- Linux-kselftest-mirror - lists.linaro.org

[PATCH 3/5] selftests/sgx: Use encl->encl_size in sigstruct.c

by Jarkko Sakkinen

The final enclave address range (referred as ELRANGE in Intel SDM) calculation is a reminiscent of signing tool being a separate command-line utility, and sigstruct being produced during the compilation. Given that nowadays the sigstruct is calculated on-fly, use the readily calculated encl->encl_size instead, in order to remove duplicate code. Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- tools/testing/selftests/sgx/load.c | 5 +++-- tools/testing/selftests/sgx/main.h | 1 - tools/testing/selftests/sgx/sigstruct.c | 8 ++------ 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c index 94bdeac1cf04..3b4e2422fb09 100644 --- a/tools/testing/selftests/sgx/load.c +++ b/tools/testing/selftests/sgx/load.c @@ -174,6 +174,7 @@ uint64_t encl_get_entry(struct encl *encl, const char *symbol) bool encl_load(const char *path, struct encl *encl, unsigned long heap_size) { const char device_path[] = "/dev/sgx_enclave"; + unsigned long contents_size; struct encl_segment *seg; Elf64_Phdr *phdr_tbl; off_t src_offset; @@ -298,9 +299,9 @@ bool encl_load(const char *path, struct encl *encl, unsigned long heap_size) if (seg->src == MAP_FAILED) goto err; - encl->src_size = encl->segment_tbl[j].offset + encl->segment_tbl[j].size; + contents_size = encl->segment_tbl[j].offset + encl->segment_tbl[j].size; - for (encl->encl_size = 4096; encl->encl_size < encl->src_size; ) + for (encl->encl_size = 4096; encl->encl_size < contents_size; ) encl->encl_size <<= 1; return true; diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h index 82b33f8db048..9c1bc0d9b43c 100644 --- a/tools/testing/selftests/sgx/main.h +++ b/tools/testing/selftests/sgx/main.h @@ -20,7 +20,6 @@ struct encl { void *bin; off_t bin_size; void *src; - size_t src_size; size_t encl_size; off_t encl_base; unsigned int nr_segments; diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c index a07896a46364..9a40c7966eda 100644 --- a/tools/testing/selftests/sgx/sigstruct.c +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -218,13 +218,9 @@ struct mrecreate { } __attribute__((__packed__)); -static bool mrenclave_ecreate(EVP_MD_CTX *ctx, uint64_t blob_size) +static bool mrenclave_ecreate(EVP_MD_CTX *ctx, uint64_t encl_size) { struct mrecreate mrecreate; - uint64_t encl_size; - - for (encl_size = 0x1000; encl_size < blob_size; ) - encl_size <<= 1; memset(&mrecreate, 0, sizeof(mrecreate)); mrecreate.tag = MRECREATE; @@ -349,7 +345,7 @@ bool encl_measure(struct encl *encl) if (!ctx) goto err; - if (!mrenclave_ecreate(ctx, encl->src_size)) + if (!mrenclave_ecreate(ctx, encl->encl_size)) goto err; for (i = 0; i < encl->nr_segments; i++) { -- 2.37.2

2 years, 8 months

1
0
0 0

[PATCH 2/5] selftests/sgx: Move ENCL_HEAP_SIZE_DEFAULT to main.c

by Jarkko Sakkinen

Move ENCL_HEAP_SIZE_DEFAULT to main.c because all the other constants are also there, and it is only used locally there. Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- tools/testing/selftests/sgx/main.c | 1 + tools/testing/selftests/sgx/main.h | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c index 59cca806eda1..a1850e139c99 100644 --- a/tools/testing/selftests/sgx/main.c +++ b/tools/testing/selftests/sgx/main.c @@ -21,6 +21,7 @@ #include "../kselftest_harness.h" #include "main.h" +static const size_t ENCL_HEAP_SIZE_DEFAULT = PAGE_SIZE; static const uint64_t MAGIC = 0x1122334455667788ULL; static const uint64_t MAGIC2 = 0x8877665544332211ULL; vdso_sgx_enter_enclave_t vdso_sgx_enter_enclave; diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h index fc585be97e2f..82b33f8db048 100644 --- a/tools/testing/selftests/sgx/main.h +++ b/tools/testing/selftests/sgx/main.h @@ -6,8 +6,6 @@ #ifndef MAIN_H #define MAIN_H -#define ENCL_HEAP_SIZE_DEFAULT 4096 - struct encl_segment { void *src; off_t offset; -- 2.37.2

2 years, 8 months

1
0
0 0

[PATCH 1/5] selftests/sgx: Retry the ioctl()'s returned with EAGAIN

by Jarkko Sakkinen

From: Haitao Huang <haitao.huang(a)linux.intel.com> For EMODT and EREMOVE ioctl()'s with a large range, kernel may not finish in one shot and return EAGAIN error code and count of bytes of EPC pages on that operations are finished successfully. Change the unclobbered_vdso_oversubscribed_remove test to rerun the ioctl()'s in a loop, updating offset and length using the byte count returned in each iteration. Fixes: 6507cce561b4 ("selftests/sgx: Page removal stress test") Signed-off-by: Haitao Huang <haitao.huang(a)linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko(a)kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v3: * Added a fixes tag. The bug is in v6.0 patches. * Added my tested-by (the bug reproduced in my NUC often). v2: * Changed branching in EAGAIN condition so that else branch is not required. * Addressed Reinette's feedback: --- tools/testing/selftests/sgx/main.c | 42 ++++++++++++++++++++++++------ 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c index 9820b3809c69..59cca806eda1 100644 --- a/tools/testing/selftests/sgx/main.c +++ b/tools/testing/selftests/sgx/main.c @@ -390,6 +390,7 @@ TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900) struct encl_segment *heap; unsigned long total_mem; int ret, errno_save; + unsigned long count; unsigned long addr; unsigned long i; @@ -453,16 +454,30 @@ TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900) modt_ioc.offset = heap->offset; modt_ioc.length = heap->size; modt_ioc.page_type = SGX_PAGE_TYPE_TRIM; - + count = 0; TH_LOG("Changing type of %zd bytes to trimmed may take a while ...", heap->size); - ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPES, &modt_ioc); - errno_save = ret == -1 ? errno : 0; + do { + ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPES, &modt_ioc); + + errno_save = ret == -1 ? errno : 0; + if (errno_save != EAGAIN) + break; + + EXPECT_EQ(modt_ioc.result, 0); + + count += modt_ioc.count; + modt_ioc.offset += modt_ioc.count; + modt_ioc.length -= modt_ioc.count; + modt_ioc.result = 0; + modt_ioc.count = 0; + } while (modt_ioc.length != 0); EXPECT_EQ(ret, 0); EXPECT_EQ(errno_save, 0); EXPECT_EQ(modt_ioc.result, 0); - EXPECT_EQ(modt_ioc.count, heap->size); + count += modt_ioc.count; + EXPECT_EQ(count, heap->size); /* EACCEPT all removed pages. */ addr = self->encl.encl_base + heap->offset; @@ -490,15 +505,26 @@ TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900) remove_ioc.offset = heap->offset; remove_ioc.length = heap->size; - + count = 0; TH_LOG("Removing %zd bytes from enclave may take a while ...", heap->size); - ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_REMOVE_PAGES, &remove_ioc); - errno_save = ret == -1 ? errno : 0; + do { + ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_REMOVE_PAGES, &remove_ioc); + + errno_save = ret == -1 ? errno : 0; + if (errno_save != EAGAIN) + break; + + count += remove_ioc.count; + remove_ioc.offset += remove_ioc.count; + remove_ioc.length -= remove_ioc.count; + remove_ioc.count = 0; + } while (remove_ioc.length != 0); EXPECT_EQ(ret, 0); EXPECT_EQ(errno_save, 0); - EXPECT_EQ(remove_ioc.count, heap->size); + count += remove_ioc.count; + EXPECT_EQ(count, heap->size); } TEST_F(enclave, clobbered_vdso) -- 2.37.2

2 years, 8 months

1
0
0 0

[PATCH v2 4/6] selftests/sgx: Add SGX selftest augment_via_eaccept_long

by Jarkko Sakkinen

From: Vijay Dhanraj <vijay.dhanraj(a)intel.com> Add a new test case which is same as augment_via_eaccept but adds a larger number of EPC pages to stress test EAUG via EACCEPT. Signed-off-by: Vijay Dhanraj <vijay.dhanraj(a)intel.com> Co-developed-by: Jarkko Sakkinen <jarkko(a)kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v3: - Addressed Reinette's feedback: https://lore.kernel.org/linux-sgx/bd5285dd-d6dd-8a46-fca9-728db5e2f369@inte… v2: - Addressed Reinette's feedback: https://lore.kernel.org/linux-sgx/24bd8e42-ff4e-0090-d9e1-cd81e4807f21@inte… --- tools/testing/selftests/sgx/load.c | 5 +- tools/testing/selftests/sgx/main.c | 143 +++++++++++++++++++++++++---- tools/testing/selftests/sgx/main.h | 3 +- 3 files changed, 130 insertions(+), 21 deletions(-) diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c index 94bdeac1cf04..47b2786d6a77 100644 --- a/tools/testing/selftests/sgx/load.c +++ b/tools/testing/selftests/sgx/load.c @@ -171,7 +171,8 @@ uint64_t encl_get_entry(struct encl *encl, const char *symbol) return 0; } -bool encl_load(const char *path, struct encl *encl, unsigned long heap_size) +bool encl_load(const char *path, struct encl *encl, unsigned long heap_size, + unsigned long edmm_size) { const char device_path[] = "/dev/sgx_enclave"; struct encl_segment *seg; @@ -300,7 +301,7 @@ bool encl_load(const char *path, struct encl *encl, unsigned long heap_size) encl->src_size = encl->segment_tbl[j].offset + encl->segment_tbl[j].size; - for (encl->encl_size = 4096; encl->encl_size < encl->src_size; ) + for (encl->encl_size = 4096; encl->encl_size < encl->src_size + edmm_size;) encl->encl_size <<= 1; return true; diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c index 9820b3809c69..c5aa9f323745 100644 --- a/tools/testing/selftests/sgx/main.c +++ b/tools/testing/selftests/sgx/main.c @@ -23,6 +23,10 @@ static const uint64_t MAGIC = 0x1122334455667788ULL; static const uint64_t MAGIC2 = 0x8877665544332211ULL; +/* Message-ID: <DM8PR11MB55912A7F47A84EC9913A6352F6999(a)DM8PR11MB5591.namprd11.prod.outlook.com> */ +static const uint64_t EDMM_SIZE_LONG = 8L * 1024L * 1024L * 1024L; +static const uint64_t TIMEOUT_LONG = 900; /* seconds */ + vdso_sgx_enter_enclave_t vdso_sgx_enter_enclave; /* @@ -173,7 +177,8 @@ FIXTURE(enclave) { }; static bool setup_test_encl(unsigned long heap_size, struct encl *encl, - struct __test_metadata *_metadata) + struct __test_metadata *_metadata, + unsigned long edmm_size) { Elf64_Sym *sgx_enter_enclave_sym = NULL; struct vdso_symtab symtab; @@ -183,7 +188,7 @@ static bool setup_test_encl(unsigned long heap_size, struct encl *encl, unsigned int i; void *addr; - if (!encl_load("test_encl.elf", encl, heap_size)) { + if (!encl_load("test_encl.elf", encl, heap_size, edmm_size)) { encl_delete(encl); TH_LOG("Failed to load the test enclave."); return false; @@ -284,7 +289,7 @@ TEST_F(enclave, unclobbered_vdso) struct encl_op_get_from_buf get_op; struct encl_op_put_to_buf put_op; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -357,7 +362,7 @@ TEST_F(enclave, unclobbered_vdso_oversubscribed) total_mem = get_total_epc_mem(); ASSERT_NE(total_mem, 0); - ASSERT_TRUE(setup_test_encl(total_mem, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(total_mem, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -401,7 +406,7 @@ TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900) ASSERT_NE(total_mem, 0); TH_LOG("Creating an enclave with %lu bytes heap may take a while ...", total_mem); - ASSERT_TRUE(setup_test_encl(total_mem, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(total_mem, &self->encl, _metadata, 0)); /* * Hardware (SGX2) and kernel support is needed for this test. Start @@ -506,7 +511,7 @@ TEST_F(enclave, clobbered_vdso) struct encl_op_get_from_buf get_op; struct encl_op_put_to_buf put_op; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -542,7 +547,7 @@ TEST_F(enclave, clobbered_vdso_and_user_function) struct encl_op_get_from_buf get_op; struct encl_op_put_to_buf put_op; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -575,7 +580,7 @@ TEST_F(enclave, tcs_entry) { struct encl_op_header op; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -620,7 +625,7 @@ TEST_F(enclave, pte_permissions) unsigned long data_start; int ret; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -722,7 +727,7 @@ TEST_F(enclave, tcs_permissions) struct sgx_enclave_restrict_permissions ioc; int ret, errno_save; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -785,7 +790,7 @@ TEST_F(enclave, epcm_permissions) unsigned long data_start; int ret, errno_save; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -986,7 +991,7 @@ TEST_F(enclave, augment) if (!sgx2_supported()) SKIP(return, "SGX2 not supported"); - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -1116,7 +1121,7 @@ TEST_F(enclave, augment_via_eaccept) if (!sgx2_supported()) SKIP(return, "SGX2 not supported"); - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -1210,6 +1215,108 @@ TEST_F(enclave, augment_via_eaccept) munmap(addr, PAGE_SIZE); } +/* + * Test for the addition of large number of pages to an initialized enclave via + * a pre-emptive run of EACCEPT on every page to be added. + */ +TEST_F_TIMEOUT(enclave, augment_via_eaccept_long, TIMEOUT_LONG) +{ + struct encl_op_get_from_addr get_addr_op; + struct encl_op_put_to_addr put_addr_op; + struct encl_op_eaccept eaccept_op; + size_t total_size = 0; + unsigned long i; + void *addr; + + if (!sgx2_supported()) + SKIP(return, "SGX2 not supported"); + + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, + EDMM_SIZE_LONG)); + + memset(&self->run, 0, sizeof(self->run)); + self->run.tcs = self->encl.encl_base; + + for (i = 0; i < self->encl.nr_segments; i++) { + struct encl_segment *seg = &self->encl.segment_tbl[i]; + + total_size += seg->size; + } + + /* + * mmap() every page at end of existing enclave to be used for + * EDMM. + */ + addr = mmap((void *)self->encl.encl_base + total_size, EDMM_SIZE_LONG, + PROT_READ | PROT_WRITE | PROT_EXEC, MAP_SHARED | MAP_FIXED, + self->encl.fd, 0); + EXPECT_NE(addr, MAP_FAILED); + + self->run.exception_vector = 0; + self->run.exception_error_code = 0; + self->run.exception_addr = 0; + + /* + * Run EACCEPT on every page to trigger the #PF->EAUG->EACCEPT(again + * without a #PF). All should be transparent to userspace. + */ + eaccept_op.flags = SGX_SECINFO_R | SGX_SECINFO_W | SGX_SECINFO_REG | SGX_SECINFO_PENDING; + eaccept_op.ret = 0; + eaccept_op.header.type = ENCL_OP_EACCEPT; + + for (i = 0; i < EDMM_SIZE_LONG; i += 4096) { + eaccept_op.epc_addr = (uint64_t)(addr + i); + + EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); + if (self->run.exception_vector == 14 && + self->run.exception_error_code == 4 && + self->run.exception_addr == self->encl.encl_base) { + munmap(addr, EDMM_SIZE_LONG); + SKIP(return, "Kernel does not support adding pages to initialized enclave"); + } + + EXPECT_EQ(self->run.exception_vector, 0); + EXPECT_EQ(self->run.exception_error_code, 0); + EXPECT_EQ(self->run.exception_addr, 0); + ASSERT_EQ(eaccept_op.ret, 0); + ASSERT_EQ(self->run.function, EEXIT); + } + + /* + * Pool of pages were successfully added to enclave. Perform sanity + * check on first page of the pool only to ensure data can be written + * to and read from a dynamically added enclave page. + */ + put_addr_op.value = MAGIC; + put_addr_op.addr = (unsigned long)addr; + put_addr_op.header.type = ENCL_OP_PUT_TO_ADDRESS; + + EXPECT_EQ(ENCL_CALL(&put_addr_op, &self->run, true), 0); + + EXPECT_EEXIT(&self->run); + EXPECT_EQ(self->run.exception_vector, 0); + EXPECT_EQ(self->run.exception_error_code, 0); + EXPECT_EQ(self->run.exception_addr, 0); + + /* + * Read memory from newly added page that was just written to, + * confirming that data previously written (MAGIC) is present. + */ + get_addr_op.value = 0; + get_addr_op.addr = (unsigned long)addr; + get_addr_op.header.type = ENCL_OP_GET_FROM_ADDRESS; + + EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0); + + EXPECT_EQ(get_addr_op.value, MAGIC); + EXPECT_EEXIT(&self->run); + EXPECT_EQ(self->run.exception_vector, 0); + EXPECT_EQ(self->run.exception_error_code, 0); + EXPECT_EQ(self->run.exception_addr, 0); + + munmap(addr, EDMM_SIZE_LONG); +} + /* * SGX2 page type modification test in two phases: * Phase 1: @@ -1238,7 +1345,7 @@ TEST_F(enclave, tcs_create) int ret, i; ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, - _metadata)); + _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -1568,7 +1675,7 @@ TEST_F(enclave, remove_added_page_no_eaccept) unsigned long data_start; int ret, errno_save; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -1679,7 +1786,7 @@ TEST_F(enclave, remove_added_page_invalid_access) unsigned long data_start; int ret, errno_save; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -1794,7 +1901,7 @@ TEST_F(enclave, remove_added_page_invalid_access_after_eaccept) unsigned long data_start; int ret, errno_save; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -1918,7 +2025,7 @@ TEST_F(enclave, remove_untouched_page) unsigned long data_start; int ret, errno_save; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); /* * Hardware (SGX2) and kernel support is needed for this test. Start diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h index fc585be97e2f..5c190e21a5ff 100644 --- a/tools/testing/selftests/sgx/main.h +++ b/tools/testing/selftests/sgx/main.h @@ -35,7 +35,8 @@ extern unsigned char sign_key[]; extern unsigned char sign_key_end[]; void encl_delete(struct encl *ctx); -bool encl_load(const char *path, struct encl *encl, unsigned long heap_size); +bool encl_load(const char *path, struct encl *encl, unsigned long heap_size, + unsigned long edmm_size); bool encl_measure(struct encl *encl); bool encl_build(struct encl *encl); uint64_t encl_get_entry(struct encl *encl, const char *symbol); -- 2.37.2

2 years, 8 months

2
6
0 0

[PATCH v5 0/4] Introduce security_create_user_ns()

by Frederick Lawler

While user namespaces do not make the kernel more vulnerable, they are however used to initiate exploits. Some users do not want to block namespace creation for the entirety of the system, which some distributions provide. Instead, we needed a way to have some applications be blocked, and others allowed. This is not possible with those tools. Managing hierarchies also did not fit our case because we're determining which tasks are allowed based on their attributes. While exploring a solution, we first leveraged the LSM cred_prepare hook because that is the closest hook to prevent a call to create_user_ns(). The calls look something like this: cred = prepare_creds() security_prepare_creds() call_int_hook(cred_prepare, ... if (cred) create_user_ns(cred) We noticed that error codes were not propagated from this hook and introduced a patch [1] to propagate those errors. The discussion notes that security_prepare_creds() is not appropriate for MAC policies, and instead the hook is meant for LSM authors to prepare credentials for mutation. [2] Additionally, cred_prepare hook is not without problems. Handling the clone3 case is a bit more tricky due to the user space pointer passed to it. This makes checking the syscall subject to a possible TOCTTOU attack. Ultimately, we concluded that a better course of action is to introduce a new security hook for LSM authors. [3] This patch set first introduces a new security_create_user_ns() function and userns_create LSM hook, then marks the hook as sleepable in BPF. The following patches after include a BPF test and a patch for an SELinux implementation. We want to encourage use of user namespaces, and also cater the needs of users/administrators to observe and/or control access. There is no expectation of an impact on user space applications because access control is opt-in, and users wishing to observe within a LSM context Links: 1. https://lore.kernel.org/all/20220608150942.776446-1-fred@cloudflare.com/ 2. https://lore.kernel.org/all/87y1xzyhub.fsf@email.froward.int.ebiederm.org/ 3. https://lore.kernel.org/all/9fe9cd9f-1ded-a179-8ded-5fde8960a586@cloudflare… Past discussions: V4: https://lore.kernel.org/all/20220801180146.1157914-1-fred@cloudflare.com/ V3: https://lore.kernel.org/all/20220721172808.585539-1-fred@cloudflare.com/ V2: https://lore.kernel.org/all/20220707223228.1940249-1-fred@cloudflare.com/ V1: https://lore.kernel.org/all/20220621233939.993579-1-fred@cloudflare.com/ Changes since v4: - Update commit description - Update cover letter Changes since v3: - Explicitly set CAP_SYS_ADMIN to test namespace is created given permission - Simplify BPF test to use sleepable hook only - Prefer unshare() over clone() for tests Changes since v2: - Rename create_user_ns hook to userns_create - Use user_namespace as an object opposed to a generic namespace object - s/domB_t/domA_t in commit message Changes since v1: - Add selftests/bpf: Add tests verifying bpf lsm create_user_ns hook patch - Add selinux: Implement create_user_ns hook patch - Change function signature of security_create_user_ns() to only take struct cred - Move security_create_user_ns() call after id mapping check in create_user_ns() - Update documentation to reflect changes Frederick Lawler (4): security, lsm: Introduce security_create_user_ns() bpf-lsm: Make bpf_lsm_userns_create() sleepable selftests/bpf: Add tests verifying bpf lsm userns_create hook selinux: Implement userns_create hook include/linux/lsm_hook_defs.h | 1 + include/linux/lsm_hooks.h | 4 + include/linux/security.h | 6 ++ kernel/bpf/bpf_lsm.c | 1 + kernel/user_namespace.c | 5 + security/security.c | 5 + security/selinux/hooks.c | 9 ++ security/selinux/include/classmap.h | 2 + .../selftests/bpf/prog_tests/deny_namespace.c | 102 ++++++++++++++++++ .../selftests/bpf/progs/test_deny_namespace.c | 33 ++++++ 10 files changed, 168 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/deny_namespace.c create mode 100644 tools/testing/selftests/bpf/progs/test_deny_namespace.c -- 2.30.2

2 years, 8 months

8
34
0 0

[PATCH v1] selftests/xsk: Avoid use-after-free on ctx

by Ian Rogers

The put lowers the reference count to 0 and frees ctx, reading it afterwards is invalid. Move the put after the uses and determine the last use by the reference count being 1. Fixes: 39e940d4abfa ("selftests/xsk: Destroy BPF resources only when ctx refcount drops to 0") Signed-off-by: Ian Rogers <irogers(a)google.com> --- tools/testing/selftests/bpf/xsk.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/bpf/xsk.c b/tools/testing/selftests/bpf/xsk.c index f2721a4ae7c5..0b3ff49c740d 100644 --- a/tools/testing/selftests/bpf/xsk.c +++ b/tools/testing/selftests/bpf/xsk.c @@ -1237,15 +1237,15 @@ void xsk_socket__delete(struct xsk_socket *xsk) ctx = xsk->ctx; umem = ctx->umem; - xsk_put_ctx(ctx, true); - - if (!ctx->refcount) { + if (ctx->refcount == 1) { xsk_delete_bpf_maps(xsk); close(ctx->prog_fd); if (ctx->has_bpf_link) close(ctx->link_fd); } + xsk_put_ctx(ctx, true); + err = xsk_get_mmap_offsets(xsk->fd, &off); if (!err) { if (xsk->rx) { -- 2.37.2.789.g6183377224-goog

2 years, 8 months

3
2
0 0

[PATCH bpf-next v9 00/23] Introduce eBPF support for HID devices

by Benjamin Tissoires

Hi, here comes the v9 of the HID-BPF series. Again, for a full explanation of HID-BPF, please refer to the last patch in this series (23/23). This version sees some minor improvements compared to v7 and v8, only focusing on the reviews I got. (v8 was a single patch update) - patch 1/24 in v7 was dropped as it is already fixed upstream - patch 1/23 in v9 is now capable of handling all functions, not just kfuncs (tested with the selftests only) - some minor nits from Greg's review - a rebase on top of the current bpf-next tree as the kfunc definition changed (for the better). Cheers, Benjamin Benjamin Tissoires (23): bpf/verifier: allow all functions to read user provided context bpf/verifier: do not clear meta in check_mem_size selftests/bpf: add test for accessing ctx from syscall program type bpf/verifier: allow kfunc to return an allocated mem selftests/bpf: Add tests for kfunc returning a memory pointer bpf: prepare for more bpf syscall to be used from kernel and user space. libbpf: add map_get_fd_by_id and map_delete_elem in light skeleton HID: core: store the unique system identifier in hid_device HID: export hid_report_type to uapi HID: convert defines of HID class requests into a proper enum HID: Kconfig: split HID support and hid-core compilation HID: initial BPF implementation selftests/bpf: add tests for the HID-bpf initial implementation HID: bpf: allocate data memory for device_event BPF programs selftests/bpf/hid: add test to change the report size HID: bpf: introduce hid_hw_request() selftests/bpf: add tests for bpf_hid_hw_request HID: bpf: allow to change the report descriptor selftests/bpf: add report descriptor fixup tests selftests/bpf: Add a test for BPF_F_INSERT_HEAD samples/bpf: HID: add new hid_mouse example samples/bpf: HID: add Surface Dial example Documentation: add HID-BPF docs Documentation/hid/hid-bpf.rst | 512 +++++++++ Documentation/hid/index.rst | 1 + drivers/Makefile | 2 +- drivers/hid/Kconfig | 20 +- drivers/hid/Makefile | 2 + drivers/hid/bpf/Kconfig | 17 + drivers/hid/bpf/Makefile | 11 + drivers/hid/bpf/entrypoints/Makefile | 93 ++ drivers/hid/bpf/entrypoints/README | 4 + drivers/hid/bpf/entrypoints/entrypoints.bpf.c | 66 ++ .../hid/bpf/entrypoints/entrypoints.lskel.h | 682 ++++++++++++ drivers/hid/bpf/hid_bpf_dispatch.c | 526 ++++++++++ drivers/hid/bpf/hid_bpf_dispatch.h | 28 + drivers/hid/bpf/hid_bpf_jmp_table.c | 577 ++++++++++ drivers/hid/hid-core.c | 49 +- include/linux/bpf.h | 9 +- include/linux/btf.h | 10 + include/linux/hid.h | 38 +- include/linux/hid_bpf.h | 148 +++ include/uapi/linux/hid.h | 26 +- include/uapi/linux/hid_bpf.h | 25 + kernel/bpf/btf.c | 109 +- kernel/bpf/syscall.c | 10 +- kernel/bpf/verifier.c | 64 +- net/bpf/test_run.c | 21 + samples/bpf/.gitignore | 2 + samples/bpf/Makefile | 27 + samples/bpf/hid_mouse.bpf.c | 134 +++ samples/bpf/hid_mouse.c | 161 +++ samples/bpf/hid_surface_dial.bpf.c | 161 +++ samples/bpf/hid_surface_dial.c | 232 ++++ tools/include/uapi/linux/hid.h | 62 ++ tools/include/uapi/linux/hid_bpf.h | 25 + tools/lib/bpf/skel_internal.h | 23 + tools/testing/selftests/bpf/Makefile | 5 +- tools/testing/selftests/bpf/config | 3 + tools/testing/selftests/bpf/prog_tests/hid.c | 990 ++++++++++++++++++ .../selftests/bpf/prog_tests/kfunc_call.c | 76 ++ tools/testing/selftests/bpf/progs/hid.c | 206 ++++ .../selftests/bpf/progs/kfunc_call_test.c | 125 +++ 40 files changed, 5198 insertions(+), 84 deletions(-) create mode 100644 Documentation/hid/hid-bpf.rst create mode 100644 drivers/hid/bpf/Kconfig create mode 100644 drivers/hid/bpf/Makefile create mode 100644 drivers/hid/bpf/entrypoints/Makefile create mode 100644 drivers/hid/bpf/entrypoints/README create mode 100644 drivers/hid/bpf/entrypoints/entrypoints.bpf.c create mode 100644 drivers/hid/bpf/entrypoints/entrypoints.lskel.h create mode 100644 drivers/hid/bpf/hid_bpf_dispatch.c create mode 100644 drivers/hid/bpf/hid_bpf_dispatch.h create mode 100644 drivers/hid/bpf/hid_bpf_jmp_table.c create mode 100644 include/linux/hid_bpf.h create mode 100644 include/uapi/linux/hid_bpf.h create mode 100644 samples/bpf/hid_mouse.bpf.c create mode 100644 samples/bpf/hid_mouse.c create mode 100644 samples/bpf/hid_surface_dial.bpf.c create mode 100644 samples/bpf/hid_surface_dial.c create mode 100644 tools/include/uapi/linux/hid.h create mode 100644 tools/include/uapi/linux/hid_bpf.h create mode 100644 tools/testing/selftests/bpf/prog_tests/hid.c create mode 100644 tools/testing/selftests/bpf/progs/hid.c -- 2.36.1

2 years, 8 months

4
43
0 0

[PATCH] selftests: net: sort .gitignore file

by Axel Rasmussen

This is the result of `sort tools/testing/selftests/net/.gitignore`, but preserving the comment at the top. Suggested-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Axel Rasmussen <axelrasmussen(a)google.com> --- tools/testing/selftests/net/.gitignore | 52 +++++++++++++------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/tools/testing/selftests/net/.gitignore b/tools/testing/selftests/net/.gitignore index 02abf8fdfd3a..e64419c3fed8 100644 --- a/tools/testing/selftests/net/.gitignore +++ b/tools/testing/selftests/net/.gitignore @@ -1,43 +1,43 @@ # SPDX-License-Identifier: GPL-2.0-only +cmsg_sender +fin_ack_lat +gro +hwtstamp_config +ioam6_parser +io_uring_zerocopy_tx +ip_defrag ipsec +ipv6_flowlabel +ipv6_flowlabel_mgr msg_zerocopy -socket +nettest psock_fanout psock_snd psock_tpacket -stress_reuseport_listen +reuseaddr_conflict +reuseaddr_ports_exhausted reuseport_addr_any reuseport_bpf reuseport_bpf_cpu reuseport_bpf_numa reuseport_dualstack -reuseaddr_conflict -tcp_mmap -udpgso -udpgso_bench_rx -udpgso_bench_tx -tcp_inq -tls -txring_overwrite -ip_defrag -ipv6_flowlabel -ipv6_flowlabel_mgr -so_txtime -tcp_fastopen_backup_key -nettest -fin_ack_lat -reuseaddr_ports_exhausted -hwtstamp_config rxtimestamp -timestamping -txtimestamp +socket so_netns_cookie +so_txtime +stress_reuseport_listen +tap +tcp_fastopen_backup_key +tcp_inq +tcp_mmap test_unix_oob -gro -ioam6_parser +timestamping +tls toeplitz tun -cmsg_sender +txring_overwrite +txtimestamp +udpgso +udpgso_bench_rx +udpgso_bench_tx unix_connect -tap -io_uring_zerocopy_tx -- 2.37.2.672.g94769d06f0-goog

2 years, 8 months

4
4
0 0

[PATCH v2] checkpatch: Handle FILE pointer type

by Mickaël Salaün

When using a "FILE *" type, checkpatch considers this an error: ERROR: need consistent spacing around '*' (ctx:WxV) #32: FILE: f.c:8: +static void a(FILE *const b) ^ Fix this by explicitly defining "FILE" as a common type. This is useful for user space patches. With this patch, we now get: <E> <E> <_>WS( ) <E> <E> <_>IDENT(static) <E> <V> <_>WS( ) <E> <V> <_>DECLARE(void ) <E> <T> <_>FUNC(a) <E> <V> <V>PAREN('(') <EV> <N> <_>DECLARE(FILE *const ) <EV> <T> <_>IDENT(b) <EV> <V> <_>PAREN(')') -> V <E> <V> <_>WS( ) 32 > . static void a(FILE *const b) 32 > EEVVVVVVVTTTTTVNTTTTTTTTTTTTVVV 32 > ______________________________ Cc: Andy Whitcroft <apw(a)canonical.com> Cc: Dwaipayan Ray <dwaipayanray1(a)gmail.com> Cc: Joe Perches <joe(a)perches.com> Cc: Lukas Bulwahn <lukas.bulwahn(a)gmail.com> Signed-off-by: Mickaël Salaün <mic(a)digikod.net> Link: https://lore.kernel.org/r/20220902111923.1488671-1-mic@digikod.net --- Changes since v1: https://lore.kernel.org/r/20220901145948.1456353-1-mic@digikod.net * Remove the FIXTURE_{DATA,VARIANT}() comments. * Improve commit description. --- scripts/checkpatch.pl | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 79e759aac543..e2175102a354 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -576,10 +576,14 @@ our $typeKernelTypedefs = qr{(?x: (?:__)?(?:u|s|be|le)(?:8|16|32|64)| atomic_t )}; +our $typeStdioTypedefs = qr{(?x: + FILE +)}; our $typeTypedefs = qr{(?x: $typeC99Typedefs\b| $typeOtherOSTypedefs\b| - $typeKernelTypedefs\b + $typeKernelTypedefs\b| + $typeStdioTypedefs\b )}; our $zero_initializer = qr{(?:(?:0[xX])?0+$Int_type?|NULL|false)\b}; base-commit: b90cb1053190353cc30f0fef0ef1f378ccc063c5 -- 2.37.2

2 years, 8 months

2
1
0 0

[RFC PATCH v1] checkpatch: Handle FILE pointer type

by Mickaël Salaün

When using a "FILE *" type, checkpatch considers this an error. Fix this by explicitly defining "FILE" as a common type. This is useful for user space patches. With this patch, we now get: static void a(FILE *const b) <E> <E> <_>WS( ) <E> <E> <_>IDENT(static) <E> <V> <_>WS( ) <E> <V> <_>DECLARE(void ) <E> <T> <_>FUNC(a) <E> <V> <V>PAREN('(') <EV> <N> <_>DECLARE(FILE *const ) <EV> <T> <_>IDENT(b) <EV> <V> <_>PAREN(')') -> V <E> <V> <_>WS( ) 32 > . static void a(FILE *const b) 32 > EEVVVVVVVTTTTTVNTTTTTTTTTTTTVVV 32 > ______________________________ Another error may be throw when we use FIXTURE_{DATA,VARIANT}() structs, as defined in kselftest_harness.h . The commented $typeKselftestHarnessTypedefs should fix it but such definition is considered as a function instead, because of the closing parenthesis. I'd like some help to fix this as well. With $typeKselftestHarnessTypedefs added to $typeTypedefs, we get: static void c(const FIXTURE_VARIANT(d) *const e) <E> <E> <_>WS( ) <E> <E> <_>IDENT(static) <E> <V> <_>WS( ) <E> <V> <_>DECLARE(void ) <E> <T> <_>FUNC(c) <E> <V> <V>PAREN('(') <EV> <N> <_>MODIFIER(const) <EV> <T> <_>WS( ) <EV> <T> <_>FUNC(FIXTURE_VARIANT) <EV> <V> <V>PAREN('(') <EVV> <N> <_>IDENT(d) <EVV> <V> <_>PAREN(')') -> V <EV> <V> <_>WS( ) <EV> <V> <_>OPV(*) <EV> <N> <_>MODIFIER(const) <EV> <T> <_>WS( ) <EV> <T> <_>IDENT(e) <EV> <V> <_>PAREN(')') -> V <E> <V> <_>WS( ) 30 > . static void c(const FIXTURE_VARIANT(d) *const e) 30 > EEVVVVVVVTTTTTVNTTTTTTVVVVVVVVVVVVVVVNVVVNTTTTTTVVV 30 > ________________________________________B_________ Cc: Andy Whitcroft <apw(a)canonical.com> Cc: Dwaipayan Ray <dwaipayanray1(a)gmail.com> Cc: Joe Perches <joe(a)perches.com> Cc: Lukas Bulwahn <lukas.bulwahn(a)gmail.com> Signed-off-by: Mickaël Salaün <mic(a)digikod.net> Link: https://lore.kernel.org/r/20220901145948.1456353-1-mic@digikod.net --- scripts/checkpatch.pl | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 79e759aac543..016b47c35742 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -576,10 +576,17 @@ our $typeKernelTypedefs = qr{(?x: (?:__)?(?:u|s|be|le)(?:8|16|32|64)| atomic_t )}; +our $typeStdioTypedefs = qr{(?x: + FILE +)}; +# our $typeKselftestHarnessTypedefs = qr{(?x: +# FIXTURE_(?:DATA|VARIANT)$$Ident$ +# )}; our $typeTypedefs = qr{(?x: $typeC99Typedefs\b| $typeOtherOSTypedefs\b| - $typeKernelTypedefs\b + $typeKernelTypedefs\b| + $typeStdioTypedefs\b )}; our $zero_initializer = qr{(?:(?:0[xX])?0+$Int_type?|NULL|false)\b}; base-commit: b90cb1053190353cc30f0fef0ef1f378ccc063c5 -- 2.37.2

2 years, 8 months

2
6
0 0

[PATCH 1/2] drm/tests: Split drm_framebuffer_create_test into parameterized tests

by Maíra Canal

The igt_check_drm_framebuffer_create is based on a loop that executes tests for all createbuffer_tests test cases. This could be better represented by parameterized tests, provided by KUnit. So, convert the igt_check_drm_framebuffer_create test into parameterized tests. Signed-off-by: Maíra Canal <mairacanal(a)riseup.net> --- drivers/gpu/drm/tests/drm_framebuffer_test.c | 23 +++++++++----------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/drivers/gpu/drm/tests/drm_framebuffer_test.c b/drivers/gpu/drm/tests/drm_framebuffer_test.c index ec7a08ba4056..3e46fd9f6615 100644 --- a/drivers/gpu/drm/tests/drm_framebuffer_test.c +++ b/drivers/gpu/drm/tests/drm_framebuffer_test.c @@ -25,7 +25,7 @@ struct drm_framebuffer_test { const char *name; }; -static struct drm_framebuffer_test createbuffer_tests[] = { +static const struct drm_framebuffer_test drm_framebuffer_create_cases[] = { { .buffer_created = 1, .name = "ABGR8888 normal sizes", .cmd = { .width = 600, .height = 600, .pixel_format = DRM_FORMAT_ABGR8888, .handles = { 1, 0, 0 }, .pitches = { 4 * 600, 0, 0 }, @@ -340,28 +340,25 @@ static struct drm_device mock_drm_device = { }, }; -static int execute_drm_mode_fb_cmd2(struct drm_mode_fb_cmd2 *r) +static void drm_framebuffer_create_test(struct kunit *test) { + const struct drm_framebuffer_test *params = test->param_value; int buffer_created = 0; mock_drm_device.dev_private = &buffer_created; - drm_internal_framebuffer_create(&mock_drm_device, r, NULL); - return buffer_created; + drm_internal_framebuffer_create(&mock_drm_device, &params->cmd, NULL); + KUNIT_EXPECT_EQ(test, params->buffer_created, buffer_created); } -static void igt_check_drm_framebuffer_create(struct kunit *test) +static void drm_framebuffer_to_desc(const struct drm_framebuffer_test *t, char *desc) { - int i = 0; - - for (i = 0; i < ARRAY_SIZE(createbuffer_tests); i++) { - KUNIT_EXPECT_EQ_MSG(test, createbuffer_tests[i].buffer_created, - execute_drm_mode_fb_cmd2(&createbuffer_tests[i].cmd), - "Test %d: \"%s\" failed\n", i, createbuffer_tests[i].name); - } + strcpy(desc, t->name); } +KUNIT_ARRAY_PARAM(drm_framebuffer_create, drm_framebuffer_create_cases, drm_framebuffer_to_desc); + static struct kunit_case drm_framebuffer_tests[] = { - KUNIT_CASE(igt_check_drm_framebuffer_create), + KUNIT_CASE_PARAM(drm_framebuffer_create_test, drm_framebuffer_create_gen_params), { } }; -- 2.37.2

2 years, 8 months

4
6
0 0

Wycena paneli fotowoltaicznych

by Norbert Karecki

Dzień dobry, dostrzegam możliwość współpracy z Państwa firmą. Świadczymy kompleksową obsługę inwestycji w fotowoltaikę, która obniża koszty energii elektrycznej nawet o 90%. Czy są Państwo zainteresowani weryfikacją wstępnych propozycji? Pozdrawiam, Norbert Karecki

2 years, 8 months

1
0
0 0

[PATCH v14 00/12] bpf: Add kfuncs for PKCS#7 signature verification

by Roberto Sassu

From: Roberto Sassu <roberto.sassu(a)huawei.com> One of the desirable features in security is the ability to restrict import of data to a given system based on data authenticity. If data import can be restricted, it would be possible to enforce a system-wide policy based on the signing keys the system owner trusts. This feature is widely used in the kernel. For example, if the restriction is enabled, kernel modules can be plugged in only if they are signed with a key whose public part is in the primary or secondary keyring. For eBPF, it can be useful as well. For example, it might be useful to authenticate data an eBPF program makes security decisions on. After a discussion in the eBPF mailing list, it was decided that the stated goal should be accomplished by introducing four new kfuncs: bpf_lookup_user_key() and bpf_lookup_system_key(), for retrieving a keyring with keys trusted for signature verification, respectively from its serial and from a pre-determined ID; bpf_key_put(), to release the reference obtained with the former two kfuncs, bpf_verify_pkcs7_signature(), for verifying PKCS#7 signatures. Other than the key serial, bpf_lookup_user_key() also accepts key lookup flags, that influence the behavior of the lookup. bpf_lookup_system_key() accepts pre-determined IDs defined in include/linux/verification.h. bpf_key_put() accepts the new bpf_key structure, introduced to tell whether the other structure member, a key pointer, is valid or not. The reason is that verify_pkcs7_signature() also accepts invalid pointers, set with the pre-determined ID, to select a system-defined keyring. key_put() must be called only for valid key pointers. Since the two key lookup functions allocate memory and one increments a key reference count, they must be used in conjunction with bpf_key_put(). The latter must be called only if the lookup functions returned a non-NULL pointer. The verifier denies the execution of eBPF programs that don't respect this rule. The two key lookup functions should be used in alternative, depending on the use case. While bpf_lookup_user_key() provides great flexibility, it seems suboptimal in terms of security guarantees, as even if the eBPF program is assumed to be trusted, the serial used to obtain the key pointer might come from untrusted user space not choosing one that the system administrator approves to enforce a mandatory policy. bpf_lookup_system_key() instead provides much stronger guarantees, especially if the pre-determined ID is not passed by user space but is hardcoded in the eBPF program, and that program is signed. In this case, bpf_verify_pkcs7_signature() will always perform signature verification with a key that the system administrator approves, i.e. the primary, secondary or platform keyring. Nevertheless, key permission checks need to be done accurately. Since bpf_lookup_user_key() cannot determine how a key will be used by other kfuncs, it has to defer the permission check to the actual kfunc using the key. It does it by calling lookup_user_key() with KEY_DEFER_PERM_CHECK as needed permission. Later, bpf_verify_pkcs7_signature(), if called, completes the permission check by calling key_validate(). It does not need to call key_task_permission() with permission KEY_NEED_SEARCH, as it is already done elsewhere by the key subsystem. Future kfuncs using the bpf_key structure need to implement the proper checks as well. Finally, the last kfunc, bpf_verify_pkcs7_signature(), accepts the data and signature to verify as eBPF dynamic pointers, to minimize the number of kfunc parameters, and the keyring with keys for signature verification as a bpf_key structure, returned by one of the two key lookup functions. bpf_lookup_user_key() and bpf_verify_pkcs7_signature() can be called only from sleepable programs, because of memory allocation and crypto operations. For example, the lsm.s/bpf attach point is suitable, fexit/array_map_update_elem is not. The correctness of implementation of the new kfuncs and of their usage is checked with the introduced tests. The patch set includes a patch from another author (dependency) for sake of completeness. It is organized as follows. Patch 1 from KP Singh allows kfuncs to be used by LSM programs. Patch 2 splits is_dynptr_reg_valid_init() and introduces is_dynptr_type_expected(), to know more precisely the cause of a negative result of a dynamic pointer check. Patch 3 allows dynamic pointers to be used as kfunc parameters. Patch 4 exports bpf_dynptr_get_size(), to obtain the real size of data carried by a dynamic pointer. Patch 5 makes available for new eBPF kfuncs some key-related definitions. Patch 6 introduces the bpf_lookup_*_key() and bpf_key_put() kfuncs. Patch 7 introduces the bpf_verify_pkcs7_signature() kfunc. Patch 8 changes the testing kernel configuration to compile everything as built-in. Finally, patches 9-12 introduce the tests. Changelog v13: - Split is_dynptr_reg_valid_init() and introduce is_dynptr_type_expected() to see if the dynamic pointer type passed as argument to a kfunc is supported (suggested by Kumar) - Add forward declaration of struct key in include/linux/bpf.h (suggested by Song) - Declare mask for key lookup flags, remove key_lookup_flags_check() (suggested by Jarkko and KP) - Allow only certain dynamic pointer types (currently, local) to be passed as argument to kfuncs (suggested by Kumar) - For each dynamic pointer parameter in kfunc, additionally check if the passed pointer is to the stack (suggested by Kumar) - Split the validity/initialization and dynamic pointer type check also in the verifier, and adjust the expected error message in the test (a test for an unexpected dynptr type passed to a helper cannot be added due to missing suitable helpers, but this case has been tested manually) - Add verifier tests to check the dynamic pointers passed as argument to kfuncs (suggested by Kumar) v12: - Put lookup_key and verify_pkcs7_sig tests in deny list for s390x (JIT does not support calling kernel function) v11: - Move stringify_struct() macro to include/linux/btf.h (suggested by Daniel) - Change kernel configuration options in tools/testing/selftests/bpf/config* from =m to =y v10: - Introduce key_lookup_flags_check() and system_keyring_id_check() inline functions to check parameters (suggested by KP) - Fix descriptions and comment of key-related kfuncs (suggested by KP) - Register kfunc set only once (suggested by Alexei) - Move needed kernel options to the architecture-independent configuration for testing v9: - Drop patch to introduce KF_SLEEPABLE kfunc flag (already merged) - Rename valid_ptr member of bpf_key to has_ref (suggested by Daniel) - Check dynamic pointers in kfunc definition with bpf_dynptr_kern struct definition instead of string, to detect structure renames (suggested by Daniel) - Explicitly say that we permit initialized dynamic pointers in kfunc definition (suggested by Daniel) - Remove noinline __weak from kfuncs definition (reported by Daniel) - Simplify key lookup flags check in bpf_lookup_user_key() (suggested by Daniel) - Explain the reason for deferring key permission check (suggested by Daniel) - Allocate memory with GFP_ATOMIC in bpf_lookup_system_key(), and remove KF_SLEEPABLE kfunc flag from kfunc declaration (suggested by Daniel) - Define only one kfunc set and remove the loop for registration (suggested by Alexei) v8: - Define the new bpf_key structure to carry the key pointer and whether that pointer is valid or not (suggested by Daniel) - Drop patch to mark a kfunc parameter with the __maybe_null suffix - Improve documentation of kfuncs - Introduce bpf_lookup_system_key() to obtain a key pointer suitable for verify_pkcs7_signature() (suggested by Daniel) - Use the new kfunc registration API - Drop patch to test the __maybe_null suffix - Add tests for bpf_lookup_system_key() v7: - Add support for using dynamic and NULL pointers in kfunc (suggested by Alexei) - Add new kfunc-related tests v6: - Switch back to key lookup helpers + signature verification (until v5), and defer permission check from bpf_lookup_user_key() to bpf_verify_pkcs7_signature() - Add additional key lookup test to illustrate the usage of the KEY_LOOKUP_CREATE flag and validate the flags (suggested by Daniel) - Make description of flags of bpf_lookup_user_key() more user-friendly (suggested by Daniel) - Fix validation of flags parameter in bpf_lookup_user_key() (reported by Daniel) - Rename bpf_verify_pkcs7_signature() keyring-related parameters to user_keyring and system_keyring to make their purpose more clear - Accept keyring-related parameters of bpf_verify_pkcs7_signature() as alternatives (suggested by KP) - Replace unsigned long type with u64 in helper declaration (suggested by Daniel) - Extend the bpf_verify_pkcs7_signature() test by calling the helper without data, by ensuring that the helper enforces the keyring-related parameters as alternatives, by ensuring that the helper rejects inaccessible and expired keyrings, and by checking all system keyrings - Move bpf_lookup_user_key() and bpf_key_put() usage tests to ref_tracking.c (suggested by John) - Call bpf_lookup_user_key() and bpf_key_put() only in sleepable programs v5: - Move KEY_LOOKUP_ to include/linux/key.h for validation of bpf_verify_pkcs7_signature() parameter - Remove bpf_lookup_user_key() and bpf_key_put() helpers, and the corresponding tests - Replace struct key parameter of bpf_verify_pkcs7_signature() with the keyring serial and lookup flags - Call lookup_user_key() and key_put() in bpf_verify_pkcs7_signature() code, to ensure that the retrieved key is used according to the permission requested at lookup time - Clarified keyring precedence in the description of bpf_verify_pkcs7_signature() (suggested by John) - Remove newline in the second argument of ASSERT_ - Fix helper prototype regular expression in bpf_doc.py v4: - Remove bpf_request_key_by_id(), don't return an invalid pointer that other helpers can use - Pass the keyring ID (without ULONG_MAX, suggested by Alexei) to bpf_verify_pkcs7_signature() - Introduce bpf_lookup_user_key() and bpf_key_put() helpers (suggested by Alexei) - Add lookup_key_norelease test, to ensure that the verifier blocks eBPF programs which don't decrement the key reference count - Parse raw PKCS#7 signature instead of module-style signature in the verify_pkcs7_signature test (suggested by Alexei) - Parse kernel module in user space and pass raw PKCS#7 signature to the eBPF program for signature verification v3: - Rename bpf_verify_signature() back to bpf_verify_pkcs7_signature() to avoid managing different parameters for each signature verification function in one helper (suggested by Daniel) - Use dynamic pointers and export bpf_dynptr_get_size() (suggested by Alexei) - Introduce bpf_request_key_by_id() to give more flexibility to the caller of bpf_verify_pkcs7_signature() to retrieve the appropriate keyring (suggested by Alexei) - Fix test by reordering the gcc command line, always compile sign-file - Improve helper support check mechanism in the test v2: - Rename bpf_verify_pkcs7_signature() to a more generic bpf_verify_signature() and pass the signature type (suggested by KP) - Move the helper and prototype declaration under #ifdef so that user space can probe for support for the helper (suggested by Daniel) - Describe better the keyring types (suggested by Daniel) - Include linux/bpf.h instead of vmlinux.h to avoid implicit or redeclaration - Make the test selfcontained (suggested by Alexei) v1: - Don't define new map flag but introduce simple wrapper of verify_pkcs7_signature() (suggested by Alexei and KP) KP Singh (1): bpf: Allow kfuncs to be used in LSM programs Roberto Sassu (11): bpf: Move dynptr type check to is_dynptr_type_expected() btf: Allow dynamic pointer parameters in kfuncs bpf: Export bpf_dynptr_get_size() KEYS: Move KEY_LOOKUP_ to include/linux/key.h and set KEY_LOOKUP_FLAGS_ALL bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs bpf: Add bpf_verify_pkcs7_signature() kfunc selftests/bpf: Compile kernel with everything as built-in selftests/bpf: Add verifier tests for bpf_lookup_*_key() and bpf_key_put() selftests/bpf: Add additional tests for bpf_lookup_*_key() selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc selftests/bpf: Add verifier tests for dynamic pointers parameters in kfuncs include/linux/bpf.h | 9 + include/linux/bpf_verifier.h | 5 + include/linux/btf.h | 9 + include/linux/key.h | 4 + include/linux/verification.h | 8 + kernel/bpf/btf.c | 34 ++ kernel/bpf/helpers.c | 2 +- kernel/bpf/verifier.c | 35 +- kernel/trace/bpf_trace.c | 180 ++++++++ security/keys/internal.h | 2 - tools/testing/selftests/bpf/DENYLIST.s390x | 2 + tools/testing/selftests/bpf/Makefile | 14 +- tools/testing/selftests/bpf/config | 32 +- tools/testing/selftests/bpf/config.x86_64 | 7 +- .../testing/selftests/bpf/prog_tests/dynptr.c | 2 +- .../selftests/bpf/prog_tests/lookup_key.c | 112 +++++ .../bpf/prog_tests/verify_pkcs7_sig.c | 399 ++++++++++++++++++ .../selftests/bpf/progs/test_lookup_key.c | 46 ++ .../bpf/progs/test_verify_pkcs7_sig.c | 100 +++++ tools/testing/selftests/bpf/test_verifier.c | 3 +- .../bpf/verifier/kfunc_dynptr_param.c | 72 ++++ .../selftests/bpf/verifier/ref_tracking.c | 139 ++++++ .../testing/selftests/bpf/verify_sig_setup.sh | 104 +++++ 23 files changed, 1285 insertions(+), 35 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/lookup_key.c create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c create mode 100644 tools/testing/selftests/bpf/progs/test_lookup_key.c create mode 100644 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c create mode 100644 tools/testing/selftests/bpf/verifier/kfunc_dynptr_param.c create mode 100755 tools/testing/selftests/bpf/verify_sig_setup.sh -- 2.25.1

2 years, 8 months

4
22
0 0

[PATCH v1 0/5] KVM: arm64: Enable ring-based dirty memory tracking

by Gavin Shan

This series enables the ring-based dirty memory tracking for ARM64. The feature has been available and enabled on x86 for a while. It is beneficial when the number of dirty pages is small in a checkpointing system or live migration scenario. More details can be found from fb04a1eddb1a ("KVM: X86: Implement ring-based dirty memory tracking"). The generic part has been comprehensive enough, meaning there isn't too much work, needed to extend it to ARM64. - PATCH[1] enables the feature on ARM64 - PATCH[2-5] improves kvm/selftests/dirty_log_test Testing ======= - kvm/selftests/dirty_log_test - Live migration by QEMU - Host with 4KB or 64KB base page size Gavin Shan (5): KVM: arm64: Enable ring-based dirty memory tracking KVM: selftests: Use host page size to map ring buffer in dirty_log_test KVM: selftests: Dirty host pages in dirty_log_test KVM: selftests: Clear dirty ring states between two modes in dirty_log_test KVM: selftests: Automate choosing dirty ring size in dirty_log_test Documentation/virt/kvm/api.rst | 2 +- arch/arm64/include/uapi/asm/kvm.h | 1 + arch/arm64/kvm/Kconfig | 1 + arch/arm64/kvm/arm.c | 8 ++ tools/testing/selftests/kvm/dirty_log_test.c | 101 ++++++++++++++----- tools/testing/selftests/kvm/lib/kvm_util.c | 2 +- 6 files changed, 88 insertions(+), 27 deletions(-) -- 2.23.0

2 years, 8 months

6
32
0 0

[PATCH 4/6] selftests/sgx: Add SGX selftest augment_via_eaccept_long

by Jarkko Sakkinen

From: Vijay Dhanraj <vijay.dhanraj(a)intel.com> Add a new test case which is same as augment_via_eaccept but adds a larger number of EPC pages to stress test EAUG via EACCEPT. Signed-off-by: Vijay Dhanraj <vijay.dhanraj(a)intel.com> Co-developed-by: Jarkko Sakkinen <jarkko(a)kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v2: - Addressed Reinette's feedback: https://lore.kernel.org/linux-sgx/24bd8e42-ff4e-0090-d9e1-cd81e4807f21@inte… --- tools/testing/selftests/sgx/load.c | 5 +- tools/testing/selftests/sgx/main.c | 141 +++++++++++++++++++++--- tools/testing/selftests/sgx/main.h | 3 +- tools/testing/selftests/sgx/sigstruct.c | 2 +- 4 files changed, 129 insertions(+), 22 deletions(-) diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c index 94bdeac1cf04..7de1b15c90b1 100644 --- a/tools/testing/selftests/sgx/load.c +++ b/tools/testing/selftests/sgx/load.c @@ -171,7 +171,8 @@ uint64_t encl_get_entry(struct encl *encl, const char *symbol) return 0; } -bool encl_load(const char *path, struct encl *encl, unsigned long heap_size) +bool encl_load(const char *path, struct encl *encl, unsigned long heap_size, + unsigned long edmm_size) { const char device_path[] = "/dev/sgx_enclave"; struct encl_segment *seg; @@ -300,7 +301,7 @@ bool encl_load(const char *path, struct encl *encl, unsigned long heap_size) encl->src_size = encl->segment_tbl[j].offset + encl->segment_tbl[j].size; - for (encl->encl_size = 4096; encl->encl_size < encl->src_size; ) + for (encl->encl_size = 4096; encl->encl_size < encl->src_size + edmm_size;) encl->encl_size <<= 1; return true; diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c index 9820b3809c69..867e98502120 100644 --- a/tools/testing/selftests/sgx/main.c +++ b/tools/testing/selftests/sgx/main.c @@ -21,8 +21,15 @@ #include "../kselftest_harness.h" #include "main.h" +/* + * The size was chosen based on a bug report: + * https://lore.kernel.org/linux-sgx/DM8PR11MB55912A7F47A84EC9913A6352F6999@DM… + */ +static const unsigned long EDMM_SIZE_LONG = 8L * 1024L * 1024L * 1024L; // 8 GB +static const unsigned long TIMEOUT_LONG = 900; /* seconds */ static const uint64_t MAGIC = 0x1122334455667788ULL; static const uint64_t MAGIC2 = 0x8877665544332211ULL; + vdso_sgx_enter_enclave_t vdso_sgx_enter_enclave; /* @@ -173,7 +180,8 @@ FIXTURE(enclave) { }; static bool setup_test_encl(unsigned long heap_size, struct encl *encl, - struct __test_metadata *_metadata) + struct __test_metadata *_metadata, + unsigned long edmm_size) { Elf64_Sym *sgx_enter_enclave_sym = NULL; struct vdso_symtab symtab; @@ -183,7 +191,7 @@ static bool setup_test_encl(unsigned long heap_size, struct encl *encl, unsigned int i; void *addr; - if (!encl_load("test_encl.elf", encl, heap_size)) { + if (!encl_load("test_encl.elf", encl, heap_size, edmm_size)) { encl_delete(encl); TH_LOG("Failed to load the test enclave."); return false; @@ -284,7 +292,7 @@ TEST_F(enclave, unclobbered_vdso) struct encl_op_get_from_buf get_op; struct encl_op_put_to_buf put_op; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -357,7 +365,7 @@ TEST_F(enclave, unclobbered_vdso_oversubscribed) total_mem = get_total_epc_mem(); ASSERT_NE(total_mem, 0); - ASSERT_TRUE(setup_test_encl(total_mem, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(total_mem, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -401,7 +409,7 @@ TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900) ASSERT_NE(total_mem, 0); TH_LOG("Creating an enclave with %lu bytes heap may take a while ...", total_mem); - ASSERT_TRUE(setup_test_encl(total_mem, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(total_mem, &self->encl, _metadata, 0)); /* * Hardware (SGX2) and kernel support is needed for this test. Start @@ -506,7 +514,7 @@ TEST_F(enclave, clobbered_vdso) struct encl_op_get_from_buf get_op; struct encl_op_put_to_buf put_op; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -542,7 +550,7 @@ TEST_F(enclave, clobbered_vdso_and_user_function) struct encl_op_get_from_buf get_op; struct encl_op_put_to_buf put_op; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -575,7 +583,7 @@ TEST_F(enclave, tcs_entry) { struct encl_op_header op; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -620,7 +628,7 @@ TEST_F(enclave, pte_permissions) unsigned long data_start; int ret; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -722,7 +730,7 @@ TEST_F(enclave, tcs_permissions) struct sgx_enclave_restrict_permissions ioc; int ret, errno_save; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -785,7 +793,7 @@ TEST_F(enclave, epcm_permissions) unsigned long data_start; int ret, errno_save; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -986,7 +994,7 @@ TEST_F(enclave, augment) if (!sgx2_supported()) SKIP(return, "SGX2 not supported"); - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -1116,7 +1124,7 @@ TEST_F(enclave, augment_via_eaccept) if (!sgx2_supported()) SKIP(return, "SGX2 not supported"); - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -1210,6 +1218,103 @@ TEST_F(enclave, augment_via_eaccept) munmap(addr, PAGE_SIZE); } +/* + * Test for the addition of large number of pages to an initialized enclave via + * a pre-emptive run of EACCEPT on every page to be added. + */ +TEST_F_TIMEOUT(enclave, augment_via_eaccept_long, TIMEOUT_LONG) +{ + struct encl_op_get_from_addr get_addr_op; + struct encl_op_put_to_addr put_addr_op; + struct encl_op_eaccept eaccept_op; + size_t total_size = 0; + unsigned long i; + void *addr; + + if (!sgx2_supported()) + SKIP(return, "SGX2 not supported"); + + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, + EDMM_SIZE_LONG)); + + memset(&self->run, 0, sizeof(self->run)); + self->run.tcs = self->encl.encl_base; + + for (i = 0; i < self->encl.nr_segments; i++) { + struct encl_segment *seg = &self->encl.segment_tbl[i]; + + total_size += seg->size; + } + + /* + * mmap() every page at end of existing enclave to be used for + * EDMM. + */ + addr = mmap((void *)self->encl.encl_base + total_size, EDMM_SIZE_LONG, + PROT_READ | PROT_WRITE | PROT_EXEC, MAP_SHARED | MAP_FIXED, + self->encl.fd, 0); + EXPECT_NE(addr, MAP_FAILED); + + self->run.exception_vector = 0; + self->run.exception_error_code = 0; + self->run.exception_addr = 0; + + /* + * Run EACCEPT on new page to trigger the #PF->EAUG->EACCEPT(again + * without a #PF). All should be transparent to userspace. + */ + eaccept_op.flags = SGX_SECINFO_R | SGX_SECINFO_W | SGX_SECINFO_REG | SGX_SECINFO_PENDING; + eaccept_op.ret = 0; + eaccept_op.header.type = ENCL_OP_EACCEPT; + + for (i = 0; i < EDMM_SIZE_LONG; i += 4096) { + eaccept_op.epc_addr = (uint64_t)(addr + i); + + EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0); + if (self->run.exception_vector == 14 && + self->run.exception_error_code == 4 && + self->run.exception_addr == self->encl.encl_base) { + munmap(addr, EDMM_SIZE_LONG); + SKIP(return, "Kernel does not support adding pages to initialized enclave"); + } + + EXPECT_EQ(self->run.exception_vector, 0); + EXPECT_EQ(self->run.exception_error_code, 0); + EXPECT_EQ(self->run.exception_addr, 0); + ASSERT_EQ(eaccept_op.ret, 0); + ASSERT_EQ(self->run.function, EEXIT); + } + + put_addr_op.value = MAGIC; + put_addr_op.addr = (unsigned long)addr; + put_addr_op.header.type = ENCL_OP_PUT_TO_ADDRESS; + + EXPECT_EQ(ENCL_CALL(&put_addr_op, &self->run, true), 0); + + EXPECT_EEXIT(&self->run); + EXPECT_EQ(self->run.exception_vector, 0); + EXPECT_EQ(self->run.exception_error_code, 0); + EXPECT_EQ(self->run.exception_addr, 0); + + /* + * Read memory from newly added page that was just written to, + * confirming that data previously written (MAGIC) is present. + */ + get_addr_op.value = 0; + get_addr_op.addr = (unsigned long)addr; + get_addr_op.header.type = ENCL_OP_GET_FROM_ADDRESS; + + EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0); + + EXPECT_EQ(get_addr_op.value, MAGIC); + EXPECT_EEXIT(&self->run); + EXPECT_EQ(self->run.exception_vector, 0); + EXPECT_EQ(self->run.exception_error_code, 0); + EXPECT_EQ(self->run.exception_addr, 0); + + munmap(addr, EDMM_SIZE_LONG); +} + /* * SGX2 page type modification test in two phases: * Phase 1: @@ -1238,7 +1343,7 @@ TEST_F(enclave, tcs_create) int ret, i; ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, - _metadata)); + _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -1568,7 +1673,7 @@ TEST_F(enclave, remove_added_page_no_eaccept) unsigned long data_start; int ret, errno_save; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -1679,7 +1784,7 @@ TEST_F(enclave, remove_added_page_invalid_access) unsigned long data_start; int ret, errno_save; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -1794,7 +1899,7 @@ TEST_F(enclave, remove_added_page_invalid_access_after_eaccept) unsigned long data_start; int ret, errno_save; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); memset(&self->run, 0, sizeof(self->run)); self->run.tcs = self->encl.encl_base; @@ -1918,7 +2023,7 @@ TEST_F(enclave, remove_untouched_page) unsigned long data_start; int ret, errno_save; - ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata)); + ASSERT_TRUE(setup_test_encl(ENCL_HEAP_SIZE_DEFAULT, &self->encl, _metadata, 0)); /* * Hardware (SGX2) and kernel support is needed for this test. Start diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h index fc585be97e2f..fe5d39ac0e1e 100644 --- a/tools/testing/selftests/sgx/main.h +++ b/tools/testing/selftests/sgx/main.h @@ -35,7 +35,8 @@ extern unsigned char sign_key[]; extern unsigned char sign_key_end[]; void encl_delete(struct encl *ctx); -bool encl_load(const char *path, struct encl *encl, unsigned long heap_size); +bool encl_load(const char *path, struct encl *encl, unsigned long heap_size, + unsigned long edmm_size); bool encl_measure(struct encl *encl); bool encl_build(struct encl *encl); uint64_t encl_get_entry(struct encl *encl, const char *symbol); diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c index a07896a46364..decd767434d5 100644 --- a/tools/testing/selftests/sgx/sigstruct.c +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -349,7 +349,7 @@ bool encl_measure(struct encl *encl) if (!ctx) goto err; - if (!mrenclave_ecreate(ctx, encl->src_size)) + if (!mrenclave_ecreate(ctx, encl->encl_size)) goto err; for (i = 0; i < encl->nr_segments; i++) { -- 2.37.2

2 years, 8 months

2
7
0 0

[PATCH 6/6] selftests/sgx: Add a bpftrace script for tracking allocation errors

by Jarkko Sakkinen

Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- tools/testing/selftests/sgx/alloc-error.bt | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 tools/testing/selftests/sgx/alloc-error.bt diff --git a/tools/testing/selftests/sgx/alloc-error.bt b/tools/testing/selftests/sgx/alloc-error.bt new file mode 100644 index 000000000000..9268d50dea29 --- /dev/null +++ b/tools/testing/selftests/sgx/alloc-error.bt @@ -0,0 +1,7 @@ +kr:sgx_alloc_epc_page /(uint64)retval >= (uint64)(-4095)/ { + printf("sgx_alloc_epc_page: retval=%d\n", (int64)retval); +} + +kr:sgx_encl_page_alloc /(uint64)retval >= (uint64)(-4095)/ { + printf("sgx_encl_page_alloc: retval=%d\n", (int64)retval); +} -- 2.37.2

2 years, 8 months

3
8
0 0

[PATCH v2] tools: Add new "test" taint to kernel-chktaint

by Joe Fradley

Commit c272612cb4a2 ("kunit: Taint the kernel when KUnit tests are run") added a new taint flag for when in-kernel tests run. This commit adds recognition of this new flag in kernel-chktaint. Reviewed-by: David Gow <davidgow(a)google.com> Signed-off-by: Joe Fradley <joefradley(a)google.com> --- Changes in v2: - based off of kselftest/kunit branch - Added David's Reviewed-by tag tools/debugging/kernel-chktaint | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/debugging/kernel-chktaint b/tools/debugging/kernel-chktaint index f1af27ce9f20..279be06332be 100755 --- a/tools/debugging/kernel-chktaint +++ b/tools/debugging/kernel-chktaint @@ -187,6 +187,7 @@ else echo " * auxiliary taint, defined for and used by distros (#16)" fi + T=`expr $T / 2` if [ `expr $T % 2` -eq 0 ]; then addout " " @@ -195,6 +196,14 @@ else echo " * kernel was built with the struct randomization plugin (#17)" fi +T=`expr $T / 2` +if [ `expr $T % 2` -eq 0 ]; then + addout " " +else + addout "N" + echo " * an in-kernel test (such as a KUnit test) has been run (#18)" +fi + echo "For a more detailed explanation of the various taint flags see" echo " Documentation/admin-guide/tainted-kernels.rst in the Linux kernel sources" echo " or https://kernel.org/doc/html/latest/admin-guide/tainted-kernels.html" -- 2.37.1.595.g718a3a8f04-goog

2 years, 8 months

4
5
0 0

[PATCH v2 6/6] selftests/sgx: Add a bpftrace script for tracking allocation errors

by Jarkko Sakkinen

Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v2: * Added comments. --- tools/testing/selftests/sgx/alloc-error.bt | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 tools/testing/selftests/sgx/alloc-error.bt diff --git a/tools/testing/selftests/sgx/alloc-error.bt b/tools/testing/selftests/sgx/alloc-error.bt new file mode 100644 index 000000000000..0cc8b2e41852 --- /dev/null +++ b/tools/testing/selftests/sgx/alloc-error.bt @@ -0,0 +1,9 @@ +/* EPC allocation */ +kr:sgx_alloc_epc_page /(uint64)retval >= (uint64)(-4095)/ { + printf("sgx_alloc_epc_page: retval=%d\n", (int64)retval); +} + +/* kzalloc for struct sgx_encl_page */ +kr:sgx_encl_page_alloc /(uint64)retval >= (uint64)(-4095)/ { + printf("sgx_encl_page_alloc: retval=%d\n", (int64)retval); +} -- 2.37.2

2 years, 8 months

2
2
0 0

[PATCH 5/6] selftests/sgx: retry the ioctls returned with EAGAIN

by Jarkko Sakkinen

From: Haitao Huang <haitao.huang(a)linux.intel.com> For EMODT and EREMOVE ioctls with a large range, kernel may not finish in one shot and return EAGAIN error code and count of bytes of EPC pages on that operations are finished successfully. Change the unclobbered_vdso_oversubscribed_remove test to rerun the ioctls in a loop, updating offset and length using the byte count returned in each iteration. Signed-off-by: Haitao Huang <haitao.huang(a)linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko(a)kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- tools/testing/selftests/sgx/main.c | 39 +++++++++++++++++++++++------- 1 file changed, 30 insertions(+), 9 deletions(-) diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c index 867e98502120..3268d8b01b0b 100644 --- a/tools/testing/selftests/sgx/main.c +++ b/tools/testing/selftests/sgx/main.c @@ -399,7 +399,7 @@ TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900) unsigned long total_mem; int ret, errno_save; unsigned long addr; - unsigned long i; + unsigned long i, count; /* * Create enclave with additional heap that is as big as all @@ -461,16 +461,27 @@ TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900) modt_ioc.offset = heap->offset; modt_ioc.length = heap->size; modt_ioc.page_type = SGX_PAGE_TYPE_TRIM; - + count = 0; TH_LOG("Changing type of %zd bytes to trimmed may take a while ...", heap->size); - ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPES, &modt_ioc); - errno_save = ret == -1 ? errno : 0; + do { + ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPES, &modt_ioc); + errno_save = ret == -1 ? errno : 0; + if (errno_save == EAGAIN) { + count += modt_ioc.count; + modt_ioc.offset += modt_ioc.count; + modt_ioc.length -= modt_ioc.count; + modt_ioc.result = 0; + modt_ioc.count = 0; + } else + break; + } while (modt_ioc.length != 0); EXPECT_EQ(ret, 0); EXPECT_EQ(errno_save, 0); EXPECT_EQ(modt_ioc.result, 0); - EXPECT_EQ(modt_ioc.count, heap->size); + count += modt_ioc.count; + EXPECT_EQ(count, heap->size); /* EACCEPT all removed pages. */ addr = self->encl.encl_base + heap->offset; @@ -498,15 +509,25 @@ TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900) remove_ioc.offset = heap->offset; remove_ioc.length = heap->size; - + count = 0; TH_LOG("Removing %zd bytes from enclave may take a while ...", heap->size); - ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_REMOVE_PAGES, &remove_ioc); - errno_save = ret == -1 ? errno : 0; + do { + ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_REMOVE_PAGES, &remove_ioc); + errno_save = ret == -1 ? errno : 0; + if (errno_save == EAGAIN) { + count += remove_ioc.count; + remove_ioc.offset += remove_ioc.count; + remove_ioc.length -= remove_ioc.count; + remove_ioc.count = 0; + } else + break; + } while (remove_ioc.length != 0); EXPECT_EQ(ret, 0); EXPECT_EQ(errno_save, 0); - EXPECT_EQ(remove_ioc.count, heap->size); + count += remove_ioc.count; + EXPECT_EQ(count, heap->size); } TEST_F(enclave, clobbered_vdso) -- 2.37.2

2 years, 8 months

3
6
0 0

[PATCH 0/2] fortify: Add run-time WARN for cross-field memcpy()

by Kees Cook

Hi, I'm hoping to at least get this into -next to see how noisy it ends up being. I've tracked down several false positives that are getting fixed, but I'd like to see this get wider testing. For details, see patch 1, but this is the run-time half of the recent FORTIFY_SOURCE memcpy() bounds checking work. -Kees Kees Cook (2): fortify: Add run-time WARN for cross-field memcpy() lkdtm: Update tests for memcpy() run-time warnings drivers/misc/lkdtm/fortify.c | 96 +++++++++++++++++++++---- include/linux/fortify-string.h | 70 +++++++++++++++++- tools/testing/selftests/lkdtm/tests.txt | 8 ++- 3 files changed, 155 insertions(+), 19 deletions(-) -- 2.34.1

2 years, 8 months

2
3
0 0

[PATCH] selftest: vm: remove deleted local_config.* from .gitignore

by Tarun Sahu

Commit d2d6cba5d6623245a80cc151008cce825c8b6248 ("selftest: vm: remove orphaned references to local_config.{h,mk}") took care of removing orphaned references. This commit remove local_config from .gitignore. Parent Patch Commit 69007f156ba7aead6c75b0046958ad3396f5aed1 ("Kselftests: remove support of libhugetlbfs from kselftests") Signed-off-by: Tarun Sahu <tsahu(a)linux.ibm.com> --- tools/testing/selftests/vm/.gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/testing/selftests/vm/.gitignore b/tools/testing/selftests/vm/.gitignore index 31e5eea2a9b9..7b9dc2426f18 100644 --- a/tools/testing/selftests/vm/.gitignore +++ b/tools/testing/selftests/vm/.gitignore @@ -30,7 +30,6 @@ map_fixed_noreplace write_to_hugetlbfs hmm-tests memfd_secret -local_config.* soft-dirty split_huge_page_test ksm_tests -- 2.31.1

2 years, 8 months

2
1
0 0

Re: [selftests] a37ddddd86: BUG:KASAN:use-after-free_in_firmware_upload_unregister

by Russ Weight

Thanks for the reply. I was able to reproduce it a couple of weeks ago and I have already submitted a fix. - Russ On 8/31/22 22:43, Yujie Liu wrote: > Hi Russ, > > On 8/2/2022 04:42, Russ Weight wrote: >> Oliver, >> >> On 7/29/22 00:08, kernel test robot wrote: >>> >>> Greeting, >>> >>> FYI, we noticed the following commit (built with gcc-11): >>> >>> commit: a37ddddd86037c896c702b4df416bc4e51b2a5a0 ("selftests: firmware: Add firmware upload selftests") >>> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master >>> >>> in testcase: kernel-selftests >>> version: kernel-selftests-x86_64-4cb0bec3-1_20220724 >>> with following parameters: >>> >>> group: firmware >>> ucode: 0xec >>> >>> test-description: The kernel contains a set of "self tests" under the tools/testing/selftests/ directory. These are intended to be small unit tests to exercise individual code paths in the kernel. >>> test-url: https://www.kernel.org/doc/Documentation/kselftest.txt >>> >>> >>> on test machine: 8 threads Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz with 28G memory >>> >>> caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): >>> >>> >>> >>> If you fix the issue, kindly add following tag >>> Reported-by: kernel test robot <oliver.sang(a)intel.com> >>> >>> >>> [ 103.520572][ T2443] BUG: KASAN: use-after-free in firmware_upload_unregister (drivers/base/firmware_loader/sysfs_upload.c:395) >>> [ 103.520579][ T2443] Read of size 8 at addr ffff8881e186c808 by task fw_upload.sh/2443 >>> [ 103.528481][ T395] >>> [ 103.534696][ T2443] >>> [ 103.534698][ T2443] CPU: 7 PID: 2443 Comm: fw_upload.sh Not tainted 5.18.0-rc2-00036-ga37ddddd8603 #1 >>> [ 103.534701][ T2443] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.2.8 01/26/2016 >>> [ 103.534703][ T2443] Call Trace: >>> [ 103.534705][ T2443] <TASK> >>> [ 103.534707][ T2443] ? firmware_upload_unregister (drivers/base/firmware_loader/sysfs_upload.c:395) >> I believe I understand the problem, but I have been unable to reproduce the error to verify the fix: >> >> 394 device_unregister(&fw_sysfs->dev); >> 395 module_put(fw_upload_priv->module); >> >> The device_unregister() call could result in the dev_release >> function freeing the fw_upload_priv structure before it is >> dereferenced on line 395. Copying fw_upload_priv->module to a >> local variable for use when calling device_unregister() >> should fix the problem. >> >>> [ 103.534713][ T2443] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4)) >>> [ 103.588011][ T2443] print_address_description+0x1f/0x200 >>> [ 103.594406][ T2443] ? firmware_upload_unregister (drivers/base/firmware_loader/sysfs_upload.c:395) >>> [ 103.600112][ T2443] print_report.cold (mm/kasan/report.c:430) >>> [ 103.604782][ T2443] ? do_raw_spin_lock (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:82 kernel/locking/spinlock_debug.c:115) >>> [ 103.609624][ T2443] kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493) >>> [ 103.613861][ T2443] ? firmware_upload_unregister (drivers/base/firmware_loader/sysfs_upload.c:395) >>> [ 103.619561][ T2443] firmware_upload_unregister (drivers/base/firmware_loader/sysfs_upload.c:395) >>> [ 103.625091][ T2443] upload_unregister_store (lib/test_firmware.c:1060 lib/test_firmware.c:1321) >>> [ 103.630377][ T2443] ? sysfs_file_ops (fs/sysfs/file.c:129) >>> [ 103.635046][ T2443] kernfs_fop_write_iter (fs/kernfs/file.c:294) >>> [ 103.640145][ T2443] new_sync_write (fs/read_write.c:505 (discriminator 1)) >>> [ 103.644642][ T2443] ? new_sync_read (fs/read_write.c:494) >>> [ 103.649225][ T2443] ? ksys_write (fs/read_write.c:644) >>> [ 103.653463][ T2443] ? rcu_read_unlock (include/linux/rcupdate.h:723 (discriminator 5)) >>> [ 103.658057][ T2443] ? lock_is_held_type (kernel/locking/lockdep.c:5382 kernel/locking/lockdep.c:5684) >>> [ 103.662909][ T2443] vfs_write (fs/read_write.c:591) >>> [ 103.666984][ T2443] ksys_write (fs/read_write.c:644) >>> [ 103.671057][ T2443] ? __ia32_sys_read (fs/read_write.c:634) >>> [ 103.675645][ T2443] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4501) >>> [ 103.682051][ T2443] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:45 arch/x86/include/asm/irqflags.h:80 kernel/entry/common.c:109) >>> [ 103.687756][ T2443] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) >>> [ 103.692010][ T2443] ? pick_file (fs/file.c:660) >>> [ 103.696165][ T2443] ? do_raw_spin_unlock (arch/x86/include/asm/atomic.h:29 include/linux/atomic/atomic-instrumented.h:28 include/asm-generic/qspinlock.h:28 kernel/locking/spinlock_debug.c:100 kernel/locking/spinlock_debug.c:140) >>> [ 103.701094][ T2443] ? syscall_exit_to_user_mode (kernel/entry/common.c:129 kernel/entry/common.c:296) >>> [ 103.706539][ T2443] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4501) >>> [ 103.712929][ T2443] ? do_syscall_64 (arch/x86/entry/common.c:87) >>> [ 103.717343][ T2443] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4501) >>> [ 103.723747][ T2443] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115) >>> [ 103.729451][ T2443] RIP: 0033:0x7f1020308f33 >>> [ 103.733709][ T2443] Code: 8b 15 61 ef 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18 >>> All code >>> ======== >>> 0: 8b 15 61 ef 0c 00 mov 0xcef61(%rip),%edx # 0xcef67 >>> 6: f7 d8 neg %eax >>> 8: 64 89 02 mov %eax,%fs:(%rdx) >>> b: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax >>> 12: eb b7 jmp 0xffffffffffffffcb >>> 14: 0f 1f 00 nopl (%rax) >>> 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax >>> 1e: 00 >>> 1f: 85 c0 test %eax,%eax >>> 21: 75 14 jne 0x37 >>> 23: b8 01 00 00 00 mov $0x1,%eax >>> 28: 0f 05 syscall >>> 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction >>> 30: 77 55 ja 0x87 >>> 32: c3 retq >>> 33: 0f 1f 40 00 nopl 0x0(%rax) >>> 37: 48 83 ec 28 sub $0x28,%rsp >>> 3b: 48 89 54 24 18 mov %rdx,0x18(%rsp) >>> >>> Code starting with the faulting instruction >>> =========================================== >>> 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax >>> 6: 77 55 ja 0x5d >>> 8: c3 retq >>> 9: 0f 1f 40 00 nopl 0x0(%rax) >>> d: 48 83 ec 28 sub $0x28,%rsp >>> 11: 48 89 54 24 18 mov %rdx,0x18(%rsp) >>> [ 103.753040][ T2443] RSP: 002b:00007fffe4075988 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 >>> [ 103.761244][ T2443] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1020308f33 >>> [ 103.769013][ T2443] RDX: 0000000000000003 RSI: 00005582df845b80 RDI: 0000000000000001 >>> [ 103.776791][ T2443] RBP: 00005582df845b80 R08: 00000000ffffffff R09: 0000000000000003 >>> [ 103.784561][ T2443] R10: 00005582df833c80 R11: 0000000000000246 R12: 0000000000000003 >>> [ 103.792328][ T2443] R13: 00007f10203d96a0 R14: 0000000000000003 R15: 00007f10203d98a0 >>> [ 103.800100][ T2443] </TASK> >>> [ 103.802957][ T2443] >>> [ 103.805125][ T2443] Allocated by task 2443: >>> [ 103.809276][ T2443] kasan_save_stack (mm/kasan/common.c:39) >>> [ 103.813781][ T2443] __kasan_kmalloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515 mm/kasan/common.c:524) >>> [ 103.818190][ T2443] firmware_upload_register (drivers/base/firmware_loader/sysfs_upload.c:160) >>> [ 103.824150][ T2443] upload_register_store (lib/test_firmware.c:1279) >>> [ 103.829250][ T2443] kernfs_fop_write_iter (fs/kernfs/file.c:294) >>> [ 103.834350][ T2443] new_sync_write (fs/read_write.c:505 (discriminator 1)) >>> [ 103.838846][ T2443] vfs_write (fs/read_write.c:591) >>> [ 103.842910][ T2443] ksys_write (fs/read_write.c:644) >>> [ 103.846975][ T2443] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) >>> [ 103.851217][ T2443] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115) >>> [ 103.856932][ T2443] >>> [ 103.859100][ T2443] Freed by task 2443: >>> [ 103.862907][ T2443] kasan_save_stack (mm/kasan/common.c:39) >>> [ 103.867415][ T2443] kasan_set_track (mm/kasan/common.c:45) >>> [ 103.871822][ T2443] kasan_set_free_info (mm/kasan/generic.c:372) >>> [ 103.876579][ T2443] __kasan_slab_free (mm/kasan/common.c:368 mm/kasan/common.c:328 mm/kasan/common.c:374) >>> [ 103.881331][ T2443] slab_free_freelist_hook (mm/slub.c:1754) >>> [ 103.886517][ T2443] kfree (mm/slub.c:3510 mm/slub.c:4552) >>> [ 103.890156][ T2443] fw_dev_release (drivers/base/firmware_loader/sysfs.c:102) >>> [ 103.894483][ T2443] device_release (drivers/base/core.c:2235) >>> [ 103.898902][ T2443] kobject_cleanup (lib/kobject.c:677) >>> [ 103.903492][ T2443] firmware_upload_unregister (drivers/base/firmware_loader/sysfs_upload.c:395) >>> [ 103.909034][ T2443] upload_unregister_store (lib/test_firmware.c:1060 lib/test_firmware.c:1321) >>> [ 103.914311][ T2443] kernfs_fop_write_iter (fs/kernfs/file.c:294) >>> [ 103.919429][ T2443] new_sync_write (fs/read_write.c:505 (discriminator 1)) >>> [ 103.923927][ T2443] vfs_write (fs/read_write.c:591) >>> [ 103.927990][ T2443] ksys_write (fs/read_write.c:644) >>> [ 103.932054][ T2443] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) >>> [ 103.936290][ T2443] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115) >>> [ 103.941992][ T2443] >>> [ 103.944159][ T2443] Last potentially related work creation: >>> [ 103.949704][ T2443] kasan_save_stack (mm/kasan/common.c:39) >>> [ 103.954216][ T2443] __kasan_record_aux_stack (mm/kasan/generic.c:348) >>> [ 103.959400][ T2443] insert_work (include/linux/instrumented.h:71 include/asm-generic/bitops/instrumented-non-atomic.h:134 kernel/workqueue.c:635 kernel/workqueue.c:642 kernel/workqueue.c:1361) >>> [ 103.963552][ T2443] __queue_work (kernel/workqueue.c:1520) >>> [ 103.967888][ T2443] queue_work_on (kernel/workqueue.c:1546) >>> [ 103.972141][ T2443] fw_upload_start (drivers/base/firmware_loader/sysfs_upload.c:263) >>> [ 103.976723][ T2443] firmware_loading_store (drivers/base/firmware_loader/sysfs.c:213) >>> [ 103.981910][ T2443] kernfs_fop_write_iter (fs/kernfs/file.c:294) >>> [ 103.987022][ T2443] new_sync_write (fs/read_write.c:505 (discriminator 1)) >>> [ 103.991537][ T2443] vfs_write (fs/read_write.c:591) >>> [ 103.995604][ T2443] ksys_write (fs/read_write.c:644) >>> [ 103.999673][ T2443] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) >>> [ 104.003930][ T2443] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115) >>> [ 104.009631][ T2443] >>> [ 104.011800][ T2443] Second to last potentially related work creation: >>> [ 104.018219][ T2443] kasan_save_stack (mm/kasan/common.c:39) >>> [ 104.022727][ T2443] __kasan_record_aux_stack (mm/kasan/generic.c:348) >>> [ 104.027938][ T2443] insert_work (include/linux/instrumented.h:71 include/asm-generic/bitops/instrumented-non-atomic.h:134 kernel/workqueue.c:635 kernel/workqueue.c:642 kernel/workqueue.c:1361) >>> [ 104.032101][ T2443] __queue_work (kernel/workqueue.c:1520) >>> [ 104.036423][ T2443] queue_work_on (kernel/workqueue.c:1546) >>> [ 104.040658][ T2443] fw_upload_start (drivers/base/firmware_loader/sysfs_upload.c:263) >>> [ 104.045240][ T2443] firmware_loading_store (drivers/base/firmware_loader/sysfs.c:213) >>> [ 104.050423][ T2443] kernfs_fop_write_iter (fs/kernfs/file.c:294) >>> [ 104.055522][ T2443] new_sync_write (fs/read_write.c:505 (discriminator 1)) >>> [ 104.060016][ T2443] vfs_write (fs/read_write.c:591) >>> [ 104.064081][ T2443] ksys_write (fs/read_write.c:644) >>> [ 104.068144][ T2443] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) >>> [ 104.072381][ T2443] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115) >>> [ 104.078083][ T2443] >>> [ 104.080249][ T2443] The buggy address belongs to the object at ffff8881e186c800 >>> [ 104.080249][ T2443] which belongs to the cache kmalloc-512 of size 512 >>> [ 104.094049][ T2443] The buggy address is located 8 bytes inside of >>> [ 104.094049][ T2443] 512-byte region [ffff8881e186c800, ffff8881e186ca00) >>> [ 104.106914][ T2443] >>> [ 104.109084][ T2443] The buggy address belongs to the physical page: >>> [ 104.115315][ T2443] page:0000000037a5888d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e1868 >>> [ 104.125336][ T2443] head:0000000037a5888d order:3 compound_mapcount:0 compound_pincount:0 >>> [ 104.133454][ T2443] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) >>> [ 104.141498][ T2443] raw: 0017ffffc0010200 ffffea0005491e00 dead000000000002 ffff888100042c80 >>> [ 104.149885][ T2443] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 >>> [ 104.158274][ T2443] page dumped because: kasan: bad access detected >>> [ 104.164492][ T2443] >>> >>> >>> To reproduce: >>> >>> git clone https://github.com/intel/lkp-tests.git >>> cd lkp-tests >>> sudo bin/lkp install job.yaml # job file is attached in this email >> I have tried these steps on Fedora35 and on CentOS Stream. In both >> cases I have missing packages that I have not yet resolved: >> >> Error: Unable to find a match: arping lib32gcc-dev libc6-dev-i386 libc6-i386 libc6-x32 libhugetlbfs-dev libmnl-dev libmount-dev libpci3 libreadline-dev libx32asan5 libx32atomic1 libx32gcc1 libx32gcc-dev libx32gomp1 libx32itm1 libx32quadmath0 libx32ubsan1 linux-libc-dev-amd64-cross netcat-openbsd openvswitch-common openvswitch-switch sendip libpci-dev >> >> Simply running the fw_upload selftests in a loop is not sufficient to >> trigger the error. Can you provide additional instructions for >> running the lkp tests manually? Do I need a specific OS? How can I >> access the missing packages? > > We can reproduce this error on bare metal by simply running fw_upload.sh. > > ~/linux/tools/testing/selftests/firmware# ./fw_upload.sh > ./fw_upload.sh: firmware upload cancellation works > ./fw_upload.sh: firmware upload error handling works > ./fw_upload.sh: oversized firmware error handling works > ./fw_upload.sh: firmware upload for fw1 works > ./fw_upload.sh: firmware upload for fw2 works > ./fw_upload.sh: firmware upload for fw3 works > > Message from syslogd@debian-x8664 at Sep 1 05:06:54 ... > kernel:[ 1090.872590][ T1293] Kernel panic - not syncing: Fatal exception > > dmesg read from serial: > > [ 1089.654274][ T1293] ================================================================== > [ 1089.662192][ T1293] BUG: KASAN: use-after-free in firmware_upload_unregister+0x16e/0x1c0 > [ 1089.670282][ T1293] Read of size 8 at addr ffff88873a872008 by task fw_upload.sh/1293 > [ 1089.678107][ T1293] > [ 1089.680291][ T1293] CPU: 4 PID: 1293 Comm: fw_upload.sh Not tainted 5.18.0-rc2-00036-ga37ddddd8603 #1 > [ 1089.689527][ T1293] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.2.8 01/26/2016 > [ 1089.697612][ T1293] Call Trace: > [ 1089.700751][ T1293] <TASK> > [ 1089.703557][ T1293] ? firmware_upload_unregister+0x16e/0x1c0 > [ 1089.709313][ T1293] dump_stack_lvl+0x45/0x59 > [ 1089.713669][ T1293] print_address_description.constprop.0+0x1f/0x200 > [ 1089.720107][ T1293] ? firmware_upload_unregister+0x16e/0x1c0 > [ 1089.725851][ T1293] print_report.cold+0x55/0x22c > [ 1089.730556][ T1293] ? do_raw_spin_lock+0x12e/0x280 > [ 1089.735432][ T1293] kasan_report+0xbe/0x1c0 > > > Could you please help check if the .config file used to compile the kernel > matches the one we attached in the original report? Here we attach it again > for your reference. > > > About the issue of missing packages during setting up lkp test environment, > we wish to support various OS and distributions, but sometimes our package > dependencies are not updated in time, sorry for the inconvenience. We use > debian OS in our test environment, and it can install the required packages > successfully. We will fix the package issue on other OS soon. For this case, > we still recommend to run fw_upload.sh to trigger the error, because it's > much easier than setting up lkp tests environment. > > -- > Thanks, > Yujie > >> >> Thanks, >> - Russ >>> bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run >>> sudo bin/lkp run generated-yaml-file >>> >>> # if come across any failure that blocks the test, >>> # please remove ~/.lkp and /lkp dir to run from a clean state. >>> >>> >>> >>

2 years, 8 months

1
0
0 0

[RFC PATCH v2 00/17] TDX KVM selftests

by Sagi Shahar

Hello, This is v2 of the patch series for TDX selftests. It is based on v5.19-rc8 and Intel's V8 of the TDX host patches which was proposed in https://lkml.org/lkml/2022/8/8/877 The tree can be found at https://github.com/googleprodkernel/linux-cc/tree/selftests Major changes vrom v1: - rebased to v5.19 - added helpers for success and failure reporting - added additional test cases --- TDX stands for Trust Domain Extensions which isolates VMs from the virtual-machine manager (VMM)/hypervisor and any other software on the platform. Intel has recently submitted a set of RFC patches for KVM support for TDX and more information can be found on the latest TDX Support Patches: https://lkml.org/lkml/2022/8/8/877 Due to the nature of the confidential computing environment that TDX provides, it is very difficult to verify/test the KVM support. TDX requires UEFI and the guest kernel to be enlightened which are all under development. We are working on a set of selftests to close this gap and be able to verify the KVM functionality to support TDX lifecycle and GHCI [1] interface. We are looking for any feedback on: - Patch series itself - Any suggestion on how we should approach testing TDX functionality. Does selftests seems reasonable or should we switch to using KVM unit tests. I would be happy to get some perspective on how KVM unit tests can help us more. - Any test case or scenario that we should add. - Anything else I have not thought of yet. Current patch series provide the following capabilities: - Provide helper functions to create a TD (Trusted Domain) using the KVM ioctls - Provide helper functions to create a guest image that can include any testing code - Provide helper functions and wrapper functions to write testing code using GHCI interface - Add a test case that verifies TDX life cycle - Add a test case that verifies TDX GHCI port IO TODOs: - Use existing function to create page tables dynamically (ie __virt_pg_map()) - Remove arbitrary defined magic numbers for data structure offsets - Add TDVMCALL for error reporting - Add additional test cases as some listed below - Add #VE handlers to help testing more complicated test cases --- Erdem Aktas (4): KVM: selftests: Add support for creating non-default type VMs KVM: selftest: Add helper functions to create TDX VMs KVM: selftest: Adding TDX life cycle test. KVM: selftest: Adding test case for TDX port IO Roger Wang (1): KVM: selftest: TDX: Add TDG.VP.INFO test Ryan Afranji (2): KVM: selftest: TDX: Verify the behavior when host consumes a TD private memory KVM: selftest: TDX: Add shared memory test Sagi Shahar (10): KVM: selftest: TDX: Add report_fatal_error test KVM: selftest: TDX: Add basic TDX CPUID test KVM: selftest: TDX: Add basic get_td_vmcall_info test KVM: selftest: TDX: Add TDX IO writes test KVM: selftest: TDX: Add TDX IO reads test KVM: selftest: TDX: Add TDX MSR read/write tests KVM: selftest: TDX: Add TDX HLT exit test KVM: selftest: TDX: Add TDX MMIO reads test KVM: selftest: TDX: Add TDX MMIO writes test KVM: selftest: TDX: Add TDX CPUID TDVMCALL test tools/testing/selftests/kvm/Makefile | 2 + .../selftests/kvm/include/kvm_util_base.h | 12 +- .../selftests/kvm/include/x86_64/processor.h | 1 + tools/testing/selftests/kvm/lib/kvm_util.c | 6 +- .../selftests/kvm/lib/x86_64/processor.c | 27 + tools/testing/selftests/kvm/lib/x86_64/tdx.h | 495 +++++ .../selftests/kvm/lib/x86_64/tdx_lib.c | 373 ++++ .../selftests/kvm/x86_64/tdx_vm_tests.c | 1666 +++++++++++++++++ 8 files changed, 2577 insertions(+), 5 deletions(-) create mode 100644 tools/testing/selftests/kvm/lib/x86_64/tdx.h create mode 100644 tools/testing/selftests/kvm/lib/x86_64/tdx_lib.c create mode 100644 tools/testing/selftests/kvm/x86_64/tdx_vm_tests.c -- 2.37.2.789.g6183377224-goog

2 years, 8 months

3
22
0 0

[PATCH] selftest: vm: remove orphaned references to local_config.{h,mk}

by Axel Rasmussen

Note: this commit is intended to apply to mm-unstable, the commit being fixed only exists in that branch for now. Commit b4efb234e53cc60ccdc855190be9f35918687412 ("Kselftests: remove support of libhugetlbfs from kselftests") removed the rule describing how to build local_config.{h,mk}, but it left two references to these files lingering around. The result is, none of the selftests could be built due to dependencies with no rule for how to build them. Signed-off-by: Axel Rasmussen <axelrasmussen(a)google.com> --- tools/testing/selftests/vm/Makefile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tools/testing/selftests/vm/Makefile b/tools/testing/selftests/vm/Makefile index b52f2cc51482..4ae879f70f4c 100644 --- a/tools/testing/selftests/vm/Makefile +++ b/tools/testing/selftests/vm/Makefile @@ -1,9 +1,7 @@ # SPDX-License-Identifier: GPL-2.0 # Makefile for vm selftests -LOCAL_HDRS += $(selfdir)/vm/local_config.h $(top_srcdir)/mm/gup_test.h - -include local_config.mk +LOCAL_HDRS += $(top_srcdir)/mm/gup_test.h uname_M := $(shell uname -m 2>/dev/null || echo not) MACHINE ?= $(shell echo $(uname_M) | sed -e 's/aarch64.*/arm64/' -e 's/ppc64.*/ppc64/') -- 2.37.2.789.g6183377224-goog

2 years, 8 months

3
2
0 0

[PATCH v15 00/12] bpf: Add kfuncs for PKCS#7 signature verification

by Roberto Sassu

From: Roberto Sassu <roberto.sassu(a)huawei.com> One of the desirable features in security is the ability to restrict import of data to a given system based on data authenticity. If data import can be restricted, it would be possible to enforce a system-wide policy based on the signing keys the system owner trusts. This feature is widely used in the kernel. For example, if the restriction is enabled, kernel modules can be plugged in only if they are signed with a key whose public part is in the primary or secondary keyring. For eBPF, it can be useful as well. For example, it might be useful to authenticate data an eBPF program makes security decisions on. After a discussion in the eBPF mailing list, it was decided that the stated goal should be accomplished by introducing four new kfuncs: bpf_lookup_user_key() and bpf_lookup_system_key(), for retrieving a keyring with keys trusted for signature verification, respectively from its serial and from a pre-determined ID; bpf_key_put(), to release the reference obtained with the former two kfuncs, bpf_verify_pkcs7_signature(), for verifying PKCS#7 signatures. Other than the key serial, bpf_lookup_user_key() also accepts key lookup flags, that influence the behavior of the lookup. bpf_lookup_system_key() accepts pre-determined IDs defined in include/linux/verification.h. bpf_key_put() accepts the new bpf_key structure, introduced to tell whether the other structure member, a key pointer, is valid or not. The reason is that verify_pkcs7_signature() also accepts invalid pointers, set with the pre-determined ID, to select a system-defined keyring. key_put() must be called only for valid key pointers. Since the two key lookup functions allocate memory and one increments a key reference count, they must be used in conjunction with bpf_key_put(). The latter must be called only if the lookup functions returned a non-NULL pointer. The verifier denies the execution of eBPF programs that don't respect this rule. The two key lookup functions should be used in alternative, depending on the use case. While bpf_lookup_user_key() provides great flexibility, it seems suboptimal in terms of security guarantees, as even if the eBPF program is assumed to be trusted, the serial used to obtain the key pointer might come from untrusted user space not choosing one that the system administrator approves to enforce a mandatory policy. bpf_lookup_system_key() instead provides much stronger guarantees, especially if the pre-determined ID is not passed by user space but is hardcoded in the eBPF program, and that program is signed. In this case, bpf_verify_pkcs7_signature() will always perform signature verification with a key that the system administrator approves, i.e. the primary, secondary or platform keyring. Nevertheless, key permission checks need to be done accurately. Since bpf_lookup_user_key() cannot determine how a key will be used by other kfuncs, it has to defer the permission check to the actual kfunc using the key. It does it by calling lookup_user_key() with KEY_DEFER_PERM_CHECK as needed permission. Later, bpf_verify_pkcs7_signature(), if called, completes the permission check by calling key_validate(). It does not need to call key_task_permission() with permission KEY_NEED_SEARCH, as it is already done elsewhere by the key subsystem. Future kfuncs using the bpf_key structure need to implement the proper checks as well. Finally, the last kfunc, bpf_verify_pkcs7_signature(), accepts the data and signature to verify as eBPF dynamic pointers, to minimize the number of kfunc parameters, and the keyring with keys for signature verification as a bpf_key structure, returned by one of the two key lookup functions. bpf_lookup_user_key() and bpf_verify_pkcs7_signature() can be called only from sleepable programs, because of memory allocation and crypto operations. For example, the lsm.s/bpf attach point is suitable, fexit/array_map_update_elem is not. The correctness of implementation of the new kfuncs and of their usage is checked with the introduced tests. The patch set includes a patch from another author (dependency) for sake of completeness. It is organized as follows. Patch 1 from KP Singh allows kfuncs to be used by LSM programs. Patch 2 splits is_dynptr_reg_valid_init() and introduces is_dynptr_type_expected(), to know more precisely the cause of a negative result of a dynamic pointer check. Patch 3 allows dynamic pointers to be used as kfunc parameters. Patch 4 exports bpf_dynptr_get_size(), to obtain the real size of data carried by a dynamic pointer. Patch 5 makes available for new eBPF kfuncs and programs some key-related definitions. Patch 6 introduces the bpf_lookup_*_key() and bpf_key_put() kfuncs. Patch 7 introduces the bpf_verify_pkcs7_signature() kfunc. Patch 8 changes the testing kernel configuration to compile everything as built-in. Finally, patches 9-12 introduce the tests. Changelog v14: - Explain that is_dynptr_type_expected() will be useful also for BTF (suggested by Joanne) - Rename KEY_LOOKUP_FLAGS_ALL to KEY_LOOKUP_ALL (suggested by Jarkko) - Swap declaration of spi and dynptr_type in is_dynptr_type_expected() (suggested by Joanne) - Reimplement kfunc dynptr tests with a regular eBPF program instead of executing them with test_verifier (suggested by Joanne) - Make key lookup flags as enum so that they are automatically exported through BTF (suggested by Alexei) v13: - Split is_dynptr_reg_valid_init() and introduce is_dynptr_type_expected() to see if the dynamic pointer type passed as argument to a kfunc is supported (suggested by Kumar) - Add forward declaration of struct key in include/linux/bpf.h (suggested by Song) - Declare mask for key lookup flags, remove key_lookup_flags_check() (suggested by Jarkko and KP) - Allow only certain dynamic pointer types (currently, local) to be passed as argument to kfuncs (suggested by Kumar) - For each dynamic pointer parameter in kfunc, additionally check if the passed pointer is to the stack (suggested by Kumar) - Split the validity/initialization and dynamic pointer type check also in the verifier, and adjust the expected error message in the test (a test for an unexpected dynptr type passed to a helper cannot be added due to missing suitable helpers, but this case has been tested manually) - Add verifier tests to check the dynamic pointers passed as argument to kfuncs (suggested by Kumar) v12: - Put lookup_key and verify_pkcs7_sig tests in deny list for s390x (JIT does not support calling kernel function) v11: - Move stringify_struct() macro to include/linux/btf.h (suggested by Daniel) - Change kernel configuration options in tools/testing/selftests/bpf/config* from =m to =y v10: - Introduce key_lookup_flags_check() and system_keyring_id_check() inline functions to check parameters (suggested by KP) - Fix descriptions and comment of key-related kfuncs (suggested by KP) - Register kfunc set only once (suggested by Alexei) - Move needed kernel options to the architecture-independent configuration for testing v9: - Drop patch to introduce KF_SLEEPABLE kfunc flag (already merged) - Rename valid_ptr member of bpf_key to has_ref (suggested by Daniel) - Check dynamic pointers in kfunc definition with bpf_dynptr_kern struct definition instead of string, to detect structure renames (suggested by Daniel) - Explicitly say that we permit initialized dynamic pointers in kfunc definition (suggested by Daniel) - Remove noinline __weak from kfuncs definition (reported by Daniel) - Simplify key lookup flags check in bpf_lookup_user_key() (suggested by Daniel) - Explain the reason for deferring key permission check (suggested by Daniel) - Allocate memory with GFP_ATOMIC in bpf_lookup_system_key(), and remove KF_SLEEPABLE kfunc flag from kfunc declaration (suggested by Daniel) - Define only one kfunc set and remove the loop for registration (suggested by Alexei) v8: - Define the new bpf_key structure to carry the key pointer and whether that pointer is valid or not (suggested by Daniel) - Drop patch to mark a kfunc parameter with the __maybe_null suffix - Improve documentation of kfuncs - Introduce bpf_lookup_system_key() to obtain a key pointer suitable for verify_pkcs7_signature() (suggested by Daniel) - Use the new kfunc registration API - Drop patch to test the __maybe_null suffix - Add tests for bpf_lookup_system_key() v7: - Add support for using dynamic and NULL pointers in kfunc (suggested by Alexei) - Add new kfunc-related tests v6: - Switch back to key lookup helpers + signature verification (until v5), and defer permission check from bpf_lookup_user_key() to bpf_verify_pkcs7_signature() - Add additional key lookup test to illustrate the usage of the KEY_LOOKUP_CREATE flag and validate the flags (suggested by Daniel) - Make description of flags of bpf_lookup_user_key() more user-friendly (suggested by Daniel) - Fix validation of flags parameter in bpf_lookup_user_key() (reported by Daniel) - Rename bpf_verify_pkcs7_signature() keyring-related parameters to user_keyring and system_keyring to make their purpose more clear - Accept keyring-related parameters of bpf_verify_pkcs7_signature() as alternatives (suggested by KP) - Replace unsigned long type with u64 in helper declaration (suggested by Daniel) - Extend the bpf_verify_pkcs7_signature() test by calling the helper without data, by ensuring that the helper enforces the keyring-related parameters as alternatives, by ensuring that the helper rejects inaccessible and expired keyrings, and by checking all system keyrings - Move bpf_lookup_user_key() and bpf_key_put() usage tests to ref_tracking.c (suggested by John) - Call bpf_lookup_user_key() and bpf_key_put() only in sleepable programs v5: - Move KEY_LOOKUP_ to include/linux/key.h for validation of bpf_verify_pkcs7_signature() parameter - Remove bpf_lookup_user_key() and bpf_key_put() helpers, and the corresponding tests - Replace struct key parameter of bpf_verify_pkcs7_signature() with the keyring serial and lookup flags - Call lookup_user_key() and key_put() in bpf_verify_pkcs7_signature() code, to ensure that the retrieved key is used according to the permission requested at lookup time - Clarified keyring precedence in the description of bpf_verify_pkcs7_signature() (suggested by John) - Remove newline in the second argument of ASSERT_ - Fix helper prototype regular expression in bpf_doc.py v4: - Remove bpf_request_key_by_id(), don't return an invalid pointer that other helpers can use - Pass the keyring ID (without ULONG_MAX, suggested by Alexei) to bpf_verify_pkcs7_signature() - Introduce bpf_lookup_user_key() and bpf_key_put() helpers (suggested by Alexei) - Add lookup_key_norelease test, to ensure that the verifier blocks eBPF programs which don't decrement the key reference count - Parse raw PKCS#7 signature instead of module-style signature in the verify_pkcs7_signature test (suggested by Alexei) - Parse kernel module in user space and pass raw PKCS#7 signature to the eBPF program for signature verification v3: - Rename bpf_verify_signature() back to bpf_verify_pkcs7_signature() to avoid managing different parameters for each signature verification function in one helper (suggested by Daniel) - Use dynamic pointers and export bpf_dynptr_get_size() (suggested by Alexei) - Introduce bpf_request_key_by_id() to give more flexibility to the caller of bpf_verify_pkcs7_signature() to retrieve the appropriate keyring (suggested by Alexei) - Fix test by reordering the gcc command line, always compile sign-file - Improve helper support check mechanism in the test v2: - Rename bpf_verify_pkcs7_signature() to a more generic bpf_verify_signature() and pass the signature type (suggested by KP) - Move the helper and prototype declaration under #ifdef so that user space can probe for support for the helper (suggested by Daniel) - Describe better the keyring types (suggested by Daniel) - Include linux/bpf.h instead of vmlinux.h to avoid implicit or redeclaration - Make the test selfcontained (suggested by Alexei) v1: - Don't define new map flag but introduce simple wrapper of verify_pkcs7_signature() (suggested by Alexei and KP) KP Singh (1): bpf: Allow kfuncs to be used in LSM programs Roberto Sassu (11): bpf: Move dynptr type check to is_dynptr_type_expected() btf: Allow dynamic pointer parameters in kfuncs bpf: Export bpf_dynptr_get_size() KEYS: Move KEY_LOOKUP_ to include/linux/key.h and define KEY_LOOKUP_ALL bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs bpf: Add bpf_verify_pkcs7_signature() kfunc selftests/bpf: Compile kernel with everything as built-in selftests/bpf: Add verifier tests for bpf_lookup_*_key() and bpf_key_put() selftests/bpf: Add additional tests for bpf_lookup_*_key() selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc selftests/bpf: Add tests for dynamic pointers parameters in kfuncs include/linux/bpf.h | 9 + include/linux/bpf_verifier.h | 5 + include/linux/btf.h | 9 + include/linux/key.h | 6 + include/linux/verification.h | 8 + kernel/bpf/btf.c | 34 ++ kernel/bpf/helpers.c | 2 +- kernel/bpf/verifier.c | 35 +- kernel/trace/bpf_trace.c | 180 ++++++++ security/keys/internal.h | 2 - tools/testing/selftests/bpf/DENYLIST.s390x | 2 + tools/testing/selftests/bpf/Makefile | 14 +- tools/testing/selftests/bpf/config | 32 +- tools/testing/selftests/bpf/config.x86_64 | 7 +- .../testing/selftests/bpf/prog_tests/dynptr.c | 2 +- .../bpf/prog_tests/kfunc_dynptr_param.c | 102 +++++ .../selftests/bpf/prog_tests/lookup_key.c | 112 +++++ .../bpf/prog_tests/verify_pkcs7_sig.c | 399 ++++++++++++++++++ .../bpf/progs/test_kfunc_dynptr_param.c | 57 +++ .../selftests/bpf/progs/test_lookup_key.c | 46 ++ .../bpf/progs/test_verify_pkcs7_sig.c | 100 +++++ tools/testing/selftests/bpf/test_verifier.c | 3 +- .../selftests/bpf/verifier/ref_tracking.c | 139 ++++++ .../testing/selftests/bpf/verify_sig_setup.sh | 104 +++++ 24 files changed, 1374 insertions(+), 35 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/kfunc_dynptr_param.c create mode 100644 tools/testing/selftests/bpf/prog_tests/lookup_key.c create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c create mode 100644 tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c create mode 100644 tools/testing/selftests/bpf/progs/test_lookup_key.c create mode 100644 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c create mode 100755 tools/testing/selftests/bpf/verify_sig_setup.sh -- 2.25.1

2 years, 8 months

1
14
0 0

[PATCH] selftests: pidfd: Fix compling warnings

by Li Zhijian

Fix warnings and enable Wall Signed-off-by: Li Zhijian <lizhijian(a)fujitsu.com> --- tools/testing/selftests/pidfd/Makefile | 2 +- tools/testing/selftests/pidfd/pidfd_test.c | 2 ++ tools/testing/selftests/pidfd/pidfd_wait.c | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/pidfd/Makefile b/tools/testing/selftests/pidfd/Makefile index f4a2f28f926b..778b6cdc8aed 100644 --- a/tools/testing/selftests/pidfd/Makefile +++ b/tools/testing/selftests/pidfd/Makefile @@ -1,5 +1,5 @@ # SPDX-License-Identifier: GPL-2.0-only -CFLAGS += -g -I../../../../usr/include/ -pthread +CFLAGS += -g -I../../../../usr/include/ -pthread -Wall TEST_GEN_PROGS := pidfd_test pidfd_fdinfo_test pidfd_open_test \ pidfd_poll_test pidfd_wait pidfd_getfd_test pidfd_setns_test diff --git a/tools/testing/selftests/pidfd/pidfd_test.c b/tools/testing/selftests/pidfd/pidfd_test.c index 9a2d64901d59..d36654265b7a 100644 --- a/tools/testing/selftests/pidfd/pidfd_test.c +++ b/tools/testing/selftests/pidfd/pidfd_test.c @@ -435,6 +435,8 @@ static int child_poll_exec_test(void *args) */ while (1) sleep(1); + + return 0; } static void test_pidfd_poll_exec(int use_waitpid) diff --git a/tools/testing/selftests/pidfd/pidfd_wait.c b/tools/testing/selftests/pidfd/pidfd_wait.c index c3e2a3041f55..2dee6223112c 100644 --- a/tools/testing/selftests/pidfd/pidfd_wait.c +++ b/tools/testing/selftests/pidfd/pidfd_wait.c @@ -148,7 +148,7 @@ static int sys_waitid(int which, pid_t pid, siginfo_t *info, int options, TEST(wait_nonblock) { - int pidfd, status = 0; + int pidfd = 0; unsigned int flags = 0; pid_t parent_tid = -1; struct clone_args args = { -- 1.8.3.1

2 years, 8 months

1
0
0 0

[PATCH v2] net-next: Fix IP_UNICAST_IF option behavior for connected sockets

by Richard Gobert

The IP_UNICAST_IF socket option is used to set the outgoing interface for outbound packets. The IP_UNICAST_IF socket option was added as it was needed by the Wine project, since no other existing option (SO_BINDTODEVICE socket option, IP_PKTINFO socket option or the bind function) provided the needed characteristics needed by the IP_UNICAST_IF socket option. [1] The IP_UNICAST_IF socket option works well for unconnected sockets, that is, the interface specified by the IP_UNICAST_IF socket option is taken into consideration in the route lookup process when a packet is being sent. However, for connected sockets, the outbound interface is chosen when connecting the socket, and in the route lookup process which is done when a packet is being sent, the interface specified by the IP_UNICAST_IF socket option is being ignored. This inconsistent behavior was reported and discussed in an issue opened on systemd's GitHub project [2]. Also, a bug report was submitted in the kernel's bugzilla [3]. To understand the problem in more detail, we can look at what happens for UDP packets over IPv4 (The same analysis was done separately in the referenced systemd issue). When a UDP packet is sent the udp_sendmsg function gets called and the following happens: 1. The oif member of the struct ipcm_cookie ipc (which stores the output interface of the packet) is initialized by the ipcm_init_sk function to inet->sk.sk_bound_dev_if (the device set by the SO_BINDTODEVICE socket option). 2. If the IP_PKTINFO socket option was set, the oif member gets overridden by the call to the ip_cmsg_send function. 3. If no output interface was selected yet, the interface specified by the IP_UNICAST_IF socket option is used. 4. If the socket is connected and no destination address is specified in the send function, the struct ipcm_cookie ipc is not taken into consideration and the cached route, that was calculated in the connect function is being used. Thus, for a connected socket, the IP_UNICAST_IF sockopt isn't taken into consideration. This patch corrects the behavior of the IP_UNICAST_IF socket option for connect()ed sockets by taking into consideration the IP_UNICAST_IF sockopt when connecting the socket. In order to avoid reconnecting the socket, this option is still ignored when applied on an already connected socket until connect() is called again by the Richard Gobert. Change the __ip4_datagram_connect function, which is called during socket connection, to take into consideration the interface set by the IP_UNICAST_IF socket option, in a similar way to what is done in the udp_sendmsg function. [1] https://lore.kernel.org/netdev/1328685717.4736.4.camel@edumazet-laptop/T/ [2] https://github.com/systemd/systemd/issues/11935#issuecomment-618691018 [3] https://bugzilla.kernel.org/show_bug.cgi?id=210255 Signed-off-by: Richard Gobert <richardbgobert(a)gmail.com> --- v1 -> v2: Added self-tests and targeted to net-next. net/ipv4/datagram.c | 2 ++ tools/testing/selftests/net/fcnal-test.sh | 30 +++++++++++++++++++++++ tools/testing/selftests/net/nettest.c | 16 ++++++++++-- 3 files changed, 46 insertions(+), 2 deletions(-) diff --git a/net/ipv4/datagram.c b/net/ipv4/datagram.c index ffd57523331f..405a8c2aea64 100644 --- a/net/ipv4/datagram.c +++ b/net/ipv4/datagram.c @@ -42,6 +42,8 @@ int __ip4_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len oif = inet->mc_index; if (!saddr) saddr = inet->mc_addr; + } else if (!oif) { + oif = inet->uc_index; } fl4 = &inet->cork.fl.u.ip4; rt = ip_route_connect(fl4, usin->sin_addr.s_addr, saddr, oif, diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh index 03b586760164..31c3b6ebd388 100755 --- a/tools/testing/selftests/net/fcnal-test.sh +++ b/tools/testing/selftests/net/fcnal-test.sh @@ -1466,6 +1466,13 @@ ipv4_udp_novrf() run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF" + log_start + run_cmd_nsb nettest -D -s & + sleep 1 + run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -0 ${NSA_IP} -U + log_test_addr ${a} $? 0 "Client, device bind via IP_UNICAST_IF, with connect()" + + log_start show_hint "Should fail 'Connection refused'" run_cmd nettest -D -r ${a} @@ -1525,6 +1532,13 @@ ipv4_udp_novrf() run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection" + log_start + run_cmd nettest -s -D & + sleep 1 + run_cmd nettest -D -d ${NSA_DEV} -S -r ${a} -U + log_test_addr ${a} $? 0 "Global server, device client via IP_UNICAST_IF, local connection, with connect()" + + # IPv4 with device bind has really weird behavior - it overrides the # fib lookup, generates an rtable and tries to send the packet. This # causes failures for local traffic at different places @@ -1550,6 +1564,15 @@ ipv4_udp_novrf() sleep 1 run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection" + + log_start + show_hint "Should fail since addresses on loopback are out of device scope" + run_cmd nettest -D -s & + sleep 1 + run_cmd nettest -D -r ${a} -d ${NSA_DEV} -S -U + log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with connect()" + + done a=${NSA_IP} @@ -3157,6 +3180,13 @@ ipv6_udp_novrf() sleep 1 run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection" + + log_start + show_hint "Should fail 'No route to host' since addresses on loopback are out of device scope" + run_cmd nettest -6 -D -s & + sleep 1 + run_cmd nettest -6 -D -r ${a} -d ${NSA_DEV} -S -U + log_test_addr ${a} $? 1 "Global server, device client via IP_UNICAST_IF, local connection, with connect()" done a=${NSA_IP6} diff --git a/tools/testing/selftests/net/nettest.c b/tools/testing/selftests/net/nettest.c index d9a6fd2cd9d3..7900fa98eccb 100644 --- a/tools/testing/selftests/net/nettest.c +++ b/tools/testing/selftests/net/nettest.c @@ -127,6 +127,9 @@ struct sock_args { /* ESP in UDP encap test */ int use_xfrm; + + /* use send() and connect() instead of sendto */ + int datagram_connect; }; static int server_mode; @@ -979,6 +982,11 @@ static int send_msg(int sd, void *addr, socklen_t alen, struct sock_args *args) log_err_errno("write failed sending msg to peer"); return 1; } + } else if (args->datagram_connect) { + if (send(sd, msg, msglen, 0) < 0) { + log_err_errno("send failed sending msg to peer"); + return 1; + } } else if (args->ifindex && args->use_cmsg) { if (send_msg_cmsg(sd, addr, alen, args->ifindex, args->version)) return 1; @@ -1659,7 +1667,7 @@ static int connectsock(void *addr, socklen_t alen, struct sock_args *args) if (args->has_local_ip && bind_socket(sd, args)) goto err; - if (args->type != SOCK_STREAM) + if (args->type != SOCK_STREAM && !args->datagram_connect) goto out; if (args->password && tcp_md5sig(sd, addr, alen, args)) @@ -1854,7 +1862,7 @@ static int ipc_parent(int cpid, int fd, struct sock_args *args) return client_status; } -#define GETOPT_STR "sr:l:c:p:t:g:P:DRn:M:X:m:d:I:BN:O:SCi6xL:0:1:2:3:Fbqf" +#define GETOPT_STR "sr:l:c:p:t:g:P:DRn:M:X:m:d:I:BN:O:SUCi6xL:0:1:2:3:Fbqf" #define OPT_FORCE_BIND_KEY_IFINDEX 1001 #define OPT_NO_BIND_KEY_IFINDEX 1002 @@ -1891,6 +1899,7 @@ static void print_usage(char *prog) " -I dev bind socket to given device name - server mode\n" " -S use setsockopt (IP_UNICAST_IF or IP_MULTICAST_IF)\n" " to set device binding\n" + " -U Use connect() and send() for datagram sockets\n" " -f bind socket with the IP[V6]_FREEBIND option\n" " -C use cmsg and IP_PKTINFO to specify device binding\n" "\n" @@ -2074,6 +2083,9 @@ int main(int argc, char *argv[]) case 'x': args.use_xfrm = 1; break; + case 'U': + args.datagram_connect = 1; + break; default: print_usage(argv[0]); return 1; -- 2.36.1

2 years, 8 months

3
2
0 0

[PATCH net 0/3] Unsync addresses from ports when stopping aggregated devices

by Benjamin Poirier

This series fixes similar problems in the bonding and team drivers. Because of missing dev_{uc,mc}_unsync() calls, addresses added to underlying devices may be leftover after the aggregated device is deleted. Add the missing calls and a few related tests. Benjamin Poirier (3): net: bonding: Unsync device addresses on ndo_stop net: team: Unsync device addresses on ndo_stop net: Add tests for bonding and team address list management MAINTAINERS | 1 + drivers/net/bonding/bond_main.c | 31 ++++--- drivers/net/team/team.c | 8 ++ tools/testing/selftests/Makefile | 1 + .../selftests/drivers/net/bonding/Makefile | 3 +- .../selftests/drivers/net/bonding/config | 1 + .../drivers/net/bonding/dev_addr_lists.sh | 89 +++++++++++++++++++ .../selftests/drivers/net/bonding/lag_lib.sh | 63 +++++++++++++ .../selftests/drivers/net/team/Makefile | 6 ++ .../testing/selftests/drivers/net/team/config | 3 + .../drivers/net/team/dev_addr_lists.sh | 51 +++++++++++ 11 files changed, 246 insertions(+), 11 deletions(-) create mode 100755 tools/testing/selftests/drivers/net/bonding/dev_addr_lists.sh create mode 100644 tools/testing/selftests/drivers/net/bonding/lag_lib.sh create mode 100644 tools/testing/selftests/drivers/net/team/Makefile create mode 100644 tools/testing/selftests/drivers/net/team/config create mode 100755 tools/testing/selftests/drivers/net/team/dev_addr_lists.sh -- 2.36.1

2 years, 8 months

2
6
0 0

[PATCH -next 0/5] Optimize and bugfix for cpu-on-off-test.sh

by Zhao Gongyi

1. Correct log info 2. Replace exit with return to make the test exit gracefully 3. Delete fault injection related code 4. Reserve one cpu online when the test offline all cpus 5. Add log info when run full test successfully Zhao Gongyi (5): selftests/cpu-hotplug: Correct log info selftests/cpu-hotplug: Replace exit with return selftests/cpu-hotplug: Delete fault injection related code selftests/cpu-hotplug: Reserve one cpu online at least selftests/cpu-hotplug: Add log info when test success tools/testing/selftests/cpu-hotplug/Makefile | 2 +- tools/testing/selftests/cpu-hotplug/config | 1 - .../selftests/cpu-hotplug/cpu-on-off-test.sh | 150 ++++-------------- 3 files changed, 29 insertions(+), 124 deletions(-) delete mode 100644 tools/testing/selftests/cpu-hotplug/config -- 2.17.1

2 years, 8 months

2
7
0 0

[PATCH v2 5/6] selftests/sgx: retry the ioctls returned with EAGAIN

by Jarkko Sakkinen

From: Haitao Huang <haitao.huang(a)linux.intel.com> For EMODT and EREMOVE ioctls with a large range, kernel may not finish in one shot and return EAGAIN error code and count of bytes of EPC pages on that operations are finished successfully. Change the unclobbered_vdso_oversubscribed_remove test to rerun the ioctls in a loop, updating offset and length using the byte count returned in each iteration. Signed-off-by: Haitao Huang <haitao.huang(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v2: * Changed branching in EAGAIN condition so that else branch is not required. * Addressed Reinette's feedback: https://lore.kernel.org/linux-sgx/5d19be91-3aef-5cbe-6063-3ff3dbd5572b@inte… --- tools/testing/selftests/sgx/main.c | 42 ++++++++++++++++++++++++------ 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c index c5aa9f323745..f42941da3bbe 100644 --- a/tools/testing/selftests/sgx/main.c +++ b/tools/testing/selftests/sgx/main.c @@ -395,6 +395,7 @@ TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900) struct encl_segment *heap; unsigned long total_mem; int ret, errno_save; + unsigned long count; unsigned long addr; unsigned long i; @@ -458,16 +459,30 @@ TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900) modt_ioc.offset = heap->offset; modt_ioc.length = heap->size; modt_ioc.page_type = SGX_PAGE_TYPE_TRIM; - + count = 0; TH_LOG("Changing type of %zd bytes to trimmed may take a while ...", heap->size); - ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPES, &modt_ioc); - errno_save = ret == -1 ? errno : 0; + do { + ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_MODIFY_TYPES, &modt_ioc); + + errno_save = ret == -1 ? errno : 0; + if (errno_save != EAGAIN) + break; + + EXPECT_EQ(modt_ioc.result, 0); + + count += modt_ioc.count; + modt_ioc.offset += modt_ioc.count; + modt_ioc.length -= modt_ioc.count; + modt_ioc.result = 0; + modt_ioc.count = 0; + } while (modt_ioc.length != 0); EXPECT_EQ(ret, 0); EXPECT_EQ(errno_save, 0); EXPECT_EQ(modt_ioc.result, 0); - EXPECT_EQ(modt_ioc.count, heap->size); + count += modt_ioc.count; + EXPECT_EQ(count, heap->size); /* EACCEPT all removed pages. */ addr = self->encl.encl_base + heap->offset; @@ -495,15 +510,26 @@ TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900) remove_ioc.offset = heap->offset; remove_ioc.length = heap->size; - + count = 0; TH_LOG("Removing %zd bytes from enclave may take a while ...", heap->size); - ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_REMOVE_PAGES, &remove_ioc); - errno_save = ret == -1 ? errno : 0; + do { + ret = ioctl(self->encl.fd, SGX_IOC_ENCLAVE_REMOVE_PAGES, &remove_ioc); + + errno_save = ret == -1 ? errno : 0; + if (errno_save != EAGAIN) + break; + + count += remove_ioc.count; + remove_ioc.offset += remove_ioc.count; + remove_ioc.length -= remove_ioc.count; + remove_ioc.count = 0; + } while (remove_ioc.length != 0); EXPECT_EQ(ret, 0); EXPECT_EQ(errno_save, 0); - EXPECT_EQ(remove_ioc.count, heap->size); + count += remove_ioc.count; + EXPECT_EQ(count, heap->size); } TEST_F(enclave, clobbered_vdso) -- 2.37.2

2 years, 8 months

2
1
0 0

[PATCH v2 1/6] selftests/sgx: Ignore OpenSSL 3.0 deprecated functions warning

by Jarkko Sakkinen

From: Kristen Carlson Accardi <kristen(a)linux.intel.com> OpenSSL 3.0 deprecates some of the functions used in the SGX selftests, causing build errors on new distros. For now ignore the warnings until support for the functions is no longer available and mark FIXME so that it can be clear this should be removed at some point. Signed-off-by: Kristen Carlson Accardi <kristen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v2: - Kept because does not exist in tip/x86/sgx, which is the maintainer branch for SGX, and is required for selftests. --- tools/testing/selftests/sgx/sigstruct.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c index 50c5ab1aa6fa..a07896a46364 100644 --- a/tools/testing/selftests/sgx/sigstruct.c +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -17,6 +17,12 @@ #include "defines.h" #include "main.h" +/* + * FIXME: OpenSSL 3.0 has deprecated some functions. For now just ignore + * the warnings. + */ +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" + struct q1q2_ctx { BN_CTX *bn_ctx; BIGNUM *m; -- 2.37.2

2 years, 8 months

1
0
0 0

[PATCH linux-next] powerpc/selftests:Use timersub() for gettimeofday()

by cgel.zte＠gmail.com

From: ye xingchen <ye.xingchen(a)zte.com.cn> Use timersub() function to simplify the code. Reported-by: Zeal Robot <zealci(a)zte.com.cn> Signed-off-by: ye xingchen <ye.xingchen(a)zte.com.cn> --- tools/testing/selftests/powerpc/benchmarks/gettimeofday.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/powerpc/benchmarks/gettimeofday.c b/tools/testing/selftests/powerpc/benchmarks/gettimeofday.c index 6b415683357b..580fcac0a09f 100644 --- a/tools/testing/selftests/powerpc/benchmarks/gettimeofday.c +++ b/tools/testing/selftests/powerpc/benchmarks/gettimeofday.c @@ -12,7 +12,7 @@ static int test_gettimeofday(void) { int i; - struct timeval tv_start, tv_end; + struct timeval tv_start, tv_end, tv_diff; gettimeofday(&tv_start, NULL); @@ -20,7 +20,9 @@ static int test_gettimeofday(void) gettimeofday(&tv_end, NULL); } - printf("time = %.6f\n", tv_end.tv_sec - tv_start.tv_sec + (tv_end.tv_usec - tv_start.tv_usec) * 1e-6); + timersub(&tv_start, &tv_end, &tv_diff); + + printf("time = %.6f\n", tv_diff.tv_sec + (tv_diff.tv_usec) * 1e-6); return 0; } -- 2.25.1

2 years, 8 months

2
1
0 0

[PATCH] selftests/sgx: Fix OpenSSL deprecated warning for ERR_get_error_line

by Dhanuka Warusadura

These changes fix the "error: ‘ERR_get_error_line’ is deprecated: Since OpenSSL 3.0" warning. Signed-off-by: Dhanuka Warusadura <wdnuka(a)gmail.com> --- tools/testing/selftests/sgx/sigstruct.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c index 50c5ab1aa6fa..671d9b58e274 100644 --- a/tools/testing/selftests/sgx/sigstruct.c +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -136,7 +136,7 @@ static bool check_crypto_errors(void) break; had_errors = true; - err = ERR_get_error_line(&filename, &line); + err = ERR_peek_last_error_line(&filename, &line); ERR_error_string_n(err, str, sizeof(str)); fprintf(stderr, "crypto: %s: %s:%d\n", str, filename, line); } -- 2.37.2

2 years, 8 months

3
6
0 0

Copie de : Bild: Investieren Sie einmal 250 $ und erhalten Sie ab 1000 $ pro Tag

by Galerie Raymond Dreyfus

Ceci est une copie du message que vous avez envoyé à Galerie Raymond Dreyfus via Galerie Raymond Dreyfus Ceci est un message expédié via http://www.raymond-dreyfus.com/ par : JosephZem <linux-kselftest(a)vger.kernel.org> TOP 3 Handelsroboter, die Menschen zu Millionaren machen http://bitcoin-obituaries.beersec.com/dayli-news-8902

2 years, 8 months

1
0
0 0

Copie de : Bild: Investieren Sie einmal 250 $ und erhalten Sie ab 1000 $ pro Tag

by Galerie Raymond Dreyfus

Ceci est une copie du message que vous avez envoyé à Galerie Raymond Dreyfus via Galerie Raymond Dreyfus Ceci est un message expédié via http://www.raymond-dreyfus.com/ par : JosephZem <linux-kselftest(a)vger.kernel.org> TOP 3 Handelsroboter, die Menschen zu Millionaren machen http://bitcoin-obituaries.beersec.com/dayli-news-8902

2 years, 8 months

1
0
0 0

Copie de : Bild: Investieren Sie einmal 250 $ und erhalten Sie ab 1000 $ pro Tag

by Galerie Raymond Dreyfus

Ceci est une copie du message que vous avez envoyé à Galerie Raymond Dreyfus via Galerie Raymond Dreyfus Ceci est un message expédié via http://www.raymond-dreyfus.com/ par : JosephZem <linux-kselftest(a)vger.kernel.org> TOP 3 Handelsroboter, die Menschen zu Millionaren machen http://bitcoin-obituaries.beersec.com/dayli-news-8902

2 years, 8 months

1
0
0 0

Copie de : Bild: Investieren Sie einmal 250 $ und erhalten Sie ab 1000 $ pro Tag

by Galerie Raymond Dreyfus

Ceci est une copie du message que vous avez envoyé à Galerie Raymond Dreyfus via Galerie Raymond Dreyfus Ceci est un message expédié via http://www.raymond-dreyfus.com/ par : JosephZem <linux-kselftest(a)vger.kernel.org> TOP 3 Handelsroboter, die Menschen zu Millionaren machen http://bitcoin-obituaries.beersec.com/dayli-news-8902

2 years, 8 months

1
0
0 0

Copie de : Bild: Investieren Sie einmal 250 $ und erhalten Sie ab 1000 $ pro Tag

by Galerie Raymond Dreyfus

Ceci est une copie du message que vous avez envoyé à Galerie Raymond Dreyfus via Galerie Raymond Dreyfus Ceci est un message expédié via http://www.raymond-dreyfus.com/ par : JosephZem <linux-kselftest(a)vger.kernel.org> TOP 3 Handelsroboter, die Menschen zu Millionaren machen http://bitcoin-obituaries.beersec.com/dayli-news-8902

2 years, 8 months

1
0
0 0

[PATCH 3/6] selftests/sgx: Ignore OpenSSL 3.0 deprecated functions warning

by Jarkko Sakkinen

From: Kristen Carlson Accardi <kristen(a)linux.intel.com> OpenSSL 3.0 deprecates some of the functions used in the SGX selftests, causing build errors on new distros. For now ignore the warnings until support for the functions is no longer available and mark FIXME so that it can be clear this should be removed at some point. Signed-off-by: Kristen Carlson Accardi <kristen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- tools/testing/selftests/sgx/sigstruct.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c index 50c5ab1aa6fa..a07896a46364 100644 --- a/tools/testing/selftests/sgx/sigstruct.c +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -17,6 +17,12 @@ #include "defines.h" #include "main.h" +/* + * FIXME: OpenSSL 3.0 has deprecated some functions. For now just ignore + * the warnings. + */ +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" + struct q1q2_ctx { BN_CTX *bn_ctx; BIGNUM *m; -- 2.37.2

2 years, 8 months

2
2
0 0

[RFC V2 PATCH 0/8] selftests: KVM: SEV: selftests for fd-based private memory

by Vishal Annapurve

This series implements selftests executing SEV VMs to target the feature floated by Chao via: https://lore.kernel.org/linux-mm/20220706082016.2603916-12-chao.p.peng@linu… Below changes aim to test the fd based approach for guest private memory in context of SEV VMs executing on AMD SEV compatible platforms. sev_private_mem_test.c file adds selftest to access private memory from the guest via private/shared accesses and checking if the contents can be leaked to/accessed by vmm via shared memory view before/after conversions. To allow SEV/SEV-ES VMs to toggle the encryption bit during memory conversion, support is added for mapping guest pagetables to guest va ranges and passing the mapping information to guests via shared pages. This series has dependency on following patch series: 1) V7 series patches from Chao mentioned above. 2) https://lore.kernel.org/lkml/20220810152033.946942-1-pgonda@google.com/T/#u - Series posted by Peter containing patches from Michael and Sean 3) https://lore.kernel.org/lkml/Ywa9T+jKUpaHLu%2Fl@google.com/T/ - Series posted for similar selftests executing non-confidential VMs. Github link for the patches posted as part of this series: https://github.com/vishals4gh/linux/commits/sev_upm_selftests_rfcv2 Vishal Annapurve (8): selftests: kvm: x86_64: Add support for pagetable tracking kvm: Add HVA range operator arch: x86: sev: Populate private memory fd during LAUNCH_UPDATE_DATA selftests: kvm: sev: Support memslots with private memory selftests: kvm: Update usage of private mem lib for SEV VMs selftests: kvm: Support executing SEV VMs with private memory selftests: kvm: Refactor testing logic for private memory selftests: kvm: Add private memory test for SEV VMs arch/x86/kvm/svm/sev.c | 99 ++++++- include/linux/kvm_host.h | 8 + tools/testing/selftests/kvm/.gitignore | 1 + tools/testing/selftests/kvm/Makefile | 2 + .../selftests/kvm/include/kvm_util_base.h | 105 +++++++ .../kvm/include/x86_64/private_mem.h | 10 +- .../include/x86_64/private_mem_test_helper.h | 13 + .../selftests/kvm/include/x86_64/sev.h | 2 + tools/testing/selftests/kvm/lib/kvm_util.c | 78 ++++- .../selftests/kvm/lib/x86_64/private_mem.c | 189 ++++++++++-- .../kvm/lib/x86_64/private_mem_test_helper.c | 273 ++++++++++++++++++ .../selftests/kvm/lib/x86_64/processor.c | 32 ++ tools/testing/selftests/kvm/lib/x86_64/sev.c | 15 +- .../selftests/kvm/x86_64/private_mem_test.c | 246 +--------------- .../kvm/x86_64/sev_private_mem_test.c | 21 ++ virt/kvm/kvm_main.c | 87 +++++- 16 files changed, 880 insertions(+), 301 deletions(-) create mode 100644 tools/testing/selftests/kvm/include/x86_64/private_mem_test_helper.h create mode 100644 tools/testing/selftests/kvm/lib/x86_64/private_mem_test_helper.c create mode 100644 tools/testing/selftests/kvm/x86_64/sev_private_mem_test.c -- 2.37.2.672.g94769d06f0-goog

2 years, 8 months

1
8
0 0

[PATCH v3 0/2] begin KTAP spec v2 process

by frowand.list＠gmail.com

From: Frank Rowand <frank.rowand(a)sony.com> The process to create version 2 of the KTAP Specification is documented in email discussions. I am attempting to capture this information at https://elinux.org/Test_Results_Format_Notes#KTAP_version_2 I am already not following the suggested process, which says: "...please try to follow this principal of one major topic per email thread." I think that is ok in this case because the two patches are related and (hopefully) not controversial. Changes since patch version 2: - correct version 1 change text - version 1 patch 2/2 had not yet been applied when I created version 2, refresh version 2 patch 2/2 for new context Changes since patch version 1: - drop patch 2/2. Jonathan Corbet has already applied this patch into version 1 of the Specification - add new patch 2/2 Frank Rowand (2): ktap_v2: change version to 2-rc in KTAP specification ktap_v2: change "version 1" to "version 2" in examples Documentation/dev-tools/ktap.rst | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) -- Frank Rowand <frank.rowand(a)sony.com>

2 years, 8 months

4
7
0 0

[PATCH bpf-next v7 00/24] Introduce eBPF support for HID devices

by Benjamin Tissoires

Hi, here comes the v7 of the HID-BPF series. Again, for a full explanation of HID-BPF, please refer to the last patch in this series (24/24). This version sees some minor improvements compared to v6, only focusing on the reviews I got. I also wanted to mention that I have started working on the userspace side to "see" how the BPF programs would look when automatically loaded. See the udev-hid-bpf project[0] for the code. The idea is to define the HID-BPF userspace programs so we can reuse the same semantic in the kernel. I am quite happy with the results: this looks pretty similar to a kernel module in term of design. The .bpf.c file is a standalone compilation unit, and instead of having a table of ids, the filename is used (based on the modalias). This allows to have a "probe" like function that we can run to decide if the program needs to be attached or not. All in all, the end result is that we can write the bpf program, compile it locally, and send the result to the user. The user needs to drop the .bpf.o in a local folder, and udev-hid-bpf will pick it up the next time the device is plugged in. No other operations is required. Next step will be to drop the same source file in the kernel source tree, and have some magic to automatically load the compiled program when the device is loaded. Cheers, Benjamin [0] https://gitlab.freedesktop.org/bentiss/udev-hid-bpf (warning: probably not the best rust code ever) Benjamin Tissoires (24): selftests/bpf: fix config for CLS_BPF bpf/verifier: allow kfunc to read user provided context bpf/verifier: do not clear meta in check_mem_size selftests/bpf: add test for accessing ctx from syscall program type bpf/verifier: allow kfunc to return an allocated mem selftests/bpf: Add tests for kfunc returning a memory pointer bpf: prepare for more bpf syscall to be used from kernel and user space. libbpf: add map_get_fd_by_id and map_delete_elem in light skeleton HID: core: store the unique system identifier in hid_device HID: export hid_report_type to uapi HID: convert defines of HID class requests into a proper enum HID: Kconfig: split HID support and hid-core compilation HID: initial BPF implementation selftests/bpf: add tests for the HID-bpf initial implementation HID: bpf: allocate data memory for device_event BPF programs selftests/bpf/hid: add test to change the report size HID: bpf: introduce hid_hw_request() selftests/bpf: add tests for bpf_hid_hw_request HID: bpf: allow to change the report descriptor selftests/bpf: add report descriptor fixup tests selftests/bpf: Add a test for BPF_F_INSERT_HEAD samples/bpf: add new hid_mouse example HID: bpf: add Surface Dial example Documentation: add HID-BPF docs Documentation/hid/hid-bpf.rst | 512 +++++++++ Documentation/hid/index.rst | 1 + drivers/Makefile | 2 +- drivers/hid/Kconfig | 20 +- drivers/hid/Makefile | 2 + drivers/hid/bpf/Kconfig | 18 + drivers/hid/bpf/Makefile | 11 + drivers/hid/bpf/entrypoints/Makefile | 93 ++ drivers/hid/bpf/entrypoints/README | 4 + drivers/hid/bpf/entrypoints/entrypoints.bpf.c | 66 ++ .../hid/bpf/entrypoints/entrypoints.lskel.h | 682 ++++++++++++ drivers/hid/bpf/hid_bpf_dispatch.c | 553 ++++++++++ drivers/hid/bpf/hid_bpf_dispatch.h | 28 + drivers/hid/bpf/hid_bpf_jmp_table.c | 577 ++++++++++ drivers/hid/hid-core.c | 49 +- include/linux/bpf.h | 9 +- include/linux/btf.h | 10 + include/linux/hid.h | 38 +- include/linux/hid_bpf.h | 148 +++ include/uapi/linux/hid.h | 26 +- include/uapi/linux/hid_bpf.h | 25 + kernel/bpf/btf.c | 91 +- kernel/bpf/syscall.c | 10 +- kernel/bpf/verifier.c | 65 +- net/bpf/test_run.c | 23 + samples/bpf/.gitignore | 2 + samples/bpf/Makefile | 27 + samples/bpf/hid_mouse.bpf.c | 134 +++ samples/bpf/hid_mouse.c | 147 +++ samples/bpf/hid_surface_dial.bpf.c | 161 +++ samples/bpf/hid_surface_dial.c | 212 ++++ tools/include/uapi/linux/hid.h | 62 ++ tools/include/uapi/linux/hid_bpf.h | 25 + tools/lib/bpf/skel_internal.h | 23 + tools/testing/selftests/bpf/Makefile | 5 +- tools/testing/selftests/bpf/config | 5 +- tools/testing/selftests/bpf/prog_tests/hid.c | 990 ++++++++++++++++++ .../selftests/bpf/prog_tests/kfunc_call.c | 76 ++ tools/testing/selftests/bpf/progs/hid.c | 206 ++++ .../selftests/bpf/progs/kfunc_call_test.c | 125 +++ 40 files changed, 5184 insertions(+), 79 deletions(-) create mode 100644 Documentation/hid/hid-bpf.rst create mode 100644 drivers/hid/bpf/Kconfig create mode 100644 drivers/hid/bpf/Makefile create mode 100644 drivers/hid/bpf/entrypoints/Makefile create mode 100644 drivers/hid/bpf/entrypoints/README create mode 100644 drivers/hid/bpf/entrypoints/entrypoints.bpf.c create mode 100644 drivers/hid/bpf/entrypoints/entrypoints.lskel.h create mode 100644 drivers/hid/bpf/hid_bpf_dispatch.c create mode 100644 drivers/hid/bpf/hid_bpf_dispatch.h create mode 100644 drivers/hid/bpf/hid_bpf_jmp_table.c create mode 100644 include/linux/hid_bpf.h create mode 100644 include/uapi/linux/hid_bpf.h create mode 100644 samples/bpf/hid_mouse.bpf.c create mode 100644 samples/bpf/hid_mouse.c create mode 100644 samples/bpf/hid_surface_dial.bpf.c create mode 100644 samples/bpf/hid_surface_dial.c create mode 100644 tools/include/uapi/linux/hid.h create mode 100644 tools/include/uapi/linux/hid_bpf.h create mode 100644 tools/testing/selftests/bpf/prog_tests/hid.c create mode 100644 tools/testing/selftests/bpf/progs/hid.c -- 2.36.1

2 years, 8 months

6
44
0 0

kselftest/next kselftest-lkdtm: 3 runs, 1 regressions (linux-kselftest-next-6.0-rc2-5-g997fdfc6b9c0)

by kernelci.org bot

kselftest/next kselftest-lkdtm: 3 runs, 1 regressions (linux-kselftest-next-6.0-rc2-5-g997fdfc6b9c0) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ----------------+------+---------------+----------+------------------------------+------------ imx6q-sabrelite | arm | lab-collabora | gcc-10 | multi_v7_defconfig+kselftest | 1 Details: https://kernelci.org/test/job/kselftest/branch/next/kernel/linux-kselftest-… Test: kselftest-lkdtm Tree: kselftest Branch: next Describe: linux-kselftest-next-6.0-rc2-5-g997fdfc6b9c0 URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git SHA: 997fdfc6b9c041be39ecb9a156cdeeea1a9a4379 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ----------------+------+---------------+----------+------------------------------+------------ imx6q-sabrelite | arm | lab-collabora | gcc-10 | multi_v7_defconfig+kselftest | 1 Details: https://kernelci.org/test/plan/id/630d58c57d995ddce035565d Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig+kselftest Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//kselftest/next/linux-kselftest-next-6.0-rc2-5… HTML log: https://storage.kernelci.org//kselftest/next/linux-kselftest-next-6.0-rc2-5… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bullseye-kselftest/2022082… * kselftest-lkdtm.login: https://kernelci.org/test/case/id/630d58c57d995ddce035565e failing since 7 days (last pass: v6.0-rc1-1-gf1227dc7d0411, first fail: linux-kselftest-next-6.0-rc2-1-gab7039dbcc61)

2 years, 8 months

1
0
0 0

kselftest/next build: 8 builds: 0 failed, 8 passed (linux-kselftest-next-6.0-rc2-5-g997fdfc6b9c0)

by kernelci.org bot

kselftest/next build: 8 builds: 0 failed, 8 passed (linux-kselftest-next-6.0-rc2-5-g997fdfc6b9c0) Full Build Summary: https://kernelci.org/build/kselftest/branch/next/kernel/linux-kselftest-nex… Tree: kselftest Branch: next Git Describe: linux-kselftest-next-6.0-rc2-5-g997fdfc6b9c0 Git Commit: 997fdfc6b9c041be39ecb9a156cdeeea1a9a4379 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git Built: 4 unique architectures ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- defconfig+kselftest (arm64, clang-15) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, clang-15) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig+kselftest (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v7_defconfig+kselftest (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, clang-15) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

2 years, 8 months

1
0
0 0

[PATCH v2] kunit: fix assert_type for comparison macros

by Sander Vanheule

When replacing KUNIT_BINARY_*_MSG_ASSERTION() macros with KUNIT_BINARY_INT_ASSERTION(), the assert_type parameter was not always correctly transferred. Specifically, the following errors were introduced: - KUNIT_EXPECT_LE_MSG() uses KUNIT_ASSERTION - KUNIT_ASSERT_LT_MSG() uses KUNIT_EXPECTATION - KUNIT_ASSERT_GT_MSG() uses KUNIT_EXPECTATION A failing KUNIT_EXPECT_LE_MSG() test thus prevents further tests from running, while failing KUNIT_ASSERT_{LT,GT}_MSG() tests do not prevent further tests from running. This is contrary to the documentation, which states that failing KUNIT_EXPECT_* macros allow further tests to run, while failing KUNIT_ASSERT_* macros should prevent this. Revert the KUNIT_{ASSERTION,EXPECTATION} switches to fix the behaviour for the affected macros. Fixes: 40f39777ce4f ("kunit: decrease macro layering for integer asserts") Signed-off-by: Sander Vanheule <sander(a)svanheule.net> --- include/kunit/test.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/kunit/test.h b/include/kunit/test.h index c958855681cc..840a2c375065 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -826,7 +826,7 @@ do { \ #define KUNIT_EXPECT_LE_MSG(test, left, right, fmt, ...) \ KUNIT_BINARY_INT_ASSERTION(test, \ - KUNIT_ASSERTION, \ + KUNIT_EXPECTATION, \ left, <=, right, \ fmt, \ ##__VA_ARGS__) @@ -1116,7 +1116,7 @@ do { \ #define KUNIT_ASSERT_LT_MSG(test, left, right, fmt, ...) \ KUNIT_BINARY_INT_ASSERTION(test, \ - KUNIT_EXPECTATION, \ + KUNIT_ASSERTION, \ left, <, right, \ fmt, \ ##__VA_ARGS__) @@ -1157,7 +1157,7 @@ do { \ #define KUNIT_ASSERT_GT_MSG(test, left, right, fmt, ...) \ KUNIT_BINARY_INT_ASSERTION(test, \ - KUNIT_EXPECTATION, \ + KUNIT_ASSERTION, \ left, >, right, \ fmt, \ ##__VA_ARGS__) -- 2.37.2

2 years, 8 months

3
2
0 0

[PATCH v2] selftests/bpf: Fix bind{4,6} tcp/socket header type conflict

by James Hilliard

There is a potential for us to hit a type conflict when including netinet/tcp.h with sys/socket.h, we can remove these as they are not actually needed. Fixes errors like: In file included from /usr/include/netinet/tcp.h:91, from progs/bind4_prog.c:10: /home/buildroot/opt/cross/lib/gcc/bpf/13.0.0/include/stdint.h:34:23: error: conflicting types for 'int8_t'; have 'char' 34 | typedef __INT8_TYPE__ int8_t; | ^~~~~~ In file included from /usr/include/x86_64-linux-gnu/sys/types.h:155, from /usr/include/x86_64-linux-gnu/bits/socket.h:29, from /usr/include/x86_64-linux-gnu/sys/socket.h:33, from progs/bind4_prog.c:9: /usr/include/x86_64-linux-gnu/bits/stdint-intn.h:24:18: note: previous declaration of 'int8_t' with type 'int8_t' {aka 'signed char'} 24 | typedef __int8_t int8_t; | ^~~~~~ /home/buildroot/opt/cross/lib/gcc/bpf/13.0.0/include/stdint.h:43:24: error: conflicting types for 'int64_t'; have 'long int' 43 | typedef __INT64_TYPE__ int64_t; | ^~~~~~~ /usr/include/x86_64-linux-gnu/bits/stdint-intn.h:27:19: note: previous declaration of 'int64_t' with type 'int64_t' {aka 'long long int'} 27 | typedef __int64_t int64_t; | ^~~~~~~ make: *** [Makefile:537: /home/buildroot/bpf-next/tools/testing/selftests/bpf/bpf_gcc/bind4_prog.o] Error 1 Signed-off-by: James Hilliard <james.hilliard1(a)gmail.com> --- Changes v1 -> v2: - just remove netinet/tcp.h and sys/socket.h --- tools/testing/selftests/bpf/progs/bind4_prog.c | 2 -- tools/testing/selftests/bpf/progs/bind6_prog.c | 2 -- 2 files changed, 4 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/bind4_prog.c b/tools/testing/selftests/bpf/progs/bind4_prog.c index 474c6a62078a..a487f60b73ac 100644 --- a/tools/testing/selftests/bpf/progs/bind4_prog.c +++ b/tools/testing/selftests/bpf/progs/bind4_prog.c @@ -6,8 +6,6 @@ #include <linux/bpf.h> #include <linux/in.h> #include <linux/in6.h> -#include <sys/socket.h> -#include <netinet/tcp.h> #include <linux/if.h> #include <errno.h> diff --git a/tools/testing/selftests/bpf/progs/bind6_prog.c b/tools/testing/selftests/bpf/progs/bind6_prog.c index c19cfa869f30..d62cd9e9cf0e 100644 --- a/tools/testing/selftests/bpf/progs/bind6_prog.c +++ b/tools/testing/selftests/bpf/progs/bind6_prog.c @@ -6,8 +6,6 @@ #include <linux/bpf.h> #include <linux/in.h> #include <linux/in6.h> -#include <sys/socket.h> -#include <netinet/tcp.h> #include <linux/if.h> #include <errno.h> -- 2.34.1

2 years, 8 months

3
5
0 0

[PATCH v11 1/3] x86/tdx: Add TDX Guest attestation interface driver

by Kuppuswamy Sathyanarayanan

Attestation is used to verify the TDX guest trustworthiness to other entities before provisioning secrets to the guest. For example, a key server may request for attestation before releasing the encryption keys to mount the encrypted rootfs or secondary drive. During the TDX guest launch, the initial contents (including the firmware image) and configuration of the guest are recorded by the Intel TDX module in build time measurement register (MRTD). After TDX guest is created, run-time measurement registers (RTMRs) can be used by the guest software to extend the measurements. TDX supports 4 RTMR registers, and TDG.MR.RTMR.EXTEND TDCALL is used to update the RTMR registers securely. RTMRs are mainly used to record measurements related to sections like the kernel image, command line parameters, initrd, ACPI tables, firmware data, configuration firmware volume (CFV) of TDVF, etc. For complete details, please refer to TDX Virtual Firmware design specification, sec titled "TD Measurement". At TDX guest runtime, the Intel TDX module reuses the Intel SGX attestation infrastructure to provide support for attesting to these measurements as described below. The attestation process consists of two steps: TDREPORT generation and Quote generation. TDREPORT (TDREPORT_STRUCT) is a fixed-size data structure generated by the TDX module which contains guest-specific information (such as build and boot measurements), platform security version, and the MAC to protect the integrity of the TDREPORT. The guest kernel uses TDCALL[TDG.MR.REPORT] to get the TDREPORT from the TDX module. A user-provided 64-Byte REPORTDATA is used as input and included in the TDREPORT. Typically it can be some nonce provided by attestation service so the TDREPORT can be verified uniquely. More details about the TDREPORT can be found in Intel TDX Module specification, section titled "TDG.MR.REPORT Leaf". TDREPORT by design can only be verified on the local platform as the MAC key is bound to the platform. To support remote verification of the TDREPORT, TDX leverages Intel SGX Quote Enclave (QE) to verify the TDREPORT locally and convert it to a remote verifiable Quote. After getting the TDREPORT, the second step of the attestation process is to send it to the QE to generate the Quote. TDX doesn't support SGX inside the guest, so the QE can be deployed in the host, or in another legacy VM with SGX support. QE checks the integrity of TDREPORT and if it is valid, a certified quote signing key is used to sign the Quote. How to send the TDREPORT to QE and receive the Quote is implementation and deployment specific. Implement a basic guest misc driver to allow userspace to get the TDREPORT. After getting TDREPORT, the userspace attestation software can choose whatever communication channel available (i.e. vsock or hypercall) to send the TDREPORT to QE and receive the Quote. Also note that explicit access permissions are not enforced in this driver because the quote and measurements are not a secret. However the access permissions of the device node can be used to set any desired access policy. The udev default is usually root access only. Operations like getting TDREPORT or Quote generation involves sending a blob of data as input and getting another blob of data as output. It was considered to use a sysfs interface for this, but it doesn't fit well into the standard sysfs model for configuring values. It would be possible to do read/write on files, but it would need multiple file descriptors, which would be somewhat messy. IOCTLs seems to be the best fitting and simplest model for this use case. This is similar to AMD SEV platform, which also uses IOCTL interface to support attestation. Any distribution enabling TDX is also expected to need attestation. So enable it by default with TDX guest support. Reviewed-by: Tony Luck <tony.luck(a)intel.com> Reviewed-by: Andi Kleen <ak(a)linux.intel.com> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Acked-by: Kai Huang <kai.huang(a)intel.com> Acked-by: Wander Lairson Costa <wander(a)redhat.com> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> --- Changes since v10: * Replaced TD/TD Guest usage with TDX Guest or Guest. * Removed unnecessary comments. * Added more validation to user input in tdx_get_report(). * Used u64_to_user_ptr when reading user u64 pointers. * Fixed commit log as per review comments. Changes since v9: * Dropped the cover letter. Since this patch set only adds TDREPORT support, the commit log itself has all the required details. * Dropped the Quote support and event IRQ support as per Dave's review suggestion. * Dropped attest.c and moved its contents to tdx.c * Updated commit log and comments to reflect latest changes. Changes since v8: * Please refer to https://lore.kernel.org/all/ \ 20220728034420.648314-1-sathyanarayanan.kuppuswamy(a)linux.intel.com/ arch/x86/coco/tdx/tdx.c | 114 ++++++++++++++++++++++++++++++++ arch/x86/include/uapi/asm/tdx.h | 51 ++++++++++++++ 2 files changed, 165 insertions(+) create mode 100644 arch/x86/include/uapi/asm/tdx.h diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 928dcf7a20d9..0888bdf93a4e 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -5,16 +5,21 @@ #define pr_fmt(fmt) "tdx: " fmt #include <linux/cpufeature.h> +#include <linux/miscdevice.h> +#include <linux/mm.h> +#include <linux/io.h> #include <asm/coco.h> #include <asm/tdx.h> #include <asm/vmx.h> #include <asm/insn.h> #include <asm/insn-eval.h> #include <asm/pgtable.h> +#include <uapi/asm/tdx.h> /* TDX module Call Leaf IDs */ #define TDX_GET_INFO 1 #define TDX_GET_VEINFO 3 +#define TDX_GET_REPORT 4 #define TDX_ACCEPT_PAGE 6 /* TDX hypercall Leaf IDs */ @@ -34,6 +39,10 @@ #define VE_GET_PORT_NUM(e) ((e) >> 16) #define VE_IS_IO_STRING(e) ((e) & BIT(4)) +#define DRIVER_NAME "tdx-guest" + +static struct miscdevice tdx_misc_dev; + /* * Wrapper for standard use of __tdx_hypercall with no output aside from * return code. @@ -775,3 +784,108 @@ void __init tdx_early_init(void) pr_info("Guest detected\n"); } + +static long tdx_get_report(void __user *argp) +{ + u8 *reportdata, *tdreport; + struct tdx_report_req req; + long ret; + + if (copy_from_user(&req, argp, sizeof(req))) + return -EFAULT; + + /* + * Per TDX Module 1.0 specification, section titled + * "TDG.MR.REPORT", REPORTDATA length is fixed as + * TDX_REPORTDATA_LEN, TDREPORT length is fixed as + * TDX_REPORT_LEN, and TDREPORT subtype is fixed as + * 0. Also check for valid user pointers. + */ + if (!req.reportdata || !req.tdreport || req.subtype || + req.rpd_len != TDX_REPORTDATA_LEN || + req.tdr_len != TDX_REPORT_LEN) + return -EINVAL; + + reportdata = kmalloc(req.rpd_len, GFP_KERNEL); + if (!reportdata) + return -ENOMEM; + + tdreport = kzalloc(req.tdr_len, GFP_KERNEL); + if (!tdreport) { + kfree(reportdata); + return -ENOMEM; + } + + if (copy_from_user(reportdata, u64_to_user_ptr(req.reportdata), + req.rpd_len)) { + ret = -EFAULT; + goto out; + } + + /* + * Generate TDREPORT using "TDG.MR.REPORT" TDCALL. + * + * Get the TDREPORT using REPORTDATA as input. Refer to + * section 22.3.3 TDG.MR.REPORT leaf in the TDX Module 1.0 + * Specification for detailed information. + */ + ret = __tdx_module_call(TDX_GET_REPORT, virt_to_phys(tdreport), + virt_to_phys(reportdata), req.subtype, + 0, NULL); + if (ret) { + ret = -EIO; + goto out; + } + + if (copy_to_user(u64_to_user_ptr(req.tdreport), tdreport, req.tdr_len)) + ret = -EFAULT; + +out: + kfree(reportdata); + kfree(tdreport); + return ret; +} +static long tdx_guest_ioctl(struct file *file, unsigned int cmd, + unsigned long arg) +{ + void __user *argp = (void __user *)arg; + long ret = -EINVAL; + + switch (cmd) { + case TDX_CMD_GET_REPORT: + ret = tdx_get_report(argp); + break; + default: + pr_debug("cmd %d not supported\n", cmd); + break; + } + + return ret; +} + +static const struct file_operations tdx_guest_fops = { + .owner = THIS_MODULE, + .unlocked_ioctl = tdx_guest_ioctl, + .llseek = no_llseek, +}; + +static int __init tdx_guest_init(void) +{ + int ret; + + if (!cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) + return -EIO; + + tdx_misc_dev.name = DRIVER_NAME; + tdx_misc_dev.minor = MISC_DYNAMIC_MINOR; + tdx_misc_dev.fops = &tdx_guest_fops; + + ret = misc_register(&tdx_misc_dev); + if (ret) { + pr_err("misc device registration failed\n"); + return ret; + } + + return 0; +} +device_initcall(tdx_guest_init) diff --git a/arch/x86/include/uapi/asm/tdx.h b/arch/x86/include/uapi/asm/tdx.h new file mode 100644 index 000000000000..c1667b20fe20 --- /dev/null +++ b/arch/x86/include/uapi/asm/tdx.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef _UAPI_ASM_X86_TDX_H +#define _UAPI_ASM_X86_TDX_H + +#include <linux/types.h> +#include <linux/ioctl.h> + +/* Length of the REPORTDATA used in TDG.MR.REPORT TDCALL */ +#define TDX_REPORTDATA_LEN 64 + +/* Length of TDREPORT used in TDG.MR.REPORT TDCALL */ +#define TDX_REPORT_LEN 1024 + +/** + * struct tdx_report_req: Get TDREPORT using REPORTDATA as input. + * + * @subtype : Subtype of TDREPORT (fixed as 0 by TDX Module + * specification, but added a parameter to handle + * future extension). + * @reportdata : User-defined REPORTDATA to be included into + * TDREPORT. Typically it can be some nonce + * provided by attestation service, so the + * generated TDREPORT can be uniquely verified. + * @rpd_len : Length of the REPORTDATA (fixed as 64 bytes by + * the TDX Module specification, but parameter is + * added to handle future extension). + * @tdreport : TDREPORT output from TDCALL[TDG.MR.REPORT]. + * @tdr_len : Length of the TDREPORT (fixed as 1024 bytes by + * the TDX Module specification, but a parameter + * is added to accommodate future extension). + * + * Used in TDX_CMD_GET_REPORT IOCTL request. + */ +struct tdx_report_req { + __u8 subtype; + __u64 reportdata; + __u32 rpd_len; + __u64 tdreport; + __u32 tdr_len; +}; + +/* + * TDX_CMD_GET_REPORT - Get TDREPORT using TDCALL[TDG.MR.REPORT] + * + * Return 0 on success, -EIO on TDCALL execution failure, and + * standard errno on other general error cases. + * + */ +#define TDX_CMD_GET_REPORT _IOWR('T', 0x01, __u64) + +#endif /* _UAPI_ASM_X86_TDX_H */ -- 2.25.1

2 years, 8 months

5
14
0 0

[PATCH v2] selftests/bpf: Fix connect4_prog tcp/socket header type conflict

by James Hilliard

There is a potential for us to hit a type conflict when including netinet/tcp.h and sys/socket.h, we can replace both of these includes with linux/tcp.h and bpf_tcp_helpers.h to avoid this conflict. Fixes the following error: In file included from /usr/include/netinet/tcp.h:91, from progs/connect4_prog.c:11: /home/buildroot/opt/cross/lib/gcc/bpf/13.0.0/include/stdint.h:34:23: error: conflicting types for 'int8_t'; have 'char' 34 | typedef __INT8_TYPE__ int8_t; | ^~~~~~ In file included from /usr/include/x86_64-linux-gnu/sys/types.h:155, from /usr/include/x86_64-linux-gnu/bits/socket.h:29, from /usr/include/x86_64-linux-gnu/sys/socket.h:33, from progs/connect4_prog.c:10: /usr/include/x86_64-linux-gnu/bits/stdint-intn.h:24:18: note: previous declaration of 'int8_t' with type 'int8_t' {aka 'signed char'} 24 | typedef __int8_t int8_t; | ^~~~~~ /home/buildroot/opt/cross/lib/gcc/bpf/13.0.0/include/stdint.h:43:24: error: conflicting types for 'int64_t'; have 'long int' 43 | typedef __INT64_TYPE__ int64_t; | ^~~~~~~ /usr/include/x86_64-linux-gnu/bits/stdint-intn.h:27:19: note: previous declaration of 'int64_t' with type 'int64_t' {aka 'long long int'} 27 | typedef __int64_t int64_t; | ^~~~~~~ Signed-off-by: James Hilliard <james.hilliard1(a)gmail.com> --- Changes v1 -> v2: - use bpf_tcp_helpers.h so we can use SOL_TCP --- tools/testing/selftests/bpf/progs/connect4_prog.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/connect4_prog.c b/tools/testing/selftests/bpf/progs/connect4_prog.c index b241932911db..23d85f5027d3 100644 --- a/tools/testing/selftests/bpf/progs/connect4_prog.c +++ b/tools/testing/selftests/bpf/progs/connect4_prog.c @@ -7,13 +7,13 @@ #include <linux/bpf.h> #include <linux/in.h> #include <linux/in6.h> -#include <sys/socket.h> -#include <netinet/tcp.h> +#include <linux/tcp.h> #include <linux/if.h> #include <errno.h> #include <bpf/bpf_helpers.h> #include <bpf/bpf_endian.h> +#include "bpf_tcp_helpers.h" #define SRC_REWRITE_IP4 0x7f000004U #define DST_REWRITE_IP4 0x7f000001U -- 2.34.1

2 years, 8 months

2
1
0 0

[PATCH] selftests/bpf: Fix bind{4,6} tcp/socket header type conflict

by James Hilliard

There is a potential for us to hit a type conflict when including netinet/tcp.h with sys/socket.h, we can replace both of these includes with linux/tcp.h to avoid this conflict. Fixes errors like: In file included from /usr/include/netinet/tcp.h:91, from progs/bind4_prog.c:10: /home/buildroot/opt/cross/lib/gcc/bpf/13.0.0/include/stdint.h:34:23: error: conflicting types for 'int8_t'; have 'char' 34 | typedef __INT8_TYPE__ int8_t; | ^~~~~~ In file included from /usr/include/x86_64-linux-gnu/sys/types.h:155, from /usr/include/x86_64-linux-gnu/bits/socket.h:29, from /usr/include/x86_64-linux-gnu/sys/socket.h:33, from progs/bind4_prog.c:9: /usr/include/x86_64-linux-gnu/bits/stdint-intn.h:24:18: note: previous declaration of 'int8_t' with type 'int8_t' {aka 'signed char'} 24 | typedef __int8_t int8_t; | ^~~~~~ /home/buildroot/opt/cross/lib/gcc/bpf/13.0.0/include/stdint.h:43:24: error: conflicting types for 'int64_t'; have 'long int' 43 | typedef __INT64_TYPE__ int64_t; | ^~~~~~~ /usr/include/x86_64-linux-gnu/bits/stdint-intn.h:27:19: note: previous declaration of 'int64_t' with type 'int64_t' {aka 'long long int'} 27 | typedef __int64_t int64_t; | ^~~~~~~ make: *** [Makefile:537: /home/buildroot/bpf-next/tools/testing/selftests/bpf/bpf_gcc/bind4_prog.o] Error 1 Signed-off-by: James Hilliard <james.hilliard1(a)gmail.com> --- tools/testing/selftests/bpf/progs/bind4_prog.c | 3 +-- tools/testing/selftests/bpf/progs/bind6_prog.c | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/bind4_prog.c b/tools/testing/selftests/bpf/progs/bind4_prog.c index 474c6a62078a..6bd20042fd53 100644 --- a/tools/testing/selftests/bpf/progs/bind4_prog.c +++ b/tools/testing/selftests/bpf/progs/bind4_prog.c @@ -6,8 +6,7 @@ #include <linux/bpf.h> #include <linux/in.h> #include <linux/in6.h> -#include <sys/socket.h> -#include <netinet/tcp.h> +#include <linux/tcp.h> #include <linux/if.h> #include <errno.h> diff --git a/tools/testing/selftests/bpf/progs/bind6_prog.c b/tools/testing/selftests/bpf/progs/bind6_prog.c index c19cfa869f30..f37617b35a55 100644 --- a/tools/testing/selftests/bpf/progs/bind6_prog.c +++ b/tools/testing/selftests/bpf/progs/bind6_prog.c @@ -6,8 +6,7 @@ #include <linux/bpf.h> #include <linux/in.h> #include <linux/in6.h> -#include <sys/socket.h> -#include <netinet/tcp.h> +#include <linux/tcp.h> #include <linux/if.h> #include <errno.h> -- 2.34.1

2 years, 8 months

5
15
0 0

[PATCH] selftests/bpf: Fix connect4_prog tcp/socket header type conflict

by James Hilliard

There is a potential for us to hit a type conflict when including netinet/tcp.h and sys/socket.h, we can replace both of these includes with linux/tcp.h to avoid this conflict. We also need to replace SOL_TCP with equivalent IPPROTO_TCP. Fixes the following error: In file included from /usr/include/netinet/tcp.h:91, from progs/connect4_prog.c:11: /home/buildroot/opt/cross/lib/gcc/bpf/13.0.0/include/stdint.h:34:23: error: conflicting types for 'int8_t'; have 'char' 34 | typedef __INT8_TYPE__ int8_t; | ^~~~~~ In file included from /usr/include/x86_64-linux-gnu/sys/types.h:155, from /usr/include/x86_64-linux-gnu/bits/socket.h:29, from /usr/include/x86_64-linux-gnu/sys/socket.h:33, from progs/connect4_prog.c:10: /usr/include/x86_64-linux-gnu/bits/stdint-intn.h:24:18: note: previous declaration of 'int8_t' with type 'int8_t' {aka 'signed char'} 24 | typedef __int8_t int8_t; | ^~~~~~ /home/buildroot/opt/cross/lib/gcc/bpf/13.0.0/include/stdint.h:43:24: error: conflicting types for 'int64_t'; have 'long int' 43 | typedef __INT64_TYPE__ int64_t; | ^~~~~~~ /usr/include/x86_64-linux-gnu/bits/stdint-intn.h:27:19: note: previous declaration of 'int64_t' with type 'int64_t' {aka 'long long int'} 27 | typedef __int64_t int64_t; | ^~~~~~~ Signed-off-by: James Hilliard <james.hilliard1(a)gmail.com> --- .../selftests/bpf/progs/connect4_prog.c | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/connect4_prog.c b/tools/testing/selftests/bpf/progs/connect4_prog.c index b241932911db..0f68b8d756b3 100644 --- a/tools/testing/selftests/bpf/progs/connect4_prog.c +++ b/tools/testing/selftests/bpf/progs/connect4_prog.c @@ -7,8 +7,7 @@ #include <linux/bpf.h> #include <linux/in.h> #include <linux/in6.h> -#include <sys/socket.h> -#include <netinet/tcp.h> +#include <linux/tcp.h> #include <linux/if.h> #include <errno.h> @@ -52,7 +51,7 @@ static __inline int verify_cc(struct bpf_sock_addr *ctx, char buf[TCP_CA_NAME_MAX]; int i; - if (bpf_getsockopt(ctx, SOL_TCP, TCP_CONGESTION, &buf, sizeof(buf))) + if (bpf_getsockopt(ctx, IPPROTO_TCP, TCP_CONGESTION, &buf, sizeof(buf))) return 1; for (i = 0; i < TCP_CA_NAME_MAX; i++) { @@ -70,12 +69,12 @@ static __inline int set_cc(struct bpf_sock_addr *ctx) char reno[TCP_CA_NAME_MAX] = "reno"; char cubic[TCP_CA_NAME_MAX] = "cubic"; - if (bpf_setsockopt(ctx, SOL_TCP, TCP_CONGESTION, &reno, sizeof(reno))) + if (bpf_setsockopt(ctx, IPPROTO_TCP, TCP_CONGESTION, &reno, sizeof(reno))) return 1; if (verify_cc(ctx, reno)) return 1; - if (bpf_setsockopt(ctx, SOL_TCP, TCP_CONGESTION, &cubic, sizeof(cubic))) + if (bpf_setsockopt(ctx, IPPROTO_TCP, TCP_CONGESTION, &cubic, sizeof(cubic))) return 1; if (verify_cc(ctx, cubic)) return 1; @@ -113,15 +112,15 @@ static __inline int set_keepalive(struct bpf_sock_addr *ctx) if (bpf_setsockopt(ctx, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one))) return 1; if (ctx->type == SOCK_STREAM) { - if (bpf_setsockopt(ctx, SOL_TCP, TCP_KEEPIDLE, &one, sizeof(one))) + if (bpf_setsockopt(ctx, IPPROTO_TCP, TCP_KEEPIDLE, &one, sizeof(one))) return 1; - if (bpf_setsockopt(ctx, SOL_TCP, TCP_KEEPINTVL, &one, sizeof(one))) + if (bpf_setsockopt(ctx, IPPROTO_TCP, TCP_KEEPINTVL, &one, sizeof(one))) return 1; - if (bpf_setsockopt(ctx, SOL_TCP, TCP_KEEPCNT, &one, sizeof(one))) + if (bpf_setsockopt(ctx, IPPROTO_TCP, TCP_KEEPCNT, &one, sizeof(one))) return 1; - if (bpf_setsockopt(ctx, SOL_TCP, TCP_SYNCNT, &one, sizeof(one))) + if (bpf_setsockopt(ctx, IPPROTO_TCP, TCP_SYNCNT, &one, sizeof(one))) return 1; - if (bpf_setsockopt(ctx, SOL_TCP, TCP_USER_TIMEOUT, &one, sizeof(one))) + if (bpf_setsockopt(ctx, IPPROTO_TCP, TCP_USER_TIMEOUT, &one, sizeof(one))) return 1; } if (bpf_setsockopt(ctx, SOL_SOCKET, SO_KEEPALIVE, &zero, sizeof(zero))) @@ -135,7 +134,7 @@ static __inline int set_notsent_lowat(struct bpf_sock_addr *ctx) int lowat = 65535; if (ctx->type == SOCK_STREAM) { - if (bpf_setsockopt(ctx, SOL_TCP, TCP_NOTSENT_LOWAT, &lowat, sizeof(lowat))) + if (bpf_setsockopt(ctx, IPPROTO_TCP, TCP_NOTSENT_LOWAT, &lowat, sizeof(lowat))) return 1; } -- 2.34.1

2 years, 8 months

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror