--
Hello,
We the Board Directors believe you are in good health, doing great and
with the hope that this mail will meet you in good condition, We are
privileged and delighted to reach you via email" And we are urgently
waiting to hear from you. and again your number is not connecting.
My regards,
Dr. Ali Moses..
Sincerely,
Prof. Chin Guang
It has come to my attention that the KVM rseq test apparently needs to
be ported to glibc 2.35. The background is that on aarch64, rseq is the
only way to get a practically useful sched_getcpu. (There's no hidden
per-task CPU state the vDSO could reveal as the CPU ID.)
The main rseq tests have already been adjusted via:
commit 233e667e1ae3e348686bd9dd0172e62a09d852e1
Author: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Date: Mon Jan 24 12:12:45 2022 -0500
selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35
glibc-2.35 (upcoming release date 2022-02-01) exposes the rseq per-thread
data in the TCB, accessible at an offset from the thread pointer, rather
than through an actual Thread-Local Storage (TLS) variable, as the
Linux kernel selftests initially expected.
The __rseq_abi TLS and glibc-2.35's ABI for per-thread data cannot
actively coexist in a process, because the kernel supports only a single
rseq registration per thread.
Here is the scheme introduced to ensure selftests can work both with an
older glibc and with glibc-2.35+:
- librseq exposes its own "rseq_offset, rseq_size, rseq_flags" ABI.
- librseq queries for glibc rseq ABI (__rseq_offset, __rseq_size,
__rseq_flags) using dlsym() in a librseq library constructor. If those
are found, copy their values into rseq_offset, rseq_size, and
rseq_flags.
- Else, if those glibc symbols are not found, handle rseq registration
from librseq and use its own IE-model TLS to implement the rseq ABI
per-thread storage.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org>
Link: https://lkml.kernel.org/r/20220124171253.22072-8-mathieu.desnoyers@efficios…
But I don't see a similar adjustment for
tools/testing/selftests/kvm/rseq_test.c. As an additional wrinkle,
you'd have to start calling getcpu (glibc function or system call)
because comparing rseq.cpu_id against sched_getcpu won't test anything
anymore once glibc implements sched_getcpu using rseq.
We noticed this because our downstream glibc version, while based on
2.34, enables rseq registration by default. To facilitate coordination
with rseq application usage, we also backported the __rseq_* ABI
symbols, so the selftests could use that even in our downstream version.
(We enable the glibc tunables downstream, but they are an optional
glibc feature, so it's probably better in the long run to fix the kernel
selftests rather than using the tunables as a workaround.)
Thanks,
Florian
QUIC requires end to end encryption of the data. The application usually
prepares the data in clear text, encrypts and calls send() which implies
multiple copies of the data before the packets hit the networking stack.
Similar to kTLS, QUIC kernel offload of cryptography reduces the memory
pressure by reducing the number of copies.
The scope of kernel support is limited to the symmetric cryptography,
leaving the handshake to the user space library. For QUIC in particular,
the application packets that require symmetric cryptography are the 1RTT
packets with short headers. Kernel will encrypt the application packets
on transmission and decrypt on receive. This series implements Tx only,
because in QUIC server applications Tx outweighs Rx by orders of
magnitude.
Supporting the combination of QUIC and GSO requires the application to
correctly place the data and the kernel to correctly slice it. The
encryption process appends an arbitrary number of bytes (tag) to the end
of the message to authenticate it. The GSO value should include this
overhead, the offload would then subtract the tag size to parse the
input on Tx before chunking and encrypting it.
With the kernel cryptography, the buffer copy operation is conjoined
with the encryption operation. The memory bandwidth is reduced by 5-8%.
When devices supporting QUIC encryption in hardware come to the market,
we will be able to free further 7% of CPU utilization which is used
today for crypto operations.
Adel Abouchaev (6):
Documentation on QUIC kernel Tx crypto.
Define QUIC specific constants, control and data plane structures
Add UDP ULP operations, initialization and handling prototype
functions.
Implement QUIC offload functions
Add flow counters and Tx processing error counter
Add self tests for ULP operations, flow setup and crypto tests
v2: Moved the inner QUIC Kconfig from the ULP patch to QUIC patch.
v2: Updated the tests to match the uAPI context structure fields.
v2: Formatted the quic.rst document.
Documentation/networking/index.rst | 1 +
Documentation/networking/quic.rst | 186 +++
include/net/inet_sock.h | 2 +
include/net/netns/mib.h | 3 +
include/net/quic.h | 59 +
include/net/snmp.h | 6 +
include/net/udp.h | 33 +
include/uapi/linux/quic.h | 61 +
include/uapi/linux/snmp.h | 11 +
include/uapi/linux/udp.h | 4 +
net/Kconfig | 1 +
net/Makefile | 1 +
net/ipv4/Makefile | 3 +-
net/ipv4/udp.c | 14 +
net/ipv4/udp_ulp.c | 190 ++++
net/quic/Kconfig | 16 +
net/quic/Makefile | 8 +
net/quic/quic_main.c | 1446 ++++++++++++++++++++++++
net/quic/quic_proc.c | 45 +
tools/testing/selftests/net/.gitignore | 3 +-
tools/testing/selftests/net/Makefile | 2 +-
tools/testing/selftests/net/quic.c | 1024 +++++++++++++++++
tools/testing/selftests/net/quic.sh | 45 +
23 files changed, 3161 insertions(+), 3 deletions(-)
create mode 100644 Documentation/networking/quic.rst
create mode 100644 include/net/quic.h
create mode 100644 include/uapi/linux/quic.h
create mode 100644 net/ipv4/udp_ulp.c
create mode 100644 net/quic/Kconfig
create mode 100644 net/quic/Makefile
create mode 100644 net/quic/quic_main.c
create mode 100644 net/quic/quic_proc.c
create mode 100644 tools/testing/selftests/net/quic.c
create mode 100755 tools/testing/selftests/net/quic.sh
--
2.30.2
Is this a correct way to put Sean's and Paolo's patches into this
series? I wasn't sure which patches are accepted or what is the current
base-commit, but I haven't seen the tip of kvm-unit-tests repo moving,
so here is it.
Michal Luczaj (3):
x86: emulator.c cleanup: Save and restore exception handlers
x86: emulator.c cleanup: Use ASM_TRY() for the UD_VECTOR cases
x86: Test emulator's handling of LEA with /reg
Paolo Bonzini (1):
x86: Introduce ASM_TRY_FEP() to handle exceptions thrown by
FEP-triggered emulator
Sean Christopherson (1):
x86: Dedup 32-bit vs. 64-bit ASM_TRY() by stealing kernel's
__ASM_SEL()
lib/x86/desc.h | 22 +++----
lib/x86/processor.h | 12 ++++
x86/emulator.c | 136 ++++++++++++++++++++++++--------------------
3 files changed, 93 insertions(+), 77 deletions(-)
--
2.37.1
For cases like IPv6 addresses, having a means to supply tracing
predicates for fields with more than 8 bytes would be convenient.
This series provides a simple way to support this by allowing
simple ==, != memory comparison with the predicate supplied when
the size of the field exceeds 8 bytes. For example, to trace
::1, the predicate
"dst == 0x00000000000000000000000000000001"
..could be used.
When investigating this initially, I stumbled upon a kernel
crash when specifying a predicate for a non-string field that is
not 1, 2, 4, or 8 bytes in size. Patch 1 fixes it. Patch 2
provides the support for > 8 byte fields via a memcmp()-style
predicate. Patch 3 adds tests for filter predicates, and patch 4
documents the fact that for > 8 bytes. only == and != are
supported.
Alan Maguire (2):
tracing: predicate matching trigger crashes for > 8-byte arrays
tracing: support > 8 byte array filter predicates
Oracle Public Cloud User (2):
selftests/ftrace: add test coverage for filter predicates
tracing: document > 8 byte numeric filtering support
Documentation/trace/events.rst | 9 +++
kernel/trace/trace_events_filter.c | 59 +++++++++++++++++-
.../selftests/ftrace/test.d/event/filter.tc | 62 +++++++++++++++++++
3 files changed, 129 insertions(+), 1 deletion(-)
create mode 100644 tools/testing/selftests/ftrace/test.d/event/filter.tc
--
2.31.1
From: Kyle Huey <me(a)kylehuey.com>
When management of the PKRU register was moved away from XSTATE, emulation
of PKRU's existence in XSTATE was added for APIs that read XSTATE, but not
for APIs that write XSTATE. This can be seen by running gdb and executing
`p $pkru`, `set $pkru = 42`, and `p $pkru`. On affected kernels (5.14+) the
write to the PKRU register (which gdb performs through ptrace) is ignored.
There are three relevant APIs: PTRACE_SETREGSET with NT_X86_XSTATE,
sigreturn, and KVM_SET_XSAVE. KVM_SET_XSAVE has its own special handling to
make PKRU writes take effect (in fpu_copy_uabi_to_guest_fpstate). Push that
down into copy_uabi_to_xstate and have PTRACE_SETREGSET with NT_X86_XSTATE
and sigreturn pass in pointers to the appropriate PKRU value.
This also adds code to initialize the PKRU value to the hardware init value
(namely 0) if the PKRU bit is not set in the XSTATE header to match XRSTOR.
This is a change to the current KVM_SET_XSAVE behavior.
Changelog since v3:
- The v3 patch is now part 1 of 2.
- Adds a selftest in part 2 of 2.
Changelog since v2:
- Removed now unused variables in fpu_copy_uabi_to_guest_fpstate
Changelog since v1:
- Handles the error case of copy_to_buffer().
Signed-off-by: Kyle Huey <me(a)kylehuey.com>
Cc: Dave Hansen <dave.hansen(a)linux.intel.com>
Cc: Thomas Gleixner <tglx(a)linutronix.de>
Cc: Borislav Petkov <bp(a)suse.de>
Cc: kvm(a)vger.kernel.org # For edge case behavior of KVM_SET_XSAVE
Cc: stable(a)vger.kernel.org # 5.14+
Fixes: e84ba47e313d ("x86/fpu: Hook up PKRU into ptrace()")
---
arch/x86/kernel/fpu/core.c | 13 +------------
arch/x86/kernel/fpu/regset.c | 2 +-
arch/x86/kernel/fpu/signal.c | 2 +-
arch/x86/kernel/fpu/xstate.c | 28 +++++++++++++++++++++++-----
arch/x86/kernel/fpu/xstate.h | 4 ++--
5 files changed, 28 insertions(+), 21 deletions(-)
diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
index 3b28c5b25e12..46b935bc87c8 100644
--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
@@ -391,8 +391,6 @@ int fpu_copy_uabi_to_guest_fpstate(struct fpu_guest *gfpu, const void *buf,
{
struct fpstate *kstate = gfpu->fpstate;
const union fpregs_state *ustate = buf;
- struct pkru_state *xpkru;
- int ret;
if (!cpu_feature_enabled(X86_FEATURE_XSAVE)) {
if (ustate->xsave.header.xfeatures & ~XFEATURE_MASK_FPSSE)
@@ -406,16 +404,7 @@ int fpu_copy_uabi_to_guest_fpstate(struct fpu_guest *gfpu, const void *buf,
if (ustate->xsave.header.xfeatures & ~xcr0)
return -EINVAL;
- ret = copy_uabi_from_kernel_to_xstate(kstate, ustate);
- if (ret)
- return ret;
-
- /* Retrieve PKRU if not in init state */
- if (kstate->regs.xsave.header.xfeatures & XFEATURE_MASK_PKRU) {
- xpkru = get_xsave_addr(&kstate->regs.xsave, XFEATURE_PKRU);
- *vpkru = xpkru->pkru;
- }
- return 0;
+ return copy_uabi_from_kernel_to_xstate(kstate, ustate, vpkru);
}
EXPORT_SYMBOL_GPL(fpu_copy_uabi_to_guest_fpstate);
#endif /* CONFIG_KVM */
diff --git a/arch/x86/kernel/fpu/regset.c b/arch/x86/kernel/fpu/regset.c
index 75ffaef8c299..6d056b68f4ed 100644
--- a/arch/x86/kernel/fpu/regset.c
+++ b/arch/x86/kernel/fpu/regset.c
@@ -167,7 +167,7 @@ int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
}
fpu_force_restore(fpu);
- ret = copy_uabi_from_kernel_to_xstate(fpu->fpstate, kbuf ?: tmpbuf);
+ ret = copy_uabi_from_kernel_to_xstate(fpu->fpstate, kbuf ?: tmpbuf, &target->thread.pkru);
out:
vfree(tmpbuf);
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index 91d4b6de58ab..558076dbde5b 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -396,7 +396,7 @@ static bool __fpu_restore_sig(void __user *buf, void __user *buf_fx,
fpregs = &fpu->fpstate->regs;
if (use_xsave() && !fx_only) {
- if (copy_sigframe_from_user_to_xstate(fpu->fpstate, buf_fx))
+ if (copy_sigframe_from_user_to_xstate(tsk, buf_fx))
return false;
} else {
if (__copy_from_user(&fpregs->fxsave, buf_fx,
diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
index c8340156bfd2..e01d3514ae68 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -1197,7 +1197,7 @@ static int copy_from_buffer(void *dst, unsigned int offset, unsigned int size,
static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf,
- const void __user *ubuf)
+ const void __user *ubuf, u32 *pkru)
{
struct xregs_state *xsave = &fpstate->regs.xsave;
unsigned int offset, size;
@@ -1235,6 +1235,24 @@ static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf,
for (i = 0; i < XFEATURE_MAX; i++) {
mask = BIT_ULL(i);
+ if (i == XFEATURE_PKRU) {
+ /*
+ * Retrieve PKRU if not in init state, otherwise
+ * initialize it.
+ */
+ if (hdr.xfeatures & mask) {
+ struct pkru_state xpkru = {0};
+
+ if (copy_from_buffer(&xpkru, xstate_offsets[i],
+ sizeof(xpkru), kbuf, ubuf))
+ return -EFAULT;
+
+ *pkru = xpkru.pkru;
+ } else {
+ *pkru = 0;
+ }
+ }
+
if (hdr.xfeatures & mask) {
void *dst = __raw_xsave_addr(xsave, i);
@@ -1264,9 +1282,9 @@ static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf,
* Convert from a ptrace standard-format kernel buffer to kernel XSAVE[S]
* format and copy to the target thread. Used by ptrace and KVM.
*/
-int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf)
+int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf, u32 *pkru)
{
- return copy_uabi_to_xstate(fpstate, kbuf, NULL);
+ return copy_uabi_to_xstate(fpstate, kbuf, NULL, pkru);
}
/*
@@ -1274,10 +1292,10 @@ int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf)
* XSAVE[S] format and copy to the target thread. This is called from the
* sigreturn() and rt_sigreturn() system calls.
*/
-int copy_sigframe_from_user_to_xstate(struct fpstate *fpstate,
+int copy_sigframe_from_user_to_xstate(struct task_struct *tsk,
const void __user *ubuf)
{
- return copy_uabi_to_xstate(fpstate, NULL, ubuf);
+ return copy_uabi_to_xstate(tsk->thread.fpu.fpstate, NULL, ubuf, &tsk->thread.pkru);
}
static bool validate_independent_components(u64 mask)
diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h
index 5ad47031383b..a4ecb04d8d64 100644
--- a/arch/x86/kernel/fpu/xstate.h
+++ b/arch/x86/kernel/fpu/xstate.h
@@ -46,8 +46,8 @@ extern void __copy_xstate_to_uabi_buf(struct membuf to, struct fpstate *fpstate,
u32 pkru_val, enum xstate_copy_mode copy_mode);
extern void copy_xstate_to_uabi_buf(struct membuf to, struct task_struct *tsk,
enum xstate_copy_mode mode);
-extern int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf);
-extern int copy_sigframe_from_user_to_xstate(struct fpstate *fpstate, const void __user *ubuf);
+extern int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf, u32 *pkru);
+extern int copy_sigframe_from_user_to_xstate(struct task_struct *tsk, const void __user *ubuf);
extern void fpu__init_cpu_xstate(void);
--
2.37.0
Currently, in order to compare memory blocks in KUnit, the KUNIT_EXPECT_EQ or
KUNIT_EXPECT_FALSE macros are used in conjunction with the memcmp function,
such as:
KUNIT_EXPECT_EQ(test, memcmp(foo, bar, size), 0);
Although this usage produces correct results for the test cases, if the
expectation fails the error message is not very helpful, indicating only the
return of the memcmp function.
Therefore, create a new set of macros KUNIT_EXPECT_MEMEQ and
KUNIT_EXPECT_MEMNEQ that compare memory blocks until a determined size. In
case of expectation failure, those macros print the hex dump of the memory
blocks, making it easier to debug test failures for memory blocks.
Other than the style changes, this v3 brings alignment to the bytes, making
it easier to identify the faulty bytes. So, on the previous version, the
output from a failure would be:
[14:27:42] # xrgb8888_to_rgb565_test: EXPECTATION FAILED at drivers/gpu/drm/tests/drm_format_helper_test.c:248
[14:27:42] Expected dst == result->expected, but
[14:27:42] dst ==
[14:27:42] 33 0a <60> 12 00 a8 00 00 <00> 00 8e 6b <33> 0a 60 12
[14:27:42] 00 00 <00> 00 00 a8 <8e> 6b 33 0a 00 00 <00> 00
[14:27:42] result->expected ==
[14:27:42] 33 0a <61> 12 00 a8 00 00 <01> 00 8e 6b <31> 0a 60 12
[14:27:42] 00 00 <01> 00 00 a8 <81> 6b 33 0a 00 00 <01> 00
Now, with the alignment, the output is:
[14:27:42] # xrgb8888_to_rgb565_test: EXPECTATION FAILED at drivers/gpu/drm/tests/drm_format_helper_test.c:248
[14:27:42] Expected dst == result->expected, but
[14:27:42] dst ==
[14:27:42] 33 0a <60> 12 00 a8 00 00 <00> 00 8e 6b <33> 0a 60 12
[14:27:42] 00 00 <00> 00 00 a8 <8e> 6b 33 0a 00 00 <00> 00
[14:27:42] result->expected ==
[14:27:42] 33 0a <61> 12 00 a8 00 00 <01> 00 8e 6b <31> 0a 60 12
[14:27:42] 00 00 <01> 00 00 a8 <81> 6b 33 0a 00 00 <01> 00
Moreover, on the raw output, there were some indentation problems. Those
problems were solved with the use of KUNIT_SUBSUBTEST_INDENT.
The first patch of the series introduces the KUNIT_EXPECT_MEMEQ and
KUNIT_EXPECT_MEMNEQ. The second patch adds an example of memory block
expectations on the kunit-example-test.c. And the last patch replaces the
KUNIT_EXPECT_EQ for KUNIT_EXPECT_MEMEQ on the existing occurrences.
Best Regards,
- Maíra Canal
v1 -> v2: https://lore.kernel.org/linux-kselftest/2a0dcd75-5461-5266-2749-808f638f4c5…
- Change "determinated" to "specified" (Daniel Latypov).
- Change the macro KUNIT_EXPECT_ARREQ to KUNIT_EXPECT_MEMEQ, in order to make
it easier for users to infer the right size unit (Daniel Latypov).
- Mark the different bytes on the failure message with a <> (Daniel Latypov).
- Replace a constant number of array elements for ARRAY_SIZE() (André Almeida).
- Rename "array" and "expected" variables to "array1" and "array2" (Daniel Latypov).
v2 -> v3: https://lore.kernel.org/linux-kselftest/20220802212621.420840-1-mairacanal@…
- Make the bytes aligned at output.
- Add KUNIT_SUBSUBTEST_INDENT to the output for the indentation (Daniel Latypov).
- Line up the trailing \ at macros using tabs (Daniel Latypov).
- Line up the params to the functions (Daniel Latypov).
- Change "Increament" to "Augment" (Daniel Latypov).
- Use sizeof() for array sizes (Daniel Latypov).
Maíra Canal (3):
kunit: Introduce KUNIT_EXPECT_MEMEQ and KUNIT_EXPECT_MEMNEQ macros
kunit: Add KUnit memory block assertions to the example_all_expect_macros_test
kunit: Use KUNIT_EXPECT_MEMEQ macro
.../gpu/drm/tests/drm_format_helper_test.c | 6 +-
include/kunit/assert.h | 34 +++++++++
include/kunit/test.h | 76 +++++++++++++++++++
lib/kunit/assert.c | 56 ++++++++++++++
lib/kunit/kunit-example-test.c | 7 ++
net/core/dev_addr_lists_test.c | 4 +-
6 files changed, 178 insertions(+), 5 deletions(-)
--
2.37.1
The emulator mishandles LEA with register source operand. Even though such
LEA is illegal, it can be encoded and fed to CPU. In which case real
hardware throws #UD. The emulator, instead, returns address of
x86_emulate_ctxt._regs. This info leak hurts host's kASLR.
Tell the decoder that illegal LEA is not to be emulated.
Signed-off-by: Michal Luczaj <mhal(a)rbox.co>
---
What the emulator does for LEA is simply:
case 0x8d: /* lea r16/r32, m */
ctxt->dst.val = ctxt->src.addr.mem.ea;
break;
And it makes sense if you assume that LEA's source operand is always
memory. But because there is a race window between VM-exit and the decoder
instruction fetch, emulator can be force fed an arbitrary opcode of choice.
Including some that are simply illegal and would cause #UD in normal
circumstances. Such as a LEA with a register-direct source operand -- for
which the emulator sets `op->addr.reg`, but reads `op->addr.mem.ea`.
union {
unsigned long *reg;
struct segmented_address {
ulong ea;
unsigned seg;
} mem;
...
} addr;
Because `reg` and `mem` are in union, emulator reveals address in host's
memory.
I hope this patch is not considered an `instr_dual` abuse?
arch/x86/kvm/emulate.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
index f8382abe22ff..7c14706372d0 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
@@ -4566,6 +4566,10 @@ static const struct mode_dual mode_dual_63 = {
N, I(DstReg | SrcMem32 | ModRM | Mov, em_movsxd)
};
+static const struct instr_dual instr_dual_8d = {
+ D(DstReg | SrcMem | ModRM | NoAccess), N
+};
+
static const struct opcode opcode_table[256] = {
/* 0x00 - 0x07 */
F6ALU(Lock, em_add),
@@ -4622,7 +4626,7 @@ static const struct opcode opcode_table[256] = {
I2bv(DstMem | SrcReg | ModRM | Mov | PageTable, em_mov),
I2bv(DstReg | SrcMem | ModRM | Mov, em_mov),
I(DstMem | SrcNone | ModRM | Mov | PageTable, em_mov_rm_sreg),
- D(ModRM | SrcMem | NoAccess | DstReg),
+ ID(0, &instr_dual_8d),
I(ImplicitOps | SrcMem16 | ModRM, em_mov_sreg_rm),
G(0, group1A),
/* 0x90 - 0x97 */
--
2.32.0
On Mon, Aug 01, 2022 at 12:52:22PM -0700, Adel Abouchaev wrote:
> QUIC requires end to end encryption of the data. The application usually
> prepares the data in clear text, encrypts and calls send() which implies
> multiple copies of the data before the packets hit the networking stack.
> Similar to kTLS, QUIC kernel offload of cryptography reduces the memory
> pressure by reducing the number of copies.
>
> The scope of kernel support is limited to the symmetric cryptography,
> leaving the handshake to the user space library. For QUIC in particular,
> the application packets that require symmetric cryptography are the 1RTT
> packets with short headers. Kernel will encrypt the application packets
> on transmission and decrypt on receive. This series implements Tx only,
> because in QUIC server applications Tx outweighs Rx by orders of
> magnitude.
>
> Supporting the combination of QUIC and GSO requires the application to
> correctly place the data and the kernel to correctly slice it. The
> encryption process appends an arbitrary number of bytes (tag) to the end
> of the message to authenticate it. The GSO value should include this
> overhead, the offload would then subtract the tag size to parse the
> input on Tx before chunking and encrypting it.
>
> With the kernel cryptography, the buffer copy operation is conjoined
> with the encryption operation. The memory bandwidth is reduced by 5-8%.
> When devices supporting QUIC encryption in hardware come to the market,
> we will be able to free further 7% of CPU utilization which is used
> today for crypto operations.
>
Hi,
I can't apply this series on top of current net-next. On what commit on
net-next this series is based?
--
An old man doll... just what I always wanted! - Clara
QUIC requires end to end encryption of the data. The application usually
prepares the data in clear text, encrypts and calls send() which implies
multiple copies of the data before the packets hit the networking stack.
Similar to kTLS, QUIC kernel offload of cryptography reduces the memory
pressure by reducing the number of copies.
The scope of kernel support is limited to the symmetric cryptography,
leaving the handshake to the user space library. For QUIC in particular,
the application packets that require symmetric cryptography are the 1RTT
packets with short headers. Kernel will encrypt the application packets
on transmission and decrypt on receive. This series implements Tx only,
because in QUIC server applications Tx outweighs Rx by orders of
magnitude.
Supporting the combination of QUIC and GSO requires the application to
correctly place the data and the kernel to correctly slice it. The
encryption process appends an arbitrary number of bytes (tag) to the end
of the message to authenticate it. The GSO value should include this
overhead, the offload would then subtract the tag size to parse the
input on Tx before chunking and encrypting it.
With the kernel cryptography, the buffer copy operation is conjoined
with the encryption operation. The memory bandwidth is reduced by 5-8%.
When devices supporting QUIC encryption in hardware come to the market,
we will be able to free further 7% of CPU utilization which is used
today for crypto operations.
Adel Abouchaev (6):
Documentation on QUIC kernel Tx crypto.
Define QUIC specific constants, control and data plane structures
Add UDP ULP operations, initialization and handling prototype
functions.
Implement QUIC offload functions
Add flow counters and Tx processing error counter
Add self tests for ULP operations, flow setup and crypto tests
Documentation/networking/quic.rst | 176 +++
include/net/inet_sock.h | 2 +
include/net/netns/mib.h | 3 +
include/net/quic.h | 59 +
include/net/snmp.h | 6 +
include/net/udp.h | 33 +
include/uapi/linux/quic.h | 61 +
include/uapi/linux/snmp.h | 11 +
include/uapi/linux/udp.h | 4 +
net/Kconfig | 1 +
net/Makefile | 1 +
net/ipv4/Makefile | 3 +-
net/ipv4/udp.c | 14 +
net/ipv4/udp_ulp.c | 190 ++++
net/quic/Kconfig | 16 +
net/quic/Makefile | 8 +
net/quic/quic_main.c | 1446 ++++++++++++++++++++++++
net/quic/quic_proc.c | 45 +
tools/testing/selftests/net/.gitignore | 1 +
tools/testing/selftests/net/Makefile | 2 +-
tools/testing/selftests/net/quic.c | 1024 +++++++++++++++++
tools/testing/selftests/net/quic.sh | 45 +
22 files changed, 3149 insertions(+), 2 deletions(-)
create mode 100644 Documentation/networking/quic.rst
create mode 100644 include/net/quic.h
create mode 100644 include/uapi/linux/quic.h
create mode 100644 net/ipv4/udp_ulp.c
create mode 100644 net/quic/Kconfig
create mode 100644 net/quic/Makefile
create mode 100644 net/quic/quic_main.c
create mode 100644 net/quic/quic_proc.c
create mode 100644 tools/testing/selftests/net/quic.c
create mode 100755 tools/testing/selftests/net/quic.sh
--
2.30.2
The za_regs signal test was enumerating the SVE vector lengths rather than
the SVE vector lengths through cut'n'paste error when determining what to
test. Enumerate the SME vector lengths instead.
Signed-off-by: Mark Brown <broonie(a)kernel.org>
---
tools/testing/selftests/arm64/signal/testcases/za_regs.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/arm64/signal/testcases/za_regs.c b/tools/testing/selftests/arm64/signal/testcases/za_regs.c
index b94e4f99fcac..9f1dd70289be 100644
--- a/tools/testing/selftests/arm64/signal/testcases/za_regs.c
+++ b/tools/testing/selftests/arm64/signal/testcases/za_regs.c
@@ -22,10 +22,10 @@ static bool sme_get_vls(struct tdescr *td)
int vq, vl;
/*
- * Enumerate up to SVE_VQ_MAX vector lengths
+ * Enumerate up to SME_VQ_MAX vector lengths
*/
for (vq = SVE_VQ_MAX; vq > 0; --vq) {
- vl = prctl(PR_SVE_SET_VL, vq * 16);
+ vl = prctl(PR_SME_SET_VL, vq * 16);
if (vl == -1)
return false;
--
2.30.2
Build commands start with "make". It is missing. Add "make" to the start
of the build command.
Fixes: 820636106342 ("docs/kselftest: add more guidelines for adding new tests")
Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com>
---
Documentation/dev-tools/kselftest.rst | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/Documentation/dev-tools/kselftest.rst b/Documentation/dev-tools/kselftest.rst
index ee6467ca8293..9dd94c334f05 100644
--- a/Documentation/dev-tools/kselftest.rst
+++ b/Documentation/dev-tools/kselftest.rst
@@ -255,9 +255,9 @@ Contributing new tests (details)
* All changes should pass::
- kselftest-{all,install,clean,gen_tar}
- kselftest-{all,install,clean,gen_tar} O=abo_path
- kselftest-{all,install,clean,gen_tar} O=rel_path
+ make kselftest-{all,install,clean,gen_tar}
+ make kselftest-{all,install,clean,gen_tar} O=abs_path
+ make kselftest-{all,install,clean,gen_tar} O=rel_path
make -C tools/testing/selftests {all,install,clean,gen_tar}
make -C tools/testing/selftests {all,install,clean,gen_tar} O=abs_path
make -C tools/testing/selftests {all,install,clean,gen_tar} O=rel_path
--
2.30.2
From: Vincent Cheng <vincent.cheng.xh(a)renesas.com>
This series adds adjust phase to the PTP Hardware Clock device interface.
Some PTP hardware clocks have a write phase mode that has
a built-in hardware filtering capability. The write phase mode
utilizes a phase offset control word instead of a frequency offset
control word. Add adjust phase function to take advantage of this
capability.
Changes since v1:
- As suggested by Richard Cochran:
1. ops->adjphase is new so need to check for non-null function pointer.
2. Kernel coding style uses lower_case_underscores.
3. Use existing PTP clock API for delayed worker.
Vincent Cheng (3):
ptp: Add adjphase function to support phase offset control.
ptp: Add adjust_phase to ptp_clock_caps capability.
ptp: ptp_clockmatrix: Add adjphase() to support PHC write phase mode.
drivers/ptp/ptp_chardev.c | 1 +
drivers/ptp/ptp_clock.c | 3 ++
drivers/ptp/ptp_clockmatrix.c | 92 +++++++++++++++++++++++++++++++++++
drivers/ptp/ptp_clockmatrix.h | 8 ++-
include/linux/ptp_clock_kernel.h | 6 ++-
include/uapi/linux/ptp_clock.h | 4 +-
tools/testing/selftests/ptp/testptp.c | 6 ++-
7 files changed, 114 insertions(+), 6 deletions(-)
--
2.7.4
Hi Linus,
Please pull the following Kselftest update for Linux 5.20-rc1.
This Kselftest update for Linux 5.20-rc1 consists of:
- timers test build fixes and cleanups for new tool chains
- removing khdr from kselftest framework and main Makefile
- changes to test output messages to improve reports
Please not that this update also included main Makefile change
to kselftest build logic in it.
diff is attached.
thanks,
-- Shuah
----------------------------------------------------------------
The following changes since commit 03c765b0e3b4cb5063276b086c76f7a612856a9a:
Linux 5.19-rc4 (2022-06-26 14:22:10 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-next-5.20-rc1
for you to fetch changes up to 4062eba9f3d072e72645860fbc5d160428a75c50:
Makefile: replace headers_install with headers for kselftest (2022-07-26 18:06:33 -0600)
----------------------------------------------------------------
linux-kselftest-next-5.20-rc1
This Kselftest update for Linux 5.20-rc1 consists of:
- timers test build fixes and cleanups for new tool chains
- removing khdr from kselftest framework and main Makefile
- changes to test output messages to improve reports
----------------------------------------------------------------
Gautam (2):
kselftests: Enable the echo command to print newlines in Makefile
kselftests/damon: add support for cases where debugfs cannot be read
Gautam Menghani (3):
selftests: Make the usage formatting consistent in kselftest_deps.sh
selftests/drivers/gpu: Add error messages to drm_mm.sh
selftests/kcmp: Make the test output consistent and clear
Guillaume Tucker (6):
selftests: drop khdr make target
selftests: stop using KSFT_KHDR_INSTALL
selftests: drop KSFT_KHDR_INSTALL make target
Makefile: add headers_install to kselftest targets
selftests/landlock: drop deprecated headers dependency
Makefile: replace headers_install with headers for kselftest
Johannes Holland (1):
selftests/tpm2: increase timeout for kselftests
Soumya Negi (1):
selftests: drivers/dma-buf: Improve message in selftest summary
Wolfram Sang (9):
selftests: timers: valid-adjtimex: build fix for newer toolchains
selftests: timers: fix declarations of main()
selftests: timers: nanosleep: adapt to kselftest framework
selftests: timers: inconsistency-check: adapt to kselftest framework
selftests: timers: clocksource-switch: fix passing errors from child
selftests: timers: clocksource-switch: sort includes
selftests: timers: clocksource-switch: add command line switch to skip sanity check
selftests: timers: clocksource-switch: add 'runtime' command line parameter
selftests: timers: clocksource-switch: adapt to kselftest framework
Xiang wangx (1):
userfaultfd/selftests: Fix typo in comment
Zan Aziz (1):
selftests:timers: globals don't need initialization to 0
Makefile | 4 +-
tools/testing/selftests/Makefile | 30 +--------
tools/testing/selftests/arm64/mte/Makefile | 1 -
tools/testing/selftests/arm64/signal/Makefile | 1 -
.../testing/selftests/arm64/signal/test_signals.h | 4 +-
tools/testing/selftests/damon/_chk_dependency.sh | 10 +++
tools/testing/selftests/drivers/dma-buf/udmabuf.c | 3 +-
tools/testing/selftests/drivers/gpu/drm_mm.sh | 4 +-
.../selftests/drivers/s390x/uvdevice/Makefile | 1 -
tools/testing/selftests/futex/functional/Makefile | 1 -
tools/testing/selftests/kcmp/kcmp_test.c | 6 +-
tools/testing/selftests/kselftest_deps.sh | 2 +-
tools/testing/selftests/kvm/Makefile | 1 -
tools/testing/selftests/landlock/Makefile | 10 +--
tools/testing/selftests/lib.mk | 38 ------------
tools/testing/selftests/net/Makefile | 1 -
tools/testing/selftests/net/mptcp/Makefile | 1 -
tools/testing/selftests/tc-testing/Makefile | 1 -
tools/testing/selftests/timers/adjtick.c | 2 +-
.../testing/selftests/timers/alarmtimer-suspend.c | 2 +-
tools/testing/selftests/timers/change_skew.c | 2 +-
.../testing/selftests/timers/clocksource-switch.c | 71 ++++++++++++++--------
.../testing/selftests/timers/inconsistency-check.c | 32 +++++-----
tools/testing/selftests/timers/nanosleep.c | 18 +++---
tools/testing/selftests/timers/raw_skew.c | 2 +-
tools/testing/selftests/timers/skew_consistency.c | 2 +-
tools/testing/selftests/timers/valid-adjtimex.c | 2 +-
tools/testing/selftests/tpm2/settings | 1 +
tools/testing/selftests/vm/Makefile | 1 -
tools/testing/selftests/vm/userfaultfd.c | 2 +-
30 files changed, 111 insertions(+), 145 deletions(-)
create mode 100644 tools/testing/selftests/tpm2/settings
----------------------------------------------------------------
While the sdhci-of-aspeed KUnit tests do work when builtin, and do work
when KUnit itself is being built as a module, the two together break.
This is because the KUnit tests (understandably) depend on KUnit, so a
built-in test cannot build if KUnit is a module.
Fix this by adding a dependency on (MMC_SDHCI_OF_ASPEED=m || KUNIT=y),
which only excludes this one problematic configuration.
This was reported on a nasty openrisc-randconfig run by the kernel test
robot, though for some reason (compiler optimisations removing the test
code?) I wasn't able to reproduce it locally on x86:
https://lore.kernel.org/linux-mm/202207140122.fzhlf60k-lkp@intel.com/T/
Fixes: 291cd54e5b05 ("mmc: sdhci-of-aspeed: test: Use kunit_test_suite() macro")
Reported-by: kernel test robot <lkp(a)intel.com>
Signed-off-by: David Gow <davidgow(a)google.com>
---
drivers/mmc/host/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/mmc/host/Kconfig b/drivers/mmc/host/Kconfig
index 10c563999d3d..e63608834411 100644
--- a/drivers/mmc/host/Kconfig
+++ b/drivers/mmc/host/Kconfig
@@ -171,6 +171,7 @@ config MMC_SDHCI_OF_ASPEED
config MMC_SDHCI_OF_ASPEED_TEST
bool "Tests for the ASPEED SDHCI driver" if !KUNIT_ALL_TESTS
depends on MMC_SDHCI_OF_ASPEED && KUNIT
+ depends on (MMC_SDHCI_OF_ASPEED=m || KUNIT=y)
default KUNIT_ALL_TESTS
help
Enable KUnit tests for the ASPEED SDHCI driver. Select this
--
2.37.0.170.g444d1eabd0-goog
While creating a LSM BPF MAC policy to block user namespace creation, we
used the LSM cred_prepare hook because that is the closest hook to prevent
a call to create_user_ns().
The calls look something like this:
cred = prepare_creds()
security_prepare_creds()
call_int_hook(cred_prepare, ...
if (cred)
create_user_ns(cred)
We noticed that error codes were not propagated from this hook and
introduced a patch [1] to propagate those errors.
The discussion notes that security_prepare_creds()
is not appropriate for MAC policies, and instead the hook is
meant for LSM authors to prepare credentials for mutation. [2]
Ultimately, we concluded that a better course of action is to introduce
a new security hook for LSM authors. [3]
This patch set first introduces a new security_create_user_ns() function
and userns_create LSM hook, then marks the hook as sleepable in BPF.
Links:
1. https://lore.kernel.org/all/20220608150942.776446-1-fred@cloudflare.com/
2. https://lore.kernel.org/all/87y1xzyhub.fsf@email.froward.int.ebiederm.org/
3. https://lore.kernel.org/all/9fe9cd9f-1ded-a179-8ded-5fde8960a586@cloudflare…
Past discussions:
V2: https://lore.kernel.org/all/20220707223228.1940249-1-fred@cloudflare.com/
V1: https://lore.kernel.org/all/20220621233939.993579-1-fred@cloudflare.com/
Changes since v2:
- Rename create_user_ns hook to userns_create
- Use user_namespace as an object opposed to a generic namespace object
- s/domB_t/domA_t in commit message
Changes since v1:
- Add selftests/bpf: Add tests verifying bpf lsm create_user_ns hook patch
- Add selinux: Implement create_user_ns hook patch
- Change function signature of security_create_user_ns() to only take
struct cred
- Move security_create_user_ns() call after id mapping check in
create_user_ns()
- Update documentation to reflect changes
Frederick Lawler (4):
security, lsm: Introduce security_create_user_ns()
bpf-lsm: Make bpf_lsm_userns_create() sleepable
selftests/bpf: Add tests verifying bpf lsm userns_create hook
selinux: Implement userns_create hook
include/linux/lsm_hook_defs.h | 1 +
include/linux/lsm_hooks.h | 4 +
include/linux/security.h | 6 ++
kernel/bpf/bpf_lsm.c | 1 +
kernel/user_namespace.c | 5 ++
security/security.c | 5 ++
security/selinux/hooks.c | 9 ++
security/selinux/include/classmap.h | 2 +
.../selftests/bpf/prog_tests/deny_namespace.c | 88 +++++++++++++++++++
.../selftests/bpf/progs/test_deny_namespace.c | 39 ++++++++
10 files changed, 160 insertions(+)
create mode 100644 tools/testing/selftests/bpf/prog_tests/deny_namespace.c
create mode 100644 tools/testing/selftests/bpf/progs/test_deny_namespace.c
--
2.30.2
Hi Linus,
Please pull the following KUnit update for Linux 5.20-rc1.
This KUnit update for Linux 5.20-rc1 consists of several fixes and an
important feature to discourage running KUnit tests on production
systems. Running tests on a production system could leave the system
in a bad state. This new feature adds:
- adds a new taint type, TAINT_TEST to signal that a test has been run.
This should discourage people from running these tests on production
systems, and to make it easier to tell if tests have been run
accidentally (by loading the wrong configuration, etc.)
- several documentation and tool enhancements and fixes.
Please note that this KUnit update touches drivers, lib, kernel files
for the TAINT_TEST feature.
diff is attached.
thanks,
-- Shuah
----------------------------------------------------------------
The following changes since commit f2906aa863381afb0015a9eb7fefad885d4e5a56:
Linux 5.19-rc1 (2022-06-05 17:18:54 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-kunit-5.20-rc1
for you to fetch changes up to 4c392516accfe51a1aaf80ed163517646f8f0476:
Documentation: KUnit: Fix example with compilation error (2022-07-28 13:06:35 -0600)
----------------------------------------------------------------
linux-kselftest-kunit-5.20-rc1
This KUnit update for Linux 5.20-rc1 consists of several fixes and an
important feature to discourage running KUnit tests on production
systems. Running tests on a production system could leave the system
in a bad state. This new feature adds:
- adds a new taint type, TAINT_TEST to signal that a test has been run.
This should discourage people from running these tests on production
systems, and to make it easier to tell if tests have been run
accidentally (by loading the wrong configuration, etc.)
- several documentation and tool enhancements and fixes.
----------------------------------------------------------------
Daniel Latypov (13):
kunit: use kmemdup in kunit_filter_tests(), take suite as const
kunit: tool: drop unused load_config argument
kunit: tool: redo how we construct and mock LinuxSourceTree
kunit: tool: refactoring printing logic into kunit_printer.py
kunit: tool: cosmetic: don't specify duplicate kernel cmdline options
kunit: tool: simplify creating LinuxSourceTreeOperations
kunit: tool: introduce --qemu_args
kunit: tool: refactor internal kconfig handling, allow overriding
kunit: add coverage_uml.config to enable GCOV on UML
kunit: tool: make --kunitconfig repeatable, blindly concat
Documentation: kunit: fix example run_kunit func to allow spaces in args
kunit: flatten kunit_suite*** to kunit_suite** in .kunit_test_suites
clk: explicitly disable CONFIG_UML_PCI_OVER_VIRTIO in .kunitconfig
David Gow (12):
panic: Taint kernel if tests are run
kunit: Taint the kernel when KUnit tests are run
apparmor: test: Remove some casts which are no-longer required
kunit: tool: Enable virtio/PCI by default on UML
Documentation: kunit: Cleanup run_wrapper, fix x-ref
module: panic: Taint the kernel when selftest modules load
selftest: Taint kernel when test module loaded
thunderbolt: test: Use kunit_test_suite() macro
nitro_enclaves: test: Use kunit_test_suite() macro
mmc: sdhci-of-aspeed: test: Use kunit_test_suite() macro
kunit: executor: Fix a memory leak on failure in kunit_filter_tests
kcsan: test: Add a .kunitconfig to run KCSAN tests
Jeremy Kerr (1):
kunit: unify module and builtin suite definitions
Mauro Carvalho Chehab (1):
kunit: test.h: fix a kernel-doc markup
Maíra Canal (1):
Documentation: KUnit: Fix example with compilation error
Sadiya Kazi (1):
Documentation: kunit: Add CLI args for kunit_tool
Documentation/admin-guide/tainted-kernels.rst | 1 +
Documentation/dev-tools/kselftest.rst | 9 +
Documentation/dev-tools/kunit/run_wrapper.rst | 81 ++++++++-
Documentation/dev-tools/kunit/running_tips.rst | 5 +-
Documentation/dev-tools/kunit/usage.rst | 2 +-
drivers/clk/.kunitconfig | 1 +
drivers/mmc/host/Kconfig | 5 +-
drivers/mmc/host/sdhci-of-aspeed-test.c | 8 +-
drivers/mmc/host/sdhci-of-aspeed.c | 34 +---
drivers/thunderbolt/Kconfig | 6 +-
drivers/thunderbolt/domain.c | 3 -
drivers/thunderbolt/tb.h | 8 -
drivers/thunderbolt/test.c | 12 +-
drivers/virt/nitro_enclaves/Kconfig | 5 +-
drivers/virt/nitro_enclaves/ne_misc_dev.c | 27 ---
drivers/virt/nitro_enclaves/ne_misc_dev_test.c | 5 +-
include/kunit/test.h | 63 ++-----
include/linux/module.h | 5 +
include/linux/panic.h | 3 +-
kernel/kcsan/.kunitconfig | 24 +++
kernel/module/main.c | 13 ++
kernel/panic.c | 1 +
lib/kunit/executor.c | 125 ++++----------
lib/kunit/executor_test.c | 144 +++++-----------
lib/kunit/test.c | 58 ++++++-
scripts/mod/modpost.c | 3 +
security/apparmor/policy_unpack_test.c | 12 +-
tools/testing/kunit/configs/arch_uml.config | 5 +
tools/testing/kunit/configs/coverage_uml.config | 11 ++
tools/testing/kunit/kunit.py | 83 +++++----
tools/testing/kunit/kunit_config.py | 54 +++---
tools/testing/kunit/kunit_kernel.py | 104 +++++++-----
tools/testing/kunit/kunit_parser.py | 63 +++----
tools/testing/kunit/kunit_printer.py | 48 ++++++
tools/testing/kunit/kunit_tool_test.py | 214 +++++++++++++++---------
tools/testing/selftests/kselftest_module.h | 4 +
36 files changed, 657 insertions(+), 592 deletions(-)
create mode 100644 kernel/kcsan/.kunitconfig
create mode 100644 tools/testing/kunit/configs/arch_uml.config
create mode 100644 tools/testing/kunit/configs/coverage_uml.config
create mode 100644 tools/testing/kunit/kunit_printer.py
----------------------------------------------------------------
Currently, in order to compare memory blocks in KUnit, the KUNIT_EXPECT_EQ or
KUNIT_EXPECT_FALSE macros are used in conjunction with the memcmp function,
such as:
KUNIT_EXPECT_EQ(test, memcmp(foo, bar, size), 0);
Although this usage produces correct results for the test cases, if the
expectation fails the error message is not very helpful, indicating only the
return of the memcmp function.
Therefore, create a new set of macros KUNIT_EXPECT_MEMEQ and
KUNIT_EXPECT_MEMNEQ that compare memory blocks until a determined size. In
case of expectation failure, those macros print the hex dump of the memory
blocks, making it easier to debug test failures for memory blocks.
For example, if I am using the KUNIT_EXPECT_MEMEQ macro and apply the
following diff (introducing a test failure) to the
drm/tests/drm_format_helper.c:
diff --git a/drivers/gpu/drm/tests/drm_format_helper_test.c b/drivers/gpu/drm/tests/drm_format_helper_test.c
index 3106abb3bead..942aa131a768 100644
--- a/drivers/gpu/drm/tests/drm_format_helper_test.c
+++ b/drivers/gpu/drm/tests/drm_format_helper_test.c
@@ -131,9 +131,9 @@ static struct convert_xrgb8888_case convert_xrgb8888_cases[] = {
.rgb565_result = {
.dst_pitch = 10,
.expected = {
- 0x0A33, 0x1260, 0xA800, 0x0000, 0x0000,
- 0x6B8E, 0x0A33, 0x1260, 0x0000, 0x0000,
- 0xA800, 0x6B8E, 0x0A33, 0x0000, 0x0000,
+ 0x0A31, 0x1260, 0xA800, 0x0000, 0x0000,
+ 0x6B81, 0x0A33, 0x1260, 0x0000, 0x0000,
+ 0xA801, 0x6B8E, 0x0A33, 0x0000, 0x0000,
},
.expected_swab = {
0x330A, 0x6012, 0x00A8, 0x0000, 0x0000,}}}
I will get a test failure with the following form:
➜ ./tools/testing/kunit/kunit.py run --kunitconfig=drivers/gpu/drm/tests \
--kconfig_add CONFIG_UML_PCI_OVER_VIRTIO=y --kconfig_add CONFIG_VIRTIO_UML=y \
'drm_format_helper_test'
[...]
[18:15:35] ================= xrgb8888_to_rgb565_test ==================
[18:15:35] [PASSED] single_pixel_source_buffer
[18:15:35] [PASSED] single_pixel_clip_rectangle
[18:15:35] [PASSED] well_known_colors
[18:15:35] # xrgb8888_to_rgb565_test: EXPECTATION FAILED at drivers/gpu/drm/tests/drm_format_helper_test.c:248
[18:15:35] Expected dst == result->expected, but
[18:15:35] dst ==
[18:15:35] <33> 0a 60 12 00 a8 00 00 00 00 <8e> 6b 33 0a 60 12
[18:15:35] 00 00 00 00 <00> a8 8e 6b 33 0a 00 00 00 00
[18:15:35] result->expected ==
[18:15:35] <31> 0a 60 12 00 a8 00 00 00 00 <81> 6b 33 0a 60 12
[18:15:35] 00 00 00 00 <01> a8 8e 6b 33 0a 00 00 00 00
[18:15:35] not ok 4 - destination_pitch
[18:15:35] [FAILED] destination_pitch
[18:15:35] # Subtest: xrgb8888_to_rgb565_test
[18:15:35] # xrgb8888_to_rgb565_test: pass:3 fail:1 skip:0 total:4
[18:15:35] not ok 2 - xrgb8888_to_rgb565_test
[...]
[18:15:35] ============= [FAILED] drm_format_helper_test ==============
[18:15:35] ============================================================
[18:15:35] Testing complete. Ran 8 tests: passed: 7, failed: 1
[18:15:35] Elapsed time: 3.148s total, 0.002s configuring, 3.031s building, 0.090s running
Noticed that, with the hex dump, it is possible to check which bytes are
making the test fail. So, it is easier to debug the cause of the failure.
Moreover, on this v2, the differed bytes are marked with a <>, to ease the
identication of the differences. The bytes are not ideally aligned, but the
marks, suggested by Daniel, are very helpful.
The first patch of the series introduces the KUNIT_EXPECT_MEMEQ and
KUNIT_EXPECT_MEMNEQ. The second patch adds an example of memory block
expectations on the kunit-example-test.c. And the last patch replaces the
KUNIT_EXPECT_EQ for KUNIT_EXPECT_MEMEQ on the existing occurrences.
Best Regards,
- Maíra Canal
v1 -> v2: https://lore.kernel.org/linux-kselftest/2a0dcd75-5461-5266-2749-808f638f4c5…
- Change "determinated" to "specified" (Daniel Latypov).
- Change the macro KUNIT_EXPECT_ARREQ to KUNIT_EXPECT_MEMEQ, in order to make
it easier for users to infer the right size unit (Daniel Latypov).
- Mark the different bytes on the failure message with a <> (Daniel Latypov).
- Replace a constant number of array elements for ARRAY_SIZE() (André Almeida).
- Rename "array" and "expected" variables to "array1" and "array2" (Daniel Latypov).
Maíra Canal (3):
kunit: Introduce KUNIT_EXPECT_MEMEQ and KUNIT_EXPECT_MEMNEQ macros
kunit: Add KUnit memory block assertions to the example_all_expect_macros_test
kunit: Use KUNIT_EXPECT_MEMEQ macro
.../gpu/drm/tests/drm_format_helper_test.c | 6 +-
include/kunit/assert.h | 35 +++++++++
include/kunit/test.h | 76 +++++++++++++++++++
lib/kunit/assert.c | 54 +++++++++++++
lib/kunit/kunit-example-test.c | 7 ++
net/core/dev_addr_lists_test.c | 4 +-
6 files changed, 177 insertions(+), 5 deletions(-)
--
2.37.1
Currently, in order to compare arrays in KUnit, the KUNIT_EXPECT_EQ or
KUNIT_EXPECT_FALSE macros are used in conjunction with the memcmp function,
such as:
KUNIT_EXPECT_EQ(test, memcmp(foo, bar, size), 0);
Although this usage produces correct results for the test cases, if the
expectation fails the error message is not very helpful, indicating only the
return of the memcmp function.
Therefore, create a new set of macros KUNIT_EXPECT_ARREQ and
KUNIT_EXPECT_ARRNEQ that compare memory blocks until a determined size. In
case of expectation failure, those macros print the hex dump of the memory
blocks, making it easier to debug test failures for arrays.
For example, if I am using the KUNIT_EXPECT_ARREQ macro and apply the
following diff (introducing a test failure) to the
drm/tests/drm_format_helper.c:
diff --git a/drivers/gpu/drm/tests/drm_format_helper_test.c b/drivers/gpu/drm/tests/drm_format_helper_test.c
index 3106abb3bead..942aa131a768 100644
--- a/drivers/gpu/drm/tests/drm_format_helper_test.c
+++ b/drivers/gpu/drm/tests/drm_format_helper_test.c
@@ -131,9 +131,9 @@ static struct convert_xrgb8888_case convert_xrgb8888_cases[] = {
.rgb565_result = {
.dst_pitch = 10,
.expected = {
- 0x0A33, 0x1260, 0xA800, 0x0000, 0x0000,
- 0x6B8E, 0x0A33, 0x1260, 0x0000, 0x0000,
- 0xA800, 0x6B8E, 0x0A33, 0x0000, 0x0000,
+ 0x0A31, 0x1260, 0xA800, 0x0000, 0x0000,
+ 0x6B81, 0x0A33, 0x1260, 0x0000, 0x0000,
+ 0xA801, 0x6B8E, 0x0A33, 0x0000, 0x0000,
},
.expected_swab = {
0x330A, 0x6012, 0x00A8, 0x0000, 0x0000,}}}
I will get a test failure with the following form:
➜ ./tools/testing/kunit/kunit.py run --kunitconfig=drivers/gpu/drm/tests \
--kconfig_add CONFIG_UML_PCI_OVER_VIRTIO=y --kconfig_add CONFIG_VIRTIO_UML=y \
'drm_format_helper_test'
[...]
[12:38:20] ================= xrgb8888_to_rgb565_test ==================
[12:38:20] [PASSED] single_pixel_source_buffer
[12:38:20] [PASSED] single_pixel_clip_rectangle
[12:38:20] [PASSED] well_known_colors
[12:38:20] # xrgb8888_to_rgb565_test: EXPECTATION FAILED at drivers/gpu/drm/tests/drm_format_helper_test.c:248
[12:38:20] Expected dst == result->expected, but
[12:38:20] dst ==
[12:38:20] 00000000: 33 0a 60 12 00 a8 00 00 00 00 8e 6b 33 0a 60 12
[12:38:20] 00000010: 00 00 00 00 00 a8 8e 6b 33 0a 00 00 00 00
[12:38:20] result->expected ==
[12:38:20] 00000000: 31 0a 60 12 00 a8 00 00 00 00 81 6b 33 0a 60 12
[12:38:20] 00000010: 00 00 00 00 01 a8 8e 6b 33 0a 00 00 00 00
[12:38:20] not ok 4 - destination_pitch
[12:38:20] [FAILED] destination_pitch
[12:38:20] # Subtest: xrgb8888_to_rgb565_test
[12:38:20] # xrgb8888_to_rgb565_test: pass:3 fail:1 skip:0 total:4
[12:38:20] not ok 2 - xrgb8888_to_rgb565_test
[...]
[12:38:20] ============= [FAILED] drm_format_helper_test ==============
[12:38:20] ============================================================
[12:38:20] Testing complete. Ran 8 tests: passed: 7, failed: 1
[12:38:20] Elapsed time: 3.713s total, 0.002s configuring, 3.546s building, 0.135s running
Noticed that, with the hex dump, it is possible to check which bytes are
making the test fail. So, it is easier to debug the cause of the failure.
The first patch of the series introduces the KUNIT_EXPECT_ARREQ and
KUNIT_EXPECT_ARRNEQ. The second patch adds an example of array expectations
on the kunit-example-test.c. And the last patch replaces the KUNIT_EXPECT_EQ
for KUNIT_EXPECT_ARREQ on the existing occurrences.
Best Regards,
- Maíra Canal
Maíra Canal (3):
kunit: Introduce KUNIT_EXPECT_ARREQ and KUNIT_EXPECT_ARRNEQ macros
kunit: add KUnit array assertions to the example_all_expect_macros_test
kunit: use KUNIT_EXPECT_ARREQ macro
.../gpu/drm/tests/drm_format_helper_test.c | 6 +-
include/kunit/assert.h | 35 +++++++++
include/kunit/test.h | 76 +++++++++++++++++++
lib/kunit/assert.c | 43 +++++++++++
lib/kunit/kunit-example-test.c | 7 ++
net/core/dev_addr_lists_test.c | 4 +-
6 files changed, 166 insertions(+), 5 deletions(-)
--
2.37.1
This series is based on torvalds/master.
The series is split up like so:
- Patch 1 is a simple fixup which we should take in any case (even by itself).
- Patches 2-6 add the feature, configurable selftest support, and docs.
Why not ...?
============
- Why not /proc/[pid]/userfaultfd? The proposed use case for this is for one
process to open a userfaultfd which can intercept another process' page
faults. This seems to me like exactly what CAP_SYS_PTRACE is for, though, so I
think this use case can simply use a syscall without the powers CAP_SYS_PTRACE
grants being "too much".
- Why not use a syscall? Access to syscalls is generally controlled by
capabilities. We don't have a capability which is used for userfaultfd access
without also granting more / other permissions as well, and adding a new
capability was rejected [1].
- It's possible a LSM could be used to control access instead. I suspect
adding a brand new one just for this would be rejected, but I think some
existing ones like SELinux can be used to filter syscall access. Enabling
SELinux for large production deployments which don't already use it is
likely to be a huge undertaking though, and I don't think this use case by
itself is enough to motivate that kind of architectural change.
Changelog
=========
v3->v4:
- Picked up an Acked-by on 5/5.
- Updated cover letter to cover "why not ...".
- Refactored userfaultfd_allowed() into userfaultfd_syscall_allowed(). [Peter]
- Removed obsolete comment from a previous version. [Peter]
- Refactored userfaultfd_open() in selftest. [Peter]
- Reworded admin-guide documentation. [Mike, Peter]
- Squashed 2 commits adding /dev/userfaultfd to selftest and making selftest
configurable. [Peter]
- Added "syscall" test modifier (the default behavior) to selftest. [Peter]
v2->v3:
- Rebased onto linux-next/akpm-base, in order to be based on top of the
run_vmtests.sh refactor which was merged previously.
- Picked up some Reviewed-by's.
- Fixed ioctl definition (_IO instead of _IOWR), and stopped using
compat_ptr_ioctl since it is unneeded for ioctls which don't take a pointer.
- Removed the "handle_kernel_faults" bool, simplifying the code. The result is
logically equivalent, but simpler.
- Fixed userfaultfd selftest so it returns KSFT_SKIP appropriately.
- Reworded documentation per Shuah's feedback on v2.
- Improved example usage for userfaultfd selftest.
v1->v2:
- Add documentation update.
- Test *both* userfaultfd(2) and /dev/userfaultfd via the selftest.
[1]: https://lore.kernel.org/lkml/686276b9-4530-2045-6bd8-170e5943abe4@schaufler…
Axel Rasmussen (5):
selftests: vm: add hugetlb_shared userfaultfd test to run_vmtests.sh
userfaultfd: add /dev/userfaultfd for fine grained access control
userfaultfd: selftests: modify selftest to use /dev/userfaultfd
userfaultfd: update documentation to describe /dev/userfaultfd
selftests: vm: add /dev/userfaultfd test cases to run_vmtests.sh
Documentation/admin-guide/mm/userfaultfd.rst | 41 +++++++++++-
Documentation/admin-guide/sysctl/vm.rst | 3 +
fs/userfaultfd.c | 69 ++++++++++++++++----
include/uapi/linux/userfaultfd.h | 4 ++
tools/testing/selftests/vm/run_vmtests.sh | 11 +++-
tools/testing/selftests/vm/userfaultfd.c | 69 +++++++++++++++++---
6 files changed, 169 insertions(+), 28 deletions(-)
--
2.37.0.170.g444d1eabd0-goog
The ioam6.sh test script exits with an error code (1) when tests are
skipped due to lack of support from userspace/kernel or not enough
permissions. It should return the kselftests SKIP code instead.
Reviewed-by: Justin Iurman <justin.iurman(a)uliege.be>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza(a)canonical.com>
---
Notes:
- Reposting to CC netdev@
- Keeping Justin's Review tag from the original post
tools/testing/selftests/net/ioam6.sh | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/tools/testing/selftests/net/ioam6.sh b/tools/testing/selftests/net/ioam6.sh
index a2b9fad5a9a6..4ceb401da1bf 100755
--- a/tools/testing/selftests/net/ioam6.sh
+++ b/tools/testing/selftests/net/ioam6.sh
@@ -117,6 +117,8 @@
# | Schema Data | |
# +-----------------------------------------------------------+
+# Kselftest framework requirement - SKIP code is 4.
+ksft_skip=4
################################################################################
# #
@@ -211,7 +213,7 @@ check_kernel_compatibility()
echo "SKIP: kernel version probably too old, missing ioam support"
ip link del veth0 2>/dev/null || true
ip netns del ioam-tmp-node || true
- exit 1
+ exit $ksft_skip
fi
ip -netns ioam-tmp-node route add db02::/64 encap ioam6 mode inline \
@@ -227,7 +229,7 @@ check_kernel_compatibility()
"without CONFIG_IPV6_IOAM6_LWTUNNEL?"
ip link del veth0 2>/dev/null || true
ip netns del ioam-tmp-node || true
- exit 1
+ exit $ksft_skip
fi
ip link del veth0 2>/dev/null || true
@@ -752,20 +754,20 @@ nfailed=0
if [ "$(id -u)" -ne 0 ]
then
echo "SKIP: Need root privileges"
- exit 1
+ exit $ksft_skip
fi
if [ ! -x "$(command -v ip)" ]
then
echo "SKIP: Could not run test without ip tool"
- exit 1
+ exit $ksft_skip
fi
ip ioam &>/dev/null
if [ $? = 1 ]
then
echo "SKIP: iproute2 too old, missing ioam command"
- exit 1
+ exit $ksft_skip
fi
check_kernel_compatibility
--
2.34.1
Dzień dobry,
zapoznałem się z Państwa ofertą i z przyjemnością przyznaję, że przyciąga uwagę i zachęca do dalszych rozmów.
Pomyślałem, że może mógłbym mieć swój wkład w Państwa rozwój i pomóc dotrzeć z tą ofertą do większego grona odbiorców. Pozycjonuję strony www, dzięki czemu generują świetny ruch w sieci.
Możemy porozmawiać w najbliższym czasie?
Pozdrawiam
Adam Charachuta
Currently in validate_extra_context() we assert both that the extra data
pointed to by the EXTRA_CONTEXT is 16 byte aligned and that it immediately
follows the struct _aarch64_ctx providing the terminator for the linked
list of contexts in the signal frame. Since struct _aarch64_ctx is an 8
byte structure which must be 16 byte aligned these cannot both be true. As
documented in sigcontext.h and implemented by the kernel the extra data
should be at the next 16 byte aligned address after the terminator so fix
the validation to match.
Signed-off-by: Mark Brown <broonie(a)kernel.org>
---
tools/testing/selftests/arm64/signal/testcases/testcases.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.c b/tools/testing/selftests/arm64/signal/testcases/testcases.c
index b2cce9afaaf3..0b3c9b4b1d39 100644
--- a/tools/testing/selftests/arm64/signal/testcases/testcases.c
+++ b/tools/testing/selftests/arm64/signal/testcases/testcases.c
@@ -42,7 +42,7 @@ bool validate_extra_context(struct extra_context *extra, char **err)
*err = "Extra DATAP misaligned";
else if (extra->size & 0x0fUL)
*err = "Extra SIZE misaligned";
- else if (extra->datap != (uint64_t)term + sizeof(*term))
+ else if (extra->datap != (uint64_t)term + 0x10UL)
*err = "Extra DATAP misplaced (not contiguous)";
if (*err)
return false;
--
2.30.2
In handle_input_signal_copyctx() we use ASSERT_GOOD_CONTEXT() to validate
that the context we are saving meets expectations however we do this on
the saved copy rather than on the actual signal context passed in. This
breaks validation of EXTRA_CONTEXT since we attempt to validate the ABI
requirement that the additional space supplied is immediately after the
termination record in the standard context which will not be the case
after it has been copied to another location.
Fix this by doing the validation before we copy. Note that nothing actually
looks inside the EXTRA_CONTEXT at present.
Signed-off-by: Mark Brown <broonie(a)kernel.org>
---
.../testing/selftests/arm64/signal/test_signals_utils.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/arm64/signal/test_signals_utils.c b/tools/testing/selftests/arm64/signal/test_signals_utils.c
index b588d10afd5b..a54dc1b6f35c 100644
--- a/tools/testing/selftests/arm64/signal/test_signals_utils.c
+++ b/tools/testing/selftests/arm64/signal/test_signals_utils.c
@@ -165,12 +165,15 @@ static bool handle_signal_ok(struct tdescr *td,
}
static bool handle_signal_copyctx(struct tdescr *td,
- siginfo_t *si, void *uc)
+ siginfo_t *si, void *uc_in)
{
+ ucontext_t *uc = uc_in;
+
+ ASSERT_GOOD_CONTEXT(uc);
+
/* Mangling PC to avoid loops on original BRK instr */
- ((ucontext_t *)uc)->uc_mcontext.pc += 4;
+ uc->uc_mcontext.pc += 4;
memcpy(td->live_uc, uc, td->live_sz);
- ASSERT_GOOD_CONTEXT(td->live_uc);
td->live_uc_valid = 1;
fprintf(stderr,
"GOOD CONTEXT grabbed from sig_copyctx handler\n");
--
2.30.2
When arm64 signal context data overflows the base struct sigcontext it gets
placed in an extra buffer pointed to by a record of type EXTRA_CONTEXT in
the base struct sigcontext which is required to be the last record in the
base struct sigframe. The current validation code attempts to check this
by using GET_RESV_NEXT_HEAD() to step forward from the current record to
the next but that is a macro which assumes it is being provided with a
struct _aarch64_ctx and uses the size there to skip forward to the next
record. Instead validate_extra_context() passes it a struct extra_context
which has a separate size field. This compiles but results in us trying
to validate a terminator in completely the wrong place, at best failing
validation and at worst just segfaulting. Fix this by passing the struct
_aarch64_ctx we meant to into the macro.
Signed-off-by: Mark Brown <broonie(a)kernel.org>
---
tools/testing/selftests/arm64/signal/testcases/testcases.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.c b/tools/testing/selftests/arm64/signal/testcases/testcases.c
index 84c36bee4d82..d98828cb542b 100644
--- a/tools/testing/selftests/arm64/signal/testcases/testcases.c
+++ b/tools/testing/selftests/arm64/signal/testcases/testcases.c
@@ -33,7 +33,7 @@ bool validate_extra_context(struct extra_context *extra, char **err)
return false;
fprintf(stderr, "Validating EXTRA...\n");
- term = GET_RESV_NEXT_HEAD(extra);
+ term = GET_RESV_NEXT_HEAD(&extra->head);
if (!term || term->magic || term->size) {
*err = "Missing terminator after EXTRA context";
return false;
--
2.30.2
The default file permissions on a memfd include execute bits, which
means that such a memfd can be filled with a executable and passed to
the exec() family of functions. This is undesirable on systems where all
code is verified and all filesystems are intended to be mounted noexec,
since an attacker may be able to use a memfd to load unverified code and
execute it.
Additionally, execution via memfd is a common way to avoid scrutiny for
malicious code, since it allows execution of a program without a file
ever appearing on disk. This attack vector is not totally mitigated with
this new flag, since the default memfd file permissions must remain
executable to avoid breaking existing legitimate uses, but it should be
possible to use other security mechanisms to prevent memfd_create calls
without MFD_NOEXEC on systems where it is known that executable memfds
are not necessary.
This patch series adds a new MFD_NOEXEC flag for memfd_create(), which
allows creation of non-executable memfds, and as part of the
implementation of this new flag, it also adds a new F_SEAL_EXEC seal,
which will prevent modification of any of the execute bits of a sealed
memfd.
I am not sure if this is the best way to implement the desired behavior
(for example, the F_SEAL_EXEC seal is really more of an implementation
detail and feels a bit clunky to expose), so suggestions are welcome
for alternate approaches.
Daniel Verkamp (4):
mm/memfd: add F_SEAL_EXEC
mm/memfd: add MFD_NOEXEC flag to memfd_create
selftests/memfd: add tests for F_SEAL_EXEC
selftests/memfd: add tests for MFD_NOEXEC
include/uapi/linux/fcntl.h | 1 +
include/uapi/linux/memfd.h | 1 +
mm/memfd.c | 12 ++-
mm/shmem.c | 6 ++
tools/testing/selftests/memfd/memfd_test.c | 114 +++++++++++++++++++++
5 files changed, 133 insertions(+), 1 deletion(-)
--
2.35.1.1094.g7c7d902a7c-goog
This patchset adds support for SRv6 Headend behavior with Reduced
Encapsulation. It introduces the H.Encaps.Red and H.L2Encaps.Red versions
of the SRv6 H.Encaps and H.L2Encaps behaviors, according to RFC 8986 [1].
In details, the patchset is made of:
- patch 1/4: add support for SRv6 H.Encaps.Red behavior;
- Patch 2/4: add support for SRv6 H.L2Encaps.Red behavior;
- patch 2/4: add selftest for SRv6 H.Encaps.Red behavior;
- patch 3/4: add selftest for SRv6 H.L2Encaps.Red behavior.
The corresponding iproute2 patch for supporting SRv6 H.Encaps.Red and
H.L2Encaps.Red behaviors is provided in a separated patchset.
[1] - https://datatracker.ietf.org/doc/html/rfc8986
V4 -> v5:
- Fix skb checksum for SRH Reduced encapsulation/insertion;
- Improve selftests by:
i) adding a random suffix to network namespaces;
ii) creating net devices directly into network namespaces;
iii) using trap EXIT command to properly clean up selftest networks.
Thanks to Paolo Abeni.
v3 -> v4:
- Add selftests to the Makefile, thanks to Jakub Kicinski.
v2 -> v3:
- Keep SRH when HMAC TLV is present;
- Split the support for H.Encaps.Red and H.L2Encaps.Red behaviors in two
patches (respectively, patch 1/4 and patch 2/4);
- Add selftests for SRv6 H.Encaps.Red and H.L2Encaps.Red.
v1 -> v2:
- Fixed sparse warnings;
- memset now uses sizeof() instead of hardcoded value;
- Removed EXPORT_SYMBOL_GPL.
Andrea Mayer (4):
seg6: add support for SRv6 H.Encaps.Red behavior
seg6: add support for SRv6 H.L2Encaps.Red behavior
selftests: seg6: add selftest for SRv6 H.Encaps.Red behavior
selftests: seg6: add selftest for SRv6 H.L2Encaps.Red behavior
include/uapi/linux/seg6_iptunnel.h | 2 +
net/ipv6/seg6_iptunnel.c | 140 ++-
tools/testing/selftests/net/Makefile | 2 +
.../net/srv6_hencap_red_l3vpn_test.sh | 879 ++++++++++++++++++
.../net/srv6_hl2encap_red_l2vpn_test.sh | 821 ++++++++++++++++
5 files changed, 1842 insertions(+), 2 deletions(-)
create mode 100755 tools/testing/selftests/net/srv6_hencap_red_l3vpn_test.sh
create mode 100755 tools/testing/selftests/net/srv6_hl2encap_red_l2vpn_test.sh
--
2.20.1
Add a Makefile which takes care of installing the selftests in
tools/testing/selftests/drivers/net/dsa. This can be used to install all
DSA specific selftests and forwarding.config using the same approach as
for the selftests in tools/testing/selftests/net/forwarding.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com>
---
.../testing/selftests/drivers/net/dsa/Makefile | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
create mode 100644 tools/testing/selftests/drivers/net/dsa/Makefile
diff --git a/tools/testing/selftests/drivers/net/dsa/Makefile b/tools/testing/selftests/drivers/net/dsa/Makefile
new file mode 100644
index 000000000000..2a731d5c6d85
--- /dev/null
+++ b/tools/testing/selftests/drivers/net/dsa/Makefile
@@ -0,0 +1,17 @@
+# SPDX-License-Identifier: GPL-2.0+ OR MIT
+
+TEST_PROGS = bridge_locked_port.sh \
+ bridge_mdb.sh \
+ bridge_mld.sh \
+ bridge_vlan_aware.sh \
+ bridge_vlan_mcast.sh \
+ bridge_vlan_unaware.sh \
+ local_termination.sh \
+ no_forwarding.sh \
+ test_bridge_fdb_stress.sh
+
+TEST_PROGS_EXTENDED := lib.sh
+
+TEST_FILES := forwarding.config
+
+include ../../../lib.mk
--
2.37.1
On Thu, Jun 30, 2022 at 01:16:34PM +0200, Hans Schultz wrote:
> This patch is related to the patch set
> "Add support for locked bridge ports (for 802.1X)"
> Link: https://lore.kernel.org/netdev/20220223101650.1212814-1-schultz.hans+netdev…
>
> This patch makes the locked port feature work with learning turned on,
> which is enabled with the command:
>
> bridge link set dev DEV learning on
>
> Without this patch, link local traffic (01:80:c2) like EAPOL packets will
> create a fdb entry when ingressing on a locked port with learning turned
> on, thus unintentionally opening up the port for traffic for the said MAC.
>
> Some switchcore features like Mac-Auth and refreshing of FDB entries,
> require learning enables on some switchcores, f.ex. the mv88e6xxx family.
> Other features may apply too.
>
> Since many switchcores trap or mirror various multicast packets to the
> CPU, link local traffic will unintentionally unlock the port for the
> SA mac in question unless prevented by this patch.
Why not just teach hostapd to do:
echo 1 > /sys/class/net/br0/bridge/no_linklocal_learn
?
OpenSSL 3.0 deprecates some of the functions used in the SGX
selftests, causing build errors on new distros. For now ignore
the warnings until support for the functions is no longer
available.
Signed-off-by: Kristen Carlson Accardi <kristen(a)linux.intel.com>
---
tools/testing/selftests/sgx/sigstruct.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c
index 50c5ab1aa6fa..bb191b70141a 100644
--- a/tools/testing/selftests/sgx/sigstruct.c
+++ b/tools/testing/selftests/sgx/sigstruct.c
@@ -17,6 +17,9 @@
#include "defines.h"
#include "main.h"
+/* OpenSSL 3.0 has deprecated some functions. For now just ignore the warnings. */
+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+
struct q1q2_ctx {
BN_CTX *bn_ctx;
BIGNUM *m;
--
2.36.1
The ioam6.sh test script exits with an error code (1) when tests are
skipped due to lack of support from userspace/kernel or not enough
permissions. It should return the kselftests SKIP code instead.
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza(a)canonical.com>
---
tools/testing/selftests/net/ioam6.sh | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/tools/testing/selftests/net/ioam6.sh b/tools/testing/selftests/net/ioam6.sh
index a2b9fad5a9a6..4ceb401da1bf 100755
--- a/tools/testing/selftests/net/ioam6.sh
+++ b/tools/testing/selftests/net/ioam6.sh
@@ -117,6 +117,8 @@
# | Schema Data | |
# +-----------------------------------------------------------+
+# Kselftest framework requirement - SKIP code is 4.
+ksft_skip=4
################################################################################
# #
@@ -211,7 +213,7 @@ check_kernel_compatibility()
echo "SKIP: kernel version probably too old, missing ioam support"
ip link del veth0 2>/dev/null || true
ip netns del ioam-tmp-node || true
- exit 1
+ exit $ksft_skip
fi
ip -netns ioam-tmp-node route add db02::/64 encap ioam6 mode inline \
@@ -227,7 +229,7 @@ check_kernel_compatibility()
"without CONFIG_IPV6_IOAM6_LWTUNNEL?"
ip link del veth0 2>/dev/null || true
ip netns del ioam-tmp-node || true
- exit 1
+ exit $ksft_skip
fi
ip link del veth0 2>/dev/null || true
@@ -752,20 +754,20 @@ nfailed=0
if [ "$(id -u)" -ne 0 ]
then
echo "SKIP: Need root privileges"
- exit 1
+ exit $ksft_skip
fi
if [ ! -x "$(command -v ip)" ]
then
echo "SKIP: Could not run test without ip tool"
- exit 1
+ exit $ksft_skip
fi
ip ioam &>/dev/null
if [ $? = 1 ]
then
echo "SKIP: iproute2 too old, missing ioam command"
- exit 1
+ exit $ksft_skip
fi
check_kernel_compatibility
--
2.34.1
This is similar to TCP-MD5 in functionality but it's sufficiently
different that packet formats and interfaces are incompatible.
Compared to TCP-MD5 more algorithms are supported and multiple keys
can be used on the same connection but there is still no negotiation
mechanism.
Expected use-case is protecting long-duration BGP/LDP connections
between routers using pre-shared keys. The goal of this series is to
allow routers using the Linux TCP stack to interoperate with vendors
such as Cisco and Juniper.
The current code is largely feature complete and well-tested and
changes are relatively small compared to previous version. I should
have reposted this series earlier but was distracted by other things.
I'd welcome any advice for how to push this upstream. Only up to patch
13 is required for a minimal implementation, the rest are additional
features and tests. Maybe I could try posting reduced versions?
I've recently been talking with Phillip Paeps who is working on an BSD
implementation of the same standard and he suggested sharing ABI in
order to make userspace compatibility easier. The current ABI is
entirely made up by me alone.
One option would be to use PF_KEY because in FreeBSD PF_KEY is also used
for MD5, in a somewhat convoluted way. I'm not very familiar with PF_KEY
but perhaps a shim could be implemented inside linux PF_KEY support to
make some keys be handled in an entirely different way, using tcp_authopt
instead of xfrm. Does this make sense to anyone else?
A key difference versus MD5 is that keys are global rather than
per-socket. Older versions had per-socket keys but in practice
applications want to always use a consistent set of keys for communication
with a specific peer and keeping those keys in sync from userspace is
difficult and prone to races.
Other vendors supporting TCP-AO implement a notion of a "key chain"
roughly similar to what is described in RFC8177. The current ABI is
sufficient to do the same but it requires a bunch of userspace work
to add and delete keys at the appropriate time or mark them as "NOSEND"
and "NORECV". Userspace also has to insert a "dummy" key when all other
keys are expired in order to prevent unsigned traffic going through. This
feature might be considerably easier to use from userspace if validity
times were added in the kernel for each key.
Here are some known flaws and limitations:
* Crypto API is used with buffers on the stack and inside struct sock,
this might not work on all arches. I'm currently only testing x64 VMs
* Interaction with FASTOPEN not tested and unlikely to work because
sequence number assumptions for syn/ack.
* No way to limit keys on a per-port basis (used to be implicit with
per-socket keys).
* Not clear if crypto_ahash_setkey might sleep. If some implementation
do that then maybe they could be excluded through alloc flags.
* Traffic key is not cached (reducing performance)
* No caching or hashing for key lookups so this will scale poorly with
many keys
* Overlaping MKTs can be configured despite what RFC5925 says
* Current key can be deleted. RFC says this shouldn't be allowed but
enforcing this belongs at an admin shell rather than in the kernel.
* If multiple keys are valid for a destination the kernel picks one
in an unpredictable manner (this can be overridden).
There is relatively little code sharing with the TCP_MD5SIG feature and
earlier versions shared even less. Unlike MD5 the AO feature is kept
separate from the rest of the TCP code and reusing code would require
many unrelated cleanup changes.
I'm not convinced that "authopt" is particularly good naming convention,
this name is a personal invention that does not appear anywhere else.
The RFC calls this "tcp-ao". Perhaps TCP_AOSIG would be a better name
and it would also make the close connection to TCP_MD5SIG more visible?
Some testing support is included in nettest and fcnal-test.sh, similar
to the current level of tcp-md5 testing.
A more elaborate test suite using pytest and scapy is available out of
tree: https://github.com/cdleonard/tcp-authopt-test
There is an automatic system that runs that test suite in vagrant in
gitlab-ci: https://gitlab.com/cdleonard/vagrantcpao
Changes for frr (obsolete): https://github.com/FRRouting/frr/pull/9442
That PR was made early for ABI feedback, it has many issues.
Changes for yabgp (obsolete): https://github.com/cdleonard/yabgp/commits/tcp_authopt
This was used for interoperability testing with cisco.
Changes since PATCH v5:
* Rebased on recent net-next, including recent changes refactoring md5
* Use to skb_drop_reason
* Fix using sock_kmalloc for key alloc but regular kfree for free. Use kmalloc
because keys are global
* Fix mentioning non-existent copy_from_sockopt in doc for _copy_from_sockptr_tolerant
* If no valid keys are available for a destination then report a socket error
instead of sending unsigned traffic
* Remove several noop implementations which are always called from ifdef
* Fix build issues in all scenarios, including -Werror at every point.
* Split "tcp: Refactor tcp_inbound_md5_hash into tcp_inbound_sig_hash" into a separate commit.
* Add TCP_AUTHOPT_FLAG_ACTIVE to distinguish between "keys configured for socket"
and "connection authenticated". A listen socket with authentication enabled will return
other sockets with authentication enabled on accept() but if no key is configured for the
peer then authentication will be inactive.
* Add support for TCP_REPAIR_AUTHOPT new sockopts which loads/saves the AO-specific
information.
Link: https://lore.kernel.org/netdev/cover.1643026076.git.cdleonard@gmail.com/
Changes since PATCH v4:
* Move the traffic_key context_bytes header to stack. If it's a constant
string then ahash can fail unexpectedly.
* Fix allowing unsigned traffic if all keys are marked norecv.
* Fix crashing in __tcp_authopt_alg_init on failure.
* Try to respect the rnextkeyid from SYN on SYNACK (new patch)
* Fix incorrect check for TCP_AUTHOPT_KEY_DEL in __tcp_authopt_select_key
* Improve docs on __tcp_authopt_select_key
* Fix build with CONFIG_PROC_FS=n (kernel build robot)
* Fix build with CONFIG_IPV6=n (kernel build robot)
Link: https://lore.kernel.org/netdev/cover.1640273966.git.cdleonard@gmail.com/
Changes since PATCH v3:
* Made keys global (per-netns rather than per-sock).
* Add /proc/net/tcp_authopt with a table of keys (not sockets).
* Fix part of the shash/ahash conversion having slipped from patch 3 to patch 5
* Fix tcp_parse_sig_options assigning NULL incorrectly when both MD5 and AO
are disabled (kernel build robot)
* Fix sparse endianness warnings in prefix match (kernel build robot)
* Fix several incorrect RCU annotations reported by sparse (kernel build robot)
Link: https://lore.kernel.org/netdev/cover.1638962992.git.cdleonard@gmail.com/
Changes since PATCH v2:
* Protect tcp_authopt_alg_get/put_tfm with local_bh_disable instead of
preempt_disable. This caused signature corruption when send path executing
with BH enabled was interrupted by recv.
* Fix accepted keyids not configured locally as "unexpected". If any key
is configured that matches the peer then traffic MUST be signed.
* Fix issues related to sne rollover during handshake itself. (Francesco)
* Implement and test prefixlen (David)
* Replace shash with ahash and reuse some of the MD5 code (Dmitry)
* Parse md5+ao options only once in the same function (Dmitry)
* Pass tcp_authopt_info into inbound check path, this avoids second rcu
dereference for same packet.
* Pass tcp_request_socket into inbound check path instead of just listen
socket. This is required for SNE rollover during handshake and clearifies
ISN handling.
* Do not allow disabling via sysctl after enabling once, this is difficult
to support well (David)
* Verbose check for sysctl_tcp_authopt (Dmitry)
* Use netif_index_is_l3_master (David)
* Cleanup ipvx_addr_match (David)
* Add a #define tcp_authopt_needed to wrap static key usage because it looks
nicer.
* Replace rcu_read_lock with rcu_dereference_protected in SNE updates (Eric)
* Remove test suite
Link: https://lore.kernel.org/netdev/cover.1635784253.git.cdleonard@gmail.com/
Changes since PATCH v1:
* Implement Sequence Number Extension
* Implement l3index for vrf: TCP_AUTHOPT_KEY_IFINDEX as equivalent of
TCP_MD5SIG_FLAG_IFINDEX
* Expand TCP-AO tests in fcnal-test.sh to near-parity with md5.
* Show addr/port on failure similar to md5
* Remove tox dependency from test suite (create venv directly)
* Switch default pytest output format to TAP (kselftest standard)
* Fix _copy_from_sockptr_tolerant stack corruption on short sockopts.
This was covered in test but error was invisible without STACKPROTECTOR=y
* Fix sysctl_tcp_authopt check in tcp_get_authopt_val before memset. This
was harmless because error code is checked in getsockopt anyway.
* Fix dropping md5 packets on all sockets with AO enabled
* Fix checking (key->recv_id & TCP_AUTHOPT_KEY_ADDR_BIND) instead of
key->flags in tcp_authopt_key_match_exact
* Fix PATCH 1/19 not compiling due to missing "int err" declaration
* Add ratelimited message for AO and MD5 both present
* Export all symbols required by CONFIG_IPV6=m (again)
* Fix compilation with CONFIG_TCP_AUTHOPT=y CONFIG_TCP_MD5SIG=n
* Fix checkpatch issues
* Pass -rrequirements.txt to tox to avoid dependency variation.
Link: https://lore.kernel.org/netdev/cover.1632240523.git.cdleonard@gmail.com/
Changes since RFCv3:
* Implement TCP_AUTHOPT handling for timewait and reset replies. Write
tests to execute these paths by injecting packets with scapy
* Handle combining md5 and authopt: if both are configured use authopt.
* Fix locking issues around send_key, introduced in on of the later patches.
* Handle IPv4-mapped-IPv6 addresses: it used to be that an ipv4 SYN sent
to an ipv6 socket with TCP-AO triggered WARN
* Implement un-namespaced sysctl disabled this feature by default
* Allocate new key before removing any old one in setsockopt (Dmitry)
* Remove tcp_authopt_key_info.local_id because it's no longer used (Dmitry)
* Propagate errors from TCP_AUTHOPT getsockopt (Dmitry)
* Fix no-longer-correct TCP_AUTHOPT_KEY_DEL docs (Dmitry)
* Simplify crypto allocation (Eric)
* Use kzmalloc instead of __GFP_ZERO (Eric)
* Add static_key_false tcp_authopt_needed (Eric)
* Clear authopt_info copied from oldsk in __tcp_authopt_openreq (Eric)
* Replace memcmp in ipv4 and ipv6 addr comparisons (Eric)
* Export symbols for CONFIG_IPV6=m (kernel test robot)
* Mark more functions static (kernel test robot)
* Fix build with CONFIG_PROVE_RCU_LIST=y (kernel test robot)
Link: https://lore.kernel.org/netdev/cover.1629840814.git.cdleonard@gmail.com/
Changes since RFCv2:
* Removed local_id from ABI and match on send_id/recv_id/addr
* Add all relevant out-of-tree tests to tools/testing/selftests
* Return an error instead of ignoring unknown flags, hopefully this makes
it easier to extend.
* Check sk_family before __tcp_authopt_info_get_or_create in tcp_set_authopt_key
* Use sock_owned_by_me instead of WARN_ON(!lockdep_sock_is_held(sk))
* Fix some intermediate build failures reported by kbuild robot
* Improve documentation
Link: https://lore.kernel.org/netdev/cover.1628544649.git.cdleonard@gmail.com/
Changes since RFC:
* Split into per-topic commits for ease of review. The intermediate
commits compile with a few "unused function" warnings and don't do
anything useful by themselves.
* Add ABI documention including kernel-doc on uapi
* Fix lockdep warnings from crypto by creating pools with one shash for
each cpu
* Accept short options to setsockopt by padding with zeros; this
approach allows increasing the size of the structs in the future.
* Support for aes-128-cmac-96
* Support for binding addresses to keys in a way similar to old tcp_md5
* Add support for retrieving received keyid/rnextkeyid and controling
the keyid/rnextkeyid being sent.
Link: https://lore.kernel.org/netdev/01383a8751e97ef826ef2adf93bfde3a08195a43.162…
Leonard Crestez (26):
tcp: authopt: Initial support and key management
tcp: authopt: Remove more unused noops
docs: Add user documentation for tcp_authopt
tcp: authopt: Add crypto initialization
tcp: Refactor tcp_sig_hash_skb_data for AO
tcp: authopt: Compute packet signatures
tcp: Refactor tcp_inbound_md5_hash into tcp_inbound_sig_hash
tcp: authopt: Hook into tcp core
tcp: authopt: Disable via sysctl by default
tcp: authopt: Implement Sequence Number Extension
tcp: ipv6: Add AO signing for tcp_v6_send_response
tcp: authopt: Add support for signing skb-less replies
tcp: ipv4: Add AO signing for skb-less replies
tcp: authopt: Add key selection controls
tcp: authopt: Add initial l3index support
tcp: authopt: Add NOSEND/NORECV flags
tcp: authopt: Add prefixlen support
tcp: authopt: Add /proc/net/tcp_authopt listing all keys
selftests: nettest: Rename md5_prefix to key_addr_prefix
selftests: nettest: Initial tcp_authopt support
selftests: net/fcnal: Initial tcp_authopt support
tcp: authopt: Try to respect rnextkeyid from SYN on SYNACK
tcp: authopt: tcp_authopt_lookup_send: Add anykey output param
tcp: authopt: Initial support for TCP_AUTHOPT_FLAG_ACTIVE
tcp: authopt: If no keys are valid for send report an error
tcp: authopt: Initial implementation of TCP_REPAIR_AUTHOPT
Documentation/networking/index.rst | 1 +
Documentation/networking/ip-sysctl.rst | 6 +
Documentation/networking/tcp_authopt.rst | 88 +
include/linux/tcp.h | 15 +
include/net/dropreason.h | 16 +
include/net/net_namespace.h | 4 +
include/net/netns/tcp_authopt.h | 12 +
include/net/tcp.h | 55 +-
include/net/tcp_authopt.h | 264 +++
include/uapi/linux/snmp.h | 1 +
include/uapi/linux/tcp.h | 165 ++
net/ipv4/Kconfig | 14 +
net/ipv4/Makefile | 1 +
net/ipv4/proc.c | 1 +
net/ipv4/sysctl_net_ipv4.c | 39 +
net/ipv4/tcp.c | 126 +-
net/ipv4/tcp_authopt.c | 1952 +++++++++++++++++++++
net/ipv4/tcp_input.c | 53 +-
net/ipv4/tcp_ipv4.c | 100 +-
net/ipv4/tcp_minisocks.c | 12 +
net/ipv4/tcp_output.c | 106 +-
net/ipv6/tcp_ipv6.c | 70 +-
tools/testing/selftests/net/fcnal-test.sh | 329 +++-
tools/testing/selftests/net/nettest.c | 204 ++-
24 files changed, 3546 insertions(+), 88 deletions(-)
create mode 100644 Documentation/networking/tcp_authopt.rst
create mode 100644 include/net/netns/tcp_authopt.h
create mode 100644 include/net/tcp_authopt.h
create mode 100644 net/ipv4/tcp_authopt.c
--
2.25.1
CONFIG_UML_PCI_OVER_VIRTIO=y is needed to enable CONFIG_PCI=y on UML.
However, this causes test failures when running the clk tests, i.e.
$ ./tools/testing/kunit/kunit.py run --kunitconfig=drivers/clk
A snippet of the particular error is:
> ok 1 - clk_gate_test_parent_rate
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 45 at lib/logic_iomem.c:141 __raw_readl+0x9f/0xd0
This is triggered by this cast in the test:
143 ctx->fake_mem = (void __force __iomem *)&ctx->fake_reg;
this seems to work except when logic iomem is enabled, i.e.
CONFIG_INDIRECT_IOMEM=y.
As a short-term fix, explicitly disable CONFIG_UML_PCI_OVER_VIRTIO in
drivers/clk/.kunitconfig so we can enable it for everyone else by
default in kunit.py.
The long-term fix probably requires something more complicated, like
#ifdef CONFIG_INDIRECT_IOMEM
logic_iomem_add_region(...);
#endif
Signed-off-by: Daniel Latypov <dlatypov(a)google.com>
Reported-by: Maxime Ripard <maxime(a)cerno.tech>
Tested-by: Maxime Ripard <maxime(a)cerno.tech>
---
Note: this targeting the -kselftest kunit branch.
There's a commit that triggers this by enabling logic iomem by default
[1] and there's also a commit that lets disable it via kunitconfig file
[2], which this fix relies on.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git/c…
[2] https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git/c…
---
drivers/clk/.kunitconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/.kunitconfig b/drivers/clk/.kunitconfig
index cdbc7d7deba9..2fbeb71316f8 100644
--- a/drivers/clk/.kunitconfig
+++ b/drivers/clk/.kunitconfig
@@ -2,3 +2,4 @@ CONFIG_KUNIT=y
CONFIG_COMMON_CLK=y
CONFIG_CLK_KUNIT_TEST=y
CONFIG_CLK_GATE_KUNIT_TEST=y
+CONFIG_UML_PCI_OVER_VIRTIO=n
base-commit: 7635778bac7e46458392c1261e3916e8e9e86860
--
2.37.0.rc0.161.g10f37bed90-goog
Replace 'the the' with 'the' in the comment.
Signed-off-by: Slark Xiao <slark_xiao(a)163.com>
---
tools/testing/selftests/net/forwarding/vxlan_asymmetric.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/net/forwarding/vxlan_asymmetric.sh b/tools/testing/selftests/net/forwarding/vxlan_asymmetric.sh
index 0727e2012b68..43469c7de118 100755
--- a/tools/testing/selftests/net/forwarding/vxlan_asymmetric.sh
+++ b/tools/testing/selftests/net/forwarding/vxlan_asymmetric.sh
@@ -525,7 +525,7 @@ arp_suppression()
log_test "neigh_suppress: on / neigh exists: yes"
- # Delete the neighbour from the the SVI. A single ARP request should be
+ # Delete the neighbour from the SVI. A single ARP request should be
# received by the remote VTEP
RET=0
--
2.25.1
Replace headers_install with headers as kselftest uses the header
files from within the kernel tree rather than from a system-wide
installation.
We can still run this directly:
$ make O=build kselftest-all
and when building from the selftests directory:
$ make O=build headers
$ make O=build -C tools/testing/selftests all
Signed-off-by: Guillaume Tucker <guillaume.tucker(a)collabora.com>
Reported-by: Masahiro Yamada <masahiroy(a)kernel.org>
---
Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index fb2f3bb53a6b..5c934d16664c 100644
--- a/Makefile
+++ b/Makefile
@@ -1347,10 +1347,10 @@ tools/%: FORCE
# Kernel selftest
PHONY += kselftest
-kselftest: headers_install
+kselftest: headers
$(Q)$(MAKE) -C $(srctree)/tools/testing/selftests run_tests
-kselftest-%: headers_install FORCE
+kselftest-%: headers FORCE
$(Q)$(MAKE) -C $(srctree)/tools/testing/selftests $*
PHONY += kselftest-merge
--
2.30.2
As the number of test cases and length of execution grows it's
useful to select only a subset of tests. In TLS for instance we
have a matrix of variants for different crypto protocols and
during development mostly care about testing a handful.
This is quicker and makes reading output easier.
This patch adds argument parsing to kselftest_harness.
It supports a couple of ways to filter things, I could not come
up with one way which will cover all cases.
The first and simplest switch is -r which takes the name of
a test to run (can be specified multiple times). For example:
$ ./my_test -r some.test.name -r some.other.name
will run tests some.test.name and some.other.name (where "some"
is the fixture, "test" and "other" and "name is the test.)
Then there is a handful of group filtering options. f/v/t for
filtering by fixture/variant/test. They have both positive
(match -> run) and negative versions (match -> skip).
If user specifies any positive option we assume the default
is not to run the tests. If only negative options are set
we assume the tests are supposed to be run by default.
Usage: ./tools/testing/selftests/net/tls [-h|-l] [-t|-T|-v|-V|-f|-F|-r name]
-h print help
-l list all tests
-t name include test
-T name exclude test
-v name include variant
-V name exclude variant
-f name include fixture
-F name exclude fixture
-r name run specified test
Test filter options can be specified multiple times. The filtering stops
at the first match. For example to include all tests from variant 'bla'
but not test 'foo' specify '-T foo -v bla'.
Here we can request for example all tests from fixture "foo" to run:
./my_test -f foo
or to skip variants var1 and var2:
./my_test -V var1 -V var2
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
---
v2:
- use getopt()
CC: keescook(a)chromium.org
CC: luto(a)amacapital.net
CC: wad(a)chromium.org
CC: shuah(a)kernel.org
CC: linux-kselftest(a)vger.kernel.org
---
tools/testing/selftests/kselftest_harness.h | 142 +++++++++++++++++++-
1 file changed, 137 insertions(+), 5 deletions(-)
diff --git a/tools/testing/selftests/kselftest_harness.h b/tools/testing/selftests/kselftest_harness.h
index 25f4d54067c0..d8bff2005dfc 100644
--- a/tools/testing/selftests/kselftest_harness.h
+++ b/tools/testing/selftests/kselftest_harness.h
@@ -54,6 +54,7 @@
#define _GNU_SOURCE
#endif
#include <asm/types.h>
+#include <ctype.h>
#include <errno.h>
#include <stdbool.h>
#include <stdint.h>
@@ -985,6 +986,127 @@ void __wait_for_test(struct __test_metadata *t)
}
}
+static void test_harness_list_tests(void)
+{
+ struct __fixture_variant_metadata *v;
+ struct __fixture_metadata *f;
+ struct __test_metadata *t;
+
+ for (f = __fixture_list; f; f = f->next) {
+ v = f->variant;
+ t = f->tests;
+
+ if (f == __fixture_list)
+ fprintf(stderr, "%-20s %-25s %s\n",
+ "# FIXTURE", "VARIANT", "TEST");
+ else
+ fprintf(stderr, "--------------------------------------------------------------------------------\n");
+
+ do {
+ fprintf(stderr, "%-20s %-25s %s\n",
+ t == f->tests ? f->name : "",
+ v ? v->name : "",
+ t ? t->name : "");
+
+ v = v ? v->next : NULL;
+ t = t ? t->next : NULL;
+ } while (v || t);
+ }
+}
+
+static int test_harness_argv_check(int argc, char **argv)
+{
+ int opt;
+
+ while ((opt = getopt(argc, argv, "hlF:f:V:v:t:T:r:")) != -1) {
+ switch (opt) {
+ case 'f':
+ case 'F':
+ case 'v':
+ case 'V':
+ case 't':
+ case 'T':
+ case 'r':
+ break;
+ case 'l':
+ test_harness_list_tests();
+ return KSFT_SKIP;
+ case 'h':
+ default:
+ fprintf(stderr,
+ "Usage: %s [-h|-l] [-t|-T|-v|-V|-f|-F|-r name]\n"
+ "\t-h print help\n"
+ "\t-l list all tests\n"
+ "\n"
+ "\t-t name include test\n"
+ "\t-T name exclude test\n"
+ "\t-v name include variant\n"
+ "\t-V name exclude variant\n"
+ "\t-f name include fixture\n"
+ "\t-F name exclude fixture\n"
+ "\t-r name run specified test\n"
+ "\n"
+ "Test filter options can be specified "
+ "multiple times. The filtering stops\n"
+ "at the first match. For example to "
+ "include all tests from variant 'bla'\n"
+ "but not test 'foo' specify '-T foo -v bla'.\n"
+ "", argv[0]);
+ return opt == 'h' ? KSFT_SKIP : KSFT_FAIL;
+ }
+ }
+
+ return KSFT_PASS;
+}
+
+static bool test_enabled(int argc, char **argv,
+ struct __fixture_metadata *f,
+ struct __fixture_variant_metadata *v,
+ struct __test_metadata *t)
+{
+ unsigned int flen = 0, vlen = 0, tlen = 0;
+ bool has_positive = false;
+ int opt;
+
+ optind = 1;
+ while ((opt = getopt(argc, argv, "F:f:V:v:t:T:r:")) != -1) {
+ has_positive |= islower(opt);
+
+ switch (tolower(opt)) {
+ case 't':
+ if (!strcmp(t->name, optarg))
+ return islower(opt);
+ break;
+ case 'f':
+ if (!strcmp(f->name, optarg))
+ return islower(opt);
+ break;
+ case 'v':
+ if (!strcmp(v->name, optarg))
+ return islower(opt);
+ break;
+ case 'r':
+ if (!tlen) {
+ flen = strlen(f->name);
+ vlen = strlen(v->name);
+ tlen = strlen(t->name);
+ }
+ if (strlen(optarg) == flen + 1 + vlen + !!vlen + tlen &&
+ !strncmp(f->name, &optarg[0], flen) &&
+ !strncmp(v->name, &optarg[flen + 1], vlen) &&
+ !strncmp(t->name, &optarg[flen + 1 + vlen + !!vlen], tlen))
+ return true;
+ break;
+ }
+ }
+
+ /*
+ * If there are no positive tests then we assume user just wants
+ * exclusions and everything else is a pass.
+ */
+ return !has_positive;
+}
+
void __run_test(struct __fixture_metadata *f,
struct __fixture_variant_metadata *variant,
struct __test_metadata *t)
@@ -1032,24 +1154,32 @@ void __run_test(struct __fixture_metadata *f,
f->name, variant->name[0] ? "." : "", variant->name, t->name);
}
-static int test_harness_run(int __attribute__((unused)) argc,
- char __attribute__((unused)) **argv)
+static int test_harness_run(int argc, char **argv)
{
struct __fixture_variant_metadata no_variant = { .name = "", };
struct __fixture_variant_metadata *v;
struct __fixture_metadata *f;
struct __test_results *results;
struct __test_metadata *t;
- int ret = 0;
+ int ret;
unsigned int case_count = 0, test_count = 0;
unsigned int count = 0;
unsigned int pass_count = 0;
+ ret = test_harness_argv_check(argc, argv);
+ if (ret != KSFT_PASS)
+ return ret;
+
for (f = __fixture_list; f; f = f->next) {
for (v = f->variant ?: &no_variant; v; v = v->next) {
- case_count++;
+ unsigned int old_tests = test_count;
+
for (t = f->tests; t; t = t->next)
- test_count++;
+ if (test_enabled(argc, argv, f, v, t))
+ test_count++;
+
+ if (old_tests != test_count)
+ case_count++;
}
}
@@ -1063,6 +1193,8 @@ static int test_harness_run(int __attribute__((unused)) argc,
for (f = __fixture_list; f; f = f->next) {
for (v = f->variant ?: &no_variant; v; v = v->next) {
for (t = f->tests; t; t = t->next) {
+ if (!test_enabled(argc, argv, f, v, t))
+ continue;
count++;
t->results = results;
__run_test(f, v, t);
--
2.37.1
The kernel.config and debug.config fragments in wireguard selftests mention
some config symbols that have been reworked:
Commit c5665868183f ("mm: kmemleak: use the memory pool for early
allocations") removes the config DEBUG_KMEMLEAK_EARLY_LOG_SIZE and since
then, the config's feature is available without further configuration.
Commit 4675ff05de2d ("kmemcheck: rip it out") removes kmemcheck and the
corresponding arch config HAVE_ARCH_KMEMCHECK. There is no need for this
config.
Commit 3bf195ae6037 ("netfilter: nat: merge nf_nat_ipv4,6 into nat core")
removes the config NF_NAT_IPV4 and since then, the config's feature is
available without further configuration.
Commit 41a2901e7d22 ("rcu: Remove SPARSE_RCU_POINTER Kconfig option")
removes the config SPARSE_RCU_POINTER and since then, the config's feature
is enabled by default.
Commit dfb4357da6dd ("time: Remove CONFIG_TIMER_STATS") removes the feature
and config CONFIG_TIMER_STATS without any replacement.
Commit 3ca17b1f3628 ("lib/ubsan: remove null-pointer checks") removes the
check and config UBSAN_NULL without any replacement.
Adjust the config fragments to those changes in configs.
Signed-off-by: Lukas Bulwahn <lukas.bulwahn(a)gmail.com>
---
tools/testing/selftests/wireguard/qemu/debug.config | 5 -----
tools/testing/selftests/wireguard/qemu/kernel.config | 1 -
2 files changed, 6 deletions(-)
diff --git a/tools/testing/selftests/wireguard/qemu/debug.config b/tools/testing/selftests/wireguard/qemu/debug.config
index 2b321b8a96cf..9d172210e2c6 100644
--- a/tools/testing/selftests/wireguard/qemu/debug.config
+++ b/tools/testing/selftests/wireguard/qemu/debug.config
@@ -18,15 +18,12 @@ CONFIG_DEBUG_VM=y
CONFIG_DEBUG_MEMORY_INIT=y
CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
CONFIG_DEBUG_STACKOVERFLOW=y
-CONFIG_HAVE_ARCH_KMEMCHECK=y
CONFIG_HAVE_ARCH_KASAN=y
CONFIG_KASAN=y
CONFIG_KASAN_INLINE=y
CONFIG_UBSAN=y
CONFIG_UBSAN_SANITIZE_ALL=y
-CONFIG_UBSAN_NULL=y
CONFIG_DEBUG_KMEMLEAK=y
-CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=8192
CONFIG_DEBUG_STACK_USAGE=y
CONFIG_DEBUG_SHIRQ=y
CONFIG_WQ_WATCHDOG=y
@@ -35,7 +32,6 @@ CONFIG_SCHED_INFO=y
CONFIG_SCHEDSTATS=y
CONFIG_SCHED_STACK_END_CHECK=y
CONFIG_DEBUG_TIMEKEEPING=y
-CONFIG_TIMER_STATS=y
CONFIG_DEBUG_PREEMPT=y
CONFIG_DEBUG_RT_MUTEXES=y
CONFIG_DEBUG_SPINLOCK=y
@@ -49,7 +45,6 @@ CONFIG_DEBUG_BUGVERBOSE=y
CONFIG_DEBUG_LIST=y
CONFIG_DEBUG_PLIST=y
CONFIG_PROVE_RCU=y
-CONFIG_SPARSE_RCU_POINTER=y
CONFIG_RCU_CPU_STALL_TIMEOUT=21
CONFIG_RCU_TRACE=y
CONFIG_RCU_EQS_DEBUG=y
diff --git a/tools/testing/selftests/wireguard/qemu/kernel.config b/tools/testing/selftests/wireguard/qemu/kernel.config
index e1858ce7003f..ce2a04717300 100644
--- a/tools/testing/selftests/wireguard/qemu/kernel.config
+++ b/tools/testing/selftests/wireguard/qemu/kernel.config
@@ -19,7 +19,6 @@ CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_NAT=y
CONFIG_NETFILTER_XT_MATCH_LENGTH=y
CONFIG_NETFILTER_XT_MARK=y
-CONFIG_NF_NAT_IPV4=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_MANGLE=y
--
2.17.1
Some kunit_tool command line arguments are missing in run_wrapper.rst.
Document them.
Reported-by: Bagas Sanjaya <bagasdotme(a)gmail.com>
Reported-by: kernel test robot <lkp(a)intel.com>
Reviewed-by: David Gow <davidgow(a)google.com>
Reviewed-by: Brendan Higgins <brendanhiggins(a)google.com>
Reviewed-by: Daniel Latypov <dlatypov(a)google.com>
Reviewed-by: Maíra Canal <mairacanal(a)riseup.net>
Signed-off-by: Sadiya Kazi <sadiyakazi(a)google.com>
---
Changes since v3:
https://lore.kernel.org/linux-kselftest/20220724184758.1723925-1-sadiyakazi…
-Fixed the indention bug in the run_wrapper.rst file. Thanks for
catching that(Kernel test robot, Bagas).
-Updated the commit message.
Changes since v2:
https://lore.kernel.org/linux-kselftest/20220721081026.1247067-1-sadiyakazi…
-Added a code block for —kconfig_add argument to make the styling consistent
-Slightly changed the words for —arch argument
-Changed QEMU to qemu wherever applicable for the cli args
-Changed the style for ``-smp 8``
-Changed "Might be repeated" to "may be repeated” for kernel_args
Changes since V1:
https://lore.kernel.org/linux-kselftest/20220719092214.995965-1-sadiyakazi@…
- Addressed most of the review comments from Maira and David, except
removing the duplicate arguments as I felt its worth keeping them in
the reference documentation as well as in context. We can improve them
and differentiate their use cases in the future patches.
---
Documentation/dev-tools/kunit/run_wrapper.rst | 63 ++++++++++++++++++-
1 file changed, 62 insertions(+), 1 deletion(-)
diff --git a/Documentation/dev-tools/kunit/run_wrapper.rst b/Documentation/dev-tools/kunit/run_wrapper.rst
index 5e560f2c5fca..cce203138fb7 100644
--- a/Documentation/dev-tools/kunit/run_wrapper.rst
+++ b/Documentation/dev-tools/kunit/run_wrapper.rst
@@ -233,7 +233,7 @@ Command-Line Arguments
======================
kunit_tool has a number of other command-line arguments which can
-be useful for our test environment. Below the most commonly used
+be useful for our test environment. Below are the most commonly used
command line arguments:
- ``--help``: Lists all available options. To list common options,
@@ -257,3 +257,64 @@ command line arguments:
added or modified. Instead, enable all tests
which have satisfied dependencies by adding
``CONFIG_KUNIT_ALL_TESTS=y`` to your ``.kunitconfig``.
+
+- ``--kunitconfig``: Specifies the path or the directory of the ``.kunitconfig``
+ file. For example:
+
+ - ``lib/kunit/.kunitconfig`` can be the path of the file.
+
+ - ``lib/kunit`` can be the directory in which the file is located.
+
+ This file is used to build and run with a predefined set of tests
+ and their dependencies. For example, to run tests for a given subsystem.
+
+- ``--kconfig_add``: Specifies additional configuration options to be
+ appended to the ``.kunitconfig`` file. For example:
+
+ .. code-block::
+
+ ./tools/testing/kunit/kunit.py run --kconfig_add CONFIG_KASAN=y
+
+- ``--arch``: Runs tests on the specified architecture. The architecture
+ argument is same as the Kbuild ARCH environment variable.
+ For example, i386, x86_64, arm, um, etc. Non-UML architectures run on qemu.
+ Default is `um`.
+
+- ``--cross_compile``: Specifies the Kbuild toolchain. It passes the
+ same argument as passed to the ``CROSS_COMPILE`` variable used by
+ Kbuild. This will be the prefix for the toolchain
+ binaries such as GCC. For example:
+
+ - ``sparc64-linux-gnu-`` if we have the sparc toolchain installed on
+ our system.
+
+ - ``$HOME/toolchains/microblaze/gcc-9.2.0-nolibc/microblaze-linux/bin/microblaze-linux``
+ if we have downloaded the microblaze toolchain from the 0-day
+ website to a specified path in our home directory called toolchains.
+
+- ``--qemu_config``: Specifies the path to a file containing a
+ custom qemu architecture definition. This should be a python file
+ containing a `QemuArchParams` object.
+
+- ``--qemu_args``: Specifies additional qemu arguments, for example, ``-smp 8``.
+
+- ``--jobs``: Specifies the number of jobs (commands) to run simultaneously.
+ By default, this is set to the number of cores on your system.
+
+- ``--timeout``: Specifies the maximum number of seconds allowed for all tests to run.
+ This does not include the time taken to build the tests.
+
+- ``--kernel_args``: Specifies additional kernel command-line arguments. May be repeated.
+
+- ``--run_isolated``: If set, boots the kernel for each individual suite/test.
+ This is useful for debugging a non-hermetic test, one that
+ might pass/fail based on what ran before it.
+
+- ``--raw_output``: If set, generates unformatted output from kernel. Possible options are:
+
+ - ``all``: To view the full kernel output, use ``--raw_output=all``.
+
+ - ``kunit``: This is the default option and filters to KUnit output. Use ``--raw_output`` or ``--raw_output=kunit``.
+
+- ``--json``: If set, stores the test results in a JSON format and prints to `stdout` or
+ saves to a file if a filename is specified.
--
2.37.1.359.gd136c6c3e2-goog
The Parameterized Testing example contains a compilation error, as the
signature for the description helper function is void(*)(const struct
sha1_test_case *, char *), and the struct is non-const. This is
warned by Clang:
error: initialization of ‘void (*)(struct sha1_test_case *, char *)’
from incompatible pointer type ‘void (*)(const struct sha1_test_case *,
char *)’ [-Werror=incompatible-pointer-types]
33 | KUNIT_ARRAY_PARAM(sha1, cases, case_to_desc);
| ^~~~~~~~~~~~
../include/kunit/test.h:1339:70: note: in definition of macro
‘KUNIT_ARRAY_PARAM’
1339 | void
(*__get_desc)(typeof(__next), char *) = get_desc; \
Signed-off-by: Maíra Canal <mairacanal(a)riseup.net>
---
v1 -> v2: https://lore.kernel.org/linux-kselftest/CABVgOSkFKJBNt-AsWmOh2Oni4QO2xdiXJi…
- Instead of changing the function signature to non-const, makes the cases
const (David Gow).
---
Documentation/dev-tools/kunit/usage.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/dev-tools/kunit/usage.rst b/Documentation/dev-tools/kunit/usage.rst
index d62a04255c2e..44158eecb51e 100644
--- a/Documentation/dev-tools/kunit/usage.rst
+++ b/Documentation/dev-tools/kunit/usage.rst
@@ -505,7 +505,7 @@ By reusing the same ``cases`` array from above, we can write the test as a
const char *str;
const char *sha1;
};
- struct sha1_test_case cases[] = {
+ const struct sha1_test_case cases[] = {
{
.str = "hello world",
.sha1 = "2aae6c35c94fcfb415dbe95f408b9ce91ee846ed",
--
2.36.1