > > >> On 7/9/20 8:44 AM, Andersen, John wrote: > > >>> Bits which are allowed to be pinned default to WP for CR0 and SMEP, > > >>> SMAP, and UMIP for CR4. > > >> I think it also makes sense to have FSGSBASE in this set. > > >> > > >> I know it hasn't been tested, but I think we should do the legwork to > > >> test it. If not in this set, can we agree that it's a logical next step? > > > I have no objection to pinning FSGSBASE, but is there a clear > > > description of the threat model that this whole series is meant to > > > address? The idea is to provide a degree of protection against an > > > attacker who is able to convince a guest kernel to write something > > > inappropriate to CR4, right? How realistic is this? > > > > If a quick search can find this: > > > > > https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-… > > > > I'd pretty confident that the guys doing actual bad things have it in > > their toolbox too. > > > > True, but we have the existing software CR4 pinning. I suppose the > virtualization version is stronger. > Yes, as Kees said this will be stronger because it stops ROP and other gadget based techniques which avoid the use of native_write_cr0/4(). With regards to what should be done in this patchset and what in other patchsets. I have a fix for kexec thanks to Arvind's note about TRAMPOLINE_32BIT_CODE_SIZE. The physical host boots fine now and the virtual one can kexec fine. What remains to be done on that front is to add some identifying information to the kernel image to declare that it supports paravirtualized control register pinning or not. Liran suggested adding a section to the built image acting as a flag to signify support for being kexec'd by a kernel with pinning enabled. If anyone has any opinions on how they'd like to see this implemented please let me know. Otherwise I'll just take a stab at it and you'll all see it hopefully in the next version. With regards to FSGSBASE, are we open to validating and adding that to the DEFAULT set as a part of a separate patchset? This patchset is focused on replicating the functionality we already have natively. (If anyone got this email twice, sorry I messed up the From: field the first time around)

4 years, 9 months

2
2
0 0

Re: [PATCH 0/3] readfile(2): a new syscall to make open/read/close faster

by Jan Ziak

Hello At first, I thought that the proposed system call is capable of reading *multiple* small files using a single system call - which would help increase HDD/SSD queue utilization and increase IOPS (I/O operations per second) - but that isn't the case and the proposed system call can read just a single file. Without the ability to read multiple small files using a single system call, it is impossible to increase IOPS (unless an application is using multiple reader threads or somehow instructs the kernel to prefetch multiple files into memory). While you are at it, why not also add a readfiles system call to read multiple, presumably small, files? The initial unoptimized implementation of readfiles syscall can simply call readfile sequentially. Sincerely Jan (atomsymbol)

4 years, 9 months

8
26
0 0

[PATCH v2] selftests/livepatch: adopt to newer sysctl error format

by Petr Mladek

With procfs v3.3.16, the sysctl command doesn't print the set key and value on error. This change breaks livepatch selftest test-ftrace.sh, that tests the interaction of sysctl ftrace_enabled: Make it work with all sysctl versions using '-q' option. Explicitly print the final status on success so that it can be verified in the log. The error message is enough on failure. Reported-by: Kamalesh Babulal <kamalesh(a)linux.vnet.ibm.com> Signed-off-by: Petr Mladek <pmladek(a)suse.com> --- The patch has been created against livepatch.git, branch for-5.9/selftests-cleanup. But it applies also against the current Linus' tree. tools/testing/selftests/livepatch/functions.sh | 3 ++- tools/testing/selftests/livepatch/test-ftrace.sh | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/livepatch/functions.sh b/tools/testing/selftests/livepatch/functions.sh index 408529d94ddb..1aba83c87ad3 100644 --- a/tools/testing/selftests/livepatch/functions.sh +++ b/tools/testing/selftests/livepatch/functions.sh @@ -75,7 +75,8 @@ function set_dynamic_debug() { } function set_ftrace_enabled() { - result=$(sysctl kernel.ftrace_enabled="$1" 2>&1 | paste --serial --delimiters=' ') + result=$(sysctl -q kernel.ftrace_enabled="$1" 2>&1 && \ + sysctl kernel.ftrace_enabled 2>&1) echo "livepatch: $result" > /dev/kmsg } diff --git a/tools/testing/selftests/livepatch/test-ftrace.sh b/tools/testing/selftests/livepatch/test-ftrace.sh index 9160c9ec3b6f..552e165512f4 100755 --- a/tools/testing/selftests/livepatch/test-ftrace.sh +++ b/tools/testing/selftests/livepatch/test-ftrace.sh @@ -51,7 +51,7 @@ livepatch: '$MOD_LIVEPATCH': initializing patching transition livepatch: '$MOD_LIVEPATCH': starting patching transition livepatch: '$MOD_LIVEPATCH': completing patching transition livepatch: '$MOD_LIVEPATCH': patching complete -livepatch: sysctl: setting key \"kernel.ftrace_enabled\": Device or resource busy kernel.ftrace_enabled = 0 +livepatch: sysctl: setting key \"kernel.ftrace_enabled\": Device or resource busy % echo 0 > /sys/kernel/livepatch/$MOD_LIVEPATCH/enabled livepatch: '$MOD_LIVEPATCH': initializing unpatching transition livepatch: '$MOD_LIVEPATCH': starting unpatching transition -- 2.26.2

4 years, 9 months

4
4
0 0

[PATCH] selftests: fib_nexthop_multiprefix: fix cleanup() netns deletion

by Paolo Pisati

During setup(): ... for ns in h0 r1 h1 h2 h3 do create_ns ${ns} done ... while in cleanup(): ... for n in h1 r1 h2 h3 h4 do ip netns del ${n} 2>/dev/null done ... and after removing the stderr redirection in cleanup(): $ sudo ./fib_nexthop_multiprefix.sh ... TEST: IPv4: host 0 to host 3, mtu 1400 [ OK ] TEST: IPv6: host 0 to host 3, mtu 1400 [ OK ] Cannot remove namespace file "/run/netns/h4": No such file or directory $ echo $? 1 and a non-zero return code, make kselftests fail (even if the test itself is fine): ... not ok 34 selftests: net: fib_nexthop_multiprefix.sh # exit=1 ... Signed-off-by: Paolo Pisati <paolo.pisati(a)canonical.com> --- tools/testing/selftests/net/fib_nexthop_multiprefix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/fib_nexthop_multiprefix.sh b/tools/testing/selftests/net/fib_nexthop_multiprefix.sh index 9dc35a16e415..51df5e305855 100755 --- a/tools/testing/selftests/net/fib_nexthop_multiprefix.sh +++ b/tools/testing/selftests/net/fib_nexthop_multiprefix.sh @@ -144,7 +144,7 @@ setup() cleanup() { - for n in h1 r1 h2 h3 h4 + for n in h0 r1 h1 h2 h3 do ip netns del ${n} 2>/dev/null done -- 2.25.1

4 years, 9 months

3
2
0 0

[PATCH v1 0/2] kunit: tool: fix kunit_tool unit tests

by Brendan Higgins

Apparently we haven't run the unit tests for kunit_tool in a while and consequently some things have broken. This patchset fixes those issues. Brendan Higgins (2): kunit: tool: fix broken default args in unit tests kunit: tool: fix improper treatment of file location tools/testing/kunit/kunit.py | 24 ------------------------ tools/testing/kunit/kunit_tool_test.py | 14 +++++++------- 2 files changed, 7 insertions(+), 31 deletions(-) base-commit: a581387e415bbb0085e7e67906c8f4a99746590e -- 2.27.0.389.gc38d7665816-goog

4 years, 9 months

1
2
0 0

[RFC PATCH 00/15] PKS: Add Protection Keys Supervisor (PKS) support

by ira.weiny＠intel.com

From: Ira Weiny <ira.weiny(a)intel.com> This RFC series has been reviewed by Dave Hansen. This patch set introduces a new page protection mechanism for supervisor pages, Protection Key Supervisor (PKS) and an initial user of them, persistent memory, PMEM. PKS enables protections on 'domains' of supervisor pages to limit supervisor mode access to those pages beyond the normal paging protections. They work in a similar fashion to user space pkeys. Like User page pkeys (PKU), supervisor pkeys are checked in addition to normal paging protections and Access or Writes can be disabled via a MSR update without TLB flushes when permissions change. A page mapping is assigned to a domain by setting a pkey in the page table entry. Unlike User pkeys no new instructions are added; rather WRMSR/RDMSR are used to update the PKRS register. XSAVE is not supported for the PKRS MSR. To reduce software complexity the implementation saves/restores the MSR across context switches but not during irqs. This is a compromise which results is a hardening of unwanted access without absolute restriction. For consistent behavior with current paging protections, pkey 0 is reserved and configured to allow full access via the pkey mechanism, thus preserving the default paging protections on mappings with the default pkey value of 0. Other keys, (1-15) are allocated by an allocator which prepares us for key contention from day one. Kernel users should be prepared for the allocator to fail either because of key exhaustion or due to PKS not being supported on the arch and/or CPU instance. Protecting against stray writes is particularly important for PMEM because, unlike writes to anonymous memory, writes to PMEM persists across a reboot. Thus data corruption could result in permanent loss of data. The following attributes of PKS makes it perfect as a mechanism to protect PMEM from stray access within the kernel: 1) Fast switching of permissions 2) Prevents access without page table manipulations 3) Works on a per thread basis 4) No TLB flushes required The second half of this series thus uses the PKS mechanism to protect PMEM from stray access. Implementation details ---------------------- Modifications of task struct in patches: (x86/pks: Preserve the PKRS MSR on context switch) (memremap: Add zone device access protection) Because pkey access is per-thread 2 modifications are made to the task struct. The first is a saved copy of the MSR during context switches. The second reference counts access to the device domain to correctly handle kmap nesting properly. Maintain PKS setting in a re-entrant manner in patch: (memremap: Add zone device access protection) Using local_irq_save() seems to be the safest and fastest way to maintain kmap as re-entrant. But there may be a better way. spin_lock_irq() and atomic counters were considered. But atomic counters do not properly protect the pkey update and spin_lock_irq() is unnecessary as the pkey protections are thread local. Suggestions are welcome. The use of kmap in patch: (kmap: Add stray write protection for device pages) To keep general access to PMEM pages general, we piggy back on the kmap() interface as there are many places in the kernel who do not have, nor should be required to have, a priori knowledge that a page is PMEM. The modifications to the kmap code is careful to quickly determine which pages don't require special handling to reduce overhead for non PMEM pages. Breakdown of patches -------------------- Implement PKS within x86 arch: x86/pkeys: Create pkeys_internal.h x86/fpu: Refactor arch_set_user_pkey_access() for PKS support x86/pks: Enable Protection Keys Supervisor (PKS) x86/pks: Preserve the PKRS MSR on context switch x86/pks: Add PKS kernel API x86/pks: Add a debugfs file for allocated PKS keys Documentation/pkeys: Update documentation for kernel pkeys x86/pks: Add PKS Test code pre-req bug fixes for dax: fs/dax: Remove unused size parameter drivers/dax: Expand lock scope to cover the use of addresses Add stray write protection to PMEM: memremap: Add zone device access protection kmap: Add stray write protection for device pages dax: Stray write protection for dax_direct_access() nvdimm/pmem: Stray write protection for pmem->virt_addr [dax|pmem]: Enable stray write protection Fenghua Yu (4): x86/fpu: Refactor arch_set_user_pkey_access() for PKS support x86/pks: Enable Protection Keys Supervisor (PKS) x86/pks: Add PKS kernel API x86/pks: Add a debugfs file for allocated PKS keys Ira Weiny (11): x86/pkeys: Create pkeys_internal.h x86/pks: Preserve the PKRS MSR on context switch Documentation/pkeys: Update documentation for kernel pkeys x86/pks: Add PKS Test code fs/dax: Remove unused size parameter drivers/dax: Expand lock scope to cover the use of addresses memremap: Add zone device access protection kmap: Add stray write protection for device pages dax: Stray write protection for dax_direct_access() nvdimm/pmem: Stray write protection for pmem->virt_addr [dax|pmem]: Enable stray write protection Documentation/core-api/protection-keys.rst | 81 +++- arch/x86/Kconfig | 1 + arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/pgtable.h | 13 +- arch/x86/include/asm/pgtable_types.h | 4 + arch/x86/include/asm/pkeys.h | 43 ++ arch/x86/include/asm/pkeys_internal.h | 35 ++ arch/x86/include/asm/processor.h | 13 + arch/x86/include/uapi/asm/processor-flags.h | 2 + arch/x86/kernel/cpu/common.c | 17 + arch/x86/kernel/fpu/xstate.c | 17 +- arch/x86/kernel/process.c | 35 ++ arch/x86/mm/fault.c | 16 +- arch/x86/mm/pkeys.c | 174 +++++++- drivers/dax/device.c | 2 + drivers/dax/super.c | 5 +- drivers/nvdimm/pmem.c | 6 + fs/dax.c | 13 +- include/linux/highmem.h | 32 +- include/linux/memremap.h | 1 + include/linux/mm.h | 33 ++ include/linux/pkeys.h | 18 + include/linux/sched.h | 3 + init/init_task.c | 3 + kernel/fork.c | 3 + lib/Kconfig.debug | 12 + lib/Makefile | 3 + lib/pks/Makefile | 3 + lib/pks/pks_test.c | 452 ++++++++++++++++++++ mm/Kconfig | 15 + mm/memremap.c | 111 +++++ tools/testing/selftests/x86/Makefile | 3 +- tools/testing/selftests/x86/test_pks.c | 65 +++ 34 files changed, 1175 insertions(+), 61 deletions(-) create mode 100644 arch/x86/include/asm/pkeys_internal.h create mode 100644 lib/pks/Makefile create mode 100644 lib/pks/pks_test.c create mode 100644 tools/testing/selftests/x86/test_pks.c -- 2.25.1

4 years, 9 months

4
29
0 0

[PATCH] selftests/harness: Limit step counter reporting

by Kees Cook

When the selftest "step" counter grew beyond 255, non-fatal warnings were being emitted, which is noisy and pointless. There are selftests with more than 255 steps (especially those in loops, etc). Instead, just cap "steps" to 254 and do not report the saturation. Reported-by: Ralph Campbell <rcampbell(a)nvidia.com> Tested-by: Ralph Campbell <rcampbell(a)nvidia.com> Fixes: 9847d24af95c ("selftests/harness: Refactor XFAIL into SKIP") Signed-off-by: Kees Cook <keescook(a)chromium.org> --- tools/testing/selftests/kselftest_harness.h | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/kselftest_harness.h b/tools/testing/selftests/kselftest_harness.h index 935029d4fb21..4f78e4805633 100644 --- a/tools/testing/selftests/kselftest_harness.h +++ b/tools/testing/selftests/kselftest_harness.h @@ -680,7 +680,8 @@ __bail(_assert, _metadata->no_print, _metadata->step)) #define __INC_STEP(_metadata) \ - if (_metadata->passed && _metadata->step < 255) \ + /* Keep "step" below 255 (which is used for "SKIP" reporting). */ \ + if (_metadata->passed && _metadata->step < 253) \ _metadata->step++; #define is_signed_type(var) (!!(((__typeof__(var))(-1)) < (__typeof__(var))1)) @@ -976,12 +977,6 @@ void __run_test(struct __fixture_metadata *f, t->passed = 0; } else if (t->pid == 0) { t->fn(t, variant); - /* Make sure step doesn't get lost in reporting */ - if (t->step >= 255) { - ksft_print_msg("Too many test steps (%u)!?\n", t->step); - t->step = 254; - } - /* Use 255 for SKIP */ if (t->skip) _exit(255); /* Pass is exit 0 */ -- 2.25.1 -- Kees Cook

4 years, 9 months

1
0
0 0

[PATCH] selftests/livepatch: Use "comm" instead of "diff" for dmesg

by Joe Lawrence

BusyBox diff doesn't support the GNU diff '--LTYPE-line-format' options that were used in the selftests to filter older kernel log messages from dmesg output. Use "comm" which is more available in smaller boot environments. Reported-by: Naresh Kamboju <naresh.kamboju(a)linaro.org> Signed-off-by: Joe Lawrence <joe.lawrence(a)redhat.com> --- based-on: livepatching.git/for-5.9/selftests-cleanup merge-thru: livepatching.git tools/testing/selftests/livepatch/functions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/livepatch/functions.sh b/tools/testing/selftests/livepatch/functions.sh index 36648ca367c2..408529d94ddb 100644 --- a/tools/testing/selftests/livepatch/functions.sh +++ b/tools/testing/selftests/livepatch/functions.sh @@ -277,7 +277,7 @@ function check_result { # help differentiate repeated testing runs. Remove them with a # post-comparison sed filter. - result=$(dmesg | diff --changed-group-format='%>' --unchanged-group-format='' "$SAVED_DMESG" - | \ + result=$(dmesg | comm -13 "$SAVED_DMESG" - | \ grep -e 'livepatch:' -e 'test_klp' | \ grep -v '$tainting\|taints$ kernel' | \ sed 's/^\[[ 0-9.]*\] //') -- 2.21.3

4 years, 9 months

4
3
0 0

Re: [PATCH 2/4] KVM: x86: Introduce paravirt feature CR0/CR4 pinning

by Andersen, John

On Thu, Jul 09, 2020 at 09:27:43AM -0700, Andy Lutomirski wrote: > On Thu, Jul 9, 2020 at 9:22 AM Dave Hansen <dave.hansen(a)intel.com> wrote: > > > > On 7/9/20 9:07 AM, Andy Lutomirski wrote: > > > On Thu, Jul 9, 2020 at 8:56 AM Dave Hansen <dave.hansen(a)intel.com> wrote: > > >> On 7/9/20 8:44 AM, Andersen, John wrote: > > >>> Bits which are allowed to be pinned default to WP for CR0 and SMEP, > > >>> SMAP, and UMIP for CR4. > > >> I think it also makes sense to have FSGSBASE in this set. > > >> > > >> I know it hasn't been tested, but I think we should do the legwork to > > >> test it. If not in this set, can we agree that it's a logical next step? > > > I have no objection to pinning FSGSBASE, but is there a clear > > > description of the threat model that this whole series is meant to > > > address? The idea is to provide a degree of protection against an > > > attacker who is able to convince a guest kernel to write something > > > inappropriate to CR4, right? How realistic is this? > > > > If a quick search can find this: > > > > > https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-… > > > > I'd pretty confident that the guys doing actual bad things have it in > > their toolbox too. > > > > True, but we have the existing software CR4 pinning. I suppose the > virtualization version is stronger. > Yes, as Kees said this will be stronger because it stops ROP and other gadget based techniques which avoid the use of native_write_cr0/4(). With regards to what should be done in this patchset and what in other patchsets. I have a fix for kexec thanks to Arvind's note about TRAMPOLINE_32BIT_CODE_SIZE. The physical host boots fine now and the virtual one can kexec fine. What remains to be done on that front is to add some identifying information to the kernel image to declare that it supports paravirtualized control register pinning or not. Liran suggested adding a section to the built image acting as a flag to signify support for being kexec'd by a kernel with pinning enabled. If anyone has any opinions on how they'd like to see this implemented please let me know. Otherwise I'll just take a stab at it and you'll all see it hopefully in the next version. With regards to FSGSBASE, are we open to validating and adding that to the DEFAULT set as a part of a separate patchset? This patchset is focused on replicating the functionality we already have natively.

4 years, 9 months

1
0
0 0

[PATCH v2 0/8] selftests/harness: Switch to TAP output

by Kees Cook

Hi, v2: - switch harness from XFAIL to SKIP - pass skip reason from test into TAP output - add acks/reviews v1: https://lore.kernel.org/lkml/20200611224028.3275174-1-keescook@chromium.org/ I finally got around to converting the kselftest_harness.h API to actually use the kselftest.h API so all the tools using it can actually report TAP correctly. As part of this, there are a bunch of related cleanups, API updates, and additions. Thanks! -Kees Kees Cook (8): selftests/clone3: Reorder reporting output selftests: Remove unneeded selftest API headers selftests/binderfs: Fix harness API usage selftests: Add header documentation and helpers selftests/harness: Switch to TAP output selftests/harness: Refactor XFAIL into SKIP selftests/harness: Display signed values correctly selftests/harness: Report skip reason tools/testing/selftests/clone3/clone3.c | 2 +- .../selftests/clone3/clone3_clear_sighand.c | 3 +- .../testing/selftests/clone3/clone3_set_tid.c | 2 +- .../filesystems/binderfs/binderfs_test.c | 284 +++++++++--------- tools/testing/selftests/kselftest.h | 78 ++++- tools/testing/selftests/kselftest_harness.h | 169 ++++++++--- .../pid_namespace/regression_enomem.c | 1 - .../selftests/pidfd/pidfd_getfd_test.c | 1 - .../selftests/pidfd/pidfd_setns_test.c | 1 - tools/testing/selftests/seccomp/seccomp_bpf.c | 8 +- .../selftests/uevent/uevent_filtering.c | 1 - 11 files changed, 356 insertions(+), 194 deletions(-) -- 2.25.1

4 years, 9 months

3
14
0 0

[PATCH v3 0/2] Syscall user redirection

by Gabriel Krisman Bertazi

Hi, This is the v3 of the syscall user redirection patch, applying the suggestions from Matthew and Kees. In particular, it modifies the ABI to allow passing a range of allowed addresses and introduces kselftests for the feature. RFC/v1: https://lkml.org/lkml/2020/7/8/96 v2: https://lkml.org/lkml/2020/7/9/17 Gabriel Krisman Bertazi (2): kernel: Implement selective syscall userspace redirection selftests: Add kselftest for syscall user dispatch arch/Kconfig | 20 ++ arch/x86/Kconfig | 1 + arch/x86/entry/common.c | 5 + arch/x86/include/asm/thread_info.h | 4 +- arch/x86/kernel/signal_compat.c | 2 +- fs/exec.c | 2 + include/linux/sched.h | 3 + include/linux/syscall_user_dispatch.h | 50 ++++ include/uapi/asm-generic/siginfo.h | 3 +- include/uapi/linux/prctl.h | 5 + kernel/Makefile | 1 + kernel/fork.c | 1 + kernel/sys.c | 5 + kernel/syscall_user_dispatch.c | 92 +++++++ tools/testing/selftests/Makefile | 1 + .../syscall_user_dispatch/.gitignore | 1 + .../selftests/syscall_user_dispatch/Makefile | 5 + .../selftests/syscall_user_dispatch/config | 1 + .../syscall_user_dispatch.c | 259 ++++++++++++++++++ 19 files changed, 458 insertions(+), 3 deletions(-) create mode 100644 include/linux/syscall_user_dispatch.h create mode 100644 kernel/syscall_user_dispatch.c create mode 100644 tools/testing/selftests/syscall_user_dispatch/.gitignore create mode 100644 tools/testing/selftests/syscall_user_dispatch/Makefile create mode 100644 tools/testing/selftests/syscall_user_dispatch/config create mode 100644 tools/testing/selftests/syscall_user_dispatch/syscall_user_dispatch.c -- 2.27.0

4 years, 9 months

2
4
0 0

[PATCH] selftests: Replace HTTP links with HTTPS ones

by Alexander A. Klimov

Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster(a)al2klimov.de> --- Continuing my work started at 93431e0607e5. See also: git log --oneline '--author=Alexander A. Klimov <grandmaster(a)al2klimov.de>' v5.7..master (Actually letting a shell for loop submit all this stuff for me.) If there are any URLs to be removed completely or at least not just HTTPSified: Just clearly say so and I'll *undo my change*. See also: https://lkml.org/lkml/2020/6/27/64 If there are any valid, but yet not changed URLs: See: https://lkml.org/lkml/2020/6/26/837 If you apply the patch, please let me know. Sorry again to all maintainers who complained about subject lines. Now I realized that you want an actually perfect prefixes, not just subsystem ones. I tried my best... And yes, *I could* (at least half-)automate it. Impossible is nothing! :) tools/testing/selftests/futex/include/atomic.h | 2 +- tools/testing/selftests/futex/include/futextest.h | 2 +- tools/testing/selftests/powerpc/ptrace/perf-hwbreak.c | 2 +- tools/testing/selftests/vDSO/parse_vdso.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/futex/include/atomic.h b/tools/testing/selftests/futex/include/atomic.h index 428bcd921bb5..23703ecfcd68 100644 --- a/tools/testing/selftests/futex/include/atomic.h +++ b/tools/testing/selftests/futex/include/atomic.h @@ -5,7 +5,7 @@ * * DESCRIPTION * GCC atomic builtin wrappers - * http://gcc.gnu.org/onlinedocs/gcc-4.1.0/gcc/Atomic-Builtins.html + * https://gcc.gnu.org/onlinedocs/gcc-4.1.0/gcc/Atomic-Builtins.html * * AUTHOR * Darren Hart <dvhart(a)linux.intel.com> diff --git a/tools/testing/selftests/futex/include/futextest.h b/tools/testing/selftests/futex/include/futextest.h index ddbcfc9b7bac..2a210c482f7b 100644 --- a/tools/testing/selftests/futex/include/futextest.h +++ b/tools/testing/selftests/futex/include/futextest.h @@ -211,7 +211,7 @@ futex_cmp_requeue_pi(futex_t *uaddr, futex_t val, futex_t *uaddr2, int nr_wake, * @newval: The new value to try and assign the futex * * Implement cmpxchg using gcc atomic builtins. - * http://gcc.gnu.org/onlinedocs/gcc-4.1.0/gcc/Atomic-Builtins.html + * https://gcc.gnu.org/onlinedocs/gcc-4.1.0/gcc/Atomic-Builtins.html * * Return the old futex value. */ diff --git a/tools/testing/selftests/powerpc/ptrace/perf-hwbreak.c b/tools/testing/selftests/powerpc/ptrace/perf-hwbreak.c index c1f324afdbf3..946c52e1f327 100644 --- a/tools/testing/selftests/powerpc/ptrace/perf-hwbreak.c +++ b/tools/testing/selftests/powerpc/ptrace/perf-hwbreak.c @@ -12,7 +12,7 @@ * times. Then check the output count from perf is as expected. * * Based on: - * http://ozlabs.org/~anton/junkcode/perf_events_example1.c + * https://ozlabs.org/~anton/junkcode/perf_events_example1.c * * Copyright (C) 2018 Michael Neuling, IBM Corporation. */ diff --git a/tools/testing/selftests/vDSO/parse_vdso.c b/tools/testing/selftests/vDSO/parse_vdso.c index 413f75620a35..3413fc00c835 100644 --- a/tools/testing/selftests/vDSO/parse_vdso.c +++ b/tools/testing/selftests/vDSO/parse_vdso.c @@ -5,7 +5,7 @@ * This code is meant to be linked in to various programs that run on Linux. * As such, it is available with as few restrictions as possible. This file * is licensed under the Creative Commons Zero License, version 1.0, - * available at http://creativecommons.org/publicdomain/zero/1.0/legalcode + * available at https://creativecommons.org/publicdomain/zero/1.0/legalcode * * The vDSO is a regular ELF DSO that the kernel maps into user space when * it starts a program. It works equally well in statically and dynamically -- 2.27.0

4 years, 9 months

1
0
0 0

[PATCH] rcutorture: Replace HTTP links with HTTPS ones

by Alexander A. Klimov

Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster(a)al2klimov.de> --- Continuing my work started at 93431e0607e5. See also: git log --oneline '--author=Alexander A. Klimov <grandmaster(a)al2klimov.de>' v5.7..master (Actually letting a shell for loop submit all this stuff for me.) If there are any URLs to be removed completely or at least not just HTTPSified: Just clearly say so and I'll *undo my change*. See also: https://lkml.org/lkml/2020/6/27/64 If there are any valid, but yet not changed URLs: See: https://lkml.org/lkml/2020/6/26/837 If you apply the patch, please let me know. Sorry again to all maintainers who complained about subject lines. Now I realized that you want an actually perfect prefixes, not just subsystem ones. I tried my best... And yes, *I could* (at least half-)automate it. Impossible is nothing! :) tools/testing/selftests/rcutorture/doc/rcu-test-image.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/rcutorture/doc/rcu-test-image.txt b/tools/testing/selftests/rcutorture/doc/rcu-test-image.txt index 449cf579d6f9..cc280ba157a3 100644 --- a/tools/testing/selftests/rcutorture/doc/rcu-test-image.txt +++ b/tools/testing/selftests/rcutorture/doc/rcu-test-image.txt @@ -36,7 +36,7 @@ References: https://help.ubuntu.com/community/JeOSVMBuilder http://wiki.libvirt.org/page/UbuntuKVMWalkthrough http://www.moe.co.uk/2011/01/07/pci_add_option_rom-failed-to-find-romfile-p… -- "apt-get install kvm-pxe" - http://www.landley.net/writing/rootfs-howto.html - http://en.wikipedia.org/wiki/Initrd - http://en.wikipedia.org/wiki/Cpio + https://www.landley.net/writing/rootfs-howto.html + https://en.wikipedia.org/wiki/Initrd + https://en.wikipedia.org/wiki/Cpio http://wiki.libvirt.org/page/UbuntuKVMWalkthrough -- 2.27.0

4 years, 9 months

1
0
0 0

[PATCH] selftests/livepatch: adopt to newer sysctl error format

by Kamalesh Babulal

With procfs v3.3.16, the sysctl command doesn't prints the set key and value on error. This change breaks livepatch selftest test-ftrace.sh, that tests the interaction of sysctl ftrace_enabled: # selftests: livepatch: test-ftrace.sh # TEST: livepatch interaction with ftrace_enabled sysctl ... not ok # # --- expected # +++ result # @@ -16,7 +16,7 @@ livepatch: 'test_klp_livepatch': initial # livepatch: 'test_klp_livepatch': starting patching transition # livepatch: 'test_klp_livepatch': completing patching transition # livepatch: 'test_klp_livepatch': patching complete # -livepatch: sysctl: setting key "kernel.ftrace_enabled": Device or resource busy kernel.ftrace_enabled = 0 # +livepatch: sysctl: setting key "kernel.ftrace_enabled": Device or resource busy # % echo 0 > /sys/kernel/livepatch/test_klp_livepatch/enabled # livepatch: 'test_klp_livepatch': initializing unpatching transition # livepatch: 'test_klp_livepatch': starting unpatching transition # # ERROR: livepatch kselftest(s) failed on setting sysctl kernel.ftrace_enabled={0,1} value successfully, the set key and value is displayed. This patch fixes it by limiting the output from both the cases to eight words, that includes the error message or set key and value on failure and success. The upper bound of eight words is enough to display the only tracked error message. Also, adjust the check_result string in test-ftrace.sh to match the expected output. With the patch, the test-ftrace.sh passes on v3.3.15, v3.3.16 versions of sysctl: ... # selftests: livepatch: test-ftrace.sh # TEST: livepatch interaction with ftrace_enabled sysctl ... ok ok 5 selftests: livepatch: test-ftrace.sh Signed-off-by: Kamalesh Babulal <kamalesh(a)linux.vnet.ibm.com> --- Based on livepatching/for-5.9/selftests-cleanup, to be merged through livepatching.git tools/testing/selftests/livepatch/functions.sh | 3 ++- tools/testing/selftests/livepatch/test-ftrace.sh | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/livepatch/functions.sh b/tools/testing/selftests/livepatch/functions.sh index 36648ca367c2..e3c0490d5a45 100644 --- a/tools/testing/selftests/livepatch/functions.sh +++ b/tools/testing/selftests/livepatch/functions.sh @@ -75,7 +75,8 @@ function set_dynamic_debug() { } function set_ftrace_enabled() { - result=$(sysctl kernel.ftrace_enabled="$1" 2>&1 | paste --serial --delimiters=' ') + result=$(sysctl kernel.ftrace_enabled="$1" 2>&1 | paste --serial --delimiters=' ' | \ + cut -d" " -f1-8) echo "livepatch: $result" > /dev/kmsg } diff --git a/tools/testing/selftests/livepatch/test-ftrace.sh b/tools/testing/selftests/livepatch/test-ftrace.sh index 9160c9ec3b6f..552e165512f4 100755 --- a/tools/testing/selftests/livepatch/test-ftrace.sh +++ b/tools/testing/selftests/livepatch/test-ftrace.sh @@ -51,7 +51,7 @@ livepatch: '$MOD_LIVEPATCH': initializing patching transition livepatch: '$MOD_LIVEPATCH': starting patching transition livepatch: '$MOD_LIVEPATCH': completing patching transition livepatch: '$MOD_LIVEPATCH': patching complete -livepatch: sysctl: setting key \"kernel.ftrace_enabled\": Device or resource busy kernel.ftrace_enabled = 0 +livepatch: sysctl: setting key \"kernel.ftrace_enabled\": Device or resource busy % echo 0 > /sys/kernel/livepatch/$MOD_LIVEPATCH/enabled livepatch: '$MOD_LIVEPATCH': initializing unpatching transition livepatch: '$MOD_LIVEPATCH': starting unpatching transition base-commit: 3fd9bd8b7e41a1908bf8bc0cd06606f2b787cd39 -- 2.26.2

4 years, 9 months

3
3
0 0

[PATCH for-next/seccomp v2 0/2] selftests/seccomp: SKIP tests requiring root

by Kees Cook

v2: - check for CONFIG_USER_NS - add review - fix Cc list v1: https://lore.kernel.org/lkml/20200710185156.2437687-1-keescook@chromium.org Hi, This fixes the seccomp selftests to pass (with SKIPs) for regular users. I intend to put this in my for-next/seccomp tree (to avoid further conflicts with the kselftest tree). (and for those following along, this is effectively based on the -next tree) -Kees Kees Cook (2): selftests/seccomp: Add SKIPs for failed unshare() selftests/seccomp: Set NNP for TSYNC ESRCH flag test tools/testing/selftests/seccomp/config | 1 + tools/testing/selftests/seccomp/seccomp_bpf.c | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) -- 2.25.1

4 years, 9 months

3
5
0 0

[PATCH bpf] selftests/bpf: Fix cgroup sockopt verifier test

by Jean-Philippe Brucker

Since the BPF_PROG_TYPE_CGROUP_SOCKOPT verifier test does not set an attach type, bpf_prog_load_check_attach() disallows loading the program and the test is always skipped: #434/p perfevent for cgroup sockopt SKIP (unsupported program type 25) Fix the issue by setting a valid attach type. Fixes: 0456ea170cd6 ("bpf: Enable more helpers for BPF_PROG_TYPE_CGROUP_{DEVICE,SYSCTL,SOCKOPT}") Signed-off-by: Jean-Philippe Brucker <jean-philippe(a)linaro.org> --- tools/testing/selftests/bpf/verifier/event_output.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/bpf/verifier/event_output.c b/tools/testing/selftests/bpf/verifier/event_output.c index 99f8f582c02b..c5e805980409 100644 --- a/tools/testing/selftests/bpf/verifier/event_output.c +++ b/tools/testing/selftests/bpf/verifier/event_output.c @@ -112,6 +112,7 @@ "perfevent for cgroup sockopt", .insns = { __PERF_EVENT_INSNS__ }, .prog_type = BPF_PROG_TYPE_CGROUP_SOCKOPT, + .expected_attach_type = BPF_CGROUP_SETSOCKOPT, .fixup_map_event_output = { 4 }, .result = ACCEPT, .retval = 1, -- 2.27.0

4 years, 9 months

3
2
0 0

[GIT PULL] Kselftest fixes update for Linux 5.8-rc5

by Shuah Khan

Hi Linus, Please pull the following Kselftest fixes update for Linux 5.8-rc5. This Kselftest fixes update for Linux 5.8-rc5 consists of tmp2 test changes to run on python3 and kselftest framework fix to incorrect return type. diff is attached. thanks, -- Shuah ---------------------------------------------------------------- The following changes since commit 377ff83083c953dd58c5a030b3c9b5b85d8cc727: selftests: tpm: Use /bin/sh instead of /bin/bash (2020-06-29 14:19:38 -0600) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-fixes-5.8-rc5 for you to fetch changes up to 3c01655ac82eb6d1cc2cfe9507031f1b5e0a6df1: kselftest: ksft_test_num return type should be unsigned (2020-07-06 15:07:47 -0600) ---------------------------------------------------------------- linux-kselftest-fixes-5.8-rc5 This Kselftest fixes update for Linux 5.8-rc5 consists of tmp2 test changes to run on python3 and kselftest framework fix to incorrect return type. ---------------------------------------------------------------- Paolo Bonzini (1): kselftest: ksft_test_num return type should be unsigned Pengfei Xu (1): selftests: tpm: upgrade TPM2 tests from Python 2 to Python 3 tools/testing/selftests/kselftest.h | 2 +- tools/testing/selftests/tpm2/test_smoke.sh | 4 +-- tools/testing/selftests/tpm2/test_space.sh | 2 +- tools/testing/selftests/tpm2/tpm2.py | 56 ++++++++++++++++-------------- tools/testing/selftests/tpm2/tpm2_tests.py | 39 +++++++++++---------- 5 files changed, 53 insertions(+), 50 deletions(-) ----------------------------------------------------------------

4 years, 9 months

2
1
0 0

[PATCH 0/5] mm/migrate: avoid device private invalidations

by Ralph Campbell

The goal for this series is to avoid device private memory TLB invalidations when migrating a range of addresses from system memory to device private memory and some of those pages have already been migrated. The approach taken is to introduce a new mmu notifier invalidation event type and use that in the device driver to skip invalidation callbacks from migrate_vma_setup(). The device driver is also then expected to handle device MMU invalidations as part of the migrate_vma_setup(), migrate_vma_pages(), migrate_vma_finalize() process. Note that this is opt-in. A device driver can simply invalidate its MMU in the mmu notifier callback and not handle MMU invalidations in the migration sequence. This series is based on linux-5.8.0-rc4 and the patches I sent for ("mm/hmm/nouveau: add PMD system memory mapping") https://lore.kernel.org/linux-mm/20200701225352.9649-1-rcampbell@nvidia.com There are no logical dependencies, but there would be merge conflicts which could be resolved if this were to be applied before the other series. Also, this replaces the need for the following two patches I sent: ("mm: fix migrate_vma_setup() src_owner and normal pages") https://lore.kernel.org/linux-mm/20200622222008.9971-1-rcampbell@nvidia.com ("nouveau: fix mixed normal and device private page migration") https://lore.kernel.org/lkml/20200622233854.10889-3-rcampbell@nvidia.com Ralph Campbell (5): nouveau: fix storing invalid ptes mm/migrate: add a direction parameter to migrate_vma mm/notifier: add migration invalidation type nouveau/svm: use the new migration invalidation mm/hmm/test: use the new migration invalidation arch/powerpc/kvm/book3s_hv_uvmem.c | 2 ++ drivers/gpu/drm/nouveau/nouveau_dmem.c | 13 ++++++-- drivers/gpu/drm/nouveau/nouveau_svm.c | 10 +++++- drivers/gpu/drm/nouveau/nouveau_svm.h | 1 + .../drm/nouveau/nvkm/subdev/mmu/vmmgp100.c | 13 +++++--- include/linux/migrate.h | 12 +++++-- include/linux/mmu_notifier.h | 7 ++++ lib/test_hmm.c | 33 +++++++++++-------- mm/migrate.c | 13 ++++++-- 9 files changed, 77 insertions(+), 27 deletions(-) -- 2.20.1

4 years, 9 months

3
9
0 0

[PATCH v3 0/5] mm/hmm/nouveau: add PMD system memory mapping

by Ralph Campbell

The goal for this series is to introduce the hmm_pfn_to_map_order() function. This allows a device driver to know that a given 4K PFN is actually mapped by the CPU using a larger sized CPU page table entry and therefore the device driver can safely map system memory using larger device MMU PTEs. The series is based on 5.8.0-rc3 and is intended for Jason Gunthorpe's hmm tree. These were originally part of a larger series: https://lore.kernel.org/linux-mm/20200619215649.32297-1-rcampbell@nvidia.co… Changes in v3: Replaced the HMM_PFN_P[MU]D flags with hmm_pfn_to_map_order() to indicate the size of the CPU mapping. Changes in v2: Make the hmm_range_fault() API changes into a separate series and add two output flags for PMD/PUD instead of a single compund page flag as suggested by Jason Gunthorpe. Make the nouveau page table changes a separate patch as suggested by Ben Skeggs. Only add support for 2MB nouveau mappings initially since changing the 1:1 CPU/GPU page table size assumptions requires a bigger set of changes. Rebase to 5.8.0-rc3. Ralph Campbell (5): nouveau/hmm: fault one page at a time mm/hmm: add hmm_mapping order nouveau: fix mapping 2MB sysmem pages nouveau/hmm: support mapping large sysmem pages hmm: add tests for HMM_PFN_PMD flag drivers/gpu/drm/nouveau/nouveau_svm.c | 236 ++++++++---------- drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 5 +- .../drm/nouveau/nvkm/subdev/mmu/vmmgp100.c | 82 ++++++ include/linux/hmm.h | 24 +- lib/test_hmm.c | 4 + lib/test_hmm_uapi.h | 4 + mm/hmm.c | 14 +- tools/testing/selftests/vm/hmm-tests.c | 76 ++++++ 8 files changed, 299 insertions(+), 146 deletions(-) -- 2.20.1

4 years, 9 months

3
8
0 0

[PATCH v2 0/2] mm/migrate: optimize migrate_vma_setup() for holes

by Ralph Campbell

A simple optimization for migrate_vma_*() when the source vma is not an anonymous vma and a new test case to exercise it. This is based on linux-mm and is for Andrew Morton's tree. Changes in v2: Do the same check for vma_is_anonymous() for pte_none(). Don't increment cpages if the page isn't migrating. Ralph Campbell (2): mm/migrate: optimize migrate_vma_setup() for holes mm/migrate: add migrate-shared test for migrate_vma_*() mm/migrate.c | 16 ++++++++++-- tools/testing/selftests/vm/hmm-tests.c | 35 ++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 2 deletions(-) -- 2.20.1

4 years, 9 months

1
2
0 0

[PATCH 0/2] mm/migrate: optimize migrate_vma_setup() for holes

by Ralph Campbell

A simple optimization for migrate_vma_*() when the source vma is not an anonymous vma and a new test case to exercise it. This is based on linux-mm and is for Andrew Morton's tree. Ralph Campbell (2): mm/migrate: optimize migrate_vma_setup() for holes mm/migrate: add migrate-shared test for migrate_vma_*() mm/migrate.c | 6 ++++- tools/testing/selftests/vm/hmm-tests.c | 35 ++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 1 deletion(-) -- 2.20.1

4 years, 9 months

2
4
0 0

[PATCH for-next/seccomp 0/3] Check ENOSYS under tracing

by Kees Cook

Hi, This expands the seccomp selftest to poke a architectural behavior corner that Keno Fischer noticed[1]. In the process, I took the opportunity to do the kselftest harness variant refactoring I'd been meaning to do, which made adding this test much nicer. I'd prefer this went via the seccomp tree, as it builds on top of the other recent seccomp feature addition tests. Testing and reviews are welcome! :) Thanks, -Kees [1] https://lore.kernel.org/lkml/CABV8kRxA9mXPZwtYrjbAfOfFewhABHddipccgk-LQJO+Z… Kees Cook (3): selftests/harness: Clean up kern-doc for fixtures selftests/seccomp: Refactor to use fixture variants selftests/seccomp: Check ENOSYS under tracing tools/testing/selftests/kselftest_harness.h | 15 +- tools/testing/selftests/seccomp/seccomp_bpf.c | 217 ++++++------------ 2 files changed, 72 insertions(+), 160 deletions(-) -- 2.25.1

4 years, 9 months

3
8
0 0

[PATCH v19 00/12] Landlock LSM

by Mickaël Salaün

Hi, This new patch series is a light update of the previous one, with some minor fixes and cosmetic changes. All reviews have been taken into account. The SLOC count is 1299 for security/landlock/ and 1752 for tools/testing/selftest/landlock/ . Test coverage for security/landlock/ is 93.6% of lines. The code not covered only deals with internal kernel errors (e.g. memory allocation) and race conditions. The compiled documentation is available here: https://landlock.io/linux-doc/landlock-v19/security/landlock/index.html This series can be applied on top of v5.8-rc4 . This can be tested with CONFIG_SECURITY_LANDLOCK and CONFIG_SAMPLE_LANDLOCK. This patch series can be found in a Git repository here: https://github.com/landlock-lsm/linux/commits/landlock-v19 I would really appreciate constructive comments on this patch series. # Landlock LSM The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM [1], it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user-space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves. Landlock is inspired by seccomp-bpf but instead of filtering syscalls and their raw arguments, a Landlock rule can restrict the use of kernel objects like file hierarchies, according to the kernel semantic. Landlock also takes inspiration from other OS sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD Pledge/Unveil. In this current form, Landlock misses some access-control features. This enables to minimize this patch series and ease review. This series still addresses multiple use cases, especially with the combined use of seccomp-bpf: applications with built-in sandboxing, init systems, security sandbox tools and security-oriented APIs [2]. Previous version: https://lore.kernel.org/lkml/20200526205322.23465-1-mic@digikod.net/ [1] https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler… [2] https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.n… Casey Schaufler (1): LSM: Infrastructure management of the superblock Mickaël Salaün (11): landlock: Add object management landlock: Add ruleset and domain management landlock: Set up the security framework and manage credentials landlock: Add ptrace restrictions fs,security: Add sb_delete hook landlock: Support filesystem access-control landlock: Add syscall implementation arch: Wire up landlock() syscall selftests/landlock: Add initial tests samples/landlock: Add a sandbox manager example landlock: Add user and kernel documentation Documentation/security/index.rst | 1 + Documentation/security/landlock/index.rst | 18 + Documentation/security/landlock/kernel.rst | 69 + Documentation/security/landlock/user.rst | 268 +++ MAINTAINERS | 11 + arch/Kconfig | 7 + arch/alpha/kernel/syscalls/syscall.tbl | 1 + arch/arm/tools/syscall.tbl | 1 + arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 2 + arch/ia64/kernel/syscalls/syscall.tbl | 1 + arch/m68k/kernel/syscalls/syscall.tbl | 1 + arch/microblaze/kernel/syscalls/syscall.tbl | 1 + arch/mips/kernel/syscalls/syscall_n32.tbl | 1 + arch/mips/kernel/syscalls/syscall_n64.tbl | 1 + arch/mips/kernel/syscalls/syscall_o32.tbl | 1 + arch/parisc/kernel/syscalls/syscall.tbl | 1 + arch/powerpc/kernel/syscalls/syscall.tbl | 1 + arch/s390/kernel/syscalls/syscall.tbl | 1 + arch/sh/kernel/syscalls/syscall.tbl | 1 + arch/sparc/kernel/syscalls/syscall.tbl | 1 + arch/um/Kconfig | 1 + arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + arch/xtensa/kernel/syscalls/syscall.tbl | 1 + fs/super.c | 1 + include/linux/lsm_hook_defs.h | 1 + include/linux/lsm_hooks.h | 3 + include/linux/security.h | 4 + include/linux/syscalls.h | 3 + include/uapi/asm-generic/unistd.h | 4 +- include/uapi/linux/landlock.h | 302 +++ kernel/sys_ni.c | 3 + samples/Kconfig | 7 + samples/Makefile | 1 + samples/landlock/.gitignore | 1 + samples/landlock/Makefile | 15 + samples/landlock/sandboxer.c | 228 +++ security/Kconfig | 11 +- security/Makefile | 2 + security/landlock/Kconfig | 18 + security/landlock/Makefile | 4 + security/landlock/common.h | 20 + security/landlock/cred.c | 46 + security/landlock/cred.h | 58 + security/landlock/fs.c | 609 ++++++ security/landlock/fs.h | 60 + security/landlock/object.c | 66 + security/landlock/object.h | 91 + security/landlock/ptrace.c | 120 ++ security/landlock/ptrace.h | 14 + security/landlock/ruleset.c | 342 ++++ security/landlock/ruleset.h | 157 ++ security/landlock/setup.c | 40 + security/landlock/setup.h | 18 + security/landlock/syscall.c | 526 +++++ security/security.c | 51 +- security/selinux/hooks.c | 58 +- security/selinux/include/objsec.h | 6 + security/selinux/ss/services.c | 3 +- security/smack/smack.h | 6 + security/smack/smack_lsm.c | 35 +- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/landlock/.gitignore | 2 + tools/testing/selftests/landlock/Makefile | 29 + tools/testing/selftests/landlock/base_test.c | 163 ++ tools/testing/selftests/landlock/common.h | 93 + tools/testing/selftests/landlock/config | 5 + tools/testing/selftests/landlock/fs_test.c | 1740 +++++++++++++++++ .../testing/selftests/landlock/ptrace_test.c | 321 +++ tools/testing/selftests/landlock/true.c | 5 + 71 files changed, 5611 insertions(+), 77 deletions(-) create mode 100644 Documentation/security/landlock/index.rst create mode 100644 Documentation/security/landlock/kernel.rst create mode 100644 Documentation/security/landlock/user.rst create mode 100644 include/uapi/linux/landlock.h create mode 100644 samples/landlock/.gitignore create mode 100644 samples/landlock/Makefile create mode 100644 samples/landlock/sandboxer.c create mode 100644 security/landlock/Kconfig create mode 100644 security/landlock/Makefile create mode 100644 security/landlock/common.h create mode 100644 security/landlock/cred.c create mode 100644 security/landlock/cred.h create mode 100644 security/landlock/fs.c create mode 100644 security/landlock/fs.h create mode 100644 security/landlock/object.c create mode 100644 security/landlock/object.h create mode 100644 security/landlock/ptrace.c create mode 100644 security/landlock/ptrace.h create mode 100644 security/landlock/ruleset.c create mode 100644 security/landlock/ruleset.h create mode 100644 security/landlock/setup.c create mode 100644 security/landlock/setup.h create mode 100644 security/landlock/syscall.c create mode 100644 tools/testing/selftests/landlock/.gitignore create mode 100644 tools/testing/selftests/landlock/Makefile create mode 100644 tools/testing/selftests/landlock/base_test.c create mode 100644 tools/testing/selftests/landlock/common.h create mode 100644 tools/testing/selftests/landlock/config create mode 100644 tools/testing/selftests/landlock/fs_test.c create mode 100644 tools/testing/selftests/landlock/ptrace_test.c create mode 100644 tools/testing/selftests/landlock/true.c -- 2.27.0

4 years, 9 months

4
26
0 0

Re: [PATCH 2/4] KVM: x86: Introduce paravirt feature CR0/CR4 pinning

by Dave Hansen

On 7/9/20 9:07 AM, Andy Lutomirski wrote: > On Thu, Jul 9, 2020 at 8:56 AM Dave Hansen <dave.hansen(a)intel.com> wrote: >> On 7/9/20 8:44 AM, Andersen, John wrote: >>> Bits which are allowed to be pinned default to WP for CR0 and SMEP, >>> SMAP, and UMIP for CR4. >> I think it also makes sense to have FSGSBASE in this set. >> >> I know it hasn't been tested, but I think we should do the legwork to >> test it. If not in this set, can we agree that it's a logical next step? > I have no objection to pinning FSGSBASE, but is there a clear > description of the threat model that this whole series is meant to > address? The idea is to provide a degree of protection against an > attacker who is able to convince a guest kernel to write something > inappropriate to CR4, right? How realistic is this? If a quick search can find this: > https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-… I'd pretty confident that the guys doing actual bad things have it in their toolbox too.

4 years, 9 months

2
1
0 0

[PATCH bpf] selftests: bpf: fix detach from sockmap tests

by Lorenz Bauer

Fix sockmap tests which rely on old bpf_prog_dispatch behaviour. In the first case, the tests check that detaching without giving a program succeeds. Since these are not the desired semantics, invert the condition. In the second case, the clean up code doesn't supply the necessary program fds. Reported-by: Martin KaFai Lau <kafai(a)fb.com> Signed-off-by: Lorenz Bauer <lmb(a)cloudflare.com> Fixes: bb0de3131f4c ("bpf: sockmap: Require attach_bpf_fd when detaching a program") --- tools/testing/selftests/bpf/test_maps.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/bpf/test_maps.c b/tools/testing/selftests/bpf/test_maps.c index 6a12a0e01e07..754cf611723e 100644 --- a/tools/testing/selftests/bpf/test_maps.c +++ b/tools/testing/selftests/bpf/test_maps.c @@ -789,19 +789,19 @@ static void test_sockmap(unsigned int tasks, void *data) } err = bpf_prog_detach(fd, BPF_SK_SKB_STREAM_PARSER); - if (err) { + if (!err) { printf("Failed empty parser prog detach\n"); goto out_sockmap; } err = bpf_prog_detach(fd, BPF_SK_SKB_STREAM_VERDICT); - if (err) { + if (!err) { printf("Failed empty verdict prog detach\n"); goto out_sockmap; } err = bpf_prog_detach(fd, BPF_SK_MSG_VERDICT); - if (err) { + if (!err) { printf("Failed empty msg verdict prog detach\n"); goto out_sockmap; } @@ -1090,19 +1090,19 @@ static void test_sockmap(unsigned int tasks, void *data) assert(status == 0); } - err = bpf_prog_detach(map_fd_rx, __MAX_BPF_ATTACH_TYPE); + err = bpf_prog_detach2(parse_prog, map_fd_rx, __MAX_BPF_ATTACH_TYPE); if (!err) { printf("Detached an invalid prog type.\n"); goto out_sockmap; } - err = bpf_prog_detach(map_fd_rx, BPF_SK_SKB_STREAM_PARSER); + err = bpf_prog_detach2(parse_prog, map_fd_rx, BPF_SK_SKB_STREAM_PARSER); if (err) { printf("Failed parser prog detach\n"); goto out_sockmap; } - err = bpf_prog_detach(map_fd_rx, BPF_SK_SKB_STREAM_VERDICT); + err = bpf_prog_detach2(verdict_prog, map_fd_rx, BPF_SK_SKB_STREAM_VERDICT); if (err) { printf("Failed parser prog detach\n"); goto out_sockmap; -- 2.25.1

4 years, 9 months

3
2
0 0

[PATCH] kunit: capture stderr on all make subprocess calls

by Will Chen

Direct stderr to subprocess.STDOUT so error messages get included in the subprocess.CalledProcessError exceptions output field. This results in more meaningful error messages for the user. This is already being done in the make_allyesconfig method. Do the same for make_mrproper, make_olddefconfig, and make methods. With this, failures on unclean trees [1] will give users an error message that includes: "The source tree is not clean, please run 'make ARCH=um mrproper'" [1] https://bugzilla.kernel.org/show_bug.cgi?id=205219 Signed-off-by: Will Chen <chenwi(a)google.com> --- tools/testing/kunit/kunit_kernel.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py index 63dbda2d029f..e20e2056cb38 100644 --- a/tools/testing/kunit/kunit_kernel.py +++ b/tools/testing/kunit/kunit_kernel.py @@ -34,7 +34,7 @@ class LinuxSourceTreeOperations(object): def make_mrproper(self): try: - subprocess.check_output(['make', 'mrproper']) + subprocess.check_output(['make', 'mrproper'], stderr=subprocess.STDOUT) except OSError as e: raise ConfigError('Could not call make command: ' + e) except subprocess.CalledProcessError as e: @@ -47,7 +47,7 @@ class LinuxSourceTreeOperations(object): if build_dir: command += ['O=' + build_dir] try: - subprocess.check_output(command, stderr=subprocess.PIPE) + subprocess.check_output(command, stderr=subprocess.STDOUT) except OSError as e: raise ConfigError('Could not call make command: ' + e) except subprocess.CalledProcessError as e: @@ -77,7 +77,7 @@ class LinuxSourceTreeOperations(object): if build_dir: command += ['O=' + build_dir] try: - subprocess.check_output(command) + subprocess.check_output(command, stderr=subprocess.STDOUT) except OSError as e: raise BuildError('Could not call execute make: ' + e) except subprocess.CalledProcessError as e: -- 2.27.0.383.g050319c2ae-goog

4 years, 9 months

2
1
0 0

[PATCH 0/4] Paravirtualized Control Register pinning

by John Andersen

The paravirtualized CR pinning patchset is a strengthened version of existing control registers pinning for paravritualized guests. It protects KVM guests from ROP based attacks which attempt to disable key security features. Virtualized Linux guests such as Kata Containers, AWS Lambda, and Chromos Termina will get this protection enabled by default when they update their kernel / configs. Using virtualization allows us to provide a stronger version of a proven exploit mitigation technique. We’ve patched KVM to create 6 new KVM specific MSRs used to query which bits may be pinned, and to set which bits are pinned high or low in control registers 0 and 4. Linux guest support was added so that non-kexec guests will be able to take advantage of this strengthened protection by default. A plan for enabling guests with kexec is proposed in this cover letter. As part of that plan, we add a command line flag that allows users to opt-in to the protection on boot if they have kexec built into their kernel, effectively opting out of kexec support. Hibernation and suspend to ram were enabled by updating the location where bits in control register 4 were saved to and restored from. The work also includes minor patches for QEMU to ensure reboot works by clearing the added MSRs and exposing the new CPUID feature bit. There is one SMM related selftest added in this patchset and another patch for kvm-unit-tests that will be sent separately. Thank you to Sean and Drew who reviewed v2, to Boris, Paolo, Andy, and Liran who reviewed v1, and to Sean, Dave, Kristen, and Rick who've provided feedback throughout. I appreciate your time spent reviewing and feedback. Here are the previous RFC versions of this patchset for reference RFC v2: https://lkml.org/lkml/2020/2/18/1162 RFC v1: https://lkml.org/lkml/2019/12/24/380 === High level overview of the changes === - A CPUID feature bit as well as MSRs were added to KVM. Guests can use the CPUID feature bit to determine if MSRs are available. Reading the first 2 MSRs returns the bits which may be pinned for CR0/4 respectively. The next 4 MSRs are writeable and allow the guest and host userspace to set which bits are pinned low or pinned high for CR0/4. - Hibernation and suspend-to-RAM are supported. This was done by updating mmu_cr4_features on feature identification of the boot CPU. As such, mmu_cr4_features is no longer read only after init. - CPU hotplug is supported. Pinning is per vCPU. When running as a guest pinning is requested after CPU identification for non-boot CPUs. The boot CPU requests pinning a directly after existing pinning is setup. - Nested virtualization is supported. SVM / VMX restore pinned bits on VM-Exit if they had been unset in the host VMCB / VMCS. - As suggested by Sean, unpinning of pinned bits on return from SMM due to modification of SMRAM will cause an unhandleable emulation fault resulting in termination of the guest. - kexec support is still pending, since the plan is a bit long it's been moved to the end of the cover letter. It talks about the decision to make a command line parameter, why we opt in to pinning (and effectively out of kexec). Being that those changes wouldn't be localized to KVM (and this patchset is on top of kvm/next). - As Paolo requested, a patch will be sent immediately following this patchset for kvm-unit-tests with the unit tests for general functionality. selftests are included for SMM specific functionality. === Chanages since RFCv2 === - Related to Drew's comments - Used linux/stringify.h in selftests - Added comments on why we don't use GUEST_* due to SMM trickiness. We opt not to use GUEST_SYNC() because we also have to make a sync call from SMM. As such, the address of the ucall struct we'd need to pass isn't something we can put into the machine code in a maintainable way. At least so far as I could tell. - Related to Sean's comments - Allowed pinning bits high or low rather than just high - Cleaner code path for guest and host when writing to MSRs - Didn't use read modify write behavior due to that requiring changes to selftest save restore code which made me suspect that there might be issues with other VMMs. The issue was because we read CR0/4 in the RWM operation on the MSR, we must do KVM_SET_REGS before KVM_SET_MSRS, we also had to call KVM_SET_SREGS and add checks for if we're in SMM or not. This made it a bit more messy overall so I went with the first approach Sean suggested where we just have pin high/low semantics. - If the guest writes values to the allowed MSRs that are not the correct value the wrmsr fails. - If SMRAM modification would result in unpinning bits we bail with X86EMUL_UNHANDLEABLE - Added silent restoration of pinned bits for SVM and VMX when they may have been modified in VMCB / VMCS. This didn't seem like a place were we'd want to inject a fault, please let me know if we should. === Description of changes and rational === Paravirtualized Control Register pinning is a strengthened version of existing protections on the Write Protect, Supervisor Mode Execution / Access Protection, and User-Mode Instruction Prevention bits. The existing protections prevent native_write_cr*() functions from writing values which disable those bits. This patchset prevents any guest writes to control registers from disabling pinned bits, not just writes from native_write_cr*(). This stops attackers within the guest from using ROP to disable protection bits. https://web.archive.org/web/20171029060939/http://www.blackbunny.io/linux-k… The protection is implemented by adding MSRs to KVM which contain the bits that are allowed to be pinned, and the bits which are pinned. The guest or userspace can enable bit pinning by reading MSRs to check which bits are allowed to be pinned, and then writing MSRs to set which bits they want pinned. Other hypervisors such as HyperV have implemented similar protections for Control Registers and MSRs; which security researchers have found effective. https://www.abatchy.com/2018/01/kernel-exploitation-4 We add a CR pin feature bit to the KVM cpuid, read only MSRs which guests use to identify which bits they may request be pinned, and CR pinned low/high MSRs which contain the pinned bits. Guests can request that KVM pin bits within control register 0 or 4 via the CR pinned MSRs. Writes to the MSRs fail if they include bits that aren't allowed to be pinned. Host userspace may clear or modify pinned bits at any time. Once pinned bits are set, the guest may pin more allowed bits, but may never clear pinned bits. In the event that the guest vCPU attempts to disable any of the pinned bits, the vCPU that issued the write is sent a general protection fault, and the register is left unchanged. When running with KVM guest support and paravirtualized CR pinning enabled, paravirtualized and existing pinning are setup at the same point on the boot CPU. Non-boot CPUs setup pinning upon identification. Pinning is not active when running in SMM. Entering SMM disables pinned bits. Writes to control registers within SMM would therefore trigger general protection faults if pinning was enforced. Upon exit from SMM, SMRAM is modified to ensure the values of CR0/4 that will be restored contain the correct values for pinned bits. CR0/4 values are then restored from SMRAM as usual. When running with nested virtualization, should pinned bits be cleared from host VMCS / VMCB, on VM-Exit, they will be silently restored. Should userspace expose the CR pining CPUID feature bit, it must zero CR pinned MSRs on reboot. If it does not, it runs the risk of having the guest enable pinning and subsequently cause general protection faults on next boot due to early boot code setting control registers to values which do not contain the pinned bits. Hibernation to disk and suspend-to-RAM are supported. identify_cpu was updated to ensure SMEP/SMAP/UMIP are present in mmu_cr4_features. This is necessary to ensure protections stay active during hibernation image restoration. Guests using the kexec system call currently do not support paravirtualized control register pinning. This is due to early boot code writing known good values to control registers, these values do not contain the protected bits. This is due to CPU feature identification being done at a later time, when the kernel properly checks if it can enable protections. As such, the pv_cr_pin command line option has been added which instructs the kernel to disable kexec in favor of enabling paravirtualized control register pinning. crashkernel is also disabled when the pv_cr_pin parameter is specified due to its reliance on kexec. When we make kexec compatible, we will still need a way for a kernel with support to know if the kernel it is attempting to load has support. If a kernel with this enabled attempts to kexec a kernel where this is not supported, it would trigger a fault almost immediately. Liran suggested adding a section to the built image acting as a flag to signify support for being kexec'd by a kernel with pinning enabled. Should that approach be implemented, it is likely that the command line flag (pv_cr_pin) would still be desired for some deprecation period. We wouldn't want the default behavior to change from being able to kexec older kernels to not being able to, as this might break some users workflows. Since we require that the user opt-in to break kexec we've held off on attempting to fix kexec in this patchset. This way no one sees any behavior they are not explicitly opting in to. Security conscious kernel configurations disable kexec already, per KSPP guidelines. Projects such as Kata Containers, AWS Lambda, ChromeOS Termina, and others using KVM to virtualize Linux will benefit from this protection without the need to specify pv_cr_pin on the command line. Pinning of sensitive CR bits has already been implemented to protect against exploits directly calling native_write_cr*(). The current protection cannot stop ROP attacks which jump directly to a MOV CR instruction. Guests running with paravirtualized CR pinning are now protected against the use of ROP to disable CR bits. The same bits that are being pinned natively may be pinned via the CR pinned MSRs. These bits are WP in CR0, and SMEP, SMAP, and UMIP in CR4. Future patches could implement similar MSRs to protect bits in MSRs. The NXE bit of the EFER MSR is a prime candidate. === Plan for kexec support === Andy's suggestion of a boot option has been incorporated as the pv_cr_pin command line option. Boris mentioned that short-term solutions become immutable. However, for the reasons outlined below we need a way for the user to opt-in to pinning over kexec if both are compiled in, and the command line parameter seems to be a good way to do that. Liran's proposed solution of a flag within the ELF would allow us to identify which kernels have support is assumed to be implemented in the following scenarios. We then have the following cases (without the addition of pv_cr_pin): - Kernel running without pinning enabled kexecs kernel with pinning. - Loaded kernel has kexec - Do not enable pinning - Loaded kernel lacks kexec - Enable pinning - Kernel running with pinning enabled kexecs kernel with pinning (as identified by ELF addition). - Okay - Kernel running with pinning enabled kexecs kernel without pinning (as identified by lack of ELF addition). - User is presented with an error saying that they may not kexec a kernel without pinning support. With the addition of pv_cr_pin we have the following situations: - Kernel running without pinning enabled kexecs kernel with pinning. - Loaded kernel has kexec - pv_cr_pin command line parameter present for new kernel - Enable pinning - pv_cr_pin command line parameter not present for new kernel - Do not enable pinning - Loaded kernel lacks kexec - Enable pinning - Kernel running with pinning enabled kexecs kernel with pinning (as identified by ELF addition). - Okay - Kernel running with kexec and pinning enabled (opt-in via pv_cr_pin) kexecs kernel without pinning (as identified by lack of ELF addition). - User is presented with an error saying that they have opted into pinning support and may not kexec a kernel without pinning support. Without the command line parameter I'm not sure how we could preserve users workflows which might rely on kexecing older kernels (ones which wouldn't have support). I see the benefit here being that users have to opt-in to the possibility of breaking their workflow, via their addition of the pv_cr_pin command line flag. Which could of course also be called nokexec. A deprecation period could then be chosen where eventually pinning takes preference over kexec and users are presented with the error if they try to kexec an older kernel. Input on this would be much appreciated, as well as if this is the best way to handle things or if there's another way that would be preferred. This is just what we were able to come up with to ensure users didn't get anything broken they didn't agree to have broken. Thanks, John John Andersen (4): X86: Update mmu_cr4_features during feature identification KVM: x86: Introduce paravirt feature CR0/CR4 pinning selftests: kvm: add test for CR pinning with SMM X86: Use KVM CR pin MSRs .../admin-guide/kernel-parameters.txt | 11 + Documentation/virt/kvm/msr.rst | 53 +++++ arch/x86/Kconfig | 10 + arch/x86/include/asm/kvm_host.h | 7 + arch/x86/include/asm/kvm_para.h | 28 +++ arch/x86/include/uapi/asm/kvm_para.h | 7 + arch/x86/kernel/cpu/common.c | 11 +- arch/x86/kernel/kvm.c | 39 ++++ arch/x86/kernel/setup.c | 12 +- arch/x86/kvm/cpuid.c | 3 +- arch/x86/kvm/emulate.c | 3 +- arch/x86/kvm/kvm_emulate.h | 2 +- arch/x86/kvm/svm/nested.c | 11 +- arch/x86/kvm/vmx/nested.c | 10 +- arch/x86/kvm/x86.c | 106 ++++++++- tools/testing/selftests/kvm/.gitignore | 1 + tools/testing/selftests/kvm/Makefile | 1 + .../selftests/kvm/include/x86_64/processor.h | 13 ++ .../selftests/kvm/x86_64/smm_cr_pin_test.c | 207 ++++++++++++++++++ 19 files changed, 521 insertions(+), 14 deletions(-) create mode 100644 tools/testing/selftests/kvm/x86_64/smm_cr_pin_test.c base-commit: 49b3deaad3452217d62dbd78da8df24eb0c7e169 -- 2.21.0

4 years, 9 months

7
21
0 0

[PATCH v6 0/7] Add seccomp notifier ioctl that enables adding fds

by Kees Cook

Hello! v6: - fix missing fput() - API name change: s/fd_install_received/receive_fd/ v5: https://lore.kernel.org/lkml/20200617220327.3731559-1-keescook@chromium.org/ This continues the thread-merge between [1] and [2]. tl;dr: add a way for a seccomp user_notif process manager to inject files into the managed process in order to handle emulation of various fd-returning syscalls across security boundaries. Containers folks and Chrome are in need of the feature, and investigating this solution uncovered (and fixed) implementation issues with existing file sending routines. I intend to carry this in the for-next/seccomp tree, unless someone has objections. :) Please review and test! -Kees [1] https://lore.kernel.org/lkml/20200603011044.7972-1-sargun@sargun.me/ [2] https://lore.kernel.org/lkml/20200610045214.1175600-1-keescook@chromium.org/ Kees Cook (5): net/scm: Regularize compat handling of scm_detach_fds() fs: Move __scm_install_fd() to __receive_fd() fs: Add receive_fd() wrapper for __receive_fd() pidfd: Replace open-coded partial receive_fd() fs: Expand __receive_fd() to accept existing fd Sargun Dhillon (2): seccomp: Introduce addfd ioctl to seccomp user notifier selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD fs/file.c | 67 +++++ include/linux/file.h | 19 ++ include/linux/net.h | 9 + include/uapi/linux/seccomp.h | 22 ++ kernel/pid.c | 13 +- kernel/seccomp.c | 172 ++++++++++++- net/compat.c | 55 ++--- net/core/scm.c | 50 +--- tools/testing/selftests/seccomp/seccomp_bpf.c | 229 ++++++++++++++++++ 9 files changed, 554 insertions(+), 82 deletions(-) -- 2.25.1

4 years, 9 months

3
23
0 0

[PATCH] Replace HTTP links with HTTPS ones: KMOD KERNEL MODULE LOADER - USERMODE HELPER

by Alexander A. Klimov

Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster(a)al2klimov.de> --- Continuing my work started at 93431e0607e5. See also: git log --oneline '--author=Alexander A. Klimov <grandmaster(a)al2klimov.de>' v5.7..master (Actually letting a shell for loop submit all this stuff for me.) If there are any URLs to be removed completely or at least not HTTPSified: Just clearly say so and I'll *undo my change*. See also: https://lkml.org/lkml/2020/6/27/64 If there are any valid, but yet not changed URLs: See: https://lkml.org/lkml/2020/6/26/837 If you apply the patch, please let me know. tools/testing/selftests/kmod/kmod.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/kmod/kmod.sh b/tools/testing/selftests/kmod/kmod.sh index 3702dbcc90a7..84409020a40f 100755 --- a/tools/testing/selftests/kmod/kmod.sh +++ b/tools/testing/selftests/kmod/kmod.sh @@ -128,7 +128,7 @@ test_reqs() if [[ $KMOD_VERSION -le 19 ]]; then echo "$0: You need at least kmod 20" >&2 echo "kmod <= 19 is buggy, for details see:" >&2 - echo "http://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/libkmod/libkmo…" >&2 + echo "https://git.kernel.org/cgit/utils/kernel/kmod/kmod.git/commit/libkmod/libkm…" >&2 exit $ksft_skip fi -- 2.27.0

4 years, 9 months

3
2
0 0

[PATCH] selftests: kmod: Add module address visibility test

by Kees Cook

Make sure we don't regress the CAP_SYSLOG behavior of the module address visibility via /proc/modules nor /sys/module/*/sections/*. Cc: Luis Chamberlain <mcgrof(a)kernel.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Kees Cook <keescook(a)chromium.org> --- I forgot to include this patch in my kallsyms_show_value() f_cred series: https://lore.kernel.org/lkml/20200702232638.2946421-1-keescook@chromium.org/ Since this depends on the changes, I'd like to include this in the series with acks/review, etc. :) --- tools/testing/selftests/kmod/kmod.sh | 36 ++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/tools/testing/selftests/kmod/kmod.sh b/tools/testing/selftests/kmod/kmod.sh index 3702dbcc90a7..c82aa77958e5 100755 --- a/tools/testing/selftests/kmod/kmod.sh +++ b/tools/testing/selftests/kmod/kmod.sh @@ -63,6 +63,8 @@ ALL_TESTS="$ALL_TESTS 0008:150:1" ALL_TESTS="$ALL_TESTS 0009:150:1" ALL_TESTS="$ALL_TESTS 0010:1:1" ALL_TESTS="$ALL_TESTS 0011:1:1" +ALL_TESTS="$ALL_TESTS 0012:1:1" +ALL_TESTS="$ALL_TESTS 0013:1:1" # Kselftest framework requirement - SKIP code is 4. ksft_skip=4 @@ -470,6 +472,38 @@ kmod_test_0011() echo "$MODPROBE" > /proc/sys/kernel/modprobe } +kmod_check_visibility() +{ + local name="$1" + local cmd="$2" + + modprobe $DEFAULT_KMOD_DRIVER + + local priv=$(eval $cmd) + local unpriv=$(capsh --drop=CAP_SYSLOG -- -c "$cmd") + + if [ "$priv" = "$unpriv" ] || \ + [ "${priv:0:3}" = "0x0" ] || \ + [ "${unpriv:0:3}" != "0x0" ] ; then + echo "${FUNCNAME[0]}: FAIL, $name visible to unpriv: '$priv' vs '$unpriv'" >&2 + exit 1 + else + echo "${FUNCNAME[0]}: OK!" + fi +} + +kmod_test_0012() +{ + kmod_check_visibility /proc/modules \ + "grep '^${DEFAULT_KMOD_DRIVER}\b' /proc/modules | awk '{print \$NF}'" +} + +kmod_test_0013() +{ + kmod_check_visibility '/sys/module/*/sections/*' \ + "cat /sys/module/${DEFAULT_KMOD_DRIVER}/sections/.*text | head -n1" +} + list_tests() { echo "Test ID list:" @@ -489,6 +523,8 @@ list_tests() echo "0009 x $(get_test_count 0009) - multithreaded - push kmod_concurrent over max_modprobes for get_fs_type()" echo "0010 x $(get_test_count 0010) - test nonexistent modprobe path" echo "0011 x $(get_test_count 0011) - test completely disabling module autoloading" + echo "0012 x $(get_test_count 0012) - test /proc/modules address visibility under CAP_SYSLOG" + echo "0013 x $(get_test_count 0013) - test /sys/module/*/sections/* visibility under CAP_SYSLOG" } usage() -- 2.25.1 -- Kees Cook

4 years, 9 months

2
1
0 0

[PATCH v10 0/9] firmware: add request_partial_firmware_into_buf

by Scott Branden

This patch series adds partial read support via a new call request_partial_firmware_into_buf. Such support is needed when the whole file is not needed and/or only a smaller portion of the file will fit into allocated memory at any one time. In order to accept the enhanced API it has been requested that kernel selftests and upstreamed driver utilize the API enhancement and so are included in this patch series. Also in this patch series is the addition of a new Broadcom VK driver utilizing the new request_firmware_into_buf enhanced API. Further comment followed to add IMA support of the partial reads originating from request_firmware_into_buf calls. And another request to move existing kernel_read_file* functions to its own include file. Changes from v9: - add patch to move existing kernel_read_file* to its own include file - driver fixes Changes from v8: - correct compilation error when CONFIG_FW_LOADER not defined Changes from v7: - removed swiss army knife kernel_pread_* style approach and simply add offset parameter in addition to those needed in kernel_read_* functions thus removing need for kernel_pread enum Changes from v6: - update ima_post_read_file check on IMA_FIRMWARE_PARTIAL_READ - adjust new driver i2c-slave-eeprom.c use of request_firmware_into_buf - remove an extern Changes from v5: - add IMA FIRMWARE_PARTIAL_READ support - change kernel pread flags to enum - removed legacy support from driver - driver fixes Changes from v4: - handle reset issues if card crashes - allow driver to have min required msix - add card utilization information Changes from v3: - fix sparse warnings - fix printf format specifiers for size_t - fix 32-bit cross-compiling reports 32-bit shifts - use readl/writel,_relaxed to access pci ioremap memory, removed memory barriers and volatile keyword with such change - driver optimizations for interrupt/poll functionalities Changes from v2: - remove unnecessary code and mutex locks in lib/test_firmware.c - remove VK_IOCTL_ACCESS_BAR support from driver and use pci sysfs instead - remove bitfields - remove Kconfig default m - adjust formatting and some naming based on feedback - fix error handling conditions - use appropriate return codes - use memcpy_toio instead of direct access to PCIE bar Scott Branden (9): fs: move kernel_read_file* to its own include file fs: introduce kernel_pread_file* support firmware: add request_partial_firmware_into_buf test_firmware: add partial read support for request_firmware_into_buf firmware: test partial file reads of request_partial_firmware_into_buf bcm-vk: add bcm_vk UAPI misc: bcm-vk: add Broadcom VK driver MAINTAINERS: bcm-vk: add maintainer for Broadcom VK Driver ima: add FIRMWARE_PARTIAL_READ support MAINTAINERS | 7 + drivers/base/firmware_loader/firmware.h | 5 + drivers/base/firmware_loader/main.c | 80 +- drivers/misc/Kconfig | 1 + drivers/misc/Makefile | 1 + drivers/misc/bcm-vk/Kconfig | 29 + drivers/misc/bcm-vk/Makefile | 11 + drivers/misc/bcm-vk/bcm_vk.h | 419 +++++ drivers/misc/bcm-vk/bcm_vk_dev.c | 1357 +++++++++++++++ drivers/misc/bcm-vk/bcm_vk_msg.c | 1504 +++++++++++++++++ drivers/misc/bcm-vk/bcm_vk_msg.h | 211 +++ drivers/misc/bcm-vk/bcm_vk_sg.c | 275 +++ drivers/misc/bcm-vk/bcm_vk_sg.h | 61 + drivers/misc/bcm-vk/bcm_vk_tty.c | 352 ++++ fs/exec.c | 92 +- include/linux/firmware.h | 12 + include/linux/fs.h | 39 - include/linux/ima.h | 1 + include/linux/kernel_read_file.h | 69 + include/linux/security.h | 1 + include/uapi/linux/misc/bcm_vk.h | 99 ++ kernel/kexec_file.c | 1 + kernel/module.c | 1 + lib/test_firmware.c | 154 +- security/integrity/digsig.c | 1 + security/integrity/ima/ima_fs.c | 1 + security/integrity/ima/ima_main.c | 25 +- security/integrity/ima/ima_policy.c | 1 + security/loadpin/loadpin.c | 1 + security/security.c | 1 + security/selinux/hooks.c | 1 + .../selftests/firmware/fw_filesystem.sh | 80 + 32 files changed, 4802 insertions(+), 91 deletions(-) create mode 100644 drivers/misc/bcm-vk/Kconfig create mode 100644 drivers/misc/bcm-vk/Makefile create mode 100644 drivers/misc/bcm-vk/bcm_vk.h create mode 100644 drivers/misc/bcm-vk/bcm_vk_dev.c create mode 100644 drivers/misc/bcm-vk/bcm_vk_msg.c create mode 100644 drivers/misc/bcm-vk/bcm_vk_msg.h create mode 100644 drivers/misc/bcm-vk/bcm_vk_sg.c create mode 100644 drivers/misc/bcm-vk/bcm_vk_sg.h create mode 100644 drivers/misc/bcm-vk/bcm_vk_tty.c create mode 100644 include/linux/kernel_read_file.h create mode 100644 include/uapi/linux/misc/bcm_vk.h -- 2.17.1

4 years, 9 months

4
24
0 0

Re: [PATCH v10 7/9] misc: bcm-vk: add Broadcom VK driver

by Kees Cook

On Mon, Jul 06, 2020 at 04:23:07PM -0700, Scott Branden wrote: > Add Broadcom VK driver offload engine. > This driver interfaces to the VK PCIe offload engine to perform > should offload functions as video transcoding on multiple streams > in parallel. VK device is booted from files loaded using > request_firmware_into_buf mechanism. After booted card status is updated > and messages can then be sent to the card. > Such messages contain scatter gather list of addresses > to pull data from the host to perform operations on. > > Signed-off-by: Scott Branden <scott.branden(a)broadcom.com> > Signed-off-by: Desmond Yan <desmond.yan(a)broadcom.com> nit: your S-o-b chain doesn't make sense (I would expect you at the end since you're sending it and showing as the Author). Is it Co-developed-by? https://www.kernel.org/doc/html/latest/process/submitting-patches.html#when… > [...] > + > + max_buf = SZ_4M; > + bufp = dma_alloc_coherent(dev, > + max_buf, > + &boot_dma_addr, GFP_KERNEL); > + if (!bufp) { > + dev_err(dev, "Error allocating 0x%zx\n", max_buf); > + ret = -ENOMEM; > + goto err_buf_out; > + } > + > + bcm_vk_buf_notify(vk, bufp, boot_dma_addr, max_buf); > + } else { > + dev_err(dev, "Error invalid image type 0x%x\n", load_type); > + ret = -EINVAL; > + goto err_buf_out; > + } > + > + ret = request_partial_firmware_into_buf(&fw, filename, dev, > + bufp, max_buf, 0); Unless I don't understand what's happening here, this needs to be reordered if you're going to keep Mimi happy and disallow the device being able to see the firmware before it has been verified. (i.e. please load the firmware before mapping DMA across the buffer.) -- Kees Cook

4 years, 9 months

2
1
0 0

[PATCH 0/2] KUnit-Kmemleak Integration

by Uriel Guajardo

From: Uriel Guajardo <urielguajardo(a)google.com> With these patches, KUnit can access and manually run kmemleak in every test case. Any errors caught by kmemleak will cause the KUnit test to fail. This patchset relies on "kunit: KASAN integration", which places the currently running kunit test in task_struct. [1] [1] https://lore.kernel.org/linux-kselftest/20200606040349.246780-2-davidgow@go… Uriel Guajardo (2): kunit: support kunit failures from debugging tools kunit: kmemleak integration include/kunit/test-bug.h | 15 +++++++++++++ include/kunit/test.h | 1 + include/linux/kmemleak.h | 11 ++++++++++ lib/Kconfig.debug | 26 +++++++++++++++++++++++ lib/kunit/test.c | 46 +++++++++++++++++++++++++++++++++++----- mm/kmemleak.c | 27 +++++++++++++++++------ 6 files changed, 115 insertions(+), 11 deletions(-) create mode 100644 include/kunit/test-bug.h -- 2.27.0.212.ge8ba1cc988-goog

4 years, 9 months

3
7
0 0

[PATCH 0/2] Selftest for cpuidle latency measurement

by Pratik Rajesh Sampat

The patch series introduces a mechanism to measure wakeup latency for IPI and timer based interrupts The motivation behind this series is to find significant deviations behind advertised latency and resisdency values To achieve this, we introduce a kernel module and expose its control knobs through the debugfs interface that the selftests can engage with. The kernel module provides the following interfaces within /sys/kernel/debug/latency_test/ for, 1. IPI test: ipi_cpu_dest # Destination CPU for the IPI ipi_cpu_src # Origin of the IPI ipi_latency_ns # Measured latency time in ns 2. Timeout test: timeout_cpu_src # CPU on which the timer to be queued timeout_expected_ns # Timer duration timeout_diff_ns # Difference of actual duration vs expected timer To include the module, check option and include as module kernel hacking -> Cpuidle latency selftests The selftest inserts the module, disables all the idle states and enables them one by one testing: 1. Keeping source CPU constant, iterates through all the CPUS measuring IPI latency for baseline (CPU is busy with "yes" workload) and the when the CPU is at rest 2. Iterating through all the CPUs, sending expected timer durations to be equivalent to the residency of the the deepest idle state enabled and extracting the difference in time between the time of wakeup and the expected timer duration Usage ----- Can be used in conjuction to the rest of the selftests. Default Output location in: tools/testing/cpuidle/cpuidle.log To run this test specifically: $ make -C tools/testing/selftests TARGETS="cpuidle" run_tests There are a few optinal arguments too that the script can take [-h <help>] [-m <location of the module>] [-o <location of the output>] Sample output snippet --------------------- --IPI Latency Test--- ---Enabling state: 0--- SRC_CPU DEST_CPU Base_IPI_Latency(ns) IPI_Latency(ns) 0 0 328 291 0 1 1500 1071 0 2 1070 1062 0 3 1557 1668 . . . . Expected IPI latency(ns): 1000 Baseline Average IPI latency(ns): 1113 Observed Average IPI latency(ns): 1023 --Timeout Latency Test-- ---Enabling state: 0--- Wakeup_src Baseline_delay(ns) Delay(ns) 0 3134 2128 1 2275 2107 2 2222 2198 3 2421 2325 . . . . Expected timeout(ns): 200 Baseline Average timeout diff(ns): 2513 Observed Average timeout diff(ns): 2189 Pratik Rajesh Sampat (2): cpuidle: Trace IPI based and timer based wakeup latency from idle states selftest/cpuidle: Add support for cpuidle latency measurement drivers/cpuidle/Makefile | 1 + drivers/cpuidle/test-cpuidle_latency.c | 150 +++++++++++++ lib/Kconfig.debug | 10 + tools/testing/selftests/Makefile | 1 + tools/testing/selftests/cpuidle/Makefile | 6 + tools/testing/selftests/cpuidle/cpuidle.sh | 240 +++++++++++++++++++++ tools/testing/selftests/cpuidle/settings | 1 + 7 files changed, 409 insertions(+) create mode 100644 drivers/cpuidle/test-cpuidle_latency.c create mode 100644 tools/testing/selftests/cpuidle/Makefile create mode 100755 tools/testing/selftests/cpuidle/cpuidle.sh create mode 100644 tools/testing/selftests/cpuidle/settings -- 2.25.4

4 years, 9 months

3
4
0 0

[PATCH v4 0/2] selftests: pidfd: prefer ksft_test_result_skip to ksft_exit_*

by Paolo Bonzini

Calling ksft_exit_* results in executing fewer tests than planned, which is wrong for ksft_exit_skip or suboptimal (because it results in a bail out) for ksft_exit_fail_msg. Using ksft_test_result_skip instead skips only one test and lets the test plan proceed as promised by ksft_set_plan. Paolo v3->v4: remove useless initialization Paolo Bonzini (2): selftests: pidfd: do not use ksft_exit_skip after ksft_set_plan selftests: pidfd: skip test if unshare fails with EPERM tools/testing/selftests/pidfd/pidfd_test.c | 55 ++++++++++++++++++---- 1 file changed, 46 insertions(+), 9 deletions(-) -- 2.26.2

4 years, 9 months

1
2
0 0

[PATCH v3 0/2] selftests: pidfd: prefer ksft_test_result_skip to ksft_exit_*

by Paolo Bonzini

Calling ksft_exit_* results in executing fewer tests than planned, which is wrong for ksft_exit_skip or suboptimal (because it results in a bail out) for ksft_exit_fail_msg. Using ksft_test_result_skip instead skips only one test and lets the test plan proceed as promised by ksft_set_plan. Paolo Paolo Bonzini (2): selftests: pidfd: do not use ksft_exit_skip after ksft_set_plan selftests: pidfd: skip test if unshare fails with EPERM tools/testing/selftests/pidfd/pidfd_test.c | 55 ++++++++++++++++++---- 1 file changed, 46 insertions(+), 9 deletions(-) -- 2.26.2

4 years, 9 months

3
5
0 0

[PATCH 5.4 19/65] selftests: tpm: Use /bin/sh instead of /bin/bash

by Greg Kroah-Hartman

From: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> commit 377ff83083c953dd58c5a030b3c9b5b85d8cc727 upstream. It's better to use /bin/sh instead of /bin/bash in order to run the tests in the BusyBox shell. Fixes: 6ea3dfe1e073 ("selftests: add TPM 2.0 tests") Cc: stable(a)vger.kernel.org Cc: linux-integrity(a)vger.kernel.org Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/testing/selftests/tpm2/test_smoke.sh | 2 +- tools/testing/selftests/tpm2/test_space.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/tools/testing/selftests/tpm2/test_smoke.sh +++ b/tools/testing/selftests/tpm2/test_smoke.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) python -m unittest -v tpm2_tests.SmokeTest --- a/tools/testing/selftests/tpm2/test_space.sh +++ b/tools/testing/selftests/tpm2/test_space.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) python -m unittest -v tpm2_tests.SpaceTest

4 years, 9 months

1
0
0 0

[PATCH 5.7 042/112] selftests: tpm: Use /bin/sh instead of /bin/bash

by Greg Kroah-Hartman

From: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> commit 377ff83083c953dd58c5a030b3c9b5b85d8cc727 upstream. It's better to use /bin/sh instead of /bin/bash in order to run the tests in the BusyBox shell. Fixes: 6ea3dfe1e073 ("selftests: add TPM 2.0 tests") Cc: stable(a)vger.kernel.org Cc: linux-integrity(a)vger.kernel.org Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/testing/selftests/tpm2/test_smoke.sh | 2 +- tools/testing/selftests/tpm2/test_space.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/tools/testing/selftests/tpm2/test_smoke.sh +++ b/tools/testing/selftests/tpm2/test_smoke.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) python -m unittest -v tpm2_tests.SmokeTest --- a/tools/testing/selftests/tpm2/test_space.sh +++ b/tools/testing/selftests/tpm2/test_space.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) python -m unittest -v tpm2_tests.SpaceTest

4 years, 9 months

1
0
0 0

[PATCH 5.7 041/112] Revert "tpm: selftest: cleanup after unseal with wrong auth/policy test"

by Greg Kroah-Hartman

From: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> commit 5be206eaac9a68992fc3b06fb5dd5634e323de86 upstream. The reverted commit illegitly uses tpm2-tools. External dependencies are absolutely forbidden from these tests. There is also the problem that clearing is not necessarily wanted behavior if the test/target computer is not used only solely for testing. Fixes: a9920d3bad40 ("tpm: selftest: cleanup after unseal with wrong auth/policy test") Cc: Tadeusz Struk <tadeusz.struk(a)intel.com> Cc: stable(a)vger.kernel.org Cc: linux-integrity(a)vger.kernel.org Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/testing/selftests/tpm2/test_smoke.sh | 5 ----- 1 file changed, 5 deletions(-) --- a/tools/testing/selftests/tpm2/test_smoke.sh +++ b/tools/testing/selftests/tpm2/test_smoke.sh @@ -3,8 +3,3 @@ python -m unittest -v tpm2_tests.SmokeTest python -m unittest -v tpm2_tests.AsyncTest - -CLEAR_CMD=$(which tpm2_clear) -if [ -n $CLEAR_CMD ]; then - tpm2_clear -T device -fi

4 years, 9 months

1
0
0 0

[PATCH v2 0/6] kselftest: fix TAP output for skipped test and ksft_set_plan misuse

by Paolo Bonzini

This is v2 of the patch to fix TAP output for skipped tests. I noticed and fixed two other occurrences of "not ok ... # SKIP" which according to the TAP specification should be marked as "ok ... # SKIP" instead. Unfortunately, closer analysis showed ksft_exit_skip to be a badly misused API. It should be used when the remainder of the testcase is being skipped, but TAP only supports this before the test plan has been emitted (in which case you're supposed to print "1..0 # SKIP". Therefore, in patch 1 I'm mostly trying to do something sensible, printing "1..0 # SKIP" is possible or "ok ... # SKIP" if not (which is no worse than what was doing before). The remaining five patches show what needs to be done in order to avoid ksft_exit_skip misuse; while working on them I found other bugs that I've fixed at the same time; see patch 2 for an example. In the interest of full disclosure, I won't be able to do more cleanups of ksft_exit_skip callers. However, I have fixed all those that did call ksft_set_plan() as those at least try to produce TAP output. Paolo Paolo Bonzini (6): kselftest: fix TAP output for skipped tests selftests: breakpoints: fix computation of test plan selftests: breakpoints: do not use ksft_exit_skip after ksft_set_plan selftests: pidfd: do not use ksft_exit_skip after ksft_set_plan selftests: sigaltstack: do not use ksft_exit_skip after ksft_set_plan selftests: sync_test: do not use ksft_exit_skip after ksft_set_plan .../breakpoints/step_after_suspend_test.c | 53 +++++++++++-------- tools/testing/selftests/kselftest.h | 28 +++++++--- tools/testing/selftests/kselftest/runner.sh | 2 +- tools/testing/selftests/pidfd/pidfd_test.c | 39 +++++++++++--- tools/testing/selftests/sigaltstack/sas.c | 4 +- tools/testing/selftests/sync/sync_test.c | 2 +- 6 files changed, 87 insertions(+), 41 deletions(-) -- 2.26.2

4 years, 9 months

3
10
0 0

[PATCH] Documentation: kunit: Remove references to --defconfig

by David Gow

The --defconfig option in kunit_tool was removed in [1], but the getting started and kunit_tool documentation still encouraged its use. Update those documents to reflect that it's no-longer required, and is the default behaviour if no .kunitconfig is found. Also update a couple of places where .kunitconfig is still referred to as kunitconfig (this was changed in [2]). [1]: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git/c… [2]: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git/c… Signed-off-by: David Gow <davidgow(a)google.com> --- Documentation/dev-tools/kunit/kunit-tool.rst | 17 +++++------------ Documentation/dev-tools/kunit/start.rst | 2 +- 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/Documentation/dev-tools/kunit/kunit-tool.rst b/Documentation/dev-tools/kunit/kunit-tool.rst index 949af2da81e5..29ae2fee8123 100644 --- a/Documentation/dev-tools/kunit/kunit-tool.rst +++ b/Documentation/dev-tools/kunit/kunit-tool.rst @@ -19,13 +19,13 @@ compiles the kernel as a standalone Linux executable that can be run like any other program directly inside of a host operating system. To be clear, it does not require any virtualization support: it is just a regular program. -What is a kunitconfig? -====================== +What is a .kunitconfig? +======================= It's just a defconfig that kunit_tool looks for in the base directory. kunit_tool uses it to generate a .config as you might expect. In addition, it verifies that the generated .config contains the CONFIG options in the -kunitconfig; the reason it does this is so that it is easy to be sure that a +.kunitconfig; the reason it does this is so that it is easy to be sure that a CONFIG that enables a test actually ends up in the .config. How do I use kunit_tool? @@ -46,16 +46,9 @@ However, you most likely want to use it with the following options: - ``--timeout`` sets a maximum amount of time to allow tests to run. - ``--jobs`` sets the number of threads to use to build the kernel. -If you just want to use the defconfig that ships with the kernel, you can -append the ``--defconfig`` flag as well: - -.. code-block:: bash - - ./tools/testing/kunit/kunit.py run --timeout=30 --jobs=`nproc --all` --defconfig - .. note:: - This command is particularly helpful for getting started because it - just works. No kunitconfig needs to be present. + This command will work even without a .kunitconfig file: if no + .kunitconfig is present, a default one will be used instead. For a list of all the flags supported by kunit_tool, you can run: diff --git a/Documentation/dev-tools/kunit/start.rst b/Documentation/dev-tools/kunit/start.rst index bb112cf70624..d23385e3e159 100644 --- a/Documentation/dev-tools/kunit/start.rst +++ b/Documentation/dev-tools/kunit/start.rst @@ -18,7 +18,7 @@ The wrapper can be run with: .. code-block:: bash - ./tools/testing/kunit/kunit.py run --defconfig + ./tools/testing/kunit/kunit.py run For more information on this wrapper (also called kunit_tool) check out the :doc:`kunit-tool` page. -- 2.27.0.212.ge8ba1cc988-goog

4 years, 9 months

2
1
0 0

[PATCH v35 22/24] selftests/x86: Add a selftest for SGX

by Jarkko Sakkinen

Add a selftest for SGX. It is a trivial test where a simple enclave copies one 64-bit word of memory between two memory locations. Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/sgx/.gitignore | 2 + tools/testing/selftests/sgx/Makefile | 53 +++ tools/testing/selftests/sgx/call.S | 54 +++ tools/testing/selftests/sgx/defines.h | 21 + tools/testing/selftests/sgx/load.c | 282 +++++++++++++ tools/testing/selftests/sgx/main.c | 199 +++++++++ tools/testing/selftests/sgx/main.h | 38 ++ tools/testing/selftests/sgx/sigstruct.c | 395 ++++++++++++++++++ tools/testing/selftests/sgx/test_encl.c | 20 + tools/testing/selftests/sgx/test_encl.lds | 40 ++ .../selftests/sgx/test_encl_bootstrap.S | 89 ++++ 12 files changed, 1194 insertions(+) create mode 100644 tools/testing/selftests/sgx/.gitignore create mode 100644 tools/testing/selftests/sgx/Makefile create mode 100644 tools/testing/selftests/sgx/call.S create mode 100644 tools/testing/selftests/sgx/defines.h create mode 100644 tools/testing/selftests/sgx/load.c create mode 100644 tools/testing/selftests/sgx/main.c create mode 100644 tools/testing/selftests/sgx/main.h create mode 100644 tools/testing/selftests/sgx/sigstruct.c create mode 100644 tools/testing/selftests/sgx/test_encl.c create mode 100644 tools/testing/selftests/sgx/test_encl.lds create mode 100644 tools/testing/selftests/sgx/test_encl_bootstrap.S diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 1195bd85af38..ec7be6d5a10d 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -64,6 +64,7 @@ TARGETS += user TARGETS += vm TARGETS += x86 TARGETS += zram +TARGETS += sgx #Please keep the TARGETS list alphabetically sorted # Run "make quicktest=1 run_tests" or # "make quicktest=1 kselftest" from top level Makefile diff --git a/tools/testing/selftests/sgx/.gitignore b/tools/testing/selftests/sgx/.gitignore new file mode 100644 index 000000000000..fbaf0bda9a92 --- /dev/null +++ b/tools/testing/selftests/sgx/.gitignore @@ -0,0 +1,2 @@ +test_sgx +test_encl.elf diff --git a/tools/testing/selftests/sgx/Makefile b/tools/testing/selftests/sgx/Makefile new file mode 100644 index 000000000000..95e5c4df8014 --- /dev/null +++ b/tools/testing/selftests/sgx/Makefile @@ -0,0 +1,53 @@ +top_srcdir = ../../../.. + +include ../lib.mk + +.PHONY: all clean + +CAN_BUILD_X86_64 := $(shell ../x86/check_cc.sh $(CC) \ + ../x86/trivial_64bit_program.c) + +ifndef OBJCOPY +OBJCOPY := $(CROSS_COMPILE)objcopy +endif + +INCLUDES := -I$(top_srcdir)/tools/include +HOST_CFLAGS := -Wall -Werror -g $(INCLUDES) -fPIC -z noexecstack +ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \ + -fno-stack-protector -mrdrnd $(INCLUDES) + +TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx $(OUTPUT)/test_encl.elf + +ifeq ($(CAN_BUILD_X86_64), 1) +all: $(TEST_CUSTOM_PROGS) +endif + +$(OUTPUT)/test_sgx: $(OUTPUT)/main.o \ + $(OUTPUT)/load.o \ + $(OUTPUT)/sigstruct.o \ + $(OUTPUT)/call.o + $(CC) $(HOST_CFLAGS) -o $@ $^ -lcrypto + +$(OUTPUT)/main.o: main.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/load.o: load.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/sigstruct.o: sigstruct.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/call.o: call.S + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/test_encl.elf: test_encl.lds test_encl.c test_encl_bootstrap.S + $(CC) $(ENCL_CFLAGS) -T $^ -o $@ + +EXTRA_CLEAN := \ + $(OUTPUT)/test_encl.elf \ + $(OUTPUT)/load.o \ + $(OUTPUT)/call.o \ + $(OUTPUT)/main.o \ + $(OUTPUT)/sigstruct.o \ + $(OUTPUT)/test_sgx \ + $(OUTPUT)/test_sgx.o \ diff --git a/tools/testing/selftests/sgx/call.S b/tools/testing/selftests/sgx/call.S new file mode 100644 index 000000000000..77131e83db42 --- /dev/null +++ b/tools/testing/selftests/sgx/call.S @@ -0,0 +1,54 @@ +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */ +/** +* Copyright(c) 2016-18 Intel Corporation. +*/ + + .text + + .macro ENCLU + .byte 0x0f, 0x01, 0xd7 + .endm + + .text + + .global sgx_call_vdso +sgx_call_vdso: + .cfi_startproc + push %r15 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r15, 0 + push %r14 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r14, 0 + push %r13 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r13, 0 + push %r12 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r12, 0 + push %rbx + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %rbx, 0 + push $0 + .cfi_adjust_cfa_offset 8 + push 0x48(%rsp) + .cfi_adjust_cfa_offset 8 + push 0x48(%rsp) + .cfi_adjust_cfa_offset 8 + push 0x48(%rsp) + .cfi_adjust_cfa_offset 8 + call *eenter(%rip) + add $0x20, %rsp + .cfi_adjust_cfa_offset -0x20 + pop %rbx + .cfi_adjust_cfa_offset -8 + pop %r12 + .cfi_adjust_cfa_offset -8 + pop %r13 + .cfi_adjust_cfa_offset -8 + pop %r14 + .cfi_adjust_cfa_offset -8 + pop %r15 + .cfi_adjust_cfa_offset -8 + ret + .cfi_endproc diff --git a/tools/testing/selftests/sgx/defines.h b/tools/testing/selftests/sgx/defines.h new file mode 100644 index 000000000000..be8969922804 --- /dev/null +++ b/tools/testing/selftests/sgx/defines.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright(c) 2016-19 Intel Corporation. + */ + +#ifndef DEFINES_H +#define DEFINES_H + +#include <stdint.h> + +#define PAGE_SIZE 4096 +#define PAGE_MASK (~(PAGE_SIZE - 1)) + +#define __aligned(x) __attribute__((__aligned__(x))) +#define __packed __attribute__((packed)) + +#include "../../../../arch/x86/kernel/cpu/sgx/arch.h" +#include "../../../../arch/x86/include/asm/enclu.h" +#include "../../../../arch/x86/include/uapi/asm/sgx.h" + +#endif /* DEFINES_H */ diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c new file mode 100644 index 000000000000..91407036541c --- /dev/null +++ b/tools/testing/selftests/sgx/load.c @@ -0,0 +1,282 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <assert.h> +#include <elf.h> +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/ioctl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/types.h> +#include "defines.h" +#include "main.h" + +void encl_delete(struct encl *encl) +{ + if (encl->encl_base) + munmap((void *)encl->encl_base, encl->encl_size); + + if (encl->bin) + munmap(encl->bin, encl->bin_size); + + if (encl->fd) + close(encl->fd); + + if (encl->segment_tbl) + free(encl->segment_tbl); + + memset(encl, 0, sizeof(*encl)); +} + +static bool encl_map_bin(const char *path, struct encl *encl) +{ + struct stat sb; + void *bin; + int ret; + int fd; + + fd = open(path, O_RDONLY); + if (fd == -1) { + perror("open()"); + return false; + } + + ret = stat(path, &sb); + if (ret) { + perror("stat()"); + goto err; + } + + bin = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); + if (bin == MAP_FAILED) { + perror("mmap()"); + goto err; + } + + encl->bin = bin; + encl->bin_size = sb.st_size; + + close(fd); + return true; + +err: + close(fd); + return false; +} + +static bool encl_ioc_create(struct encl *encl) +{ + struct sgx_secs *secs = &encl->secs; + struct sgx_enclave_create ioc; + int rc; + + assert(encl->encl_base != 0); + + memset(secs, 0, sizeof(*secs)); + secs->ssa_frame_size = 1; + secs->attributes = SGX_ATTR_MODE64BIT; + secs->xfrm = 3; + secs->base = encl->encl_base; + secs->size = encl->encl_size; + + ioc.src = (unsigned long)secs; + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_CREATE, &ioc); + if (rc) { + fprintf(stderr, "SGX_IOC_ENCLAVE_CREATE failed: errno=%d\n", + errno); + munmap((void *)secs->base, encl->encl_size); + return false; + } + + return true; +} + +static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg) +{ + struct sgx_enclave_add_pages ioc; + struct sgx_secinfo secinfo; + int rc; + + memset(&secinfo, 0, sizeof(secinfo)); + secinfo.flags = seg->flags; + + ioc.src = (uint64_t)encl->src + seg->offset; + ioc.offset = seg->offset; + ioc.length = seg->size; + ioc.secinfo = (unsigned long)&secinfo; + ioc.flags = SGX_PAGE_MEASURE; + + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc); + if (rc) { + fprintf(stderr, "SGX_IOC_ENCLAVE_ADD_PAGES failed: errno=%d.\n", + errno); + return false; + } + + if (ioc.count != ioc.length) { + fprintf(stderr, "A segment not fully processed.\n"); + return false; + } + + return true; +} + +bool encl_load(const char *path, struct encl *encl) +{ + Elf64_Phdr *phdr_tbl; + off_t src_offset; + Elf64_Ehdr *ehdr; + int i, j; + int ret; + + memset(encl, 0, sizeof(*encl)); + + ret = open("/dev/sgx/enclave", O_RDWR); + if (ret < 0) { + fprintf(stderr, "Unable to open /dev/sgx\n"); + goto err; + } + + encl->fd = ret; + + if (!encl_map_bin(path, encl)) + goto err; + + ehdr = encl->bin; + phdr_tbl = encl->bin + ehdr->e_phoff; + + for (i = 0; i < ehdr->e_phnum; i++) { + Elf64_Phdr *phdr = &phdr_tbl[i]; + + if (phdr->p_type == PT_LOAD) + encl->nr_segments++; + } + + encl->segment_tbl = calloc(encl->nr_segments, + sizeof(struct encl_segment)); + if (!encl->segment_tbl) + goto err; + + for (i = 0, j = 0; i < ehdr->e_phnum; i++) { + Elf64_Phdr *phdr = &phdr_tbl[i]; + unsigned int flags = phdr->p_flags; + struct encl_segment *seg; + + if (phdr->p_type != PT_LOAD) + continue; + + seg = &encl->segment_tbl[j]; + + if (!!(flags & ~(PF_R | PF_W | PF_X))) { + fprintf(stderr, + "%d has invalid segment flags 0x%02x.\n", i, + phdr->p_flags); + goto err; + } + + if (j == 0 && flags != (PF_R | PF_W)) { + fprintf(stderr, + "TCS has invalid segment flags 0x%02x.\n", + phdr->p_flags); + goto err; + } + + if (j == 0) { + src_offset = (phdr->p_offset & PAGE_MASK) - src_offset; + + seg->prot = PROT_READ | PROT_WRITE; + seg->flags = SGX_PAGE_TYPE_TCS << 8; + } else { + seg->prot = (phdr->p_flags & PF_R) ? PROT_READ : 0; + seg->prot |= (phdr->p_flags & PF_W) ? PROT_WRITE : 0; + seg->prot |= (phdr->p_flags & PF_X) ? PROT_EXEC : 0; + seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot; + } + + seg->offset = (phdr->p_offset & PAGE_MASK) - src_offset; + seg->size = (phdr->p_filesz + PAGE_SIZE - 1) & PAGE_MASK; + + printf("0x%016lx 0x%016lx 0x%02x\n", seg->offset, seg->size, + seg->prot); + + j++; + } + + assert(j == encl->nr_segments); + + encl->src = encl->bin + src_offset; + encl->src_size = encl->segment_tbl[j - 1].offset + + encl->segment_tbl[j - 1].size; + + for (encl->encl_size = 4096; encl->encl_size < encl->src_size; ) + encl->encl_size <<= 1; + + return true; + +err: + encl_delete(encl); + return false; +} + +static bool encl_map_area(struct encl *encl) +{ + size_t encl_size = encl->encl_size; + void *area; + + area = mmap(NULL, encl_size * 2, PROT_NONE, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + if (area == MAP_FAILED) { + perror("mmap"); + return false; + } + + encl->encl_base = ((uint64_t)area + encl_size - 1) & ~(encl_size - 1); + + munmap(area, encl->encl_base - (uint64_t)area); + munmap((void *)(encl->encl_base + encl_size), + (uint64_t)area + encl_size - encl->encl_base); + + return true; +} + +bool encl_build(struct encl *encl) +{ + struct sgx_enclave_init ioc; + int ret; + int i; + + if (!encl_map_area(encl)) + return false; + + if (!encl_ioc_create(encl)) + return false; + + /* + * Pages must be added before mapping VMAs because their permissions + * cap the VMA permissions. + */ + for (i = 0; i < encl->nr_segments; i++) { + struct encl_segment *seg = &encl->segment_tbl[i]; + + if (!encl_ioc_add_pages(encl, seg)) + return false; + } + + ioc.sigstruct = (uint64_t)&encl->sigstruct; + ret = ioctl(encl->fd, SGX_IOC_ENCLAVE_INIT, &ioc); + if (ret) { + fprintf(stderr, "SGX_IOC_ENCLAVE_INIT failed: errno=%d\n", + errno); + return false; + } + + return true; +} diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c new file mode 100644 index 000000000000..5394b2f6af8e --- /dev/null +++ b/tools/testing/selftests/sgx/main.c @@ -0,0 +1,199 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <elf.h> +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/ioctl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/types.h> +#include "defines.h" +#include "main.h" + +static const uint64_t MAGIC = 0x1122334455667788ULL; +vdso_sgx_enter_enclave_t eenter; + +struct vdso_symtab { + Elf64_Sym *elf_symtab; + const char *elf_symstrtab; + Elf64_Word *elf_hashtab; +}; + +static void *vdso_get_base_addr(char *envp[]) +{ + Elf64_auxv_t *auxv; + int i; + + for (i = 0; envp[i]; i++) + ; + + auxv = (Elf64_auxv_t *)&envp[i + 1]; + + for (i = 0; auxv[i].a_type != AT_NULL; i++) { + if (auxv[i].a_type == AT_SYSINFO_EHDR) + return (void *)auxv[i].a_un.a_val; + } + + return NULL; +} + +static Elf64_Dyn *vdso_get_dyntab(void *addr) +{ + Elf64_Ehdr *ehdr = addr; + Elf64_Phdr *phdrtab = addr + ehdr->e_phoff; + int i; + + for (i = 0; i < ehdr->e_phnum; i++) + if (phdrtab[i].p_type == PT_DYNAMIC) + return addr + phdrtab[i].p_offset; + + return NULL; +} + +static void *vdso_get_dyn(void *addr, Elf64_Dyn *dyntab, Elf64_Sxword tag) +{ + int i; + + for (i = 0; dyntab[i].d_tag != DT_NULL; i++) + if (dyntab[i].d_tag == tag) + return addr + dyntab[i].d_un.d_ptr; + + return NULL; +} + +static bool vdso_get_symtab(void *addr, struct vdso_symtab *symtab) +{ + Elf64_Dyn *dyntab = vdso_get_dyntab(addr); + + symtab->elf_symtab = vdso_get_dyn(addr, dyntab, DT_SYMTAB); + if (!symtab->elf_symtab) + return false; + + symtab->elf_symstrtab = vdso_get_dyn(addr, dyntab, DT_STRTAB); + if (!symtab->elf_symstrtab) + return false; + + symtab->elf_hashtab = vdso_get_dyn(addr, dyntab, DT_HASH); + if (!symtab->elf_hashtab) + return false; + + return true; +} + +static unsigned long elf_sym_hash(const char *name) +{ + unsigned long h = 0, high; + + while (*name) { + h = (h << 4) + *name++; + high = h & 0xf0000000; + + if (high) + h ^= high >> 24; + + h &= ~high; + } + + return h; +} + +static Elf64_Sym *vdso_symtab_get(struct vdso_symtab *symtab, const char *name) +{ + Elf64_Word bucketnum = symtab->elf_hashtab[0]; + Elf64_Word *buckettab = &symtab->elf_hashtab[2]; + Elf64_Word *chaintab = &symtab->elf_hashtab[2 + bucketnum]; + Elf64_Sym *sym; + Elf64_Word i; + + for (i = buckettab[elf_sym_hash(name) % bucketnum]; i != STN_UNDEF; + i = chaintab[i]) { + sym = &symtab->elf_symtab[i]; + if (!strcmp(name, &symtab->elf_symstrtab[sym->st_name])) + return sym; + } + + return NULL; +} + +int main(int argc, char *argv[], char *envp[]) +{ + struct sgx_enclave_exception exception; + struct vdso_symtab symtab; + Elf64_Sym *eenter_sym; + uint64_t result = 0; + struct encl encl; + unsigned int i; + void *addr; + + if (!encl_load("test_encl.elf", &encl)) + goto err; + + if (!encl_measure(&encl)) + goto err; + + if (!encl_build(&encl)) + goto err; + + /* + * An enclave consumer only must do this. + */ + for (i = 0; i < encl.nr_segments; i++) { + struct encl_segment *seg = &encl.segment_tbl[i]; + + addr = mmap((void *)encl.encl_base + seg->offset, seg->size, + seg->prot, MAP_SHARED | MAP_FIXED, encl.fd, 0); + if (addr == MAP_FAILED) { + fprintf(stderr, "mmap() failed, errno=%d.\n", errno); + return false; + } + } + + memset(&exception, 0, sizeof(exception)); + + addr = vdso_get_base_addr(envp); + if (!addr) + goto err; + + if (!vdso_get_symtab(addr, &symtab)) + goto err; + + eenter_sym = vdso_symtab_get(&symtab, "__vdso_sgx_enter_enclave"); + if (!eenter_sym) + goto err; + + eenter = addr + eenter_sym->st_value; + + sgx_call_vdso((void *)&MAGIC, &result, 0, EENTER, NULL, NULL, + (void *)encl.encl_base, &exception, NULL); + if (result != MAGIC) { + printf("FAIL: sgx_call_vdso(), expected: 0x%lx, got: 0x%lx\n", + MAGIC, result); + goto err; + } + + /* Invoke the vDSO directly. */ + result = 0; + eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER, 0, 0, + (void *)encl.encl_base, &exception, NULL); + if (result != MAGIC) { + printf("FAIL: eenter(), expected: 0x%lx, got: 0x%lx\n", + MAGIC, result); + goto err; + } + + printf("SUCCESS\n"); + encl_delete(&encl); + exit(0); + +err: + encl_delete(&encl); + exit(1); +} diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h new file mode 100644 index 000000000000..999422cc7343 --- /dev/null +++ b/tools/testing/selftests/sgx/main.h @@ -0,0 +1,38 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright(c) 2016-19 Intel Corporation. + */ + +#ifndef MAIN_H +#define MAIN_H + +struct encl_segment { + off_t offset; + size_t size; + unsigned int prot; + unsigned int flags; +}; + +struct encl { + int fd; + void *bin; + off_t bin_size; + void *src; + size_t src_size; + size_t encl_size; + off_t encl_base; + unsigned int nr_segments; + struct encl_segment *segment_tbl; + struct sgx_secs secs; + struct sgx_sigstruct sigstruct; +}; + +void encl_delete(struct encl *ctx); +bool encl_load(const char *path, struct encl *encl); +bool encl_measure(struct encl *encl); +bool encl_build(struct encl *encl); + +int sgx_call_vdso(void *rdi, void *rsi, long rdx, u32 leaf, void *r8, void *r9, + void *tcs, struct sgx_enclave_exception *ei, void *cb); + +#endif /* MAIN_H */ diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c new file mode 100644 index 000000000000..ceddad478672 --- /dev/null +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -0,0 +1,395 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#define _GNU_SOURCE +#include <assert.h> +#include <getopt.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <unistd.h> +#include <openssl/err.h> +#include <openssl/pem.h> +#include "defines.h" +#include "main.h" + +struct q1q2_ctx { + BN_CTX *bn_ctx; + BIGNUM *m; + BIGNUM *s; + BIGNUM *q1; + BIGNUM *qr; + BIGNUM *q2; +}; + +static void free_q1q2_ctx(struct q1q2_ctx *ctx) +{ + BN_CTX_free(ctx->bn_ctx); + BN_free(ctx->m); + BN_free(ctx->s); + BN_free(ctx->q1); + BN_free(ctx->qr); + BN_free(ctx->q2); +} + +static bool alloc_q1q2_ctx(const uint8_t *s, const uint8_t *m, + struct q1q2_ctx *ctx) +{ + ctx->bn_ctx = BN_CTX_new(); + ctx->s = BN_bin2bn(s, SGX_MODULUS_SIZE, NULL); + ctx->m = BN_bin2bn(m, SGX_MODULUS_SIZE, NULL); + ctx->q1 = BN_new(); + ctx->qr = BN_new(); + ctx->q2 = BN_new(); + + if (!ctx->bn_ctx || !ctx->s || !ctx->m || !ctx->q1 || !ctx->qr || + !ctx->q2) { + free_q1q2_ctx(ctx); + return false; + } + + return true; +} + +static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1, + uint8_t *q2) +{ + struct q1q2_ctx ctx; + + if (!alloc_q1q2_ctx(s, m, &ctx)) { + fprintf(stderr, "Not enough memory for Q1Q2 calculation\n"); + return false; + } + + if (!BN_mul(ctx.q1, ctx.s, ctx.s, ctx.bn_ctx)) + goto out; + + if (!BN_div(ctx.q1, ctx.qr, ctx.q1, ctx.m, ctx.bn_ctx)) + goto out; + + if (BN_num_bytes(ctx.q1) > SGX_MODULUS_SIZE) { + fprintf(stderr, "Too large Q1 %d bytes\n", + BN_num_bytes(ctx.q1)); + goto out; + } + + if (!BN_mul(ctx.q2, ctx.s, ctx.qr, ctx.bn_ctx)) + goto out; + + if (!BN_div(ctx.q2, NULL, ctx.q2, ctx.m, ctx.bn_ctx)) + goto out; + + if (BN_num_bytes(ctx.q2) > SGX_MODULUS_SIZE) { + fprintf(stderr, "Too large Q2 %d bytes\n", + BN_num_bytes(ctx.q2)); + goto out; + } + + BN_bn2bin(ctx.q1, q1); + BN_bn2bin(ctx.q2, q2); + + free_q1q2_ctx(&ctx); + return true; +out: + free_q1q2_ctx(&ctx); + return false; +} + +struct sgx_sigstruct_payload { + struct sgx_sigstruct_header header; + struct sgx_sigstruct_body body; +}; + +static bool check_crypto_errors(void) +{ + int err; + bool had_errors = false; + const char *filename; + int line; + char str[256]; + + for ( ; ; ) { + if (ERR_peek_error() == 0) + break; + + had_errors = true; + err = ERR_get_error_line(&filename, &line); + ERR_error_string_n(err, str, sizeof(str)); + fprintf(stderr, "crypto: %s: %s:%d\n", str, filename, line); + } + + return had_errors; +} + +static inline const BIGNUM *get_modulus(RSA *key) +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return key->n; +#else + const BIGNUM *n; + + RSA_get0_key(key, &n, NULL, NULL); + return n; +#endif +} + +static RSA *gen_sign_key(void) +{ + BIGNUM *e; + RSA *key; + int ret; + + e = BN_new(); + key = RSA_new(); + + if (!e || !key) + goto err; + + ret = BN_set_word(e, RSA_3); + if (ret != 1) + goto err; + + ret = RSA_generate_key_ex(key, 3072, e, NULL); + if (ret != 1) + goto err; + + BN_free(e); + + return key; + +err: + RSA_free(key); + BN_free(e); + + return NULL; +} + +static void reverse_bytes(void *data, int length) +{ + int i = 0; + int j = length - 1; + uint8_t temp; + uint8_t *ptr = data; + + while (i < j) { + temp = ptr[i]; + ptr[i] = ptr[j]; + ptr[j] = temp; + i++; + j--; + } +} + +enum mrtags { + MRECREATE = 0x0045544145524345, + MREADD = 0x0000000044444145, + MREEXTEND = 0x00444E4554584545, +}; + +static bool mrenclave_update(EVP_MD_CTX *ctx, const void *data) +{ + if (!EVP_DigestUpdate(ctx, data, 64)) { + fprintf(stderr, "digest update failed\n"); + return false; + } + + return true; +} + +static bool mrenclave_commit(EVP_MD_CTX *ctx, uint8_t *mrenclave) +{ + unsigned int size; + + if (!EVP_DigestFinal_ex(ctx, (unsigned char *)mrenclave, &size)) { + fprintf(stderr, "digest commit failed\n"); + return false; + } + + if (size != 32) { + fprintf(stderr, "invalid digest size = %u\n", size); + return false; + } + + return true; +} + +struct mrecreate { + uint64_t tag; + uint32_t ssaframesize; + uint64_t size; + uint8_t reserved[44]; +} __attribute__((__packed__)); + + +static bool mrenclave_ecreate(EVP_MD_CTX *ctx, uint64_t blob_size) +{ + struct mrecreate mrecreate; + uint64_t encl_size; + + for (encl_size = 0x1000; encl_size < blob_size; ) + encl_size <<= 1; + + memset(&mrecreate, 0, sizeof(mrecreate)); + mrecreate.tag = MRECREATE; + mrecreate.ssaframesize = 1; + mrecreate.size = encl_size; + + if (!EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)) + return false; + + return mrenclave_update(ctx, &mrecreate); +} + +struct mreadd { + uint64_t tag; + uint64_t offset; + uint64_t flags; /* SECINFO flags */ + uint8_t reserved[40]; +} __attribute__((__packed__)); + +static bool mrenclave_eadd(EVP_MD_CTX *ctx, uint64_t offset, uint64_t flags) +{ + struct mreadd mreadd; + + memset(&mreadd, 0, sizeof(mreadd)); + mreadd.tag = MREADD; + mreadd.offset = offset; + mreadd.flags = flags; + + return mrenclave_update(ctx, &mreadd); +} + +struct mreextend { + uint64_t tag; + uint64_t offset; + uint8_t reserved[48]; +} __attribute__((__packed__)); + +static bool mrenclave_eextend(EVP_MD_CTX *ctx, uint64_t offset, + const uint8_t *data) +{ + struct mreextend mreextend; + int i; + + for (i = 0; i < 0x1000; i += 0x100) { + memset(&mreextend, 0, sizeof(mreextend)); + mreextend.tag = MREEXTEND; + mreextend.offset = offset + i; + + if (!mrenclave_update(ctx, &mreextend)) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x00])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x40])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x80])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0xC0])) + return false; + } + + return true; +} + +static bool mrenclave_segment(EVP_MD_CTX *ctx, struct encl *encl, + struct encl_segment *seg) +{ + uint64_t end = seg->offset + seg->size; + uint64_t offset; + + for (offset = seg->offset; offset < end; offset += PAGE_SIZE) { + if (!mrenclave_eadd(ctx, offset, seg->flags)) + return false; + + if (!mrenclave_eextend(ctx, offset, encl->src + offset)) + return false; + } + + return true; +} + +bool encl_measure(struct encl *encl) +{ + uint64_t header1[2] = {0x000000E100000006, 0x0000000000010000}; + uint64_t header2[2] = {0x0000006000000101, 0x0000000100000060}; + struct sgx_sigstruct *sigstruct = &encl->sigstruct; + struct sgx_sigstruct_payload payload; + uint8_t digest[SHA256_DIGEST_LENGTH]; + unsigned int siglen; + RSA *key = NULL; + EVP_MD_CTX *ctx; + int i; + + memset(sigstruct, 0, sizeof(*sigstruct)); + + sigstruct->header.header1[0] = header1[0]; + sigstruct->header.header1[1] = header1[1]; + sigstruct->header.header2[0] = header2[0]; + sigstruct->header.header2[1] = header2[1]; + sigstruct->exponent = 3; + sigstruct->body.attributes = SGX_ATTR_MODE64BIT; + sigstruct->body.xfrm = 3; + + /* sanity check */ + if (check_crypto_errors()) + goto err; + + key = gen_sign_key(); + if (!key) + goto err; + + BN_bn2bin(get_modulus(key), sigstruct->modulus); + + ctx = EVP_MD_CTX_create(); + if (!ctx) + goto err; + + if (!mrenclave_ecreate(ctx, encl->src_size)) + goto err; + + for (i = 0; i < encl->nr_segments; i++) { + struct encl_segment *seg = &encl->segment_tbl[i]; + + if (!mrenclave_segment(ctx, encl, seg)) + goto err; + } + + if (!mrenclave_commit(ctx, sigstruct->body.mrenclave)) + goto err; + + memcpy(&payload.header, &sigstruct->header, sizeof(sigstruct->header)); + memcpy(&payload.body, &sigstruct->body, sizeof(sigstruct->body)); + + SHA256((unsigned char *)&payload, sizeof(payload), digest); + + if (!RSA_sign(NID_sha256, digest, SHA256_DIGEST_LENGTH, + sigstruct->signature, &siglen, key)) + goto err; + + if (!calc_q1q2(sigstruct->signature, sigstruct->modulus, sigstruct->q1, + sigstruct->q2)) + goto err; + + /* BE -> LE */ + reverse_bytes(sigstruct->signature, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->modulus, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->q1, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->q2, SGX_MODULUS_SIZE); + + EVP_MD_CTX_destroy(ctx); + RSA_free(key); + return true; + +err: + EVP_MD_CTX_destroy(ctx); + RSA_free(key); + return false; +} diff --git a/tools/testing/selftests/sgx/test_encl.c b/tools/testing/selftests/sgx/test_encl.c new file mode 100644 index 000000000000..ede915399742 --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl.c @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <stddef.h> +#include "defines.h" + +static void *memcpy(void *dest, const void *src, size_t n) +{ + size_t i; + + for (i = 0; i < n; i++) + ((char *)dest)[i] = ((char *)src)[i]; + + return dest; +} + +void encl_body(void *rdi, void *rsi) +{ + memcpy(rsi, rdi, 8); +} diff --git a/tools/testing/selftests/sgx/test_encl.lds b/tools/testing/selftests/sgx/test_encl.lds new file mode 100644 index 000000000000..0fbbda7e665e --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl.lds @@ -0,0 +1,40 @@ +OUTPUT_FORMAT(elf64-x86-64) + +PHDRS +{ + tcs PT_LOAD; + text PT_LOAD; + data PT_LOAD; +} + +SECTIONS +{ + . = 0; + .tcs : { + *(.tcs*) + } : tcs + + . = ALIGN(4096); + .text : { + *(.text*) + *(.rodata*) + } : text + + . = ALIGN(4096); + .data : { + *(.data*) + } : data + + /DISCARD/ : { + *(.comment*) + *(.note*) + *(.debug*) + *(.eh_frame*) + } +} + +ASSERT(!DEFINED(.altinstructions), "ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.altinstr_replacement), "ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.discard.retpoline_safe), "RETPOLINE ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.discard.nospec), "RETPOLINE ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.got.plt), "Libcalls are not supported in enclaves") diff --git a/tools/testing/selftests/sgx/test_encl_bootstrap.S b/tools/testing/selftests/sgx/test_encl_bootstrap.S new file mode 100644 index 000000000000..6836ea86126e --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl_bootstrap.S @@ -0,0 +1,89 @@ +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */ +/* + * Copyright(c) 2016-18 Intel Corporation. + */ + + .macro ENCLU + .byte 0x0f, 0x01, 0xd7 + .endm + + .section ".tcs", "aw" + .balign 4096 + + .fill 1, 8, 0 # STATE (set by CPU) + .fill 1, 8, 0 # FLAGS + .quad encl_ssa # OSSA + .fill 1, 4, 0 # CSSA (set by CPU) + .fill 1, 4, 1 # NSSA + .quad encl_entry # OENTRY + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME) + .fill 1, 8, 0 # OFSBASE + .fill 1, 8, 0 # OGSBASE + .fill 1, 4, 0xFFFFFFFF # FSLIMIT + .fill 1, 4, 0xFFFFFFFF # GSLIMIT + .fill 4024, 1, 0 # Reserved + + # Identical to the previous TCS. + .fill 1, 8, 0 # STATE (set by CPU) + .fill 1, 8, 0 # FLAGS + .quad encl_ssa # OSSA + .fill 1, 4, 0 # CSSA (set by CPU) + .fill 1, 4, 1 # NSSA + .quad encl_entry # OENTRY + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME) + .fill 1, 8, 0 # OFSBASE + .fill 1, 8, 0 # OGSBASE + .fill 1, 4, 0xFFFFFFFF # FSLIMIT + .fill 1, 4, 0xFFFFFFFF # GSLIMIT + .fill 4024, 1, 0 # Reserved + + .text + +encl_entry: + # RBX contains the base address for TCS, which is also the first address + # inside the enclave. By adding the value of le_stack_end to it, we get + # the absolute address for the stack. + lea (encl_stack)(%rbx), %rax + xchg %rsp, %rax + push %rax + + push %rcx # push the address after EENTER + push %rbx # push the enclave base address + + call encl_body + + pop %rbx # pop the enclave base address + + /* Clear volatile GPRs, except RAX (EEXIT leaf). */ + xor %rcx, %rcx + xor %rdx, %rdx + xor %rdi, %rdi + xor %rsi, %rsi + xor %r8, %r8 + xor %r9, %r9 + xor %r10, %r10 + xor %r11, %r11 + + # Reset status flags. + add %rdx, %rdx # OF = SF = AF = CF = 0; ZF = PF = 1 + + # Prepare EEXIT target by popping the address of the instruction after + # EENTER to RBX. + pop %rbx + + # Restore the caller stack. + pop %rax + mov %rax, %rsp + + # EEXIT + mov $4, %rax + enclu + + .section ".data", "aw" + +encl_ssa: + .space 4096 + + .balign 4096 + .space 8192 +encl_stack: -- 2.25.1

4 years, 9 months

1
0
0 0

[PATCH v34 22/24] selftests/x86: Add a selftest for SGX

by Jarkko Sakkinen

Add a selftest for SGX. It is a trivial test where a simple enclave copies one 64-bit word of memory between two memory locations. Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/sgx/.gitignore | 2 + tools/testing/selftests/sgx/Makefile | 53 +++ tools/testing/selftests/sgx/call.S | 54 +++ tools/testing/selftests/sgx/defines.h | 21 + tools/testing/selftests/sgx/load.c | 282 +++++++++++++ tools/testing/selftests/sgx/main.c | 199 +++++++++ tools/testing/selftests/sgx/main.h | 38 ++ tools/testing/selftests/sgx/sigstruct.c | 395 ++++++++++++++++++ tools/testing/selftests/sgx/test_encl.c | 20 + tools/testing/selftests/sgx/test_encl.lds | 40 ++ .../selftests/sgx/test_encl_bootstrap.S | 89 ++++ 12 files changed, 1194 insertions(+) create mode 100644 tools/testing/selftests/sgx/.gitignore create mode 100644 tools/testing/selftests/sgx/Makefile create mode 100644 tools/testing/selftests/sgx/call.S create mode 100644 tools/testing/selftests/sgx/defines.h create mode 100644 tools/testing/selftests/sgx/load.c create mode 100644 tools/testing/selftests/sgx/main.c create mode 100644 tools/testing/selftests/sgx/main.h create mode 100644 tools/testing/selftests/sgx/sigstruct.c create mode 100644 tools/testing/selftests/sgx/test_encl.c create mode 100644 tools/testing/selftests/sgx/test_encl.lds create mode 100644 tools/testing/selftests/sgx/test_encl_bootstrap.S diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 1195bd85af38..ec7be6d5a10d 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -64,6 +64,7 @@ TARGETS += user TARGETS += vm TARGETS += x86 TARGETS += zram +TARGETS += sgx #Please keep the TARGETS list alphabetically sorted # Run "make quicktest=1 run_tests" or # "make quicktest=1 kselftest" from top level Makefile diff --git a/tools/testing/selftests/sgx/.gitignore b/tools/testing/selftests/sgx/.gitignore new file mode 100644 index 000000000000..fbaf0bda9a92 --- /dev/null +++ b/tools/testing/selftests/sgx/.gitignore @@ -0,0 +1,2 @@ +test_sgx +test_encl.elf diff --git a/tools/testing/selftests/sgx/Makefile b/tools/testing/selftests/sgx/Makefile new file mode 100644 index 000000000000..95e5c4df8014 --- /dev/null +++ b/tools/testing/selftests/sgx/Makefile @@ -0,0 +1,53 @@ +top_srcdir = ../../../.. + +include ../lib.mk + +.PHONY: all clean + +CAN_BUILD_X86_64 := $(shell ../x86/check_cc.sh $(CC) \ + ../x86/trivial_64bit_program.c) + +ifndef OBJCOPY +OBJCOPY := $(CROSS_COMPILE)objcopy +endif + +INCLUDES := -I$(top_srcdir)/tools/include +HOST_CFLAGS := -Wall -Werror -g $(INCLUDES) -fPIC -z noexecstack +ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \ + -fno-stack-protector -mrdrnd $(INCLUDES) + +TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx $(OUTPUT)/test_encl.elf + +ifeq ($(CAN_BUILD_X86_64), 1) +all: $(TEST_CUSTOM_PROGS) +endif + +$(OUTPUT)/test_sgx: $(OUTPUT)/main.o \ + $(OUTPUT)/load.o \ + $(OUTPUT)/sigstruct.o \ + $(OUTPUT)/call.o + $(CC) $(HOST_CFLAGS) -o $@ $^ -lcrypto + +$(OUTPUT)/main.o: main.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/load.o: load.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/sigstruct.o: sigstruct.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/call.o: call.S + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/test_encl.elf: test_encl.lds test_encl.c test_encl_bootstrap.S + $(CC) $(ENCL_CFLAGS) -T $^ -o $@ + +EXTRA_CLEAN := \ + $(OUTPUT)/test_encl.elf \ + $(OUTPUT)/load.o \ + $(OUTPUT)/call.o \ + $(OUTPUT)/main.o \ + $(OUTPUT)/sigstruct.o \ + $(OUTPUT)/test_sgx \ + $(OUTPUT)/test_sgx.o \ diff --git a/tools/testing/selftests/sgx/call.S b/tools/testing/selftests/sgx/call.S new file mode 100644 index 000000000000..77131e83db42 --- /dev/null +++ b/tools/testing/selftests/sgx/call.S @@ -0,0 +1,54 @@ +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */ +/** +* Copyright(c) 2016-18 Intel Corporation. +*/ + + .text + + .macro ENCLU + .byte 0x0f, 0x01, 0xd7 + .endm + + .text + + .global sgx_call_vdso +sgx_call_vdso: + .cfi_startproc + push %r15 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r15, 0 + push %r14 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r14, 0 + push %r13 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r13, 0 + push %r12 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r12, 0 + push %rbx + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %rbx, 0 + push $0 + .cfi_adjust_cfa_offset 8 + push 0x48(%rsp) + .cfi_adjust_cfa_offset 8 + push 0x48(%rsp) + .cfi_adjust_cfa_offset 8 + push 0x48(%rsp) + .cfi_adjust_cfa_offset 8 + call *eenter(%rip) + add $0x20, %rsp + .cfi_adjust_cfa_offset -0x20 + pop %rbx + .cfi_adjust_cfa_offset -8 + pop %r12 + .cfi_adjust_cfa_offset -8 + pop %r13 + .cfi_adjust_cfa_offset -8 + pop %r14 + .cfi_adjust_cfa_offset -8 + pop %r15 + .cfi_adjust_cfa_offset -8 + ret + .cfi_endproc diff --git a/tools/testing/selftests/sgx/defines.h b/tools/testing/selftests/sgx/defines.h new file mode 100644 index 000000000000..be8969922804 --- /dev/null +++ b/tools/testing/selftests/sgx/defines.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright(c) 2016-19 Intel Corporation. + */ + +#ifndef DEFINES_H +#define DEFINES_H + +#include <stdint.h> + +#define PAGE_SIZE 4096 +#define PAGE_MASK (~(PAGE_SIZE - 1)) + +#define __aligned(x) __attribute__((__aligned__(x))) +#define __packed __attribute__((packed)) + +#include "../../../../arch/x86/kernel/cpu/sgx/arch.h" +#include "../../../../arch/x86/include/asm/enclu.h" +#include "../../../../arch/x86/include/uapi/asm/sgx.h" + +#endif /* DEFINES_H */ diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c new file mode 100644 index 000000000000..91407036541c --- /dev/null +++ b/tools/testing/selftests/sgx/load.c @@ -0,0 +1,282 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <assert.h> +#include <elf.h> +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/ioctl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/types.h> +#include "defines.h" +#include "main.h" + +void encl_delete(struct encl *encl) +{ + if (encl->encl_base) + munmap((void *)encl->encl_base, encl->encl_size); + + if (encl->bin) + munmap(encl->bin, encl->bin_size); + + if (encl->fd) + close(encl->fd); + + if (encl->segment_tbl) + free(encl->segment_tbl); + + memset(encl, 0, sizeof(*encl)); +} + +static bool encl_map_bin(const char *path, struct encl *encl) +{ + struct stat sb; + void *bin; + int ret; + int fd; + + fd = open(path, O_RDONLY); + if (fd == -1) { + perror("open()"); + return false; + } + + ret = stat(path, &sb); + if (ret) { + perror("stat()"); + goto err; + } + + bin = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); + if (bin == MAP_FAILED) { + perror("mmap()"); + goto err; + } + + encl->bin = bin; + encl->bin_size = sb.st_size; + + close(fd); + return true; + +err: + close(fd); + return false; +} + +static bool encl_ioc_create(struct encl *encl) +{ + struct sgx_secs *secs = &encl->secs; + struct sgx_enclave_create ioc; + int rc; + + assert(encl->encl_base != 0); + + memset(secs, 0, sizeof(*secs)); + secs->ssa_frame_size = 1; + secs->attributes = SGX_ATTR_MODE64BIT; + secs->xfrm = 3; + secs->base = encl->encl_base; + secs->size = encl->encl_size; + + ioc.src = (unsigned long)secs; + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_CREATE, &ioc); + if (rc) { + fprintf(stderr, "SGX_IOC_ENCLAVE_CREATE failed: errno=%d\n", + errno); + munmap((void *)secs->base, encl->encl_size); + return false; + } + + return true; +} + +static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg) +{ + struct sgx_enclave_add_pages ioc; + struct sgx_secinfo secinfo; + int rc; + + memset(&secinfo, 0, sizeof(secinfo)); + secinfo.flags = seg->flags; + + ioc.src = (uint64_t)encl->src + seg->offset; + ioc.offset = seg->offset; + ioc.length = seg->size; + ioc.secinfo = (unsigned long)&secinfo; + ioc.flags = SGX_PAGE_MEASURE; + + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc); + if (rc) { + fprintf(stderr, "SGX_IOC_ENCLAVE_ADD_PAGES failed: errno=%d.\n", + errno); + return false; + } + + if (ioc.count != ioc.length) { + fprintf(stderr, "A segment not fully processed.\n"); + return false; + } + + return true; +} + +bool encl_load(const char *path, struct encl *encl) +{ + Elf64_Phdr *phdr_tbl; + off_t src_offset; + Elf64_Ehdr *ehdr; + int i, j; + int ret; + + memset(encl, 0, sizeof(*encl)); + + ret = open("/dev/sgx/enclave", O_RDWR); + if (ret < 0) { + fprintf(stderr, "Unable to open /dev/sgx\n"); + goto err; + } + + encl->fd = ret; + + if (!encl_map_bin(path, encl)) + goto err; + + ehdr = encl->bin; + phdr_tbl = encl->bin + ehdr->e_phoff; + + for (i = 0; i < ehdr->e_phnum; i++) { + Elf64_Phdr *phdr = &phdr_tbl[i]; + + if (phdr->p_type == PT_LOAD) + encl->nr_segments++; + } + + encl->segment_tbl = calloc(encl->nr_segments, + sizeof(struct encl_segment)); + if (!encl->segment_tbl) + goto err; + + for (i = 0, j = 0; i < ehdr->e_phnum; i++) { + Elf64_Phdr *phdr = &phdr_tbl[i]; + unsigned int flags = phdr->p_flags; + struct encl_segment *seg; + + if (phdr->p_type != PT_LOAD) + continue; + + seg = &encl->segment_tbl[j]; + + if (!!(flags & ~(PF_R | PF_W | PF_X))) { + fprintf(stderr, + "%d has invalid segment flags 0x%02x.\n", i, + phdr->p_flags); + goto err; + } + + if (j == 0 && flags != (PF_R | PF_W)) { + fprintf(stderr, + "TCS has invalid segment flags 0x%02x.\n", + phdr->p_flags); + goto err; + } + + if (j == 0) { + src_offset = (phdr->p_offset & PAGE_MASK) - src_offset; + + seg->prot = PROT_READ | PROT_WRITE; + seg->flags = SGX_PAGE_TYPE_TCS << 8; + } else { + seg->prot = (phdr->p_flags & PF_R) ? PROT_READ : 0; + seg->prot |= (phdr->p_flags & PF_W) ? PROT_WRITE : 0; + seg->prot |= (phdr->p_flags & PF_X) ? PROT_EXEC : 0; + seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot; + } + + seg->offset = (phdr->p_offset & PAGE_MASK) - src_offset; + seg->size = (phdr->p_filesz + PAGE_SIZE - 1) & PAGE_MASK; + + printf("0x%016lx 0x%016lx 0x%02x\n", seg->offset, seg->size, + seg->prot); + + j++; + } + + assert(j == encl->nr_segments); + + encl->src = encl->bin + src_offset; + encl->src_size = encl->segment_tbl[j - 1].offset + + encl->segment_tbl[j - 1].size; + + for (encl->encl_size = 4096; encl->encl_size < encl->src_size; ) + encl->encl_size <<= 1; + + return true; + +err: + encl_delete(encl); + return false; +} + +static bool encl_map_area(struct encl *encl) +{ + size_t encl_size = encl->encl_size; + void *area; + + area = mmap(NULL, encl_size * 2, PROT_NONE, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + if (area == MAP_FAILED) { + perror("mmap"); + return false; + } + + encl->encl_base = ((uint64_t)area + encl_size - 1) & ~(encl_size - 1); + + munmap(area, encl->encl_base - (uint64_t)area); + munmap((void *)(encl->encl_base + encl_size), + (uint64_t)area + encl_size - encl->encl_base); + + return true; +} + +bool encl_build(struct encl *encl) +{ + struct sgx_enclave_init ioc; + int ret; + int i; + + if (!encl_map_area(encl)) + return false; + + if (!encl_ioc_create(encl)) + return false; + + /* + * Pages must be added before mapping VMAs because their permissions + * cap the VMA permissions. + */ + for (i = 0; i < encl->nr_segments; i++) { + struct encl_segment *seg = &encl->segment_tbl[i]; + + if (!encl_ioc_add_pages(encl, seg)) + return false; + } + + ioc.sigstruct = (uint64_t)&encl->sigstruct; + ret = ioctl(encl->fd, SGX_IOC_ENCLAVE_INIT, &ioc); + if (ret) { + fprintf(stderr, "SGX_IOC_ENCLAVE_INIT failed: errno=%d\n", + errno); + return false; + } + + return true; +} diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c new file mode 100644 index 000000000000..5394b2f6af8e --- /dev/null +++ b/tools/testing/selftests/sgx/main.c @@ -0,0 +1,199 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <elf.h> +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/ioctl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/types.h> +#include "defines.h" +#include "main.h" + +static const uint64_t MAGIC = 0x1122334455667788ULL; +vdso_sgx_enter_enclave_t eenter; + +struct vdso_symtab { + Elf64_Sym *elf_symtab; + const char *elf_symstrtab; + Elf64_Word *elf_hashtab; +}; + +static void *vdso_get_base_addr(char *envp[]) +{ + Elf64_auxv_t *auxv; + int i; + + for (i = 0; envp[i]; i++) + ; + + auxv = (Elf64_auxv_t *)&envp[i + 1]; + + for (i = 0; auxv[i].a_type != AT_NULL; i++) { + if (auxv[i].a_type == AT_SYSINFO_EHDR) + return (void *)auxv[i].a_un.a_val; + } + + return NULL; +} + +static Elf64_Dyn *vdso_get_dyntab(void *addr) +{ + Elf64_Ehdr *ehdr = addr; + Elf64_Phdr *phdrtab = addr + ehdr->e_phoff; + int i; + + for (i = 0; i < ehdr->e_phnum; i++) + if (phdrtab[i].p_type == PT_DYNAMIC) + return addr + phdrtab[i].p_offset; + + return NULL; +} + +static void *vdso_get_dyn(void *addr, Elf64_Dyn *dyntab, Elf64_Sxword tag) +{ + int i; + + for (i = 0; dyntab[i].d_tag != DT_NULL; i++) + if (dyntab[i].d_tag == tag) + return addr + dyntab[i].d_un.d_ptr; + + return NULL; +} + +static bool vdso_get_symtab(void *addr, struct vdso_symtab *symtab) +{ + Elf64_Dyn *dyntab = vdso_get_dyntab(addr); + + symtab->elf_symtab = vdso_get_dyn(addr, dyntab, DT_SYMTAB); + if (!symtab->elf_symtab) + return false; + + symtab->elf_symstrtab = vdso_get_dyn(addr, dyntab, DT_STRTAB); + if (!symtab->elf_symstrtab) + return false; + + symtab->elf_hashtab = vdso_get_dyn(addr, dyntab, DT_HASH); + if (!symtab->elf_hashtab) + return false; + + return true; +} + +static unsigned long elf_sym_hash(const char *name) +{ + unsigned long h = 0, high; + + while (*name) { + h = (h << 4) + *name++; + high = h & 0xf0000000; + + if (high) + h ^= high >> 24; + + h &= ~high; + } + + return h; +} + +static Elf64_Sym *vdso_symtab_get(struct vdso_symtab *symtab, const char *name) +{ + Elf64_Word bucketnum = symtab->elf_hashtab[0]; + Elf64_Word *buckettab = &symtab->elf_hashtab[2]; + Elf64_Word *chaintab = &symtab->elf_hashtab[2 + bucketnum]; + Elf64_Sym *sym; + Elf64_Word i; + + for (i = buckettab[elf_sym_hash(name) % bucketnum]; i != STN_UNDEF; + i = chaintab[i]) { + sym = &symtab->elf_symtab[i]; + if (!strcmp(name, &symtab->elf_symstrtab[sym->st_name])) + return sym; + } + + return NULL; +} + +int main(int argc, char *argv[], char *envp[]) +{ + struct sgx_enclave_exception exception; + struct vdso_symtab symtab; + Elf64_Sym *eenter_sym; + uint64_t result = 0; + struct encl encl; + unsigned int i; + void *addr; + + if (!encl_load("test_encl.elf", &encl)) + goto err; + + if (!encl_measure(&encl)) + goto err; + + if (!encl_build(&encl)) + goto err; + + /* + * An enclave consumer only must do this. + */ + for (i = 0; i < encl.nr_segments; i++) { + struct encl_segment *seg = &encl.segment_tbl[i]; + + addr = mmap((void *)encl.encl_base + seg->offset, seg->size, + seg->prot, MAP_SHARED | MAP_FIXED, encl.fd, 0); + if (addr == MAP_FAILED) { + fprintf(stderr, "mmap() failed, errno=%d.\n", errno); + return false; + } + } + + memset(&exception, 0, sizeof(exception)); + + addr = vdso_get_base_addr(envp); + if (!addr) + goto err; + + if (!vdso_get_symtab(addr, &symtab)) + goto err; + + eenter_sym = vdso_symtab_get(&symtab, "__vdso_sgx_enter_enclave"); + if (!eenter_sym) + goto err; + + eenter = addr + eenter_sym->st_value; + + sgx_call_vdso((void *)&MAGIC, &result, 0, EENTER, NULL, NULL, + (void *)encl.encl_base, &exception, NULL); + if (result != MAGIC) { + printf("FAIL: sgx_call_vdso(), expected: 0x%lx, got: 0x%lx\n", + MAGIC, result); + goto err; + } + + /* Invoke the vDSO directly. */ + result = 0; + eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER, 0, 0, + (void *)encl.encl_base, &exception, NULL); + if (result != MAGIC) { + printf("FAIL: eenter(), expected: 0x%lx, got: 0x%lx\n", + MAGIC, result); + goto err; + } + + printf("SUCCESS\n"); + encl_delete(&encl); + exit(0); + +err: + encl_delete(&encl); + exit(1); +} diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h new file mode 100644 index 000000000000..999422cc7343 --- /dev/null +++ b/tools/testing/selftests/sgx/main.h @@ -0,0 +1,38 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright(c) 2016-19 Intel Corporation. + */ + +#ifndef MAIN_H +#define MAIN_H + +struct encl_segment { + off_t offset; + size_t size; + unsigned int prot; + unsigned int flags; +}; + +struct encl { + int fd; + void *bin; + off_t bin_size; + void *src; + size_t src_size; + size_t encl_size; + off_t encl_base; + unsigned int nr_segments; + struct encl_segment *segment_tbl; + struct sgx_secs secs; + struct sgx_sigstruct sigstruct; +}; + +void encl_delete(struct encl *ctx); +bool encl_load(const char *path, struct encl *encl); +bool encl_measure(struct encl *encl); +bool encl_build(struct encl *encl); + +int sgx_call_vdso(void *rdi, void *rsi, long rdx, u32 leaf, void *r8, void *r9, + void *tcs, struct sgx_enclave_exception *ei, void *cb); + +#endif /* MAIN_H */ diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c new file mode 100644 index 000000000000..ceddad478672 --- /dev/null +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -0,0 +1,395 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#define _GNU_SOURCE +#include <assert.h> +#include <getopt.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <unistd.h> +#include <openssl/err.h> +#include <openssl/pem.h> +#include "defines.h" +#include "main.h" + +struct q1q2_ctx { + BN_CTX *bn_ctx; + BIGNUM *m; + BIGNUM *s; + BIGNUM *q1; + BIGNUM *qr; + BIGNUM *q2; +}; + +static void free_q1q2_ctx(struct q1q2_ctx *ctx) +{ + BN_CTX_free(ctx->bn_ctx); + BN_free(ctx->m); + BN_free(ctx->s); + BN_free(ctx->q1); + BN_free(ctx->qr); + BN_free(ctx->q2); +} + +static bool alloc_q1q2_ctx(const uint8_t *s, const uint8_t *m, + struct q1q2_ctx *ctx) +{ + ctx->bn_ctx = BN_CTX_new(); + ctx->s = BN_bin2bn(s, SGX_MODULUS_SIZE, NULL); + ctx->m = BN_bin2bn(m, SGX_MODULUS_SIZE, NULL); + ctx->q1 = BN_new(); + ctx->qr = BN_new(); + ctx->q2 = BN_new(); + + if (!ctx->bn_ctx || !ctx->s || !ctx->m || !ctx->q1 || !ctx->qr || + !ctx->q2) { + free_q1q2_ctx(ctx); + return false; + } + + return true; +} + +static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1, + uint8_t *q2) +{ + struct q1q2_ctx ctx; + + if (!alloc_q1q2_ctx(s, m, &ctx)) { + fprintf(stderr, "Not enough memory for Q1Q2 calculation\n"); + return false; + } + + if (!BN_mul(ctx.q1, ctx.s, ctx.s, ctx.bn_ctx)) + goto out; + + if (!BN_div(ctx.q1, ctx.qr, ctx.q1, ctx.m, ctx.bn_ctx)) + goto out; + + if (BN_num_bytes(ctx.q1) > SGX_MODULUS_SIZE) { + fprintf(stderr, "Too large Q1 %d bytes\n", + BN_num_bytes(ctx.q1)); + goto out; + } + + if (!BN_mul(ctx.q2, ctx.s, ctx.qr, ctx.bn_ctx)) + goto out; + + if (!BN_div(ctx.q2, NULL, ctx.q2, ctx.m, ctx.bn_ctx)) + goto out; + + if (BN_num_bytes(ctx.q2) > SGX_MODULUS_SIZE) { + fprintf(stderr, "Too large Q2 %d bytes\n", + BN_num_bytes(ctx.q2)); + goto out; + } + + BN_bn2bin(ctx.q1, q1); + BN_bn2bin(ctx.q2, q2); + + free_q1q2_ctx(&ctx); + return true; +out: + free_q1q2_ctx(&ctx); + return false; +} + +struct sgx_sigstruct_payload { + struct sgx_sigstruct_header header; + struct sgx_sigstruct_body body; +}; + +static bool check_crypto_errors(void) +{ + int err; + bool had_errors = false; + const char *filename; + int line; + char str[256]; + + for ( ; ; ) { + if (ERR_peek_error() == 0) + break; + + had_errors = true; + err = ERR_get_error_line(&filename, &line); + ERR_error_string_n(err, str, sizeof(str)); + fprintf(stderr, "crypto: %s: %s:%d\n", str, filename, line); + } + + return had_errors; +} + +static inline const BIGNUM *get_modulus(RSA *key) +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return key->n; +#else + const BIGNUM *n; + + RSA_get0_key(key, &n, NULL, NULL); + return n; +#endif +} + +static RSA *gen_sign_key(void) +{ + BIGNUM *e; + RSA *key; + int ret; + + e = BN_new(); + key = RSA_new(); + + if (!e || !key) + goto err; + + ret = BN_set_word(e, RSA_3); + if (ret != 1) + goto err; + + ret = RSA_generate_key_ex(key, 3072, e, NULL); + if (ret != 1) + goto err; + + BN_free(e); + + return key; + +err: + RSA_free(key); + BN_free(e); + + return NULL; +} + +static void reverse_bytes(void *data, int length) +{ + int i = 0; + int j = length - 1; + uint8_t temp; + uint8_t *ptr = data; + + while (i < j) { + temp = ptr[i]; + ptr[i] = ptr[j]; + ptr[j] = temp; + i++; + j--; + } +} + +enum mrtags { + MRECREATE = 0x0045544145524345, + MREADD = 0x0000000044444145, + MREEXTEND = 0x00444E4554584545, +}; + +static bool mrenclave_update(EVP_MD_CTX *ctx, const void *data) +{ + if (!EVP_DigestUpdate(ctx, data, 64)) { + fprintf(stderr, "digest update failed\n"); + return false; + } + + return true; +} + +static bool mrenclave_commit(EVP_MD_CTX *ctx, uint8_t *mrenclave) +{ + unsigned int size; + + if (!EVP_DigestFinal_ex(ctx, (unsigned char *)mrenclave, &size)) { + fprintf(stderr, "digest commit failed\n"); + return false; + } + + if (size != 32) { + fprintf(stderr, "invalid digest size = %u\n", size); + return false; + } + + return true; +} + +struct mrecreate { + uint64_t tag; + uint32_t ssaframesize; + uint64_t size; + uint8_t reserved[44]; +} __attribute__((__packed__)); + + +static bool mrenclave_ecreate(EVP_MD_CTX *ctx, uint64_t blob_size) +{ + struct mrecreate mrecreate; + uint64_t encl_size; + + for (encl_size = 0x1000; encl_size < blob_size; ) + encl_size <<= 1; + + memset(&mrecreate, 0, sizeof(mrecreate)); + mrecreate.tag = MRECREATE; + mrecreate.ssaframesize = 1; + mrecreate.size = encl_size; + + if (!EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)) + return false; + + return mrenclave_update(ctx, &mrecreate); +} + +struct mreadd { + uint64_t tag; + uint64_t offset; + uint64_t flags; /* SECINFO flags */ + uint8_t reserved[40]; +} __attribute__((__packed__)); + +static bool mrenclave_eadd(EVP_MD_CTX *ctx, uint64_t offset, uint64_t flags) +{ + struct mreadd mreadd; + + memset(&mreadd, 0, sizeof(mreadd)); + mreadd.tag = MREADD; + mreadd.offset = offset; + mreadd.flags = flags; + + return mrenclave_update(ctx, &mreadd); +} + +struct mreextend { + uint64_t tag; + uint64_t offset; + uint8_t reserved[48]; +} __attribute__((__packed__)); + +static bool mrenclave_eextend(EVP_MD_CTX *ctx, uint64_t offset, + const uint8_t *data) +{ + struct mreextend mreextend; + int i; + + for (i = 0; i < 0x1000; i += 0x100) { + memset(&mreextend, 0, sizeof(mreextend)); + mreextend.tag = MREEXTEND; + mreextend.offset = offset + i; + + if (!mrenclave_update(ctx, &mreextend)) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x00])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x40])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x80])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0xC0])) + return false; + } + + return true; +} + +static bool mrenclave_segment(EVP_MD_CTX *ctx, struct encl *encl, + struct encl_segment *seg) +{ + uint64_t end = seg->offset + seg->size; + uint64_t offset; + + for (offset = seg->offset; offset < end; offset += PAGE_SIZE) { + if (!mrenclave_eadd(ctx, offset, seg->flags)) + return false; + + if (!mrenclave_eextend(ctx, offset, encl->src + offset)) + return false; + } + + return true; +} + +bool encl_measure(struct encl *encl) +{ + uint64_t header1[2] = {0x000000E100000006, 0x0000000000010000}; + uint64_t header2[2] = {0x0000006000000101, 0x0000000100000060}; + struct sgx_sigstruct *sigstruct = &encl->sigstruct; + struct sgx_sigstruct_payload payload; + uint8_t digest[SHA256_DIGEST_LENGTH]; + unsigned int siglen; + RSA *key = NULL; + EVP_MD_CTX *ctx; + int i; + + memset(sigstruct, 0, sizeof(*sigstruct)); + + sigstruct->header.header1[0] = header1[0]; + sigstruct->header.header1[1] = header1[1]; + sigstruct->header.header2[0] = header2[0]; + sigstruct->header.header2[1] = header2[1]; + sigstruct->exponent = 3; + sigstruct->body.attributes = SGX_ATTR_MODE64BIT; + sigstruct->body.xfrm = 3; + + /* sanity check */ + if (check_crypto_errors()) + goto err; + + key = gen_sign_key(); + if (!key) + goto err; + + BN_bn2bin(get_modulus(key), sigstruct->modulus); + + ctx = EVP_MD_CTX_create(); + if (!ctx) + goto err; + + if (!mrenclave_ecreate(ctx, encl->src_size)) + goto err; + + for (i = 0; i < encl->nr_segments; i++) { + struct encl_segment *seg = &encl->segment_tbl[i]; + + if (!mrenclave_segment(ctx, encl, seg)) + goto err; + } + + if (!mrenclave_commit(ctx, sigstruct->body.mrenclave)) + goto err; + + memcpy(&payload.header, &sigstruct->header, sizeof(sigstruct->header)); + memcpy(&payload.body, &sigstruct->body, sizeof(sigstruct->body)); + + SHA256((unsigned char *)&payload, sizeof(payload), digest); + + if (!RSA_sign(NID_sha256, digest, SHA256_DIGEST_LENGTH, + sigstruct->signature, &siglen, key)) + goto err; + + if (!calc_q1q2(sigstruct->signature, sigstruct->modulus, sigstruct->q1, + sigstruct->q2)) + goto err; + + /* BE -> LE */ + reverse_bytes(sigstruct->signature, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->modulus, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->q1, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->q2, SGX_MODULUS_SIZE); + + EVP_MD_CTX_destroy(ctx); + RSA_free(key); + return true; + +err: + EVP_MD_CTX_destroy(ctx); + RSA_free(key); + return false; +} diff --git a/tools/testing/selftests/sgx/test_encl.c b/tools/testing/selftests/sgx/test_encl.c new file mode 100644 index 000000000000..ede915399742 --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl.c @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <stddef.h> +#include "defines.h" + +static void *memcpy(void *dest, const void *src, size_t n) +{ + size_t i; + + for (i = 0; i < n; i++) + ((char *)dest)[i] = ((char *)src)[i]; + + return dest; +} + +void encl_body(void *rdi, void *rsi) +{ + memcpy(rsi, rdi, 8); +} diff --git a/tools/testing/selftests/sgx/test_encl.lds b/tools/testing/selftests/sgx/test_encl.lds new file mode 100644 index 000000000000..0fbbda7e665e --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl.lds @@ -0,0 +1,40 @@ +OUTPUT_FORMAT(elf64-x86-64) + +PHDRS +{ + tcs PT_LOAD; + text PT_LOAD; + data PT_LOAD; +} + +SECTIONS +{ + . = 0; + .tcs : { + *(.tcs*) + } : tcs + + . = ALIGN(4096); + .text : { + *(.text*) + *(.rodata*) + } : text + + . = ALIGN(4096); + .data : { + *(.data*) + } : data + + /DISCARD/ : { + *(.comment*) + *(.note*) + *(.debug*) + *(.eh_frame*) + } +} + +ASSERT(!DEFINED(.altinstructions), "ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.altinstr_replacement), "ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.discard.retpoline_safe), "RETPOLINE ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.discard.nospec), "RETPOLINE ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.got.plt), "Libcalls are not supported in enclaves") diff --git a/tools/testing/selftests/sgx/test_encl_bootstrap.S b/tools/testing/selftests/sgx/test_encl_bootstrap.S new file mode 100644 index 000000000000..6836ea86126e --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl_bootstrap.S @@ -0,0 +1,89 @@ +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */ +/* + * Copyright(c) 2016-18 Intel Corporation. + */ + + .macro ENCLU + .byte 0x0f, 0x01, 0xd7 + .endm + + .section ".tcs", "aw" + .balign 4096 + + .fill 1, 8, 0 # STATE (set by CPU) + .fill 1, 8, 0 # FLAGS + .quad encl_ssa # OSSA + .fill 1, 4, 0 # CSSA (set by CPU) + .fill 1, 4, 1 # NSSA + .quad encl_entry # OENTRY + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME) + .fill 1, 8, 0 # OFSBASE + .fill 1, 8, 0 # OGSBASE + .fill 1, 4, 0xFFFFFFFF # FSLIMIT + .fill 1, 4, 0xFFFFFFFF # GSLIMIT + .fill 4024, 1, 0 # Reserved + + # Identical to the previous TCS. + .fill 1, 8, 0 # STATE (set by CPU) + .fill 1, 8, 0 # FLAGS + .quad encl_ssa # OSSA + .fill 1, 4, 0 # CSSA (set by CPU) + .fill 1, 4, 1 # NSSA + .quad encl_entry # OENTRY + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME) + .fill 1, 8, 0 # OFSBASE + .fill 1, 8, 0 # OGSBASE + .fill 1, 4, 0xFFFFFFFF # FSLIMIT + .fill 1, 4, 0xFFFFFFFF # GSLIMIT + .fill 4024, 1, 0 # Reserved + + .text + +encl_entry: + # RBX contains the base address for TCS, which is also the first address + # inside the enclave. By adding the value of le_stack_end to it, we get + # the absolute address for the stack. + lea (encl_stack)(%rbx), %rax + xchg %rsp, %rax + push %rax + + push %rcx # push the address after EENTER + push %rbx # push the enclave base address + + call encl_body + + pop %rbx # pop the enclave base address + + /* Clear volatile GPRs, except RAX (EEXIT leaf). */ + xor %rcx, %rcx + xor %rdx, %rdx + xor %rdi, %rdi + xor %rsi, %rsi + xor %r8, %r8 + xor %r9, %r9 + xor %r10, %r10 + xor %r11, %r11 + + # Reset status flags. + add %rdx, %rdx # OF = SF = AF = CF = 0; ZF = PF = 1 + + # Prepare EEXIT target by popping the address of the instruction after + # EENTER to RBX. + pop %rbx + + # Restore the caller stack. + pop %rax + mov %rax, %rsp + + # EEXIT + mov $4, %rax + enclu + + .section ".data", "aw" + +encl_ssa: + .space 4096 + + .balign 4096 + .space 8192 +encl_stack: -- 2.25.1

4 years, 9 months

1
0
0 0

[PATCH v4] selftests: tpm: upgrade TPM2 tests from Python 2 to Python 3

by Pengfei Xu

Python 2 is no longer supported by the Python upstream project, so upgrade TPM2 tests to Python 3. Signed-off-by: Pengfei Xu <pengfei.xu(a)intel.com> --- tools/testing/selftests/tpm2/test_smoke.sh | 4 +- tools/testing/selftests/tpm2/test_space.sh | 2 +- tools/testing/selftests/tpm2/tpm2.py | 56 +++++++++++----------- tools/testing/selftests/tpm2/tpm2_tests.py | 39 +++++++-------- 4 files changed, 52 insertions(+), 49 deletions(-) diff --git a/tools/testing/selftests/tpm2/test_smoke.sh b/tools/testing/selftests/tpm2/test_smoke.sh index 663062701d5a..d05467f6d258 100755 --- a/tools/testing/selftests/tpm2/test_smoke.sh +++ b/tools/testing/selftests/tpm2/test_smoke.sh @@ -6,8 +6,8 @@ ksft_skip=4 [ -f /dev/tpm0 ] || exit $ksft_skip -python -m unittest -v tpm2_tests.SmokeTest -python -m unittest -v tpm2_tests.AsyncTest +python3 -m unittest -v tpm2_tests.SmokeTest +python3 -m unittest -v tpm2_tests.AsyncTest CLEAR_CMD=$(which tpm2_clear) if [ -n $CLEAR_CMD ]; then diff --git a/tools/testing/selftests/tpm2/test_space.sh b/tools/testing/selftests/tpm2/test_space.sh index 36c9d030a1c6..151c64e8ee9f 100755 --- a/tools/testing/selftests/tpm2/test_space.sh +++ b/tools/testing/selftests/tpm2/test_space.sh @@ -6,4 +6,4 @@ ksft_skip=4 [ -f /dev/tpmrm0 ] || exit $ksft_skip -python -m unittest -v tpm2_tests.SpaceTest +python3 -m unittest -v tpm2_tests.SpaceTest diff --git a/tools/testing/selftests/tpm2/tpm2.py b/tools/testing/selftests/tpm2/tpm2.py index d0fcb66a88a6..f34486cd7342 100644 --- a/tools/testing/selftests/tpm2/tpm2.py +++ b/tools/testing/selftests/tpm2/tpm2.py @@ -247,14 +247,14 @@ class ProtocolError(Exception): class AuthCommand(object): """TPMS_AUTH_COMMAND""" - def __init__(self, session_handle=TPM2_RS_PW, nonce='', session_attributes=0, - hmac=''): + def __init__(self, session_handle=TPM2_RS_PW, nonce=bytes(), + session_attributes=0, hmac=bytes()): self.session_handle = session_handle self.nonce = nonce self.session_attributes = session_attributes self.hmac = hmac - def __str__(self): + def __bytes__(self): fmt = '>I H%us B H%us' % (len(self.nonce), len(self.hmac)) return struct.pack(fmt, self.session_handle, len(self.nonce), self.nonce, self.session_attributes, len(self.hmac), @@ -268,11 +268,11 @@ class AuthCommand(object): class SensitiveCreate(object): """TPMS_SENSITIVE_CREATE""" - def __init__(self, user_auth='', data=''): + def __init__(self, user_auth=bytes(), data=bytes()): self.user_auth = user_auth self.data = data - def __str__(self): + def __bytes__(self): fmt = '>H%us H%us' % (len(self.user_auth), len(self.data)) return struct.pack(fmt, len(self.user_auth), self.user_auth, len(self.data), self.data) @@ -296,8 +296,9 @@ class Public(object): return '>HHIH%us%usH%us' % \ (len(self.auth_policy), len(self.parameters), len(self.unique)) - def __init__(self, object_type, name_alg, object_attributes, auth_policy='', - parameters='', unique=''): + def __init__(self, object_type, name_alg, object_attributes, + auth_policy=bytes(), parameters=bytes(), + unique=bytes()): self.object_type = object_type self.name_alg = name_alg self.object_attributes = object_attributes @@ -305,7 +306,7 @@ class Public(object): self.parameters = parameters self.unique = unique - def __str__(self): + def __bytes__(self): return struct.pack(self.__fmt(), self.object_type, self.name_alg, @@ -343,7 +344,7 @@ def get_algorithm(name): def hex_dump(d): d = [format(ord(x), '02x') for x in d] - d = [d[i: i + 16] for i in xrange(0, len(d), 16)] + d = [d[i: i + 16] for i in range(0, len(d), 16)] d = [' '.join(x) for x in d] d = os.linesep.join(d) @@ -401,7 +402,7 @@ class Client: pcrsel_len = max((i >> 3) + 1, 3) pcrsel = [0] * pcrsel_len pcrsel[i >> 3] = 1 << (i & 7) - pcrsel = ''.join(map(chr, pcrsel)) + pcrsel = ''.join(map(chr, pcrsel)).encode() fmt = '>HII IHB%us' % (pcrsel_len) cmd = struct.pack(fmt, @@ -443,7 +444,7 @@ class Client: TPM2_CC_PCR_EXTEND, i, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), 1, bank_alg, dig) self.send_cmd(cmd) @@ -457,7 +458,7 @@ class Client: TPM2_RH_NULL, TPM2_RH_NULL, 16, - '\0' * 16, + ('\0' * 16).encode(), 0, session_type, TPM2_ALG_NULL, @@ -472,7 +473,7 @@ class Client: for i in pcrs: pcr = self.read_pcr(i, bank_alg) - if pcr == None: + if pcr is None: return None x += pcr @@ -489,7 +490,7 @@ class Client: pcrsel = [0] * pcrsel_len for i in pcrs: pcrsel[i >> 3] |= 1 << (i & 7) - pcrsel = ''.join(map(chr, pcrsel)) + pcrsel = ''.join(map(chr, pcrsel)).encode() fmt = '>HII IH%usIHB3s' % ds cmd = struct.pack(fmt, @@ -497,7 +498,8 @@ class Client: struct.calcsize(fmt), TPM2_CC_POLICY_PCR, handle, - len(dig), str(dig), + len(dig), + bytes(dig), 1, bank_alg, pcrsel_len, pcrsel) @@ -534,7 +536,7 @@ class Client: self.send_cmd(cmd) - def create_root_key(self, auth_value = ''): + def create_root_key(self, auth_value = bytes()): attributes = \ Public.FIXED_TPM | \ Public.FIXED_PARENT | \ @@ -570,11 +572,11 @@ class Client: TPM2_CC_CREATE_PRIMARY, TPM2_RH_OWNER, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), len(sensitive), - str(sensitive), + bytes(sensitive), len(public), - str(public), + bytes(public), 0, 0) return struct.unpack('>I', self.send_cmd(cmd)[10:14])[0] @@ -587,7 +589,7 @@ class Client: attributes = 0 if not policy_dig: attributes |= Public.USER_WITH_AUTH - policy_dig = '' + policy_dig = bytes() auth_cmd = AuthCommand() sensitive = SensitiveCreate(user_auth=auth_value, data=data) @@ -608,11 +610,11 @@ class Client: TPM2_CC_CREATE, parent_key, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), len(sensitive), - str(sensitive), + bytes(sensitive), len(public), - str(public), + bytes(public), 0, 0) rsp = self.send_cmd(cmd) @@ -635,7 +637,7 @@ class Client: TPM2_CC_LOAD, parent_key, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), blob) data_handle = struct.unpack('>I', self.send_cmd(cmd)[10:14])[0] @@ -653,7 +655,7 @@ class Client: TPM2_CC_UNSEAL, data_handle, len(auth_cmd), - str(auth_cmd)) + bytes(auth_cmd)) try: rsp = self.send_cmd(cmd) @@ -675,7 +677,7 @@ class Client: TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET, TPM2_RH_LOCKOUT, len(auth_cmd), - str(auth_cmd)) + bytes(auth_cmd)) self.send_cmd(cmd) @@ -693,7 +695,7 @@ class Client: more_data, cap, cnt = struct.unpack('>BII', rsp[:9]) rsp = rsp[9:] - for i in xrange(0, cnt): + for i in range(0, cnt): handle = struct.unpack('>I', rsp[:4])[0] handles.append(handle) rsp = rsp[4:] diff --git a/tools/testing/selftests/tpm2/tpm2_tests.py b/tools/testing/selftests/tpm2/tpm2_tests.py index 728be7c69b76..9d764306887b 100644 --- a/tools/testing/selftests/tpm2/tpm2_tests.py +++ b/tools/testing/selftests/tpm2/tpm2_tests.py @@ -20,8 +20,8 @@ class SmokeTest(unittest.TestCase): self.client.close() def test_seal_with_auth(self): - data = 'X' * 64 - auth = 'A' * 15 + data = ('X' * 64).encode() + auth = ('A' * 15).encode() blob = self.client.seal(self.root_key, data, auth, None) result = self.client.unseal(self.root_key, blob, auth, None) @@ -30,8 +30,8 @@ class SmokeTest(unittest.TestCase): def test_seal_with_policy(self): handle = self.client.start_auth_session(tpm2.TPM2_SE_TRIAL) - data = 'X' * 64 - auth = 'A' * 15 + data = ('X' * 64).encode() + auth = ('A' * 15).encode() pcrs = [16] try: @@ -58,14 +58,15 @@ class SmokeTest(unittest.TestCase): self.assertEqual(data, result) def test_unseal_with_wrong_auth(self): - data = 'X' * 64 - auth = 'A' * 20 + data = ('X' * 64).encode() + auth = ('A' * 20).encode() rc = 0 blob = self.client.seal(self.root_key, data, auth, None) try: - result = self.client.unseal(self.root_key, blob, auth[:-1] + 'B', None) - except ProtocolError, e: + result = self.client.unseal(self.root_key, blob, + auth[:-1] + 'B'.encode(), None) + except ProtocolError as e: rc = e.rc self.assertEqual(rc, tpm2.TPM2_RC_AUTH_FAIL) @@ -73,8 +74,8 @@ class SmokeTest(unittest.TestCase): def test_unseal_with_wrong_policy(self): handle = self.client.start_auth_session(tpm2.TPM2_SE_TRIAL) - data = 'X' * 64 - auth = 'A' * 17 + data = ('X' * 64).encode() + auth = ('A' * 17).encode() pcrs = [16] try: @@ -91,7 +92,7 @@ class SmokeTest(unittest.TestCase): # This should succeed. ds = tpm2.get_digest_size(tpm2.TPM2_ALG_SHA1) - self.client.extend_pcr(1, 'X' * ds) + self.client.extend_pcr(1, ('X' * ds).encode()) handle = self.client.start_auth_session(tpm2.TPM2_SE_POLICY) @@ -108,7 +109,7 @@ class SmokeTest(unittest.TestCase): # Then, extend a PCR that is part of the policy and try to unseal. # This should fail. - self.client.extend_pcr(16, 'X' * ds) + self.client.extend_pcr(16, ('X' * ds).encode()) handle = self.client.start_auth_session(tpm2.TPM2_SE_POLICY) @@ -119,7 +120,7 @@ class SmokeTest(unittest.TestCase): self.client.policy_password(handle) result = self.client.unseal(self.root_key, blob, auth, handle) - except ProtocolError, e: + except ProtocolError as e: rc = e.rc self.client.flush_context(handle) except: @@ -130,13 +131,13 @@ class SmokeTest(unittest.TestCase): def test_seal_with_too_long_auth(self): ds = tpm2.get_digest_size(tpm2.TPM2_ALG_SHA1) - data = 'X' * 64 - auth = 'A' * (ds + 1) + data = ('X' * 64).encode() + auth = ('A' * (ds + 1)).encode() rc = 0 try: blob = self.client.seal(self.root_key, data, auth, None) - except ProtocolError, e: + except ProtocolError as e: rc = e.rc self.assertEqual(rc, tpm2.TPM2_RC_SIZE) @@ -152,7 +153,7 @@ class SmokeTest(unittest.TestCase): 0xDEADBEEF) self.client.send_cmd(cmd) - except IOError, e: + except IOError as e: rejected = True except: pass @@ -212,7 +213,7 @@ class SmokeTest(unittest.TestCase): self.client.tpm.write(cmd) rsp = self.client.tpm.read() - except IOError, e: + except IOError as e: # read the response rsp = self.client.tpm.read() rejected = True @@ -283,7 +284,7 @@ class SpaceTest(unittest.TestCase): rc = 0 try: space1.send_cmd(cmd) - except ProtocolError, e: + except ProtocolError as e: rc = e.rc self.assertEqual(rc, tpm2.TPM2_RC_COMMAND_CODE | -- 2.17.1

4 years, 9 months

3
6
0 0

[PATCH 0/2] KUnit-Kmemleak Integration

by Uriel Guajardo

From: Uriel Guajardo <urielguajardo(a)google.com> With these patches, KUnit can access and manually run kmemleak in every test case. Any errors caught by kmemleak will cause the KUnit test to fail. This patchset relies on "kunit: KASAN integration", which places the currently running kunit test in task_struct. [1] [1] https://lore.kernel.org/linux-kselftest/20200606040349.246780-2-davidgow@go… Uriel Guajardo (2): kunit: support kunit failures from debugging tools kunit: kmemleak integration include/kunit/test-bug.h | 15 +++++++++++++ include/kunit/test.h | 1 + include/linux/kmemleak.h | 11 ++++++++++ lib/Kconfig.debug | 26 +++++++++++++++++++++++ lib/kunit/test.c | 46 +++++++++++++++++++++++++++++++++++----- mm/kmemleak.c | 27 +++++++++++++++++------ 6 files changed, 115 insertions(+), 11 deletions(-) create mode 100644 include/kunit/test-bug.h -- 2.27.0.212.ge8ba1cc988-goog

4 years, 9 months

1
2
0 0

[RFC PATCH for 5.8 4/4] rseq: selftests: Expect reliable cpu_id field

by Mathieu Desnoyers

The rseq selftests should discover whether the kernel implements the RSEQ_FLAG_RELIABLE_CPU_ID flag, which indicates that the __rseq_abi.cpu_id field is reliable. Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Shuah Khan <skhan(a)linuxfoundation.org> Cc: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Florian Weimer <fw(a)deneb.enyo.de> Cc: "Paul E. McKenney" <paulmck(a)linux.ibm.com> Cc: Boqun Feng <boqun.feng(a)gmail.com> Cc: "H . Peter Anvin" <hpa(a)zytor.com> Cc: Paul Turner <pjt(a)google.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Neel Natu <neelnatu(a)google.com> Cc: linux-api(a)vger.kernel.org Cc: linux-kselftest(a)vger.kernel.org --- tools/testing/selftests/rseq/rseq.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/rseq/rseq.c b/tools/testing/selftests/rseq/rseq.c index 7159eb777fd3..55f1edb0649c 100644 --- a/tools/testing/selftests/rseq/rseq.c +++ b/tools/testing/selftests/rseq/rseq.c @@ -73,6 +73,11 @@ static int sys_rseq(volatile struct rseq *rseq_abi, uint32_t rseq_len, return syscall(__NR_rseq, rseq_abi, rseq_len, flags, sig); } +static bool rseq_reliable_cpu_id(void) +{ + return sys_rseq(NULL, 0, RSEQ_FLAG_RELIABLE_CPU_ID, 0) == 0; +} + int rseq_register_current_thread(void) { int rc, ret = 0; @@ -87,7 +92,8 @@ int rseq_register_current_thread(void) } if (__rseq_refcount++) goto end; - rc = sys_rseq(&__rseq_abi, sizeof(struct rseq), 0, RSEQ_SIG); + rc = sys_rseq(&__rseq_abi, sizeof(struct rseq), + RSEQ_FLAG_REGISTER | RSEQ_FLAG_RELIABLE_CPU_ID, RSEQ_SIG); if (!rc) { assert(rseq_current_cpu_raw() >= 0); goto end; @@ -96,6 +102,8 @@ int rseq_register_current_thread(void) __rseq_abi.cpu_id = RSEQ_CPU_ID_REGISTRATION_FAILED; ret = -1; __rseq_refcount--; + if (errno == EINVAL && !rseq_reliable_cpu_id()) + fprintf(stderr, "Error: rseq does not provide a reliable cpu_id field.\n"); end: signal_restore(oldset); return ret; -- 2.17.1

4 years, 9 months

1
0
0 0

[PATCH net-next] selftests: mptcp: capture pcap on both sides

by Matthieu Baerts

When investigating performance issues that involve latency / loss / reordering it is useful to have the pcap from the sender-side as it allows to easier infer the state of the sender's congestion-control, loss-recovery, etc. Allow the selftests to capture a pcap on both sender and receiver so that this information is not lost when reproducing. This patch also improves the file names. Instead of: ns4-5ee79a56-X4O6gS-ns3-5ee79a56-X4O6gS-MPTCP-MPTCP-10.0.3.1.pcap We now have something like for the same test: 5ee79a56-X4O6gS-ns3-ns4-MPTCP-MPTCP-10.0.3.1-10030-connector.pcap 5ee79a56-X4O6gS-ns3-ns4-MPTCP-MPTCP-10.0.3.1-10030-listener.pcap It was a connection from ns3 to ns4, better to start with ns3 then. The port is also added, easier to find the trace we want. Co-developed-by: Christoph Paasch <cpaasch(a)apple.com> Signed-off-by: Christoph Paasch <cpaasch(a)apple.com> Signed-off-by: Matthieu Baerts <matthieu.baerts(a)tessares.net> --- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/testing/selftests/net/mptcp/mptcp_connect.sh index 8f7145c413b9..c0589e071f20 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh @@ -395,10 +395,14 @@ do_transfer() capuser="-Z $SUDO_USER" fi - local capfile="${listener_ns}-${connector_ns}-${cl_proto}-${srv_proto}-${connect_addr}.pcap" + local capfile="${rndh}-${connector_ns:0:3}-${listener_ns:0:3}-${cl_proto}-${srv_proto}-${connect_addr}-${port}" + local capopt="-i any -s 65535 -B 32768 ${capuser}" - ip netns exec ${listener_ns} tcpdump -i any -s 65535 -B 32768 $capuser -w $capfile > "$capout" 2>&1 & - local cappid=$! + ip netns exec ${listener_ns} tcpdump ${capopt} -w "${capfile}-listener.pcap" >> "${capout}" 2>&1 & + local cappid_listener=$! + + ip netns exec ${connector_ns} tcpdump ${capopt} -w "${capfile}-connector.pcap" >> "${capout}" 2>&1 & + local cappid_connector=$! sleep 1 fi @@ -423,7 +427,8 @@ do_transfer() if $capture; then sleep 1 - kill $cappid + kill ${cappid_listener} + kill ${cappid_connector} fi local duration -- 2.27.0

4 years, 9 months

2
1
0 0

[PATCH v5 0/7] Add seccomp notifier ioctl that enables adding fds

by Kees Cook

Hello! v5: - merge ioctl fixes into Sargun's patches directly - adjust new API to avoid "ufd_required" argument - drop general clean up patches now present in for-next/seccomp v4: https://lore.kernel.org/lkml/20200616032524.460144-1-keescook@chromium.org/ This continues the thread-merge between [1] and [2]. tl;dr: add a way for a seccomp user_notif process manager to inject files into the managed process in order to handle emulation of various fd-returning syscalls across security boundaries. Containers folks and Chrome are in need of the feature, and investigating this solution uncovered (and fixed) implementation issues with existing file sending routines. I intend to carry this in the seccomp tree, unless someone has objections. :) Please review and test! -Kees [1] https://lore.kernel.org/lkml/20200603011044.7972-1-sargun@sargun.me/ [2] https://lore.kernel.org/lkml/20200610045214.1175600-1-keescook@chromium.org/ Kees Cook (5): net/scm: Regularize compat handling of scm_detach_fds() fs: Move __scm_install_fd() to __fd_install_received() fs: Add fd_install_received() wrapper for __fd_install_received() pidfd: Replace open-coded partial fd_install_received() fs: Expand __fd_install_received() to accept fd Sargun Dhillon (2): seccomp: Introduce addfd ioctl to seccomp user notifier selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD fs/file.c | 63 +++++ include/linux/file.h | 19 ++ include/uapi/linux/seccomp.h | 22 ++ kernel/pid.c | 11 +- kernel/seccomp.c | 172 ++++++++++++- net/compat.c | 55 ++--- net/core/scm.c | 50 +--- tools/testing/selftests/seccomp/seccomp_bpf.c | 229 ++++++++++++++++++ 8 files changed, 540 insertions(+), 81 deletions(-) -- 2.25.1

4 years, 9 months

4
15
0 0

[PATCH 0/3] readfile(2): a new syscall to make open/read/close faster

by Greg Kroah-Hartman

Here is a tiny new syscall, readfile, that makes it simpler to read small/medium sized files all in one shot, no need to do open/read/close. This is especially helpful for tools that poke around in procfs or sysfs, making a little bit of a less system load than before, especially as syscall overheads go up over time due to various CPU bugs being addressed. There are 4 patches in this series, the first 3 are against the kernel tree, adding the syscall logic, wiring up the syscall, and adding some tests for it. The last patch is agains the man-pages project, adding a tiny man page to try to describe the new syscall. Greg Kroah-Hartman (3): readfile: implement readfile syscall arch: wire up the readfile syscall selftests: add readfile(2) selftests arch/alpha/kernel/syscalls/syscall.tbl | 1 + arch/arm/tools/syscall.tbl | 1 + arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 2 + arch/ia64/kernel/syscalls/syscall.tbl | 1 + arch/m68k/kernel/syscalls/syscall.tbl | 1 + arch/microblaze/kernel/syscalls/syscall.tbl | 1 + arch/mips/kernel/syscalls/syscall_n32.tbl | 1 + arch/mips/kernel/syscalls/syscall_n64.tbl | 1 + arch/mips/kernel/syscalls/syscall_o32.tbl | 1 + arch/parisc/kernel/syscalls/syscall.tbl | 1 + arch/powerpc/kernel/syscalls/syscall.tbl | 1 + arch/s390/kernel/syscalls/syscall.tbl | 1 + arch/sh/kernel/syscalls/syscall.tbl | 1 + arch/sparc/kernel/syscalls/syscall.tbl | 1 + arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + arch/xtensa/kernel/syscalls/syscall.tbl | 1 + fs/open.c | 50 +++ include/linux/syscalls.h | 2 + include/uapi/asm-generic/unistd.h | 4 +- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/readfile/.gitignore | 3 + tools/testing/selftests/readfile/Makefile | 7 + tools/testing/selftests/readfile/readfile.c | 285 +++++++++++++++++ .../selftests/readfile/readfile_speed.c | 301 ++++++++++++++++++ 26 files changed, 671 insertions(+), 2 deletions(-) create mode 100644 tools/testing/selftests/readfile/.gitignore create mode 100644 tools/testing/selftests/readfile/Makefile create mode 100644 tools/testing/selftests/readfile/readfile.c create mode 100644 tools/testing/selftests/readfile/readfile_speed.c -- 2.27.0

4 years, 9 months

7
21
0 0

[PATCH] Replace HTTP links with HTTPS ones: BPF (Safe dynamic programs and tools)

by Alexander A. Klimov

Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster(a)al2klimov.de> --- Continuing my work started at 93431e0607e5. If there are any URLs to be removed completely or at least not HTTPSified: Just clearly say so and I'll *undo my change*. See also https://lkml.org/lkml/2020/6/27/64 If there are any valid, but yet not changed URLs: See https://lkml.org/lkml/2020/6/26/837 Documentation/bpf/bpf_devel_QA.rst | 4 ++-- Documentation/bpf/index.rst | 2 +- Documentation/networking/af_xdp.rst | 2 +- Documentation/networking/filter.rst | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- include/linux/bpf.h | 2 +- include/linux/bpf_verifier.h | 2 +- include/uapi/linux/bpf.h | 2 +- kernel/bpf/arraymap.c | 2 +- kernel/bpf/core.c | 2 +- kernel/bpf/disasm.c | 2 +- kernel/bpf/disasm.h | 2 +- kernel/bpf/hashtab.c | 2 +- kernel/bpf/helpers.c | 2 +- kernel/bpf/syscall.c | 2 +- kernel/bpf/verifier.c | 2 +- kernel/trace/bpf_trace.c | 2 +- lib/test_bpf.c | 2 +- net/core/filter.c | 2 +- samples/bpf/lathist_kern.c | 2 +- samples/bpf/lathist_user.c | 2 +- samples/bpf/sockex3_kern.c | 2 +- samples/bpf/tracex1_kern.c | 2 +- samples/bpf/tracex2_kern.c | 2 +- samples/bpf/tracex3_kern.c | 2 +- samples/bpf/tracex3_user.c | 2 +- samples/bpf/tracex4_kern.c | 2 +- samples/bpf/tracex4_user.c | 2 +- samples/bpf/tracex5_kern.c | 2 +- tools/include/uapi/linux/bpf.h | 2 +- tools/lib/bpf/bpf.c | 2 +- tools/lib/bpf/bpf.h | 2 +- tools/testing/selftests/bpf/test_maps.c | 2 +- tools/testing/selftests/bpf/test_verifier.c | 2 +- 34 files changed, 35 insertions(+), 35 deletions(-) diff --git a/Documentation/bpf/bpf_devel_QA.rst b/Documentation/bpf/bpf_devel_QA.rst index 0b3db91dc100..fffb832d27d6 100644 --- a/Documentation/bpf/bpf_devel_QA.rst +++ b/Documentation/bpf/bpf_devel_QA.rst @@ -478,7 +478,7 @@ LLVM's static compiler lists the supported targets through ``llc --version``, make sure BPF targets are listed. Example:: $ llc --version - LLVM (http://llvm.org/): + LLVM (https://llvm.org/): LLVM version 6.0.0svn Optimized build. Default target: x86_64-unknown-linux-gnu @@ -496,7 +496,7 @@ BPF back end, it is advisable to run the latest LLVM releases. Support for new BPF kernel features such as additions to the BPF instruction set are often developed together. -All LLVM releases can be found at: http://releases.llvm.org/ +All LLVM releases can be found at: https://releases.llvm.org/ Q: Got it, so how do I build LLVM manually anyway? -------------------------------------------------- diff --git a/Documentation/bpf/index.rst b/Documentation/bpf/index.rst index 38b4db8be7a2..576ccfe5d560 100644 --- a/Documentation/bpf/index.rst +++ b/Documentation/bpf/index.rst @@ -62,4 +62,4 @@ Testing and debugging BPF .. _Documentation/networking/filter.rst: ../networking/filter.txt .. _man-pages: https://www.kernel.org/doc/man-pages/ .. _bpf(2): http://man7.org/linux/man-pages/man2/bpf.2.html -.. _BPF and XDP Reference Guide: http://cilium.readthedocs.io/en/latest/bpf/ +.. _BPF and XDP Reference Guide: https://cilium.readthedocs.io/en/latest/bpf/ diff --git a/Documentation/networking/af_xdp.rst b/Documentation/networking/af_xdp.rst index 5bc55a4e3bce..8c0e27e151f0 100644 --- a/Documentation/networking/af_xdp.rst +++ b/Documentation/networking/af_xdp.rst @@ -12,7 +12,7 @@ packet processing. This document assumes that the reader is familiar with BPF and XDP. If not, the Cilium project has an excellent reference guide at -http://cilium.readthedocs.io/en/latest/bpf/. +https://cilium.readthedocs.io/en/latest/bpf/. Using the XDP_REDIRECT action from an XDP program, the program can redirect ingress frames to other XDP enabled netdevs, using the diff --git a/Documentation/networking/filter.rst b/Documentation/networking/filter.rst index a1d3e192b9fa..c203a2d58a6f 100644 --- a/Documentation/networking/filter.rst +++ b/Documentation/networking/filter.rst @@ -56,7 +56,7 @@ Steven McCanne and Van Jacobson. 1993. The BSD packet filter: a new architecture for user-level packet capture. In Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings (USENIX'93). USENIX Association, Berkeley, -CA, USA, 2-2. [http://www.tcpdump.org/papers/bpf-usenix93.pdf] +CA, USA, 2-2. [https://www.tcpdump.org/papers/bpf-usenix93.pdf] Structure --------- diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c index 42b6709e6dc7..41bd7725f503 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -3,7 +3,7 @@ * bpf_jit_comp.c: BPF JIT compiler * * Copyright (C) 2011-2013 Eric Dumazet (eric.dumazet(a)gmail.com) - * Internal BPF Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com + * Internal BPF Copyright (c) 2011-2014 PLUMgrid, https://plumgrid.com */ #include <linux/netdevice.h> #include <linux/filter.h> diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 07052d44bca1..94b9ee4495ed 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: GPL-2.0-only */ -/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2011-2014 PLUMgrid, https://plumgrid.com */ #ifndef _LINUX_BPF_H #define _LINUX_BPF_H 1 diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h index ca08db4ffb5f..52e2aeedc3de 100644 --- a/include/linux/bpf_verifier.h +++ b/include/linux/bpf_verifier.h @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: GPL-2.0-only */ -/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2011-2014 PLUMgrid, https://plumgrid.com */ #ifndef _LINUX_BPF_VERIFIER_H #define _LINUX_BPF_VERIFIER_H 1 diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 974a71342aea..40af03e740aa 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2011-2014 PLUMgrid, https://plumgrid.com * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c index 11584618e861..43781c13f303 100644 --- a/kernel/bpf/arraymap.c +++ b/kernel/bpf/arraymap.c @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-2.0-only -/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2011-2014 PLUMgrid, https://plumgrid.com * Copyright (c) 2016,2017 Facebook */ #include <linux/bpf.h> diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index 9df4cc9a2907..10698be9d633 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -5,7 +5,7 @@ * Based on the design of the Berkeley Packet Filter. The new * internal format has been designed by PLUMgrid: * - * Copyright (c) 2011 - 2014 PLUMgrid, http://plumgrid.com + * Copyright (c) 2011 - 2014 PLUMgrid, https://plumgrid.com * * Authors: * diff --git a/kernel/bpf/disasm.c b/kernel/bpf/disasm.c index b44d8c447afd..6953c6a3b6fe 100644 --- a/kernel/bpf/disasm.c +++ b/kernel/bpf/disasm.c @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-2.0-only -/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2011-2014 PLUMgrid, https://plumgrid.com * Copyright (c) 2016 Facebook */ diff --git a/kernel/bpf/disasm.h b/kernel/bpf/disasm.h index e546b18d27da..cbac62e32f62 100644 --- a/kernel/bpf/disasm.h +++ b/kernel/bpf/disasm.h @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: GPL-2.0-only */ -/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2011-2014 PLUMgrid, https://plumgrid.com * Copyright (c) 2016 Facebook */ diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c index b4b288a3c3c9..eeaa94cffa44 100644 --- a/kernel/bpf/hashtab.c +++ b/kernel/bpf/hashtab.c @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-2.0-only -/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2011-2014 PLUMgrid, https://plumgrid.com * Copyright (c) 2016 Facebook */ #include <linux/bpf.h> diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c index be43ab3e619f..ce20177f4801 100644 --- a/kernel/bpf/helpers.c +++ b/kernel/bpf/helpers.c @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-2.0-only -/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2011-2014 PLUMgrid, https://plumgrid.com */ #include <linux/bpf.h> #include <linux/rcupdate.h> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 8da159936bab..922d899940fc 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-2.0-only -/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2011-2014 PLUMgrid, https://plumgrid.com */ #include <linux/bpf.h> #include <linux/bpf_trace.h> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 34cde841ab68..987e0a91b123 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-2.0-only -/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2011-2014 PLUMgrid, https://plumgrid.com * Copyright (c) 2016 Facebook * Copyright (c) 2018 Covalent IO, Inc. http://covalent.io */ diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 7bc3d6175868..26dd5f2fea9f 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-2.0 -/* Copyright (c) 2011-2015 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2011-2015 PLUMgrid, https://plumgrid.com * Copyright (c) 2016 Facebook */ #include <linux/kernel.h> diff --git a/lib/test_bpf.c b/lib/test_bpf.c index a5fddf9ebcb7..17eb6fb13c90 100644 --- a/lib/test_bpf.c +++ b/lib/test_bpf.c @@ -2,7 +2,7 @@ /* * Testsuite for BPF interpreter and BPF JIT compiler * - * Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com + * Copyright (c) 2011-2014 PLUMgrid, https://plumgrid.com */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt diff --git a/net/core/filter.c b/net/core/filter.c index 73395384afe2..211612018b75 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -5,7 +5,7 @@ * Based on the design of the Berkeley Packet Filter. The new * internal format has been designed by PLUMgrid: * - * Copyright (c) 2011 - 2014 PLUMgrid, http://plumgrid.com + * Copyright (c) 2011 - 2014 PLUMgrid, https://plumgrid.com * * Authors: * diff --git a/samples/bpf/lathist_kern.c b/samples/bpf/lathist_kern.c index ca9c2e4e69aa..56dbce51b47f 100644 --- a/samples/bpf/lathist_kern.c +++ b/samples/bpf/lathist_kern.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2015 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2013-2015 PLUMgrid, https://plumgrid.com * Copyright (c) 2015 BMW Car IT GmbH * * This program is free software; you can redistribute it and/or diff --git a/samples/bpf/lathist_user.c b/samples/bpf/lathist_user.c index 2ff2839a52d5..500cec2f81c2 100644 --- a/samples/bpf/lathist_user.c +++ b/samples/bpf/lathist_user.c @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-2.0-only -/* Copyright (c) 2013-2015 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2013-2015 PLUMgrid, https://plumgrid.com * Copyright (c) 2015 BMW Car IT GmbH */ #include <stdio.h> diff --git a/samples/bpf/sockex3_kern.c b/samples/bpf/sockex3_kern.c index cab9cca0b8eb..6908f30617f5 100644 --- a/samples/bpf/sockex3_kern.c +++ b/samples/bpf/sockex3_kern.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2015 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2015 PLUMgrid, https://plumgrid.com * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/samples/bpf/tracex1_kern.c b/samples/bpf/tracex1_kern.c index 8e2610e14475..28f86724ff2e 100644 --- a/samples/bpf/tracex1_kern.c +++ b/samples/bpf/tracex1_kern.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2015 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2013-2015 PLUMgrid, https://plumgrid.com * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/samples/bpf/tracex2_kern.c b/samples/bpf/tracex2_kern.c index 5bc696bac27d..9f764ead80a3 100644 --- a/samples/bpf/tracex2_kern.c +++ b/samples/bpf/tracex2_kern.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2015 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2013-2015 PLUMgrid, https://plumgrid.com * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/samples/bpf/tracex3_kern.c b/samples/bpf/tracex3_kern.c index 659613c19a82..19a6a2a8eb03 100644 --- a/samples/bpf/tracex3_kern.c +++ b/samples/bpf/tracex3_kern.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2015 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2013-2015 PLUMgrid, https://plumgrid.com * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/samples/bpf/tracex3_user.c b/samples/bpf/tracex3_user.c index 70e987775c15..873c959cc07d 100644 --- a/samples/bpf/tracex3_user.c +++ b/samples/bpf/tracex3_user.c @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-2.0-only -/* Copyright (c) 2013-2015 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2013-2015 PLUMgrid, https://plumgrid.com */ #include <stdio.h> #include <stdlib.h> diff --git a/samples/bpf/tracex4_kern.c b/samples/bpf/tracex4_kern.c index eb0f8fdd14bf..0be7ed2ad74a 100644 --- a/samples/bpf/tracex4_kern.c +++ b/samples/bpf/tracex4_kern.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2015 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2015 PLUMgrid, https://plumgrid.com * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/samples/bpf/tracex4_user.c b/samples/bpf/tracex4_user.c index e8faf8f184ae..e819692b23d7 100644 --- a/samples/bpf/tracex4_user.c +++ b/samples/bpf/tracex4_user.c @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-2.0-only -/* Copyright (c) 2015 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2015 PLUMgrid, https://plumgrid.com */ #include <stdio.h> #include <stdlib.h> diff --git a/samples/bpf/tracex5_kern.c b/samples/bpf/tracex5_kern.c index 32b49e8ab6bd..92fa02e2194d 100644 --- a/samples/bpf/tracex5_kern.c +++ b/samples/bpf/tracex5_kern.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2015 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2015 PLUMgrid, https://plumgrid.com * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index 974a71342aea..40af03e740aa 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ -/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com +/* Copyright (c) 2011-2014 PLUMgrid, https://plumgrid.com * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c index a7329b671c41..bdd4a32c6f2a 100644 --- a/tools/lib/bpf/bpf.c +++ b/tools/lib/bpf/bpf.c @@ -18,7 +18,7 @@ * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, see <http://www.gnu.org/licenses> + * License along with this program; if not, see <https://www.gnu.org/licenses> */ #include <stdlib.h> diff --git a/tools/lib/bpf/bpf.h b/tools/lib/bpf/bpf.h index 1b6015b21ba8..da4c8b1f2bbf 100644 --- a/tools/lib/bpf/bpf.h +++ b/tools/lib/bpf/bpf.h @@ -18,7 +18,7 @@ * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, see <http://www.gnu.org/licenses> + * License along with this program; if not, see <https://www.gnu.org/licenses> */ #ifndef __LIBBPF_BPF_H #define __LIBBPF_BPF_H diff --git a/tools/testing/selftests/bpf/test_maps.c b/tools/testing/selftests/bpf/test_maps.c index 6a12a0e01e07..694021bddba4 100644 --- a/tools/testing/selftests/bpf/test_maps.c +++ b/tools/testing/selftests/bpf/test_maps.c @@ -2,7 +2,7 @@ /* * Testsuite for eBPF maps * - * Copyright (c) 2014 PLUMgrid, http://plumgrid.com + * Copyright (c) 2014 PLUMgrid, https://plumgrid.com * Copyright (c) 2016 Facebook */ diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c index 78a6bae56ea6..18027c373763 100644 --- a/tools/testing/selftests/bpf/test_verifier.c +++ b/tools/testing/selftests/bpf/test_verifier.c @@ -2,7 +2,7 @@ /* * Testsuite for eBPF verifier * - * Copyright (c) 2014 PLUMgrid, http://plumgrid.com + * Copyright (c) 2014 PLUMgrid, https://plumgrid.com * Copyright (c) 2017 Facebook * Copyright (c) 2018 Covalent IO, Inc. http://covalent.io */ -- 2.27.0

4 years, 10 months

2
2
0 0

[GIT PULL] Kselftest fixes update for Linux 5.8-rc4

by Shuah Khan

Hi Linus, Please pull the following Kselftest fixes update for Linux 5.8-rc4. This kselftest fixes update for Linux 5.8-rc4 consists of tpm test fixes from Jarkko Sakkinen. diff is attached. thanks, -- Shuah ---------------------------------------------------------------- The following changes since commit 9ebcfadb0610322ac537dd7aa5d9cbc2b2894c68: Linux 5.8-rc3 (2020-06-28 15:00:24 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-fixes-5.8-rc4 for you to fetch changes up to 377ff83083c953dd58c5a030b3c9b5b85d8cc727: selftests: tpm: Use /bin/sh instead of /bin/bash (2020-06-29 14:19:38 -0600) ---------------------------------------------------------------- linux-kselftest-fixes-5.8-rc4 This kselftest fixes update for Linux 5.8-rc4 consists of tpm test fixes from Jarkko Sakkinen. ---------------------------------------------------------------- Jarkko Sakkinen (3): Revert "tpm: selftest: cleanup after unseal with wrong auth/policy test" selftests: tpm: Use 'test -e' instead of 'test -f' selftests: tpm: Use /bin/sh instead of /bin/bash tools/testing/selftests/tpm2/test_smoke.sh | 9 ++------- tools/testing/selftests/tpm2/test_space.sh | 4 ++-- 2 files changed, 4 insertions(+), 9 deletions(-) ----------------------------------------------------------------

4 years, 10 months

2
1
0 0

[GIT PULL] Kunit fixes update for Linux 5.8-rc4

by Shuah Khan

Hi Linus, Please pull the following Kunit fixes update for Linux 5.8-rc4. This kunit fixes update for Linux 5.8-rc4 consists of fixes to build and run-times failures. Also includes troubleshooting tips updates to kunit user documentation. These tips in the doc patch helped me with my test runs. diff is included. thanks, -- Shuah ---------------------------------------------------------------- The following changes since commit 48778464bb7d346b47157d21ffde2af6b2d39110: Linux 5.8-rc2 (2020-06-21 15:45:29 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-kunit-fixes-5.8-rc4 for you to fetch changes up to c63d2dd7e134ebddce4745c51f9572b3f0d92b26: Documentation: kunit: Add some troubleshooting tips to the FAQ (2020-06-26 14:29:55 -0600) ---------------------------------------------------------------- linux-kselftest-kunit-fixes-5.8-rc4 This kunit fixes update for Linux 5.8-rc4 consists of fixes to build and run-times failures. Also includes troubleshooting tips updates to kunit user documentation. ---------------------------------------------------------------- David Gow (2): kunit: kunit_tool: Fix invalid result when build fails Documentation: kunit: Add some troubleshooting tips to the FAQ Rikard Falkeborn (1): kunit: kunit_config: Fix parsing of CONFIG options with space Uriel Guajardo (1): kunit: show error if kunit results are not present Documentation/dev-tools/kunit/faq.rst | 40 +++++++++++++++++++++ tools/testing/kunit/kunit.py | 4 ++- tools/testing/kunit/kunit_config.py | 2 +- tools/testing/kunit/kunit_parser.py | 8 ++--- tools/testing/kunit/kunit_tool_test.py | 11 ++++++ .../kunit/test_data/test_insufficient_memory.log | Bin 6 files changed, 59 insertions(+), 6 deletions(-) create mode 100644 tools/testing/kunit/test_data/test_insufficient_memory.log ----------------------------------------------------------------

4 years, 10 months

2
1
0 0

[PATCH 0/3] selftests: tpm: fixes

by Jarkko Sakkinen

A few fixes for tools/testing/selftests/tpm. Jarkko Sakkinen (3): Revert "tpm: selftest: cleanup after unseal with wrong auth/policy test" selftests: tpm: Use 'test -e' instead of 'test -f' selftests: tpm: Use /bin/sh instead of /bin/bash tools/testing/selftests/tpm2/test_smoke.sh | 9 ++------- tools/testing/selftests/tpm2/test_space.sh | 4 ++-- 2 files changed, 4 insertions(+), 9 deletions(-) -- 2.25.1

4 years, 10 months

2
5
0 0

[PATCH bpf-next v2] selftests/bpf: Switch test_vmlinux to use hrtimer_range_start_ns.

by Hao Luo

The test_vmlinux test uses hrtimer_nanosleep as hook to test tracing programs. But in a kernel built by clang, which performs more aggresive inlining, that function gets inlined into its caller SyS_nanosleep. Therefore, even though fentry and kprobe do hook on the function, they aren't triggered by the call to nanosleep in the test. A possible fix is switching to use a function that is less likely to be inlined, such as hrtimer_range_start_ns. The EXPORT_SYMBOL functions shouldn't be inlined based on the description of [1], therefore safe to use for this test. Also the arguments of this function include the duration of sleep, therefore suitable for test verification. [1] af3b56289be1 time: don't inline EXPORT_SYMBOL functions Tested: In a clang build kernel, before this change, the test fails: test_vmlinux:PASS:skel_open 0 nsec test_vmlinux:PASS:skel_attach 0 nsec test_vmlinux:PASS:tp 0 nsec test_vmlinux:PASS:raw_tp 0 nsec test_vmlinux:PASS:tp_btf 0 nsec test_vmlinux:FAIL:kprobe not called test_vmlinux:FAIL:fentry not called After switching to hrtimer_range_start_ns, the test passes: test_vmlinux:PASS:skel_open 0 nsec test_vmlinux:PASS:skel_attach 0 nsec test_vmlinux:PASS:tp 0 nsec test_vmlinux:PASS:raw_tp 0 nsec test_vmlinux:PASS:tp_btf 0 nsec test_vmlinux:PASS:kprobe 0 nsec test_vmlinux:PASS:fentry 0 nsec Signed-off-by: Hao Luo <haoluo(a)google.com> Acked-by: Andrii Nakryiko <andriin(a)fb.com> --- Changelog since v1: - More accurate commit messages tools/testing/selftests/bpf/progs/test_vmlinux.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/test_vmlinux.c b/tools/testing/selftests/bpf/progs/test_vmlinux.c index 5611b564d3b1..29fa09d6a6c6 100644 --- a/tools/testing/selftests/bpf/progs/test_vmlinux.c +++ b/tools/testing/selftests/bpf/progs/test_vmlinux.c @@ -63,20 +63,20 @@ int BPF_PROG(handle__tp_btf, struct pt_regs *regs, long id) return 0; } -SEC("kprobe/hrtimer_nanosleep") -int BPF_KPROBE(handle__kprobe, - ktime_t rqtp, enum hrtimer_mode mode, clockid_t clockid) +SEC("kprobe/hrtimer_start_range_ns") +int BPF_KPROBE(handle__kprobe, struct hrtimer *timer, ktime_t tim, u64 delta_ns, + const enum hrtimer_mode mode) { - if (rqtp == MY_TV_NSEC) + if (tim == MY_TV_NSEC) kprobe_called = true; return 0; } -SEC("fentry/hrtimer_nanosleep") -int BPF_PROG(handle__fentry, - ktime_t rqtp, enum hrtimer_mode mode, clockid_t clockid) +SEC("fentry/hrtimer_start_range_ns") +int BPF_PROG(handle__fentry, struct hrtimer *timer, ktime_t tim, u64 delta_ns, + const enum hrtimer_mode mode) { - if (rqtp == MY_TV_NSEC) + if (tim == MY_TV_NSEC) fentry_called = true; return 0; } -- 2.27.0.212.ge8ba1cc988-goog

4 years, 10 months

3
2
0 0

[PATCH] kunit: kunit_config: Fix parsing of CONFIG options with space

by Rikard Falkeborn

Commit 8b59cd81dc5e ("kbuild: ensure full rebuild when the compiler is updated") introduced a new CONFIG option CONFIG_CC_VERSION_TEXT. On my system, this is set to "gcc (GCC) 10.1.0" which breaks KUnit config parsing which did not like the spaces in the string. Fix this by updating the regex to allow strings containing spaces. Fixes: 8b59cd81dc5e ("kbuild: ensure full rebuild when the compiler is updated") Signed-off-by: Rikard Falkeborn <rikard.falkeborn(a)gmail.com> --- Maybe it would have been sufficient to just use CONFIG_PATTERN = r'^CONFIG_(\w+)=(.*)$' instead? tools/testing/kunit/kunit_config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/kunit/kunit_config.py b/tools/testing/kunit/kunit_config.py index e75063d603b5..02ffc3a3e5dc 100644 --- a/tools/testing/kunit/kunit_config.py +++ b/tools/testing/kunit/kunit_config.py @@ -10,7 +10,7 @@ import collections import re CONFIG_IS_NOT_SET_PATTERN = r'^# CONFIG_(\w+) is not set$' -CONFIG_PATTERN = r'^CONFIG_(\w+)=(\S+)$' +CONFIG_PATTERN = r'^CONFIG_(\w+)=(\S+|".*")$' KconfigEntryBase = collections.namedtuple('KconfigEntry', ['name', 'value']) -- 2.27.0

4 years, 10 months

4
3
0 0

[PATCH bpf-next] selftests/bpf: Switch test_vmlinux to use hrtimer_range_start_ns.

by Hao Luo

The test_vmlinux test uses hrtimer_nanosleep as hook to test tracing programs. But it seems Clang may have done an aggressive optimization, causing fentry and kprobe to not hook on this function properly on a Clang build kernel. A possible fix is switching to use a more reliable function, e.g. the ones exported to kernel modules such as hrtimer_range_start_ns. After we switch to using hrtimer_range_start_ns, the test passes again even on a clang build kernel. Tested: In a clang build kernel, the test fail even when the flags {fentry, kprobe}_called are set unconditionally in handle__kprobe() and handle__fentry(), which implies the programs do not hook on hrtimer_nanosleep() properly. This could be because clang's code transformation is too aggressive. test_vmlinux:PASS:skel_open 0 nsec test_vmlinux:PASS:skel_attach 0 nsec test_vmlinux:PASS:tp 0 nsec test_vmlinux:PASS:raw_tp 0 nsec test_vmlinux:PASS:tp_btf 0 nsec test_vmlinux:FAIL:kprobe not called test_vmlinux:FAIL:fentry not called After we switch to hrtimer_range_start_ns, the test passes. test_vmlinux:PASS:skel_open 0 nsec test_vmlinux:PASS:skel_attach 0 nsec test_vmlinux:PASS:tp 0 nsec test_vmlinux:PASS:raw_tp 0 nsec test_vmlinux:PASS:tp_btf 0 nsec test_vmlinux:PASS:kprobe 0 nsec test_vmlinux:PASS:fentry 0 nsec Signed-off-by: Hao Luo <haoluo(a)google.com> --- tools/testing/selftests/bpf/progs/test_vmlinux.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/test_vmlinux.c b/tools/testing/selftests/bpf/progs/test_vmlinux.c index 5611b564d3b1..29fa09d6a6c6 100644 --- a/tools/testing/selftests/bpf/progs/test_vmlinux.c +++ b/tools/testing/selftests/bpf/progs/test_vmlinux.c @@ -63,20 +63,20 @@ int BPF_PROG(handle__tp_btf, struct pt_regs *regs, long id) return 0; } -SEC("kprobe/hrtimer_nanosleep") -int BPF_KPROBE(handle__kprobe, - ktime_t rqtp, enum hrtimer_mode mode, clockid_t clockid) +SEC("kprobe/hrtimer_start_range_ns") +int BPF_KPROBE(handle__kprobe, struct hrtimer *timer, ktime_t tim, u64 delta_ns, + const enum hrtimer_mode mode) { - if (rqtp == MY_TV_NSEC) + if (tim == MY_TV_NSEC) kprobe_called = true; return 0; } -SEC("fentry/hrtimer_nanosleep") -int BPF_PROG(handle__fentry, - ktime_t rqtp, enum hrtimer_mode mode, clockid_t clockid) +SEC("fentry/hrtimer_start_range_ns") +int BPF_PROG(handle__fentry, struct hrtimer *timer, ktime_t tim, u64 delta_ns, + const enum hrtimer_mode mode) { - if (rqtp == MY_TV_NSEC) + if (tim == MY_TV_NSEC) fentry_called = true; return 0; } -- 2.27.0.212.ge8ba1cc988-goog

4 years, 10 months

4
7
0 0

[PATCH v2 0/5] mm/hmm/nouveau: add PMD system memory mapping

by Ralph Campbell

The goal for this series is to introduce the hmm_range_fault() output array flags HMM_PFN_PMD and HMM_PFN_PUD. This allows a device driver to know that a given 4K PFN is actually mapped by the CPU using either a PMD sized or PUD sized CPU page table entry and therefore the device driver can safely map system memory using larger device MMU PTEs. The series is based on 5.8.0-rc3 and is intended for Jason Gunthorpe's hmm tree. These were originally part of a larger series: https://lore.kernel.org/linux-mm/20200619215649.32297-1-rcampbell@nvidia.co… Changes in v2: Make the hmm_range_fault() API changes into a separate series and add two output flags for PMD/PUD instead of a single compund page flag as suggested by Jason Gunthorpe. Make the nouveau page table changes a separate patch as suggested by Ben Skeggs. Only add support for 2MB nouveau mappings initially since changing the 1:1 CPU/GPU page table size assumptions requires a bigger set of changes. Rebase to 5.8.0-rc3. Ralph Campbell (5): nouveau/hmm: fault one page at a time mm/hmm: add output flags for PMD/PUD page mapping nouveau: fix mapping 2MB sysmem pages nouveau/hmm: support mapping large sysmem pages hmm: add tests for HMM_PFN_PMD flag drivers/gpu/drm/nouveau/nouveau_svm.c | 238 ++++++++---------- drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 5 +- .../drm/nouveau/nvkm/subdev/mmu/vmmgp100.c | 82 ++++++ include/linux/hmm.h | 11 +- lib/test_hmm.c | 4 + lib/test_hmm_uapi.h | 4 + mm/hmm.c | 13 +- tools/testing/selftests/vm/hmm-tests.c | 76 ++++++ 8 files changed, 290 insertions(+), 143 deletions(-) -- 2.20.1

4 years, 10 months

3
7
0 0

[PATCH v4 00/11] kunit: create a centralized executor to dispatch all KUnit tests

by Brendan Higgins

## TL;DR This patchset adds a centralized executor to dispatch tests rather than relying on late_initcall to schedule each test suite separately along with a couple of new features that depend on it. Also, sorry for the extreme delay in getting this out. Part of the delay came from finding that there were actually several architectures that the previous revision of this patchset didn't work on, so I went through and attempted to test this patchset on every architecture - more on that later. ## What am I trying to do? Conceptually, I am trying to provide a mechanism by which test suites can be grouped together so that they can be reasoned about collectively. The last two of three patches in this series add features which depend on this: PATCH 8/11 Prints out a test plan[1] right before KUnit tests are run; this is valuable because it makes it possible for a test harness to detect whether the number of tests run matches the number of tests expected to be run, ensuring that no tests silently failed. The test plan includes a count of tests that will run. With the centralized executor, the tests are located in a single data structure and thus can be counted. PATCH 9/11 Add a new kernel command-line option which allows the user to specify that the kernel poweroff, halt, or reboot after completing all KUnit tests; this is very handy for running KUnit tests on UML or a VM so that the UML/VM process exits cleanly immediately after running all tests without needing a special initramfs. The centralized executor provides a definitive point when all tests have completed and the poweroff, halt, or reboot could occur. In addition, by dispatching tests from a single location, we can guarantee that all KUnit tests run after late_init is complete, which was a concern during the initial KUnit patchset review (this has not been a problem in practice, but resolving with certainty is nevertheless desirable). Other use cases for this exist, but the above features should provide an idea of the value that this could provide. ## Changes since last revision: - On the last revision I got some messages from 0day that showed that this patchset didn't work on several architectures, one issue that this patchset addresses is that we were aligning both memory segments as well as structures in the segments to specific byte boundaries which was incorrect. - The issue mentioned above also caused me to test on additional architectures which revealed that some architectures other than UML do not use the default init linker section macro that most architectures use. There are now several new patches (2, 3, 4, and 6). - Fixed a formatting consistency issue in the kernel params documentation patch (9/9). - Add a brief blurb on how and when the kunit_test_suite macro works. ## Remaining work to be done: The only architecture for which I was able to get a compiler, but was apparently unable to get KUnit into a section that the executor to see was m68k - not sure why. Alan Maguire (1): kunit: test: create a single centralized executor for all tests Brendan Higgins (10): vmlinux.lds.h: add linker section for KUnit test suites arch: arm64: add linker section for KUnit test suites arch: microblaze: add linker section for KUnit test suites arch: powerpc: add linker section for KUnit test suites arch: um: add linker section for KUnit test suites arch: xtensa: add linker section for KUnit test suites init: main: add KUnit to kernel init kunit: test: add test plan to KUnit TAP format Documentation: Add kunit_shutdown to kernel-parameters.txt Documentation: kunit: add a brief blurb about kunit_test_suite .../admin-guide/kernel-parameters.txt | 8 ++ Documentation/dev-tools/kunit/usage.rst | 5 ++ arch/arm64/kernel/vmlinux.lds.S | 3 + arch/microblaze/kernel/vmlinux.lds.S | 4 + arch/powerpc/kernel/vmlinux.lds.S | 4 + arch/um/include/asm/common.lds.S | 4 + arch/xtensa/kernel/vmlinux.lds.S | 4 + include/asm-generic/vmlinux.lds.h | 8 ++ include/kunit/test.h | 73 ++++++++++++----- init/main.c | 4 + lib/kunit/Makefile | 3 +- lib/kunit/executor.c | 63 +++++++++++++++ lib/kunit/test.c | 13 +-- tools/testing/kunit/kunit_kernel.py | 2 +- tools/testing/kunit/kunit_parser.py | 74 +++++++++++++++--- .../test_is_test_passed-all_passed.log | Bin 1562 -> 1567 bytes .../test_data/test_is_test_passed-crash.log | Bin 3016 -> 3021 bytes .../test_data/test_is_test_passed-failure.log | Bin 1700 -> 1705 bytes 18 files changed, 226 insertions(+), 46 deletions(-) create mode 100644 lib/kunit/executor.c base-commit: 4333a9b0b67bb4e8bcd91bdd80da80b0ec151162 prerequisite-patch-id: 2d4b5aa9fa8ada9ae04c8584b47c299a822b9455 prerequisite-patch-id: 582b6d9d28ce4b71628890ec832df6522ca68de0 These patches are available for download with dependencies here: https://kunit-review.googlesource.com/c/linux/+/3829 [1] https://github.com/isaacs/testanything.github.io/blob/tap14/tap-version-14-… [2] https://patchwork.kernel.org/patch/11383635/ -- 2.27.0.212.ge8ba1cc988-goog

4 years, 10 months

2
13
0 0

[PATCH 1/2] selftests/lkdtm: Don't clear dmesg when running tests

by Michael Ellerman

It is Very Rude to clear dmesg in test scripts. That's because the script may be part of a larger test run, and clearing dmesg potentially destroys the output of other tests. We can avoid using dmesg -c by saving the content of dmesg before the test, and then using diff to compare that to the dmesg afterward, producing a log with just the added lines. Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> --- tools/testing/selftests/lkdtm/run.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/lkdtm/run.sh b/tools/testing/selftests/lkdtm/run.sh index dadf819148a4..0b409e187c7b 100755 --- a/tools/testing/selftests/lkdtm/run.sh +++ b/tools/testing/selftests/lkdtm/run.sh @@ -59,23 +59,25 @@ if [ -z "$expect" ]; then expect="call trace:" fi -# Clear out dmesg for output reporting -dmesg -c >/dev/null - # Prepare log for report checking -LOG=$(mktemp --tmpdir -t lkdtm-XXXXXX) +LOG=$(mktemp --tmpdir -t lkdtm-log-XXXXXX) +DMESG=$(mktemp --tmpdir -t lkdtm-dmesg-XXXXXX) cleanup() { - rm -f "$LOG" + rm -f "$LOG" "$DMESG" } trap cleanup EXIT +# Save existing dmesg so we can detect new content below +dmesg > "$DMESG" + # Most shells yell about signals and we're expecting the "cat" process # to usually be killed by the kernel. So we have to run it in a sub-shell # and silence errors. ($SHELL -c 'cat <(echo '"$test"') >'"$TRIGGER" 2>/dev/null) || true # Record and dump the results -dmesg -c >"$LOG" +dmesg | diff --changed-group-format='%>' --unchanged-group-format='' "$DMESG" - > "$LOG" || true + cat "$LOG" # Check for expected output if egrep -qi "$expect" "$LOG" ; then base-commit: 192ffb7515839b1cc8457e0a8c1e09783de019d3 -- 2.25.1

4 years, 10 months

5
12
0 0

[PATCH v3] selftests: tpm: upgrade TPM2 tests from Python 2 to Python 3

by Pengfei Xu

Python 2 is no longer supported by the Python upstream project, so upgrade TPM2 tests to Python 3. Signed-off-by: Pengfei Xu <pengfei.xu(a)intel.com> --- tools/testing/selftests/tpm2/test_smoke.sh | 4 +- tools/testing/selftests/tpm2/test_space.sh | 2 +- tools/testing/selftests/tpm2/tpm2.py | 56 +++++++++++----------- tools/testing/selftests/tpm2/tpm2_tests.py | 39 +++++++-------- 4 files changed, 52 insertions(+), 49 deletions(-) diff --git a/tools/testing/selftests/tpm2/test_smoke.sh b/tools/testing/selftests/tpm2/test_smoke.sh index 663062701d5a..d05467f6d258 100755 --- a/tools/testing/selftests/tpm2/test_smoke.sh +++ b/tools/testing/selftests/tpm2/test_smoke.sh @@ -6,8 +6,8 @@ ksft_skip=4 [ -f /dev/tpm0 ] || exit $ksft_skip -python -m unittest -v tpm2_tests.SmokeTest -python -m unittest -v tpm2_tests.AsyncTest +python3 -m unittest -v tpm2_tests.SmokeTest +python3 -m unittest -v tpm2_tests.AsyncTest CLEAR_CMD=$(which tpm2_clear) if [ -n $CLEAR_CMD ]; then diff --git a/tools/testing/selftests/tpm2/test_space.sh b/tools/testing/selftests/tpm2/test_space.sh index 36c9d030a1c6..151c64e8ee9f 100755 --- a/tools/testing/selftests/tpm2/test_space.sh +++ b/tools/testing/selftests/tpm2/test_space.sh @@ -6,4 +6,4 @@ ksft_skip=4 [ -f /dev/tpmrm0 ] || exit $ksft_skip -python -m unittest -v tpm2_tests.SpaceTest +python3 -m unittest -v tpm2_tests.SpaceTest diff --git a/tools/testing/selftests/tpm2/tpm2.py b/tools/testing/selftests/tpm2/tpm2.py index d0fcb66a88a6..88a0e7776a23 100644 --- a/tools/testing/selftests/tpm2/tpm2.py +++ b/tools/testing/selftests/tpm2/tpm2.py @@ -247,14 +247,14 @@ class ProtocolError(Exception): class AuthCommand(object): """TPMS_AUTH_COMMAND""" - def __init__(self, session_handle=TPM2_RS_PW, nonce='', session_attributes=0, - hmac=''): + def __init__(self, session_handle=TPM2_RS_PW, nonce=''.encode(), + session_attributes=0, hmac=''.encode()): self.session_handle = session_handle self.nonce = nonce self.session_attributes = session_attributes self.hmac = hmac - def __str__(self): + def __bytes__(self): fmt = '>I H%us B H%us' % (len(self.nonce), len(self.hmac)) return struct.pack(fmt, self.session_handle, len(self.nonce), self.nonce, self.session_attributes, len(self.hmac), @@ -268,11 +268,11 @@ class AuthCommand(object): class SensitiveCreate(object): """TPMS_SENSITIVE_CREATE""" - def __init__(self, user_auth='', data=''): + def __init__(self, user_auth=''.encode(), data=''.encode()): self.user_auth = user_auth self.data = data - def __str__(self): + def __bytes__(self): fmt = '>H%us H%us' % (len(self.user_auth), len(self.data)) return struct.pack(fmt, len(self.user_auth), self.user_auth, len(self.data), self.data) @@ -296,8 +296,9 @@ class Public(object): return '>HHIH%us%usH%us' % \ (len(self.auth_policy), len(self.parameters), len(self.unique)) - def __init__(self, object_type, name_alg, object_attributes, auth_policy='', - parameters='', unique=''): + def __init__(self, object_type, name_alg, object_attributes, + auth_policy=''.encode(), parameters=''.encode(), + unique=''.encode()): self.object_type = object_type self.name_alg = name_alg self.object_attributes = object_attributes @@ -305,7 +306,7 @@ class Public(object): self.parameters = parameters self.unique = unique - def __str__(self): + def __bytes__(self): return struct.pack(self.__fmt(), self.object_type, self.name_alg, @@ -343,7 +344,7 @@ def get_algorithm(name): def hex_dump(d): d = [format(ord(x), '02x') for x in d] - d = [d[i: i + 16] for i in xrange(0, len(d), 16)] + d = [d[i: i + 16] for i in range(0, len(d), 16)] d = [' '.join(x) for x in d] d = os.linesep.join(d) @@ -401,7 +402,7 @@ class Client: pcrsel_len = max((i >> 3) + 1, 3) pcrsel = [0] * pcrsel_len pcrsel[i >> 3] = 1 << (i & 7) - pcrsel = ''.join(map(chr, pcrsel)) + pcrsel = ''.join(map(chr, pcrsel)).encode() fmt = '>HII IHB%us' % (pcrsel_len) cmd = struct.pack(fmt, @@ -443,7 +444,7 @@ class Client: TPM2_CC_PCR_EXTEND, i, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), 1, bank_alg, dig) self.send_cmd(cmd) @@ -457,7 +458,7 @@ class Client: TPM2_RH_NULL, TPM2_RH_NULL, 16, - '\0' * 16, + ('\0' * 16).encode(), 0, session_type, TPM2_ALG_NULL, @@ -472,7 +473,7 @@ class Client: for i in pcrs: pcr = self.read_pcr(i, bank_alg) - if pcr == None: + if pcr is None: return None x += pcr @@ -489,7 +490,7 @@ class Client: pcrsel = [0] * pcrsel_len for i in pcrs: pcrsel[i >> 3] |= 1 << (i & 7) - pcrsel = ''.join(map(chr, pcrsel)) + pcrsel = ''.join(map(chr, pcrsel)).encode() fmt = '>HII IH%usIHB3s' % ds cmd = struct.pack(fmt, @@ -497,7 +498,8 @@ class Client: struct.calcsize(fmt), TPM2_CC_POLICY_PCR, handle, - len(dig), str(dig), + len(dig), + bytes(dig), 1, bank_alg, pcrsel_len, pcrsel) @@ -534,7 +536,7 @@ class Client: self.send_cmd(cmd) - def create_root_key(self, auth_value = ''): + def create_root_key(self, auth_value = ''.encode()): attributes = \ Public.FIXED_TPM | \ Public.FIXED_PARENT | \ @@ -570,11 +572,11 @@ class Client: TPM2_CC_CREATE_PRIMARY, TPM2_RH_OWNER, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), len(sensitive), - str(sensitive), + bytes(sensitive), len(public), - str(public), + bytes(public), 0, 0) return struct.unpack('>I', self.send_cmd(cmd)[10:14])[0] @@ -587,7 +589,7 @@ class Client: attributes = 0 if not policy_dig: attributes |= Public.USER_WITH_AUTH - policy_dig = '' + policy_dig = ''.encode() auth_cmd = AuthCommand() sensitive = SensitiveCreate(user_auth=auth_value, data=data) @@ -608,11 +610,11 @@ class Client: TPM2_CC_CREATE, parent_key, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), len(sensitive), - str(sensitive), + bytes(sensitive), len(public), - str(public), + bytes(public), 0, 0) rsp = self.send_cmd(cmd) @@ -635,7 +637,7 @@ class Client: TPM2_CC_LOAD, parent_key, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), blob) data_handle = struct.unpack('>I', self.send_cmd(cmd)[10:14])[0] @@ -653,7 +655,7 @@ class Client: TPM2_CC_UNSEAL, data_handle, len(auth_cmd), - str(auth_cmd)) + bytes(auth_cmd)) try: rsp = self.send_cmd(cmd) @@ -675,7 +677,7 @@ class Client: TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET, TPM2_RH_LOCKOUT, len(auth_cmd), - str(auth_cmd)) + bytes(auth_cmd)) self.send_cmd(cmd) @@ -693,7 +695,7 @@ class Client: more_data, cap, cnt = struct.unpack('>BII', rsp[:9]) rsp = rsp[9:] - for i in xrange(0, cnt): + for i in range(0, cnt): handle = struct.unpack('>I', rsp[:4])[0] handles.append(handle) rsp = rsp[4:] diff --git a/tools/testing/selftests/tpm2/tpm2_tests.py b/tools/testing/selftests/tpm2/tpm2_tests.py index 728be7c69b76..9d764306887b 100644 --- a/tools/testing/selftests/tpm2/tpm2_tests.py +++ b/tools/testing/selftests/tpm2/tpm2_tests.py @@ -20,8 +20,8 @@ class SmokeTest(unittest.TestCase): self.client.close() def test_seal_with_auth(self): - data = 'X' * 64 - auth = 'A' * 15 + data = ('X' * 64).encode() + auth = ('A' * 15).encode() blob = self.client.seal(self.root_key, data, auth, None) result = self.client.unseal(self.root_key, blob, auth, None) @@ -30,8 +30,8 @@ class SmokeTest(unittest.TestCase): def test_seal_with_policy(self): handle = self.client.start_auth_session(tpm2.TPM2_SE_TRIAL) - data = 'X' * 64 - auth = 'A' * 15 + data = ('X' * 64).encode() + auth = ('A' * 15).encode() pcrs = [16] try: @@ -58,14 +58,15 @@ class SmokeTest(unittest.TestCase): self.assertEqual(data, result) def test_unseal_with_wrong_auth(self): - data = 'X' * 64 - auth = 'A' * 20 + data = ('X' * 64).encode() + auth = ('A' * 20).encode() rc = 0 blob = self.client.seal(self.root_key, data, auth, None) try: - result = self.client.unseal(self.root_key, blob, auth[:-1] + 'B', None) - except ProtocolError, e: + result = self.client.unseal(self.root_key, blob, + auth[:-1] + 'B'.encode(), None) + except ProtocolError as e: rc = e.rc self.assertEqual(rc, tpm2.TPM2_RC_AUTH_FAIL) @@ -73,8 +74,8 @@ class SmokeTest(unittest.TestCase): def test_unseal_with_wrong_policy(self): handle = self.client.start_auth_session(tpm2.TPM2_SE_TRIAL) - data = 'X' * 64 - auth = 'A' * 17 + data = ('X' * 64).encode() + auth = ('A' * 17).encode() pcrs = [16] try: @@ -91,7 +92,7 @@ class SmokeTest(unittest.TestCase): # This should succeed. ds = tpm2.get_digest_size(tpm2.TPM2_ALG_SHA1) - self.client.extend_pcr(1, 'X' * ds) + self.client.extend_pcr(1, ('X' * ds).encode()) handle = self.client.start_auth_session(tpm2.TPM2_SE_POLICY) @@ -108,7 +109,7 @@ class SmokeTest(unittest.TestCase): # Then, extend a PCR that is part of the policy and try to unseal. # This should fail. - self.client.extend_pcr(16, 'X' * ds) + self.client.extend_pcr(16, ('X' * ds).encode()) handle = self.client.start_auth_session(tpm2.TPM2_SE_POLICY) @@ -119,7 +120,7 @@ class SmokeTest(unittest.TestCase): self.client.policy_password(handle) result = self.client.unseal(self.root_key, blob, auth, handle) - except ProtocolError, e: + except ProtocolError as e: rc = e.rc self.client.flush_context(handle) except: @@ -130,13 +131,13 @@ class SmokeTest(unittest.TestCase): def test_seal_with_too_long_auth(self): ds = tpm2.get_digest_size(tpm2.TPM2_ALG_SHA1) - data = 'X' * 64 - auth = 'A' * (ds + 1) + data = ('X' * 64).encode() + auth = ('A' * (ds + 1)).encode() rc = 0 try: blob = self.client.seal(self.root_key, data, auth, None) - except ProtocolError, e: + except ProtocolError as e: rc = e.rc self.assertEqual(rc, tpm2.TPM2_RC_SIZE) @@ -152,7 +153,7 @@ class SmokeTest(unittest.TestCase): 0xDEADBEEF) self.client.send_cmd(cmd) - except IOError, e: + except IOError as e: rejected = True except: pass @@ -212,7 +213,7 @@ class SmokeTest(unittest.TestCase): self.client.tpm.write(cmd) rsp = self.client.tpm.read() - except IOError, e: + except IOError as e: # read the response rsp = self.client.tpm.read() rejected = True @@ -283,7 +284,7 @@ class SpaceTest(unittest.TestCase): rc = 0 try: space1.send_cmd(cmd) - except ProtocolError, e: + except ProtocolError as e: rc = e.rc self.assertEqual(rc, tpm2.TPM2_RC_COMMAND_CODE | -- 2.17.1

4 years, 10 months

2
2
0 0

[RESEND, PATCH v2] lib: overflow-test: add KUnit test of check_*_overflow functions

by Vitor Massaru Iha

This adds the conversion of the runtime tests of check_*_overflow functions, from `lib/test_overflow.c`to KUnit tests. The log similar to the one seen in dmesg running test_overflow.c can be seen in `test.log`. Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> Tested-by: David Gow <davidgow(a)google.com> --- v2: * moved lib/test_overflow.c to lib/overflow-test.c; * back to original license; * fixed style code; * keeps __initconst and added _refdata on overflow_test_cases variable; * keeps macros intact making asserts with the variable err; * removed duplicate test_s8_overflow(); * fixed typos on commit message; --- lib/Kconfig.debug | 20 +++++++-- lib/Makefile | 2 +- lib/{test_overflow.c => overflow-test.c} | 54 +++++++++--------------- 3 files changed, 38 insertions(+), 38 deletions(-) rename lib/{test_overflow.c => overflow-test.c} (96%) diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index d74ac0fd6b2d..fb8a3955e969 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2000,9 +2000,6 @@ config TEST_UUID config TEST_XARRAY tristate "Test the XArray code at runtime" -config TEST_OVERFLOW - tristate "Test check_*_overflow() functions at runtime" - config TEST_RHASHTABLE tristate "Perform selftest on resizable hash table" help @@ -2155,6 +2152,23 @@ config SYSCTL_KUNIT_TEST If unsure, say N. +config OVERFLOW_KUNIT_TEST + tristate "KUnit test for overflow" if !KUNIT_ALL_TESTS + depends on KUNIT + default KUNIT_ALL_TESTS + help + This builds the overflow KUnit tests. + + KUnit tests run during boot and output the results to the debug log + in TAP format (http://testanything.org/). Only useful for kernel devs + running KUnit test harness and are not for inclusion into a production + build. + + For more information on KUnit and unit tests in general please refer + to the KUnit documentation in Documentation/dev-tools/kunit/. + + If unsure, say N. + config LIST_KUNIT_TEST tristate "KUnit Test for Kernel Linked-list structures" if !KUNIT_ALL_TESTS depends on KUNIT diff --git a/lib/Makefile b/lib/Makefile index b1c42c10073b..3b725c9f92d4 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -75,7 +75,6 @@ obj-$(CONFIG_TEST_LIST_SORT) += test_list_sort.o obj-$(CONFIG_TEST_MIN_HEAP) += test_min_heap.o obj-$(CONFIG_TEST_LKM) += test_module.o obj-$(CONFIG_TEST_VMALLOC) += test_vmalloc.o -obj-$(CONFIG_TEST_OVERFLOW) += test_overflow.o obj-$(CONFIG_TEST_RHASHTABLE) += test_rhashtable.o obj-$(CONFIG_TEST_SORT) += test_sort.o obj-$(CONFIG_TEST_USER_COPY) += test_user_copy.o @@ -318,3 +317,4 @@ obj-$(CONFIG_OBJAGG) += objagg.o # KUnit tests obj-$(CONFIG_LIST_KUNIT_TEST) += list-test.o obj-$(CONFIG_LINEAR_RANGES_TEST) += test_linear_ranges.o +obj-$(CONFIG_OVERFLOW_KUNIT_TEST) += overflow-test.o diff --git a/lib/test_overflow.c b/lib/overflow-test.c similarity index 96% rename from lib/test_overflow.c rename to lib/overflow-test.c index 7a4b6f6c5473..d40ef06b1ade 100644 --- a/lib/test_overflow.c +++ b/lib/overflow-test.c @@ -4,14 +4,11 @@ */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt +#include <kunit/test.h> #include <linux/device.h> #include <linux/init.h> -#include <linux/kernel.h> #include <linux/mm.h> -#include <linux/module.h> #include <linux/overflow.h> -#include <linux/slab.h> -#include <linux/types.h> #include <linux/vmalloc.h> #define DEFINE_TEST_ARRAY(t) \ @@ -270,7 +267,7 @@ DEFINE_TEST_FUNC(u64, "%llu"); DEFINE_TEST_FUNC(s64, "%lld"); #endif -static int __init test_overflow_calculation(void) +static void __init overflow_calculation_test(struct kunit *test) { int err = 0; @@ -285,10 +282,10 @@ static int __init test_overflow_calculation(void) err |= test_s64_overflow(); #endif - return err; + KUNIT_EXPECT_FALSE(test, err); } -static int __init test_overflow_shift(void) +static void __init overflow_shift_test(struct kunit *test) { int err = 0; @@ -479,7 +476,7 @@ static int __init test_overflow_shift(void) err |= TEST_ONE_SHIFT(0, 31, s32, 0, false); err |= TEST_ONE_SHIFT(0, 63, s64, 0, false); - return err; + KUNIT_EXPECT_FALSE(test, err); } /* @@ -555,7 +552,7 @@ DEFINE_TEST_ALLOC(kvzalloc_node, kvfree, 0, 1, 1); DEFINE_TEST_ALLOC(devm_kmalloc, devm_kfree, 1, 1, 0); DEFINE_TEST_ALLOC(devm_kzalloc, devm_kfree, 1, 1, 0); -static int __init test_overflow_allocation(void) +static void __init overflow_allocation_test(struct kunit *test) { const char device_name[] = "overflow-test"; struct device *dev; @@ -563,10 +560,8 @@ static int __init test_overflow_allocation(void) /* Create dummy device for devm_kmalloc()-family tests. */ dev = root_device_register(device_name); - if (IS_ERR(dev)) { - pr_warn("Cannot register test device\n"); - return 1; - } + if (IS_ERR(dev)) + kunit_warn(test, "Cannot register test device\n"); err |= test_kmalloc(NULL); err |= test_kmalloc_node(NULL); @@ -585,30 +580,21 @@ static int __init test_overflow_allocation(void) device_unregister(dev); - return err; + KUNIT_EXPECT_FALSE(test, err); } -static int __init test_module_init(void) -{ - int err = 0; - - err |= test_overflow_calculation(); - err |= test_overflow_shift(); - err |= test_overflow_allocation(); - - if (err) { - pr_warn("FAIL!\n"); - err = -EINVAL; - } else { - pr_info("all tests passed\n"); - } +static struct kunit_case __refdata overflow_test_cases[] = { + KUNIT_CASE(overflow_calculation_test), + KUNIT_CASE(overflow_shift_test), + KUNIT_CASE(overflow_allocation_test), + {} +}; - return err; -} +static struct kunit_suite overflow_test_suite = { + .name = "overflow", + .test_cases = overflow_test_cases, +}; -static void __exit test_module_exit(void) -{ } +kunit_test_suites(&overflow_test_suite); -module_init(test_module_init); -module_exit(test_module_exit); MODULE_LICENSE("Dual MIT/GPL"); base-commit: 7bf200b3a4ac10b1b0376c70b8c66ed39eae7cdd prerequisite-patch-id: e827b6b22f950b9f69620805a04e4a264cf4cc6a -- 2.26.2

4 years, 10 months

4
4
0 0

[PATCH drivers/misc v2 0/4] lkdtm: Various clean ups

by Kees Cook

Hi Greg, (Since this was aleady pending, I just spun a v2, resent here.) Can you please apply these patches to your drivers/misc tree for LKDTM? It's mostly a collection of fixes and improvements and tweaks to the selftest integration. Thanks! -Kees v2: - add fix for UML build failures (Randy, Richard) v1: https://lore.kernel.org/lkml/20200529200347.2464284-1-keescook@chromium.org/ Kees Cook (4): lkdtm: Avoid more compiler optimizations for bad writes lkdtm/heap: Avoid edge and middle of slabs selftests/lkdtm: Reset WARN_ONCE to avoid false negatives lkdtm: Make arch-specific tests always available drivers/misc/lkdtm/bugs.c | 49 +++++++++++++------------ drivers/misc/lkdtm/heap.c | 9 +++-- drivers/misc/lkdtm/lkdtm.h | 2 - drivers/misc/lkdtm/perms.c | 22 +++++++---- drivers/misc/lkdtm/usercopy.c | 7 +++- tools/testing/selftests/lkdtm/run.sh | 6 +++ tools/testing/selftests/lkdtm/tests.txt | 1 + 7 files changed, 58 insertions(+), 38 deletions(-) -- 2.25.1

4 years, 10 months

1
4
0 0

[PATCH v2] Kernel selftests: TPM2: upgrade TPM2 tests from Python 2 to Python 3

by Pengfei Xu

Python 2 is no longer supported by the Python upstream project, so upgrade TPM2 tests to Python 3. Signed-off-by: Pengfei Xu <pengfei.xu(a)intel.com> --- tools/testing/selftests/tpm2/test_smoke.sh | 4 +- tools/testing/selftests/tpm2/test_space.sh | 2 +- tools/testing/selftests/tpm2/tpm2.py | 68 ++++++++++++++-------- tools/testing/selftests/tpm2/tpm2_tests.py | 24 +++++--- 4 files changed, 61 insertions(+), 37 deletions(-) diff --git a/tools/testing/selftests/tpm2/test_smoke.sh b/tools/testing/selftests/tpm2/test_smoke.sh index 663062701d5a..d05467f6d258 100755 --- a/tools/testing/selftests/tpm2/test_smoke.sh +++ b/tools/testing/selftests/tpm2/test_smoke.sh @@ -6,8 +6,8 @@ ksft_skip=4 [ -f /dev/tpm0 ] || exit $ksft_skip -python -m unittest -v tpm2_tests.SmokeTest -python -m unittest -v tpm2_tests.AsyncTest +python3 -m unittest -v tpm2_tests.SmokeTest +python3 -m unittest -v tpm2_tests.AsyncTest CLEAR_CMD=$(which tpm2_clear) if [ -n $CLEAR_CMD ]; then diff --git a/tools/testing/selftests/tpm2/test_space.sh b/tools/testing/selftests/tpm2/test_space.sh index 36c9d030a1c6..151c64e8ee9f 100755 --- a/tools/testing/selftests/tpm2/test_space.sh +++ b/tools/testing/selftests/tpm2/test_space.sh @@ -6,4 +6,4 @@ ksft_skip=4 [ -f /dev/tpmrm0 ] || exit $ksft_skip -python -m unittest -v tpm2_tests.SpaceTest +python3 -m unittest -v tpm2_tests.SpaceTest diff --git a/tools/testing/selftests/tpm2/tpm2.py b/tools/testing/selftests/tpm2/tpm2.py index d0fcb66a88a6..b0ccc1499c53 100644 --- a/tools/testing/selftests/tpm2/tpm2.py +++ b/tools/testing/selftests/tpm2/tpm2.py @@ -247,14 +247,18 @@ class ProtocolError(Exception): class AuthCommand(object): """TPMS_AUTH_COMMAND""" - def __init__(self, session_handle=TPM2_RS_PW, nonce='', session_attributes=0, - hmac=''): + def __init__(self, session_handle=TPM2_RS_PW, nonce=''.encode(), + session_attributes=0, hmac=''.encode()): + if not isinstance(nonce, bytes): + nonce = nonce.encode() + if not isinstance(hmac, bytes): + hmac = hmac.encode() self.session_handle = session_handle self.nonce = nonce self.session_attributes = session_attributes self.hmac = hmac - def __str__(self): + def __bytes__(self): fmt = '>I H%us B H%us' % (len(self.nonce), len(self.hmac)) return struct.pack(fmt, self.session_handle, len(self.nonce), self.nonce, self.session_attributes, len(self.hmac), @@ -268,11 +272,15 @@ class AuthCommand(object): class SensitiveCreate(object): """TPMS_SENSITIVE_CREATE""" - def __init__(self, user_auth='', data=''): + def __init__(self, user_auth=''.encode(), data=''.encode()): + if not isinstance(user_auth, bytes): + user_auth = user_auth.encode() + if not isinstance(data, bytes): + data = data.encode() self.user_auth = user_auth self.data = data - def __str__(self): + def __bytes__(self): fmt = '>H%us H%us' % (len(self.user_auth), len(self.data)) return struct.pack(fmt, len(self.user_auth), self.user_auth, len(self.data), self.data) @@ -296,8 +304,15 @@ class Public(object): return '>HHIH%us%usH%us' % \ (len(self.auth_policy), len(self.parameters), len(self.unique)) - def __init__(self, object_type, name_alg, object_attributes, auth_policy='', - parameters='', unique=''): + def __init__(self, object_type, name_alg, object_attributes, + auth_policy=''.encode(), parameters=''.encode(), + unique=''.encode()): + if not isinstance(auth_policy, bytes): + auth_policy = auth_policy.encode() + if not isinstance(parameters, bytes): + parameters = parameters.encode() + if not isinstance(unique, bytes): + unique = unique.encode() self.object_type = object_type self.name_alg = name_alg self.object_attributes = object_attributes @@ -305,7 +320,7 @@ class Public(object): self.parameters = parameters self.unique = unique - def __str__(self): + def __bytes__(self): return struct.pack(self.__fmt(), self.object_type, self.name_alg, @@ -343,7 +358,7 @@ def get_algorithm(name): def hex_dump(d): d = [format(ord(x), '02x') for x in d] - d = [d[i: i + 16] for i in xrange(0, len(d), 16)] + d = [d[i: i + 16] for i in range(0, len(d), 16)] d = [' '.join(x) for x in d] d = os.linesep.join(d) @@ -401,7 +416,7 @@ class Client: pcrsel_len = max((i >> 3) + 1, 3) pcrsel = [0] * pcrsel_len pcrsel[i >> 3] = 1 << (i & 7) - pcrsel = ''.join(map(chr, pcrsel)) + pcrsel = ''.join(map(chr, pcrsel)).encode() fmt = '>HII IHB%us' % (pcrsel_len) cmd = struct.pack(fmt, @@ -430,6 +445,8 @@ class Client: return rsp def extend_pcr(self, i, dig, bank_alg = TPM2_ALG_SHA1): + if not isinstance(dig, bytes): + dig = dig.encode() ds = get_digest_size(bank_alg) assert(ds == len(dig)) @@ -443,7 +460,7 @@ class Client: TPM2_CC_PCR_EXTEND, i, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), 1, bank_alg, dig) self.send_cmd(cmd) @@ -457,7 +474,7 @@ class Client: TPM2_RH_NULL, TPM2_RH_NULL, 16, - '\0' * 16, + ('\0' * 16).encode(), 0, session_type, TPM2_ALG_NULL, @@ -472,7 +489,7 @@ class Client: for i in pcrs: pcr = self.read_pcr(i, bank_alg) - if pcr == None: + if pcr is None: return None x += pcr @@ -489,7 +506,7 @@ class Client: pcrsel = [0] * pcrsel_len for i in pcrs: pcrsel[i >> 3] |= 1 << (i & 7) - pcrsel = ''.join(map(chr, pcrsel)) + pcrsel = ''.join(map(chr, pcrsel)).encode() fmt = '>HII IH%usIHB3s' % ds cmd = struct.pack(fmt, @@ -497,7 +514,8 @@ class Client: struct.calcsize(fmt), TPM2_CC_POLICY_PCR, handle, - len(dig), str(dig), + len(dig), + bytes(dig), 1, bank_alg, pcrsel_len, pcrsel) @@ -570,11 +588,11 @@ class Client: TPM2_CC_CREATE_PRIMARY, TPM2_RH_OWNER, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), len(sensitive), - str(sensitive), + bytes(sensitive), len(public), - str(public), + bytes(public), 0, 0) return struct.unpack('>I', self.send_cmd(cmd)[10:14])[0] @@ -608,11 +626,11 @@ class Client: TPM2_CC_CREATE, parent_key, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), len(sensitive), - str(sensitive), + bytes(sensitive), len(public), - str(public), + bytes(public), 0, 0) rsp = self.send_cmd(cmd) @@ -635,7 +653,7 @@ class Client: TPM2_CC_LOAD, parent_key, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), blob) data_handle = struct.unpack('>I', self.send_cmd(cmd)[10:14])[0] @@ -653,7 +671,7 @@ class Client: TPM2_CC_UNSEAL, data_handle, len(auth_cmd), - str(auth_cmd)) + bytes(auth_cmd)) try: rsp = self.send_cmd(cmd) @@ -675,7 +693,7 @@ class Client: TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET, TPM2_RH_LOCKOUT, len(auth_cmd), - str(auth_cmd)) + bytes(auth_cmd)) self.send_cmd(cmd) @@ -693,7 +711,7 @@ class Client: more_data, cap, cnt = struct.unpack('>BII', rsp[:9]) rsp = rsp[9:] - for i in xrange(0, cnt): + for i in range(0, cnt): handle = struct.unpack('>I', rsp[:4])[0] handles.append(handle) rsp = rsp[4:] diff --git a/tools/testing/selftests/tpm2/tpm2_tests.py b/tools/testing/selftests/tpm2/tpm2_tests.py index 728be7c69b76..e134033e6f67 100644 --- a/tools/testing/selftests/tpm2/tpm2_tests.py +++ b/tools/testing/selftests/tpm2/tpm2_tests.py @@ -25,7 +25,9 @@ class SmokeTest(unittest.TestCase): blob = self.client.seal(self.root_key, data, auth, None) result = self.client.unseal(self.root_key, blob, auth, None) - self.assertEqual(data, result) + if not isinstance(result, bytes): + result = result.encode() + self.assertEqual(data.encode(), result) def test_seal_with_policy(self): handle = self.client.start_auth_session(tpm2.TPM2_SE_TRIAL) @@ -51,11 +53,13 @@ class SmokeTest(unittest.TestCase): self.client.policy_password(handle) result = self.client.unseal(self.root_key, blob, auth, handle) + if not isinstance(result, bytes): + result = result.encode() except: self.client.flush_context(handle) raise - self.assertEqual(data, result) + self.assertEqual(data.encode(), result) def test_unseal_with_wrong_auth(self): data = 'X' * 64 @@ -65,7 +69,7 @@ class SmokeTest(unittest.TestCase): blob = self.client.seal(self.root_key, data, auth, None) try: result = self.client.unseal(self.root_key, blob, auth[:-1] + 'B', None) - except ProtocolError, e: + except ProtocolError as e: rc = e.rc self.assertEqual(rc, tpm2.TPM2_RC_AUTH_FAIL) @@ -100,11 +104,13 @@ class SmokeTest(unittest.TestCase): self.client.policy_password(handle) result = self.client.unseal(self.root_key, blob, auth, handle) + if not isinstance(result, bytes): + result = result.encode() except: self.client.flush_context(handle) raise - self.assertEqual(data, result) + self.assertEqual(data.encode(), result) # Then, extend a PCR that is part of the policy and try to unseal. # This should fail. @@ -119,7 +125,7 @@ class SmokeTest(unittest.TestCase): self.client.policy_password(handle) result = self.client.unseal(self.root_key, blob, auth, handle) - except ProtocolError, e: + except ProtocolError as e: rc = e.rc self.client.flush_context(handle) except: @@ -136,7 +142,7 @@ class SmokeTest(unittest.TestCase): rc = 0 try: blob = self.client.seal(self.root_key, data, auth, None) - except ProtocolError, e: + except ProtocolError as e: rc = e.rc self.assertEqual(rc, tpm2.TPM2_RC_SIZE) @@ -152,7 +158,7 @@ class SmokeTest(unittest.TestCase): 0xDEADBEEF) self.client.send_cmd(cmd) - except IOError, e: + except IOError as e: rejected = True except: pass @@ -212,7 +218,7 @@ class SmokeTest(unittest.TestCase): self.client.tpm.write(cmd) rsp = self.client.tpm.read() - except IOError, e: + except IOError as e: # read the response rsp = self.client.tpm.read() rejected = True @@ -283,7 +289,7 @@ class SpaceTest(unittest.TestCase): rc = 0 try: space1.send_cmd(cmd) - except ProtocolError, e: + except ProtocolError as e: rc = e.rc self.assertEqual(rc, tpm2.TPM2_RC_COMMAND_CODE | -- 2.17.1

4 years, 10 months

2
5
0 0

[PATCH drivers/misc 0/4] lkdtm: Various clean ups

by Kees Cook

Hi Greg, Can you please apply these patches to your drivers/misc tree for LKDTM? It's mostly a collection of fixes and improvements and tweaks to the selftest integration. Thanks! -Kees Kees Cook (4): lkdtm: Avoid more compiler optimizations for bad writes lkdtm/heap: Avoid edge and middle of slabs selftests/lkdtm: Reset WARN_ONCE to avoid false negatives lkdtm: Make arch-specific tests always available drivers/misc/lkdtm/bugs.c | 45 +++++++++++++------------ drivers/misc/lkdtm/heap.c | 9 ++--- drivers/misc/lkdtm/lkdtm.h | 2 -- drivers/misc/lkdtm/perms.c | 22 ++++++++---- drivers/misc/lkdtm/usercopy.c | 7 ++-- tools/testing/selftests/lkdtm/run.sh | 6 ++++ tools/testing/selftests/lkdtm/tests.txt | 1 + 7 files changed, 56 insertions(+), 36 deletions(-) -- 2.25.1

4 years, 10 months

7
20
0 0

[RFC v1] kunit: tool: add support for QEMU

by Brendan Higgins

Add basic support to run QEMU via kunit_tool. Add support for i386, x86_64, arm, arm64, and a couple others. Signed-off-by: Brendan Higgins <brendanhiggins(a)google.com> --- This patch is very RFC; nevertheless, I wanted to get it out onto the list before I fix some of the more obvious problems. In particular, the most obvious issue is what to do about dependencies namely QEMU and toolchains. Part of me thinks that we should do the normal toolchain prefix thing, but it is really handy to specify to switch between complier versions and QEMU versions with a single flag. Another idea is to install needed dependencies like what 0day does with its build scripts. Another note: I only included the most straightforwardly working architectures for this initial patch; namely all the architectures which work with a toolchain and a QEMU architecture available on the Debian apt repos and otherwise don't require changes to kunit_tool which are too radical. Ideas are welcomed! --- tools/testing/kunit/kunit.py | 14 +- tools/testing/kunit/kunit_config.py | 2 +- tools/testing/kunit/kunit_kernel.py | 201 +++++++++++++++++++++++++--- 3 files changed, 195 insertions(+), 22 deletions(-) diff --git a/tools/testing/kunit/kunit.py b/tools/testing/kunit/kunit.py index f9b769f3437dd..b326cfd3982e5 100755 --- a/tools/testing/kunit/kunit.py +++ b/tools/testing/kunit/kunit.py @@ -76,10 +76,10 @@ def build_tests(linux: kunit_kernel.LinuxSourceTree, kunit_parser.print_with_timestamp('Building KUnit Kernel ...') build_start = time.time() - success = linux.build_um_kernel(request.alltests, - request.jobs, - request.build_dir, - request.make_options) + success = linux.build_kernel(request.alltests, + request.jobs, + request.build_dir, + request.make_options) build_end = time.time() if not success: return KunitResult(KunitStatus.BUILD_FAILURE, @@ -235,6 +235,10 @@ def main(argv, linux=None): help='Specifies the file to read results from.', type=str, nargs='?', metavar='input_file') + run_parser.add_argument('--arch', + help='Specifies the architecture to run tests under.', + type=str, default='um', metavar='arch') + cli_args = parser.parse_args(argv) if cli_args.subcommand == 'run': @@ -248,7 +252,7 @@ def main(argv, linux=None): create_default_kunitconfig() if not linux: - linux = kunit_kernel.LinuxSourceTree() + linux = kunit_kernel.LinuxSourceTree(arch=cli_args.arch) request = KunitRequest(cli_args.raw_output, cli_args.timeout, diff --git a/tools/testing/kunit/kunit_config.py b/tools/testing/kunit/kunit_config.py index 02ffc3a3e5dc7..6aea9d213762a 100644 --- a/tools/testing/kunit/kunit_config.py +++ b/tools/testing/kunit/kunit_config.py @@ -53,7 +53,7 @@ class Kconfig(object): return True def write_to_file(self, path: str) -> None: - with open(path, 'w') as f: + with open(path, 'a+') as f: for entry in self.entries(): f.write(str(entry) + '\n') diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py index d6a575f92317c..c1b2cbc9f5705 100644 --- a/tools/testing/kunit/kunit_kernel.py +++ b/tools/testing/kunit/kunit_kernel.py @@ -14,6 +14,8 @@ import signal from contextlib import ExitStack +from collections import namedtuple + import kunit_config import kunit_parser @@ -32,6 +34,10 @@ class BuildError(Exception): class LinuxSourceTreeOperations(object): """An abstraction over command line operations performed on a source tree.""" + def __init__(self, linux_arch, cross_compile): + self._linux_arch = linux_arch + self._cross_compile = cross_compile + def make_mrproper(self): try: subprocess.check_output(['make', 'mrproper']) @@ -40,12 +46,18 @@ class LinuxSourceTreeOperations(object): except subprocess.CalledProcessError as e: raise ConfigError(e.output) + def make_arch_qemuconfig(self, build_dir): + pass + def make_olddefconfig(self, build_dir, make_options): - command = ['make', 'ARCH=um', 'olddefconfig'] + command = ['make', 'ARCH=' + self._linux_arch, 'olddefconfig'] + if self._cross_compile: + command += ['CROSS_COMPILE=' + self._cross_compile] if make_options: command.extend(make_options) if build_dir: command += ['O=' + build_dir] + print(' '.join(command)) try: subprocess.check_output(command, stderr=subprocess.PIPE) except OSError as e: @@ -55,27 +67,24 @@ class LinuxSourceTreeOperations(object): def make_allyesconfig(self): kunit_parser.print_with_timestamp( - 'Enabling all CONFIGs for UML...') + 'Enabling all CONFIGs...') process = subprocess.Popen( - ['make', 'ARCH=um', 'allyesconfig'], + ['make', 'ARCH=' + self._linux_arch, 'allyesconfig'], stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT) process.wait() - kunit_parser.print_with_timestamp( - 'Disabling broken configs to run KUnit tests...') - with ExitStack() as es: - config = open(KCONFIG_PATH, 'a') - disable = open(BROKEN_ALLCONFIG_PATH, 'r').read() - config.write(disable) kunit_parser.print_with_timestamp( 'Starting Kernel with all configs takes a few minutes...') def make(self, jobs, build_dir, make_options): - command = ['make', 'ARCH=um', '--jobs=' + str(jobs)] + command = ['make', 'ARCH=' + self._linux_arch, '--jobs=' + str(jobs)] if make_options: command.extend(make_options) + if self._cross_compile: + command += ['CROSS_COMPILE=' + self._cross_compile] if build_dir: command += ['O=' + build_dir] + print(' '.join(command)) try: subprocess.check_output(command) except OSError as e: @@ -83,15 +92,167 @@ class LinuxSourceTreeOperations(object): except subprocess.CalledProcessError as e: raise BuildError(e.output) - def linux_bin(self, params, timeout, build_dir, outfile): + def run(self, params, timeout, build_dir, outfile): + pass + +QemuArchParams = namedtuple('QemuArchParams', ['linux_arch', + 'cross_compile', + 'qemuconfig', + 'qemu_arch', + 'kernel_path', + 'kernel_command_line', + 'extra_qemu_params']) + +QEMU_ARCHS = { + 'i386' : QemuArchParams(linux_arch='i386', + cross_compile=None, + qemuconfig='CONFIG_SERIAL_8250=y\nCONFIG_SERIAL_8250_CONSOLE=y', + qemu_arch='x86_64', + kernel_path='arch/x86/boot/bzImage', + kernel_command_line='console=ttyS0', + extra_qemu_params=['']), + 'x86_64' : QemuArchParams(linux_arch='x86_64', + cross_compile=None, + qemuconfig='CONFIG_SERIAL_8250=y\nCONFIG_SERIAL_8250_CONSOLE=y', + qemu_arch='x86_64', + kernel_path='arch/x86/boot/bzImage', + kernel_command_line='console=ttyS0', + extra_qemu_params=['']), + 'arm' : QemuArchParams(linux_arch='arm', + cross_compile='arm-linux-gnueabihf-', + qemuconfig='''CONFIG_ARCH_VIRT=y +CONFIG_SERIAL_AMBA_PL010=y +CONFIG_SERIAL_AMBA_PL010_CONSOLE=y +CONFIG_SERIAL_AMBA_PL011=y +CONFIG_SERIAL_AMBA_PL011_CONSOLE=y''', + qemu_arch='arm', + kernel_path='arch/arm/boot/zImage', + kernel_command_line='console=ttyAMA0', + extra_qemu_params=['-machine virt']), + 'arm64' : QemuArchParams(linux_arch='arm64', + cross_compile='aarch64-linux-gnu-', + qemuconfig='''CONFIG_SERIAL_AMBA_PL010=y +CONFIG_SERIAL_AMBA_PL010_CONSOLE=y +CONFIG_SERIAL_AMBA_PL011=y +CONFIG_SERIAL_AMBA_PL011_CONSOLE=y''', + qemu_arch='aarch64', + kernel_path='arch/arm64/boot/Image.gz', + kernel_command_line='console=ttyAMA0', + extra_qemu_params=['-machine virt', '-cpu cortex-a57']), + 'alpha' : QemuArchParams(linux_arch='alpha', + cross_compile='alpha-linux-gnu-', + qemuconfig='CONFIG_SERIAL_8250=y\nCONFIG_SERIAL_8250_CONSOLE=y', + qemu_arch='alpha', + kernel_path='arch/alpha/boot/vmlinux', + kernel_command_line='console=ttyS0', + extra_qemu_params=['']), + 'powerpc' : QemuArchParams(linux_arch='powerpc', + cross_compile='powerpc64-linux-gnu-', + qemuconfig='CONFIG_PPC64=y\nCONFIG_SERIAL_8250=y\nCONFIG_SERIAL_8250_CONSOLE=y\nCONFIG_HVC_CONSOLE=y', + qemu_arch='ppc64', + kernel_path='vmlinux', + kernel_command_line='console=ttyS0', + extra_qemu_params=['-M pseries', '-cpu power8']), + 'riscv' : QemuArchParams(linux_arch='riscv', + cross_compile='riscv64-linux-gnu-', + qemuconfig='CONFIG_SOC_VIRT=y\nCONFIG_SERIAL_8250=y\nCONFIG_SERIAL_8250_CONSOLE=y\nCONFIG_SERIAL_OF_PLATFORM=y\nCONFIG_SERIAL_EARLYCON_RISCV_SBI=y', + qemu_arch='riscv64', + kernel_path='arch/riscv/boot/Image', + kernel_command_line='console=ttyS0', + extra_qemu_params=['-machine virt', '-cpu rv64', '-bios opensbi-riscv64-virt-fw_jump.bin']), + 's390' : QemuArchParams(linux_arch='s390', + cross_compile='s390x-linux-gnu-', + qemuconfig='CONFIG_EXPERT=y\nCONFIG_TUNE_ZEC12=y\nCONFIG_NUMA=y\nCONFIG_MODULES=y', + qemu_arch='s390x', + kernel_path='arch/s390/boot/bzImage', + kernel_command_line='console=ttyS0', + extra_qemu_params=[ + '-machine s390-ccw-virtio', + '-cpu qemu',]), + 'sparc' : QemuArchParams(linux_arch='sparc', + cross_compile='sparc64-linux-gnu-', + qemuconfig='CONFIG_SERIAL_8250=y\nCONFIG_SERIAL_8250_CONSOLE=y', + qemu_arch='sparc', + kernel_path='arch/sparc/boot/zImage', + kernel_command_line='console=ttyS0 mem=256M', + extra_qemu_params=['-m 256']), +} + +class LinuxSourceTreeOperationsQemu(LinuxSourceTreeOperations): + + def __init__(self, qemu_arch_params): + super().__init__(linux_arch=qemu_arch_params.linux_arch, + cross_compile=qemu_arch_params.cross_compile) + self._qemuconfig = qemu_arch_params.qemuconfig + self._qemu_arch = qemu_arch_params.qemu_arch + self._kernel_path = os.path.join(os.getcwd(), qemu_arch_params.kernel_path) + print(self._kernel_path) + self._kernel_command_line = qemu_arch_params.kernel_command_line + ' kunit_shutdown=reboot' + self._extra_qemu_params = qemu_arch_params.extra_qemu_params + + def make_arch_qemuconfig(self, build_dir): + qemuconfig = kunit_config.Kconfig() + qemuconfig.parse_from_string(self._qemuconfig) + qemuconfig.write_to_file(get_kconfig_path(build_dir)) + + def run(self, params, timeout, build_dir, outfile): + kernel_path = os.path.join(build_dir, self._kernel_path) + qemu_command = ['qemu-system-' + self._qemu_arch, + '-nodefaults', + '-m', '1024', + '-kernel', kernel_path, + '-append', '\'' + ' '.join(params + [self._kernel_command_line]) + '\'', + '-no-reboot', + '-nographic', + '-serial stdio'] + self._extra_qemu_params + print(' '.join(qemu_command)) + with open(outfile, 'w') as output: + process = subprocess.Popen(' '.join(qemu_command), + stdin=subprocess.PIPE, + stdout=output, + stderr=subprocess.STDOUT, + text=True, shell=True) + try: + process.wait(timeout=timeout) + except Exception as e: + print(e) + process.terminate() + return process + +class LinuxSourceTreeOperationsUml(LinuxSourceTreeOperations): + """An abstraction over command line operations performed on a source tree.""" + + def __init__(self): + super().__init__(linux_arch='um', cross_compile=None) + + def make_allyesconfig(self): + kunit_parser.print_with_timestamp( + 'Enabling all CONFIGs for UML...') + process = subprocess.Popen( + ['make', 'ARCH=um', 'allyesconfig'], + stdout=subprocess.DEVNULL, + stderr=subprocess.STDOUT) + process.wait() + kunit_parser.print_with_timestamp( + 'Disabling broken configs to run KUnit tests...') + with ExitStack() as es: + config = open(KCONFIG_PATH, 'a') + disable = open(BROKEN_ALLCONFIG_PATH, 'r').read() + config.write(disable) + kunit_parser.print_with_timestamp( + 'Starting Kernel with all configs takes a few minutes...') + + def run(self, params, timeout, build_dir, outfile): """Runs the Linux UML binary. Must be named 'linux'.""" linux_bin = './linux' if build_dir: linux_bin = os.path.join(build_dir, 'linux') with open(outfile, 'w') as output: process = subprocess.Popen([linux_bin] + params, + stdin=subprocess.PIPE, stdout=output, - stderr=subprocess.STDOUT) + stderr=subprocess.STDOUT, + text=True) process.wait(timeout) @@ -104,11 +265,17 @@ def get_kconfig_path(build_dir): class LinuxSourceTree(object): """Represents a Linux kernel source tree with KUnit tests.""" - def __init__(self): + def __init__(self, arch=None): self._kconfig = kunit_config.Kconfig() self._kconfig.read_from_file(kunitconfig_path) - self._ops = LinuxSourceTreeOperations() signal.signal(signal.SIGINT, self.signal_handler) + self._ops = None + if arch is None or arch == 'um': + self._ops = LinuxSourceTreeOperationsUml() + elif arch in QEMU_ARCHS: + self._ops = LinuxSourceTreeOperationsQemu(QEMU_ARCHS[arch]) + else: + raise ConfigError(arch + ' is not a valid arch') def clean(self): try: @@ -138,6 +305,7 @@ class LinuxSourceTree(object): os.mkdir(build_dir) self._kconfig.write_to_file(kconfig_path) try: + self._ops.make_arch_qemuconfig(build_dir) self._ops.make_olddefconfig(build_dir, make_options) except ConfigError as e: logging.error(e) @@ -160,10 +328,11 @@ class LinuxSourceTree(object): print('Generating .config ...') return self.build_config(build_dir, make_options) - def build_um_kernel(self, alltests, jobs, build_dir, make_options): + def build_kernel(self, alltests, jobs, build_dir, make_options): if alltests: self._ops.make_allyesconfig() try: + self._ops.make_arch_qemuconfig(build_dir) self._ops.make_olddefconfig(build_dir, make_options) self._ops.make(jobs, build_dir, make_options) except (ConfigError, BuildError) as e: @@ -174,7 +343,7 @@ class LinuxSourceTree(object): def run_kernel(self, args=[], build_dir='', timeout=None): args.extend(['mem=1G', 'kunit_shutdown=halt']) outfile = 'test.log' - self._ops.linux_bin(args, timeout, build_dir, outfile) + self._ops.run(args, timeout, build_dir, outfile) subprocess.call(['stty', 'sane']) with open(outfile, 'r') as file: for line in file: base-commit: 4333a9b0b67bb4e8bcd91bdd80da80b0ec151162 prerequisite-patch-id: 2d4b5aa9fa8ada9ae04c8584b47c299a822b9455 prerequisite-patch-id: 582b6d9d28ce4b71628890ec832df6522ca68de0 prerequisite-patch-id: 97b0f3dca8a284c6f5b14fac7f10a97def18610d prerequisite-patch-id: 4b806b7fc93ca6464395d8e193378bff4b2f5c5e prerequisite-patch-id: 25411ef134020a4711e72f464cfeee486e1cca67 prerequisite-patch-id: 91f01e8965eedc34327e871f4a6a33187c94aeaf prerequisite-patch-id: 2a32d1d634e155a4a933d8f902ab717bf03ca487 prerequisite-patch-id: 00b3e340d3463d2ed7872400dd408b9188652553 prerequisite-patch-id: ee2aef0c799110f798f99f3a713f7e905595ec7b prerequisite-patch-id: a99bf1505ed65027369f3cf71e45bca2b7e07d9b prerequisite-patch-id: 8c9d94f6e7ffefa30597e9b68fba32d3c3407205 prerequisite-patch-id: 31d4fd7c057aca679253e6af504efc215ec50716 prerequisite-patch-id: 239e1866d9237e84fb626d91330c13ea0b8bae86 -- 2.27.0.212.ge8ba1cc988-goog

4 years, 10 months

1
0
0 0

[PATCH v3 0/7] kunit: create a centralized executor to dispatch all KUnit tests

by Brendan Higgins

## TL;DR This patchset adds a centralized executor to dispatch tests rather than relying on late_initcall to schedule each test suite separately along with a couple of new features that depend on it. Also, sorry for the delay in getting this new revision out. I have been really busy for the past couple weeks. ## What am I trying to do? Conceptually, I am trying to provide a mechanism by which test suites can be grouped together so that they can be reasoned about collectively. The last two of three patches in this series add features which depend on this: PATCH 5/7 Prints out a test plan[1] right before KUnit tests are run; this is valuable because it makes it possible for a test harness to detect whether the number of tests run matches the number of tests expected to be run, ensuring that no tests silently failed. The test plan includes a count of tests that will run. With the centralized executor, the tests are located in a single data structure and thus can be counted. PATCH 6/7 Add a new kernel command-line option which allows the user to specify that the kernel poweroff, halt, or reboot after completing all KUnit tests; this is very handy for running KUnit tests on UML or a VM so that the UML/VM process exits cleanly immediately after running all tests without needing a special initramfs. The centralized executor provides a definitive point when all tests have completed and the poweroff, halt, or reboot could occur. In addition, by dispatching tests from a single location, we can guarantee that all KUnit tests run after late_init is complete, which was a concern during the initial KUnit patchset review (this has not been a problem in practice, but resolving with certainty is nevertheless desirable). Other use cases for this exist, but the above features should provide an idea of the value that this could provide. ## Changes since last revision: - On patch 7/7, I added some additional wording around the kunit_shutdown command line option explaining that it runs after built-in tests as suggested by Frank. - On the coverletter, I improved some wording and added a missing link. I also specified the base-commit for the series. - Frank asked for some changes to the documentation; however, David is taking care of that in a separate patch[2], so I did not make those changes here. There will be some additional changes necessary after David's patch is applied. Alan Maguire (1): kunit: test: create a single centralized executor for all tests Brendan Higgins (5): vmlinux.lds.h: add linker section for KUnit test suites arch: um: add linker section for KUnit test suites init: main: add KUnit to kernel init kunit: test: add test plan to KUnit TAP format Documentation: Add kunit_shutdown to kernel-parameters.txt David Gow (1): kunit: Add 'kunit_shutdown' option .../admin-guide/kernel-parameters.txt | 8 ++ arch/um/include/asm/common.lds.S | 4 + include/asm-generic/vmlinux.lds.h | 8 ++ include/kunit/test.h | 82 ++++++++++++------- init/main.c | 4 + lib/kunit/Makefile | 3 +- lib/kunit/executor.c | 71 ++++++++++++++++ lib/kunit/test.c | 11 --- tools/testing/kunit/kunit_kernel.py | 2 +- tools/testing/kunit/kunit_parser.py | 76 ++++++++++++++--- .../test_is_test_passed-all_passed.log | 1 + .../test_data/test_is_test_passed-crash.log | 1 + .../test_data/test_is_test_passed-failure.log | 1 + 13 files changed, 218 insertions(+), 54 deletions(-) create mode 100644 lib/kunit/executor.c base-commit: a2f0b878c3ca531a1706cb2a8b079cea3b17bafc [1] https://github.com/isaacs/testanything.github.io/blob/tap14/tap-version-14-… [2] https://patchwork.kernel.org/patch/11383635/ -- 2.25.1.481.gfbce0eb801-goog

4 years, 10 months

7
19
0 0

[PATCH] kselftest: arm64: Remove redundant clean target

by Mark Brown

The arm64 signal tests generate warnings during build since both they and the toplevel lib.mk define a clean target: Makefile:25: warning: overriding recipe for target 'clean' ../../lib.mk:126: warning: ignoring old recipe for target 'clean' Since the inclusion of lib.mk is in the signal Makefile there is no situation where this warning could be avoided so just remove the redundant clean target. Signed-off-by: Mark Brown <broonie(a)kernel.org> --- tools/testing/selftests/arm64/signal/Makefile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tools/testing/selftests/arm64/signal/Makefile b/tools/testing/selftests/arm64/signal/Makefile index b497cfea4643..ac4ad0005715 100644 --- a/tools/testing/selftests/arm64/signal/Makefile +++ b/tools/testing/selftests/arm64/signal/Makefile @@ -21,10 +21,6 @@ include ../../lib.mk $(TEST_GEN_PROGS): $(PROGS) cp $(PROGS) $(OUTPUT)/ -clean: - $(CLEAN) - rm -f $(PROGS) - # Common test-unit targets to build common-layout test-cases executables # Needs secondary expansion to properly include the testcase c-file in pre-reqs .SECONDEXPANSION: -- 2.20.1

4 years, 10 months

2
1
0 0

RFC: KTAP documentation - expected messages

by Frank Rowand

Tim Bird started a thread [1] proposing that he document the selftest result format used by Linux kernel tests. [1] https://lore.kernel.org/r/CY4PR13MB1175B804E31E502221BC8163FD830@CY4PR13MB1… The issue of messages generated by the kernel being tested (that are not messages directly created by the tests, but are instead triggered as a side effect of the test) came up. In this thread, I will call these messages "expected messages". Instead of sidetracking that thread with a proposal to handle expected messages, I am starting this new thread. I implemented an API for expected messages that are triggered by tests in the Devicetree unittest code, with the expectation that the specific details may change when the Devicetree unittest code adapts the KUnit API. It seems appropriate to incorporate the concept of expected messages in Tim's documentation instead of waiting to address the subject when the Devicetree unittest code adapts the KUnit API, since Tim's document may become the kernel selftest standard. Instead of creating a very long email containing multiple objects, I will reply to this email with a separate reply for each of: The "expected messages" API implemention and use can be from drivers/of/unittest.c in the mainline kernel. of_unittest_expect - A proof of concept perl program to filter console output containing expected messages output of_unittest_expect is also available by cloning https://github.com/frowand/dt_tools.git An example raw console output with timestamps and expect messages. An example of console output processed by filter program of_unittest_expect to be more human readable. The expected messages are not removed, but are flagged. An example of console output processed by filter program of_unittest_expect to be more human readable. The expected messages are removed instead of being flagged.

4 years, 10 months

5
12
0 0

[RESEND PATCH 0/3] selftests: lib.mk improvements

by Yauheni Kaliuta

Fix make[1]: execvp: /bin/sh: Argument list too long encountered with some shells and a couple of more potential problems in that part of code. Yauheni Kaliuta (3): selftests: do not use .ONESHELL selftests: fix condition in run_tests selftests: simplify run_tests tools/testing/selftests/lib.mk | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) -- 2.26.2

4 years, 10 months

2
5
0 0

[PATCH v2 09/15] selftests/vm/keys: fix a broken reference at protection_keys.c

by Mauro Carvalho Chehab

Changeset 1eecbcdca2bd ("docs: move protection-keys.rst to the core-api book") from Jun 7, 2019 converted protection-keys.txt file to ReST. A recent change at protection_keys.c partially reverted such changeset, causing it to point to a non-existing file: - * Tests x86 Memory Protection Keys (see Documentation/core-api/protection-keys.rst) + * Tests Memory Protection Keys (see Documentation/vm/protection-keys.txt) It sounds to me that the changeset that introduced such change 4645e3563673 ("selftests/vm/pkeys: rename all references to pkru to a generic name") could also have other side effects, as it sounds that it was not generated against uptream code, but, instead, against a version older than Jun 7, 2019. Fixes: 4645e3563673 ("selftests/vm/pkeys: rename all references to pkru to a generic name") Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> --- tools/testing/selftests/vm/protection_keys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/vm/protection_keys.c b/tools/testing/selftests/vm/protection_keys.c index fc19addcb5c8..fdbb602ecf32 100644 --- a/tools/testing/selftests/vm/protection_keys.c +++ b/tools/testing/selftests/vm/protection_keys.c @@ -1,6 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 /* - * Tests Memory Protection Keys (see Documentation/vm/protection-keys.txt) + * Tests Memory Protection Keys (see Documentation/core-api/protection-keys.rst) * * There are examples in here of: * * how to set protection keys on memory -- 2.26.2

4 years, 10 months

1
0
0 0

RFC - kernel selftest result documentation (KTAP)

by Bird, Tim

Some months ago I started work on a document to formalize how kselftest implements the TAP specification. However, I didn't finish that work. Maybe it's time to do so now. kselftest has developed a few differences from the original TAP specification, and some extensions that I believe are worth documenting. Essentially, we have created our own KTAP (kernel TAP) format. I think it is worth documenting our conventions, in order to keep everyone on the same page. Below is a partially completed document on my understanding of KTAP, based on examination of some of the kselftest test output. I have not reconciled this with the kunit output format, which I believe has some differences (which maybe we should resolve before we get too far into this). I submit the document now, before it is finished, because a patch was recently introduced to alter one of the result conventions (from SKIP='not ok' to SKIP='ok'). See the document include inline below ====== start of ktap-doc-rfc.txt ====== Selftest preferred output format -------------------------------- The linux kernel selftest system uses TAP (Test Anything Protocol) output to make testing results consumable by automated systems. A number of Continuous Integration (CI) systems test the kernel every day. It is useful for these systems that output from selftest programs be consistent and machine-parsable. At the same time, it is useful for test results to be human-readable as well. The kernel test result format is based on a variation TAP TAP is a simple text-based format that is documented on the TAP home page (http://testanything.org/). There is an official TAP13 specification here: http://testanything.org/tap-version-13-specification.html The kernel test result format consists of 5 major elements, 4 of which are line-based: * the output version line * the plan line * one or more test result lines (also called test result lines) * a possible "Bail out!" line optional elements: * diagnostic data The 5th element is diagnostic information, which is used to describe items running in the test, and possibly to explain test results. A sample test result is show below: Some other lines may be placed the test harness, and are not emitted by individual test programs: * one or more test identification lines * a possible results summary line Here is an example: TAP version 13 1..1 # selftests: cpufreq: main.sh # pid 8101's current affinity mask: fff # pid 8101's new affinity mask: 1 ok 1 selftests: cpufreq: main.sh The output version line is: "TAP version 13" The test plan is "1..1". Element details =============== Output version line ------------------- The output version line is always "TAP version 13". Although the kernel test result format has some additions to the TAP13 format, the version line reported by kselftest tests is (currently) always the exact string "TAP version 13" This is always the first line of test output. Test plan line -------------- The test plan indicates the number of individual test cases intended to be executed by the test. It always starts with "1.." and is followed by the number of tests cases. In the example above, 1..1", indicates that this test reports only 1 test case. The test plan line can be placed in two locations: * the second line of test output, when the number of test cases is known in advance * as the last line of test output, when the number of test cases is not known in advance. Most often, the number of test cases is known in advance, and the test plan line appears as the second line of test output, immediately following the output version line. The number of test cases might not be known in advance if the number of tests is calculated from runtime data. In this case, the test plan line is emitted as the last line of test output. Test result lines ----------------- The test output consists of one or more test result lines that indicate the actual results for the test. These have the format: <result> <number> <description> [<directive>] [<diagnostic data>] The ''result'' must appear at the start of a line (except for when a test is nested, see below), and must consist of one of the following two phrases: * ok * not ok If the test passed, then the result is reported as "ok". If the test failed, then the result is reported as "not ok". These must be in lower case, exactly as shown. The ''number'' in the test result line represents the number of the test case being performed by the test program. This is often used by test harnesses as a unique identifier for each test case. The test number is a base-10 number, starting with 1. It should increase by one for each new test result line emitted. If possible the number for a test case should be kept the same over the lifetime of the test. The ''description'' is a short description of the test case. This can be any string of words, but should avoid using colons (':') except as part of a fully qualifed test case name (see below). Finally, it is possible to use a test directive to indicate another possible outcome for a test: that it was skipped. To report that a test case was skipped, the result line should start with the result "not ok", and the directive "# SKIP" should be placed after the test description. (Note that this deviates from the TAP13 specification). A test may be skipped for a variety of reasons, ranging for insufficient privileges to missing features or resources required to execute that test case. It is usually helpful if a diagnostic message is emitted to explain the reasons for the skip. If the message is a single line and is short, the diagnostic message may be placed after the '# SKIP' directive on the same line as the test result. However, if it is not on the test result line, it should precede the test line (see diagnostic data, next). Diagnostic data --------------- Diagnostic data is text that reports on test conditions or test operations, or that explains test results. In the kernel test result format, diagnostic data is placed on lines that start with a hash sign, followed by a space ('# '). One special format of diagnostic data is a test identification line, that has the fully qualified name of a test case. Such a test identification line marks the start of test output for a test case. In the example above, there are three lines that start with '#' which precede the test result line: # selftests: cpufreq: main.sh # pid 8101's current affinity mask: fff # pid 8101's new affinity mask: 1 These are used to indicate diagnostic data for the test case 'selftests: cpufreq: main.sh' Material in comments between the identification line and the test result line are diagnostic data that can help to interpret the results of the test. The TAP specification indicates that automated test harnesses may ignore any line that is not one of the mandatory prescribed lines (that is, the output format version line, the plan line, a test result line, or a "Bail out!" line.) Bail out! --------- If a line in the test output starts with 'Bail out!', it indicates that the test was aborted for some reason. It indicates that the test is unable to proceed, and no additional tests will be performed. This can be used at the very beginning of a test, or anywhere in the middle of the test, to indicate that the test can not continue. --- from here on is not-yet-organized material Tip: - don't change the test plan based on skipped tests. - it is better to report that a test case was skipped, than to not report it - that is, don't adjust the number of test cases based on skipped tests Other things to mention: TAP13 elements not used: - yaml for diagnostic messages - reason: try to keep things line-based, since output from other things may be interspersed with messages from the test itself - TODO directive KTAP Extensions beyond TAP13: - nesting - via indentation - indentation makes it easier for humans to read - test identifier - multiple parts, separated by ':' - summary lines - can be skipped by CI systems that do their own calculations Other notes: - automatic assignment of result status based on exit code Tips: - do NOT describe the result in the test line - the test case description should be the same whether the test succeeds or fails - use diagnostic lines to describe or explain results, if this is desirable - test numbers are considered harmful - test harnesses should use the test description as the identifier - test numbers change when testcases are added or removed - which means that results can't be compared between different versions of the test - recommendations for diagnostic messages: - reason for failure - reason for skip - diagnostic data should always preceding the result line - problem: harness may emit result before test can do assessment to determine reason for result - this is what the kernel uses Differences between kernel test result format and TAP13: - in KTAP the "# SKIP" directive is placed after the description on the test result line ====== start of ktap-doc-rfc.txt ====== OK - that's the end of the RFC doc. Here are a few questions: - is this document desired or not? - is it too long or too short? - if the document is desired, where should it be placed? I assume somewhere under Documentation, and put into .rst format. Suggestions for a name and location are welcome. - is this document accurate? I think KUNIT does a few things differently than this description. - is the intent to have kunit and kselftest have the same output format? if so, then these should be rationalized. Finally, - Should a SKIP result be 'ok' (TAP13 spec) or 'not ok' (current kselftest practice)? See https://testanything.org/tap-version-13-specification.html Regards, -- Tim

4 years, 10 months

6
42
0 0

[PATCH 00/16] mm/hmm/nouveau: THP mapping and migration

by Ralph Campbell

These patches apply to linux-5.8.0-rc1. Patches 1-3 should probably go into 5.8, the others can be queued for 5.9. Patches 4-6 improve the HMM self tests. Patch 7-8 prepare nouveau for the meat of this series which adds support and testing for compound page mapping of system memory (patches 9-11) and compound page migration to device private memory (patches 12-16). Since these changes are split across mm core, nouveau, and testing, I'm guessing Jason Gunthorpe's HMM tree would be appropriate. Ralph Campbell (16): mm: fix migrate_vma_setup() src_owner and normal pages nouveau: fix migrate page regression nouveau: fix mixed normal and device private page migration mm/hmm: fix test timeout on slower machines mm/hmm/test: remove redundant page table invalidate mm/hmm: test mixed normal and device private migrations nouveau: make nvkm_vmm_ctor() and nvkm_mmu_ptp_get() static nouveau/hmm: fault one page at a time mm/hmm: add output flag for compound page mapping nouveau/hmm: support mapping large sysmem pages hmm: add tests for HMM_PFN_COMPOUND flag mm/hmm: optimize migrate_vma_setup() for holes mm: support THP migration to device private memory mm/thp: add THP allocation helper mm/hmm/test: add self tests for THP migration nouveau: support THP migration to private memory drivers/gpu/drm/nouveau/nouveau_dmem.c | 177 +++++--- drivers/gpu/drm/nouveau/nouveau_svm.c | 241 +++++------ drivers/gpu/drm/nouveau/nouveau_svm.h | 3 +- .../gpu/drm/nouveau/nvkm/subdev/mmu/base.c | 6 +- .../gpu/drm/nouveau/nvkm/subdev/mmu/priv.h | 2 + drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 10 +- drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.h | 3 - .../drm/nouveau/nvkm/subdev/mmu/vmmgp100.c | 29 +- include/linux/gfp.h | 10 + include/linux/hmm.h | 4 +- include/linux/migrate.h | 1 + include/linux/mm.h | 1 + lib/test_hmm.c | 359 ++++++++++++---- lib/test_hmm_uapi.h | 2 + mm/hmm.c | 10 +- mm/huge_memory.c | 46 ++- mm/internal.h | 1 - mm/memory.c | 10 +- mm/memremap.c | 9 +- mm/migrate.c | 236 +++++++++-- mm/page_alloc.c | 1 + tools/testing/selftests/vm/hmm-tests.c | 388 +++++++++++++++++- 22 files changed, 1203 insertions(+), 346 deletions(-) -- 2.20.1

4 years, 10 months

6
37
0 0

[PATCH] kselftest: ksft_test_num return type should be unsigned

by Paolo Bonzini

Fixes a compiler warning: In file included from sync_test.c:37: ../kselftest.h: In function ‘ksft_print_cnts’: ../kselftest.h:78:16: warning: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Wsign-compare] if (ksft_plan != ksft_test_num()) ^~ Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> --- tools/testing/selftests/kselftest.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/kselftest.h b/tools/testing/selftests/kselftest.h index 0ac49d91a260..862eee734553 100644 --- a/tools/testing/selftests/kselftest.h +++ b/tools/testing/selftests/kselftest.h @@ -36,7 +36,7 @@ struct ksft_count { static struct ksft_count ksft_cnt; static unsigned int ksft_plan; -static inline int ksft_test_num(void) +static inline unsigned int ksft_test_num(void) { return ksft_cnt.ksft_pass + ksft_cnt.ksft_fail + ksft_cnt.ksft_xfail + ksft_cnt.ksft_xpass + -- 2.26.2

4 years, 10 months

1
0
0 0

Re: mmotm 2020-06-20-21-36 uploaded (lkdtm/bugs.c)

by Randy Dunlap

On 6/20/20 9:37 PM, akpm(a)linux-foundation.org wrote: > The mm-of-the-moment snapshot 2020-06-20-21-36 has been uploaded to > > http://www.ozlabs.org/~akpm/mmotm/ > > mmotm-readme.txt says > > README for mm-of-the-moment: > > http://www.ozlabs.org/~akpm/mmotm/ > > This is a snapshot of my -mm patch queue. Uploaded at random hopefully > more than once a week. drivers/misc/lkdtm/bugs.c has build errors when building UML for i386 (allmodconfig or allyesconfig): In file included from ../drivers/misc/lkdtm/bugs.c:17:0: ../arch/x86/um/asm/desc.h:7:0: warning: "LDT_empty" redefined #define LDT_empty(info) (\ In file included from ../arch/um/include/asm/mmu.h:10:0, from ../include/linux/mm_types.h:18, from ../include/linux/sched/signal.h:13, from ../drivers/misc/lkdtm/bugs.c:11: ../arch/x86/um/asm/mm_context.h:65:0: note: this is the location of the previous definition #define LDT_empty(info) (_LDT_empty(info)) ../drivers/misc/lkdtm/bugs.c: In function ‘lkdtm_DOUBLE_FAULT’: ../drivers/misc/lkdtm/bugs.c:428:9: error: variable ‘d’ has initializer but incomplete type struct desc_struct d = { ^~~~~~~~~~~ ../drivers/misc/lkdtm/bugs.c:429:4: error: ‘struct desc_struct’ has no member named ‘type’ .type = 3, /* expand-up, writable, accessed data */ ^~~~ ../drivers/misc/lkdtm/bugs.c:429:11: warning: excess elements in struct initializer .type = 3, /* expand-up, writable, accessed data */ ^ ../drivers/misc/lkdtm/bugs.c:429:11: note: (near initialization for ‘d’) ../drivers/misc/lkdtm/bugs.c:430:4: error: ‘struct desc_struct’ has no member named ‘p’ .p = 1, /* present */ ^ ../drivers/misc/lkdtm/bugs.c:430:8: warning: excess elements in struct initializer .p = 1, /* present */ ^ ../drivers/misc/lkdtm/bugs.c:430:8: note: (near initialization for ‘d’) ../drivers/misc/lkdtm/bugs.c:431:4: error: ‘struct desc_struct’ has no member named ‘d’ .d = 1, /* 32-bit */ ^ ../drivers/misc/lkdtm/bugs.c:431:8: warning: excess elements in struct initializer .d = 1, /* 32-bit */ ^ ../drivers/misc/lkdtm/bugs.c:431:8: note: (near initialization for ‘d’) ../drivers/misc/lkdtm/bugs.c:432:4: error: ‘struct desc_struct’ has no member named ‘g’ .g = 0, /* limit in bytes */ ^ ../drivers/misc/lkdtm/bugs.c:432:8: warning: excess elements in struct initializer .g = 0, /* limit in bytes */ ^ ../drivers/misc/lkdtm/bugs.c:432:8: note: (near initialization for ‘d’) ../drivers/misc/lkdtm/bugs.c:433:4: error: ‘struct desc_struct’ has no member named ‘s’ .s = 1, /* not system */ ^ ../drivers/misc/lkdtm/bugs.c:433:8: warning: excess elements in struct initializer .s = 1, /* not system */ ^ ../drivers/misc/lkdtm/bugs.c:433:8: note: (near initialization for ‘d’) ../drivers/misc/lkdtm/bugs.c:428:21: error: storage size of ‘d’ isn’t known struct desc_struct d = { ^ ../drivers/misc/lkdtm/bugs.c:437:2: error: implicit declaration of function ‘write_gdt_entry’; did you mean ‘init_wait_entry’? [-Werror=implicit-function-declaration] write_gdt_entry(get_cpu_gdt_rw(smp_processor_id()), ^~~~~~~~~~~~~~~ init_wait_entry ../drivers/misc/lkdtm/bugs.c:437:18: error: implicit declaration of function ‘get_cpu_gdt_rw’; did you mean ‘get_cpu_ptr’? [-Werror=implicit-function-declaration] write_gdt_entry(get_cpu_gdt_rw(smp_processor_id()), ^~~~~~~~~~~~~~ get_cpu_ptr ../drivers/misc/lkdtm/bugs.c:438:27: error: ‘DESCTYPE_S’ undeclared (first use in this function) GDT_ENTRY_TLS_MIN, &d, DESCTYPE_S); ^~~~~~~~~~ ../drivers/misc/lkdtm/bugs.c:438:27: note: each undeclared identifier is reported only once for each function it appears in ../drivers/misc/lkdtm/bugs.c:428:21: warning: unused variable ‘d’ [-Wunused-variable] struct desc_struct d = { ^ cc1: some warnings being treated as errors -- ~Randy Reported-by: Randy Dunlap <rdunlap(a)infradead.org>

4 years, 10 months

3
2
0 0

[PATCH] Documentation: kunit: Add naming guidelines

by David Gow

As discussed in [1], KUnit tests have hitherto not had a particularly consistent naming scheme. This adds documentation outlining how tests and test suites should be named, including how those names should be used in Kconfig entries and filenames. [1]: https://lore.kernel.org/linux-kselftest/202006141005.BA19A9D3@keescook/t/#u Signed-off-by: David Gow <davidgow(a)google.com> --- This is a first draft of some naming guidelines for KUnit tests. Note that I haven't edited it for spelling/grammar/style yet: I wanted to get some feedback on the actual naming conventions first. The issues which came most to the forefront while writing it were: - Do we want to make subsystems a more explicit thing (make the KUnit framework recognise them, make suites KTAP subtests of them, etc) - I'm leaning towards no, mainly because it doesn't seem necessary, and it makes the subsystem-with-only-one-suite case ugly. - Do we want to support (or encourage) Kconfig options and/or modules at the subsystem level rather than the suite level? - This could be nice: it'd avoid the proliferation of a large number of tiny config options and modules, and would encourage the test for <module> to be <module>_kunit, without other stuff in-between. - As test names are also function names, it may actually make sense to decorate them with "test" or "kunit" or the like. - If we're testing a function "foo", "test_foo" seems like as good a name for the function as any. Sure, many cases may could have better names like "foo_invalid_context" or something, but that won't make sense for everything. - Alternatively, do we split up the test name and the name of the function implementing the test? Thoughts? Documentation/dev-tools/kunit/index.rst | 1 + Documentation/dev-tools/kunit/style.rst | 139 ++++++++++++++++++++++++ 2 files changed, 140 insertions(+) create mode 100644 Documentation/dev-tools/kunit/style.rst diff --git a/Documentation/dev-tools/kunit/index.rst b/Documentation/dev-tools/kunit/index.rst index e93606ecfb01..117c88856fb3 100644 --- a/Documentation/dev-tools/kunit/index.rst +++ b/Documentation/dev-tools/kunit/index.rst @@ -11,6 +11,7 @@ KUnit - Unit Testing for the Linux Kernel usage kunit-tool api/index + style faq What is KUnit? diff --git a/Documentation/dev-tools/kunit/style.rst b/Documentation/dev-tools/kunit/style.rst new file mode 100644 index 000000000000..9363b5607262 --- /dev/null +++ b/Documentation/dev-tools/kunit/style.rst @@ -0,0 +1,139 @@ +.. SPDX-License-Identifier: GPL-2.0 + +=========================== +Test Style and Nomenclature +=========================== + +Subsystems, Suites, and Tests +============================= + +In order to make tests as easy to find as possible, they're grouped into suites +and subsystems. A test suite is a group of tests which test a related area of +the kernel, and a subsystem is a set of test suites which test different parts +of the same kernel subsystem or driver. + +Subsystems +---------- + +Every test suite must belong to a subsystem. A subsystem is a collection of one +or more KUnit test suites which test the same driver or part of the kernel. A +rule of thumb is that a test subsystem should match a single kernel module. If +the code being tested can't be compiled as a module, in many cases the subsystem +should correspond to a directory in the source tree or an entry in the +MAINTAINERS file. If unsure, follow the conventions set by tests in similar +areas. + +Test subsystems should be named after the code being tested, either after the +module (wherever possible), or after the directory or files being tested. Test +subsystems should be named to avoid ambiguity where necessary. + +If a test subsystem name has multiple components, they should be separated by +underscores. Do not include "test" or "kunit" directly in the subsystem name +unless you are actually testing other tests or the kunit framework itself. + +Example subsystems could be: + +* ``ext4`` +* ``apparmor`` +* ``kasan`` + +.. note:: + The KUnit API and tools do not explicitly know about subsystems. They're + simply a way of categorising test suites and naming modules which + provides a simple, consistent way for humans to find and run tests. This + may change in the future, though. + +Suites +------ + +KUnit tests are grouped into test suites, which cover a specific area of +functionality being tested. Test suites can have shared initialisation and +shutdown code which is run for all tests in the suite. +Not all subsystems will need to be split into multiple test suites (e.g. simple drivers). + +Test suites are named after the subsystem they are part of. If a subsystem +contains several suites, the specific area under test should be appended to the +subsystem name, separated by an underscore. + +The full test suite name (including the subsystem name) should be specified as +the ``.name`` member of the ``kunit_suite`` struct, and forms the base for the +module name (see below). + +Example test suites could include: + +* ``ext4_inode`` +* ``kunit_try_catch`` +* ``apparmor_property_entry`` +* ``kasan`` + +Tests +----- + +Individual tests consist of a single function which tests a constrained +codepath, property, or function. In the test output, individual tests' results +will show up as subtests of the suite's results. + +Tests should be named after what they're testing. This is often the name of the +function being tested, with a description of the input or codepath being tested. +As tests are C functions, they should be named and written in accordance with +the kernel coding style. + +.. note:: + As tests are themselves functions, their names cannot conflict with + other C identifiers in the kernel. This may require some creative + naming. It's a good idea to make your test functions `static` to avoid + polluting the global namespace. + +Should it be necessary to refer to a test outside the context of its test suite, +the *fully-qualified* name of a test should be the suite name followed by the +test name, separated by a colon (i.e. ``suite:test``). + +Test Kconfig Entries +==================== + +Every test suite should be tied to a Kconfig entry. + +This Kconfig entry must: + +* be named ``CONFIG_<name>_KUNIT_TEST``: where <name> is the name of the test + suite. +* be listed either alongside the config entries for the driver/subsystem being + tested, or be under [Kernel Hacking]→[Kernel Testing and Coverage] +* depend on ``CONFIG_KUNIT`` +* be visible only if ``CONFIG_KUNIT_ALL_TESTS`` is not enabled. +* have a default value of ``CONFIG_KUNIT_ALL_TESTS``. +* have a brief description of KUnit in the help text +* include "If unsure, say N" in the help text + +Unless there's a specific reason not to (e.g. the test is unable to be built as +a module), Kconfig entries for tests should be tristate. + +An example Kconfig entry: + +.. code-block:: none + + config FOO_KUNIT_TEST + tristate "KUnit test for foo" if !KUNIT_ALL_TESTS + depends on KUNIT + default KUNIT_ALL_TESTS + help + This builds unit tests for foo. + + For more information on KUnit and unit tests in general, please refer + to the KUnit documentation in Documentation/dev-tools/kunit + + If unsure, say N + + +Test Filenames +============== + +Where possible, test suites should be placed in a separate source file in the +same directory as the code being tested. + +This file should be named ``<suite>_kunit.c``. It may make sense to strip +excessive namespacing from the source filename (e.g., ``firmware_kunit.c`` instead of +``<drivername>_firmware.c``), but please ensure the module name does contain the +full suite name. + + -- 2.27.0.111.gc72c7da667-goog

4 years, 10 months

4
3
0 0

[PATCH] Revert "tpm: selftest: cleanup after unseal with wrong auth/policy test"

by Jarkko Sakkinen

The reverted commit illegitly uses tpm2-tools. External dependencies are absolutely forbidden from these tests. There is also the problem that clearing is not necessarily wanted behavior if the test/target computer is not used only solely for testing. Fixes: a9920d3bad40 ("tpm: selftest: cleanup after unseal with wrong auth/policy test") Cc: Tadeusz Struk <tadeusz.struk(a)intel.com> Cc: stable(a)vger.kernel.org Cc: linux-integrity(a)vger.kernel.org Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- tools/testing/selftests/tpm2/test_smoke.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tools/testing/selftests/tpm2/test_smoke.sh b/tools/testing/selftests/tpm2/test_smoke.sh index 663062701d5a..79f8e9da5d21 100755 --- a/tools/testing/selftests/tpm2/test_smoke.sh +++ b/tools/testing/selftests/tpm2/test_smoke.sh @@ -8,8 +8,3 @@ ksft_skip=4 python -m unittest -v tpm2_tests.SmokeTest python -m unittest -v tpm2_tests.AsyncTest - -CLEAR_CMD=$(which tpm2_clear) -if [ -n $CLEAR_CMD ]; then - tpm2_clear -T device -fi -- 2.25.1

4 years, 10 months

1
0
0 0

[net-next,v1,0/5] Strict mode for VRF

by Andrea Mayer

This patch set adds the new "strict mode" functionality to the Virtual Routing and Forwarding infrastructure (VRF). Hereafter we discuss the requirements and the main features of the "strict mode" for VRF. On VRF creation, it is necessary to specify the associated routing table used during the lookup operations. Currently, there is no mechanism that avoids creating multiple VRFs sharing the same routing table. In other words, it is not possible to force a one-to-one relationship between a specific VRF and the table associated with it. The "strict mode" imposes that each VRF can be associated to a routing table only if such routing table is not already in use by any other VRF. In particular, the strict mode ensures that: 1) given a specific routing table, the VRF (if exists) is uniquely identified; 2) given a specific VRF, the related table is not shared with any other VRF. Constraints (1) and (2) force a one-to-one relationship between each VRF and the corresponding routing table. The strict mode feature is designed to be network-namespace aware and it can be directly enabled/disabled acting on the "strict_mode" parameter. Read and write operations are carried out through the classic sysctl command on net.vrf.strict_mode path, i.e: sysctl -w net.vrf.strict_mode=1. Only two distinct values {0,1} are accepted by the strict_mode parameter: - with strict_mode=0, multiple VRFs can be associated with the same table. This is the (legacy) default kernel behavior, the same that we experience when the strict mode patch set is not applied; - with strict_mode=1, the one-to-one relationship between the VRFs and the associated tables is guaranteed. In this configuration, the creation of a VRF which refers to a routing table already associated with another VRF fails and the error is returned to the user. The kernel keeps track of the associations between a VRF and the routing table during the VRF setup, in the "management" plane. Therefore, the strict mode does not impact the performance or the intrinsic functionality of the data plane in any way. When the strict mode is active it is always possible to disable the strict mode, while the reverse operation is not always allowed. Setting the strict_mode parameter to 0 is equivalent to removing the one-to-one constraint between any single VRF and its associated routing table. Conversely, if the strict mode is disabled and there are multiple VRFs that refer to the same routing table, then it is prohibited to set the strict_mode parameter to 1. In this configuration, any attempt to perform the operation will lead to an error and it will be reported to the user. To enable strict mode once again (by setting the strict_mode parameter to 1), you must first remove all the VRFs that share common tables. There are several use cases which can take advantage from the introduction of the strict mode feature. In particular, the strict mode allows us to: i) guarantee the proper functioning of some applications which deal with routing protocols; ii) perform some tunneling decap operations which require to use specific routing tables for segregating and forwarding the traffic. Considering (i), the creation of different VRFs that point to the same table leads to the situation where two different routing entities believe they have exclusive access to the same table. This leads to the situation where different routing daemons can conflict for gaining routes control due to overlapping tables. By enabling strict mode it is possible to prevent this situation which often occurs due to incorrect configurations done by the users. The ability to enable/disable the strict mode functionality does not depend on the tool used for configuring the networking. In essence, the strict mode patch solves, at the kernel level, what some other patches [1] had tried to solve at the userspace level (using only iproute2) with all the related problems. Considering (ii), the introduction of the strict mode functionality allows us implementing the SRv6 End.DT4 behavior. Such behavior terminates a SR tunnel and it forwards the IPv4 traffic according to the routes present in the routing table supplied during the configuration. The SRv6 End.DT4 can be realized exploiting the routing capabilities made available by the VRF infrastructure. This behavior could leverage a specific VRF for forcing the traffic to be forwarded in accordance with the routes available in the VRF table. Anyway, in order to make the End.DT4 properly work, it must be guaranteed that the table used for the route lookup operations is bound to one and only one VRF. In this way, it is possible to use the table for uniquely retrieving the associated VRF and for routing packets. I would like to thank David Ahern for his constant and valuable support during the design and development phases of this patch set. Comments, suggestions and improvements are very welcome! Thanks, Andrea Mayer v1 l3mdev: add infrastructure for table to VRF mapping - define l3mdev_lock as static, thanks to Jakub Kicinski; - move lookup_by_table_id_t from l3mdev.c to l3mdev.h and update the l3mdev_dev_table_lookup_{un}register functions accordingly, thanks to David Ahern. vrf: track associations between VRF devices and tables - change shared_tables type from 'int' to 'u32', thanks to Stephen Hemminger and David Ahern; - update comments for share_tables. vrf: add sysctl parameter for strict mode - change type 'void __user *buffer' to 'void *buffer' in argument 3 of vrf_shared_table_handler function, thanks to Jakub Kicinski. [1] https://lore.kernel.org/netdev/20200307205916.15646-1-sharpd@cumulusnetwork… Andrea Mayer (5): l3mdev: add infrastructure for table to VRF mapping vrf: track associations between VRF devices and tables vrf: add sysctl parameter for strict mode vrf: add l3mdev registration for table to VRF device lookup selftests: add selftest for the VRF strict mode drivers/net/vrf.c | 450 +++++++++++++++++- include/net/l3mdev.h | 39 ++ net/l3mdev/l3mdev.c | 93 ++++ .../selftests/net/vrf_strict_mode_test.sh | 390 +++++++++++++++ 4 files changed, 963 insertions(+), 9 deletions(-) create mode 100755 tools/testing/selftests/net/vrf_strict_mode_test.sh -- 2.20.1

4 years, 10 months

3
7
0 0

[GIT PULL] Kselftest update for Linux 5.8-rc2

by Shuah Khan

Hi Linus, Please pull the following Kselftest update for Linux 5.8-rc2. This Kselftest update for Linux 5.8-rc2 consists of: - ftrace "requires:" list for simplifying and unifying requirement checks for each test case, adding "requires:" line instead of checking required ftrace interfaces in each test case. - a minor spelling correction patch thanks, -- Shuah ---------------------------------------------------------------- The following changes since commit b3a9e3b9622ae10064826dccb4f7a52bd88c7407: Linux 5.8-rc1 (2020-06-14 12:45:04 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-5.8-rc2 for you to fetch changes up to 1b8eec510ba641418573eacc98a7e9c07726af30: selftests/ftrace: Support ":README" suffix for requires (2020-06-16 10:42:47 -0600) ---------------------------------------------------------------- linux-kselftest-5.8-rc2 This Kselftest update for Linux 5.8-rc2 consists of: - ftrace "requires:" list for simplifying and unifying requirement checks for each test case, adding "requires:" line instead of checking required ftrace interfaces in each test case. - a minor spelling correction patch ---------------------------------------------------------------- Flavio Suligoi (1): tools: testing: ftrace: trigger: fix spelling mistake Masami Hiramatsu (7): selftests/ftrace: Allow ":" in description selftests/ftrace: Return unsupported for the unconfigured features selftests/ftrace: Add "requires:" list support selftests/ftrace: Convert required interface checks into requires list selftests/ftrace: Convert check_filter_file() with requires list selftests/ftrace: Support ":tracer" suffix for requires selftests/ftrace: Support ":README" suffix for requires tools/testing/selftests/ftrace/ftracetest | 11 ++++++-- .../selftests/ftrace/test.d/00basic/snapshot.tc | 3 +-- .../selftests/ftrace/test.d/00basic/trace_pipe.tc | 3 +-- .../ftrace/test.d/direct/kprobe-direct.tc | 6 +---- .../ftrace/test.d/dynevent/add_remove_kprobe.tc | 6 +---- .../ftrace/test.d/dynevent/add_remove_synth.tc | 5 +--- .../ftrace/test.d/dynevent/clear_select_events.tc | 11 +------- .../ftrace/test.d/dynevent/generic_clear_event.tc | 8 +----- .../selftests/ftrace/test.d/event/event-enable.tc | 6 +---- .../selftests/ftrace/test.d/event/event-no-pid.tc | 11 +------- .../selftests/ftrace/test.d/event/event-pid.tc | 11 +------- .../ftrace/test.d/event/subsystem-enable.tc | 6 +---- .../ftrace/test.d/event/toplevel-enable.tc | 6 +---- .../ftrace/test.d/ftrace/fgraph-filter-stack.tc | 14 +--------- .../ftrace/test.d/ftrace/fgraph-filter.tc | 8 +----- .../ftrace/test.d/ftrace/func-filter-glob.tc | 8 +----- .../test.d/ftrace/func-filter-notrace-pid.tc | 13 +-------- .../ftrace/test.d/ftrace/func-filter-pid.tc | 13 +-------- .../ftrace/test.d/ftrace/func-filter-stacktrace.tc | 3 +-- .../selftests/ftrace/test.d/ftrace/func_cpumask.tc | 6 +---- .../ftrace/test.d/ftrace/func_event_triggers.tc | 7 +++-- .../ftrace/test.d/ftrace/func_mod_trace.tc | 3 +-- .../ftrace/test.d/ftrace/func_profile_stat.tc | 3 +-- .../ftrace/test.d/ftrace/func_profiler.tc | 12 +-------- .../ftrace/test.d/ftrace/func_set_ftrace_file.tc | 6 ++--- .../ftrace/test.d/ftrace/func_stack_tracer.tc | 8 +----- .../test.d/ftrace/func_traceonoff_triggers.tc | 6 ++--- .../ftrace/test.d/ftrace/tracing-error-log.tc | 12 +++------ tools/testing/selftests/ftrace/test.d/functions | 28 ++++++++++++++----- .../ftrace/test.d/instances/instance-event.tc | 6 +---- .../selftests/ftrace/test.d/instances/instance.tc | 6 +---- .../ftrace/test.d/kprobe/add_and_remove.tc | 3 +-- .../selftests/ftrace/test.d/kprobe/busy_check.tc | 3 +-- .../selftests/ftrace/test.d/kprobe/kprobe_args.tc | 3 +-- .../ftrace/test.d/kprobe/kprobe_args_comm.tc | 3 +-- .../ftrace/test.d/kprobe/kprobe_args_string.tc | 3 +-- .../ftrace/test.d/kprobe/kprobe_args_symbol.tc | 3 +-- .../ftrace/test.d/kprobe/kprobe_args_syntax.tc | 5 +--- .../ftrace/test.d/kprobe/kprobe_args_type.tc | 5 +--- .../ftrace/test.d/kprobe/kprobe_args_user.tc | 4 +-- .../ftrace/test.d/kprobe/kprobe_eventname.tc | 3 +-- .../ftrace/test.d/kprobe/kprobe_ftrace.tc | 6 +---- .../ftrace/test.d/kprobe/kprobe_module.tc | 3 +-- .../ftrace/test.d/kprobe/kprobe_multiprobe.tc | 5 +--- .../ftrace/test.d/kprobe/kprobe_syntax_errors.tc | 5 +--- .../ftrace/test.d/kprobe/kretprobe_args.tc | 3 +-- .../ftrace/test.d/kprobe/kretprobe_maxactive.tc | 4 +-- .../ftrace/test.d/kprobe/multiple_kprobes.tc | 3 +-- .../selftests/ftrace/test.d/kprobe/probepoint.tc | 3 +-- .../selftests/ftrace/test.d/kprobe/profile.tc | 3 +-- .../ftrace/test.d/kprobe/uprobe_syntax_errors.tc | 5 +--- .../ftrace/test.d/preemptirq/irqsoff_tracer.tc | 4 +-- tools/testing/selftests/ftrace/test.d/template | 4 +++ .../selftests/ftrace/test.d/tracer/wakeup.tc | 6 +---- .../selftests/ftrace/test.d/tracer/wakeup_rt.tc | 6 +---- .../inter-event/trigger-action-hist-xfail.tc | 13 +-------- .../inter-event/trigger-field-variable-support.tc | 16 +---------- .../trigger-inter-event-combined-hist.tc | 16 +---------- .../inter-event/trigger-multi-actions-accept.tc | 16 +---------- .../inter-event/trigger-onchange-action-hist.tc | 8 +----- .../inter-event/trigger-onmatch-action-hist.tc | 16 +---------- .../trigger-onmatch-onmax-action-hist.tc | 16 +---------- .../inter-event/trigger-onmax-action-hist.tc | 16 +---------- .../inter-event/trigger-snapshot-action-hist.tc | 20 +------------- .../trigger-synthetic-event-createremove.tc | 11 +------- .../inter-event/trigger-synthetic-event-syntax.tc | 11 +------- .../inter-event/trigger-trace-action-hist.tc | 18 +------------ .../ftrace/test.d/trigger/trigger-eventonoff.tc | 11 +------- .../ftrace/test.d/trigger/trigger-filter.tc | 11 +------- .../ftrace/test.d/trigger/trigger-hist-mod.tc | 16 +---------- .../test.d/trigger/trigger-hist-syntax-errors.tc | 18 +------------ .../ftrace/test.d/trigger/trigger-hist.tc | 18 ++----------- .../ftrace/test.d/trigger/trigger-multihist.tc | 16 +---------- .../ftrace/test.d/trigger/trigger-snapshot.tc | 16 +---------- .../ftrace/test.d/trigger/trigger-stacktrace.tc | 13 ++------- .../test.d/trigger/trigger-trace-marker-hist.tc | 23 ++-------------- .../trigger/trigger-trace-marker-snapshot.tc | 23 ++-------------- .../trigger-trace-marker-synthetic-kernel.tc | 31 +--------------------- .../trigger/trigger-trace-marker-synthetic.tc | 26 +----------------- .../ftrace/test.d/trigger/trigger-traceonoff.tc | 11 +------- -- 80 files changed, 123 insertions(+), 637 deletions(-) --------------------------------------------------------------

4 years, 10 months

2
2
0 0

[GIT PULL] Kunit update for Linux 5.8-rc2

by Shuah Khan

Hi Linus, Please pull the Kunit update for Linux 5.8-rc12. This Kunit update for Linux 5.8-rc2 consists of: - Adds a generic kunit_resource API extending it to support resources that are passed in to kunit in addition kunit allocated resources. In addition, KUnit resources are now refcounted to avoid passed in resources being released while in use by kunit. - Add support for named resources. diff is attached. thanks, -- Shuah ---------------------------------------------------------------- The following changes since commit b3a9e3b9622ae10064826dccb4f7a52bd88c7407: Linux 5.8-rc1 (2020-06-14 12:45:04 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-kunit-5.8-rc2 for you to fetch changes up to 7bf200b3a4ac10b1b0376c70b8c66ed39eae7cdd: kunit: add support for named resources (2020-06-15 09:31:23 -0600) ---------------------------------------------------------------- linux-kselftest-kunit-5.8-rc2 This Kunit update for Linux 5.8-rc2 consists of: - Adds a generic kunit_resource API extending it to support resources that are passed in to kunit in addition kunit allocated resources. In addition, KUnit resources are now refcounted to avoid passed in resources being released while in use by kunit. - Add support for named resources. ---------------------------------------------------------------- Alan Maguire (2): kunit: generalize kunit_resource API beyond allocated resources kunit: add support for named resources include/kunit/test.h | 210 +++++++++++++++++++++++++++++++++++++++------- lib/kunit/kunit-test.c | 111 +++++++++++++++++++----- lib/kunit/string-stream.c | 14 ++-- lib/kunit/test.c | 171 ++++++++++++++++++++++--------------- 4 files changed, 380 insertions(+), 126 deletions(-) ----------------------------------------------------------------

4 years, 10 months

2
2
0 0

[PATCH] lib: kunit_test_overflow: add KUnit test of check_*_overflow functions

by Vitor Massaru Iha

This adds the convertion of the runtime tests of check_*_overflow fuctions, from `lib/test_overflow.c`to KUnit tests. The log similar to the one seen in dmesg running test_overflow can be seen in `test.log`. Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> --- lib/Kconfig.debug | 17 ++ lib/Makefile | 1 + lib/kunit_overflow_test.c | 590 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 608 insertions(+) create mode 100644 lib/kunit_overflow_test.c diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 1f4ab7a2bdee..72fcfe1f24a4 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2075,6 +2075,23 @@ config SYSCTL_KUNIT_TEST If unsure, say N. +config OVERFLOW_KUNIT_TEST + tristate "KUnit test for overflow" if !KUNIT_ALL_TESTS + depends on KUNIT + default KUNIT_ALL_TESTS + help + This builds the overflow KUnit tests. + + KUnit tests run during boot and output the results to the debug log + in TAP format (http://testanything.org/). Only useful for kernel devs + running KUnit test harness and are not for inclusion into a production + build. + + For more information on KUnit and unit tests in general please refer + to the KUnit documentation in Documentation/dev-tools/kunit/. + + If unsure, say N. + config LIST_KUNIT_TEST tristate "KUnit Test for Kernel Linked-list structures" if !KUNIT_ALL_TESTS depends on KUNIT diff --git a/lib/Makefile b/lib/Makefile index 685aee60de1d..a3290adc0019 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -309,3 +309,4 @@ obj-$(CONFIG_OBJAGG) += objagg.o # KUnit tests obj-$(CONFIG_LIST_KUNIT_TEST) += list-test.o +obj-$(CONFIG_OVERFLOW_KUNIT_TEST) += kunit_overflow_test.o diff --git a/lib/kunit_overflow_test.c b/lib/kunit_overflow_test.c new file mode 100644 index 000000000000..c3eb8f0d3d50 --- /dev/null +++ b/lib/kunit_overflow_test.c @@ -0,0 +1,590 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * This code is the conversion of the overflow test in runtime to KUnit tests. + */ + +/* + * Test cases for arithmetic overflow checks. + */ +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt + +#include <kunit/test.h> +#include <linux/device.h> +#include <linux/init.h> +#include <linux/mm.h> +#include <linux/overflow.h> +#include <linux/vmalloc.h> + +#define DEFINE_TEST_ARRAY(t) \ + static const struct test_ ## t { \ + t a, b; \ + t sum, diff, prod; \ + bool s_of, d_of, p_of; \ + } t ## _tests[] + +DEFINE_TEST_ARRAY(u8) = { + {0, 0, 0, 0, 0, false, false, false}, + {1, 1, 2, 0, 1, false, false, false}, + {0, 1, 1, U8_MAX, 0, false, true, false}, + {1, 0, 1, 1, 0, false, false, false}, + {0, U8_MAX, U8_MAX, 1, 0, false, true, false}, + {U8_MAX, 0, U8_MAX, U8_MAX, 0, false, false, false}, + {1, U8_MAX, 0, 2, U8_MAX, true, true, false}, + {U8_MAX, 1, 0, U8_MAX-1, U8_MAX, true, false, false}, + {U8_MAX, U8_MAX, U8_MAX-1, 0, 1, true, false, true}, + + {U8_MAX, U8_MAX-1, U8_MAX-2, 1, 2, true, false, true}, + {U8_MAX-1, U8_MAX, U8_MAX-2, U8_MAX, 2, true, true, true}, + + {1U << 3, 1U << 3, 1U << 4, 0, 1U << 6, false, false, false}, + {1U << 4, 1U << 4, 1U << 5, 0, 0, false, false, true}, + {1U << 4, 1U << 3, 3*(1U << 3), 1U << 3, 1U << 7, false, false, false}, + {1U << 7, 1U << 7, 0, 0, 0, true, false, true}, + + {48, 32, 80, 16, 0, false, false, true}, + {128, 128, 0, 0, 0, true, false, true}, + {123, 234, 101, 145, 110, true, true, true}, +}; + +DEFINE_TEST_ARRAY(u16) = { + {0, 0, 0, 0, 0, false, false, false}, + {1, 1, 2, 0, 1, false, false, false}, + {0, 1, 1, U16_MAX, 0, false, true, false}, + {1, 0, 1, 1, 0, false, false, false}, + {0, U16_MAX, U16_MAX, 1, 0, false, true, false}, + {U16_MAX, 0, U16_MAX, U16_MAX, 0, false, false, false}, + {1, U16_MAX, 0, 2, U16_MAX, true, true, false}, + {U16_MAX, 1, 0, U16_MAX-1, U16_MAX, true, false, false}, + {U16_MAX, U16_MAX, U16_MAX-1, 0, 1, true, false, true}, + + {U16_MAX, U16_MAX-1, U16_MAX-2, 1, 2, true, false, true}, + {U16_MAX-1, U16_MAX, U16_MAX-2, U16_MAX, 2, true, true, true}, + + {1U << 7, 1U << 7, 1U << 8, 0, 1U << 14, false, false, false}, + {1U << 8, 1U << 8, 1U << 9, 0, 0, false, false, true}, + {1U << 8, 1U << 7, 3*(1U << 7), 1U << 7, 1U << 15, false, false, false}, + {1U << 15, 1U << 15, 0, 0, 0, true, false, true}, + + {123, 234, 357, 65425, 28782, false, true, false}, + {1234, 2345, 3579, 64425, 10146, false, true, true}, +}; + +DEFINE_TEST_ARRAY(u32) = { + {0, 0, 0, 0, 0, false, false, false}, + {1, 1, 2, 0, 1, false, false, false}, + {0, 1, 1, U32_MAX, 0, false, true, false}, + {1, 0, 1, 1, 0, false, false, false}, + {0, U32_MAX, U32_MAX, 1, 0, false, true, false}, + {U32_MAX, 0, U32_MAX, U32_MAX, 0, false, false, false}, + {1, U32_MAX, 0, 2, U32_MAX, true, true, false}, + {U32_MAX, 1, 0, U32_MAX-1, U32_MAX, true, false, false}, + {U32_MAX, U32_MAX, U32_MAX-1, 0, 1, true, false, true}, + + {U32_MAX, U32_MAX-1, U32_MAX-2, 1, 2, true, false, true}, + {U32_MAX-1, U32_MAX, U32_MAX-2, U32_MAX, 2, true, true, true}, + + {1U << 15, 1U << 15, 1U << 16, 0, 1U << 30, false, false, false}, + {1U << 16, 1U << 16, 1U << 17, 0, 0, false, false, true}, + {1U << 16, 1U << 15, 3*(1U << 15), 1U << 15, 1U << 31, false, false, false}, + {1U << 31, 1U << 31, 0, 0, 0, true, false, true}, + + {-2U, 1U, -1U, -3U, -2U, false, false, false}, + {-4U, 5U, 1U, -9U, -20U, true, false, true}, +}; + +DEFINE_TEST_ARRAY(u64) = { + {0, 0, 0, 0, 0, false, false, false}, + {1, 1, 2, 0, 1, false, false, false}, + {0, 1, 1, U64_MAX, 0, false, true, false}, + {1, 0, 1, 1, 0, false, false, false}, + {0, U64_MAX, U64_MAX, 1, 0, false, true, false}, + {U64_MAX, 0, U64_MAX, U64_MAX, 0, false, false, false}, + {1, U64_MAX, 0, 2, U64_MAX, true, true, false}, + {U64_MAX, 1, 0, U64_MAX-1, U64_MAX, true, false, false}, + {U64_MAX, U64_MAX, U64_MAX-1, 0, 1, true, false, true}, + + {U64_MAX, U64_MAX-1, U64_MAX-2, 1, 2, true, false, true}, + {U64_MAX-1, U64_MAX, U64_MAX-2, U64_MAX, 2, true, true, true}, + + {1ULL << 31, 1ULL << 31, 1ULL << 32, 0, 1ULL << 62, false, false, false}, + {1ULL << 32, 1ULL << 32, 1ULL << 33, 0, 0, false, false, true}, + {1ULL << 32, 1ULL << 31, 3*(1ULL << 31), 1ULL << 31, 1ULL << 63, false, false, false}, + {1ULL << 63, 1ULL << 63, 0, 0, 0, true, false, true}, + {1000000000ULL /* 10^9 */, 10000000000ULL /* 10^10 */, + 11000000000ULL, 18446744064709551616ULL, 10000000000000000000ULL, + false, true, false}, + {-15ULL, 10ULL, -5ULL, -25ULL, -150ULL, false, false, true}, +}; + +DEFINE_TEST_ARRAY(s8) = { + {0, 0, 0, 0, 0, false, false, false}, + + {0, S8_MAX, S8_MAX, -S8_MAX, 0, false, false, false}, + {S8_MAX, 0, S8_MAX, S8_MAX, 0, false, false, false}, + {0, S8_MIN, S8_MIN, S8_MIN, 0, false, true, false}, + {S8_MIN, 0, S8_MIN, S8_MIN, 0, false, false, false}, + + {-1, S8_MIN, S8_MAX, S8_MAX, S8_MIN, true, false, true}, + {S8_MIN, -1, S8_MAX, -S8_MAX, S8_MIN, true, false, true}, + {-1, S8_MAX, S8_MAX-1, S8_MIN, -S8_MAX, false, false, false}, + {S8_MAX, -1, S8_MAX-1, S8_MIN, -S8_MAX, false, true, false}, + {-1, -S8_MAX, S8_MIN, S8_MAX-1, S8_MAX, false, false, false}, + {-S8_MAX, -1, S8_MIN, S8_MIN+2, S8_MAX, false, false, false}, + + {1, S8_MIN, -S8_MAX, -S8_MAX, S8_MIN, false, true, false}, + {S8_MIN, 1, -S8_MAX, S8_MAX, S8_MIN, false, true, false}, + {1, S8_MAX, S8_MIN, S8_MIN+2, S8_MAX, true, false, false}, + {S8_MAX, 1, S8_MIN, S8_MAX-1, S8_MAX, true, false, false}, + + {S8_MIN, S8_MIN, 0, 0, 0, true, false, true}, + {S8_MAX, S8_MAX, -2, 0, 1, true, false, true}, + + {-4, -32, -36, 28, -128, false, false, true}, + {-4, 32, 28, -36, -128, false, false, false}, +}; + +DEFINE_TEST_ARRAY(s16) = { + {0, 0, 0, 0, 0, false, false, false}, + + {0, S16_MAX, S16_MAX, -S16_MAX, 0, false, false, false}, + {S16_MAX, 0, S16_MAX, S16_MAX, 0, false, false, false}, + {0, S16_MIN, S16_MIN, S16_MIN, 0, false, true, false}, + {S16_MIN, 0, S16_MIN, S16_MIN, 0, false, false, false}, + + {-1, S16_MIN, S16_MAX, S16_MAX, S16_MIN, true, false, true}, + {S16_MIN, -1, S16_MAX, -S16_MAX, S16_MIN, true, false, true}, + {-1, S16_MAX, S16_MAX-1, S16_MIN, -S16_MAX, false, false, false}, + {S16_MAX, -1, S16_MAX-1, S16_MIN, -S16_MAX, false, true, false}, + {-1, -S16_MAX, S16_MIN, S16_MAX-1, S16_MAX, false, false, false}, + {-S16_MAX, -1, S16_MIN, S16_MIN+2, S16_MAX, false, false, false}, + + {1, S16_MIN, -S16_MAX, -S16_MAX, S16_MIN, false, true, false}, + {S16_MIN, 1, -S16_MAX, S16_MAX, S16_MIN, false, true, false}, + {1, S16_MAX, S16_MIN, S16_MIN+2, S16_MAX, true, false, false}, + {S16_MAX, 1, S16_MIN, S16_MAX-1, S16_MAX, true, false, false}, + + {S16_MIN, S16_MIN, 0, 0, 0, true, false, true}, + {S16_MAX, S16_MAX, -2, 0, 1, true, false, true}, +}; + +DEFINE_TEST_ARRAY(s32) = { + {0, 0, 0, 0, 0, false, false, false}, + + {0, S32_MAX, S32_MAX, -S32_MAX, 0, false, false, false}, + {S32_MAX, 0, S32_MAX, S32_MAX, 0, false, false, false}, + {0, S32_MIN, S32_MIN, S32_MIN, 0, false, true, false}, + {S32_MIN, 0, S32_MIN, S32_MIN, 0, false, false, false}, + + {-1, S32_MIN, S32_MAX, S32_MAX, S32_MIN, true, false, true}, + {S32_MIN, -1, S32_MAX, -S32_MAX, S32_MIN, true, false, true}, + {-1, S32_MAX, S32_MAX-1, S32_MIN, -S32_MAX, false, false, false}, + {S32_MAX, -1, S32_MAX-1, S32_MIN, -S32_MAX, false, true, false}, + {-1, -S32_MAX, S32_MIN, S32_MAX-1, S32_MAX, false, false, false}, + {-S32_MAX, -1, S32_MIN, S32_MIN+2, S32_MAX, false, false, false}, + + {1, S32_MIN, -S32_MAX, -S32_MAX, S32_MIN, false, true, false}, + {S32_MIN, 1, -S32_MAX, S32_MAX, S32_MIN, false, true, false}, + {1, S32_MAX, S32_MIN, S32_MIN+2, S32_MAX, true, false, false}, + {S32_MAX, 1, S32_MIN, S32_MAX-1, S32_MAX, true, false, false}, + + {S32_MIN, S32_MIN, 0, 0, 0, true, false, true}, + {S32_MAX, S32_MAX, -2, 0, 1, true, false, true}, +}; + +DEFINE_TEST_ARRAY(s64) = { + {0, 0, 0, 0, 0, false, false, false}, + + {0, S64_MAX, S64_MAX, -S64_MAX, 0, false, false, false}, + {S64_MAX, 0, S64_MAX, S64_MAX, 0, false, false, false}, + {0, S64_MIN, S64_MIN, S64_MIN, 0, false, true, false}, + {S64_MIN, 0, S64_MIN, S64_MIN, 0, false, false, false}, + + {-1, S64_MIN, S64_MAX, S64_MAX, S64_MIN, true, false, true}, + {S64_MIN, -1, S64_MAX, -S64_MAX, S64_MIN, true, false, true}, + {-1, S64_MAX, S64_MAX-1, S64_MIN, -S64_MAX, false, false, false}, + {S64_MAX, -1, S64_MAX-1, S64_MIN, -S64_MAX, false, true, false}, + {-1, -S64_MAX, S64_MIN, S64_MAX-1, S64_MAX, false, false, false}, + {-S64_MAX, -1, S64_MIN, S64_MIN+2, S64_MAX, false, false, false}, + + {1, S64_MIN, -S64_MAX, -S64_MAX, S64_MIN, false, true, false}, + {S64_MIN, 1, -S64_MAX, S64_MAX, S64_MIN, false, true, false}, + {1, S64_MAX, S64_MIN, S64_MIN+2, S64_MAX, true, false, false}, + {S64_MAX, 1, S64_MIN, S64_MAX-1, S64_MAX, true, false, false}, + + {S64_MIN, S64_MIN, 0, 0, 0, true, false, true}, + {S64_MAX, S64_MAX, -2, 0, 1, true, false, true}, + + {-1, -1, -2, 0, 1, false, false, false}, + {-1, -128, -129, 127, 128, false, false, false}, + {-128, -1, -129, -127, 128, false, false, false}, + {0, -S64_MAX, -S64_MAX, S64_MAX, 0, false, false, false}, +}; + +#define check_one_op(test, t, fmt, op, sym, a, b, r, of) do { \ + t _r; \ + bool _of; \ + \ + _of = check_ ## op ## _overflow(a, b, &_r); \ + if (_of != of) { \ + KUNIT_FAIL(test, "Expected "fmt" "sym" "fmt \ + " to%s overflow (type %s)\n", \ + a, b, of ? "" : " not", #t); \ + } \ + if (_r != r) { \ + KUNIT_FAIL(test, "Expected "fmt" "sym" "fmt" == " \ + fmt", got "fmt" (type %s)\n", \ + a, b, r, _r, #t); \ + } \ +} while (0) + +#define DEFINE_TEST_FUNC(test, t, fmt) \ +static void do_test_ ## t(struct kunit *test, const struct test_ ## t *p) \ +{ \ + check_one_op(test, t, fmt, add, "+", p->a, p->b, p->sum, p->s_of); \ + check_one_op(test, t, fmt, add, "+", p->b, p->a, p->sum, p->s_of); \ + check_one_op(test, t, fmt, sub, "-", p->a, p->b, p->diff, p->d_of); \ + check_one_op(test, t, fmt, mul, "*", p->a, p->b, p->prod, p->p_of); \ + check_one_op(test, t, fmt, mul, "*", p->b, p->a, p->prod, p->p_of); \ +} \ + \ +static void test_ ## t ## _overflow(struct kunit *test) \ +{ \ + unsigned i; \ + \ + kunit_warn(test, "%-3s: %zu arithmetic tests\n", #t, \ + ARRAY_SIZE(t ## _tests)); \ + for (i = 0; i < ARRAY_SIZE(t ## _tests); ++i) \ + do_test_ ## t(test, &t ## _tests[i]); \ +} + +DEFINE_TEST_FUNC(test, u8, "%d"); +DEFINE_TEST_FUNC(test, s8, "%d"); +DEFINE_TEST_FUNC(test, u16, "%d"); +DEFINE_TEST_FUNC(test, s16, "%d"); +DEFINE_TEST_FUNC(test, u32, "%u"); +DEFINE_TEST_FUNC(test, s32, "%d"); +#if BITS_PER_LONG == 64 +DEFINE_TEST_FUNC(test, u64, "%llu"); +DEFINE_TEST_FUNC(test, s64, "%lld"); +#endif + +static void overflow_calculation_test(struct kunit *test) +{ + + test_u8_overflow(test); + test_s8_overflow(test); + test_s8_overflow(test); + test_u16_overflow(test); + test_s16_overflow(test); + test_u32_overflow(test); + test_s32_overflow(test); +#if BITS_PER_LONG == 64 + test_u64_overflow(test); + test_s64_overflow(test); +#endif +} + +static void overflow_shift_test(struct kunit *test) +{ +/* Args are: value, shift, type, expected result, overflow expected */ +#define TEST_ONE_SHIFT(a, s, t, expect, of) ({ \ + int __failed = 0; \ + typeof(a) __a = (a); \ + typeof(s) __s = (s); \ + t __e = (expect); \ + t __d; \ + bool __of = check_shl_overflow(__a, __s, &__d); \ + if (__of != of) { \ + KUNIT_FAIL(test, "Expected (%s)(%s << %s) to%s overflow\n", \ + #t, #a, #s, of ? "" : " not"); \ + __failed = 1; \ + } else if (!__of && __d != __e) { \ + KUNIT_FAIL(test, "Expected (%s)(%s << %s) == %s\n", \ + #t, #a, #s, #expect); \ + if ((t)-1 < 0) \ + KUNIT_FAIL(test, "got %lld\n", (s64)__d); \ + else \ + KUNIT_FAIL(test, "got %llu\n", (u64)__d); \ + __failed = 1; \ + } \ + if (!__failed) \ + kunit_info(test, "ok: (%s)(%s << %s) == %s\n", #t, #a, #s, \ + of ? "overflow" : #expect); \ + __failed; \ +}) + + /* Sane shifts. */ + TEST_ONE_SHIFT(1, 0, u8, 1 << 0, false); + TEST_ONE_SHIFT(1, 4, u8, 1 << 4, false); + TEST_ONE_SHIFT(1, 7, u8, 1 << 7, false); + TEST_ONE_SHIFT(0xF, 4, u8, 0xF << 4, false); + TEST_ONE_SHIFT(1, 0, u16, 1 << 0, false); + TEST_ONE_SHIFT(1, 10, u16, 1 << 10, false); + TEST_ONE_SHIFT(1, 15, u16, 1 << 15, false); + TEST_ONE_SHIFT(0xFF, 8, u16, 0xFF << 8, false); + TEST_ONE_SHIFT(1, 0, int, 1 << 0, false); + TEST_ONE_SHIFT(1, 16, int, 1 << 16, false); + TEST_ONE_SHIFT(1, 30, int, 1 << 30, false); + TEST_ONE_SHIFT(1, 0, s32, 1 << 0, false); + TEST_ONE_SHIFT(1, 16, s32, 1 << 16, false); + TEST_ONE_SHIFT(1, 30, s32, 1 << 30, false); + TEST_ONE_SHIFT(1, 0, unsigned int, 1U << 0, false); + TEST_ONE_SHIFT(1, 20, unsigned int, 1U << 20, false); + TEST_ONE_SHIFT(1, 31, unsigned int, 1U << 31, false); + TEST_ONE_SHIFT(0xFFFFU, 16, unsigned int, 0xFFFFU << 16, false); + TEST_ONE_SHIFT(1, 0, u32, 1U << 0, false); + TEST_ONE_SHIFT(1, 20, u32, 1U << 20, false); + TEST_ONE_SHIFT(1, 31, u32, 1U << 31, false); + TEST_ONE_SHIFT(0xFFFFU, 16, u32, 0xFFFFU << 16, false); + TEST_ONE_SHIFT(1, 0, u64, 1ULL << 0, false); + TEST_ONE_SHIFT(1, 40, u64, 1ULL << 40, false); + TEST_ONE_SHIFT(1, 63, u64, 1ULL << 63, false); + TEST_ONE_SHIFT(0xFFFFFFFFULL, 32, u64, + 0xFFFFFFFFULL << 32, false); + + /* Sane shift: start and end with 0, without a too-wide shift. */ + TEST_ONE_SHIFT(0, 7, u8, 0, false); + TEST_ONE_SHIFT(0, 15, u16, 0, false); + TEST_ONE_SHIFT(0, 31, unsigned int, 0, false); + TEST_ONE_SHIFT(0, 31, u32, 0, false); + TEST_ONE_SHIFT(0, 63, u64, 0, false); + + /* Sane shift: start and end with 0, without reaching signed bit. */ + TEST_ONE_SHIFT(0, 6, s8, 0, false); + TEST_ONE_SHIFT(0, 14, s16, 0, false); + TEST_ONE_SHIFT(0, 30, int, 0, false); + TEST_ONE_SHIFT(0, 30, s32, 0, false); + TEST_ONE_SHIFT(0, 62, s64, 0, false); + + /* Overflow: shifted the bit off the end. */ + TEST_ONE_SHIFT(1, 8, u8, 0, true); + TEST_ONE_SHIFT(1, 16, u16, 0, true); + TEST_ONE_SHIFT(1, 32, unsigned int, 0, true); + TEST_ONE_SHIFT(1, 32, u32, 0, true); + TEST_ONE_SHIFT(1, 64, u64, 0, true); + + /* Overflow: shifted into the signed bit. */ + TEST_ONE_SHIFT(1, 7, s8, 0, true); + TEST_ONE_SHIFT(1, 15, s16, 0, true); + TEST_ONE_SHIFT(1, 31, int, 0, true); + TEST_ONE_SHIFT(1, 31, s32, 0, true); + TEST_ONE_SHIFT(1, 63, s64, 0, true); + + /* Overflow: high bit falls off unsigned types. */ + /* 10010110 */ + TEST_ONE_SHIFT(150, 1, u8, 0, true); + /* 1000100010010110 */ + TEST_ONE_SHIFT(34966, 1, u16, 0, true); + /* 10000100000010001000100010010110 */ + TEST_ONE_SHIFT(2215151766U, 1, u32, 0, true); + TEST_ONE_SHIFT(2215151766U, 1, unsigned int, 0, true); + /* 1000001000010000010000000100000010000100000010001000100010010110 */ + TEST_ONE_SHIFT(9372061470395238550ULL, 1, u64, 0, true); + + /* Overflow: bit shifted into signed bit on signed types. */ + /* 01001011 */ + TEST_ONE_SHIFT(75, 1, s8, 0, true); + /* 0100010001001011 */ + TEST_ONE_SHIFT(17483, 1, s16, 0, true); + /* 01000010000001000100010001001011 */ + TEST_ONE_SHIFT(1107575883, 1, s32, 0, true); + TEST_ONE_SHIFT(1107575883, 1, int, 0, true); + /* 0100000100001000001000000010000001000010000001000100010001001011 */ + TEST_ONE_SHIFT(4686030735197619275LL, 1, s64, 0, true); + + /* Overflow: bit shifted past signed bit on signed types. */ + /* 01001011 */ + TEST_ONE_SHIFT(75, 2, s8, 0, true); + /* 0100010001001011 */ + TEST_ONE_SHIFT(17483, 2, s16, 0, true); + /* 01000010000001000100010001001011 */ + TEST_ONE_SHIFT(1107575883, 2, s32, 0, true); + TEST_ONE_SHIFT(1107575883, 2, int, 0, true); + /* 0100000100001000001000000010000001000010000001000100010001001011 */ + TEST_ONE_SHIFT(4686030735197619275LL, 2, s64, 0, true); + + /* Overflow: values larger than destination type. */ + TEST_ONE_SHIFT(0x100, 0, u8, 0, true); + TEST_ONE_SHIFT(0xFF, 0, s8, 0, true); + TEST_ONE_SHIFT(0x10000U, 0, u16, 0, true); + TEST_ONE_SHIFT(0xFFFFU, 0, s16, 0, true); + TEST_ONE_SHIFT(0x100000000ULL, 0, u32, 0, true); + TEST_ONE_SHIFT(0x100000000ULL, 0, unsigned int, 0, true); + TEST_ONE_SHIFT(0xFFFFFFFFUL, 0, s32, 0, true); + TEST_ONE_SHIFT(0xFFFFFFFFUL, 0, int, 0, true); + TEST_ONE_SHIFT(0xFFFFFFFFFFFFFFFFULL, 0, s64, 0, true); + + /* Nonsense: negative initial value. */ + TEST_ONE_SHIFT(-1, 0, s8, 0, true); + TEST_ONE_SHIFT(-1, 0, u8, 0, true); + TEST_ONE_SHIFT(-5, 0, s16, 0, true); + TEST_ONE_SHIFT(-5, 0, u16, 0, true); + TEST_ONE_SHIFT(-10, 0, int, 0, true); + TEST_ONE_SHIFT(-10, 0, unsigned int, 0, true); + TEST_ONE_SHIFT(-100, 0, s32, 0, true); + TEST_ONE_SHIFT(-100, 0, u32, 0, true); + TEST_ONE_SHIFT(-10000, 0, s64, 0, true); + TEST_ONE_SHIFT(-10000, 0, u64, 0, true); + + /* Nonsense: negative shift values. */ + TEST_ONE_SHIFT(0, -5, s8, 0, true); + TEST_ONE_SHIFT(0, -5, u8, 0, true); + TEST_ONE_SHIFT(0, -10, s16, 0, true); + TEST_ONE_SHIFT(0, -10, u16, 0, true); + TEST_ONE_SHIFT(0, -15, int, 0, true); + TEST_ONE_SHIFT(0, -15, unsigned int, 0, true); + TEST_ONE_SHIFT(0, -20, s32, 0, true); + TEST_ONE_SHIFT(0, -20, u32, 0, true); + TEST_ONE_SHIFT(0, -30, s64, 0, true); + TEST_ONE_SHIFT(0, -30, u64, 0, true); + + /* Overflow: shifted at or beyond entire type's bit width. */ + TEST_ONE_SHIFT(0, 8, u8, 0, true); + TEST_ONE_SHIFT(0, 9, u8, 0, true); + TEST_ONE_SHIFT(0, 8, s8, 0, true); + TEST_ONE_SHIFT(0, 9, s8, 0, true); + TEST_ONE_SHIFT(0, 16, u16, 0, true); + TEST_ONE_SHIFT(0, 17, u16, 0, true); + TEST_ONE_SHIFT(0, 16, s16, 0, true); + TEST_ONE_SHIFT(0, 17, s16, 0, true); + TEST_ONE_SHIFT(0, 32, u32, 0, true); + TEST_ONE_SHIFT(0, 33, u32, 0, true); + TEST_ONE_SHIFT(0, 32, int, 0, true); + TEST_ONE_SHIFT(0, 33, int, 0, true); + TEST_ONE_SHIFT(0, 32, s32, 0, true); + TEST_ONE_SHIFT(0, 33, s32, 0, true); + TEST_ONE_SHIFT(0, 64, u64, 0, true); + TEST_ONE_SHIFT(0, 65, u64, 0, true); + TEST_ONE_SHIFT(0, 64, s64, 0, true); + TEST_ONE_SHIFT(0, 65, s64, 0, true); + + /* + * Corner case: for unsigned types, we fail when we've shifted + * through the entire width of bits. For signed types, we might + * want to match this behavior, but that would mean noticing if + * we shift through all but the signed bit, and this is not + * currently detected (but we'll notice an overflow into the + * signed bit). So, for now, we will test this condition but + * mark it as not expected to overflow. + */ + TEST_ONE_SHIFT(0, 7, s8, 0, false); + TEST_ONE_SHIFT(0, 15, s16, 0, false); + TEST_ONE_SHIFT(0, 31, int, 0, false); + TEST_ONE_SHIFT(0, 31, s32, 0, false); + TEST_ONE_SHIFT(0, 63, s64, 0, false); +} + +/* + * Deal with the various forms of allocator arguments. See comments above + * the DEFINE_TEST_ALLOC() instances for mapping of the "bits". + */ +#define alloc_GFP (GFP_KERNEL | __GFP_NOWARN) +#define alloc010(alloc, arg, sz) alloc(sz, alloc_GFP) +#define alloc011(alloc, arg, sz) alloc(sz, alloc_GFP, NUMA_NO_NODE) +#define alloc000(alloc, arg, sz) alloc(sz) +#define alloc001(alloc, arg, sz) alloc(sz, NUMA_NO_NODE) +#define alloc110(alloc, arg, sz) alloc(arg, sz, alloc_GFP) +#define free0(free, arg, ptr) free(ptr) +#define free1(free, arg, ptr) free(arg, ptr) + +/* Wrap around to 16K */ +#define TEST_SIZE (5 * 4096) + +#define DEFINE_TEST_ALLOC(test, func, free_func, want_arg, want_gfp, want_node) \ +static void test_ ## func (struct kunit *test, void *arg) \ +{ \ + volatile size_t a = TEST_SIZE; \ + volatile size_t b = (SIZE_MAX / TEST_SIZE) + 1; \ + void *ptr; \ + \ + /* Tiny allocation test. */ \ + ptr = alloc ## want_arg ## want_gfp ## want_node (func, arg, 1); \ + KUNIT_EXPECT_NOT_ERR_OR_NULL(test, ptr); \ + if (!ptr) { \ + kunit_err(test, #func " failed regular allocation?!\n"); \ + } \ + free ## want_arg (free_func, arg, ptr); \ + \ + /* Wrapped allocation test. */ \ + ptr = alloc ## want_arg ## want_gfp ## want_node (func, arg, a * b); \ + KUNIT_EXPECT_NOT_ERR_OR_NULL(test, ptr); \ + if (!ptr) { \ + kunit_err(test, #func " unexpectedly failed bad wrapping?!\n"); \ + } \ + free ## want_arg (free_func, arg, ptr); \ + \ + /* Saturated allocation test. */ \ + ptr = alloc ## want_arg ## want_gfp ## want_node (func, arg, \ + array_size(a, b)); \ + KUNIT_ASSERT_TRUE(test, IS_ERR_OR_NULL(ptr)); \ + if (ptr) { \ + kunit_err(test, #func " missed saturation!\n"); \ + free ## want_arg (free_func, arg, ptr); \ + } \ + kunit_info(test, #func " detected saturation\n"); \ +} + +/* + * Allocator uses a trailing node argument -------------------+ (e.g. kmalloc_node()) + * Allocator uses the gfp_t argument ----------------------+ | (e.g. kmalloc()) + * Allocator uses a special leading argument -----------+ | | (e.g. devm_kmalloc()) + * | | | + */ +DEFINE_TEST_ALLOC(test, kmalloc, kfree, 0, 1, 0); +DEFINE_TEST_ALLOC(test, kmalloc_node, kfree, 0, 1, 1); +DEFINE_TEST_ALLOC(test, kzalloc, kfree, 0, 1, 0); +DEFINE_TEST_ALLOC(test, kzalloc_node, kfree, 0, 1, 1); +DEFINE_TEST_ALLOC(test, vmalloc, vfree, 0, 0, 0); +DEFINE_TEST_ALLOC(test, vmalloc_node, vfree, 0, 0, 1); +DEFINE_TEST_ALLOC(test, vzalloc, vfree, 0, 0, 0); +DEFINE_TEST_ALLOC(test, vzalloc_node, vfree, 0, 0, 1); +DEFINE_TEST_ALLOC(test, kvmalloc, kvfree, 0, 1, 0); +DEFINE_TEST_ALLOC(test, kvmalloc_node, kvfree, 0, 1, 1); +DEFINE_TEST_ALLOC(test, kvzalloc, kvfree, 0, 1, 0); +DEFINE_TEST_ALLOC(test, kvzalloc_node, kvfree, 0, 1, 1); +DEFINE_TEST_ALLOC(test, devm_kmalloc, devm_kfree, 1, 1, 0); +DEFINE_TEST_ALLOC(test, devm_kzalloc, devm_kfree, 1, 1, 0); + +static void overflow_allocation_test(struct kunit *test) +{ + const char device_name[] = "overflow-test"; + struct device *dev; + + /* Create dummy device for devm_kmalloc()-family tests. */ + dev = root_device_register(device_name); + if (IS_ERR(dev)) + kunit_warn(test, "Cannot register test device\n"); + + test_kmalloc(test, NULL); + test_kmalloc_node(test, NULL); + test_kzalloc(test, NULL); + test_kzalloc_node(test, NULL); + test_kvmalloc(test, NULL); + test_kvmalloc_node(test, NULL); + test_kvzalloc(test, NULL); + test_kvzalloc_node(test, NULL); + test_vmalloc(test, NULL); + test_vmalloc_node(test, NULL); + test_vzalloc(test, NULL); + test_vzalloc_node(test, NULL); + test_devm_kmalloc(test, dev); + test_devm_kzalloc(test, dev); + + device_unregister(dev); +} + +static struct kunit_case overflow_test_cases[] = { + KUNIT_CASE(overflow_calculation_test), + KUNIT_CASE(overflow_shift_test), + KUNIT_CASE(overflow_allocation_test), + {} +}; + +static struct kunit_suite overflow_test_suite = { + .name = "overflow", + .test_cases = overflow_test_cases, +}; + +kunit_test_suites(&overflow_test_suite); + +MODULE_LICENSE("GPL v2"); -- 2.26.2

4 years, 10 months

5
15
0 0

[PATCH v3 0/7] selftsts/ftrace: Add requires list for each test case

by Masami Hiramatsu

Hi, Here is the 3rd version of the series of "requires:" list for simplifying and unifying requirement checks for each test case. The previous version is here. https://lkml.kernel.org/r/159108888259.42416.547252366885528860.stgit@devno… I've fixed a comment in the template file in this version. In short, this series introduces "requires:" line instead of checking required ftrace interfaces in each test case. The requires line supports following checks - tracefs interface check: Check whether the given file or directory in the tracefs. (No suffix) [3/7],[4/7],[5/7] - available tracer check: Check whether the given tracer is available (":tracer" suffix) [6/7] - README feature check: Check whether the given string is in the README (":README" suffix) [7/7] This series also includes the description line fix and unresolved -> unsupported change ([1/7] and [2/7]). Since this series depends on following 2 commits, commit 619ee76f5c9f ("selftests/ftrace: Return unsupported if no error_log file") on Shuah's Kselftest tree commit bea24f766efc ("selftests/ftrace: Distinguish between hist and synthetic event checks") on Steven's Tracing tree This can be applied on the tree which merged both of them. Also, you can get the series from the following. git://git.kernel.org/pub/scm/linux/kernel/git/mhiramat/linux.git ftracetest-requires-v3 Thank you, --- Masami Hiramatsu (7): selftests/ftrace: Allow ":" in description selftests/ftrace: Return unsupported for the unconfigured features selftests/ftrace: Add "requires:" list support selftests/ftrace: Convert required interface checks into requires list selftests/ftrace: Convert check_filter_file() with requires list selftests/ftrace: Support ":tracer" suffix for requires selftests/ftrace: Support ":README" suffix for requires tools/testing/selftests/ftrace/ftracetest | 11 ++++++- .../selftests/ftrace/test.d/00basic/snapshot.tc | 3 +- .../selftests/ftrace/test.d/00basic/trace_pipe.tc | 3 +- .../ftrace/test.d/direct/kprobe-direct.tc | 6 +--- .../ftrace/test.d/dynevent/add_remove_kprobe.tc | 6 +--- .../ftrace/test.d/dynevent/add_remove_synth.tc | 5 +-- .../ftrace/test.d/dynevent/clear_select_events.tc | 11 +------ .../ftrace/test.d/dynevent/generic_clear_event.tc | 8 +---- .../selftests/ftrace/test.d/event/event-enable.tc | 6 +--- .../selftests/ftrace/test.d/event/event-no-pid.tc | 11 +------ .../selftests/ftrace/test.d/event/event-pid.tc | 11 +------ .../ftrace/test.d/event/subsystem-enable.tc | 6 +--- .../ftrace/test.d/event/toplevel-enable.tc | 6 +--- .../ftrace/test.d/ftrace/fgraph-filter-stack.tc | 14 +-------- .../ftrace/test.d/ftrace/fgraph-filter.tc | 8 +---- .../ftrace/test.d/ftrace/func-filter-glob.tc | 8 +---- .../test.d/ftrace/func-filter-notrace-pid.tc | 13 +------- .../ftrace/test.d/ftrace/func-filter-pid.tc | 13 +------- .../ftrace/test.d/ftrace/func-filter-stacktrace.tc | 3 +- .../selftests/ftrace/test.d/ftrace/func_cpumask.tc | 6 +--- .../ftrace/test.d/ftrace/func_event_triggers.tc | 7 ++--- .../ftrace/test.d/ftrace/func_mod_trace.tc | 3 +- .../ftrace/test.d/ftrace/func_profile_stat.tc | 3 +- .../ftrace/test.d/ftrace/func_profiler.tc | 12 +------- .../ftrace/test.d/ftrace/func_set_ftrace_file.tc | 6 ++-- .../ftrace/test.d/ftrace/func_stack_tracer.tc | 8 +---- .../test.d/ftrace/func_traceonoff_triggers.tc | 6 ++-- .../ftrace/test.d/ftrace/tracing-error-log.tc | 12 ++------ tools/testing/selftests/ftrace/test.d/functions | 28 ++++++++++++++---- .../ftrace/test.d/instances/instance-event.tc | 6 +--- .../selftests/ftrace/test.d/instances/instance.tc | 6 +--- .../ftrace/test.d/kprobe/add_and_remove.tc | 3 +- .../selftests/ftrace/test.d/kprobe/busy_check.tc | 3 +- .../selftests/ftrace/test.d/kprobe/kprobe_args.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_args_comm.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_args_string.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_args_symbol.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_args_syntax.tc | 5 +-- .../ftrace/test.d/kprobe/kprobe_args_type.tc | 5 +-- .../ftrace/test.d/kprobe/kprobe_args_user.tc | 4 +-- .../ftrace/test.d/kprobe/kprobe_eventname.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_ftrace.tc | 6 +--- .../ftrace/test.d/kprobe/kprobe_module.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_multiprobe.tc | 5 +-- .../ftrace/test.d/kprobe/kprobe_syntax_errors.tc | 5 +-- .../ftrace/test.d/kprobe/kretprobe_args.tc | 3 +- .../ftrace/test.d/kprobe/kretprobe_maxactive.tc | 4 +-- .../ftrace/test.d/kprobe/multiple_kprobes.tc | 3 +- .../selftests/ftrace/test.d/kprobe/probepoint.tc | 3 +- .../selftests/ftrace/test.d/kprobe/profile.tc | 3 +- .../ftrace/test.d/kprobe/uprobe_syntax_errors.tc | 5 +-- .../ftrace/test.d/preemptirq/irqsoff_tracer.tc | 4 +-- tools/testing/selftests/ftrace/test.d/template | 4 +++ .../selftests/ftrace/test.d/tracer/wakeup.tc | 6 +--- .../selftests/ftrace/test.d/tracer/wakeup_rt.tc | 6 +--- .../inter-event/trigger-action-hist-xfail.tc | 13 +------- .../inter-event/trigger-field-variable-support.tc | 16 +--------- .../trigger-inter-event-combined-hist.tc | 16 +--------- .../inter-event/trigger-multi-actions-accept.tc | 16 +--------- .../inter-event/trigger-onchange-action-hist.tc | 8 +---- .../inter-event/trigger-onmatch-action-hist.tc | 16 +--------- .../trigger-onmatch-onmax-action-hist.tc | 16 +--------- .../inter-event/trigger-onmax-action-hist.tc | 16 +--------- .../inter-event/trigger-snapshot-action-hist.tc | 20 +------------ .../trigger-synthetic-event-createremove.tc | 11 +------ .../inter-event/trigger-synthetic-event-syntax.tc | 11 +------ .../inter-event/trigger-trace-action-hist.tc | 18 +----------- .../ftrace/test.d/trigger/trigger-eventonoff.tc | 11 +------ .../ftrace/test.d/trigger/trigger-filter.tc | 11 +------ .../ftrace/test.d/trigger/trigger-hist-mod.tc | 16 +--------- .../test.d/trigger/trigger-hist-syntax-errors.tc | 18 +----------- .../ftrace/test.d/trigger/trigger-hist.tc | 16 +--------- .../ftrace/test.d/trigger/trigger-multihist.tc | 16 +--------- .../ftrace/test.d/trigger/trigger-snapshot.tc | 16 +--------- .../ftrace/test.d/trigger/trigger-stacktrace.tc | 11 +------ .../test.d/trigger/trigger-trace-marker-hist.tc | 21 +------------- .../trigger/trigger-trace-marker-snapshot.tc | 21 +------------- .../trigger-trace-marker-synthetic-kernel.tc | 31 +------------------- .../trigger/trigger-trace-marker-synthetic.tc | 26 +---------------- .../ftrace/test.d/trigger/trigger-traceonoff.tc | 11 +------ 80 files changed, 119 insertions(+), 633 deletions(-) -- Masami Hiramatsu (Linaro) <mhiramat(a)kernel.org>

4 years, 10 months

3
16
0 0

[PATCH v3 0/3] selftests/livepatch: small script cleanups

by Joe Lawrence

Hi Petr, Given the realization about kernel log timestamps and partial log comparison with v2, I respun a final version dropping the dmesg --notime patch, fixed any rebase conflicts, and added a comment per your suggestion. I copied all the ack and review tags from v2 since the patchset is unchanged otherwise. Hopefully this v3 minimizes any maintainer fiddling on your end. I did iterate through the patches and verified that I could run each multiple times without the dmesg comparison getting confused. Thanks, -- Joe v3: - when modifying the dmesg comparision to select only new messages in patch 1, add a comment explaining the importance of timestamps to accurately pick from where the log left off at start_test [pmladek] - since Petr determined that the timestamps were in fact very important to maintain for the dmesg / diff comparision, drop the patch which added --notime to dmesg invocations [pmladek] - update the comparision regex filter for 'livepatch:' now that it's going to be prefixed by '[timestamp] ' and no longer at the start of the buffer line. This part of the log comparison should now be unmodified by the patchset. Joe Lawrence (3): selftests/livepatch: Don't clear dmesg when running tests selftests/livepatch: refine dmesg 'taints' in dmesg comparison selftests/livepatch: add test delimiter to dmesg tools/testing/selftests/livepatch/README | 16 +++--- .../testing/selftests/livepatch/functions.sh | 37 ++++++++++++- .../selftests/livepatch/test-callbacks.sh | 55 ++++--------------- .../selftests/livepatch/test-ftrace.sh | 4 +- .../selftests/livepatch/test-livepatch.sh | 12 +--- .../selftests/livepatch/test-shadow-vars.sh | 4 +- .../testing/selftests/livepatch/test-state.sh | 21 +++---- 7 files changed, 68 insertions(+), 81 deletions(-) -- 2.21.3

4 years, 10 months

2
4
0 0

[PATCH v4 00/11] Add seccomp notifier ioctl that enables adding fds

by Kees Cook

Hello! This is a bit of thread-merge between [1] and [2]. tl;dr: add a way for a seccomp user_notif process manager to inject files into the managed process in order to handle emulation of various fd-returning syscalls across security boundaries. Containers folks and Chrome are in need of the feature, and investigating this solution uncovered (and fixed) implementation issues with existing file sending routines. I intend to carry this in the seccomp tree, unless someone has objections. :) Please review and test! -Kees [1] https://lore.kernel.org/lkml/20200603011044.7972-1-sargun@sargun.me/ [2] https://lore.kernel.org/lkml/20200610045214.1175600-1-keescook@chromium.org/ Kees Cook (9): net/scm: Regularize compat handling of scm_detach_fds() fs: Move __scm_install_fd() to __fd_install_received() fs: Add fd_install_received() wrapper for __fd_install_received() pidfd: Replace open-coded partial fd_install_received() fs: Expand __fd_install_received() to accept fd selftests/seccomp: Make kcmp() less required selftests/seccomp: Rename user_trap_syscall() to user_notif_syscall() seccomp: Switch addfd to Extensible Argument ioctl seccomp: Fix ioctl number for SECCOMP_IOCTL_NOTIF_ID_VALID Sargun Dhillon (2): seccomp: Introduce addfd ioctl to seccomp user notifier selftests/seccomp: Test SECCOMP_IOCTL_NOTIF_ADDFD fs/file.c | 65 ++++ include/linux/file.h | 16 + include/uapi/linux/seccomp.h | 25 +- kernel/pid.c | 11 +- kernel/seccomp.c | 181 ++++++++- net/compat.c | 55 ++- net/core/scm.c | 50 +-- tools/testing/selftests/seccomp/seccomp_bpf.c | 350 +++++++++++++++--- 8 files changed, 618 insertions(+), 135 deletions(-) -- 2.25.1

4 years, 10 months

5
27
0 0

[PATCH] kunit: fix KconfigParseError by ignoring CC_VERSION_TEXT

by Vitor Massaru Iha

Commit 8b59cd81dc5 ("kbuild: ensure full rebuild when the compiler is updated") added the environment variable CC_VERSION_TEXT, parse_from_string() doesn't expect a string and this causes the failure below: [iha@bbking linux]$ tools/testing/kunit/kunit.py run --timeout=60 [00:20:12] Configuring KUnit Kernel ... Generating .config ... Traceback (most recent call last): File "tools/testing/kunit/kunit.py", line 347, in <module> main(sys.argv[1:]) File "tools/testing/kunit/kunit.py", line 257, in main result = run_tests(linux, request) File "tools/testing/kunit/kunit.py", line 134, in run_tests config_result = config_tests(linux, config_request) File "tools/testing/kunit/kunit.py", line 64, in config_tests success = linux.build_reconfig(request.build_dir, request.make_options) File "/home/iha/lkmp/linux/tools/testing/kunit/kunit_kernel.py", line 161, in build_reconfig return self.build_config(build_dir, make_options) File "/home/iha/lkmp/linux/tools/testing/kunit/kunit_kernel.py", line 145, in build_config return self.validate_config(build_dir) File "/home/iha/lkmp/linux/tools/testing/kunit/kunit_kernel.py", line 124, in validate_config validated_kconfig.read_from_file(kconfig_path) File "/home/iha/lkmp/linux/tools/testing/kunit/kunit_config.py", line 89, in read_from_file self.parse_from_string(f.read()) File "/home/iha/lkmp/linux/tools/testing/kunit/kunit_config.py", line 85, in parse_from_string raise KconfigParseError('Failed to parse: ' + line) kunit_config.KconfigParseError: Failed to parse: CONFIG_CC_VERSION_TEXT="gcc (GCC) 10.1.1 20200507 (Red Hat 10.1.1-1)" Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> --- tools/testing/kunit/kunit_config.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/kunit/kunit_config.py b/tools/testing/kunit/kunit_config.py index e75063d603b5..3033520597b6 100644 --- a/tools/testing/kunit/kunit_config.py +++ b/tools/testing/kunit/kunit_config.py @@ -9,6 +9,7 @@ import collections import re +CONFIG_IGNORE_CC_VERSION_TEXT = 'CONFIG_CC_VERSION_TEXT' CONFIG_IS_NOT_SET_PATTERN = r'^# CONFIG_(\w+) is not set$' CONFIG_PATTERN = r'^CONFIG_(\w+)=(\S+)$' @@ -79,7 +80,7 @@ class Kconfig(object): self.add_entry(entry) continue - if line[0] == '#': + if line[0] == '#' or CONFIG_IGNORE_CC_VERSION_TEXT in line: continue else: raise KconfigParseError('Failed to parse: ' + line) base-commit: 7bf200b3a4ac10b1b0376c70b8c66ed39eae7cdd -- 2.26.2

4 years, 10 months

2
2
0 0

[PATCH v2] kunit: fix KconfigParseError handling CC_VERSION_TEXT

by Vitor Massaru Iha

Commit 8b59cd81dc5 ("kbuild: ensure full rebuild when the compiler is updated") added the environment variable CC_VERSION_TEXT, parse_from_string() doesn't expect a string in value field and this causes the failure below: [iha@bbking linux]$ tools/testing/kunit/kunit.py run --timeout=60 [00:20:12] Configuring KUnit Kernel ... Generating .config ... Traceback (most recent call last): File "tools/testing/kunit/kunit.py", line 347, in <module> main(sys.argv[1:]) File "tools/testing/kunit/kunit.py", line 257, in main result = run_tests(linux, request) File "tools/testing/kunit/kunit.py", line 134, in run_tests config_result = config_tests(linux, config_request) File "tools/testing/kunit/kunit.py", line 64, in config_tests success = linux.build_reconfig(request.build_dir, request.make_options) File "/home/iha/lkmp/linux/tools/testing/kunit/kunit_kernel.py", line 161, in build_reconfig return self.build_config(build_dir, make_options) File "/home/iha/lkmp/linux/tools/testing/kunit/kunit_kernel.py", line 145, in build_config return self.validate_config(build_dir) File "/home/iha/lkmp/linux/tools/testing/kunit/kunit_kernel.py", line 124, in validate_config validated_kconfig.read_from_file(kconfig_path) File "/home/iha/lkmp/linux/tools/testing/kunit/kunit_config.py", line 89, in read_from_file self.parse_from_string(f.read()) File "/home/iha/lkmp/linux/tools/testing/kunit/kunit_config.py", line 85, in parse_from_string raise KconfigParseError('Failed to parse: ' + line) kunit_config.KconfigParseError: Failed to parse: CONFIG_CC_VERSION_TEXT="gcc (GCC) 10.1.1 20200507 (Red Hat 10.1.1-1)" Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> --- v2: - maintains CC_VERSION_TEXT in the .config file to ensure full rebuild when the compiler is updated. --- tools/testing/kunit/kunit_config.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/testing/kunit/kunit_config.py b/tools/testing/kunit/kunit_config.py index e75063d603b5..c407c7c6a2b0 100644 --- a/tools/testing/kunit/kunit_config.py +++ b/tools/testing/kunit/kunit_config.py @@ -81,6 +81,12 @@ class Kconfig(object): if line[0] == '#': continue + + if 'CONFIG_CC_VERSION_TEXT' in line: + name, value = line.split('=') + entry = KconfigEntry(name, value) + self.add_entry(entry) + continue else: raise KconfigParseError('Failed to parse: ' + line) base-commit: 7bf200b3a4ac10b1b0376c70b8c66ed39eae7cdd -- 2.26.2

4 years, 10 months

2
1
0 0

[PATCH] kunit: kunit_tool: Fix invalid result when build fails

by David Gow

When separating out different phases of running tests[1] (build/exec/parse/etc), the format of the KunitResult tuple changed (adding an elapsed_time variable). This is not populated during a build failure, causing kunit.py to crash. This fixes [1] to probably populate the result variable, causing a failing build to be reported properly. [1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… Signed-off-by: David Gow <davidgow(a)google.com> --- tools/testing/kunit/kunit.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/testing/kunit/kunit.py b/tools/testing/kunit/kunit.py index 787b6d4ad716..f9b769f3437d 100755 --- a/tools/testing/kunit/kunit.py +++ b/tools/testing/kunit/kunit.py @@ -82,7 +82,9 @@ def build_tests(linux: kunit_kernel.LinuxSourceTree, request.make_options) build_end = time.time() if not success: - return KunitResult(KunitStatus.BUILD_FAILURE, 'could not build kernel') + return KunitResult(KunitStatus.BUILD_FAILURE, + 'could not build kernel', + build_end - build_start) if not success: return KunitResult(KunitStatus.BUILD_FAILURE, 'could not build kernel', -- 2.27.0.290.gba653c62da-goog

4 years, 10 months

2
1
0 0

[PATCH v2] lib: overflow-test: add KUnit test of check_*_overflow functions

by Vitor Massaru Iha

This adds the conversion of the runtime tests of check_*_overflow functions, from `lib/test_overflow.c`to KUnit tests. The log similar to the one seen in dmesg running test_overflow.c can be seen in `test.log`. Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> --- v2: * moved lib/test_overflow.c to lib/overflow-test.c; * back to original license; * fixed style code; * keeps __initconst and added _refdata on overflow_test_cases variable; * keeps macros intact making asserts with the variable err; * removed duplicate test_s8_overflow(); * fixed typos on commit message; --- lib/Kconfig.debug | 20 +++++++-- lib/Makefile | 2 +- lib/{test_overflow.c => overflow-test.c} | 54 +++++++++--------------- 3 files changed, 38 insertions(+), 38 deletions(-) rename lib/{test_overflow.c => overflow-test.c} (96%) diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index d74ac0fd6b2d..fb8a3955e969 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2000,9 +2000,6 @@ config TEST_UUID config TEST_XARRAY tristate "Test the XArray code at runtime" -config TEST_OVERFLOW - tristate "Test check_*_overflow() functions at runtime" - config TEST_RHASHTABLE tristate "Perform selftest on resizable hash table" help @@ -2155,6 +2152,23 @@ config SYSCTL_KUNIT_TEST If unsure, say N. +config OVERFLOW_KUNIT_TEST + tristate "KUnit test for overflow" if !KUNIT_ALL_TESTS + depends on KUNIT + default KUNIT_ALL_TESTS + help + This builds the overflow KUnit tests. + + KUnit tests run during boot and output the results to the debug log + in TAP format (http://testanything.org/). Only useful for kernel devs + running KUnit test harness and are not for inclusion into a production + build. + + For more information on KUnit and unit tests in general please refer + to the KUnit documentation in Documentation/dev-tools/kunit/. + + If unsure, say N. + config LIST_KUNIT_TEST tristate "KUnit Test for Kernel Linked-list structures" if !KUNIT_ALL_TESTS depends on KUNIT diff --git a/lib/Makefile b/lib/Makefile index b1c42c10073b..3b725c9f92d4 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -75,7 +75,6 @@ obj-$(CONFIG_TEST_LIST_SORT) += test_list_sort.o obj-$(CONFIG_TEST_MIN_HEAP) += test_min_heap.o obj-$(CONFIG_TEST_LKM) += test_module.o obj-$(CONFIG_TEST_VMALLOC) += test_vmalloc.o -obj-$(CONFIG_TEST_OVERFLOW) += test_overflow.o obj-$(CONFIG_TEST_RHASHTABLE) += test_rhashtable.o obj-$(CONFIG_TEST_SORT) += test_sort.o obj-$(CONFIG_TEST_USER_COPY) += test_user_copy.o @@ -318,3 +317,4 @@ obj-$(CONFIG_OBJAGG) += objagg.o # KUnit tests obj-$(CONFIG_LIST_KUNIT_TEST) += list-test.o obj-$(CONFIG_LINEAR_RANGES_TEST) += test_linear_ranges.o +obj-$(CONFIG_OVERFLOW_KUNIT_TEST) += overflow-test.o diff --git a/lib/test_overflow.c b/lib/overflow-test.c similarity index 96% rename from lib/test_overflow.c rename to lib/overflow-test.c index 7a4b6f6c5473..d40ef06b1ade 100644 --- a/lib/test_overflow.c +++ b/lib/overflow-test.c @@ -4,14 +4,11 @@ */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt +#include <kunit/test.h> #include <linux/device.h> #include <linux/init.h> -#include <linux/kernel.h> #include <linux/mm.h> -#include <linux/module.h> #include <linux/overflow.h> -#include <linux/slab.h> -#include <linux/types.h> #include <linux/vmalloc.h> #define DEFINE_TEST_ARRAY(t) \ @@ -270,7 +267,7 @@ DEFINE_TEST_FUNC(u64, "%llu"); DEFINE_TEST_FUNC(s64, "%lld"); #endif -static int __init test_overflow_calculation(void) +static void __init overflow_calculation_test(struct kunit *test) { int err = 0; @@ -285,10 +282,10 @@ static int __init test_overflow_calculation(void) err |= test_s64_overflow(); #endif - return err; + KUNIT_EXPECT_FALSE(test, err); } -static int __init test_overflow_shift(void) +static void __init overflow_shift_test(struct kunit *test) { int err = 0; @@ -479,7 +476,7 @@ static int __init test_overflow_shift(void) err |= TEST_ONE_SHIFT(0, 31, s32, 0, false); err |= TEST_ONE_SHIFT(0, 63, s64, 0, false); - return err; + KUNIT_EXPECT_FALSE(test, err); } /* @@ -555,7 +552,7 @@ DEFINE_TEST_ALLOC(kvzalloc_node, kvfree, 0, 1, 1); DEFINE_TEST_ALLOC(devm_kmalloc, devm_kfree, 1, 1, 0); DEFINE_TEST_ALLOC(devm_kzalloc, devm_kfree, 1, 1, 0); -static int __init test_overflow_allocation(void) +static void __init overflow_allocation_test(struct kunit *test) { const char device_name[] = "overflow-test"; struct device *dev; @@ -563,10 +560,8 @@ static int __init test_overflow_allocation(void) /* Create dummy device for devm_kmalloc()-family tests. */ dev = root_device_register(device_name); - if (IS_ERR(dev)) { - pr_warn("Cannot register test device\n"); - return 1; - } + if (IS_ERR(dev)) + kunit_warn(test, "Cannot register test device\n"); err |= test_kmalloc(NULL); err |= test_kmalloc_node(NULL); @@ -585,30 +580,21 @@ static int __init test_overflow_allocation(void) device_unregister(dev); - return err; + KUNIT_EXPECT_FALSE(test, err); } -static int __init test_module_init(void) -{ - int err = 0; - - err |= test_overflow_calculation(); - err |= test_overflow_shift(); - err |= test_overflow_allocation(); - - if (err) { - pr_warn("FAIL!\n"); - err = -EINVAL; - } else { - pr_info("all tests passed\n"); - } +static struct kunit_case __refdata overflow_test_cases[] = { + KUNIT_CASE(overflow_calculation_test), + KUNIT_CASE(overflow_shift_test), + KUNIT_CASE(overflow_allocation_test), + {} +}; - return err; -} +static struct kunit_suite overflow_test_suite = { + .name = "overflow", + .test_cases = overflow_test_cases, +}; -static void __exit test_module_exit(void) -{ } +kunit_test_suites(&overflow_test_suite); -module_init(test_module_init); -module_exit(test_module_exit); MODULE_LICENSE("Dual MIT/GPL"); base-commit: 7bf200b3a4ac10b1b0376c70b8c66ed39eae7cdd prerequisite-patch-id: e827b6b22f950b9f69620805a04e4a264cf4cc6a -- 2.26.2

4 years, 10 months

1
0
0 0

[Linux] [PATCH] Kernel selftests: tpm2: upgrade tpm2 tests from python2 to python3

by Pengfei Xu

Some Linux OS will never support python2 anymore, so upgrade tpm2 selftests to python3. Signed-off-by: Pengfei Xu <pengfei.xu(a)intel.com> --- tools/testing/selftests/tpm2/test_smoke.sh | 4 +- tools/testing/selftests/tpm2/test_space.sh | 2 +- tools/testing/selftests/tpm2/tpm2.py | 68 ++++++++++++++-------- tools/testing/selftests/tpm2/tpm2_tests.py | 24 +++++--- 4 files changed, 61 insertions(+), 37 deletions(-) diff --git a/tools/testing/selftests/tpm2/test_smoke.sh b/tools/testing/selftests/tpm2/test_smoke.sh index 663062701d5a..d05467f6d258 100755 --- a/tools/testing/selftests/tpm2/test_smoke.sh +++ b/tools/testing/selftests/tpm2/test_smoke.sh @@ -6,8 +6,8 @@ ksft_skip=4 [ -f /dev/tpm0 ] || exit $ksft_skip -python -m unittest -v tpm2_tests.SmokeTest -python -m unittest -v tpm2_tests.AsyncTest +python3 -m unittest -v tpm2_tests.SmokeTest +python3 -m unittest -v tpm2_tests.AsyncTest CLEAR_CMD=$(which tpm2_clear) if [ -n $CLEAR_CMD ]; then diff --git a/tools/testing/selftests/tpm2/test_space.sh b/tools/testing/selftests/tpm2/test_space.sh index 36c9d030a1c6..151c64e8ee9f 100755 --- a/tools/testing/selftests/tpm2/test_space.sh +++ b/tools/testing/selftests/tpm2/test_space.sh @@ -6,4 +6,4 @@ ksft_skip=4 [ -f /dev/tpmrm0 ] || exit $ksft_skip -python -m unittest -v tpm2_tests.SpaceTest +python3 -m unittest -v tpm2_tests.SpaceTest diff --git a/tools/testing/selftests/tpm2/tpm2.py b/tools/testing/selftests/tpm2/tpm2.py index d0fcb66a88a6..b0ccc1499c53 100644 --- a/tools/testing/selftests/tpm2/tpm2.py +++ b/tools/testing/selftests/tpm2/tpm2.py @@ -247,14 +247,18 @@ class ProtocolError(Exception): class AuthCommand(object): """TPMS_AUTH_COMMAND""" - def __init__(self, session_handle=TPM2_RS_PW, nonce='', session_attributes=0, - hmac=''): + def __init__(self, session_handle=TPM2_RS_PW, nonce=''.encode(), + session_attributes=0, hmac=''.encode()): + if not isinstance(nonce, bytes): + nonce = nonce.encode() + if not isinstance(hmac, bytes): + hmac = hmac.encode() self.session_handle = session_handle self.nonce = nonce self.session_attributes = session_attributes self.hmac = hmac - def __str__(self): + def __bytes__(self): fmt = '>I H%us B H%us' % (len(self.nonce), len(self.hmac)) return struct.pack(fmt, self.session_handle, len(self.nonce), self.nonce, self.session_attributes, len(self.hmac), @@ -268,11 +272,15 @@ class AuthCommand(object): class SensitiveCreate(object): """TPMS_SENSITIVE_CREATE""" - def __init__(self, user_auth='', data=''): + def __init__(self, user_auth=''.encode(), data=''.encode()): + if not isinstance(user_auth, bytes): + user_auth = user_auth.encode() + if not isinstance(data, bytes): + data = data.encode() self.user_auth = user_auth self.data = data - def __str__(self): + def __bytes__(self): fmt = '>H%us H%us' % (len(self.user_auth), len(self.data)) return struct.pack(fmt, len(self.user_auth), self.user_auth, len(self.data), self.data) @@ -296,8 +304,15 @@ class Public(object): return '>HHIH%us%usH%us' % \ (len(self.auth_policy), len(self.parameters), len(self.unique)) - def __init__(self, object_type, name_alg, object_attributes, auth_policy='', - parameters='', unique=''): + def __init__(self, object_type, name_alg, object_attributes, + auth_policy=''.encode(), parameters=''.encode(), + unique=''.encode()): + if not isinstance(auth_policy, bytes): + auth_policy = auth_policy.encode() + if not isinstance(parameters, bytes): + parameters = parameters.encode() + if not isinstance(unique, bytes): + unique = unique.encode() self.object_type = object_type self.name_alg = name_alg self.object_attributes = object_attributes @@ -305,7 +320,7 @@ class Public(object): self.parameters = parameters self.unique = unique - def __str__(self): + def __bytes__(self): return struct.pack(self.__fmt(), self.object_type, self.name_alg, @@ -343,7 +358,7 @@ def get_algorithm(name): def hex_dump(d): d = [format(ord(x), '02x') for x in d] - d = [d[i: i + 16] for i in xrange(0, len(d), 16)] + d = [d[i: i + 16] for i in range(0, len(d), 16)] d = [' '.join(x) for x in d] d = os.linesep.join(d) @@ -401,7 +416,7 @@ class Client: pcrsel_len = max((i >> 3) + 1, 3) pcrsel = [0] * pcrsel_len pcrsel[i >> 3] = 1 << (i & 7) - pcrsel = ''.join(map(chr, pcrsel)) + pcrsel = ''.join(map(chr, pcrsel)).encode() fmt = '>HII IHB%us' % (pcrsel_len) cmd = struct.pack(fmt, @@ -430,6 +445,8 @@ class Client: return rsp def extend_pcr(self, i, dig, bank_alg = TPM2_ALG_SHA1): + if not isinstance(dig, bytes): + dig = dig.encode() ds = get_digest_size(bank_alg) assert(ds == len(dig)) @@ -443,7 +460,7 @@ class Client: TPM2_CC_PCR_EXTEND, i, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), 1, bank_alg, dig) self.send_cmd(cmd) @@ -457,7 +474,7 @@ class Client: TPM2_RH_NULL, TPM2_RH_NULL, 16, - '\0' * 16, + ('\0' * 16).encode(), 0, session_type, TPM2_ALG_NULL, @@ -472,7 +489,7 @@ class Client: for i in pcrs: pcr = self.read_pcr(i, bank_alg) - if pcr == None: + if pcr is None: return None x += pcr @@ -489,7 +506,7 @@ class Client: pcrsel = [0] * pcrsel_len for i in pcrs: pcrsel[i >> 3] |= 1 << (i & 7) - pcrsel = ''.join(map(chr, pcrsel)) + pcrsel = ''.join(map(chr, pcrsel)).encode() fmt = '>HII IH%usIHB3s' % ds cmd = struct.pack(fmt, @@ -497,7 +514,8 @@ class Client: struct.calcsize(fmt), TPM2_CC_POLICY_PCR, handle, - len(dig), str(dig), + len(dig), + bytes(dig), 1, bank_alg, pcrsel_len, pcrsel) @@ -570,11 +588,11 @@ class Client: TPM2_CC_CREATE_PRIMARY, TPM2_RH_OWNER, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), len(sensitive), - str(sensitive), + bytes(sensitive), len(public), - str(public), + bytes(public), 0, 0) return struct.unpack('>I', self.send_cmd(cmd)[10:14])[0] @@ -608,11 +626,11 @@ class Client: TPM2_CC_CREATE, parent_key, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), len(sensitive), - str(sensitive), + bytes(sensitive), len(public), - str(public), + bytes(public), 0, 0) rsp = self.send_cmd(cmd) @@ -635,7 +653,7 @@ class Client: TPM2_CC_LOAD, parent_key, len(auth_cmd), - str(auth_cmd), + bytes(auth_cmd), blob) data_handle = struct.unpack('>I', self.send_cmd(cmd)[10:14])[0] @@ -653,7 +671,7 @@ class Client: TPM2_CC_UNSEAL, data_handle, len(auth_cmd), - str(auth_cmd)) + bytes(auth_cmd)) try: rsp = self.send_cmd(cmd) @@ -675,7 +693,7 @@ class Client: TPM2_CC_DICTIONARY_ATTACK_LOCK_RESET, TPM2_RH_LOCKOUT, len(auth_cmd), - str(auth_cmd)) + bytes(auth_cmd)) self.send_cmd(cmd) @@ -693,7 +711,7 @@ class Client: more_data, cap, cnt = struct.unpack('>BII', rsp[:9]) rsp = rsp[9:] - for i in xrange(0, cnt): + for i in range(0, cnt): handle = struct.unpack('>I', rsp[:4])[0] handles.append(handle) rsp = rsp[4:] diff --git a/tools/testing/selftests/tpm2/tpm2_tests.py b/tools/testing/selftests/tpm2/tpm2_tests.py index 728be7c69b76..e134033e6f67 100644 --- a/tools/testing/selftests/tpm2/tpm2_tests.py +++ b/tools/testing/selftests/tpm2/tpm2_tests.py @@ -25,7 +25,9 @@ class SmokeTest(unittest.TestCase): blob = self.client.seal(self.root_key, data, auth, None) result = self.client.unseal(self.root_key, blob, auth, None) - self.assertEqual(data, result) + if not isinstance(result, bytes): + result = result.encode() + self.assertEqual(data.encode(), result) def test_seal_with_policy(self): handle = self.client.start_auth_session(tpm2.TPM2_SE_TRIAL) @@ -51,11 +53,13 @@ class SmokeTest(unittest.TestCase): self.client.policy_password(handle) result = self.client.unseal(self.root_key, blob, auth, handle) + if not isinstance(result, bytes): + result = result.encode() except: self.client.flush_context(handle) raise - self.assertEqual(data, result) + self.assertEqual(data.encode(), result) def test_unseal_with_wrong_auth(self): data = 'X' * 64 @@ -65,7 +69,7 @@ class SmokeTest(unittest.TestCase): blob = self.client.seal(self.root_key, data, auth, None) try: result = self.client.unseal(self.root_key, blob, auth[:-1] + 'B', None) - except ProtocolError, e: + except ProtocolError as e: rc = e.rc self.assertEqual(rc, tpm2.TPM2_RC_AUTH_FAIL) @@ -100,11 +104,13 @@ class SmokeTest(unittest.TestCase): self.client.policy_password(handle) result = self.client.unseal(self.root_key, blob, auth, handle) + if not isinstance(result, bytes): + result = result.encode() except: self.client.flush_context(handle) raise - self.assertEqual(data, result) + self.assertEqual(data.encode(), result) # Then, extend a PCR that is part of the policy and try to unseal. # This should fail. @@ -119,7 +125,7 @@ class SmokeTest(unittest.TestCase): self.client.policy_password(handle) result = self.client.unseal(self.root_key, blob, auth, handle) - except ProtocolError, e: + except ProtocolError as e: rc = e.rc self.client.flush_context(handle) except: @@ -136,7 +142,7 @@ class SmokeTest(unittest.TestCase): rc = 0 try: blob = self.client.seal(self.root_key, data, auth, None) - except ProtocolError, e: + except ProtocolError as e: rc = e.rc self.assertEqual(rc, tpm2.TPM2_RC_SIZE) @@ -152,7 +158,7 @@ class SmokeTest(unittest.TestCase): 0xDEADBEEF) self.client.send_cmd(cmd) - except IOError, e: + except IOError as e: rejected = True except: pass @@ -212,7 +218,7 @@ class SmokeTest(unittest.TestCase): self.client.tpm.write(cmd) rsp = self.client.tpm.read() - except IOError, e: + except IOError as e: # read the response rsp = self.client.tpm.read() rejected = True @@ -283,7 +289,7 @@ class SpaceTest(unittest.TestCase): rc = 0 try: space1.send_cmd(cmd) - except ProtocolError, e: + except ProtocolError as e: rc = e.rc self.assertEqual(rc, tpm2.TPM2_RC_COMMAND_CODE | -- 2.17.1

4 years, 10 months

2
2
0 0

[PATCH AUTOSEL 4.4 59/60] selftests/net: in timestamping, strncpy needs to preserve null byte

by Sasha Levin

From: tannerlove <tannerlove(a)google.com> [ Upstream commit 8027bc0307ce59759b90679fa5d8b22949586d20 ] If user passed an interface option longer than 15 characters, then device.ifr_name and hwtstamp.ifr_name became non-null-terminated strings. The compiler warned about this: timestamping.c:353:2: warning: ‘strncpy’ specified bound 16 equals \ destination size [-Wstringop-truncation] 353 | strncpy(device.ifr_name, interface, sizeof(device.ifr_name)); Fixes: cb9eff097831 ("net: new user space API for time stamping of incoming and outgoing packets") Signed-off-by: Tanner Love <tannerlove(a)google.com> Acked-by: Willem de Bruijn <willemb(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- .../selftests/networking/timestamping/timestamping.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/networking/timestamping/timestamping.c b/tools/testing/selftests/networking/timestamping/timestamping.c index 5cdfd743447b..900ed4b47899 100644 --- a/tools/testing/selftests/networking/timestamping/timestamping.c +++ b/tools/testing/selftests/networking/timestamping/timestamping.c @@ -332,10 +332,16 @@ int main(int argc, char **argv) int val; socklen_t len; struct timeval next; + size_t if_len; if (argc < 2) usage(0); interface = argv[1]; + if_len = strlen(interface); + if (if_len >= IFNAMSIZ) { + printf("interface name exceeds IFNAMSIZ\n"); + exit(1); + } for (i = 2; i < argc; i++) { if (!strcasecmp(argv[i], "SO_TIMESTAMP")) @@ -369,12 +375,12 @@ int main(int argc, char **argv) bail("socket"); memset(&device, 0, sizeof(device)); - strncpy(device.ifr_name, interface, sizeof(device.ifr_name)); + memcpy(device.ifr_name, interface, if_len + 1); if (ioctl(sock, SIOCGIFADDR, &device) < 0) bail("getting interface IP address"); memset(&hwtstamp, 0, sizeof(hwtstamp)); - strncpy(hwtstamp.ifr_name, interface, sizeof(hwtstamp.ifr_name)); + memcpy(hwtstamp.ifr_name, interface, if_len + 1); hwtstamp.ifr_data = (void *)&hwconfig; memset(&hwconfig, 0, sizeof(hwconfig)); hwconfig.tx_type = -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 4.9 79/80] selftests/net: in timestamping, strncpy needs to preserve null byte

by Sasha Levin

From: tannerlove <tannerlove(a)google.com> [ Upstream commit 8027bc0307ce59759b90679fa5d8b22949586d20 ] If user passed an interface option longer than 15 characters, then device.ifr_name and hwtstamp.ifr_name became non-null-terminated strings. The compiler warned about this: timestamping.c:353:2: warning: ‘strncpy’ specified bound 16 equals \ destination size [-Wstringop-truncation] 353 | strncpy(device.ifr_name, interface, sizeof(device.ifr_name)); Fixes: cb9eff097831 ("net: new user space API for time stamping of incoming and outgoing packets") Signed-off-by: Tanner Love <tannerlove(a)google.com> Acked-by: Willem de Bruijn <willemb(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- .../selftests/networking/timestamping/timestamping.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/networking/timestamping/timestamping.c b/tools/testing/selftests/networking/timestamping/timestamping.c index 5cdfd743447b..900ed4b47899 100644 --- a/tools/testing/selftests/networking/timestamping/timestamping.c +++ b/tools/testing/selftests/networking/timestamping/timestamping.c @@ -332,10 +332,16 @@ int main(int argc, char **argv) int val; socklen_t len; struct timeval next; + size_t if_len; if (argc < 2) usage(0); interface = argv[1]; + if_len = strlen(interface); + if (if_len >= IFNAMSIZ) { + printf("interface name exceeds IFNAMSIZ\n"); + exit(1); + } for (i = 2; i < argc; i++) { if (!strcasecmp(argv[i], "SO_TIMESTAMP")) @@ -369,12 +375,12 @@ int main(int argc, char **argv) bail("socket"); memset(&device, 0, sizeof(device)); - strncpy(device.ifr_name, interface, sizeof(device.ifr_name)); + memcpy(device.ifr_name, interface, if_len + 1); if (ioctl(sock, SIOCGIFADDR, &device) < 0) bail("getting interface IP address"); memset(&hwtstamp, 0, sizeof(hwtstamp)); - strncpy(hwtstamp.ifr_name, interface, sizeof(hwtstamp.ifr_name)); + memcpy(hwtstamp.ifr_name, interface, if_len + 1); hwtstamp.ifr_data = (void *)&hwconfig; memset(&hwconfig, 0, sizeof(hwconfig)); hwconfig.tx_type = -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 4.9 78/80] selftests/vm/pkeys: fix alloc_random_pkey() to make it really random

by Sasha Levin

From: Ram Pai <linuxram(a)us.ibm.com> [ Upstream commit 6e373263ce07eeaa6410843179535fbdf561fc31 ] alloc_random_pkey() was allocating the same pkey every time. Not all pkeys were geting tested. This fixes it. Signed-off-by: Ram Pai <linuxram(a)us.ibm.com> Signed-off-by: Sandipan Das <sandipan(a)linux.ibm.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Dave Hansen <dave.hansen(a)intel.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Florian Weimer <fweimer(a)redhat.com> Cc: "Desnes A. Nunes do Rosario" <desnesn(a)linux.vnet.ibm.com> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Thiago Jung Bauermann <bauerman(a)linux.ibm.com> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.ibm.com> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Michal Suchanek <msuchanek(a)suse.de> Cc: Shuah Khan <shuah(a)kernel.org> Link: http://lkml.kernel.org/r/0162f55816d4e783a0d6e49e554d0ab9a3c9a23b.158564652… Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/x86/protection_keys.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/x86/protection_keys.c b/tools/testing/selftests/x86/protection_keys.c index 874972ccfc95..5338e668b5e6 100644 --- a/tools/testing/selftests/x86/protection_keys.c +++ b/tools/testing/selftests/x86/protection_keys.c @@ -23,6 +23,7 @@ #define _GNU_SOURCE #include <errno.h> #include <linux/futex.h> +#include <time.h> #include <sys/time.h> #include <sys/syscall.h> #include <string.h> @@ -608,10 +609,10 @@ int alloc_random_pkey(void) int nr_alloced = 0; int random_index; memset(alloced_pkeys, 0, sizeof(alloced_pkeys)); + srand((unsigned int)time(NULL)); /* allocate every possible key and make a note of which ones we got */ max_nr_pkey_allocs = NR_PKEYS; - max_nr_pkey_allocs = 1; for (i = 0; i < max_nr_pkey_allocs; i++) { int new_pkey = alloc_pkey(); if (new_pkey < 0) -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 4.14 106/108] selftests/net: in rxtimestamp getopt_long needs terminating null entry

by Sasha Levin

From: tannerlove <tannerlove(a)google.com> [ Upstream commit 865a6cbb2288f8af7f9dc3b153c61b7014fdcf1e ] getopt_long requires the last element to be filled with zeros. Otherwise, passing an unrecognized option can cause a segfault. Fixes: 16e781224198 ("selftests/net: Add a test to validate behavior of rx timestamps") Signed-off-by: Tanner Love <tannerlove(a)google.com> Acked-by: Willem de Bruijn <willemb(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/networking/timestamping/rxtimestamp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/networking/timestamping/rxtimestamp.c b/tools/testing/selftests/networking/timestamping/rxtimestamp.c index dd4162fc0419..7a573fb4c1c4 100644 --- a/tools/testing/selftests/networking/timestamping/rxtimestamp.c +++ b/tools/testing/selftests/networking/timestamping/rxtimestamp.c @@ -114,6 +114,7 @@ static struct option long_options[] = { { "tcp", no_argument, 0, 't' }, { "udp", no_argument, 0, 'u' }, { "ip", no_argument, 0, 'i' }, + { NULL, 0, NULL, 0 }, }; static int next_port = 19999; -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 4.14 105/108] selftests/net: in timestamping, strncpy needs to preserve null byte

by Sasha Levin

From: tannerlove <tannerlove(a)google.com> [ Upstream commit 8027bc0307ce59759b90679fa5d8b22949586d20 ] If user passed an interface option longer than 15 characters, then device.ifr_name and hwtstamp.ifr_name became non-null-terminated strings. The compiler warned about this: timestamping.c:353:2: warning: ‘strncpy’ specified bound 16 equals \ destination size [-Wstringop-truncation] 353 | strncpy(device.ifr_name, interface, sizeof(device.ifr_name)); Fixes: cb9eff097831 ("net: new user space API for time stamping of incoming and outgoing packets") Signed-off-by: Tanner Love <tannerlove(a)google.com> Acked-by: Willem de Bruijn <willemb(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- .../selftests/networking/timestamping/timestamping.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/networking/timestamping/timestamping.c b/tools/testing/selftests/networking/timestamping/timestamping.c index 5cdfd743447b..900ed4b47899 100644 --- a/tools/testing/selftests/networking/timestamping/timestamping.c +++ b/tools/testing/selftests/networking/timestamping/timestamping.c @@ -332,10 +332,16 @@ int main(int argc, char **argv) int val; socklen_t len; struct timeval next; + size_t if_len; if (argc < 2) usage(0); interface = argv[1]; + if_len = strlen(interface); + if (if_len >= IFNAMSIZ) { + printf("interface name exceeds IFNAMSIZ\n"); + exit(1); + } for (i = 2; i < argc; i++) { if (!strcasecmp(argv[i], "SO_TIMESTAMP")) @@ -369,12 +375,12 @@ int main(int argc, char **argv) bail("socket"); memset(&device, 0, sizeof(device)); - strncpy(device.ifr_name, interface, sizeof(device.ifr_name)); + memcpy(device.ifr_name, interface, if_len + 1); if (ioctl(sock, SIOCGIFADDR, &device) < 0) bail("getting interface IP address"); memset(&hwtstamp, 0, sizeof(hwtstamp)); - strncpy(hwtstamp.ifr_name, interface, sizeof(hwtstamp.ifr_name)); + memcpy(hwtstamp.ifr_name, interface, if_len + 1); hwtstamp.ifr_data = (void *)&hwconfig; memset(&hwconfig, 0, sizeof(hwconfig)); hwconfig.tx_type = -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 4.14 100/108] selftests/vm/pkeys: fix alloc_random_pkey() to make it really random

by Sasha Levin

From: Ram Pai <linuxram(a)us.ibm.com> [ Upstream commit 6e373263ce07eeaa6410843179535fbdf561fc31 ] alloc_random_pkey() was allocating the same pkey every time. Not all pkeys were geting tested. This fixes it. Signed-off-by: Ram Pai <linuxram(a)us.ibm.com> Signed-off-by: Sandipan Das <sandipan(a)linux.ibm.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Dave Hansen <dave.hansen(a)intel.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Florian Weimer <fweimer(a)redhat.com> Cc: "Desnes A. Nunes do Rosario" <desnesn(a)linux.vnet.ibm.com> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Thiago Jung Bauermann <bauerman(a)linux.ibm.com> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.ibm.com> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Michal Suchanek <msuchanek(a)suse.de> Cc: Shuah Khan <shuah(a)kernel.org> Link: http://lkml.kernel.org/r/0162f55816d4e783a0d6e49e554d0ab9a3c9a23b.158564652… Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/x86/protection_keys.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/x86/protection_keys.c b/tools/testing/selftests/x86/protection_keys.c index 5d546dcdbc80..b8778960da10 100644 --- a/tools/testing/selftests/x86/protection_keys.c +++ b/tools/testing/selftests/x86/protection_keys.c @@ -24,6 +24,7 @@ #define _GNU_SOURCE #include <errno.h> #include <linux/futex.h> +#include <time.h> #include <sys/time.h> #include <sys/syscall.h> #include <string.h> @@ -612,10 +613,10 @@ int alloc_random_pkey(void) int nr_alloced = 0; int random_index; memset(alloced_pkeys, 0, sizeof(alloced_pkeys)); + srand((unsigned int)time(NULL)); /* allocate every possible key and make a note of which ones we got */ max_nr_pkey_allocs = NR_PKEYS; - max_nr_pkey_allocs = 1; for (i = 0; i < max_nr_pkey_allocs; i++) { int new_pkey = alloc_pkey(); if (new_pkey < 0) -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 4.19 167/172] selftests/net: in rxtimestamp getopt_long needs terminating null entry

by Sasha Levin

From: tannerlove <tannerlove(a)google.com> [ Upstream commit 865a6cbb2288f8af7f9dc3b153c61b7014fdcf1e ] getopt_long requires the last element to be filled with zeros. Otherwise, passing an unrecognized option can cause a segfault. Fixes: 16e781224198 ("selftests/net: Add a test to validate behavior of rx timestamps") Signed-off-by: Tanner Love <tannerlove(a)google.com> Acked-by: Willem de Bruijn <willemb(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/networking/timestamping/rxtimestamp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/networking/timestamping/rxtimestamp.c b/tools/testing/selftests/networking/timestamping/rxtimestamp.c index dd4162fc0419..7a573fb4c1c4 100644 --- a/tools/testing/selftests/networking/timestamping/rxtimestamp.c +++ b/tools/testing/selftests/networking/timestamping/rxtimestamp.c @@ -114,6 +114,7 @@ static struct option long_options[] = { { "tcp", no_argument, 0, 't' }, { "udp", no_argument, 0, 'u' }, { "ip", no_argument, 0, 'i' }, + { NULL, 0, NULL, 0 }, }; static int next_port = 19999; -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 4.19 162/172] selftests/net: in timestamping, strncpy needs to preserve null byte

by Sasha Levin

From: tannerlove <tannerlove(a)google.com> [ Upstream commit 8027bc0307ce59759b90679fa5d8b22949586d20 ] If user passed an interface option longer than 15 characters, then device.ifr_name and hwtstamp.ifr_name became non-null-terminated strings. The compiler warned about this: timestamping.c:353:2: warning: ‘strncpy’ specified bound 16 equals \ destination size [-Wstringop-truncation] 353 | strncpy(device.ifr_name, interface, sizeof(device.ifr_name)); Fixes: cb9eff097831 ("net: new user space API for time stamping of incoming and outgoing packets") Signed-off-by: Tanner Love <tannerlove(a)google.com> Acked-by: Willem de Bruijn <willemb(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- .../selftests/networking/timestamping/timestamping.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/networking/timestamping/timestamping.c b/tools/testing/selftests/networking/timestamping/timestamping.c index 5cdfd743447b..900ed4b47899 100644 --- a/tools/testing/selftests/networking/timestamping/timestamping.c +++ b/tools/testing/selftests/networking/timestamping/timestamping.c @@ -332,10 +332,16 @@ int main(int argc, char **argv) int val; socklen_t len; struct timeval next; + size_t if_len; if (argc < 2) usage(0); interface = argv[1]; + if_len = strlen(interface); + if (if_len >= IFNAMSIZ) { + printf("interface name exceeds IFNAMSIZ\n"); + exit(1); + } for (i = 2; i < argc; i++) { if (!strcasecmp(argv[i], "SO_TIMESTAMP")) @@ -369,12 +375,12 @@ int main(int argc, char **argv) bail("socket"); memset(&device, 0, sizeof(device)); - strncpy(device.ifr_name, interface, sizeof(device.ifr_name)); + memcpy(device.ifr_name, interface, if_len + 1); if (ioctl(sock, SIOCGIFADDR, &device) < 0) bail("getting interface IP address"); memset(&hwtstamp, 0, sizeof(hwtstamp)); - strncpy(hwtstamp.ifr_name, interface, sizeof(hwtstamp.ifr_name)); + memcpy(hwtstamp.ifr_name, interface, if_len + 1); hwtstamp.ifr_data = (void *)&hwconfig; memset(&hwconfig, 0, sizeof(hwconfig)); hwconfig.tx_type = -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 4.19 160/172] NTB: ntb_test: Fix bug when counting remote files

by Sasha Levin

From: Logan Gunthorpe <logang(a)deltatee.com> [ Upstream commit 2130c0ba69d69bb21f5c52787f2587db00d13d8a ] When remote files are counted in get_files_count, without using SSH, the code returns 0 because there is a colon prepended to $LOC. $VPATH should have been used instead of $LOC. Fixes: 06bd0407d06c ("NTB: ntb_test: Update ntb_tool Scratchpad tests") Signed-off-by: Logan Gunthorpe <logang(a)deltatee.com> Acked-by: Allen Hubbe <allenbh(a)gmail.com> Tested-by: Alexander Fomichev <fomichev.ru(a)gmail.com> Signed-off-by: Jon Mason <jdmason(a)kudzu.us> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/ntb/ntb_test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/ntb/ntb_test.sh b/tools/testing/selftests/ntb/ntb_test.sh index 08cbfbbc7029..17ca36403d04 100755 --- a/tools/testing/selftests/ntb/ntb_test.sh +++ b/tools/testing/selftests/ntb/ntb_test.sh @@ -250,7 +250,7 @@ function get_files_count() split_remote $LOC if [[ "$REMOTE" == "" ]]; then - echo $(ls -1 "$LOC"/${NAME}* 2>/dev/null | wc -l) + echo $(ls -1 "$VPATH"/${NAME}* 2>/dev/null | wc -l) else echo $(ssh "$REMOTE" "ls -1 \"$VPATH\"/${NAME}* | \ wc -l" 2> /dev/null) -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 4.19 148/172] selftests/vm/pkeys: fix alloc_random_pkey() to make it really random

by Sasha Levin

From: Ram Pai <linuxram(a)us.ibm.com> [ Upstream commit 6e373263ce07eeaa6410843179535fbdf561fc31 ] alloc_random_pkey() was allocating the same pkey every time. Not all pkeys were geting tested. This fixes it. Signed-off-by: Ram Pai <linuxram(a)us.ibm.com> Signed-off-by: Sandipan Das <sandipan(a)linux.ibm.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Dave Hansen <dave.hansen(a)intel.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Florian Weimer <fweimer(a)redhat.com> Cc: "Desnes A. Nunes do Rosario" <desnesn(a)linux.vnet.ibm.com> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Thiago Jung Bauermann <bauerman(a)linux.ibm.com> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.ibm.com> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Michal Suchanek <msuchanek(a)suse.de> Cc: Shuah Khan <shuah(a)kernel.org> Link: http://lkml.kernel.org/r/0162f55816d4e783a0d6e49e554d0ab9a3c9a23b.158564652… Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/x86/protection_keys.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/x86/protection_keys.c b/tools/testing/selftests/x86/protection_keys.c index 5d546dcdbc80..b8778960da10 100644 --- a/tools/testing/selftests/x86/protection_keys.c +++ b/tools/testing/selftests/x86/protection_keys.c @@ -24,6 +24,7 @@ #define _GNU_SOURCE #include <errno.h> #include <linux/futex.h> +#include <time.h> #include <sys/time.h> #include <sys/syscall.h> #include <string.h> @@ -612,10 +613,10 @@ int alloc_random_pkey(void) int nr_alloced = 0; int random_index; memset(alloced_pkeys, 0, sizeof(alloced_pkeys)); + srand((unsigned int)time(NULL)); /* allocate every possible key and make a note of which ones we got */ max_nr_pkey_allocs = NR_PKEYS; - max_nr_pkey_allocs = 1; for (i = 0; i < max_nr_pkey_allocs; i++) { int new_pkey = alloc_pkey(); if (new_pkey < 0) -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 5.4 247/266] selftests/net: in timestamping, strncpy needs to preserve null byte

by Sasha Levin

From: tannerlove <tannerlove(a)google.com> [ Upstream commit 8027bc0307ce59759b90679fa5d8b22949586d20 ] If user passed an interface option longer than 15 characters, then device.ifr_name and hwtstamp.ifr_name became non-null-terminated strings. The compiler warned about this: timestamping.c:353:2: warning: ‘strncpy’ specified bound 16 equals \ destination size [-Wstringop-truncation] 353 | strncpy(device.ifr_name, interface, sizeof(device.ifr_name)); Fixes: cb9eff097831 ("net: new user space API for time stamping of incoming and outgoing packets") Signed-off-by: Tanner Love <tannerlove(a)google.com> Acked-by: Willem de Bruijn <willemb(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- .../selftests/networking/timestamping/timestamping.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/networking/timestamping/timestamping.c b/tools/testing/selftests/networking/timestamping/timestamping.c index aca3491174a1..f4bb4fef0f39 100644 --- a/tools/testing/selftests/networking/timestamping/timestamping.c +++ b/tools/testing/selftests/networking/timestamping/timestamping.c @@ -313,10 +313,16 @@ int main(int argc, char **argv) int val; socklen_t len; struct timeval next; + size_t if_len; if (argc < 2) usage(0); interface = argv[1]; + if_len = strlen(interface); + if (if_len >= IFNAMSIZ) { + printf("interface name exceeds IFNAMSIZ\n"); + exit(1); + } for (i = 2; i < argc; i++) { if (!strcasecmp(argv[i], "SO_TIMESTAMP")) @@ -350,12 +356,12 @@ int main(int argc, char **argv) bail("socket"); memset(&device, 0, sizeof(device)); - strncpy(device.ifr_name, interface, sizeof(device.ifr_name)); + memcpy(device.ifr_name, interface, if_len + 1); if (ioctl(sock, SIOCGIFADDR, &device) < 0) bail("getting interface IP address"); memset(&hwtstamp, 0, sizeof(hwtstamp)); - strncpy(hwtstamp.ifr_name, interface, sizeof(hwtstamp.ifr_name)); + memcpy(hwtstamp.ifr_name, interface, if_len + 1); hwtstamp.ifr_data = (void *)&hwconfig; memset(&hwconfig, 0, sizeof(hwconfig)); hwconfig.tx_type = -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 5.4 244/266] NTB: ntb_test: Fix bug when counting remote files

by Sasha Levin

From: Logan Gunthorpe <logang(a)deltatee.com> [ Upstream commit 2130c0ba69d69bb21f5c52787f2587db00d13d8a ] When remote files are counted in get_files_count, without using SSH, the code returns 0 because there is a colon prepended to $LOC. $VPATH should have been used instead of $LOC. Fixes: 06bd0407d06c ("NTB: ntb_test: Update ntb_tool Scratchpad tests") Signed-off-by: Logan Gunthorpe <logang(a)deltatee.com> Acked-by: Allen Hubbe <allenbh(a)gmail.com> Tested-by: Alexander Fomichev <fomichev.ru(a)gmail.com> Signed-off-by: Jon Mason <jdmason(a)kudzu.us> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/ntb/ntb_test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/ntb/ntb_test.sh b/tools/testing/selftests/ntb/ntb_test.sh index 9c60337317c6..020137b61407 100755 --- a/tools/testing/selftests/ntb/ntb_test.sh +++ b/tools/testing/selftests/ntb/ntb_test.sh @@ -241,7 +241,7 @@ function get_files_count() split_remote $LOC if [[ "$REMOTE" == "" ]]; then - echo $(ls -1 "$LOC"/${NAME}* 2>/dev/null | wc -l) + echo $(ls -1 "$VPATH"/${NAME}* 2>/dev/null | wc -l) else echo $(ssh "$REMOTE" "ls -1 \"$VPATH\"/${NAME}* | \ wc -l" 2> /dev/null) -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 5.4 231/266] selftests/vm/pkeys: fix alloc_random_pkey() to make it really random

by Sasha Levin

From: Ram Pai <linuxram(a)us.ibm.com> [ Upstream commit 6e373263ce07eeaa6410843179535fbdf561fc31 ] alloc_random_pkey() was allocating the same pkey every time. Not all pkeys were geting tested. This fixes it. Signed-off-by: Ram Pai <linuxram(a)us.ibm.com> Signed-off-by: Sandipan Das <sandipan(a)linux.ibm.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Dave Hansen <dave.hansen(a)intel.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Florian Weimer <fweimer(a)redhat.com> Cc: "Desnes A. Nunes do Rosario" <desnesn(a)linux.vnet.ibm.com> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Thiago Jung Bauermann <bauerman(a)linux.ibm.com> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.ibm.com> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Michal Suchanek <msuchanek(a)suse.de> Cc: Shuah Khan <shuah(a)kernel.org> Link: http://lkml.kernel.org/r/0162f55816d4e783a0d6e49e554d0ab9a3c9a23b.158564652… Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/x86/protection_keys.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/x86/protection_keys.c b/tools/testing/selftests/x86/protection_keys.c index 480995bceefa..47191af46617 100644 --- a/tools/testing/selftests/x86/protection_keys.c +++ b/tools/testing/selftests/x86/protection_keys.c @@ -24,6 +24,7 @@ #define _GNU_SOURCE #include <errno.h> #include <linux/futex.h> +#include <time.h> #include <sys/time.h> #include <sys/syscall.h> #include <string.h> @@ -612,10 +613,10 @@ int alloc_random_pkey(void) int nr_alloced = 0; int random_index; memset(alloced_pkeys, 0, sizeof(alloced_pkeys)); + srand((unsigned int)time(NULL)); /* allocate every possible key and make a note of which ones we got */ max_nr_pkey_allocs = NR_PKEYS; - max_nr_pkey_allocs = 1; for (i = 0; i < max_nr_pkey_allocs; i++) { int new_pkey = alloc_pkey(); if (new_pkey < 0) -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 5.7 387/388] libbpf: Support pre-initializing .bss global variables

by Sasha Levin

From: Andrii Nakryiko <andriin(a)fb.com> [ Upstream commit caf62492f479585296e9d636c798d5ac256b7b04 ] Remove invalid assumption in libbpf that .bss map doesn't have to be updated in kernel. With addition of skeleton and memory-mapped initialization image, .bss doesn't have to be all zeroes when BPF map is created, because user-code might have initialized those variables from user-space. Fixes: eba9c5f498a1 ("libbpf: Refactor global data map initialization") Signed-off-by: Andrii Nakryiko <andriin(a)fb.com> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Link: https://lore.kernel.org/bpf/20200612194504.557844-1-andriin@fb.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/lib/bpf/libbpf.c | 4 -- .../selftests/bpf/prog_tests/skeleton.c | 45 ++++++++++++++++--- .../selftests/bpf/progs/test_skeleton.c | 19 ++++++-- 3 files changed, 55 insertions(+), 13 deletions(-) diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 8f480e29a6b0..7d80bb1fea4c 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -3455,10 +3455,6 @@ bpf_object__populate_internal_map(struct bpf_object *obj, struct bpf_map *map) char *cp, errmsg[STRERR_BUFSIZE]; int err, zero = 0; - /* kernel already zero-initializes .bss map. */ - if (map_type == LIBBPF_MAP_BSS) - return 0; - err = bpf_map_update_elem(map->fd, &zero, map->mmaped, 0); if (err) { err = -errno; diff --git a/tools/testing/selftests/bpf/prog_tests/skeleton.c b/tools/testing/selftests/bpf/prog_tests/skeleton.c index 9264a2736018..fa153cf67b1b 100644 --- a/tools/testing/selftests/bpf/prog_tests/skeleton.c +++ b/tools/testing/selftests/bpf/prog_tests/skeleton.c @@ -15,6 +15,8 @@ void test_skeleton(void) int duration = 0, err; struct test_skeleton* skel; struct test_skeleton__bss *bss; + struct test_skeleton__data *data; + struct test_skeleton__rodata *rodata; struct test_skeleton__kconfig *kcfg; skel = test_skeleton__open(); @@ -24,13 +26,45 @@ void test_skeleton(void) if (CHECK(skel->kconfig, "skel_kconfig", "kconfig is mmaped()!\n")) goto cleanup; + bss = skel->bss; + data = skel->data; + rodata = skel->rodata; + + /* validate values are pre-initialized correctly */ + CHECK(data->in1 != -1, "in1", "got %d != exp %d\n", data->in1, -1); + CHECK(data->out1 != -1, "out1", "got %d != exp %d\n", data->out1, -1); + CHECK(data->in2 != -1, "in2", "got %lld != exp %lld\n", data->in2, -1LL); + CHECK(data->out2 != -1, "out2", "got %lld != exp %lld\n", data->out2, -1LL); + + CHECK(bss->in3 != 0, "in3", "got %d != exp %d\n", bss->in3, 0); + CHECK(bss->out3 != 0, "out3", "got %d != exp %d\n", bss->out3, 0); + CHECK(bss->in4 != 0, "in4", "got %lld != exp %lld\n", bss->in4, 0LL); + CHECK(bss->out4 != 0, "out4", "got %lld != exp %lld\n", bss->out4, 0LL); + + CHECK(rodata->in6 != 0, "in6", "got %d != exp %d\n", rodata->in6, 0); + CHECK(bss->out6 != 0, "out6", "got %d != exp %d\n", bss->out6, 0); + + /* validate we can pre-setup global variables, even in .bss */ + data->in1 = 10; + data->in2 = 11; + bss->in3 = 12; + bss->in4 = 13; + rodata->in6 = 14; + err = test_skeleton__load(skel); if (CHECK(err, "skel_load", "failed to load skeleton: %d\n", err)) goto cleanup; - bss = skel->bss; - bss->in1 = 1; - bss->in2 = 2; + /* validate pre-setup values are still there */ + CHECK(data->in1 != 10, "in1", "got %d != exp %d\n", data->in1, 10); + CHECK(data->in2 != 11, "in2", "got %lld != exp %lld\n", data->in2, 11LL); + CHECK(bss->in3 != 12, "in3", "got %d != exp %d\n", bss->in3, 12); + CHECK(bss->in4 != 13, "in4", "got %lld != exp %lld\n", bss->in4, 13LL); + CHECK(rodata->in6 != 14, "in6", "got %d != exp %d\n", rodata->in6, 14); + + /* now set new values and attach to get them into outX variables */ + data->in1 = 1; + data->in2 = 2; bss->in3 = 3; bss->in4 = 4; bss->in5.a = 5; @@ -44,14 +78,15 @@ void test_skeleton(void) /* trigger tracepoint */ usleep(1); - CHECK(bss->out1 != 1, "res1", "got %d != exp %d\n", bss->out1, 1); - CHECK(bss->out2 != 2, "res2", "got %lld != exp %d\n", bss->out2, 2); + CHECK(data->out1 != 1, "res1", "got %d != exp %d\n", data->out1, 1); + CHECK(data->out2 != 2, "res2", "got %lld != exp %d\n", data->out2, 2); CHECK(bss->out3 != 3, "res3", "got %d != exp %d\n", (int)bss->out3, 3); CHECK(bss->out4 != 4, "res4", "got %lld != exp %d\n", bss->out4, 4); CHECK(bss->handler_out5.a != 5, "res5", "got %d != exp %d\n", bss->handler_out5.a, 5); CHECK(bss->handler_out5.b != 6, "res6", "got %lld != exp %d\n", bss->handler_out5.b, 6); + CHECK(bss->out6 != 14, "res7", "got %d != exp %d\n", bss->out6, 14); CHECK(bss->bpf_syscall != kcfg->CONFIG_BPF_SYSCALL, "ext1", "got %d != exp %d\n", bss->bpf_syscall, kcfg->CONFIG_BPF_SYSCALL); diff --git a/tools/testing/selftests/bpf/progs/test_skeleton.c b/tools/testing/selftests/bpf/progs/test_skeleton.c index de03a90f78ca..77ae86f44db5 100644 --- a/tools/testing/selftests/bpf/progs/test_skeleton.c +++ b/tools/testing/selftests/bpf/progs/test_skeleton.c @@ -10,16 +10,26 @@ struct s { long long b; } __attribute__((packed)); -int in1 = 0; -long long in2 = 0; +/* .data section */ +int in1 = -1; +long long in2 = -1; + +/* .bss section */ char in3 = '\0'; long long in4 __attribute__((aligned(64))) = 0; struct s in5 = {}; -long long out2 = 0; +/* .rodata section */ +const volatile int in6 = 0; + +/* .data section */ +int out1 = -1; +long long out2 = -1; + +/* .bss section */ char out3 = 0; long long out4 = 0; -int out1 = 0; +int out6 = 0; extern bool CONFIG_BPF_SYSCALL __kconfig; extern int LINUX_KERNEL_VERSION __kconfig; @@ -36,6 +46,7 @@ int handler(const void *ctx) out3 = in3; out4 = in4; out5 = in5; + out6 = in6; bpf_syscall = CONFIG_BPF_SYSCALL; kern_ver = LINUX_KERNEL_VERSION; -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 5.7 359/388] selftests/net: in timestamping, strncpy needs to preserve null byte

by Sasha Levin

From: tannerlove <tannerlove(a)google.com> [ Upstream commit 8027bc0307ce59759b90679fa5d8b22949586d20 ] If user passed an interface option longer than 15 characters, then device.ifr_name and hwtstamp.ifr_name became non-null-terminated strings. The compiler warned about this: timestamping.c:353:2: warning: ‘strncpy’ specified bound 16 equals \ destination size [-Wstringop-truncation] 353 | strncpy(device.ifr_name, interface, sizeof(device.ifr_name)); Fixes: cb9eff097831 ("net: new user space API for time stamping of incoming and outgoing packets") Signed-off-by: Tanner Love <tannerlove(a)google.com> Acked-by: Willem de Bruijn <willemb(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/net/timestamping.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/timestamping.c b/tools/testing/selftests/net/timestamping.c index aca3491174a1..f4bb4fef0f39 100644 --- a/tools/testing/selftests/net/timestamping.c +++ b/tools/testing/selftests/net/timestamping.c @@ -313,10 +313,16 @@ int main(int argc, char **argv) int val; socklen_t len; struct timeval next; + size_t if_len; if (argc < 2) usage(0); interface = argv[1]; + if_len = strlen(interface); + if (if_len >= IFNAMSIZ) { + printf("interface name exceeds IFNAMSIZ\n"); + exit(1); + } for (i = 2; i < argc; i++) { if (!strcasecmp(argv[i], "SO_TIMESTAMP")) @@ -350,12 +356,12 @@ int main(int argc, char **argv) bail("socket"); memset(&device, 0, sizeof(device)); - strncpy(device.ifr_name, interface, sizeof(device.ifr_name)); + memcpy(device.ifr_name, interface, if_len + 1); if (ioctl(sock, SIOCGIFADDR, &device) < 0) bail("getting interface IP address"); memset(&hwtstamp, 0, sizeof(hwtstamp)); - strncpy(hwtstamp.ifr_name, interface, sizeof(hwtstamp.ifr_name)); + memcpy(hwtstamp.ifr_name, interface, if_len + 1); hwtstamp.ifr_data = (void *)&hwconfig; memset(&hwconfig, 0, sizeof(hwconfig)); hwconfig.tx_type = -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 5.7 354/388] NTB: ntb_test: Fix bug when counting remote files

by Sasha Levin

From: Logan Gunthorpe <logang(a)deltatee.com> [ Upstream commit 2130c0ba69d69bb21f5c52787f2587db00d13d8a ] When remote files are counted in get_files_count, without using SSH, the code returns 0 because there is a colon prepended to $LOC. $VPATH should have been used instead of $LOC. Fixes: 06bd0407d06c ("NTB: ntb_test: Update ntb_tool Scratchpad tests") Signed-off-by: Logan Gunthorpe <logang(a)deltatee.com> Acked-by: Allen Hubbe <allenbh(a)gmail.com> Tested-by: Alexander Fomichev <fomichev.ru(a)gmail.com> Signed-off-by: Jon Mason <jdmason(a)kudzu.us> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/ntb/ntb_test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/ntb/ntb_test.sh b/tools/testing/selftests/ntb/ntb_test.sh index 9c60337317c6..020137b61407 100755 --- a/tools/testing/selftests/ntb/ntb_test.sh +++ b/tools/testing/selftests/ntb/ntb_test.sh @@ -241,7 +241,7 @@ function get_files_count() split_remote $LOC if [[ "$REMOTE" == "" ]]; then - echo $(ls -1 "$LOC"/${NAME}* 2>/dev/null | wc -l) + echo $(ls -1 "$VPATH"/${NAME}* 2>/dev/null | wc -l) else echo $(ssh "$REMOTE" "ls -1 \"$VPATH\"/${NAME}* | \ wc -l" 2> /dev/null) -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 5.7 342/388] KVM: selftests: Fix build with "make ARCH=x86_64"

by Sasha Levin

From: Vitaly Kuznetsov <vkuznets(a)redhat.com> [ Upstream commit b80db73dc8be7022adae1b4414a1bebce50fe915 ] Marcelo reports that kvm selftests fail to build with "make ARCH=x86_64": gcc -Wall -Wstrict-prototypes -Wuninitialized -O2 -g -std=gnu99 -fno-stack-protector -fno-PIE -I../../../../tools/include -I../../../../tools/arch/x86_64/include -I../../../../usr/include/ -Iinclude -Ilib -Iinclude/x86_64 -I.. -c lib/kvm_util.c -o /var/tmp/20200604202744-bin/lib/kvm_util.o In file included from lib/kvm_util.c:11: include/x86_64/processor.h:14:10: fatal error: asm/msr-index.h: No such file or directory #include <asm/msr-index.h> ^~~~~~~~~~~~~~~~~ compilation terminated. "make ARCH=x86", however, works. The problem is that arch specific headers for x86_64 live in 'tools/arch/x86/include', not in 'tools/arch/x86_64/include'. Fixes: 66d69e081b52 ("selftests: fix kvm relocatable native/cross builds and installs") Reported-by: Marcelo Bandeira Condotta <mcondotta(a)redhat.com> Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Message-Id: <20200605142028.550068-1-vkuznets(a)redhat.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/kvm/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile index 42f4f49f2a48..2c85b9dd86f5 100644 --- a/tools/testing/selftests/kvm/Makefile +++ b/tools/testing/selftests/kvm/Makefile @@ -80,7 +80,11 @@ LIBKVM += $(LIBKVM_$(UNAME_M)) INSTALL_HDR_PATH = $(top_srcdir)/usr LINUX_HDR_PATH = $(INSTALL_HDR_PATH)/include/ LINUX_TOOL_INCLUDE = $(top_srcdir)/tools/include +ifeq ($(ARCH),x86_64) +LINUX_TOOL_ARCH_INCLUDE = $(top_srcdir)/tools/arch/x86/include +else LINUX_TOOL_ARCH_INCLUDE = $(top_srcdir)/tools/arch/$(ARCH)/include +endif CFLAGS += -Wall -Wstrict-prototypes -Wuninitialized -O2 -g -std=gnu99 \ -fno-stack-protector -fno-PIE -I$(LINUX_TOOL_INCLUDE) \ -I$(LINUX_TOOL_ARCH_INCLUDE) -I$(LINUX_HDR_PATH) -Iinclude \ -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 5.7 338/388] selftests/vm/pkeys: fix alloc_random_pkey() to make it really random

by Sasha Levin

From: Ram Pai <linuxram(a)us.ibm.com> [ Upstream commit 6e373263ce07eeaa6410843179535fbdf561fc31 ] alloc_random_pkey() was allocating the same pkey every time. Not all pkeys were geting tested. This fixes it. Signed-off-by: Ram Pai <linuxram(a)us.ibm.com> Signed-off-by: Sandipan Das <sandipan(a)linux.ibm.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Acked-by: Dave Hansen <dave.hansen(a)intel.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Florian Weimer <fweimer(a)redhat.com> Cc: "Desnes A. Nunes do Rosario" <desnesn(a)linux.vnet.ibm.com> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Thiago Jung Bauermann <bauerman(a)linux.ibm.com> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.ibm.com> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Michal Suchanek <msuchanek(a)suse.de> Cc: Shuah Khan <shuah(a)kernel.org> Link: http://lkml.kernel.org/r/0162f55816d4e783a0d6e49e554d0ab9a3c9a23b.158564652… Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/x86/protection_keys.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/x86/protection_keys.c b/tools/testing/selftests/x86/protection_keys.c index 480995bceefa..47191af46617 100644 --- a/tools/testing/selftests/x86/protection_keys.c +++ b/tools/testing/selftests/x86/protection_keys.c @@ -24,6 +24,7 @@ #define _GNU_SOURCE #include <errno.h> #include <linux/futex.h> +#include <time.h> #include <sys/time.h> #include <sys/syscall.h> #include <string.h> @@ -612,10 +613,10 @@ int alloc_random_pkey(void) int nr_alloced = 0; int random_index; memset(alloced_pkeys, 0, sizeof(alloced_pkeys)); + srand((unsigned int)time(NULL)); /* allocate every possible key and make a note of which ones we got */ max_nr_pkey_allocs = NR_PKEYS; - max_nr_pkey_allocs = 1; for (i = 0; i < max_nr_pkey_allocs; i++) { int new_pkey = alloc_pkey(); if (new_pkey < 0) -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH AUTOSEL 5.7 262/388] selftests/timens: handle a case when alarm clocks are not supported

by Sasha Levin

From: Andrei Vagin <avagin(a)gmail.com> [ Upstream commit 558ae0355a91c7d28fdf4c0011bee6ebb5118632 ] This can happen if a testing node doesn't have RTC (real time clock) hardware or it doesn't support alarms. Fixes: 61c57676035d ("selftests/timens: Add Time Namespace test for supported clocks") Acked-by: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Reported-by: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Signed-off-by: Andrei Vagin <avagin(a)gmail.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/timens/clock_nanosleep.c | 2 +- tools/testing/selftests/timens/timens.c | 2 +- tools/testing/selftests/timens/timens.h | 13 ++++++++++++- tools/testing/selftests/timens/timer.c | 5 +++++ tools/testing/selftests/timens/timerfd.c | 5 +++++ 5 files changed, 24 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/timens/clock_nanosleep.c b/tools/testing/selftests/timens/clock_nanosleep.c index 8e7b7c72ef65..72d41b955fb2 100644 --- a/tools/testing/selftests/timens/clock_nanosleep.c +++ b/tools/testing/selftests/timens/clock_nanosleep.c @@ -119,7 +119,7 @@ int main(int argc, char *argv[]) ksft_set_plan(4); - check_config_posix_timers(); + check_supported_timers(); if (unshare_timens()) return 1; diff --git a/tools/testing/selftests/timens/timens.c b/tools/testing/selftests/timens/timens.c index 098be7c83be3..52b6a1185f52 100644 --- a/tools/testing/selftests/timens/timens.c +++ b/tools/testing/selftests/timens/timens.c @@ -155,7 +155,7 @@ int main(int argc, char *argv[]) nscheck(); - check_config_posix_timers(); + check_supported_timers(); ksft_set_plan(ARRAY_SIZE(clocks) * 2); diff --git a/tools/testing/selftests/timens/timens.h b/tools/testing/selftests/timens/timens.h index e09e7e39bc52..d4fc52d47146 100644 --- a/tools/testing/selftests/timens/timens.h +++ b/tools/testing/selftests/timens/timens.h @@ -14,15 +14,26 @@ #endif static int config_posix_timers = true; +static int config_alarm_timers = true; -static inline void check_config_posix_timers(void) +static inline void check_supported_timers(void) { + struct timespec ts; + if (timer_create(-1, 0, 0) == -1 && errno == ENOSYS) config_posix_timers = false; + + if (clock_gettime(CLOCK_BOOTTIME_ALARM, &ts) == -1 && errno == EINVAL) + config_alarm_timers = false; } static inline bool check_skip(int clockid) { + if (!config_alarm_timers && clockid == CLOCK_BOOTTIME_ALARM) { + ksft_test_result_skip("CLOCK_BOOTTIME_ALARM isn't supported\n"); + return true; + } + if (config_posix_timers) return false; diff --git a/tools/testing/selftests/timens/timer.c b/tools/testing/selftests/timens/timer.c index 96dba11ebe44..5e7f0051bd7b 100644 --- a/tools/testing/selftests/timens/timer.c +++ b/tools/testing/selftests/timens/timer.c @@ -22,6 +22,9 @@ int run_test(int clockid, struct timespec now) timer_t fd; int i; + if (check_skip(clockid)) + return 0; + for (i = 0; i < 2; i++) { struct sigevent sevp = {.sigev_notify = SIGEV_NONE}; int flags = 0; @@ -74,6 +77,8 @@ int main(int argc, char *argv[]) nscheck(); + check_supported_timers(); + ksft_set_plan(3); clock_gettime(CLOCK_MONOTONIC, &mtime_now); diff --git a/tools/testing/selftests/timens/timerfd.c b/tools/testing/selftests/timens/timerfd.c index eff1ec5ff215..9edd43d6b2c1 100644 --- a/tools/testing/selftests/timens/timerfd.c +++ b/tools/testing/selftests/timens/timerfd.c @@ -28,6 +28,9 @@ int run_test(int clockid, struct timespec now) long long elapsed; int fd, i; + if (check_skip(clockid)) + return 0; + if (tclock_gettime(clockid, &now)) return pr_perror("clock_gettime(%d)", clockid); @@ -81,6 +84,8 @@ int main(int argc, char *argv[]) nscheck(); + check_supported_timers(); + ksft_set_plan(3); clock_gettime(CLOCK_MONOTONIC, &mtime_now); -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH v33 19/21] selftests/x86: Add a selftest for SGX

by Jarkko Sakkinen

Add a selftest for SGX. It is a trivial test where a simple enclave copies one 64-bit word of memory between two memory locations. Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/sgx/.gitignore | 2 + tools/testing/selftests/sgx/Makefile | 53 +++ tools/testing/selftests/sgx/call.S | 54 +++ tools/testing/selftests/sgx/defines.h | 21 + tools/testing/selftests/sgx/load.c | 282 +++++++++++++ tools/testing/selftests/sgx/main.c | 199 +++++++++ tools/testing/selftests/sgx/main.h | 38 ++ tools/testing/selftests/sgx/sigstruct.c | 395 ++++++++++++++++++ tools/testing/selftests/sgx/test_encl.c | 20 + tools/testing/selftests/sgx/test_encl.lds | 40 ++ .../selftests/sgx/test_encl_bootstrap.S | 89 ++++ 12 files changed, 1194 insertions(+) create mode 100644 tools/testing/selftests/sgx/.gitignore create mode 100644 tools/testing/selftests/sgx/Makefile create mode 100644 tools/testing/selftests/sgx/call.S create mode 100644 tools/testing/selftests/sgx/defines.h create mode 100644 tools/testing/selftests/sgx/load.c create mode 100644 tools/testing/selftests/sgx/main.c create mode 100644 tools/testing/selftests/sgx/main.h create mode 100644 tools/testing/selftests/sgx/sigstruct.c create mode 100644 tools/testing/selftests/sgx/test_encl.c create mode 100644 tools/testing/selftests/sgx/test_encl.lds create mode 100644 tools/testing/selftests/sgx/test_encl_bootstrap.S diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 1195bd85af38..ec7be6d5a10d 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -64,6 +64,7 @@ TARGETS += user TARGETS += vm TARGETS += x86 TARGETS += zram +TARGETS += sgx #Please keep the TARGETS list alphabetically sorted # Run "make quicktest=1 run_tests" or # "make quicktest=1 kselftest" from top level Makefile diff --git a/tools/testing/selftests/sgx/.gitignore b/tools/testing/selftests/sgx/.gitignore new file mode 100644 index 000000000000..fbaf0bda9a92 --- /dev/null +++ b/tools/testing/selftests/sgx/.gitignore @@ -0,0 +1,2 @@ +test_sgx +test_encl.elf diff --git a/tools/testing/selftests/sgx/Makefile b/tools/testing/selftests/sgx/Makefile new file mode 100644 index 000000000000..95e5c4df8014 --- /dev/null +++ b/tools/testing/selftests/sgx/Makefile @@ -0,0 +1,53 @@ +top_srcdir = ../../../.. + +include ../lib.mk + +.PHONY: all clean + +CAN_BUILD_X86_64 := $(shell ../x86/check_cc.sh $(CC) \ + ../x86/trivial_64bit_program.c) + +ifndef OBJCOPY +OBJCOPY := $(CROSS_COMPILE)objcopy +endif + +INCLUDES := -I$(top_srcdir)/tools/include +HOST_CFLAGS := -Wall -Werror -g $(INCLUDES) -fPIC -z noexecstack +ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \ + -fno-stack-protector -mrdrnd $(INCLUDES) + +TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx $(OUTPUT)/test_encl.elf + +ifeq ($(CAN_BUILD_X86_64), 1) +all: $(TEST_CUSTOM_PROGS) +endif + +$(OUTPUT)/test_sgx: $(OUTPUT)/main.o \ + $(OUTPUT)/load.o \ + $(OUTPUT)/sigstruct.o \ + $(OUTPUT)/call.o + $(CC) $(HOST_CFLAGS) -o $@ $^ -lcrypto + +$(OUTPUT)/main.o: main.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/load.o: load.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/sigstruct.o: sigstruct.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/call.o: call.S + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/test_encl.elf: test_encl.lds test_encl.c test_encl_bootstrap.S + $(CC) $(ENCL_CFLAGS) -T $^ -o $@ + +EXTRA_CLEAN := \ + $(OUTPUT)/test_encl.elf \ + $(OUTPUT)/load.o \ + $(OUTPUT)/call.o \ + $(OUTPUT)/main.o \ + $(OUTPUT)/sigstruct.o \ + $(OUTPUT)/test_sgx \ + $(OUTPUT)/test_sgx.o \ diff --git a/tools/testing/selftests/sgx/call.S b/tools/testing/selftests/sgx/call.S new file mode 100644 index 000000000000..77131e83db42 --- /dev/null +++ b/tools/testing/selftests/sgx/call.S @@ -0,0 +1,54 @@ +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */ +/** +* Copyright(c) 2016-18 Intel Corporation. +*/ + + .text + + .macro ENCLU + .byte 0x0f, 0x01, 0xd7 + .endm + + .text + + .global sgx_call_vdso +sgx_call_vdso: + .cfi_startproc + push %r15 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r15, 0 + push %r14 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r14, 0 + push %r13 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r13, 0 + push %r12 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r12, 0 + push %rbx + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %rbx, 0 + push $0 + .cfi_adjust_cfa_offset 8 + push 0x48(%rsp) + .cfi_adjust_cfa_offset 8 + push 0x48(%rsp) + .cfi_adjust_cfa_offset 8 + push 0x48(%rsp) + .cfi_adjust_cfa_offset 8 + call *eenter(%rip) + add $0x20, %rsp + .cfi_adjust_cfa_offset -0x20 + pop %rbx + .cfi_adjust_cfa_offset -8 + pop %r12 + .cfi_adjust_cfa_offset -8 + pop %r13 + .cfi_adjust_cfa_offset -8 + pop %r14 + .cfi_adjust_cfa_offset -8 + pop %r15 + .cfi_adjust_cfa_offset -8 + ret + .cfi_endproc diff --git a/tools/testing/selftests/sgx/defines.h b/tools/testing/selftests/sgx/defines.h new file mode 100644 index 000000000000..be8969922804 --- /dev/null +++ b/tools/testing/selftests/sgx/defines.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright(c) 2016-19 Intel Corporation. + */ + +#ifndef DEFINES_H +#define DEFINES_H + +#include <stdint.h> + +#define PAGE_SIZE 4096 +#define PAGE_MASK (~(PAGE_SIZE - 1)) + +#define __aligned(x) __attribute__((__aligned__(x))) +#define __packed __attribute__((packed)) + +#include "../../../../arch/x86/kernel/cpu/sgx/arch.h" +#include "../../../../arch/x86/include/asm/enclu.h" +#include "../../../../arch/x86/include/uapi/asm/sgx.h" + +#endif /* DEFINES_H */ diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c new file mode 100644 index 000000000000..91407036541c --- /dev/null +++ b/tools/testing/selftests/sgx/load.c @@ -0,0 +1,282 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <assert.h> +#include <elf.h> +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/ioctl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/types.h> +#include "defines.h" +#include "main.h" + +void encl_delete(struct encl *encl) +{ + if (encl->encl_base) + munmap((void *)encl->encl_base, encl->encl_size); + + if (encl->bin) + munmap(encl->bin, encl->bin_size); + + if (encl->fd) + close(encl->fd); + + if (encl->segment_tbl) + free(encl->segment_tbl); + + memset(encl, 0, sizeof(*encl)); +} + +static bool encl_map_bin(const char *path, struct encl *encl) +{ + struct stat sb; + void *bin; + int ret; + int fd; + + fd = open(path, O_RDONLY); + if (fd == -1) { + perror("open()"); + return false; + } + + ret = stat(path, &sb); + if (ret) { + perror("stat()"); + goto err; + } + + bin = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); + if (bin == MAP_FAILED) { + perror("mmap()"); + goto err; + } + + encl->bin = bin; + encl->bin_size = sb.st_size; + + close(fd); + return true; + +err: + close(fd); + return false; +} + +static bool encl_ioc_create(struct encl *encl) +{ + struct sgx_secs *secs = &encl->secs; + struct sgx_enclave_create ioc; + int rc; + + assert(encl->encl_base != 0); + + memset(secs, 0, sizeof(*secs)); + secs->ssa_frame_size = 1; + secs->attributes = SGX_ATTR_MODE64BIT; + secs->xfrm = 3; + secs->base = encl->encl_base; + secs->size = encl->encl_size; + + ioc.src = (unsigned long)secs; + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_CREATE, &ioc); + if (rc) { + fprintf(stderr, "SGX_IOC_ENCLAVE_CREATE failed: errno=%d\n", + errno); + munmap((void *)secs->base, encl->encl_size); + return false; + } + + return true; +} + +static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg) +{ + struct sgx_enclave_add_pages ioc; + struct sgx_secinfo secinfo; + int rc; + + memset(&secinfo, 0, sizeof(secinfo)); + secinfo.flags = seg->flags; + + ioc.src = (uint64_t)encl->src + seg->offset; + ioc.offset = seg->offset; + ioc.length = seg->size; + ioc.secinfo = (unsigned long)&secinfo; + ioc.flags = SGX_PAGE_MEASURE; + + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc); + if (rc) { + fprintf(stderr, "SGX_IOC_ENCLAVE_ADD_PAGES failed: errno=%d.\n", + errno); + return false; + } + + if (ioc.count != ioc.length) { + fprintf(stderr, "A segment not fully processed.\n"); + return false; + } + + return true; +} + +bool encl_load(const char *path, struct encl *encl) +{ + Elf64_Phdr *phdr_tbl; + off_t src_offset; + Elf64_Ehdr *ehdr; + int i, j; + int ret; + + memset(encl, 0, sizeof(*encl)); + + ret = open("/dev/sgx/enclave", O_RDWR); + if (ret < 0) { + fprintf(stderr, "Unable to open /dev/sgx\n"); + goto err; + } + + encl->fd = ret; + + if (!encl_map_bin(path, encl)) + goto err; + + ehdr = encl->bin; + phdr_tbl = encl->bin + ehdr->e_phoff; + + for (i = 0; i < ehdr->e_phnum; i++) { + Elf64_Phdr *phdr = &phdr_tbl[i]; + + if (phdr->p_type == PT_LOAD) + encl->nr_segments++; + } + + encl->segment_tbl = calloc(encl->nr_segments, + sizeof(struct encl_segment)); + if (!encl->segment_tbl) + goto err; + + for (i = 0, j = 0; i < ehdr->e_phnum; i++) { + Elf64_Phdr *phdr = &phdr_tbl[i]; + unsigned int flags = phdr->p_flags; + struct encl_segment *seg; + + if (phdr->p_type != PT_LOAD) + continue; + + seg = &encl->segment_tbl[j]; + + if (!!(flags & ~(PF_R | PF_W | PF_X))) { + fprintf(stderr, + "%d has invalid segment flags 0x%02x.\n", i, + phdr->p_flags); + goto err; + } + + if (j == 0 && flags != (PF_R | PF_W)) { + fprintf(stderr, + "TCS has invalid segment flags 0x%02x.\n", + phdr->p_flags); + goto err; + } + + if (j == 0) { + src_offset = (phdr->p_offset & PAGE_MASK) - src_offset; + + seg->prot = PROT_READ | PROT_WRITE; + seg->flags = SGX_PAGE_TYPE_TCS << 8; + } else { + seg->prot = (phdr->p_flags & PF_R) ? PROT_READ : 0; + seg->prot |= (phdr->p_flags & PF_W) ? PROT_WRITE : 0; + seg->prot |= (phdr->p_flags & PF_X) ? PROT_EXEC : 0; + seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot; + } + + seg->offset = (phdr->p_offset & PAGE_MASK) - src_offset; + seg->size = (phdr->p_filesz + PAGE_SIZE - 1) & PAGE_MASK; + + printf("0x%016lx 0x%016lx 0x%02x\n", seg->offset, seg->size, + seg->prot); + + j++; + } + + assert(j == encl->nr_segments); + + encl->src = encl->bin + src_offset; + encl->src_size = encl->segment_tbl[j - 1].offset + + encl->segment_tbl[j - 1].size; + + for (encl->encl_size = 4096; encl->encl_size < encl->src_size; ) + encl->encl_size <<= 1; + + return true; + +err: + encl_delete(encl); + return false; +} + +static bool encl_map_area(struct encl *encl) +{ + size_t encl_size = encl->encl_size; + void *area; + + area = mmap(NULL, encl_size * 2, PROT_NONE, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + if (area == MAP_FAILED) { + perror("mmap"); + return false; + } + + encl->encl_base = ((uint64_t)area + encl_size - 1) & ~(encl_size - 1); + + munmap(area, encl->encl_base - (uint64_t)area); + munmap((void *)(encl->encl_base + encl_size), + (uint64_t)area + encl_size - encl->encl_base); + + return true; +} + +bool encl_build(struct encl *encl) +{ + struct sgx_enclave_init ioc; + int ret; + int i; + + if (!encl_map_area(encl)) + return false; + + if (!encl_ioc_create(encl)) + return false; + + /* + * Pages must be added before mapping VMAs because their permissions + * cap the VMA permissions. + */ + for (i = 0; i < encl->nr_segments; i++) { + struct encl_segment *seg = &encl->segment_tbl[i]; + + if (!encl_ioc_add_pages(encl, seg)) + return false; + } + + ioc.sigstruct = (uint64_t)&encl->sigstruct; + ret = ioctl(encl->fd, SGX_IOC_ENCLAVE_INIT, &ioc); + if (ret) { + fprintf(stderr, "SGX_IOC_ENCLAVE_INIT failed: errno=%d\n", + errno); + return false; + } + + return true; +} diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c new file mode 100644 index 000000000000..5394b2f6af8e --- /dev/null +++ b/tools/testing/selftests/sgx/main.c @@ -0,0 +1,199 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <elf.h> +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/ioctl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/types.h> +#include "defines.h" +#include "main.h" + +static const uint64_t MAGIC = 0x1122334455667788ULL; +vdso_sgx_enter_enclave_t eenter; + +struct vdso_symtab { + Elf64_Sym *elf_symtab; + const char *elf_symstrtab; + Elf64_Word *elf_hashtab; +}; + +static void *vdso_get_base_addr(char *envp[]) +{ + Elf64_auxv_t *auxv; + int i; + + for (i = 0; envp[i]; i++) + ; + + auxv = (Elf64_auxv_t *)&envp[i + 1]; + + for (i = 0; auxv[i].a_type != AT_NULL; i++) { + if (auxv[i].a_type == AT_SYSINFO_EHDR) + return (void *)auxv[i].a_un.a_val; + } + + return NULL; +} + +static Elf64_Dyn *vdso_get_dyntab(void *addr) +{ + Elf64_Ehdr *ehdr = addr; + Elf64_Phdr *phdrtab = addr + ehdr->e_phoff; + int i; + + for (i = 0; i < ehdr->e_phnum; i++) + if (phdrtab[i].p_type == PT_DYNAMIC) + return addr + phdrtab[i].p_offset; + + return NULL; +} + +static void *vdso_get_dyn(void *addr, Elf64_Dyn *dyntab, Elf64_Sxword tag) +{ + int i; + + for (i = 0; dyntab[i].d_tag != DT_NULL; i++) + if (dyntab[i].d_tag == tag) + return addr + dyntab[i].d_un.d_ptr; + + return NULL; +} + +static bool vdso_get_symtab(void *addr, struct vdso_symtab *symtab) +{ + Elf64_Dyn *dyntab = vdso_get_dyntab(addr); + + symtab->elf_symtab = vdso_get_dyn(addr, dyntab, DT_SYMTAB); + if (!symtab->elf_symtab) + return false; + + symtab->elf_symstrtab = vdso_get_dyn(addr, dyntab, DT_STRTAB); + if (!symtab->elf_symstrtab) + return false; + + symtab->elf_hashtab = vdso_get_dyn(addr, dyntab, DT_HASH); + if (!symtab->elf_hashtab) + return false; + + return true; +} + +static unsigned long elf_sym_hash(const char *name) +{ + unsigned long h = 0, high; + + while (*name) { + h = (h << 4) + *name++; + high = h & 0xf0000000; + + if (high) + h ^= high >> 24; + + h &= ~high; + } + + return h; +} + +static Elf64_Sym *vdso_symtab_get(struct vdso_symtab *symtab, const char *name) +{ + Elf64_Word bucketnum = symtab->elf_hashtab[0]; + Elf64_Word *buckettab = &symtab->elf_hashtab[2]; + Elf64_Word *chaintab = &symtab->elf_hashtab[2 + bucketnum]; + Elf64_Sym *sym; + Elf64_Word i; + + for (i = buckettab[elf_sym_hash(name) % bucketnum]; i != STN_UNDEF; + i = chaintab[i]) { + sym = &symtab->elf_symtab[i]; + if (!strcmp(name, &symtab->elf_symstrtab[sym->st_name])) + return sym; + } + + return NULL; +} + +int main(int argc, char *argv[], char *envp[]) +{ + struct sgx_enclave_exception exception; + struct vdso_symtab symtab; + Elf64_Sym *eenter_sym; + uint64_t result = 0; + struct encl encl; + unsigned int i; + void *addr; + + if (!encl_load("test_encl.elf", &encl)) + goto err; + + if (!encl_measure(&encl)) + goto err; + + if (!encl_build(&encl)) + goto err; + + /* + * An enclave consumer only must do this. + */ + for (i = 0; i < encl.nr_segments; i++) { + struct encl_segment *seg = &encl.segment_tbl[i]; + + addr = mmap((void *)encl.encl_base + seg->offset, seg->size, + seg->prot, MAP_SHARED | MAP_FIXED, encl.fd, 0); + if (addr == MAP_FAILED) { + fprintf(stderr, "mmap() failed, errno=%d.\n", errno); + return false; + } + } + + memset(&exception, 0, sizeof(exception)); + + addr = vdso_get_base_addr(envp); + if (!addr) + goto err; + + if (!vdso_get_symtab(addr, &symtab)) + goto err; + + eenter_sym = vdso_symtab_get(&symtab, "__vdso_sgx_enter_enclave"); + if (!eenter_sym) + goto err; + + eenter = addr + eenter_sym->st_value; + + sgx_call_vdso((void *)&MAGIC, &result, 0, EENTER, NULL, NULL, + (void *)encl.encl_base, &exception, NULL); + if (result != MAGIC) { + printf("FAIL: sgx_call_vdso(), expected: 0x%lx, got: 0x%lx\n", + MAGIC, result); + goto err; + } + + /* Invoke the vDSO directly. */ + result = 0; + eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER, 0, 0, + (void *)encl.encl_base, &exception, NULL); + if (result != MAGIC) { + printf("FAIL: eenter(), expected: 0x%lx, got: 0x%lx\n", + MAGIC, result); + goto err; + } + + printf("SUCCESS\n"); + encl_delete(&encl); + exit(0); + +err: + encl_delete(&encl); + exit(1); +} diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h new file mode 100644 index 000000000000..999422cc7343 --- /dev/null +++ b/tools/testing/selftests/sgx/main.h @@ -0,0 +1,38 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright(c) 2016-19 Intel Corporation. + */ + +#ifndef MAIN_H +#define MAIN_H + +struct encl_segment { + off_t offset; + size_t size; + unsigned int prot; + unsigned int flags; +}; + +struct encl { + int fd; + void *bin; + off_t bin_size; + void *src; + size_t src_size; + size_t encl_size; + off_t encl_base; + unsigned int nr_segments; + struct encl_segment *segment_tbl; + struct sgx_secs secs; + struct sgx_sigstruct sigstruct; +}; + +void encl_delete(struct encl *ctx); +bool encl_load(const char *path, struct encl *encl); +bool encl_measure(struct encl *encl); +bool encl_build(struct encl *encl); + +int sgx_call_vdso(void *rdi, void *rsi, long rdx, u32 leaf, void *r8, void *r9, + void *tcs, struct sgx_enclave_exception *ei, void *cb); + +#endif /* MAIN_H */ diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c new file mode 100644 index 000000000000..ceddad478672 --- /dev/null +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -0,0 +1,395 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#define _GNU_SOURCE +#include <assert.h> +#include <getopt.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <unistd.h> +#include <openssl/err.h> +#include <openssl/pem.h> +#include "defines.h" +#include "main.h" + +struct q1q2_ctx { + BN_CTX *bn_ctx; + BIGNUM *m; + BIGNUM *s; + BIGNUM *q1; + BIGNUM *qr; + BIGNUM *q2; +}; + +static void free_q1q2_ctx(struct q1q2_ctx *ctx) +{ + BN_CTX_free(ctx->bn_ctx); + BN_free(ctx->m); + BN_free(ctx->s); + BN_free(ctx->q1); + BN_free(ctx->qr); + BN_free(ctx->q2); +} + +static bool alloc_q1q2_ctx(const uint8_t *s, const uint8_t *m, + struct q1q2_ctx *ctx) +{ + ctx->bn_ctx = BN_CTX_new(); + ctx->s = BN_bin2bn(s, SGX_MODULUS_SIZE, NULL); + ctx->m = BN_bin2bn(m, SGX_MODULUS_SIZE, NULL); + ctx->q1 = BN_new(); + ctx->qr = BN_new(); + ctx->q2 = BN_new(); + + if (!ctx->bn_ctx || !ctx->s || !ctx->m || !ctx->q1 || !ctx->qr || + !ctx->q2) { + free_q1q2_ctx(ctx); + return false; + } + + return true; +} + +static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1, + uint8_t *q2) +{ + struct q1q2_ctx ctx; + + if (!alloc_q1q2_ctx(s, m, &ctx)) { + fprintf(stderr, "Not enough memory for Q1Q2 calculation\n"); + return false; + } + + if (!BN_mul(ctx.q1, ctx.s, ctx.s, ctx.bn_ctx)) + goto out; + + if (!BN_div(ctx.q1, ctx.qr, ctx.q1, ctx.m, ctx.bn_ctx)) + goto out; + + if (BN_num_bytes(ctx.q1) > SGX_MODULUS_SIZE) { + fprintf(stderr, "Too large Q1 %d bytes\n", + BN_num_bytes(ctx.q1)); + goto out; + } + + if (!BN_mul(ctx.q2, ctx.s, ctx.qr, ctx.bn_ctx)) + goto out; + + if (!BN_div(ctx.q2, NULL, ctx.q2, ctx.m, ctx.bn_ctx)) + goto out; + + if (BN_num_bytes(ctx.q2) > SGX_MODULUS_SIZE) { + fprintf(stderr, "Too large Q2 %d bytes\n", + BN_num_bytes(ctx.q2)); + goto out; + } + + BN_bn2bin(ctx.q1, q1); + BN_bn2bin(ctx.q2, q2); + + free_q1q2_ctx(&ctx); + return true; +out: + free_q1q2_ctx(&ctx); + return false; +} + +struct sgx_sigstruct_payload { + struct sgx_sigstruct_header header; + struct sgx_sigstruct_body body; +}; + +static bool check_crypto_errors(void) +{ + int err; + bool had_errors = false; + const char *filename; + int line; + char str[256]; + + for ( ; ; ) { + if (ERR_peek_error() == 0) + break; + + had_errors = true; + err = ERR_get_error_line(&filename, &line); + ERR_error_string_n(err, str, sizeof(str)); + fprintf(stderr, "crypto: %s: %s:%d\n", str, filename, line); + } + + return had_errors; +} + +static inline const BIGNUM *get_modulus(RSA *key) +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return key->n; +#else + const BIGNUM *n; + + RSA_get0_key(key, &n, NULL, NULL); + return n; +#endif +} + +static RSA *gen_sign_key(void) +{ + BIGNUM *e; + RSA *key; + int ret; + + e = BN_new(); + key = RSA_new(); + + if (!e || !key) + goto err; + + ret = BN_set_word(e, RSA_3); + if (ret != 1) + goto err; + + ret = RSA_generate_key_ex(key, 3072, e, NULL); + if (ret != 1) + goto err; + + BN_free(e); + + return key; + +err: + RSA_free(key); + BN_free(e); + + return NULL; +} + +static void reverse_bytes(void *data, int length) +{ + int i = 0; + int j = length - 1; + uint8_t temp; + uint8_t *ptr = data; + + while (i < j) { + temp = ptr[i]; + ptr[i] = ptr[j]; + ptr[j] = temp; + i++; + j--; + } +} + +enum mrtags { + MRECREATE = 0x0045544145524345, + MREADD = 0x0000000044444145, + MREEXTEND = 0x00444E4554584545, +}; + +static bool mrenclave_update(EVP_MD_CTX *ctx, const void *data) +{ + if (!EVP_DigestUpdate(ctx, data, 64)) { + fprintf(stderr, "digest update failed\n"); + return false; + } + + return true; +} + +static bool mrenclave_commit(EVP_MD_CTX *ctx, uint8_t *mrenclave) +{ + unsigned int size; + + if (!EVP_DigestFinal_ex(ctx, (unsigned char *)mrenclave, &size)) { + fprintf(stderr, "digest commit failed\n"); + return false; + } + + if (size != 32) { + fprintf(stderr, "invalid digest size = %u\n", size); + return false; + } + + return true; +} + +struct mrecreate { + uint64_t tag; + uint32_t ssaframesize; + uint64_t size; + uint8_t reserved[44]; +} __attribute__((__packed__)); + + +static bool mrenclave_ecreate(EVP_MD_CTX *ctx, uint64_t blob_size) +{ + struct mrecreate mrecreate; + uint64_t encl_size; + + for (encl_size = 0x1000; encl_size < blob_size; ) + encl_size <<= 1; + + memset(&mrecreate, 0, sizeof(mrecreate)); + mrecreate.tag = MRECREATE; + mrecreate.ssaframesize = 1; + mrecreate.size = encl_size; + + if (!EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)) + return false; + + return mrenclave_update(ctx, &mrecreate); +} + +struct mreadd { + uint64_t tag; + uint64_t offset; + uint64_t flags; /* SECINFO flags */ + uint8_t reserved[40]; +} __attribute__((__packed__)); + +static bool mrenclave_eadd(EVP_MD_CTX *ctx, uint64_t offset, uint64_t flags) +{ + struct mreadd mreadd; + + memset(&mreadd, 0, sizeof(mreadd)); + mreadd.tag = MREADD; + mreadd.offset = offset; + mreadd.flags = flags; + + return mrenclave_update(ctx, &mreadd); +} + +struct mreextend { + uint64_t tag; + uint64_t offset; + uint8_t reserved[48]; +} __attribute__((__packed__)); + +static bool mrenclave_eextend(EVP_MD_CTX *ctx, uint64_t offset, + const uint8_t *data) +{ + struct mreextend mreextend; + int i; + + for (i = 0; i < 0x1000; i += 0x100) { + memset(&mreextend, 0, sizeof(mreextend)); + mreextend.tag = MREEXTEND; + mreextend.offset = offset + i; + + if (!mrenclave_update(ctx, &mreextend)) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x00])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x40])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x80])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0xC0])) + return false; + } + + return true; +} + +static bool mrenclave_segment(EVP_MD_CTX *ctx, struct encl *encl, + struct encl_segment *seg) +{ + uint64_t end = seg->offset + seg->size; + uint64_t offset; + + for (offset = seg->offset; offset < end; offset += PAGE_SIZE) { + if (!mrenclave_eadd(ctx, offset, seg->flags)) + return false; + + if (!mrenclave_eextend(ctx, offset, encl->src + offset)) + return false; + } + + return true; +} + +bool encl_measure(struct encl *encl) +{ + uint64_t header1[2] = {0x000000E100000006, 0x0000000000010000}; + uint64_t header2[2] = {0x0000006000000101, 0x0000000100000060}; + struct sgx_sigstruct *sigstruct = &encl->sigstruct; + struct sgx_sigstruct_payload payload; + uint8_t digest[SHA256_DIGEST_LENGTH]; + unsigned int siglen; + RSA *key = NULL; + EVP_MD_CTX *ctx; + int i; + + memset(sigstruct, 0, sizeof(*sigstruct)); + + sigstruct->header.header1[0] = header1[0]; + sigstruct->header.header1[1] = header1[1]; + sigstruct->header.header2[0] = header2[0]; + sigstruct->header.header2[1] = header2[1]; + sigstruct->exponent = 3; + sigstruct->body.attributes = SGX_ATTR_MODE64BIT; + sigstruct->body.xfrm = 3; + + /* sanity check */ + if (check_crypto_errors()) + goto err; + + key = gen_sign_key(); + if (!key) + goto err; + + BN_bn2bin(get_modulus(key), sigstruct->modulus); + + ctx = EVP_MD_CTX_create(); + if (!ctx) + goto err; + + if (!mrenclave_ecreate(ctx, encl->src_size)) + goto err; + + for (i = 0; i < encl->nr_segments; i++) { + struct encl_segment *seg = &encl->segment_tbl[i]; + + if (!mrenclave_segment(ctx, encl, seg)) + goto err; + } + + if (!mrenclave_commit(ctx, sigstruct->body.mrenclave)) + goto err; + + memcpy(&payload.header, &sigstruct->header, sizeof(sigstruct->header)); + memcpy(&payload.body, &sigstruct->body, sizeof(sigstruct->body)); + + SHA256((unsigned char *)&payload, sizeof(payload), digest); + + if (!RSA_sign(NID_sha256, digest, SHA256_DIGEST_LENGTH, + sigstruct->signature, &siglen, key)) + goto err; + + if (!calc_q1q2(sigstruct->signature, sigstruct->modulus, sigstruct->q1, + sigstruct->q2)) + goto err; + + /* BE -> LE */ + reverse_bytes(sigstruct->signature, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->modulus, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->q1, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->q2, SGX_MODULUS_SIZE); + + EVP_MD_CTX_destroy(ctx); + RSA_free(key); + return true; + +err: + EVP_MD_CTX_destroy(ctx); + RSA_free(key); + return false; +} diff --git a/tools/testing/selftests/sgx/test_encl.c b/tools/testing/selftests/sgx/test_encl.c new file mode 100644 index 000000000000..ede915399742 --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl.c @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <stddef.h> +#include "defines.h" + +static void *memcpy(void *dest, const void *src, size_t n) +{ + size_t i; + + for (i = 0; i < n; i++) + ((char *)dest)[i] = ((char *)src)[i]; + + return dest; +} + +void encl_body(void *rdi, void *rsi) +{ + memcpy(rsi, rdi, 8); +} diff --git a/tools/testing/selftests/sgx/test_encl.lds b/tools/testing/selftests/sgx/test_encl.lds new file mode 100644 index 000000000000..0fbbda7e665e --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl.lds @@ -0,0 +1,40 @@ +OUTPUT_FORMAT(elf64-x86-64) + +PHDRS +{ + tcs PT_LOAD; + text PT_LOAD; + data PT_LOAD; +} + +SECTIONS +{ + . = 0; + .tcs : { + *(.tcs*) + } : tcs + + . = ALIGN(4096); + .text : { + *(.text*) + *(.rodata*) + } : text + + . = ALIGN(4096); + .data : { + *(.data*) + } : data + + /DISCARD/ : { + *(.comment*) + *(.note*) + *(.debug*) + *(.eh_frame*) + } +} + +ASSERT(!DEFINED(.altinstructions), "ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.altinstr_replacement), "ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.discard.retpoline_safe), "RETPOLINE ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.discard.nospec), "RETPOLINE ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.got.plt), "Libcalls are not supported in enclaves") diff --git a/tools/testing/selftests/sgx/test_encl_bootstrap.S b/tools/testing/selftests/sgx/test_encl_bootstrap.S new file mode 100644 index 000000000000..6836ea86126e --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl_bootstrap.S @@ -0,0 +1,89 @@ +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */ +/* + * Copyright(c) 2016-18 Intel Corporation. + */ + + .macro ENCLU + .byte 0x0f, 0x01, 0xd7 + .endm + + .section ".tcs", "aw" + .balign 4096 + + .fill 1, 8, 0 # STATE (set by CPU) + .fill 1, 8, 0 # FLAGS + .quad encl_ssa # OSSA + .fill 1, 4, 0 # CSSA (set by CPU) + .fill 1, 4, 1 # NSSA + .quad encl_entry # OENTRY + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME) + .fill 1, 8, 0 # OFSBASE + .fill 1, 8, 0 # OGSBASE + .fill 1, 4, 0xFFFFFFFF # FSLIMIT + .fill 1, 4, 0xFFFFFFFF # GSLIMIT + .fill 4024, 1, 0 # Reserved + + # Identical to the previous TCS. + .fill 1, 8, 0 # STATE (set by CPU) + .fill 1, 8, 0 # FLAGS + .quad encl_ssa # OSSA + .fill 1, 4, 0 # CSSA (set by CPU) + .fill 1, 4, 1 # NSSA + .quad encl_entry # OENTRY + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME) + .fill 1, 8, 0 # OFSBASE + .fill 1, 8, 0 # OGSBASE + .fill 1, 4, 0xFFFFFFFF # FSLIMIT + .fill 1, 4, 0xFFFFFFFF # GSLIMIT + .fill 4024, 1, 0 # Reserved + + .text + +encl_entry: + # RBX contains the base address for TCS, which is also the first address + # inside the enclave. By adding the value of le_stack_end to it, we get + # the absolute address for the stack. + lea (encl_stack)(%rbx), %rax + xchg %rsp, %rax + push %rax + + push %rcx # push the address after EENTER + push %rbx # push the enclave base address + + call encl_body + + pop %rbx # pop the enclave base address + + /* Clear volatile GPRs, except RAX (EEXIT leaf). */ + xor %rcx, %rcx + xor %rdx, %rdx + xor %rdi, %rdi + xor %rsi, %rsi + xor %r8, %r8 + xor %r9, %r9 + xor %r10, %r10 + xor %r11, %r11 + + # Reset status flags. + add %rdx, %rdx # OF = SF = AF = CF = 0; ZF = PF = 1 + + # Prepare EEXIT target by popping the address of the instruction after + # EENTER to RBX. + pop %rbx + + # Restore the caller stack. + pop %rax + mov %rax, %rsp + + # EEXIT + mov $4, %rax + enclu + + .section ".data", "aw" + +encl_ssa: + .space 4096 + + .balign 4096 + .space 8192 +encl_stack: -- 2.25.1

4 years, 10 months

1
0
0 0

[PATCH] selftests: kvm: don't try to build kvm tests on sparc64 architecture

by Anatoly Pugachev

There's no support for KVM on sparc64, so don't try to build kvm tests. gcc -Wall -Wstrict-prototypes -Wuninitialized -O2 -g -std=gnu99 -fno-stack-protector -fno-PIE -I../../../../tools/include -I../../../../tools/arch/sparc64/include -I../../../../usr/include/ -Iinclude -Ilib -Iinclude/sparc64 -I.. -c lib/elf.c -o /1/mator/linux-2.6/tools/testing/selftests/kvm/lib/elf.o In file included from lib/elf.c:13: include/kvm_util.h:12:10: fatal error: asm/kvm.h: No such file or directory 12 | #include "asm/kvm.h" | ^~~~~~~~~~~ compilation terminated. Signed-off-by: Anatoly Pugachev <matorola(a)gmail.com> CC: Jiri Kosina <trivial(a)kernel.org> CC: sparclinux(a)vger.kernel.org --- tools/testing/selftests/kvm/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile index 4a166588d99f..00be52199cb9 100644 --- a/tools/testing/selftests/kvm/Makefile +++ b/tools/testing/selftests/kvm/Makefile @@ -32,6 +32,9 @@ endif ifeq ($(ARCH),s390) UNAME_M := s390x endif +ifeq ($(UNAME_M),sparc64) +$(error kvm selftests is not supported on sparc64) +endif LIBKVM = lib/assert.c lib/elf.c lib/io.c lib/kvm_util.c lib/sparsebit.c lib/test_util.c LIBKVM_x86_64 = lib/x86_64/processor.c lib/x86_64/vmx.c lib/x86_64/svm.c lib/x86_64/ucall.c -- 2.27.0

4 years, 10 months

1
0
0 0

[PATCH] selftests: zram: add generated err.log to .gitignore

by Anatoly Pugachev

zram: add generated err.log to .gitignore Signed-off-by: Anatoly Pugachev <matorola(a)gmail.com> Fixes: f21fb798fe38 ("selftests/zram: Adding zram tests") CC: Jiri Kosina <trivial(a)kernel.org> --- tools/testing/selftests/zram/.gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 tools/testing/selftests/zram/.gitignore diff --git a/tools/testing/selftests/zram/.gitignore b/tools/testing/selftests/zram/.gitignore new file mode 100644 index 000000000000..b4a2cb6fafa6 --- /dev/null +++ b/tools/testing/selftests/zram/.gitignore @@ -0,0 +1 @@ +err.log -- 2.27.0

4 years, 10 months

1
0
0 0

[PATCH v2 0/4] selftests/livepatch: small script cleanups

by Joe Lawrence

This is a small collection of tweaks for the shellscript side of the livepatch tests. If anyone else has a small cleanup (or even just a suggestion for a low-hanging change) and would like to tack it onto the set, let me know. based-on: livepatching.git, for-5.9/selftests-cleanup merge-thru: livepatching.git v2: - use consistent start_test messages from the original echoes [mbenes] - move start_test invocations to just after their descriptions [mbenes] - clean up $SAVED_DMSG on trap EXIT [pmladek] - grep longer kernel taint line, avoid word-matching [mbenes, pmladek] - add "===== TEST: $test =====" delimiter patch [pmladek] Joe Lawrence (4): selftests/livepatch: Don't clear dmesg when running tests selftests/livepatch: use $(dmesg --notime) instead of manually filtering selftests/livepatch: refine dmesg 'taints' in dmesg comparison selftests/livepatch: add test delimiter to dmesg tools/testing/selftests/livepatch/README | 16 +++--- .../testing/selftests/livepatch/functions.sh | 32 ++++++++++- .../selftests/livepatch/test-callbacks.sh | 55 ++++--------------- .../selftests/livepatch/test-ftrace.sh | 4 +- .../selftests/livepatch/test-livepatch.sh | 12 +--- .../selftests/livepatch/test-shadow-vars.sh | 4 +- .../testing/selftests/livepatch/test-state.sh | 21 +++---- 7 files changed, 63 insertions(+), 81 deletions(-) -- 2.21.3

4 years, 10 months

5
10
0 0

selftests: test stops at step_after_suspend_test

by Akira Shibakawa

Hi, I tried to run kselftest but it stops with logs below. ---------------------------- # ./run_kselftest.sh [ 126.214906] kselftest: Running tests in android TAP version 13 # selftests: android: run.sh 1..1 # ./run.sh: line 3: ./ion_test.sh: not found not ok 1 selftests: android: run.sh # exit=127 [ 126.351342] kselftest: Running tests in breakpoints TAP version 13 # selftests: breakpoints: step_after_suspend_test 1..2 [ 126.464495] PM: suspend entry (s2idle) [ 126.496441] Filesystems sync: 0.031 seconds [ 126.499299] Freezing user space processes ... (elapsed 0.001 seconds) done. [ 126.501161] OOM killer disabled. [ 126.501293] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. [ 126.503018] printk: Suspending console(s) (use no_console_suspend to debug) ---------------------------- I used kernel 5.6.15 stable on qemu(x86_64) and used kselftest from same source. I built kernel adding configurations below to be able to mount kselftest directory on host. ---------------------------- CONFIG_NET_9P=y CONFIG_BLK_MQ_VIRTIO=y CONFIG_NET_9P_VIRTIO=y CONFIG_VIRTIO=y CONFIG_NET_9P_DEBUG=y CONFIG_VIRTIO_PCI=y CONFIG_FUSE_FS=y CONFIG_VIRTIO_PCI_LEGACY=y CONFIG_9P_FS=y CONFIG_VIRTIO_FS=y CONFIG_9P_FS_POSIX_ACL=y CONFIG_CRYPTO_ENGINE=m CONFIG_9P_FS_SECURITY=y CONFIG_CRYPTO_DEV_VIRTIO=m CONFIG_GDB_SCRIPTS=y CONFIG_DEBUG_INFO=y ---------------------------- Then, I boot kernel with rootfs geterated by buildroot like this. ---------------------------- qemu-system-x86_64 -kernel arch/x86/boot/bzImage -boot c -m 2049M -hda ../buildroot/output/images/rootfs.ext4 -append \ "root=/dev/sda rw console=ttyS0,115200 acpi=off nokaslr" -serial mon:stdio -display none \ -virtfs local,path=/home/arabishi/work/kselftest/kselftest,mount_tag=host0,security_model=passthrough,id=host0 ---------------------------- What should I do ?

4 years, 10 months

2
2
0 0

[PATCH] torture: Pass --kmake-arg to all make invocations

by Marco Elver

We need to pass the arguments provided to --kmake-arg to all make invocations. In particular, the make invocations generating the configs need to see the final make arguments, e.g. if config variables depend on particular variables that are passed to make. For example, when using '--kcsan --kmake-arg CC=clang-11', we would lose CONFIG_KCSAN=y due to 'make oldconfig' not seeing that we want to use a compiler that supports KCSAN. Signed-off-by: Marco Elver <elver(a)google.com> --- tools/testing/selftests/rcutorture/bin/configinit.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/rcutorture/bin/configinit.sh b/tools/testing/selftests/rcutorture/bin/configinit.sh index 93e80a42249a..d6e5ce084b1c 100755 --- a/tools/testing/selftests/rcutorture/bin/configinit.sh +++ b/tools/testing/selftests/rcutorture/bin/configinit.sh @@ -32,11 +32,11 @@ if test -z "$TORTURE_TRUST_MAKE" then make clean > $resdir/Make.clean 2>&1 fi -make $TORTURE_DEFCONFIG > $resdir/Make.defconfig.out 2>&1 +make $TORTURE_KMAKE_ARG $TORTURE_DEFCONFIG > $resdir/Make.defconfig.out 2>&1 mv .config .config.sav sh $T/upd.sh < .config.sav > .config cp .config .config.new -yes '' | make oldconfig > $resdir/Make.oldconfig.out 2> $resdir/Make.oldconfig.err +yes '' | make $TORTURE_KMAKE_ARG oldconfig > $resdir/Make.oldconfig.out 2> $resdir/Make.oldconfig.err # verify new config matches specification. configcheck.sh .config $c -- 2.27.0.290.gba653c62da-goog

4 years, 10 months

2
5
0 0

[PATCH v9 0/8] firmware: add request_partial_firmware_into_buf

by Scott Branden

This patch series adds partial read support via a new call request_partial_firmware_into_buf. Such support is needed when the whole file is not needed and/or only a smaller portion of the file will fit into allocated memory at any one time. In order to accept the enhanced API it has been requested that kernel selftests and upstreamed driver utilize the API enhancement and so are included in this patch series. Also in this patch series is the addition of a new Broadcom VK driver utilizing the new request_firmware_into_buf enhanced API. Further comment followed to add IMA support of the partial reads originating from request_firmware_into_buf calls. Changes from v8: - correct compilation error when CONFIG_FW_LOADER not defined Changes from v7: - removed swiss army knife kernel_pread_* style approach and simply add offset parameter in addition to those needed in kernel_read_* functions thus removing need for kernel_pread enum Changes from v6: - update ima_post_read_file check on IMA_FIRMWARE_PARTIAL_READ - adjust new driver i2c-slave-eeprom.c use of request_firmware_into_buf - remove an extern Changes from v5: - add IMA FIRMWARE_PARTIAL_READ support - change kernel pread flags to enum - removed legacy support from driver - driver fixes Changes from v4: - handle reset issues if card crashes - allow driver to have min required msix - add card utilization information Changes from v3: - fix sparse warnings - fix printf format specifiers for size_t - fix 32-bit cross-compiling reports 32-bit shifts - use readl/writel,_relaxed to access pci ioremap memory, removed memory barriers and volatile keyword with such change - driver optimizations for interrupt/poll functionalities Changes from v2: - remove unnecessary code and mutex locks in lib/test_firmware.c - remove VK_IOCTL_ACCESS_BAR support from driver and use pci sysfs instead - remove bitfields - remove Kconfig default m - adjust formatting and some naming based on feedback - fix error handling conditions - use appropriate return codes - use memcpy_toio instead of direct access to PCIE bar Scott Branden (8): fs: introduce kernel_pread_file* support firmware: add request_partial_firmware_into_buf test_firmware: add partial read support for request_firmware_into_buf firmware: test partial file reads of request_partial_firmware_into_buf bcm-vk: add bcm_vk UAPI misc: bcm-vk: add Broadcom VK driver MAINTAINERS: bcm-vk: add maintainer for Broadcom VK Driver ima: add FIRMWARE_PARTIAL_READ support MAINTAINERS | 7 + drivers/base/firmware_loader/firmware.h | 5 + drivers/base/firmware_loader/main.c | 79 +- drivers/misc/Kconfig | 1 + drivers/misc/Makefile | 1 + drivers/misc/bcm-vk/Kconfig | 29 + drivers/misc/bcm-vk/Makefile | 11 + drivers/misc/bcm-vk/bcm_vk.h | 407 +++++ drivers/misc/bcm-vk/bcm_vk_dev.c | 1310 +++++++++++++++ drivers/misc/bcm-vk/bcm_vk_msg.c | 1440 +++++++++++++++++ drivers/misc/bcm-vk/bcm_vk_msg.h | 202 +++ drivers/misc/bcm-vk/bcm_vk_sg.c | 271 ++++ drivers/misc/bcm-vk/bcm_vk_sg.h | 60 + drivers/misc/bcm-vk/bcm_vk_tty.c | 352 ++++ fs/exec.c | 93 +- include/linux/firmware.h | 12 + include/linux/fs.h | 15 + include/uapi/linux/misc/bcm_vk.h | 99 ++ lib/test_firmware.c | 154 +- security/integrity/ima/ima_main.c | 24 +- .../selftests/firmware/fw_filesystem.sh | 80 + 21 files changed, 4599 insertions(+), 53 deletions(-) create mode 100644 drivers/misc/bcm-vk/Kconfig create mode 100644 drivers/misc/bcm-vk/Makefile create mode 100644 drivers/misc/bcm-vk/bcm_vk.h create mode 100644 drivers/misc/bcm-vk/bcm_vk_dev.c create mode 100644 drivers/misc/bcm-vk/bcm_vk_msg.c create mode 100644 drivers/misc/bcm-vk/bcm_vk_msg.h create mode 100644 drivers/misc/bcm-vk/bcm_vk_sg.c create mode 100644 drivers/misc/bcm-vk/bcm_vk_sg.h create mode 100644 drivers/misc/bcm-vk/bcm_vk_tty.c create mode 100644 include/uapi/linux/misc/bcm_vk.h -- 2.17.1

4 years, 10 months

2
9
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror