- Linux-kselftest-mirror - lists.linaro.org

[PATCH v4 0/4] bpf: Add bpf_verify_pkcs7_signature() helper

by Roberto Sassu

One of the desirable features in security is the ability to restrict import of data to a given system based on data authenticity. If data import can be restricted, it would be possible to enforce a system-wide policy based on the signing keys the system owner trusts. This feature is widely used in the kernel. For example, if the restriction is enabled, kernel modules can be plugged in only if they are signed with a key whose public part is in the primary or secondary keyring. For eBPF, it can be useful as well. For example, it might be useful to authenticate data an eBPF program makes security decisions on. After a discussion in the eBPF mailing list, it was decided that the stated goal should be accomplished by introducing a new helper: bpf_verify_pkcs7_signature(), dedicated to verify PKCS#7 signatures. More helpers will be introduced later, as necessary. The job of bpf_verify_pkcs7_signature() is simply to call the corresponding signature verification function verify_pkcs7_signature(). Data and signature can be provided to the new helper with two dynamic pointers, to reduce the number of parameters. The keyring containing the signature verification key can be obtained with a new helper called bpf_request_key_by_id(). For now, keyrings can be obtained with an identifier defined in verification.h (except for the special value ULONG_MAX, used for testing). In the future, keyring can be searched also by their description. This functionality has not been included here in this patch set, as would require additional care for decrementing the reference count of the keyring. It could be added later. While bpf_request_key_by_id() can be called from any program, bpf_verify_pkcs7_signature(), instead, must be called by a sleepable program, as it is doing crypto operations. For the latter, for example, lsm.s/bpf is suitable, fexit/array_map_update_elem is not. The added test, which invokes both helpers, checks the ability of an eBPF program to verify module-style appended signatures, as produced by the kernel tool sign-file, currently used to sign kernel modules. The patch set is organized as follows. Patch 1 exports bpf_dynptr_get_size(), to obtain the real size of data carried by a dynamic pointer. Patch 2 introduces the bpf_request_key_by_id() helper. Patch 3 introduces the bpf_verify_pkcs7_signature() helper. Finally, patch 4 adds a test for both helpers. Changelog v3: - Rename bpf_verify_signature() back to bpf_verify_pkcs7_signature() to avoid managing different parameters for each signature verification function in one helper (suggested by Daniel) - Use dynamic pointers and export bpf_dynptr_get_size() (suggested by Alexei) - Introduce bpf_request_key_by_id() to give more flexibility to the caller of bpf_verify_pkcs7_signature() to retrieve the appropriate keyring (suggested by Alexei) - Fix test by reordering the gcc command line, always compile sign-file - Improve helper support check mechanism in the test v2: - Rename bpf_verify_pkcs7_signature() to a more generic bpf_verify_signature() and pass the signature type (suggested by KP) - Move the helper and prototype declaration under #ifdef so that user space can probe for support for the helper (suggested by Daniel) - Describe better the keyring types (suggested by Daniel) - Include linux/bpf.h instead of vmlinux.h to avoid implicit or redeclaration - Make the test selfcontained (suggested by Alexei) v1: - Don't define new map flag but introduce simple wrapper of verify_pkcs7_signature() (suggested by Alexei and KP) Roberto Sassu (4): bpf: Export bpf_dynptr_get_size() bpf: Add bpf_request_key_by_id() helper bpf: Add bpf_verify_pkcs7_signature() helper selftests/bpf: Add test for bpf_verify_pkcs7_signature() helper include/linux/bpf.h | 1 + include/uapi/linux/bpf.h | 25 ++ kernel/bpf/bpf_lsm.c | 60 +++++ kernel/bpf/helpers.c | 2 +- scripts/bpf_doc.py | 2 + tools/include/uapi/linux/bpf.h | 25 ++ tools/testing/selftests/bpf/Makefile | 14 +- tools/testing/selftests/bpf/config | 2 + .../bpf/prog_tests/verify_pkcs7_sig.c | 217 ++++++++++++++++++ .../bpf/progs/test_verify_pkcs7_sig.c | 168 ++++++++++++++ .../testing/selftests/bpf/verify_sig_setup.sh | 100 ++++++++ 11 files changed, 612 insertions(+), 4 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c create mode 100644 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c create mode 100755 tools/testing/selftests/bpf/verify_sig_setup.sh -- 2.25.1

2 years, 11 months

2
5
0 0

[PATCH] userfaultfd/selftests: Fix typo in comment

by Xiang wangx

Delete the redundant word 'in'. Signed-off-by: Xiang wangx <wangxiang(a)cdjrlc.com> --- tools/testing/selftests/vm/userfaultfd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/vm/userfaultfd.c b/tools/testing/selftests/vm/userfaultfd.c index 0bdfc1955229..4bc24581760d 100644 --- a/tools/testing/selftests/vm/userfaultfd.c +++ b/tools/testing/selftests/vm/userfaultfd.c @@ -860,7 +860,7 @@ static int stress(struct uffd_stats *uffd_stats) /* * Be strict and immediately zap area_src, the whole area has * been transferred already by the background treads. The - * area_src could then be faulted in in a racy way by still + * area_src could then be faulted in a racy way by still * running uffdio_threads reading zeropages after we zapped * area_src (but they're guaranteed to get -EEXIST from * UFFDIO_COPY without writing zero pages into area_dst -- 2.36.1

2 years, 11 months

2
1
0 0

[PATCH] selftests: Fix clang cross compilation

by Mark Brown

Unlike GCC clang uses a single compiler image to support multiple target architectures meaning that we can't simply rely on CROSS_COMPILE to select the output architecture. Instead we must pass --target to the compiler to tell it what to output, kselftest was not doing this so cross compilation of kselftest using clang resulted in kselftest being built for the host architecture. More work is required to fix tests using custom rules but this gets the bulk of things building. Signed-off-by: Mark Brown <broonie(a)kernel.org> --- tools/testing/selftests/lib.mk | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/lib.mk b/tools/testing/selftests/lib.mk index 2a2d240cdc1b..1a5cc3cd97ec 100644 --- a/tools/testing/selftests/lib.mk +++ b/tools/testing/selftests/lib.mk @@ -7,10 +7,31 @@ else ifneq ($(filter -%,$(LLVM)),) LLVM_SUFFIX := $(LLVM) endif -CC := $(LLVM_PREFIX)clang$(LLVM_SUFFIX) +CLANG_TARGET_FLAGS_arm := arm-linux-gnueabi +CLANG_TARGET_FLAGS_arm64 := aarch64-linux-gnu +CLANG_TARGET_FLAGS_hexagon := hexagon-linux-musl +CLANG_TARGET_FLAGS_m68k := m68k-linux-gnu +CLANG_TARGET_FLAGS_mips := mipsel-linux-gnu +CLANG_TARGET_FLAGS_powerpc := powerpc64le-linux-gnu +CLANG_TARGET_FLAGS_riscv := riscv64-linux-gnu +CLANG_TARGET_FLAGS_s390 := s390x-linux-gnu +CLANG_TARGET_FLAGS_x86 := x86_64-linux-gnu +CLANG_TARGET_FLAGS := $(CLANG_TARGET_FLAGS_$(ARCH)) + +ifeq ($(CROSS_COMPILE),) +ifeq ($(CLANG_TARGET_FLAGS),) +$(error Specify CROSS_COMPILE or add '--target=' option to lib.mk +else +CLANG_FLAGS += --target=$(CLANG_TARGET_FLAGS) +endif # CLANG_TARGET_FLAGS +else +CLANG_FLAGS += --target=$(notdir $(CROSS_COMPILE:%-=%)) +endif # CROSS_COMPILE + +CC := $(LLVM_PREFIX)clang$(LLVM_SUFFIX) $(CLANG_FLAGS) -fintegrated-as else CC := $(CROSS_COMPILE)gcc -endif +endif # LLVM ifeq (0,$(MAKELEVEL)) ifeq ($(OUTPUT),) -- 2.30.2

2 years, 11 months

2
1
0 0

[PATCH v4 0/4] KVM: s390: selftests: Provide TAP output in tests

by Thomas Huth

This patch series is motivated by Shuah's suggestion here: https://lore.kernel.org/kvm/d576d8f7-980f-3bc6-87ad-5a6ae45609b8@linuxfound… Many s390x KVM selftests do not output any information about which tests have been run, so it's hard to say whether a test binary contains a certain sub-test or not. To improve this situation let's add some TAP output via the kselftest.h interface to these tests, so that it easier to understand what has been executed or not. v4: - Rebased to include test_termination() now in the memop test - Reworked the extension capability check in the memop test v3: - Added comments / fixed cosmetics according to Janosch's and Janis' reviews of the v2 series - Added Reviewed-by tags from the v2 series v2: - Reworked the extension checking in the first patch - Make sure to always print the TAP 13 header in the second patch - Reworked the SKIP printing in the third patch Thomas Huth (4): KVM: s390: selftests: Use TAP interface in the memop test KVM: s390: selftests: Use TAP interface in the sync_regs test KVM: s390: selftests: Use TAP interface in the tprot test KVM: s390: selftests: Use TAP interface in the reset test tools/testing/selftests/kvm/s390x/memop.c | 95 +++++++++++++++---- tools/testing/selftests/kvm/s390x/resets.c | 38 ++++++-- .../selftests/kvm/s390x/sync_regs_test.c | 87 +++++++++++++---- tools/testing/selftests/kvm/s390x/tprot.c | 29 +++++- 4 files changed, 197 insertions(+), 52 deletions(-) -- 2.31.1

2 years, 11 months

4
10
0 0

[PATCH] KVM: selftests: Remove the mismatched parameter comments

by shaoqin.huang＠intel.com

From: Shaoqin Huang <shaoqin.huang(a)intel.com> There are some parameter being removed in function but the parameter comments still exist, so remove them. Signed-off-by: Shaoqin Huang <shaoqin.huang(a)intel.com> --- tools/testing/selftests/kvm/lib/kvm_util.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index 1665a220abcb..58fdc82b20f4 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -1336,8 +1336,6 @@ static vm_vaddr_t vm_vaddr_unused_gap(struct kvm_vm *vm, size_t sz, * vm - Virtual Machine * sz - Size in bytes * vaddr_min - Minimum starting virtual address - * data_memslot - Memory region slot for data pages - * pgd_memslot - Memory region slot for new virtual translation tables * * Output Args: None * @@ -1423,7 +1421,6 @@ vm_vaddr_t vm_vaddr_alloc_page(struct kvm_vm *vm) * vaddr - Virtuall address to map * paddr - VM Physical Address * npages - The number of pages to map - * pgd_memslot - Memory region slot for new virtual translation tables * * Output Args: None * -- 2.30.2

2 years, 11 months

4
4
0 0

[PATCH MANUALSEL 5.15 3/4] KVM: selftests: Make hyperv_clock selftest more stable

by Sasha Levin

From: Vitaly Kuznetsov <vkuznets(a)redhat.com> [ Upstream commit eae260be3a0111a28fe95923e117a55dddec0384 ] hyperv_clock doesn't always give a stable test result, especially with AMD CPUs. The test compares Hyper-V MSR clocksource (acquired either with rdmsr() from within the guest or KVM_GET_MSRS from the host) against rdtsc(). To increase the accuracy, increase the measured delay (done with nop loop) by two orders of magnitude and take the mean rdtsc() value before and after rdmsr()/KVM_GET_MSRS. Reported-by: Maxim Levitsky <mlevitsk(a)redhat.com> Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk(a)redhat.com> Tested-by: Maxim Levitsky <mlevitsk(a)redhat.com> Message-Id: <20220601144322.1968742-1-vkuznets(a)redhat.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/kvm/x86_64/hyperv_clock.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/kvm/x86_64/hyperv_clock.c b/tools/testing/selftests/kvm/x86_64/hyperv_clock.c index e0b2bb1339b1..3330fb183c68 100644 --- a/tools/testing/selftests/kvm/x86_64/hyperv_clock.c +++ b/tools/testing/selftests/kvm/x86_64/hyperv_clock.c @@ -44,7 +44,7 @@ static inline void nop_loop(void) { int i; - for (i = 0; i < 1000000; i++) + for (i = 0; i < 100000000; i++) asm volatile("nop"); } @@ -56,12 +56,14 @@ static inline void check_tsc_msr_rdtsc(void) tsc_freq = rdmsr(HV_X64_MSR_TSC_FREQUENCY); GUEST_ASSERT(tsc_freq > 0); - /* First, check MSR-based clocksource */ + /* For increased accuracy, take mean rdtsc() before and afrer rdmsr() */ r1 = rdtsc(); t1 = rdmsr(HV_X64_MSR_TIME_REF_COUNT); + r1 = (r1 + rdtsc()) / 2; nop_loop(); r2 = rdtsc(); t2 = rdmsr(HV_X64_MSR_TIME_REF_COUNT); + r2 = (r2 + rdtsc()) / 2; GUEST_ASSERT(r2 > r1 && t2 > t1); @@ -181,12 +183,14 @@ static void host_check_tsc_msr_rdtsc(struct kvm_vm *vm) tsc_freq = vcpu_get_msr(vm, VCPU_ID, HV_X64_MSR_TSC_FREQUENCY); TEST_ASSERT(tsc_freq > 0, "TSC frequency must be nonzero"); - /* First, check MSR-based clocksource */ + /* For increased accuracy, take mean rdtsc() before and afrer ioctl */ r1 = rdtsc(); t1 = vcpu_get_msr(vm, VCPU_ID, HV_X64_MSR_TIME_REF_COUNT); + r1 = (r1 + rdtsc()) / 2; nop_loop(); r2 = rdtsc(); t2 = vcpu_get_msr(vm, VCPU_ID, HV_X64_MSR_TIME_REF_COUNT); + r2 = (r2 + rdtsc()) / 2; TEST_ASSERT(t2 > t1, "Time reference MSR is not monotonic (%ld <= %ld)", t1, t2); -- 2.35.1

2 years, 11 months

1
0
0 0

[PATCH MANUALSEL 5.17 3/4] KVM: selftests: Make hyperv_clock selftest more stable

by Sasha Levin

From: Vitaly Kuznetsov <vkuznets(a)redhat.com> [ Upstream commit eae260be3a0111a28fe95923e117a55dddec0384 ] hyperv_clock doesn't always give a stable test result, especially with AMD CPUs. The test compares Hyper-V MSR clocksource (acquired either with rdmsr() from within the guest or KVM_GET_MSRS from the host) against rdtsc(). To increase the accuracy, increase the measured delay (done with nop loop) by two orders of magnitude and take the mean rdtsc() value before and after rdmsr()/KVM_GET_MSRS. Reported-by: Maxim Levitsky <mlevitsk(a)redhat.com> Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk(a)redhat.com> Tested-by: Maxim Levitsky <mlevitsk(a)redhat.com> Message-Id: <20220601144322.1968742-1-vkuznets(a)redhat.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/kvm/x86_64/hyperv_clock.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/kvm/x86_64/hyperv_clock.c b/tools/testing/selftests/kvm/x86_64/hyperv_clock.c index e0b2bb1339b1..3330fb183c68 100644 --- a/tools/testing/selftests/kvm/x86_64/hyperv_clock.c +++ b/tools/testing/selftests/kvm/x86_64/hyperv_clock.c @@ -44,7 +44,7 @@ static inline void nop_loop(void) { int i; - for (i = 0; i < 1000000; i++) + for (i = 0; i < 100000000; i++) asm volatile("nop"); } @@ -56,12 +56,14 @@ static inline void check_tsc_msr_rdtsc(void) tsc_freq = rdmsr(HV_X64_MSR_TSC_FREQUENCY); GUEST_ASSERT(tsc_freq > 0); - /* First, check MSR-based clocksource */ + /* For increased accuracy, take mean rdtsc() before and afrer rdmsr() */ r1 = rdtsc(); t1 = rdmsr(HV_X64_MSR_TIME_REF_COUNT); + r1 = (r1 + rdtsc()) / 2; nop_loop(); r2 = rdtsc(); t2 = rdmsr(HV_X64_MSR_TIME_REF_COUNT); + r2 = (r2 + rdtsc()) / 2; GUEST_ASSERT(r2 > r1 && t2 > t1); @@ -181,12 +183,14 @@ static void host_check_tsc_msr_rdtsc(struct kvm_vm *vm) tsc_freq = vcpu_get_msr(vm, VCPU_ID, HV_X64_MSR_TSC_FREQUENCY); TEST_ASSERT(tsc_freq > 0, "TSC frequency must be nonzero"); - /* First, check MSR-based clocksource */ + /* For increased accuracy, take mean rdtsc() before and afrer ioctl */ r1 = rdtsc(); t1 = vcpu_get_msr(vm, VCPU_ID, HV_X64_MSR_TIME_REF_COUNT); + r1 = (r1 + rdtsc()) / 2; nop_loop(); r2 = rdtsc(); t2 = vcpu_get_msr(vm, VCPU_ID, HV_X64_MSR_TIME_REF_COUNT); + r2 = (r2 + rdtsc()) / 2; TEST_ASSERT(t2 > t1, "Time reference MSR is not monotonic (%ld <= %ld)", t1, t2); -- 2.35.1

2 years, 11 months

1
0
0 0

[PATCH MANUALSEL 5.18 3/6] KVM: selftests: Make hyperv_clock selftest more stable

by Sasha Levin

From: Vitaly Kuznetsov <vkuznets(a)redhat.com> [ Upstream commit eae260be3a0111a28fe95923e117a55dddec0384 ] hyperv_clock doesn't always give a stable test result, especially with AMD CPUs. The test compares Hyper-V MSR clocksource (acquired either with rdmsr() from within the guest or KVM_GET_MSRS from the host) against rdtsc(). To increase the accuracy, increase the measured delay (done with nop loop) by two orders of magnitude and take the mean rdtsc() value before and after rdmsr()/KVM_GET_MSRS. Reported-by: Maxim Levitsky <mlevitsk(a)redhat.com> Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com> Reviewed-by: Maxim Levitsky <mlevitsk(a)redhat.com> Tested-by: Maxim Levitsky <mlevitsk(a)redhat.com> Message-Id: <20220601144322.1968742-1-vkuznets(a)redhat.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/kvm/x86_64/hyperv_clock.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/kvm/x86_64/hyperv_clock.c b/tools/testing/selftests/kvm/x86_64/hyperv_clock.c index e0b2bb1339b1..3330fb183c68 100644 --- a/tools/testing/selftests/kvm/x86_64/hyperv_clock.c +++ b/tools/testing/selftests/kvm/x86_64/hyperv_clock.c @@ -44,7 +44,7 @@ static inline void nop_loop(void) { int i; - for (i = 0; i < 1000000; i++) + for (i = 0; i < 100000000; i++) asm volatile("nop"); } @@ -56,12 +56,14 @@ static inline void check_tsc_msr_rdtsc(void) tsc_freq = rdmsr(HV_X64_MSR_TSC_FREQUENCY); GUEST_ASSERT(tsc_freq > 0); - /* First, check MSR-based clocksource */ + /* For increased accuracy, take mean rdtsc() before and afrer rdmsr() */ r1 = rdtsc(); t1 = rdmsr(HV_X64_MSR_TIME_REF_COUNT); + r1 = (r1 + rdtsc()) / 2; nop_loop(); r2 = rdtsc(); t2 = rdmsr(HV_X64_MSR_TIME_REF_COUNT); + r2 = (r2 + rdtsc()) / 2; GUEST_ASSERT(r2 > r1 && t2 > t1); @@ -181,12 +183,14 @@ static void host_check_tsc_msr_rdtsc(struct kvm_vm *vm) tsc_freq = vcpu_get_msr(vm, VCPU_ID, HV_X64_MSR_TSC_FREQUENCY); TEST_ASSERT(tsc_freq > 0, "TSC frequency must be nonzero"); - /* First, check MSR-based clocksource */ + /* For increased accuracy, take mean rdtsc() before and afrer ioctl */ r1 = rdtsc(); t1 = vcpu_get_msr(vm, VCPU_ID, HV_X64_MSR_TIME_REF_COUNT); + r1 = (r1 + rdtsc()) / 2; nop_loop(); r2 = rdtsc(); t2 = vcpu_get_msr(vm, VCPU_ID, HV_X64_MSR_TIME_REF_COUNT); + r2 = (r2 + rdtsc()) / 2; TEST_ASSERT(t2 > t1, "Time reference MSR is not monotonic (%ld <= %ld)", t1, t2); -- 2.35.1

2 years, 11 months

1
0
0 0

[RFC V1 PATCH 0/3] selftests: KVM: sev: selftests for fd-based approach of supporting private memory

by Vishal Annapurve

This series implements selftests targeting the feature floated by Chao via: https://lore.kernel.org/linux-mm/20220519153713.819591-1-chao.p.peng@linux.… Below changes aim to test the fd based approach for guest private memory in context of SEV/SEV-ES VMs executing on AMD SEV/SEV-ES compatible platforms. This series has dependency on following patch series: 1) V6 series patches from Chao mentioned above. 2) https://lore.kernel.org/all/20211210164620.11636-1-michael.roth@amd.com/T/ - KVM: selftests: Add support for test-selectable ucall implementations series by Michael Roth 3) https://lore.kernel.org/kvm/20220104234129.dvpv3o3tihvzsqcr@amd.com/T/ - KVM: selftests: Add tests for SEV and SEV-ES guests series by Michael Roth And few additional patches: * https://github.com/vishals4gh/linux/commit/2cb215cb6b4dff7fdf70349816517962… - Confidential platforms along with the confidentiality aware software stack support a notion of private/shared accesses from the confidential VMs. Generally, a bit in the GPA conveys the shared/private-ness of the access. SEV/SEV-ES implementation doesn't expose the encryption bit information via fault address to KVM and so this hack is still needed to signal private/shared access ranges to the kvm. * https://github.com/vishals4gh/linux/commit/81a7d24231f6b8fb4174bbf97ed73368… Github link for the patches posted as part of this series: https://github.com/vishals4gh/linux/commits/sev_upm_selftests_rfc_v1 sev_priv_memfd_test.c file adds a suite of selftests to access private memory from the SEV/SEV-ES guests via private/shared accesses and checking if the contents can be leaked to/accessed by vmm via shared memory view. To allow SEV/SEV-ES VMs to toggle the encryption bit during memory conversion, support is added for mapping guest pagetables to guest va ranges and passing the mapping information to guests via shared pages. Vishal Annapurve (3): selftests: kvm: x86_64: Add support for pagetable tracking selftests: kvm: sev: Handle hypercall exit selftests: kvm: sev: Port UPM selftests onto SEV/SEV-ES VMs tools/testing/selftests/kvm/.gitignore | 1 + tools/testing/selftests/kvm/Makefile | 1 + .../selftests/kvm/include/kvm_util_base.h | 98 ++ tools/testing/selftests/kvm/lib/kvm_util.c | 81 +- .../selftests/kvm/lib/kvm_util_internal.h | 9 + .../selftests/kvm/lib/x86_64/processor.c | 36 + .../selftests/kvm/lib/x86_64/sev_exitlib.c | 39 +- .../kvm/x86_64/sev_priv_memfd_test.c | 1511 +++++++++++++++++ 8 files changed, 1770 insertions(+), 6 deletions(-) create mode 100644 tools/testing/selftests/kvm/x86_64/sev_priv_memfd_test.c -- 2.36.1.124.g0e6072fb45-goog

2 years, 11 months

2
7
0 0

[PATCH v6 0/4] fat: add support for the renameat2 RENAME_EXCHANGE flag

by Javier Martinez Canillas

Hello, The series adds support for the renameat2 system call RENAME_EXCHANGE flag (which allows to atomically replace two paths) to the vfat filesystem code. There are many use cases for this, but we are particularly interested in making possible for vfat filesystems to be part of OSTree [0] deployments. Currently OSTree relies on symbolic links to make the deployment updates an atomic transactional operation. But RENAME_EXCHANGE could be used [1] to achieve a similar level of robustness when using a vfat filesystem. Patch #1 is just a preparatory patch to introduce the RENAME_EXCHANGE support, patch #2 moves some code blocks in vfat_rename() to a set of helper functions, that can be reused by tvfat_rename_exchange() that's added by patch #3 and finally patch #4 adds some kselftests to test it. This is a v6 that addresses issues pointed out in v5: https://lkml.org/lkml/2022/6/9/361 [0]: https://github.com/ostreedev/ostree [1]: https://github.com/ostreedev/ostree/issues/1649 Changes in v6: - Simplify logic to determine if nlink have to modified (OGAWA Hirofumi). Changes in v5: - Only update nlink for different parent dirs and file types (OGAWA Hirofumi). Changes in v4: - Add new patch from OGAWA Hirofumi to use the helpers in vfat_rename(). - Rebase the patch on top of OGAWA Hirofumi proposed changes. - Drop iversion increment for old and new file inodes (OGAWA Hirofumi). - Add Muhammad Usama Anjum Acked-by tag. Changes in v3: - Add a .gitignore for the rename_exchange binary (Muhammad Usama Anjum). - Include $(KHDR_INCLUDES) instead of hardcoding a relative path in Makefile (Muhammad Usama Anjum). Changes in v2: - Only update the new_dir inode version and timestamps if != old_dir (Alex Larsson). - Add some helper functions to avoid duplicating code (OGAWA Hirofumi). - Use braces for multi-lines blocks even if are one statement (OGAWA Hirofumi). - Mention in commit message that the operation is as transactional as possible but within the vfat limitations of not having a journal (Colin Walters). - Call sync to flush the page cache before checking the file contents (Alex Larsson). - Drop RFC prefix since the patches already got some review. Javier Martinez Canillas (3): fat: add a vfat_rename2() and make existing .rename callback a helper fat: add renameat2 RENAME_EXCHANGE flag support selftests/filesystems: add a vfat RENAME_EXCHANGE test OGAWA Hirofumi (1): fat: factor out reusable code in vfat_rename() as helper functions MAINTAINERS | 1 + fs/fat/namei_vfat.c | 231 +++++++++++++++--- tools/testing/selftests/Makefile | 1 + .../selftests/filesystems/fat/.gitignore | 2 + .../selftests/filesystems/fat/Makefile | 7 + .../testing/selftests/filesystems/fat/config | 2 + .../filesystems/fat/rename_exchange.c | 37 +++ .../filesystems/fat/run_fat_tests.sh | 82 +++++++ 8 files changed, 324 insertions(+), 39 deletions(-) create mode 100644 tools/testing/selftests/filesystems/fat/.gitignore create mode 100644 tools/testing/selftests/filesystems/fat/Makefile create mode 100644 tools/testing/selftests/filesystems/fat/config create mode 100644 tools/testing/selftests/filesystems/fat/rename_exchange.c create mode 100755 tools/testing/selftests/filesystems/fat/run_fat_tests.sh -- 2.36.1

2 years, 11 months

2
2
0 0

[PATCH v3 0/2] bpf: Add bpf_verify_signature() helper

by Roberto Sassu

One of the desirable features in security is the ability to restrict import of data to a given system based on data authenticity. If data import can be restricted, it would be possible to enforce a system-wide policy based on the signing keys the system owner trusts. This feature is widely used in the kernel. For example, if the restriction is enabled, kernel modules can be plugged in only if they are signed with a key whose public part is in the primary or secondary keyring. For eBPF, it can be useful as well. For example, it might be useful to authenticate data an eBPF program makes security decisions on. After a discussion in the eBPF mailing list, it was decided that the stated goal should be accomplished by introducing a new helper: bpf_verify_signature(). Its job is simply to call the signature verification function corresponding to the passed signature type, with the keyring selected through the passed keyring identifier. Since verify_pkcs7_signature() is doing crypto operations, it must be called by a sleepable program. This restricts the set of functions that can call the associated helper (for example, lsm.s/bpf is suitable, fexit/array_map_update_elem is not). The added test checks the ability of an eBPF program to verify module-style appended signatures, as produced by the kernel tool sign-file, currently used to sign kernel modules. The patch set is organized as follows. Patch 1 introduces the new helper. Patch 2 adds the test for the new helper. Changelog v1: - Don't define new map flag but introduce simple wrapper of verify_pkcs7_signature() (suggested by Alexei and KP) v2: - Rename bpf_verify_pkcs7_signature() to a more generic bpf_verify_signature() and pass the signature type (suggested by KP) - Move the helper and prototype declaration under #ifdef so that user space can probe for support for the helper (suggested by Daniel) - Describe better the keyring types (suggested by Daniel) - Include linux/bpf.h instead of vmlinux.h to avoid implicit or redeclaration - Make the test selfcontained (suggested by Alexei) Roberto Sassu (2): bpf: Add bpf_verify_signature() helper selftests/bpf: Add test for bpf_verify_signature() helper include/uapi/linux/bpf.h | 17 ++ kernel/bpf/bpf_lsm.c | 46 ++++ tools/include/uapi/linux/bpf.h | 17 ++ tools/testing/selftests/bpf/Makefile | 11 +- tools/testing/selftests/bpf/config | 1 + .../selftests/bpf/prog_tests/verify_sig.c | 200 ++++++++++++++++++ .../selftests/bpf/progs/test_verify_sig.c | 160 ++++++++++++++ .../testing/selftests/bpf/verify_sig_setup.sh | 100 +++++++++ 8 files changed, 549 insertions(+), 3 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_sig.c create mode 100644 tools/testing/selftests/bpf/progs/test_verify_sig.c create mode 100755 tools/testing/selftests/bpf/verify_sig_setup.sh -- 2.25.1

2 years, 11 months

4
9
0 0

[PATCH v2 0/3] bpf: Add bpf_verify_pkcs7_signature() helper

by Roberto Sassu

One of the desirable features in security is the ability to restrict import of data to a given system based on data authenticity. If data import can be restricted, it would be possible to enforce a system-wide policy based on the signing keys the system owner trusts. This feature is widely used in the kernel. For example, if the restriction is enabled, kernel modules can be plugged in only if they are signed with a key whose public part is in the primary or secondary keyring. For eBPF, it can be useful as well. For example, it might be useful to authenticate data an eBPF program makes security decisions on. After a discussion in the eBPF mailing list, it was decided that the stated goal should be accomplished by introducing a new helper: bpf_verify_pkcs7_signature(). It is simply a wrapper of verify_pkcs7_signature(), and does the signature verification with a key in the selected keyring (primary, secondary or platform). Since verify_pkcs7_signature() is doing crypto operations, it must be called by a sleepable program. This restricts the set of functions that can call the associated helper (for example, lsm.s/bpf is suitable, fexit/array_map_update_elem is not). The added test check the ability of an eBPF program to verify module-style appended signatures, as produced by the kernel tool sign-file, currently used to sign kernel modules. The patch set is organized as follows. Patch 1 introduces the new helper. Patch 2 adds two new options to test_progs (the eBPF selftest binary), to specify the path of sign-file and the file containing the kernel private key and certificate. Finally, patch 3 adds the test for the new helper. Roberto Sassu (3): bpf: Add bpf_verify_pkcs7_signature() helper selftests/bpf: Add test_progs opts for sign-file and kernel priv key + cert selftests/bpf: Add test for bpf_verify_pkcs7_signature() helper include/uapi/linux/bpf.h | 8 + kernel/bpf/bpf_lsm.c | 32 ++++ tools/include/uapi/linux/bpf.h | 8 + tools/testing/selftests/bpf/config | 2 + .../bpf/prog_tests/verify_pkcs7_sig.c | 149 ++++++++++++++++++ .../bpf/progs/test_verify_pkcs7_sig.c | 127 +++++++++++++++ tools/testing/selftests/bpf/test_progs.c | 12 ++ tools/testing/selftests/bpf/test_progs.h | 3 + 8 files changed, 341 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c create mode 100644 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c -- 2.25.1

2 years, 11 months

5
12
0 0

[PATCH] selftests/vm: Add protection_keys tests to run_vmtests

by Kalpana Shetty

Signed-off-by: Kalpana Shetty <kalpana.shetty(a)amd.com> --- tools/testing/selftests/vm/run_vmtests.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/testing/selftests/vm/run_vmtests.sh b/tools/testing/selftests/vm/run_vmtests.sh index 41fce8bea929..54a0c28f810c 100755 --- a/tools/testing/selftests/vm/run_vmtests.sh +++ b/tools/testing/selftests/vm/run_vmtests.sh @@ -179,4 +179,11 @@ run_test ./ksm_tests -N -m 1 # KSM test with 2 NUMA nodes and merge_across_nodes = 0 run_test ./ksm_tests -N -m 0 +# protection_keys tests +if [ $VADDR64 -eq 0 ]; then + run_test ./protection_keys_32 +else + run_test ./protection_keys_64 +fi + exit $exitcode -- 2.25.1

2 years, 11 months

4
4
0 0

[PATCH] testing: kselftest_harness: add filtering and enumerating tests

by Jakub Kicinski

As the number of test cases and length of execution grows it's useful to select only a subset of tests. In TLS for instance we have a matrix of variants for different crypto protocols and during development mostly care about testing a handful. This is quicker and makes reading output easier. This patch adds argument parsing to kselftest_harness. It supports a couple of ways to filter things, I could not come up with one way which will cover all cases. The first and simplest switch is -r which takes the name of a test to run (can be specified multiple times). Then there is a handful of group filtering options. f/v/t for filtering by fixture/variant/test. They have both positive (match -> run) and negative versions (match -> skip). If user specifies any positive option we assume the default is not to run the tests. If only negative options are set we assume the tests are supposed to be run by default. Usage: ./tools/testing/selftests/net/tls [-h|-l] [-t|-T|-v|-V|-f|-F|-r name] -h print help -l list all tests -t name include test -T name exclude test -v name include variant -V name exclude variant -f name include fixture -F name exclude fixture -r name run specified test Test filter options can be specified multiple times. The filtering stops at the first match. For example to include all tests from variant 'bla' but not test 'foo' specify '-T foo -v bla'. Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- CC: keescook(a)chromium.org CC: luto(a)amacapital.net CC: wad(a)chromium.org CC: shuah(a)kernel.org CC: linux-kselftest(a)vger.kernel.org --- tools/testing/selftests/kselftest_harness.h | 146 +++++++++++++++++++- 1 file changed, 142 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/kselftest_harness.h b/tools/testing/selftests/kselftest_harness.h index 25f4d54067c0..bcbad9fa0039 100644 --- a/tools/testing/selftests/kselftest_harness.h +++ b/tools/testing/selftests/kselftest_harness.h @@ -54,6 +54,7 @@ #define _GNU_SOURCE #endif #include <asm/types.h> +#include <ctype.h> #include <errno.h> #include <stdbool.h> #include <stdint.h> @@ -985,6 +986,132 @@ void __wait_for_test(struct __test_metadata *t) } } +static int test_harness_argv_check(int argc, char **argv) +{ + const char *opts = "FfVvtTr"; + unsigned int i; + + for (i = 0; i < argc; i++) { + if (!strcmp(argv[i], "-l")) { + struct __fixture_variant_metadata *v; + struct __fixture_metadata *f; + struct __test_metadata *t; + + for (f = __fixture_list; f; f = f->next) { + v = f->variant; + t = f->tests; + + if (f == __fixture_list) + fprintf(stderr, "%-20s %-25s %s\n", + "# FIXTURE", "VARIANT", "TEST"); + else + fprintf(stderr, "--------------------------------------------------------------------------------\n"); + + do { + fprintf(stderr, "%-20s %-25s %s\n", + t == f->tests ? f->name : "", + v ? v->name : "", + t ? t->name : ""); + + v = v ? v->next : NULL; + t = t ? t->next : NULL; + } while (v || t); + } + return 1; + } + if (!strcmp(argv[i], "-h")) { +help_and_fail: + argv--; + fprintf(stderr, + "Usage: %s [-h|-l] [-t|-T|-v|-V|-f|-F|-r name]\n" + "\t-h print help\n" + "\t-l list all tests\n" + "\n" + "\t-t name include test\n" + "\t-T name exclude test\n" + "\t-v name include variant\n" + "\t-V name exclude variant\n" + "\t-f name include fixture\n" + "\t-F name exclude fixture\n" + "\t-r name run specified test\n" + "\n" + "Test filter options can be specified " + "multiple times. The filtering stops\n" + "at the first match. For example to " + "include all tests from variant 'bla'\n" + "but not test 'foo' specify '-T foo -v bla'.\n" + "", argv[0]); + return -1; + } + } + + if (argc % 2) { + ksft_print_msg("FATAL: Odd number of arguments\n"); + goto help_and_fail; + } + + for (i = 0; i < argc; i += 2) { + if (strnlen(argv[i], 3) != 2 || argv[i][0] != '-') { + ksft_print_msg("FATAL: invalid option '%s'\n", argv[i]); + goto help_and_fail; + } + + if (!strchr(opts, argv[i][1])) { + ksft_print_msg("FATAL: unknown option '%s'\n", argv[i]); + goto help_and_fail; + } + } + + return 1; +} + +static bool test_enabled(int argc, char **argv, + struct __fixture_metadata *f, + struct __fixture_variant_metadata *v, + struct __test_metadata *t) +{ + unsigned int flen, vlen, tlen = 0; + bool has_positive = false; + unsigned int i; + + for (i = 0; i < argc; i += 2) { + has_positive |= islower(argv[i][1]); + + switch (tolower(argv[i][1])) { + case 't': + if (!strcmp(t->name, argv[i + 1])) + return islower(argv[i][1]); + break; + case 'f': + if (!strcmp(f->name, argv[i + 1])) + return islower(argv[i][1]); + break; + case 'v': + if (!strcmp(v->name, argv[i + 1])) + return islower(argv[i][1]); + break; + case 'r': + if (!tlen) { + flen = strlen(f->name); + vlen = strlen(v->name); + tlen = strlen(t->name); + } + if (strlen(argv[i + 1]) == flen + 1 + vlen + !!vlen + tlen && + !strncmp(f->name, &argv[i + 1][0], flen) && + !strncmp(v->name, &argv[i + 1][flen + 1], vlen) && + !strncmp(t->name, &argv[i + 1][flen + 1 + vlen + !!vlen], tlen)) + return true; + break; + } + } + + /* + * If there are no positive tests then we assume user just wants + * exclusions and everything else is a pass. + */ + return !has_positive; +} + void __run_test(struct __fixture_metadata *f, struct __fixture_variant_metadata *variant, struct __test_metadata *t) @@ -1032,8 +1159,7 @@ void __run_test(struct __fixture_metadata *f, f->name, variant->name[0] ? "." : "", variant->name, t->name); } -static int test_harness_run(int __attribute__((unused)) argc, - char __attribute__((unused)) **argv) +static int test_harness_run(int argc, char **argv) { struct __fixture_variant_metadata no_variant = { .name = "", }; struct __fixture_variant_metadata *v; @@ -1045,11 +1171,21 @@ static int test_harness_run(int __attribute__((unused)) argc, unsigned int count = 0; unsigned int pass_count = 0; + argc--; argv++; /* Skip the name of the binary */ + ret = test_harness_argv_check(argc, argv); + if (ret < 0) + return KSFT_FAIL; + for (f = __fixture_list; f; f = f->next) { for (v = f->variant ?: &no_variant; v; v = v->next) { - case_count++; + unsigned int old_tests = test_count; + for (t = f->tests; t; t = t->next) - test_count++; + if (test_enabled(argc, argv, f, v, t)) + test_count++; + + if (old_tests != test_count) + case_count++; } } @@ -1063,6 +1199,8 @@ static int test_harness_run(int __attribute__((unused)) argc, for (f = __fixture_list; f; f = f->next) { for (v = f->variant ?: &no_variant; v; v = v->next) { for (t = f->tests; t; t = t->next) { + if (!test_enabled(argc, argv, f, v, t)) + continue; count++; t->results = results; __run_test(f, v, t); -- 2.36.1

2 years, 11 months

2
3
0 0

[PATCH v2] selftests/sgx: add test_encl.elf to TEST_GEN_FILES

by Jarkko Sakkinen

TEST_GEN_FILES contains files that are generated during compilation and are required to be included together with the test binaries, e.g. when performing: make -C tools/testing/selftests install INSTALL_PATH=/some/other/path [*] Add test_encl.elf to TEST_GEN_FILES because otherwise the installed test binary will fail to run. [*] https://docs.kernel.org/dev-tools/kselftest.html Cc: stable(a)vger.kernel.org Fixes: 2adcba79e69d ("selftests/x86: Add a selftest for SGX") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v2: Use TEST_GEN_FILES in the "all" target, instead of duplicating the path for test_encl.elf. --- tools/testing/selftests/sgx/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/sgx/Makefile b/tools/testing/selftests/sgx/Makefile index 75af864e07b6..7f60811b5b20 100644 --- a/tools/testing/selftests/sgx/Makefile +++ b/tools/testing/selftests/sgx/Makefile @@ -17,9 +17,10 @@ ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \ -fno-stack-protector -mrdrnd $(INCLUDES) TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx +TEST_GEN_FILES := $(OUTPUT)/test_encl.elf ifeq ($(CAN_BUILD_X86_64), 1) -all: $(TEST_CUSTOM_PROGS) $(OUTPUT)/test_encl.elf +all: $(TEST_CUSTOM_PROGS) $(TEST_GEN_FILES) endif $(OUTPUT)/test_sgx: $(OUTPUT)/main.o \ -- 2.36.1

2 years, 11 months

2
2
0 0

[PATCH v2 0/9] bpf: Per-operation map permissions

by Roberto Sassu

With the bpf_map security hook, an eBPF program is able to restrict access to a map. For example, it might allow only read accesses and deny write accesses. Unfortunately, permissions are not accurately specified by libbpf and bpftool. As a consequence, even if they are requested to perform a read-like operation, such as a map lookup, that operation fails even if the caller has the right to do so. Even worse, the iteration over existing maps stops as soon as a write-protected one is encountered. Maps after the write-protected one are not accessible, even if the user has the right to perform operations on them. At low level, the problem is that open_flags and file_flags, respectively in the bpf_map_get_fd_by_id() and bpf_obj_get(), are set to zero. The kernel interprets this as a request to obtain a file descriptor with full permissions. For some operations, like show or dump, a read file descriptor is enough. Those operations could be still performed even in a write-protected map. Also for searching a map by name, which requires getting the map info, a read file descriptor is enough. If an operation requires more permissions, they could still be requested later, after the search. First, solve both problems by extending libbpf with two new functions, bpf_map_get_fd_by_id_flags() and bpf_obj_get_flags(), which unlike their counterparts bpf_map_get_fd_by_id() and bpf_obj_get(), have the additional parameter flags to specify the needed permissions for an operation. Then, propagate the flags in bpftool from the functions implementing the subcommands down to the functions calling bpf_map_get_fd_by_id() and bpf_obj_get(), and replace the latter functions with their new variant. Initially, set the flags to zero, so that the current behavior does not change. The only exception is for map search by name, where a read-only permission is requested, regardless of the operation, to get the map info. In this case, request a new file descriptor if a write-like operation needs to be performed after the search. Finally, identify other read-like operations in bpftool and for those replace the zero value for flags with BPF_F_RDONLY. The patch set is organized as follows. Patches 1-2 introduce the two new variants of bpf_map_get_fd_by_id() and bpf_obj_get() in libbpf, named respectively bpf_map_get_fd_by_id_flags() and bpf_obj_get_flags(). Patches 3-7 propagate the flags in bpftool from the functions implementing the subcommands to the two new libbpf functions, and always set flags to BPF_F_RDONLY for the map search operation. Patch 8 adjusts permissions depending on the map operation performed. Patch 9 ensures that read-only accesses to a write-protected map succeed and write accesses still fail. Also ensure that map search is always successful even if there are write-protected maps. Changelog v1: - Define per-operation permissions rather than retrying access with read-only permission (suggested by Daniel) https://lore.kernel.org/bpf/20220530084514.10170-1-roberto.sassu@huawei.com/ Roberto Sassu (9): libbpf: Introduce bpf_map_get_fd_by_id_flags() libbpf: Introduce bpf_obj_get_flags() bpftool: Add flags parameter to open_obj_pinned_any() and open_obj_pinned() bpftool: Add flags parameter to *_parse_fd() functions bpftool: Add flags parameter to map_parse_fds() bpftool: Add flags parameter to map_parse_fd_and_info() bpftool: Add flags parameter in struct_ops functions bpftool: Adjust map permissions selftests/bpf: Add map access tests tools/bpf/bpftool/btf.c | 11 +- tools/bpf/bpftool/cgroup.c | 4 +- tools/bpf/bpftool/common.c | 52 ++-- tools/bpf/bpftool/iter.c | 2 +- tools/bpf/bpftool/link.c | 9 +- tools/bpf/bpftool/main.h | 17 +- tools/bpf/bpftool/map.c | 24 +- tools/bpf/bpftool/map_perf_ring.c | 3 +- tools/bpf/bpftool/net.c | 2 +- tools/bpf/bpftool/prog.c | 12 +- tools/bpf/bpftool/struct_ops.c | 39 ++- tools/lib/bpf/bpf.c | 16 +- tools/lib/bpf/bpf.h | 2 + tools/lib/bpf/libbpf.map | 2 + .../bpf/prog_tests/test_map_check_access.c | 264 ++++++++++++++++++ .../selftests/bpf/progs/map_check_access.c | 65 +++++ 16 files changed, 452 insertions(+), 72 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/test_map_check_access.c create mode 100644 tools/testing/selftests/bpf/progs/map_check_access.c -- 2.25.1

2 years, 11 months

2
14
0 0

[PATCH v5 0/4] fat: add support for the renameat2 RENAME_EXCHANGE flag

by Javier Martinez Canillas

Hello, The series adds support for the renameat2 system call RENAME_EXCHANGE flag (which allows to atomically replace two paths) to the vfat filesystem code. There are many use cases for this, but we are particularly interested in making possible for vfat filesystems to be part of OSTree [0] deployments. Currently OSTree relies on symbolic links to make the deployment updates an atomic transactional operation. But RENAME_EXCHANGE could be used [1] to achieve a similar level of robustness when using a vfat filesystem. Patch #1 is just a preparatory patch to introduce the RENAME_EXCHANGE support, patch #2 moves some code blocks in vfat_rename() to a set of helper functions, that can be reused by tvfat_rename_exchange() that's added by patch #3 and finally patch #4 adds some kselftests to test it. This is a v5 that addresses issues pointed out in v4: https://lore.kernel.org/lkml/18d9e587-b4f7-6ee7-185a-af0e667e0ec5@redhat.co… [0]: https://github.com/ostreedev/ostree [1]: https://github.com/ostreedev/ostree/issues/1649 Changes in v5: - Only update nlink for different parent dirs and file types (OGAWA Hirofumi). Changes in v4: - Add new patch from OGAWA Hirofumi to use the helpers in vfat_rename(). - Rebase the patch on top of OGAWA Hirofumi proposed changes. - Drop iversion increment for old and new file inodes (OGAWA Hirofumi). - Add Muhammad Usama Anjum Acked-by tag. Changes in v3: - Add a .gitignore for the rename_exchange binary (Muhammad Usama Anjum). - Include $(KHDR_INCLUDES) instead of hardcoding a relative path in Makefile (Muhammad Usama Anjum). Changes in v2: - Only update the new_dir inode version and timestamps if != old_dir (Alex Larsson). - Add some helper functions to avoid duplicating code (OGAWA Hirofumi). - Use braces for multi-lines blocks even if are one statement (OGAWA Hirofumi). - Mention in commit message that the operation is as transactional as possible but within the vfat limitations of not having a journal (Colin Walters). - Call sync to flush the page cache before checking the file contents (Alex Larsson). - Drop RFC prefix since the patches already got some review. Javier Martinez Canillas (3): fat: add a vfat_rename2() and make existing .rename callback a helper fat: add renameat2 RENAME_EXCHANGE flag support selftests/filesystems: add a vfat RENAME_EXCHANGE test OGAWA Hirofumi (1): fat: factor out reusable code in vfat_rename() as helper functions MAINTAINERS | 1 + fs/fat/namei_vfat.c | 232 +++++++++++++++--- tools/testing/selftests/Makefile | 1 + .../selftests/filesystems/fat/.gitignore | 2 + .../selftests/filesystems/fat/Makefile | 7 + .../testing/selftests/filesystems/fat/config | 2 + .../filesystems/fat/rename_exchange.c | 37 +++ .../filesystems/fat/run_fat_tests.sh | 82 +++++++ 8 files changed, 325 insertions(+), 39 deletions(-) create mode 100644 tools/testing/selftests/filesystems/fat/.gitignore create mode 100644 tools/testing/selftests/filesystems/fat/Makefile create mode 100644 tools/testing/selftests/filesystems/fat/config create mode 100644 tools/testing/selftests/filesystems/fat/rename_exchange.c create mode 100755 tools/testing/selftests/filesystems/fat/run_fat_tests.sh -- 2.36.1

2 years, 11 months

1
1
0 0

[PATCH v4 0/4] fat: add support for the renameat2 RENAME_EXCHANGE flag

by Javier Martinez Canillas

Hello, The series adds support for the renameat2 system call RENAME_EXCHANGE flag (which allows to atomically replace two paths) to the vfat filesystem code. There are many use cases for this, but we are particularly interested in making possible for vfat filesystems to be part of OSTree [0] deployments. Currently OSTree relies on symbolic links to make the deployment updates an atomic transactional operation. But RENAME_EXCHANGE could be used [1] to achieve a similar level of robustness when using a vfat filesystem. Patch #1 is just a preparatory patch to introduce the RENAME_EXCHANGE support, patch #2 moves some code blocks in vfat_rename() to a set of helper functions, that can be reused by tvfat_rename_exchange() that's added by patch #3 and finally patch #4 adds some kselftests to test it. This is a v4 that addresses issues pointed out in the third version posted: https://www.spinics.net/lists/kernel/msg4373694.html [0]: https://github.com/ostreedev/ostree [1]: https://github.com/ostreedev/ostree/issues/1649 Changes in v4: - Add new patch from OGAWA Hirofumi to use the helpers in vfat_rename(). - Rebase the patch on top of OGAWA Hirofumi proposed changes. - Drop iversion increment for old and new file inodes (OGAWA Hirofumi). - Add Muhammad Usama Anjum Acked-by tag. Changes in v3: - Add a .gitignore for the rename_exchange binary (Muhammad Usama Anjum). - Include $(KHDR_INCLUDES) instead of hardcoding a relative path in Makefile (Muhammad Usama Anjum). Changes in v2: - Only update the new_dir inode version and timestamps if != old_dir (Alex Larsson). - Add some helper functions to avoid duplicating code (OGAWA Hirofumi). - Use braces for multi-lines blocks even if are one statement (OGAWA Hirofumi). - Mention in commit message that the operation is as transactional as possible but within the vfat limitations of not having a journal (Colin Walters). - Call sync to flush the page cache before checking the file contents (Alex Larsson). - Drop RFC prefix since the patches already got some review. Javier Martinez Canillas (3): fat: add a vfat_rename2() and make existing .rename callback a helper fat: add renameat2 RENAME_EXCHANGE flag support selftests/filesystems: add a vfat RENAME_EXCHANGE test OGAWA Hirofumi (1): fat: factor out reusable code in vfat_rename() as helper functions MAINTAINERS | 1 + fs/fat/namei_vfat.c | 222 +++++++++++++++--- tools/testing/selftests/Makefile | 1 + .../selftests/filesystems/fat/.gitignore | 2 + .../selftests/filesystems/fat/Makefile | 7 + .../testing/selftests/filesystems/fat/config | 2 + .../filesystems/fat/rename_exchange.c | 37 +++ .../filesystems/fat/run_fat_tests.sh | 82 +++++++ 8 files changed, 315 insertions(+), 39 deletions(-) create mode 100644 tools/testing/selftests/filesystems/fat/.gitignore create mode 100644 tools/testing/selftests/filesystems/fat/Makefile create mode 100644 tools/testing/selftests/filesystems/fat/config create mode 100644 tools/testing/selftests/filesystems/fat/rename_exchange.c create mode 100755 tools/testing/selftests/filesystems/fat/run_fat_tests.sh -- 2.36.1

2 years, 11 months

2
4
0 0

Napływ Klientów ze strony

by Wiktor Nurek

Dzień dobry, chciałbym poinformować Państwa o możliwości pozyskania nowych zleceń ze strony www. Widzimy zainteresowanie potencjalnych Klientów Państwa firmą, dlatego chętnie pomożemy Państwu dotrzeć z ofertą do większego grona odbiorców poprzez efektywne metody pozycjonowania strony w Google. Czy mógłbym liczyć na kontakt zwrotny? Pozdrawiam serdecznie, Wiktor Nurek

2 years, 11 months

1
0
0 0

[PATCH v3] selftests net: fix bpf build error

by Lina Wang

bpf_helpers.h has been moved to tools/lib/bpf since 5.10, so add more including path. Fixes: edae34a3ed92 ("selftests net: add UDP GRO fraglist + bpf self-tests") Reported-by: kernel test robot <oliver.sang(a)intel.com> Signed-off-by: Lina Wang <lina.wang(a)mediatek.com> Acked-by: Song Liu <songliubraving(a)fb.com> --- tools/testing/selftests/net/bpf/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/bpf/Makefile b/tools/testing/selftests/net/bpf/Makefile index f91bf14bbee7..8a69c91fcca0 100644 --- a/tools/testing/selftests/net/bpf/Makefile +++ b/tools/testing/selftests/net/bpf/Makefile @@ -2,6 +2,7 @@ CLANG ?= clang CCINCLUDE += -I../../bpf +CCINCLUDE += -I../../../lib CCINCLUDE += -I../../../../../usr/include/ TEST_CUSTOM_PROGS = $(OUTPUT)/bpf/nat6to4.o @@ -10,5 +11,4 @@ all: $(TEST_CUSTOM_PROGS) $(OUTPUT)/%.o: %.c $(CLANG) -O2 -target bpf -c $< $(CCINCLUDE) -o $@ -clean: - rm -f $(TEST_CUSTOM_PROGS) +EXTRA_CLEAN := $(TEST_CUSTOM_PROGS) -- 2.18.0

2 years, 11 months

3
2
0 0

kselftest/fixes kselftest-lkdtm: 3 runs, 1 regressions (v5.19-rc1)

by kernelci.org bot

kselftest/fixes kselftest-lkdtm: 3 runs, 1 regressions (v5.19-rc1) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ----------------+-------+---------------+----------+------------------------------+------------ mt8173-elm-hana | arm64 | lab-collabora | clang-14 | defconfig+kse...4-chromebook | 1 Details: https://kernelci.org/test/job/kselftest/branch/fixes/kernel/v5.19-rc1/plan/… Test: kselftest-lkdtm Tree: kselftest Branch: fixes Describe: v5.19-rc1 URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git SHA: f2906aa863381afb0015a9eb7fefad885d4e5a56 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ----------------+-------+---------------+----------+------------------------------+------------ mt8173-elm-hana | arm64 | lab-collabora | clang-14 | defconfig+kse...4-chromebook | 1 Details: https://kernelci.org/test/plan/id/629e69e95a466f769da39c12 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+kselftest+arm64-chromebook Compiler: clang-14 (Debian clang version 14.0.5-++20220603023205+576e5b39ae4d-1~exp1~20220603143239.145) Plain log: https://storage.kernelci.org//kselftest/fixes/v5.19-rc1/arm64/defconfig+kse… HTML log: https://storage.kernelci.org//kselftest/fixes/v5.19-rc1/arm64/defconfig+kse… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bullseye-kselftest/2022060… * kselftest-lkdtm.login: https://kernelci.org/test/case/id/629e69e95a466f769da39c13 new failure (last pass: linux-kselftest-fixes-5.18-rc2-1-gce64763c6385)

2 years, 11 months

1
0
0 0

kselftest/fixes build: 8 builds: 0 failed, 8 passed (v5.19-rc1)

by kernelci.org bot

kselftest/fixes build: 8 builds: 0 failed, 8 passed (v5.19-rc1) Full Build Summary: https://kernelci.org/build/kselftest/branch/fixes/kernel/v5.19-rc1/ Tree: kselftest Branch: fixes Git Describe: v5.19-rc1 Git Commit: f2906aa863381afb0015a9eb7fefad885d4e5a56 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git Built: 4 unique architectures ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- defconfig+kselftest (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest (arm64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig+kselftest (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v7_defconfig+kselftest (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

2 years, 11 months

1
0
0 0

kselftest/next kselftest-lkdtm: 5 runs, 1 regressions (v5.19-rc1)

by kernelci.org bot

kselftest/next kselftest-lkdtm: 5 runs, 1 regressions (v5.19-rc1) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ----------------+-------+---------------+----------+------------------------------+------------ mt8173-elm-hana | arm64 | lab-collabora | clang-14 | defconfig+kse...4-chromebook | 1 Details: https://kernelci.org/test/job/kselftest/branch/next/kernel/v5.19-rc1/plan/k… Test: kselftest-lkdtm Tree: kselftest Branch: next Describe: v5.19-rc1 URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git SHA: f2906aa863381afb0015a9eb7fefad885d4e5a56 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ----------------+-------+---------------+----------+------------------------------+------------ mt8173-elm-hana | arm64 | lab-collabora | clang-14 | defconfig+kse...4-chromebook | 1 Details: https://kernelci.org/test/plan/id/629e5f5cf23ab74506a39be8 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+kselftest+arm64-chromebook Compiler: clang-14 (Debian clang version 14.0.5-++20220603023205+576e5b39ae4d-1~exp1~20220603143239.145) Plain log: https://storage.kernelci.org//kselftest/next/v5.19-rc1/arm64/defconfig+ksel… HTML log: https://storage.kernelci.org//kselftest/next/v5.19-rc1/arm64/defconfig+ksel… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bullseye-kselftest/2022060… * kselftest-lkdtm.login: https://kernelci.org/test/case/id/629e5f5cf23ab74506a39be9 new failure (last pass: v5.18-rc3-19-g15477b31db104)

2 years, 11 months

1
0
0 0

kselftest/next kselftest-lib: 11 runs, 1 regressions (v5.19-rc1)

by kernelci.org bot

kselftest/next kselftest-lib: 11 runs, 1 regressions (v5.19-rc1) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+--------------+----------+---------------------+------------ meson-gxl-s905x-libretech-cc | arm64 | lab-baylibre | clang-14 | defconfig+kselftest | 1 Details: https://kernelci.org/test/job/kselftest/branch/next/kernel/v5.19-rc1/plan/k… Test: kselftest-lib Tree: kselftest Branch: next Describe: v5.19-rc1 URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git SHA: f2906aa863381afb0015a9eb7fefad885d4e5a56 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+--------------+----------+---------------------+------------ meson-gxl-s905x-libretech-cc | arm64 | lab-baylibre | clang-14 | defconfig+kselftest | 1 Details: https://kernelci.org/test/plan/id/629e5e7aa0aed65494a39bf0 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+kselftest Compiler: clang-14 (Debian clang version 14.0.5-++20220603023205+576e5b39ae4d-1~exp1~20220603143239.145) Plain log: https://storage.kernelci.org//kselftest/next/v5.19-rc1/arm64/defconfig+ksel… HTML log: https://storage.kernelci.org//kselftest/next/v5.19-rc1/arm64/defconfig+ksel… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bullseye-kselftest/2022060… * kselftest-lib.login: https://kernelci.org/test/case/id/629e5e7aa0aed65494a39bf1 new failure (last pass: v5.18-rc3-19-g15477b31db104)

2 years, 11 months

1
0
0 0

kselftest/next kselftest-cpufreq: 4 runs, 2 regressions (v5.19-rc1)

by kernelci.org bot

kselftest/next kselftest-cpufreq: 4 runs, 2 regressions (v5.19-rc1) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+--------------+----------+---------------------+------------ meson-gxl-s905x-libretech-cc | arm64 | lab-baylibre | clang-14 | defconfig+kselftest | 1 meson-gxl-s905x-libretech-cc | arm64 | lab-baylibre | gcc-10 | defconfig+kselftest | 1 Details: https://kernelci.org/test/job/kselftest/branch/next/kernel/v5.19-rc1/plan/k… Test: kselftest-cpufreq Tree: kselftest Branch: next Describe: v5.19-rc1 URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git SHA: f2906aa863381afb0015a9eb7fefad885d4e5a56 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+--------------+----------+---------------------+------------ meson-gxl-s905x-libretech-cc | arm64 | lab-baylibre | clang-14 | defconfig+kselftest | 1 Details: https://kernelci.org/test/plan/id/629e5e79660022567ea39bf5 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+kselftest Compiler: clang-14 (Debian clang version 14.0.5-++20220603023205+576e5b39ae4d-1~exp1~20220603143239.145) Plain log: https://storage.kernelci.org//kselftest/next/v5.19-rc1/arm64/defconfig+ksel… HTML log: https://storage.kernelci.org//kselftest/next/v5.19-rc1/arm64/defconfig+ksel… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bullseye-kselftest/2022060… * kselftest-cpufreq.login: https://kernelci.org/test/case/id/629e5e79660022567ea39bf6 new failure (last pass: v5.18-rc3-19-g15477b31db104) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+--------------+----------+---------------------+------------ meson-gxl-s905x-libretech-cc | arm64 | lab-baylibre | gcc-10 | defconfig+kselftest | 1 Details: https://kernelci.org/test/plan/id/629e59c837d80f0071a39bec Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+kselftest Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//kselftest/next/v5.19-rc1/arm64/defconfig+ksel… HTML log: https://storage.kernelci.org//kselftest/next/v5.19-rc1/arm64/defconfig+ksel… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bullseye-kselftest/2022060… * kselftest-cpufreq.login: https://kernelci.org/test/case/id/629e59c837d80f0071a39bed new failure (last pass: v5.18-rc3-19-g15477b31db104)

2 years, 11 months

1
0
0 0

kselftest/next build: 8 builds: 1 failed, 7 passed (v5.19-rc1)

by kernelci.org bot

kselftest/next build: 8 builds: 1 failed, 7 passed (v5.19-rc1) Full Build Summary: https://kernelci.org/build/kselftest/branch/next/kernel/v5.19-rc1/ Tree: kselftest Branch: next Git Describe: v5.19-rc1 Git Commit: f2906aa863381afb0015a9eb7fefad885d4e5a56 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git Built: 4 unique architectures Build Failure Detected: x86_64: x86_64_defconfig+kselftest: (gcc-10) FAIL ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- defconfig+kselftest (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest (arm64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig+kselftest (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v7_defconfig+kselftest (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, gcc-10) — FAIL, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

2 years, 11 months

1
0
0 0

[PATCH AUTOSEL 5.17 089/135] kunit: bail out of test filtering logic quicker if OOM

by Sasha Levin

From: Daniel Latypov <dlatypov(a)google.com> [ Upstream commit a02353f491622e49c7ddedc6a6dc4f1d6ed2150a ] When filtering what tests to run (suites and/or cases) via kunit.filter_glob (e.g. kunit.py run <glob>), we allocate copies of suites. These allocations can fail, and we largely don't handle that. Note: realistically, this probably doesn't matter much. We're not allocating much memory and this happens early in boot, so if we can't do that, then there's likely far bigger problems. This patch makes us immediately bail out from the top-level function (kunit_filter_suites) with -ENOMEM if any of the underlying kmalloc() calls return NULL. Implementation note: we used to return NULL pointers from some functions to indicate either that all suites/tests were filtered out or there was an error allocating the new array. We'll log a short error in this case and not run any tests or print a TAP header. From a kunit.py user's perspective, they'll get a message about missing/invalid TAP output and have to dig into the test.log to see it. Since hitting this error seems so unlikely, it's probably fine to not invent a way to plumb this error message more visibly. See also: https://lore.kernel.org/linux-kselftest/20220329103919.2376818-1-lv.ruyi@zt… Signed-off-by: Daniel Latypov <dlatypov(a)google.com> Reported-by: Zeal Robot <zealci(a)zte.com.cn> Reported-by: Lv Ruyi <lv.ruyi(a)zte.com.cn> Reviewed-by: Brendan Higgins <brendanhiggins(a)google.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- lib/kunit/executor.c | 27 ++++++++++++++++++++++----- lib/kunit/executor_test.c | 4 +++- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/lib/kunit/executor.c b/lib/kunit/executor.c index 22640c9ee819..2f73a6a35a7e 100644 --- a/lib/kunit/executor.c +++ b/lib/kunit/executor.c @@ -71,9 +71,13 @@ kunit_filter_tests(struct kunit_suite *const suite, const char *test_glob) /* Use memcpy to workaround copy->name being const. */ copy = kmalloc(sizeof(*copy), GFP_KERNEL); + if (!copy) + return ERR_PTR(-ENOMEM); memcpy(copy, suite, sizeof(*copy)); filtered = kcalloc(n + 1, sizeof(*filtered), GFP_KERNEL); + if (!filtered) + return ERR_PTR(-ENOMEM); n = 0; kunit_suite_for_each_test_case(suite, test_case) { @@ -106,14 +110,16 @@ kunit_filter_subsuite(struct kunit_suite * const * const subsuite, filtered = kmalloc_array(n + 1, sizeof(*filtered), GFP_KERNEL); if (!filtered) - return NULL; + return ERR_PTR(-ENOMEM); n = 0; for (i = 0; subsuite[i] != NULL; ++i) { if (!glob_match(filter->suite_glob, subsuite[i]->name)) continue; filtered_suite = kunit_filter_tests(subsuite[i], filter->test_glob); - if (filtered_suite) + if (IS_ERR(filtered_suite)) + return ERR_CAST(filtered_suite); + else if (filtered_suite) filtered[n++] = filtered_suite; } filtered[n] = NULL; @@ -146,7 +152,8 @@ static void kunit_free_suite_set(struct suite_set suite_set) } static struct suite_set kunit_filter_suites(const struct suite_set *suite_set, - const char *filter_glob) + const char *filter_glob, + int *err) { int i; struct kunit_suite * const **copy, * const *filtered_subsuite; @@ -166,6 +173,10 @@ static struct suite_set kunit_filter_suites(const struct suite_set *suite_set, for (i = 0; i < max; ++i) { filtered_subsuite = kunit_filter_subsuite(suite_set->start[i], &filter); + if (IS_ERR(filtered_subsuite)) { + *err = PTR_ERR(filtered_subsuite); + return filtered; + } if (filtered_subsuite) *copy++ = filtered_subsuite; } @@ -236,9 +247,15 @@ int kunit_run_all_tests(void) .start = __kunit_suites_start, .end = __kunit_suites_end, }; + int err; - if (filter_glob_param) - suite_set = kunit_filter_suites(&suite_set, filter_glob_param); + if (filter_glob_param) { + suite_set = kunit_filter_suites(&suite_set, filter_glob_param, &err); + if (err) { + pr_err("kunit executor: error filtering suites: %d\n", err); + return err; + } + } if (!action_param) kunit_exec_run_tests(&suite_set); diff --git a/lib/kunit/executor_test.c b/lib/kunit/executor_test.c index 4ed57fd94e42..eac6ff480273 100644 --- a/lib/kunit/executor_test.c +++ b/lib/kunit/executor_test.c @@ -137,14 +137,16 @@ static void filter_suites_test(struct kunit *test) .end = suites + 2, }; struct suite_set filtered = {.start = NULL, .end = NULL}; + int err = 0; /* Emulate two files, each having one suite */ subsuites[0][0] = alloc_fake_suite(test, "suite0", dummy_test_cases); subsuites[1][0] = alloc_fake_suite(test, "suite1", dummy_test_cases); /* Filter out suite1 */ - filtered = kunit_filter_suites(&suite_set, "suite0"); + filtered = kunit_filter_suites(&suite_set, "suite0", &err); kfree_subsuites_at_end(test, &filtered); /* let us use ASSERTs without leaking */ + KUNIT_EXPECT_EQ(test, err, 0); KUNIT_ASSERT_EQ(test, filtered.end - filtered.start, (ptrdiff_t)1); KUNIT_ASSERT_NOT_ERR_OR_NULL(test, filtered.start); -- 2.35.1

2 years, 11 months

2
3
0 0

[PATCH v12 00/40] arm64/sme: Initial support for the Scalable Matrix Extension

by Mark Brown

This series provides initial support for the ARMv9 Scalable Matrix Extension (SME). SME takes the approach used for vectors in SVE and extends this to provide architectural support for matrix operations. A more detailed overview can be found in [1]. For the kernel SME can be thought of as a series of features which are intended to be used together by applications but operate mostly orthogonally: - The ZA matrix register. - Streaming mode, in which ZA can be accessed and a subset of SVE features are available. - A second vector length, used for streaming mode SVE and ZA and controlled using a similar interface to that for SVE. - TPIDR2, a new userspace controllable system register intended for use by the C library for storing context related to the ZA ABI. A substantial part of the series is dedicated to refactoring the existing SVE support so that we don't need to duplicate code for handling vector lengths and the SVE registers, this involves creating an array of vector types and making the users take the vector type as a parameter. I'm not 100% happy with this but wasn't able to come up with anything better, duplicating code definitely felt like a bad idea so this felt like the least bad thing. If this approach makes sense to people it might make sense to split this off into a separate series and/or merge it while the rest is pending review to try to make things a little more digestable, the series is very large so it'd probably make things easier to digest if some of the preparatory refactoring could be merged before the rest is ready. One feature of the architecture of particular note is that switching to and from streaming mode may change the size of and invalidate the contents of the SVE registers, and when in streaming mode the FFR is not accessible. This complicates aspects of the ABI like signal handling and ptrace. This initial implementation is mainly intended to get the ABI in place, there are several areas which will be worked on going forwards - some of these will be blockers, others could be handled in followup serieses: - SME is currently not supported for KVM guests, this will be done as a followup series. A host system can use SME and run KVM guests but SME is not available in the guests. - The KVM host support is done in a very simplistic way, were anyone to attempt to use it in production there would be performance impacts on hosts with SME support. As part of this we also add enumeration of fine grained traps. - There is not currently ptrace or signal support TPIDR2, this will be done as a followup series. - No support is currently provided for scheduler control of SME or SME applications, given the size of the SME register state the context switch overhead may be noticable so this may be needed especially for real time applications. Similar concerns already exist for larger SVE vector lengths but are amplified for SME, particularly as the vector length increases. - There has been no work on optimising the performance of anything the kernel does. It is not expected that any systems will be encountered that support SME but not SVE, SME is an ARMv9 feature and SVE is mandatory for ARMv9. The code attempts to handle any such systems that are encountered but this hasn't been tested extensively. v12: - Fix some typos in the ABI document. - Print a message when we skip a vector length in the signal tests. - Add note of earliest toolchain versions with SME to manual encodings for future reference now that's landed. - Drop reference to PCS in sme.rst, it's not referenced and one of the links was broken. - Encode smstop and smstart as sysregs in the kernel. - Don't redundantly flush the SVE register state when loading FPSIMD state with SME enabled for the task, the architecture will do this for us. - Introduce and use task_get_cur_vl() to get the vector length for the currently active SVE registers. - Fix support for !FA64 mode in signal and syscall tests. - Simplify instruction sequence for ssve_regs signal test. - Actually include the ZA signal test in the patch set. v11: - Rebase onto v5.17-rc3. - Provide a sme-inst.h to collect manual encodings in kselftest. v10: - Actually do the rebase of fixups from the previous version into relevant patches. v9: - Remove defensive programming around IS_ENABLED() and FGT in KVM code. - Fix naming of TPIDR2 FGT register bit. - Add patches making handling of floating point register bits more consistent (also sent as separate series). - Drop now unused enumeration of fine grained traps. v8: - Rebase onto v5.17-rc1. - Support interoperation with KVM, SME is disabled for KVM guests with minimal handling for cleaning up SME state when entering and leaving the guest. - Document and implement that signal handlers are invoked with ZA and streaming mode disabled. - Use the RDSVL instruction introduced in EAC2 of the architecture to obtain the streaming mode vector length during enumeration, ZA state loading/saving and in test programs. - Store a pointer to SVCR in fpsimd_last_state and use it in fpsimd_save() for interoperation with KVM. - Add a test case sme_trap_no_sm checking that we generate a SIGILL when using an instruction that requires streaming mode without enabling it. - Add basic ZA context form validation to testcases helper library. - Move signal tests over to validating streaming VL from ZA information. - Pulled in patch removing ARRAY_SIZE() so that kselftest builds cleanly and to avoid trivial conflicts. v7: - Rebase onto v5.16-rc3. - Reduce indentation when supporting custom triggers for signal tests as suggested by Catalin. - Change to specifying a width for all CPU features rather than adding single bit specific infrastructure. - Don't require zeroing of non-shared SVE state during syscalls. v6: - Rebase onto v5.16-rc1. - Return to disabling TIF_SVE on kernel entry even if we have SME state, this avoids the need for KVM to handle the case where TIF_SVE is set on guest entry. - Add syscall-abi.h to SME updates to syscall-abi, mistakenly omitted from commit. v5: - Rebase onto currently merged SVE and kselftest patches. - Add support for the FA64 option, introduced in the recently published EAC1 update to the specification. - Pull in test program for the syscall ABI previously sent separately with some revisions and add coverage for the SME ABI. - Fix checking for options with 1 bit fields in ID_AA64SMFR0_EL1. - Minor fixes and clarifications to the ABI documentation. v4: - Rebase onto merged patches. - Remove an uneeded NULL check in vec_proc_do_default_vl(). - Include patch to factor out utility routines in kselftests written in assembler. - Specify -ffreestanding when building TPIDR2 test. v3: - Skip FFR rather than predicate registers in sve_flush_live(). - Don't assume a bool is all zeros in sve_flush_live() as per AAPCS. - Don't redundantly specify a zero index when clearing FFR. v2: - Fix several issues with !SME and !SVE configurations. - Preserve TPIDR2 when creating a new thread/process unless CLONE_SETTLS is set. - Report traps due to using features in an invalid mode as SIGILL. - Spell out streaming mode behaviour in SVE ABI documentation more directly. - Document TPIDR2 in the ABI document. - Use SMSTART and SMSTOP rather than read/modify/write sequences. - Rework logic for exiting streaming mode on syscall. - Don't needlessly initialise SVCR on access trap. - Always restore SME VL for userspace if SME traps are disabled. - Only yield to encourage preemption every 128 iterations in za-test, otherwise do a getpid(), and validate SVCR after syscall. - Leave streaming mode disabled except when reading the vector length in za-test, and disable ZA after detecting a mismatch. - Add SME support to vlset. - Clarifications and typo fixes in comments. - Move sme_alloc() forward declaration back a patch. [1] https://community.arm.com/developer/ip-products/processors/b/processors-ip-… Mark Brown (40): arm64: Define CPACR_EL1_FPEN similarly to other floating point controls arm64: Always use individual bits in CPACR floating point enables arm64: cpufeature: Always specify and use a field width for capabilities kselftest/arm64: Remove local ARRAY_SIZE() definitions kselftest/arm64: signal: Allow tests to be incompatible with features arm64/sme: Provide ABI documentation for SME arm64/sme: System register and exception syndrome definitions arm64/sme: Manually encode SME instructions arm64/sme: Early CPU setup for SME arm64/sme: Basic enumeration support arm64/sme: Identify supported SME vector lengths at boot arm64/sme: Implement sysctl to set the default vector length arm64/sme: Implement vector length configuration prctl()s arm64/sme: Implement support for TPIDR2 arm64/sme: Implement SVCR context switching arm64/sme: Implement streaming SVE context switching arm64/sme: Implement ZA context switching arm64/sme: Implement traps and syscall handling for SME arm64/sme: Disable ZA and streaming mode when handling signals arm64/sme: Implement streaming SVE signal handling arm64/sme: Implement ZA signal handling arm64/sme: Implement ptrace support for streaming mode SVE registers arm64/sme: Add ptrace support for ZA arm64/sme: Disable streaming mode and ZA when flushing CPU state arm64/sme: Save and restore streaming mode over EFI runtime calls KVM: arm64: Hide SME system registers from guests KVM: arm64: Trap SME usage in guest KVM: arm64: Handle SME host state when running guests arm64/sme: Provide Kconfig for SME kselftest/arm64: Add manual encodings for SME instructions kselftest/arm64: sme: Add SME support to vlset kselftest/arm64: Add tests for TPIDR2 kselftest/arm64: Extend vector configuration API tests to cover SME kselftest/arm64: sme: Provide streaming mode SVE stress test kselftest/arm64: signal: Handle ZA signal context in core code kselftest/arm64: Add stress test for SME ZA context switching kselftest/arm64: signal: Add SME signal handling tests kselftest/arm64: Add streaming SVE to SVE ptrace tests kselftest/arm64: Add coverage for the ZA ptrace interface kselftest/arm64: Add SME support to syscall ABI test Documentation/arm64/elf_hwcaps.rst | 33 + Documentation/arm64/index.rst | 1 + Documentation/arm64/sme.rst | 427 +++++++++++++ Documentation/arm64/sve.rst | 70 ++- arch/arm64/Kconfig | 11 + arch/arm64/include/asm/cpu.h | 4 + arch/arm64/include/asm/cpufeature.h | 25 + arch/arm64/include/asm/el2_setup.h | 64 +- arch/arm64/include/asm/esr.h | 13 +- arch/arm64/include/asm/exception.h | 1 + arch/arm64/include/asm/fpsimd.h | 110 +++- arch/arm64/include/asm/fpsimdmacros.h | 87 +++ arch/arm64/include/asm/hwcap.h | 8 + arch/arm64/include/asm/kvm_arm.h | 5 +- arch/arm64/include/asm/kvm_host.h | 4 + arch/arm64/include/asm/processor.h | 26 +- arch/arm64/include/asm/sysreg.h | 71 ++- arch/arm64/include/asm/thread_info.h | 2 + arch/arm64/include/uapi/asm/hwcap.h | 8 + arch/arm64/include/uapi/asm/ptrace.h | 69 ++- arch/arm64/include/uapi/asm/sigcontext.h | 55 +- arch/arm64/kernel/cpufeature.c | 273 +++++++-- arch/arm64/kernel/cpuinfo.c | 13 + arch/arm64/kernel/entry-common.c | 11 + arch/arm64/kernel/entry-fpsimd.S | 36 ++ arch/arm64/kernel/fpsimd.c | 565 ++++++++++++++++-- arch/arm64/kernel/process.c | 28 +- arch/arm64/kernel/ptrace.c | 356 +++++++++-- arch/arm64/kernel/signal.c | 188 +++++- arch/arm64/kernel/syscall.c | 29 +- arch/arm64/kernel/traps.c | 1 + arch/arm64/kvm/fpsimd.c | 43 +- arch/arm64/kvm/hyp/include/hyp/switch.h | 4 +- arch/arm64/kvm/hyp/nvhe/switch.c | 30 + arch/arm64/kvm/hyp/vhe/switch.c | 15 +- arch/arm64/kvm/sys_regs.c | 9 +- arch/arm64/tools/cpucaps | 2 + include/uapi/linux/elf.h | 2 + include/uapi/linux/prctl.h | 9 + kernel/sys.c | 12 + tools/testing/selftests/arm64/abi/.gitignore | 1 + tools/testing/selftests/arm64/abi/Makefile | 9 +- .../selftests/arm64/abi/syscall-abi-asm.S | 79 ++- .../testing/selftests/arm64/abi/syscall-abi.c | 205 ++++++- .../testing/selftests/arm64/abi/syscall-abi.h | 15 + tools/testing/selftests/arm64/abi/tpidr2.c | 298 +++++++++ tools/testing/selftests/arm64/fp/.gitignore | 4 + tools/testing/selftests/arm64/fp/Makefile | 12 +- tools/testing/selftests/arm64/fp/rdvl-sme.c | 14 + tools/testing/selftests/arm64/fp/rdvl.S | 10 + tools/testing/selftests/arm64/fp/rdvl.h | 1 + tools/testing/selftests/arm64/fp/sme-inst.h | 51 ++ tools/testing/selftests/arm64/fp/ssve-stress | 59 ++ tools/testing/selftests/arm64/fp/sve-ptrace.c | 13 +- tools/testing/selftests/arm64/fp/sve-test.S | 20 + tools/testing/selftests/arm64/fp/vec-syscfg.c | 10 + tools/testing/selftests/arm64/fp/vlset.c | 10 +- tools/testing/selftests/arm64/fp/za-ptrace.c | 354 +++++++++++ tools/testing/selftests/arm64/fp/za-stress | 59 ++ tools/testing/selftests/arm64/fp/za-test.S | 388 ++++++++++++ .../testing/selftests/arm64/signal/.gitignore | 3 + .../selftests/arm64/signal/test_signals.h | 5 + .../arm64/signal/test_signals_utils.c | 40 +- .../arm64/signal/test_signals_utils.h | 2 + .../testcases/fake_sigreturn_sme_change_vl.c | 92 +++ .../arm64/signal/testcases/sme_trap_no_sm.c | 38 ++ .../signal/testcases/sme_trap_non_streaming.c | 45 ++ .../arm64/signal/testcases/sme_trap_za.c | 36 ++ .../selftests/arm64/signal/testcases/sme_vl.c | 68 +++ .../arm64/signal/testcases/ssve_regs.c | 133 +++++ .../arm64/signal/testcases/testcases.c | 36 ++ .../arm64/signal/testcases/testcases.h | 3 +- .../arm64/signal/testcases/za_regs.c | 128 ++++ 73 files changed, 4711 insertions(+), 250 deletions(-) create mode 100644 Documentation/arm64/sme.rst create mode 100644 tools/testing/selftests/arm64/abi/syscall-abi.h create mode 100644 tools/testing/selftests/arm64/abi/tpidr2.c create mode 100644 tools/testing/selftests/arm64/fp/rdvl-sme.c create mode 100644 tools/testing/selftests/arm64/fp/sme-inst.h create mode 100644 tools/testing/selftests/arm64/fp/ssve-stress create mode 100644 tools/testing/selftests/arm64/fp/za-ptrace.c create mode 100644 tools/testing/selftests/arm64/fp/za-stress create mode 100644 tools/testing/selftests/arm64/fp/za-test.S create mode 100644 tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sme_change_vl.c create mode 100644 tools/testing/selftests/arm64/signal/testcases/sme_trap_no_sm.c create mode 100644 tools/testing/selftests/arm64/signal/testcases/sme_trap_non_streaming.c create mode 100644 tools/testing/selftests/arm64/signal/testcases/sme_trap_za.c create mode 100644 tools/testing/selftests/arm64/signal/testcases/sme_vl.c create mode 100644 tools/testing/selftests/arm64/signal/testcases/ssve_regs.c create mode 100644 tools/testing/selftests/arm64/signal/testcases/za_regs.c base-commit: dfd42facf1e4ada021b939b4e19c935dcdd55566 -- 2.30.2

2 years, 11 months

5
56
0 0

[PATCH v2] selftests net: fix bpf build error

by Lina Wang

bpf_helpers.h has been moved to tools/lib/bpf since 5.10, so add more including path. Fixes: edae34a3ed92 ("selftests net: add UDP GRO fraglist + bpf self-tests") Reported-by: kernel test robot <oliver.sang(a)intel.com> Signed-off-by: Lina Wang <lina.wang(a)mediatek.com> --- tools/testing/selftests/net/bpf/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/net/bpf/Makefile b/tools/testing/selftests/net/bpf/Makefile index f91bf14bbee7..070251986dbe 100644 --- a/tools/testing/selftests/net/bpf/Makefile +++ b/tools/testing/selftests/net/bpf/Makefile @@ -2,6 +2,7 @@ CLANG ?= clang CCINCLUDE += -I../../bpf +CCINCLUDE += -I../../../../lib CCINCLUDE += -I../../../../../usr/include/ TEST_CUSTOM_PROGS = $(OUTPUT)/bpf/nat6to4.o -- 2.18.0

2 years, 11 months

3
3
0 0

[PATCH AUTOSEL 4.9 03/11] selftests/resctrl: Change the default limited time to 120 seconds

by Sasha Levin

From: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> [ Upstream commit e2e3fb6ef0d6548defbe0be6e092397aaa92f3a1 ] When testing on a Intel(R) Xeon(R) Gold 6254 CPU @ 3.10GHz the resctrl selftests fail due to timeout after exceeding the default time limit of 45 seconds. On this system the test takes about 68 seconds. Since the failing test by default accesses a fixed size of memory, the execution time should not vary significantly between different environment. A new default of 120 seconds should be sufficient yet easy to customize with the introduction of the "settings" file for reference. Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Reviewed-by: Fenghua Yu <fenghua.yu(a)intel.com> Signed-off-by: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/resctrl/settings | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 tools/testing/selftests/resctrl/settings diff --git a/tools/testing/selftests/resctrl/settings b/tools/testing/selftests/resctrl/settings new file mode 100644 index 000000000000..a383f3d4565b --- /dev/null +++ b/tools/testing/selftests/resctrl/settings @@ -0,0 +1,3 @@ +# If running time is longer than 120 seconds when new tests are added in +# the future, increase timeout here. +timeout=120 -- 2.35.1

2 years, 11 months

2
2
0 0

[PATCH 0/3] bpf: Add support for maps with authenticated values

by Roberto Sassu

One of the desirable features in security is the ability to restrict import of data to a given system based on data authenticity. If data import can be restricted, it would be possible to enforce a system-wide policy based on the signing keys the system owner trusts. This feature is widely used in the kernel. For example, if the restriction is enabled, kernel modules can be plugged in only if they are signed with a key whose public part is in the primary or secondary keyring. For eBPF, it can be useful as well. For example, it might be useful to authenticate data an eBPF program makes security decisions on. The initial idea for this feature was to provide an helper that eBPF programs might call to authenticate data whenever necessary. However, this restricts the ability to use that helper only in sleepable programs (due to crypto operations). Furthermore, data authentication would have been responsibility of eBPF programs. The proposed implementation instead shifts the responsibility of data authentication to the eBPF subsystem, upon request by the users. Whenever the users desire such feature, they just have to set a new map flag called BPF_F_VERIFY_ELEM. The eBPF subsystem ensures that only authenticated data can be added to the map. The check is performed during the execution of the bpf() system call when the commands are BPF_MAP_UPDATE_ELEM or BPF_MAP_UPDATE_BATCH. Since memory regions are not verified, usage of the BPF_F_MMAPABLE map flag is forbidden when BPF_F_VERIFY_ELEM is set. An advantage of shifting the responsibility of data authentication to the eBPF subsystem is that it can be offered to any kind of eBPF programs, not only the sleepable ones. When the new map flag BPF_F_VERIFY_ELEM is set, users have to provide a map value in the following format: +-------------------------------+---------------+-----+-----------------+ | verified data+sig size (be32) | verified data | sig | unverified data | +-------------------------------+---------------+-----+-----------------+ This is mostly the same format adopted for kernel modules, with the exception of the first field, as the size cannot be determined otherwise due to the fixed map value size. More details can be found in patch 1. Since the kernel already parses the format above, it was convenient to introduce also a new helper, called bpf_map_verified_data_size(), to return the size of verified data to the caller. This is done in patch 2. Finally, the added functionality is tested in patch 3. Roberto Sassu (3): bpf: Add BPF_F_VERIFY_ELEM to require signature verification on map values bpf: Introduce bpf_map_verified_data_size() helper bpf: Add tests for signed map values include/linux/bpf.h | 7 + include/uapi/linux/bpf.h | 11 + kernel/bpf/arraymap.c | 2 +- kernel/bpf/helpers.c | 15 ++ kernel/bpf/syscall.c | 70 ++++++ tools/include/uapi/linux/bpf.h | 11 + .../bpf/prog_tests/test_map_value_sig.c | 212 ++++++++++++++++++ .../selftests/bpf/progs/map_value_sig.c | 50 +++++ 8 files changed, 377 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/test_map_value_sig.c create mode 100644 tools/testing/selftests/bpf/progs/map_value_sig.c -- 2.25.1

2 years, 11 months

4
11
0 0

[PATCH] selftests/arm64: Fix mismerge of Makefile for fp tests

by Mark Brown

The FP Makefile defines two TEST_PROGS_EXTENDED instead of one of them and one one TEST_GEN_PROGS_EXTENDED for the programs that need compilation. Fix that. Fixes: a59f7a7f76407da78 ("selftests/arm64: Use TEST_GEN_PROGS_EXTENDED in the FP Makefile") Signed-off-by: Mark Brown <broonie(a)kernel.org> --- tools/testing/selftests/arm64/fp/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/fp/Makefile b/tools/testing/selftests/arm64/fp/Makefile index a41fef2c9669..36db61358ed5 100644 --- a/tools/testing/selftests/arm64/fp/Makefile +++ b/tools/testing/selftests/arm64/fp/Makefile @@ -9,7 +9,7 @@ TEST_GEN_PROGS := fp-stress \ sve-ptrace sve-probe-vls \ vec-syscfg \ za-fork za-ptrace -TEST_PROGS_EXTENDED := fp-pidbench fpsimd-test \ +TEST_GEN_PROGS_EXTENDED := fp-pidbench fpsimd-test \ rdvl-sme rdvl-sve \ sve-test \ ssve-test \ -- 2.30.2

2 years, 11 months

2
2
0 0

[PATCH v9 0/6] test_sysfs: add new selftest for sysfs

by Luis Chamberlain

On this v9 I've dropped the generic sysfs deadlock fix given Ming Lei has provided alternative fixes for the zram driver without incurring a generic lock *and* we don't yet have full assessment of how wide spread the deadlock case might be in the kernel. A full assessment effort is still underway using Coccinelle with iteration support, however that effort will take a bit more time to complete. We can re-evaluate the value of a generic fix later after the assessment is complete. This series now just adds the test_sysfs selftest and failure injection support for it on kernfs. The most valuable tests are those which confirm that once a kernfs active reference is obtained with kernfs_get_active() the pointers used there are still valid, and so using sysfs ops *are* safe if we race against module removal. Likewise it also confirms how module removal will *wait* for these ops to complete if a kernfs node is already active. This v9 series also addresses feedback mostly provided by Kees Cook and Greg. I also made a few changes to the test_sysfs driver to account for changes in the block layer. I also improved the kernfs failure injection tests with documentation of how they work and to account for the real expected return value of a write before the kernfs active reference is obtained. Upstream commit 8e141f9eb803e ("block: drain file system I/O on del_gendisk") has revealed that small minor induced delays on del_gendisk() can make a few writes succeed if the delays used are small. So we clarify the logic of why writes could either fail or succeed before the kernfs active reference is taken. These changes also availble on this tree: https://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux-next.git/log/?… v9: * rebased onto linux-next tag next-20211029 * add Reviewed-by tags for the SPDX change, and the drivers which get the tag for it * drop the generic sysfs deadlock fix for now as the scope of how wide spread the issue is still needs to be assessed * drop the zram patches as they are replaced by Ming Lei's fixes * drop already merged patches * try_module_get() docs: enhanced using feedback from Kees Cook. I extended the documention to make it clear that if proper care is not taken the use of this routine could crash the kernel. * kernfs: move failure injection knobs under /sys/kernel/debug/fail_kernfs as suggested by Kees Cook * kernfs: rename failure injection file to fault_inject.c as suggested by Kees Cook * kernfs: split up documentation of failure injection knobs as suggested by Kees Cook * kernfs: move the wait into debug call, and use a simple one liner may_wait() calls to make the changes much less intrusive and more readable as suggested by Kees Cook * kernfs: drop __func__ uses as suggested by Kees Cook * test_sysfs: use sizeof() instead of open coded 16 as suggested by Kees Cook * test_sysfs: use sysfs_emit as suggested by Kees Cook * test_sysfs: drop boiler place license as suggested by Greg KH * test_sysfs: use depends instead of select as suggested by Kees Cook * test_sysfs: drop #ifdefery as suggested by Kees Cook * test_sysfs: clarified that the use of a lock on rmmod which causes a deadlock is something drivers should avoid, and its why we leave the test disabled. * test_sysfs: now that device_add_disk() returns an error, use the new error return code, otherwise this is going to prevent us from eventually embracing __must_check() on that call on the block layer. * test_syfs: testdev_submit_bio() needed to change data types as now it returns void. * test_sysfs: enhance kernfs failure injection tests with documenation and correct the expected return value for writes Luis Chamberlain (6): LICENSES: Add the copyleft-next-0.3.1 license testing: use the copyleft-next-0.3.1 SPDX tag selftests: add tests_sysfs module kernfs: add initial failure injection support test_sysfs: add support to use kernfs failure injection kernel/module: add documentation for try_module_get() .../fault-injection/fault-injection.rst | 50 + LICENSES/dual/copyleft-next-0.3.1 | 237 +++ MAINTAINERS | 9 +- fs/kernfs/Makefile | 1 + fs/kernfs/fault_inject.c | 93 ++ fs/kernfs/file.c | 9 + fs/kernfs/kernfs-internal.h | 70 + include/linux/kernfs.h | 5 + include/linux/module.h | 37 +- lib/Kconfig.debug | 23 + lib/Makefile | 1 + lib/test_kmod.c | 12 +- lib/test_sysctl.c | 12 +- lib/test_sysfs.c | 913 +++++++++++ tools/testing/selftests/kmod/kmod.sh | 13 +- tools/testing/selftests/sysctl/sysctl.sh | 12 +- tools/testing/selftests/sysfs/Makefile | 12 + tools/testing/selftests/sysfs/config | 5 + tools/testing/selftests/sysfs/settings | 1 + tools/testing/selftests/sysfs/sysfs.sh | 1411 +++++++++++++++++ 20 files changed, 2878 insertions(+), 48 deletions(-) create mode 100644 LICENSES/dual/copyleft-next-0.3.1 create mode 100644 fs/kernfs/fault_inject.c create mode 100644 lib/test_sysfs.c create mode 100644 tools/testing/selftests/sysfs/Makefile create mode 100644 tools/testing/selftests/sysfs/config create mode 100644 tools/testing/selftests/sysfs/settings create mode 100755 tools/testing/selftests/sysfs/sysfs.sh -- 2.30.2

2 years, 11 months

9
35
0 0

[PATCH] kselftest/arm64: signal: Skip SVE signal test if not enough VLs supported

by Cristian Marussi

On platform where SVE is supported but there are less than 2 VLs available the signal SVE change test should be skipped instead of failing. Reported-by: Andre Przywara <andre.przywara(a)arm.com> Tested-by: Andre Przywara <andre.przywara(a)arm.com> Cc: Mark Brown <broonie(a)kernel.org> Signed-off-by: Cristian Marussi <cristian.marussi(a)arm.com> --- .../arm64/signal/testcases/fake_sigreturn_sve_change_vl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sve_change_vl.c b/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sve_change_vl.c index bb50b5adbf10..915821375b0a 100644 --- a/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sve_change_vl.c +++ b/tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sve_change_vl.c @@ -6,6 +6,7 @@ * supported and is expected to segfault. */ +#include <kselftest.h> #include <signal.h> #include <ucontext.h> #include <sys/prctl.h> @@ -40,6 +41,7 @@ static bool sve_get_vls(struct tdescr *td) /* We need at least two VLs */ if (nvls < 2) { fprintf(stderr, "Only %d VL supported\n", nvls); + td->result = KSFT_SKIP; return false; } -- 2.36.1

2 years, 11 months

3
2
0 0

[ANN] Discord server for testing Linux with kdevops

by Luis Chamberlain

I've setup a discord server for general discussions around Linux kernel testing with kdevops. This should help with coordination around kdevops in an accessible way for: * The shared kdevops repository and dependent trees on the linux-kdevops organization: https://github.com/linux-kdevops/ * Sharing of expunges for fstests / blktests for different filesystems / configuration / kernel releases * Shared hardware resources such as the public Super Micro bigtwin server currently used to help test fstests and blktests * Future potential shared cloud credits * Streamlining reports for new issues found on stable kernels or Linus's tree or linux-next * Storing / sharing test failure artifacts The discord server: https://discord.gg/pWgZZhRp Luis

2 years, 11 months

1
0
0 0

[REGRESSION] lkft kselftest for next-20220602

by lkft＠linaro.org

## Build * kernel: 5.18.0 * git: ['', 'https://gitlab.com/Linaro/lkft/mirrors/next/linux-next'] * git branch: master * git commit: 2e776ccffa840ce53ee1c21bde54cbe4bc102c3b * git describe: next-20220602 * test details: https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20220602 ## Test Regressions (compared to next-20220601) * qemu_arm, kselftest-seccomp - seccomp.seccomp_benchmark ## Metric Regressions (compared to next-20220601) No metric regressions found. Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> ## Test Fixes (compared to next-20220601) No test fixes found. ## Metric Fixes (compared to next-20220601) No metric fixes found. ## Test result summary total: 508, pass: 253, fail: 105, skip: 150, xfail: 0 ## Build Summary ## Test suites summary * kselftest-android * kselftest-breakpoints * kselftest-capabilities * kselftest-cgroup * kselftest-clone3 * kselftest-core * kselftest-cpu-hotplug * kselftest-cpufreq * kselftest-drivers * kselftest-efivarfs * kselftest-filesystems * kselftest-firmware * kselftest-fpu * kselftest-gpio * kselftest-ipc * kselftest-ir * kselftest-kcmp * kselftest-kvm * kselftest-lib * kselftest-membarrier * kselftest-openat2 * kselftest-pid_namespace * kselftest-pidfd * kselftest-proc * kselftest-pstore * kselftest-rseq * kselftest-rtc * kselftest-seccomp * kselftest-sigaltstack * kselftest-size * kselftest-splice * kselftest-static_keys * kselftest-sync * kselftest-sysctl * kselftest-timens * kselftest-timers * kselftest-tmpfs * kselftest-tpm2 * kselftest-user * kselftest-vm -- Linaro LKFT https://lkft.linaro.org

2 years, 11 months

1
0
0 0

[PATCH net-next v2] selftests: net: fib_rule_tests: fix support for running individual tests

by Alaa Mohamed

parsing and usage of -t got missed in the previous patch. this patch fixes it Signed-off-by: Alaa Mohamed <eng.alaamohamedsoliman.am(a)gmail.com> --- changes in v2: edit commit subject and message. --- tools/testing/selftests/net/fib_rule_tests.sh | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tools/testing/selftests/net/fib_rule_tests.sh b/tools/testing/selftests/net/fib_rule_tests.sh index bbe3b379927a..c245476fa29d 100755 --- a/tools/testing/selftests/net/fib_rule_tests.sh +++ b/tools/testing/selftests/net/fib_rule_tests.sh @@ -303,6 +303,29 @@ run_fibrule_tests() log_section "IPv6 fib rule" fib_rule6_test } +################################################################################ +# usage + +usage() +{ + cat <<EOF +usage: ${0##*/} OPTS + + -t <test> Test(s) to run (default: all) + (options: $TESTS) +EOF +} + +################################################################################ +# main + +while getopts ":t:h" opt; do + case $opt in + t) TESTS=$OPTARG;; + h) usage; exit 0;; + *) usage; exit 1;; + esac +done if [ "$(id -u)" -ne 0 ];then echo "SKIP: Need root privileges" -- 2.25.1

2 years, 11 months

2
1
0 0

[PATCH AUTOSEL 4.14 04/14] selftests/resctrl: Change the default limited time to 120 seconds

by Sasha Levin

From: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> [ Upstream commit e2e3fb6ef0d6548defbe0be6e092397aaa92f3a1 ] When testing on a Intel(R) Xeon(R) Gold 6254 CPU @ 3.10GHz the resctrl selftests fail due to timeout after exceeding the default time limit of 45 seconds. On this system the test takes about 68 seconds. Since the failing test by default accesses a fixed size of memory, the execution time should not vary significantly between different environment. A new default of 120 seconds should be sufficient yet easy to customize with the introduction of the "settings" file for reference. Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Reviewed-by: Fenghua Yu <fenghua.yu(a)intel.com> Signed-off-by: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/resctrl/settings | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 tools/testing/selftests/resctrl/settings diff --git a/tools/testing/selftests/resctrl/settings b/tools/testing/selftests/resctrl/settings new file mode 100644 index 000000000000..a383f3d4565b --- /dev/null +++ b/tools/testing/selftests/resctrl/settings @@ -0,0 +1,3 @@ +# If running time is longer than 120 seconds when new tests are added in +# the future, increase timeout here. +timeout=120 -- 2.35.1

2 years, 11 months

1
0
0 0

[PATCH AUTOSEL 4.19 05/15] selftests/resctrl: Change the default limited time to 120 seconds

by Sasha Levin

From: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> [ Upstream commit e2e3fb6ef0d6548defbe0be6e092397aaa92f3a1 ] When testing on a Intel(R) Xeon(R) Gold 6254 CPU @ 3.10GHz the resctrl selftests fail due to timeout after exceeding the default time limit of 45 seconds. On this system the test takes about 68 seconds. Since the failing test by default accesses a fixed size of memory, the execution time should not vary significantly between different environment. A new default of 120 seconds should be sufficient yet easy to customize with the introduction of the "settings" file for reference. Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Reviewed-by: Fenghua Yu <fenghua.yu(a)intel.com> Signed-off-by: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/resctrl/settings | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 tools/testing/selftests/resctrl/settings diff --git a/tools/testing/selftests/resctrl/settings b/tools/testing/selftests/resctrl/settings new file mode 100644 index 000000000000..a383f3d4565b --- /dev/null +++ b/tools/testing/selftests/resctrl/settings @@ -0,0 +1,3 @@ +# If running time is longer than 120 seconds when new tests are added in +# the future, increase timeout here. +timeout=120 -- 2.35.1

2 years, 11 months

1
0
0 0

[PATCH AUTOSEL 5.4 07/20] selftests/resctrl: Change the default limited time to 120 seconds

by Sasha Levin

From: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> [ Upstream commit e2e3fb6ef0d6548defbe0be6e092397aaa92f3a1 ] When testing on a Intel(R) Xeon(R) Gold 6254 CPU @ 3.10GHz the resctrl selftests fail due to timeout after exceeding the default time limit of 45 seconds. On this system the test takes about 68 seconds. Since the failing test by default accesses a fixed size of memory, the execution time should not vary significantly between different environment. A new default of 120 seconds should be sufficient yet easy to customize with the introduction of the "settings" file for reference. Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Reviewed-by: Fenghua Yu <fenghua.yu(a)intel.com> Signed-off-by: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/resctrl/settings | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 tools/testing/selftests/resctrl/settings diff --git a/tools/testing/selftests/resctrl/settings b/tools/testing/selftests/resctrl/settings new file mode 100644 index 000000000000..a383f3d4565b --- /dev/null +++ b/tools/testing/selftests/resctrl/settings @@ -0,0 +1,3 @@ +# If running time is longer than 120 seconds when new tests are added in +# the future, increase timeout here. +timeout=120 -- 2.35.1

2 years, 11 months

1
0
0 0

[PATCH AUTOSEL 5.10 11/26] selftests/resctrl: Change the default limited time to 120 seconds

by Sasha Levin

From: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> [ Upstream commit e2e3fb6ef0d6548defbe0be6e092397aaa92f3a1 ] When testing on a Intel(R) Xeon(R) Gold 6254 CPU @ 3.10GHz the resctrl selftests fail due to timeout after exceeding the default time limit of 45 seconds. On this system the test takes about 68 seconds. Since the failing test by default accesses a fixed size of memory, the execution time should not vary significantly between different environment. A new default of 120 seconds should be sufficient yet easy to customize with the introduction of the "settings" file for reference. Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Reviewed-by: Fenghua Yu <fenghua.yu(a)intel.com> Signed-off-by: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/resctrl/settings | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 tools/testing/selftests/resctrl/settings diff --git a/tools/testing/selftests/resctrl/settings b/tools/testing/selftests/resctrl/settings new file mode 100644 index 000000000000..a383f3d4565b --- /dev/null +++ b/tools/testing/selftests/resctrl/settings @@ -0,0 +1,3 @@ +# If running time is longer than 120 seconds when new tests are added in +# the future, increase timeout here. +timeout=120 -- 2.35.1

2 years, 11 months

1
0
0 0

[PATCH AUTOSEL 5.15 16/37] selftests/resctrl: Change the default limited time to 120 seconds

by Sasha Levin

From: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> [ Upstream commit e2e3fb6ef0d6548defbe0be6e092397aaa92f3a1 ] When testing on a Intel(R) Xeon(R) Gold 6254 CPU @ 3.10GHz the resctrl selftests fail due to timeout after exceeding the default time limit of 45 seconds. On this system the test takes about 68 seconds. Since the failing test by default accesses a fixed size of memory, the execution time should not vary significantly between different environment. A new default of 120 seconds should be sufficient yet easy to customize with the introduction of the "settings" file for reference. Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Reviewed-by: Fenghua Yu <fenghua.yu(a)intel.com> Signed-off-by: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/resctrl/settings | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 tools/testing/selftests/resctrl/settings diff --git a/tools/testing/selftests/resctrl/settings b/tools/testing/selftests/resctrl/settings new file mode 100644 index 000000000000..a383f3d4565b --- /dev/null +++ b/tools/testing/selftests/resctrl/settings @@ -0,0 +1,3 @@ +# If running time is longer than 120 seconds when new tests are added in +# the future, increase timeout here. +timeout=120 -- 2.35.1

2 years, 11 months

1
0
0 0

[PATCH AUTOSEL 5.17 19/48] selftests/resctrl: Change the default limited time to 120 seconds

by Sasha Levin

From: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> [ Upstream commit e2e3fb6ef0d6548defbe0be6e092397aaa92f3a1 ] When testing on a Intel(R) Xeon(R) Gold 6254 CPU @ 3.10GHz the resctrl selftests fail due to timeout after exceeding the default time limit of 45 seconds. On this system the test takes about 68 seconds. Since the failing test by default accesses a fixed size of memory, the execution time should not vary significantly between different environment. A new default of 120 seconds should be sufficient yet easy to customize with the introduction of the "settings" file for reference. Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Reviewed-by: Fenghua Yu <fenghua.yu(a)intel.com> Signed-off-by: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/resctrl/settings | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 tools/testing/selftests/resctrl/settings diff --git a/tools/testing/selftests/resctrl/settings b/tools/testing/selftests/resctrl/settings new file mode 100644 index 000000000000..a383f3d4565b --- /dev/null +++ b/tools/testing/selftests/resctrl/settings @@ -0,0 +1,3 @@ +# If running time is longer than 120 seconds when new tests are added in +# the future, increase timeout here. +timeout=120 -- 2.35.1

2 years, 11 months

1
0
0 0

[PATCH AUTOSEL 5.18 19/49] selftests/resctrl: Change the default limited time to 120 seconds

by Sasha Levin

From: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> [ Upstream commit e2e3fb6ef0d6548defbe0be6e092397aaa92f3a1 ] When testing on a Intel(R) Xeon(R) Gold 6254 CPU @ 3.10GHz the resctrl selftests fail due to timeout after exceeding the default time limit of 45 seconds. On this system the test takes about 68 seconds. Since the failing test by default accesses a fixed size of memory, the execution time should not vary significantly between different environment. A new default of 120 seconds should be sufficient yet easy to customize with the introduction of the "settings" file for reference. Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Reviewed-by: Fenghua Yu <fenghua.yu(a)intel.com> Signed-off-by: Shaopeng Tan <tan.shaopeng(a)jp.fujitsu.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/resctrl/settings | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 tools/testing/selftests/resctrl/settings diff --git a/tools/testing/selftests/resctrl/settings b/tools/testing/selftests/resctrl/settings new file mode 100644 index 000000000000..a383f3d4565b --- /dev/null +++ b/tools/testing/selftests/resctrl/settings @@ -0,0 +1,3 @@ +# If running time is longer than 120 seconds when new tests are added in +# the future, increase timeout here. +timeout=120 -- 2.35.1

2 years, 11 months

1
0
0 0

lkft kselftest for next-20220601

by lkft＠linaro.org

## Build * kernel: 5.18.0 * git: ['', 'https://gitlab.com/Linaro/lkft/mirrors/next/linux-next'] * git branch: master * git commit: 5d8e7e3bbaaf115a935accd269873469928848c0 * git describe: next-20220601 * test details: https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20220601 ## Test Regressions (compared to next-20220531) No test regressions found. ## Metric Regressions (compared to next-20220531) No metric regressions found. Tested-by: Linux Kernel Functional Testing <lkft(a)linaro.org> ## Test Fixes (compared to next-20220531) * qemu_arm, kselftest-seccomp - seccomp.seccomp_benchmark ## Metric Fixes (compared to next-20220531) No metric fixes found. ## Test result summary total: 546, pass: 266, fail: 108, skip: 172, xfail: 0 ## Build Summary ## Test suites summary * kselftest-android * kselftest-breakpoints * kselftest-capabilities * kselftest-cgroup * kselftest-clone3 * kselftest-core * kselftest-cpu-hotplug * kselftest-cpufreq * kselftest-drivers * kselftest-efivarfs * kselftest-filesystems * kselftest-firmware * kselftest-fpu * kselftest-gpio * kselftest-ipc * kselftest-ir * kselftest-kcmp * kselftest-kvm * kselftest-lib * kselftest-membarrier * kselftest-openat2 * kselftest-pid_namespace * kselftest-pidfd * kselftest-proc * kselftest-pstore * kselftest-rseq * kselftest-rtc * kselftest-seccomp * kselftest-sigaltstack * kselftest-size * kselftest-splice * kselftest-static_keys * kselftest-sync * kselftest-sysctl * kselftest-timens * kselftest-timers * kselftest-tmpfs * kselftest-tpm2 * kselftest-user * kselftest-vm -- Linaro LKFT https://lkft.linaro.org

2 years, 11 months

1
0
0 0

Koszty instalacji fotowoltaicznej

by "Arkadiusz Sokołowski"

Dzień dobry, stworzyliśmy specjalną ofertę dla firm, na kompleksową obsługę inwestycji w fotowoltaikę. Specjalizujemy się w zakresie doboru, montażu i serwisie instalacji fotowoltaicznych, dysponujemy najnowocześniejszymi rozwiązania, które zapewnią Państwu oczekiwane rezultaty. Możemy przygotować dla Państwa wstępną kalkulację i przeanalizować efekty możliwe do osiągnięcia. Czy są Państwo otwarci na wstępną rozmowę w tym temacie? Pozdrawiam, Arkadiusz Sokołowski

2 years, 11 months

1
0
0 0

[PATCH] selftests net: fix bpf build error

by Lina Wang

bpf_helpers.h has been moved to tools/lib/bpf since 5.10, so add more incliding path. Fixes: edae34a3ed92 ("selftests net: add UDP GRO fraglist + bpf self-tests") Reported-by: kernel test robot <oliver.sang(a)intel.com> Signed-off-by: Lina Wang <lina.wang(a)mediatek.com> --- tools/testing/selftests/net/bpf/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/net/bpf/Makefile b/tools/testing/selftests/net/bpf/Makefile index f91bf14bbee7..070251986dbe 100644 --- a/tools/testing/selftests/net/bpf/Makefile +++ b/tools/testing/selftests/net/bpf/Makefile @@ -2,6 +2,7 @@ CLANG ?= clang CCINCLUDE += -I../../bpf +CCINCLUDE += -I../../../../lib CCINCLUDE += -I../../../../../usr/include/ TEST_CUSTOM_PROGS = $(OUTPUT)/bpf/nat6to4.o -- 2.18.0

2 years, 11 months

3
3
0 0

[PATCH V5 00/31] x86/sgx and selftests/sgx: Support SGX2

by Reinette Chatre

V4: https://lore.kernel.org/lkml/cover.1649878359.git.reinette.chatre@intel.com/ Changes since V4 that directly impact user space: - SGX_IOC_ENCLAVE_MODIFY_TYPES ioctl()'s struct was renamed from struct sgx_enclave_modify_type to struct sgx_enclave_modify_types. (Jarkko) Details about changes since V4 that do not directly impact user space: - Related function names were changed to match with the struct name change: sgx_ioc_enclave_modify_type() -> sgx_ioc_enclave_modify_types() sgx_enclave_modify_type() -> sgx_enclave_modify_types() - Revert a SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS parameter check that requires read permission. The hardware does support restricting enclave page permission to zero permissions. Replace with permission check to ensure read permission is set when write permission is set. This is verified early to prevent a later fault of the instruction. (Vijay). - Do not attempt direct reclaim if no EPC pages available during page fault. mmap_lock is already held in page fault handler so attempting to take it again while running sgx_reclaim_pages() has risk of deadlock. This was discovered by lockdep during stress testing. - Pick up Reviewed-by and Tested-by tags from Jarkko. - Pick up Tested-by tags from Haitao after testing with Intel SGX SDK/PSW. - Pick up Tested-by tags from Vijay after testing with Gramine. V3: https://lore.kernel.org/lkml/cover.1648847675.git.reinette.chatre@intel.com/ Changes since V3 that directly impact user space: - SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS ioctl()'s struct sgx_enclave_restrict_permissions no longer provides entire secinfo, just the new permissions in new "permissions" struct member. (Jarkko) - Rename SGX_IOC_ENCLAVE_MODIFY_TYPE ioctl() to SGX_IOC_ENCLAVE_MODIFY_TYPES. (Jarkko) - SGX_IOC_ENCLAVE_MODIFY_TYPES ioctl()'s struct sgx_enclave_modify_type no longer provides entire secinfo, just the new page type in new "page_type" struct member. (Jarkko) Details about changes since V3 that do not directly impact user space: - Add new patch to enable VA pages to be added without invoking reclaimer directly if no EPC pages are available, failing instead. This enables VA pages to be added with enclave's mutex held. Fixes an issue encountered by Haitao. More details in new patch "x86/sgx: Support VA page allocation without reclaiming". - While refactoring, change existing code to consistently use IS_ALIGNED(). (Jarkko) - Many patches received a tag from Jarkko. - Many smaller changes, please refer to individual patches. V2: https://lore.kernel.org/lkml/cover.1644274683.git.reinette.chatre@intel.com/ Changes since V2 that directly impact user space: - Maximum allowed permissions of dynamically added pages is RWX, previously limited to RW. (Jarkko) Dynamically added pages are initially created with architecturally limited EPCM permissions of RW. mmap() and mprotect() of these pages with RWX permissions would no longer be blocked by SGX driver. PROT_EXEC on dynamically added pages will be possible after running ENCLU[EMODPE] from within the enclave with appropriate VMA permissions. - The kernel no longer attempts to track the EPCM runtime permissions. (Jarkko) Consequences are: - Kernel does not modify PTEs to follow EPCM permissions. User space will receive #PF with SGX error code in cases where the V2 implementation would have resulted in regular (non-SGX) page fault error code. - SGX_IOC_ENCLAVE_RELAX_PERMISSIONS is removed. This ioctl() was used to clear PTEs after permissions were modified from within the enclave and ensure correct PTEs are installed. Since PTEs no longer track EPCM permissions the changes in EPCM permissions would not impact PTEs. As long as new permissions are within the maximum vetted permissions (vm_max_prot_bits) only ENCLU[EMODPE] from within enclave is needed, as accompanied by appropriate VMA permissions. - struct sgx_enclave_restrict_perm renamed to sgx_enclave_restrict_permissions (Jarkko) - struct sgx_enclave_modt renamed to struct sgx_enclave_modify_type to be consistent with the verbose naming of other SGX uapi structs. Details about changes since V2 that do not directly impact user space: - Kernel no longer tracks the runtime EPCM permissions with the aim of installing accurate PTEs. (Jarkko) - In support of this change the following patches were removed: Documentation/x86: Document SGX permission details x86/sgx: Support VMA permissions more relaxed than enclave permissions x86/sgx: Add pfn_mkwrite() handler for present PTEs x86/sgx: Add sgx_encl_page->vm_run_prot_bits for dynamic permission changes x86/sgx: Support relaxing of enclave page permissions - No more handling of scenarios where VMA permissions may be more relaxed than what the EPCM allows. Enclaves are not prevented from accessing such pages and the EPCM permissions are entrusted to control access as supported by the SGX error code in page faults. - No more explicit setting of protection bits in page fault handler. Protection bits are inherited from VMA similar to SGX1 support. - Selftest patches are moved to the end of the series. (Jarkko) - New patch contributed by Jarkko to avoid duplicated code: x86/sgx: Export sgx_encl_page_alloc() - New patch separating changes from existing patch. (Jarkko) x86/sgx: Export sgx_encl_{grow,shrink}() - New patch to keep one required benefit from the (now removed) kernel EPCM permission tracking: x86/sgx: Support loading enclave page without VMA permissions check - Updated cover letter to reflect architecture changes. - Many smaller changes, please refer to individual patches. V1: https://lore.kernel.org/linux-sgx/cover.1638381245.git.reinette.chatre@inte… Changes since V1 that directly impact user space: - SGX2 permission changes changed from a single ioctl() named SGX_IOC_PAGE_MODP to two new ioctl()s: SGX_IOC_ENCLAVE_RELAX_PERMISSIONS and SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS, supported by two different parameter structures (SGX_IOC_ENCLAVE_RELAX_PERMISSIONS does not support a result output parameter) (Jarkko). User space flow impact: After user space runs ENCLU[EMODPE] it needs to call SGX_IOC_ENCLAVE_RELAX_PERMISSIONS to have PTEs updated. Previously running SGX_IOC_PAGE_MODP in this scenario resulted in EPCM.PR being set but calling SGX_IOC_ENCLAVE_RELAX_PERMISSIONS will not result in EPCM.PR being set anymore and thus no need for an additional ENCLU[EACCEPT]. - SGX_IOC_ENCLAVE_RELAX_PERMISSIONS and SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS obtain new permissions from secinfo as parameter instead of the permissions directly (Jarkko). - ioctl() supporting SGX2 page type change is renamed from SGX_IOC_PAGE_MODT to SGX_IOC_ENCLAVE_MODIFY_TYPE (Jarkko). - SGX_IOC_ENCLAVE_MODIFY_TYPE obtains new page type from secinfo as parameter instead of the page type directly (Jarkko). - ioctl() supporting SGX2 page removal is renamed from SGX_IOC_PAGE_REMOVE to SGX_IOC_ENCLAVE_REMOVE_PAGES (Jarkko). - All ioctl() parameter structures have been renamed as a result of the ioctl() renaming: SGX_IOC_ENCLAVE_RELAX_PERMISSIONS => struct sgx_enclave_relax_perm SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS => struct sgx_enclave_restrict_perm SGX_IOC_ENCLAVE_MODIFY_TYPE => struct sgx_enclave_modt SGX_IOC_ENCLAVE_REMOVE_PAGES => struct sgx_enclave_remove_pages Changes since V1 that do not directly impact user space: - Number of patches in series increased from 25 to 32 primarily because of splitting the original submission: - Wrappers for the new SGX2 functions are introduced in three separate patches replacing the original "x86/sgx: Add wrappers for SGX2 functions" (Jarkko). - Moving and renaming sgx_encl_ewb_cpumask() is done with two patches replacing the original "x86/sgx: Use more generic name for enclave cpumask function" (Jarkko). - Support for SGX2 EPCM permission changes is split into two ioctls(), one for relaxing and one for restricting permissions, each introduced by a new patch replacing the original "x86/sgx: Support enclave page permission changes" (Jarkko). - Extracted code used by existing ioctls() for usage by new ioctl()s into a new utility in new patch "x86/sgx: Create utility to validate user provided offset and length" (Dave did not specifically ask for this but it addresses his review feedback). - Two new Documentation patches to support the SGX2 work ("Documentation/x86: Introduce enclave runtime management") and a dedicated section on the enclave permission management ("Documentation/x86: Document SGX permission details") (Andy). - Most patches were reworked to improve the language by: * aiming to refer to exact item instead of English rephrasing (Jarkko). * use ioctl() instead of ioctl throughout (Dave). * Use "relaxed" instead of "exceed" when referring to permissions (Dave). - Improved documentation with several additions to Documentation/x86/sgx.rst. - Many smaller changes, please refer to individual patches. Hi Everybody, The current Linux kernel support for SGX includes support for SGX1 that requires that an enclave be created with properties that accommodate all usages over its (the enclave's) lifetime. This includes properties such as permissions of enclave pages, the number of enclave pages, and the number of threads supported by the enclave. Consequences of this requirement to have the enclave be created to accommodate all usages include: * pages needing to support relocated code are required to have RWX permissions for their entire lifetime, * an enclave needs to be created with the maximum stack and heap projected to be needed during the enclave's entire lifetime which can be longer than the processes running within it, * an enclave needs to be created with support for the maximum number of threads projected to run in the enclave. Since SGX1 a few more functions were introduced, collectively called SGX2, that support modifications to an initialized enclave. Hardware supporting these functions are already available as listed on https://github.com/ayeks/SGX-hardware This series adds support for SGX2, also referred to as Enclave Dynamic Memory Management (EDMM). This includes: * Support modifying EPCM permissions of regular enclave pages belonging to an initialized enclave. Only permission restriction is supported via a new ioctl() SGX_IOC_ENCLAVE_RESTRICT_PERMISSIONS. Relaxing of EPCM permissions can only be done from within the enclave with the SGX instruction ENCLU[EMODPE]. * Support dynamic addition of regular enclave pages to an initialized enclave. At creation new pages are architecturally limited to RW EPCM permissions but will be accessible with PROT_EXEC after the enclave runs ENCLU[EMODPE] to relax EPCM permissions to RWX. Pages are dynamically added to an initialized enclave from the SGX page fault handler. * Support expanding an initialized enclave to accommodate more threads. More threads can be accommodated by an enclave with the addition of Thread Control Structure (TCS) pages that is done by changing the type of regular enclave pages to TCS pages using a new ioctl() SGX_IOC_ENCLAVE_MODIFY_TYPES. * Support removing regular and TCS pages from an initialized enclave. Removing pages is accomplished in two stages as supported by two new ioctl()s SGX_IOC_ENCLAVE_MODIFY_TYPES (same ioctl() as mentioned in previous bullet) and SGX_IOC_ENCLAVE_REMOVE_PAGES. * Tests covering all the new flows, some edge cases, and one comprehensive stress scenario. No additional work is needed to support SGX2 in a virtualized environment. All tests included in this series passed when run from a guest as tested with the recent QEMU release based on 6.2.0 that supports SGX. Patches 1 through 14 prepare the existing code for SGX2 support by introducing the SGX2 functions, refactoring code, and tracking enclave page types. Patches 15 through 21 enable the SGX2 features and include a Documentation patch. Patches 22 through 31 test several scenarios of all the enabled SGX2 features. This series is based on v5.18-rc5 with recently submitted SGX shmem fixes applied: https://lore.kernel.org/linux-sgx/cover.1652131695.git.reinette.chatre@inte… A repo with both series applied is available: repo: https://github.com/rchatre/linux.git branch: sgx/sgx2_submitted_v5_plus_rwx This SGX2 series also applies directly to v5.18-rc5 if done with a 3-way merge since it and the shmem fixes both make changes to arch/x86/kernel/cpu/sgx/encl.h but do not have direct conflicts. Your feedback will be greatly appreciated. Regards, Reinette Jarkko Sakkinen (1): x86/sgx: Export sgx_encl_page_alloc() Reinette Chatre (30): x86/sgx: Add short descriptions to ENCLS wrappers x86/sgx: Add wrapper for SGX2 EMODPR function x86/sgx: Add wrapper for SGX2 EMODT function x86/sgx: Add wrapper for SGX2 EAUG function x86/sgx: Support loading enclave page without VMA permissions check x86/sgx: Export sgx_encl_ewb_cpumask() x86/sgx: Rename sgx_encl_ewb_cpumask() as sgx_encl_cpumask() x86/sgx: Move PTE zap code to new sgx_zap_enclave_ptes() x86/sgx: Make sgx_ipi_cb() available internally x86/sgx: Create utility to validate user provided offset and length x86/sgx: Keep record of SGX page type x86/sgx: Export sgx_encl_{grow,shrink}() x86/sgx: Support VA page allocation without reclaiming x86/sgx: Support restricting of enclave page permissions x86/sgx: Support adding of pages to an initialized enclave x86/sgx: Tighten accessible memory range after enclave initialization x86/sgx: Support modifying SGX page type x86/sgx: Support complete page removal x86/sgx: Free up EPC pages directly to support large page ranges Documentation/x86: Introduce enclave runtime management section selftests/sgx: Add test for EPCM permission changes selftests/sgx: Add test for TCS page permission changes selftests/sgx: Test two different SGX2 EAUG flows selftests/sgx: Introduce dynamic entry point selftests/sgx: Introduce TCS initialization enclave operation selftests/sgx: Test complete changing of page type flow selftests/sgx: Test faulty enclave behavior selftests/sgx: Test invalid access to removed enclave page selftests/sgx: Test reclaiming of untouched page selftests/sgx: Page removal stress test Documentation/x86/sgx.rst | 15 + arch/x86/include/asm/sgx.h | 8 + arch/x86/include/uapi/asm/sgx.h | 62 + arch/x86/kernel/cpu/sgx/encl.c | 329 +++- arch/x86/kernel/cpu/sgx/encl.h | 15 +- arch/x86/kernel/cpu/sgx/encls.h | 33 + arch/x86/kernel/cpu/sgx/ioctl.c | 641 +++++++- arch/x86/kernel/cpu/sgx/main.c | 75 +- arch/x86/kernel/cpu/sgx/sgx.h | 3 + tools/testing/selftests/sgx/defines.h | 23 + tools/testing/selftests/sgx/load.c | 41 + tools/testing/selftests/sgx/main.c | 1435 +++++++++++++++++ tools/testing/selftests/sgx/main.h | 1 + tools/testing/selftests/sgx/test_encl.c | 68 + .../selftests/sgx/test_encl_bootstrap.S | 6 + 15 files changed, 2627 insertions(+), 128 deletions(-) base-commit: 672c0c5173427e6b3e2a9bbb7be51ceeec78093a prerequisite-patch-id: 1a738c00922b0ec865f2674c6f4f8be9ff9b1aab prerequisite-patch-id: 792889ea9bdfae8c150b1be5c16da697bc404422 prerequisite-patch-id: 78ed2d6251ead724bcb96e0f058bb39dca9eba04 prerequisite-patch-id: cbb715e565631a146eb3cd902455ebaa5d489872 prerequisite-patch-id: 3e853bae87d94f8695a48c537ef32a516f415933 -- 2.25.1

2 years, 11 months

2
35
0 0

[PATCH net-next] selftests: net: fib_rule_tests: add support to run individual tests

by Alaa Mohamed

add -t option to run individual tests in the test with -t option Signed-off-by: Alaa Mohamed <eng.alaamohamedsoliman.am(a)gmail.com> --- tools/testing/selftests/net/fib_rule_tests.sh | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tools/testing/selftests/net/fib_rule_tests.sh b/tools/testing/selftests/net/fib_rule_tests.sh index bbe3b379927a..c245476fa29d 100755 --- a/tools/testing/selftests/net/fib_rule_tests.sh +++ b/tools/testing/selftests/net/fib_rule_tests.sh @@ -303,6 +303,29 @@ run_fibrule_tests() log_section "IPv6 fib rule" fib_rule6_test } +################################################################################ +# usage + +usage() +{ + cat <<EOF +usage: ${0##*/} OPTS + + -t <test> Test(s) to run (default: all) + (options: $TESTS) +EOF +} + +################################################################################ +# main + +while getopts ":t:h" opt; do + case $opt in + t) TESTS=$OPTARG;; + h) usage; exit 0;; + *) usage; exit 1;; + esac +done if [ "$(id -u)" -ne 0 ];then echo "SKIP: Need root privileges" -- 2.25.1

2 years, 11 months

2
1
0 0

[PATCH] selftests: alsa: Handle pkg-config failure more gracefully

by Mark Brown

Follow the pattern used by other selftests like memfd and fall back on the standard toolchain options to build with a system installed alsa-lib if we don't get anything from pkg-config. This reduces our build dependencies a bit in the common case while still allowing use of pkg-config in case there is a need for it. Signed-off-by: Mark Brown <broonie(a)kernel.org> --- tools/testing/selftests/alsa/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/testing/selftests/alsa/Makefile b/tools/testing/selftests/alsa/Makefile index f64d9090426d..fd8ddce2b1a6 100644 --- a/tools/testing/selftests/alsa/Makefile +++ b/tools/testing/selftests/alsa/Makefile @@ -3,6 +3,9 @@ CFLAGS += $(shell pkg-config --cflags alsa) LDLIBS += $(shell pkg-config --libs alsa) +ifeq ($(LDLIBS),) +LDLIBS += -lasound +endif TEST_GEN_PROGS := mixer-test -- 2.30.2

2 years, 11 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror