The walk implementation of most qdisc class modules is basically the
same. That is, the values of count and skip are checked first. If count
is greater than or equal to skip, the registered fn function is
executed. Otherwise, increase the value of count. So the code can be
refactored.
The walk function is invoked during dump. Therefore, test cases related
to the tdc filter need to be added.
Add test cases locally and perform the test. The test results are listed
below:
./tdc.py -c cake
ok 1 1212 - Create CAKE with default setting
ok 2 3241 - Create CAKE with bandwidth limit
ok 3 c940 - Create CAKE with autorate-ingress flag
ok 4 2310 - Create CAKE with rtt time
ok 5 2385 - Create CAKE with besteffort flag
ok 6 a032 - Create CAKE with diffserv8 flag
ok 7 2349 - Create CAKE with diffserv4 flag
ok 8 8472 - Create CAKE with flowblind flag
ok 9 2341 - Create CAKE with dsthost and nat flag
ok 10 5134 - Create CAKE with wash flag
ok 11 2302 - Create CAKE with flowblind and no-split-gso flag
ok 12 0768 - Create CAKE with dual-srchost and ack-filter flag
ok 13 0238 - Create CAKE with dual-dsthost and ack-filter-aggressive flag
ok 14 6573 - Create CAKE with memlimit and ptm flag
ok 15 2436 - Create CAKE with fwmark and atm flag
ok 16 3984 - Create CAKE with overhead and mpu
ok 17 2342 - Create CAKE with conservative and ingress flag
ok 18 2313 - Change CAKE with mpu
ok 19 4365 - Show CAKE class
./tdc.py -c cbq
ok 1 3460 - Create CBQ with default setting
ok 2 0592 - Create CBQ with mpu
ok 3 4684 - Create CBQ with valid cell num
ok 4 4345 - Create CBQ with invalid cell num
ok 5 4525 - Create CBQ with valid ewma
ok 6 6784 - Create CBQ with invalid ewma
ok 7 5468 - Delete CBQ with handle
ok 8 492a - Show CBQ class
./tdc.py -c cbs
ok 1 1820 - Create CBS with default setting
ok 2 1532 - Create CBS with hicredit setting
ok 3 2078 - Create CBS with locredit setting
ok 4 0482 - Create CBS with sendslope setting
ok 5 e8f3 - Create CBS with multiple setting
ok 6 23c9 - Replace CBS with sendslope setting
ok 7 a07a - Change CBS with idleslope setting
ok 8 43b3 - Delete CBS with handle
ok 9 9472 - Show CBS class
./tdc.py -c drr
ok 1 0385 - Create DRR with default setting
ok 2 2375 - Delete DRR with handle
ok 3 3092 - Show DRR class
./tdc.py -c dsmark
ok 1 6345 - Create DSMARK with default setting
ok 2 3462 - Create DSMARK with default_index setting
ok 3 ca95 - Create DSMARK with set_tc_index flag
ok 4 a950 - Create DSMARK with multiple setting
ok 5 4092 - Delete DSMARK with handle
ok 6 5930 - Show DSMARK class
./tdc.py -c fq_codel
ok 1 4957 - Create FQ_CODEL with default setting
ok 2 7621 - Create FQ_CODEL with limit setting
ok 3 6872 - Create FQ_CODEL with memory_limit setting
ok 4 5636 - Create FQ_CODEL with target setting
ok 5 630a - Create FQ_CODEL with interval setting
ok 6 4324 - Create FQ_CODEL with quantum setting
ok 7 b190 - Create FQ_CODEL with noecn flag
ok 8 c9d2 - Create FQ_CODEL with ce_threshold setting
ok 9 523b - Create FQ_CODEL with multiple setting
ok 10 9283 - Replace FQ_CODEL with noecn setting
ok 11 3459 - Change FQ_CODEL with limit setting
ok 12 0128 - Delete FQ_CODEL with handle
ok 13 0435 - Show FQ_CODEL class
./tdc.py -c hfsc
ok 1 3254 - Create HFSC with default setting
ok 2 0289 - Create HFSC with class sc and ul rate setting
ok 3 846a - Create HFSC with class sc umax and dmax setting
ok 4 5413 - Create HFSC with class rt and ls rate setting
ok 5 9312 - Create HFSC with class rt umax and dmax setting
ok 6 6931 - Delete HFSC with handle
ok 7 8436 - Show HFSC class
./tdc.py -c htb
ok 1 0904 - Create HTB with default setting
ok 2 3906 - Create HTB with default-N setting
ok 3 8492 - Create HTB with r2q setting
ok 4 9502 - Create HTB with direct_qlen setting
ok 5 b924 - Create HTB with class rate and burst setting
ok 6 4359 - Create HTB with class mpu setting
ok 7 9048 - Create HTB with class prio setting
ok 8 4994 - Create HTB with class ceil setting
ok 9 9523 - Create HTB with class cburst setting
ok 10 5353 - Create HTB with class mtu setting
ok 11 346a - Create HTB with class quantum setting
ok 12 303a - Delete HTB with handle
./tdc.py -c mqprio
ok 1 9903 - Add mqprio Qdisc to multi-queue device (8 queues)
ok 2 453a - Delete nonexistent mqprio Qdisc
ok 3 5294 - Delete mqprio Qdisc twice
ok 4 45a9 - Add mqprio Qdisc to single-queue device
ok 5 2ba9 - Show mqprio class
./tdc.py -c multiq
ok 1 20ba - Add multiq Qdisc to multi-queue device (8 queues)
ok 2 9903 - List multiq Class
ok 3 7832 - Delete nonexistent multiq Qdisc
ok 4 2891 - Delete multiq Qdisc twice
ok 5 1329 - Add multiq Qdisc to single-queue device
./tdc.py -c netem
ok 1 cb28 - Create NETEM with default setting
ok 2 a089 - Create NETEM with limit flag
ok 3 3449 - Create NETEM with delay time
ok 4 3782 - Create NETEM with distribution and corrupt flag
ok 5 a932 - Create NETEM with distribution and duplicate flag
ok 6 e01a - Create NETEM with distribution and loss state flag
ok 7 ba29 - Create NETEM with loss gemodel flag
ok 8 0492 - Create NETEM with reorder flag
ok 9 7862 - Create NETEM with rate limit
ok 10 7235 - Create NETEM with multiple slot rate
ok 11 5439 - Create NETEM with multiple slot setting
ok 12 5029 - Change NETEM with loss state
ok 13 3785 - Replace NETEM with delay time
ok 14 4502 - Delete NETEM with handle
ok 15 0785 - Show NETEM class
./tdc.py -c qfq
ok 1 0582 - Create QFQ with default setting
ok 2 c9a3 - Create QFQ with class weight setting
ok 3 8452 - Create QFQ with class maxpkt setting
ok 4 d920 - Create QFQ with multiple class setting
ok 5 0548 - Delete QFQ with handle
ok 6 5901 - Show QFQ class
./tdc.py -e 0521
ok 1 0521 - Show ingress class
./tdc.py -e 1023
ok 1 1023 - Show mq class
./tdc.py -e 2410
ok 1 2410 - Show prio class
./tdc.py -e 290a
ok 1 290a - Show RED class
Zhengchao Shao (18):
net/sched: sch_api: add helper for tc qdisc walker stats dump
net/sched: use tc_qdisc_stats_dump() in qdisc
selftests/tc-testings: add selftests for cake qdisc
selftests/tc-testings: add selftests for cbq qdisc
selftests/tc-testings: add selftests for cbs qdisc
selftests/tc-testings: add selftests for drr qdisc
selftests/tc-testings: add selftests for dsmark qdisc
selftests/tc-testings: add selftests for fq_codel qdisc
selftests/tc-testings: add selftests for hfsc qdisc
selftests/tc-testings: add selftests for htb qdisc
selftests/tc-testings: add selftests for mqprio qdisc
selftests/tc-testings: add selftests for multiq qdisc
selftests/tc-testings: add selftests for netem qdisc
selftests/tc-testings: add selftests for qfq qdisc
selftests/tc-testings: add show class case for ingress qdisc
selftests/tc-testings: add show class case for mq qdisc
selftests/tc-testings: add show class case for prio qdisc
selftests/tc-testings: add show class case for red qdisc
include/net/pkt_sched.h | 13 +
net/sched/sch_atm.c | 6 +-
net/sched/sch_cake.c | 9 +-
net/sched/sch_cbq.c | 9 +-
net/sched/sch_cbs.c | 8 +-
net/sched/sch_drr.c | 9 +-
net/sched/sch_dsmark.c | 14 +-
net/sched/sch_ets.c | 9 +-
net/sched/sch_fq_codel.c | 8 +-
net/sched/sch_hfsc.c | 9 +-
net/sched/sch_htb.c | 9 +-
net/sched/sch_mq.c | 5 +-
net/sched/sch_mqprio.c | 5 +-
net/sched/sch_multiq.c | 9 +-
net/sched/sch_netem.c | 8 +-
net/sched/sch_prio.c | 9 +-
net/sched/sch_qfq.c | 9 +-
net/sched/sch_red.c | 7 +-
net/sched/sch_sfb.c | 7 +-
net/sched/sch_sfq.c | 8 +-
net/sched/sch_skbprio.c | 9 +-
net/sched/sch_taprio.c | 5 +-
net/sched/sch_tbf.c | 7 +-
.../tc-testing/tc-tests/qdiscs/cake.json | 488 ++++++++++++++++++
.../tc-testing/tc-tests/qdiscs/cbq.json | 184 +++++++
.../tc-testing/tc-tests/qdiscs/cbs.json | 234 +++++++++
.../tc-testing/tc-tests/qdiscs/drr.json | 71 +++
.../tc-testing/tc-tests/qdiscs/dsmark.json | 140 +++++
.../tc-testing/tc-tests/qdiscs/fq_codel.json | 326 ++++++++++++
.../tc-testing/tc-tests/qdiscs/hfsc.json | 167 ++++++
.../tc-testing/tc-tests/qdiscs/htb.json | 285 ++++++++++
.../tc-testing/tc-tests/qdiscs/ingress.json | 20 +
.../tc-testing/tc-tests/qdiscs/mq.json | 24 +-
.../tc-testing/tc-tests/qdiscs/mqprio.json | 114 ++++
.../tc-testing/tc-tests/qdiscs/multiq.json | 114 ++++
.../tc-testing/tc-tests/qdiscs/netem.json | 372 +++++++++++++
.../tc-testing/tc-tests/qdiscs/prio.json | 20 +
.../tc-testing/tc-tests/qdiscs/qfq.json | 145 ++++++
.../tc-testing/tc-tests/qdiscs/red.json | 23 +
39 files changed, 2770 insertions(+), 148 deletions(-)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/cake.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/cbq.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/cbs.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/drr.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/dsmark.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/fq_codel.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/hfsc.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/htb.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/mqprio.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/multiq.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/netem.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/qdiscs/qfq.json
--
2.17.1
This series fixes an output formatting issue then adds a bunch
more hwcaps to the hwcaps test. This includes the recently added
SVE EBF16 hwcap so this requires both for-next/kselftest and
for-next/sve.
Mark Brown (3):
kselftest/arm64: Add missing newline in hwcap output
kselftest/arm64: Add SVE 2 to the tested hwcaps
kselftest/arm64: Add hwcap test for RNG
tools/testing/selftests/arm64/abi/hwcap.c | 150 +++++++++++++++++++++-
1 file changed, 149 insertions(+), 1 deletion(-)
base-commit: daecb3077f330058d1c53de32d272bc23ff61a25
--
2.30.2
This series fixes similar problems in the bonding and team drivers.
Because of missing dev_{uc,mc}_unsync() calls, addresses added to
underlying devices may be leftover after the aggregated device is deleted.
Add the missing calls and a few related tests.
v2:
* fix selftest installation, see patch 3
v3:
* Split lacpdu_multicast changes to their own patch, #1
* In ndo_{add,del}_slave methods, only perform address list changes when
the aggregated device is up (patches 2 & 3)
* Add selftest function related to the above change (patch 4)
Benjamin Poirier (4):
net: bonding: Share lacpdu_mcast_addr definition
net: bonding: Unsync device addresses on ndo_stop
net: team: Unsync device addresses on ndo_stop
net: Add tests for bonding and team address list management
MAINTAINERS | 1 +
drivers/net/bonding/bond_3ad.c | 5 +-
drivers/net/bonding/bond_main.c | 57 +++++----
drivers/net/team/team.c | 24 +++-
include/net/bond_3ad.h | 2 -
include/net/bonding.h | 3 +
tools/testing/selftests/Makefile | 1 +
.../selftests/drivers/net/bonding/Makefile | 5 +-
.../selftests/drivers/net/bonding/config | 1 +
.../drivers/net/bonding/dev_addr_lists.sh | 109 ++++++++++++++++++
.../selftests/drivers/net/bonding/lag_lib.sh | 61 ++++++++++
.../selftests/drivers/net/team/Makefile | 6 +
.../testing/selftests/drivers/net/team/config | 3 +
.../drivers/net/team/dev_addr_lists.sh | 51 ++++++++
14 files changed, 297 insertions(+), 32 deletions(-)
create mode 100755 tools/testing/selftests/drivers/net/bonding/dev_addr_lists.sh
create mode 100644 tools/testing/selftests/drivers/net/bonding/lag_lib.sh
create mode 100644 tools/testing/selftests/drivers/net/team/Makefile
create mode 100644 tools/testing/selftests/drivers/net/team/config
create mode 100755 tools/testing/selftests/drivers/net/team/dev_addr_lists.sh
--
2.37.2
For this patchset, test cases of the ctinfo, gate, and xt action modules
are added to the tc-testing test suite. Also add deleting test for
connmark, ife, nat, sample and tunnel_key action modules.
After a test case is added locally, the test result is as follows:
./tdc.py -c action ctinfo
considering category action
considering category ctinfo
Test c826: Add ctinfo action with default setting
Test 0286: Add ctinfo action with dscp
Test 4938: Add ctinfo action with valid cpmark and zone
Test 7593: Add ctinfo action with drop control
Test 2961: Replace ctinfo action zone and action control
Test e567: Delete ctinfo action with valid index
Test 6a91: Delete ctinfo action with invalid index
Test 5232: List ctinfo actions
Test 7702: Flush ctinfo actions
Test 3201: Add ctinfo action with duplicate index
Test 8295: Add ctinfo action with invalid index
Test 3964: Replace ctinfo action with invalid goto_chain control
All test results:
1..12
ok 1 c826 - Add ctinfo action with default setting
ok 2 0286 - Add ctinfo action with dscp
ok 3 4938 - Add ctinfo action with valid cpmark and zone
ok 4 7593 - Add ctinfo action with drop control
ok 5 2961 - Replace ctinfo action zone and action control
ok 6 e567 - Delete ctinfo action with valid index
ok 7 6a91 - Delete ctinfo action with invalid index
ok 8 5232 - List ctinfo actions
ok 9 7702 - Flush ctinfo actions
ok 10 3201 - Add ctinfo action with duplicate index
ok 11 8295 - Add ctinfo action with invalid index
ok 12 3964 - Replace ctinfo action with invalid goto_chain control
./tdc.py -c action gate
considering category gate
considering category action
Test 5153: Add gate action with priority and sched-entry
Test 7189: Add gate action with base-time
Test a721: Add gate action with cycle-time
Test c029: Add gate action with cycle-time-ext
Test 3719: Replace gate base-time action
Test d821: Delete gate action with valid index
Test 3128: Delete gate action with invalid index
Test 7837: List gate actions
Test 9273: Flush gate actions
Test c829: Add gate action with duplicate index
Test 3043: Add gate action with invalid index
Test 2930: Add gate action with cookie
All test results:
1..12
ok 1 5153 - Add gate action with priority and sched-entry
ok 2 7189 - Add gate action with base-time
ok 3 a721 - Add gate action with cycle-time
ok 4 c029 - Add gate action with cycle-time-ext
ok 5 3719 - Replace gate base-time action
ok 6 d821 - Delete gate action with valid index
ok 7 3128 - Delete gate action with invalid index
ok 8 7837 - List gate actions
ok 9 9273 - Flush gate actions
ok 10 c829 - Add gate action with duplicate index
ok 11 3043 - Add gate action with invalid index
ok 12 2930 - Add gate action with cookie
./tdc.py -c action xt
considering category xt
considering category action
Test 2029: Add xt action with log-prefix
Test 3562: Replace xt action log-prefix
Test 8291: Delete xt action with valid index
Test 5169: Delete xt action with invalid index
Test 7284: List xt actions
Test 5010: Flush xt actions
Test 8437: Add xt action with duplicate index
Test 2837: Add xt action with invalid index
All test results:
1..8
ok 1 2029 - Add xt action with log-prefix
ok 2 3562 - Replace xt action log-prefix
ok 3 8291 - Delete xt action with valid index
ok 4 5169 - Delete xt action with invalid index
ok 5 7284 - List xt actions
ok 6 5010 - Flush xt actions
ok 7 8437 - Add xt action with duplicate index
ok 8 2837 - Add xt action with invalid index
./tdc.py -c action connmark
considering category action
considering category connmark
Test 2002: Add valid connmark action with defaults
Test 56a5: Add valid connmark action with control pass
Test 7c66: Add valid connmark action with control drop
Test a913: Add valid connmark action with control pipe
Test bdd8: Add valid connmark action with control reclassify
Test b8be: Add valid connmark action with control continue
Test d8a6: Add valid connmark action with control jump
Test aae8: Add valid connmark action with zone argument
Test 2f0b: Add valid connmark action with invalid zone argument
Test 9305: Add connmark action with unsupported argument
Test 71ca: Add valid connmark action and replace it
Test 5f8f: Add valid connmark action with cookie
Test c506: Replace connmark with invalid goto chain control
Test 6571: Delete connmark action with valid index
Test 3426: Delete connmark action with invalid index
All test results:
1..15
ok 1 2002 - Add valid connmark action with defaults
ok 2 56a5 - Add valid connmark action with control pass
ok 3 7c66 - Add valid connmark action with control drop
ok 4 a913 - Add valid connmark action with control pipe
ok 5 bdd8 - Add valid connmark action with control reclassify
ok 6 b8be - Add valid connmark action with control continue
ok 7 d8a6 - Add valid connmark action with control jump
ok 8 aae8 - Add valid connmark action with zone argument
ok 9 2f0b - Add valid connmark action with invalid zone argument
ok 10 9305 - Add connmark action with unsupported argument
ok 11 71ca - Add valid connmark action and replace it
ok 12 5f8f - Add valid connmark action with cookie
ok 13 c506 - Replace connmark with invalid goto chain control
ok 14 6571 - Delete connmark action with valid index
ok 15 3426 - Delete connmark action with invalid index
./tdc.py -c action ife
considering category action
considering category ife
Test 7682: Create valid ife encode action with mark and pass control
Test ef47: Create valid ife encode action with mark and pipe control
Test df43: Create valid ife encode action with mark and continue control
Test e4cf: Create valid ife encode action with mark and drop control
Test ccba: Create valid ife encode action with mark and reclassify control
Test a1cf: Create valid ife encode action with mark and jump control
Test cb3d: Create valid ife encode action with mark value at 32-bit
maximum
Test 1efb: Create ife encode action with mark value exceeding 32-bit
maximum
Test 95ed: Create valid ife encode action with prio and pass control
Test aa17: Create valid ife encode action with prio and pipe control
Test 74c7: Create valid ife encode action with prio and continue control
Test 7a97: Create valid ife encode action with prio and drop control
Test f66b: Create valid ife encode action with prio and reclassify control
Test 3056: Create valid ife encode action with prio and jump control
Test 7dd3: Create valid ife encode action with prio value at 32-bit
maximum
Test 2ca1: Create ife encode action with prio value exceeding 32-bit
maximum
Test 05bb: Create valid ife encode action with tcindex and pass control
Test ce65: Create valid ife encode action with tcindex and pipe control
Test 09cd: Create valid ife encode action with tcindex and continue control
Test 8eb5: Create valid ife encode action with tcindex and continue control
Test 451a: Create valid ife encode action with tcindex and drop control
Test d76c: Create valid ife encode action with tcindex and reclassify
control
Test e731: Create valid ife encode action with tcindex and jump control
Test b7b8: Create valid ife encode action with tcindex value at 16-bit
maximum
Test d0d8: Create ife encode action with tcindex value exceeding 16-bit
maximum
Test 2a9c: Create valid ife encode action with mac src parameter
Test cf5c: Create valid ife encode action with mac dst parameter
Test 2353: Create valid ife encode action with mac src and mac dst
parameters
Test 552c: Create valid ife encode action with mark and type parameters
Test 0421: Create valid ife encode action with prio and type parameters
Test 4017: Create valid ife encode action with tcindex and type parameters
Test fac3: Create valid ife encode action with index at 32-bit maximum
Test 7c25: Create valid ife decode action with pass control
Test dccb: Create valid ife decode action with pipe control
Test 7bb9: Create valid ife decode action with continue control
Test d9ad: Create valid ife decode action with drop control
Test 219f: Create valid ife decode action with reclassify control
Test 8f44: Create valid ife decode action with jump control
Test 56cf: Create ife encode action with index exceeding 32-bit maximum
Test ee94: Create ife encode action with invalid control
Test b330: Create ife encode action with cookie
Test bbc0: Create ife encode action with invalid argument
Test d54a: Create ife encode action with invalid type argument
Test 7ee0: Create ife encode action with invalid mac src argument
Test 0a7d: Create ife encode action with invalid mac dst argument
Test a0e2: Replace ife encode action with invalid goto chain control
Test a972: Delete ife encode action with valid index
Test 1272: Delete ife encode action with invalid index
All test results:
1..48
ok 1 7682 - Create valid ife encode action with mark and pass control
ok 2 ef47 - Create valid ife encode action with mark and pipe control
ok 3 df43 - Create valid ife encode action with mark and continue control
ok 4 e4cf - Create valid ife encode action with mark and drop control
ok 5 ccba - Create valid ife encode action with mark and reclassify
control
ok 6 a1cf - Create valid ife encode action with mark and jump control
ok 7 cb3d - Create valid ife encode action with mark value at 32-bit
maximum
ok 8 1efb - Create ife encode action with mark value exceeding 32-bit
maximum
ok 9 95ed - Create valid ife encode action with prio and pass control
ok 10 aa17 - Create valid ife encode action with prio and pipe control
ok 11 74c7 - Create valid ife encode action with prio and continue control
ok 12 7a97 - Create valid ife encode action with prio and drop control
ok 13 f66b - Create valid ife encode action with prio and reclassify
control
ok 14 3056 - Create valid ife encode action with prio and jump control
ok 15 7dd3 - Create valid ife encode action with prio value at 32-bit
maximum
ok 16 2ca1 - Create ife encode action with prio value exceeding 32-bit
maximum
ok 17 05bb - Create valid ife encode action with tcindex and pass control
ok 18 ce65 - Create valid ife encode action with tcindex and pipe control
ok 19 09cd - Create valid ife encode action with tcindex and continue
control
ok 20 8eb5 - Create valid ife encode action with tcindex and continue
control
ok 21 451a - Create valid ife encode action with tcindex and drop control
ok 22 d76c - Create valid ife encode action with tcindex and reclassify
control
ok 23 e731 - Create valid ife encode action with tcindex and jump control
ok 24 b7b8 - Create valid ife encode action with tcindex value at 16-bit
maximum
ok 25 d0d8 - Create ife encode action with tcindex value exceeding 16-bit
maximum
ok 26 2a9c - Create valid ife encode action with mac src parameter
ok 27 cf5c - Create valid ife encode action with mac dst parameter
ok 28 2353 - Create valid ife encode action with mac src and mac dst
parameters
ok 29 552c - Create valid ife encode action with mark and type parameters
ok 30 0421 - Create valid ife encode action with prio and type parameters
ok 31 4017 - Create valid ife encode action with tcindex and type
parameters
ok 32 fac3 - Create valid ife encode action with index at 32-bit maximum
ok 33 7c25 - Create valid ife decode action with pass control
ok 34 dccb - Create valid ife decode action with pipe control
ok 35 7bb9 - Create valid ife decode action with continue control
ok 36 d9ad - Create valid ife decode action with drop control
ok 37 219f - Create valid ife decode action with reclassify control
ok 38 8f44 - Create valid ife decode action with jump control
ok 39 56cf - Create ife encode action with index exceeding 32-bit maximum
ok 40 ee94 - Create ife encode action with invalid control
ok 41 b330 - Create ife encode action with cookie
ok 42 bbc0 - Create ife encode action with invalid argument
ok 43 d54a - Create ife encode action with invalid type argument
ok 44 7ee0 - Create ife encode action with invalid mac src argument
ok 45 0a7d - Create ife encode action with invalid mac dst argument
ok 46 a0e2 - Replace ife encode action with invalid goto chain control
ok 47 a972 - Delete ife encode action with valid index
ok 48 1272 - Delete ife encode action with invalid index
./tdc.py -c action nat
considering category action
considering category nat
Test 7565: Add nat action on ingress with default control action
Test fd79: Add nat action on ingress with pipe control action
Test eab9: Add nat action on ingress with continue control action
Test c53a: Add nat action on ingress with reclassify control action
Test 76c9: Add nat action on ingress with jump control action
Test 24c6: Add nat action on ingress with drop control action
Test 2120: Add nat action on ingress with maximum index value
Test 3e9d: Add nat action on ingress with invalid index value
Test f6c9: Add nat action on ingress with invalid IP address
Test be25: Add nat action on ingress with invalid argument
Test a7bd: Add nat action on ingress with DEFAULT IP address
Test ee1e: Add nat action on ingress with ANY IP address
Test 1de8: Add nat action on ingress with ALL IP address
Test 8dba: Add nat action on egress with default control action
Test 19a7: Add nat action on egress with pipe control action
Test f1d9: Add nat action on egress with continue control action
Test 6d4a: Add nat action on egress with reclassify control action
Test b313: Add nat action on egress with jump control action
Test d9fc: Add nat action on egress with drop control action
Test a895: Add nat action on egress with DEFAULT IP address
Test 2572: Add nat action on egress with ANY IP address
Test 37f3: Add nat action on egress with ALL IP address
Test 6054: Add nat action on egress with cookie
Test 79d6: Add nat action on ingress with cookie
Test 4b12: Replace nat action with invalid goto chain control
Test b811: Delete nat action with valid index
Test a521: Delete nat action with invalid index
All test results:
1..27
ok 1 7565 - Add nat action on ingress with default control action
ok 2 fd79 - Add nat action on ingress with pipe control action
ok 3 eab9 - Add nat action on ingress with continue control action
ok 4 c53a - Add nat action on ingress with reclassify control action
ok 5 76c9 - Add nat action on ingress with jump control action
ok 6 24c6 - Add nat action on ingress with drop control action
ok 7 2120 - Add nat action on ingress with maximum index value
ok 8 3e9d - Add nat action on ingress with invalid index value
ok 9 f6c9 - Add nat action on ingress with invalid IP address
ok 10 be25 - Add nat action on ingress with invalid argument
ok 11 a7bd - Add nat action on ingress with DEFAULT IP address
ok 12 ee1e - Add nat action on ingress with ANY IP address
ok 13 1de8 - Add nat action on ingress with ALL IP address
ok 14 8dba - Add nat action on egress with default control action
ok 15 19a7 - Add nat action on egress with pipe control action
ok 16 f1d9 - Add nat action on egress with continue control action
ok 17 6d4a - Add nat action on egress with reclassify control action
ok 18 b313 - Add nat action on egress with jump control action
ok 19 d9fc - Add nat action on egress with drop control action
ok 20 a895 - Add nat action on egress with DEFAULT IP address
ok 21 2572 - Add nat action on egress with ANY IP address
ok 22 37f3 - Add nat action on egress with ALL IP address
ok 23 6054 - Add nat action on egress with cookie
ok 24 79d6 - Add nat action on ingress with cookie
ok 25 4b12 - Replace nat action with invalid goto chain control
ok 26 b811 - Delete nat action with valid index
ok 27 a521 - Delete nat action with invalid index
./tdc.py -c action sample
considering category action
considering category sample
Test 9784: Add valid sample action with mandatory arguments
Test 5c91: Add valid sample action with mandatory arguments and continue
control action
Test 334b: Add valid sample action with mandatory arguments and drop
control action
Test da69: Add valid sample action with mandatory arguments and reclassify
control action
Test 13ce: Add valid sample action with mandatory arguments and pipe
control action
Test 1886: Add valid sample action with mandatory arguments and jump
control action
Test 7571: Add sample action with invalid rate
Test b6d4: Add sample action with mandatory arguments and invalid control
action
Test a874: Add invalid sample action without mandatory arguments
Test ac01: Add invalid sample action without mandatory argument rate
Test 4203: Add invalid sample action without mandatory argument group
Test 14a7: Add invalid sample action without mandatory argument group
Test 8f2e: Add valid sample action with trunc argument
Test 45f8: Add sample action with maximum rate argument
Test ad0c: Add sample action with maximum trunc argument
Test 83a9: Add sample action with maximum group argument
Test ed27: Add sample action with invalid rate argument
Test 2eae: Add sample action with invalid group argument
Test 6ff3: Add sample action with invalid trunc size
Test 2b2a: Add sample action with invalid index
Test dee2: Add sample action with maximum allowed index
Test 560e: Add sample action with cookie
Test 704a: Replace existing sample action with new rate argument
Test 60eb: Replace existing sample action with new group argument
Test 2cce: Replace existing sample action with new trunc argument
Test 59d1: Replace existing sample action with new control argument
Test 0a6e: Replace sample action with invalid goto chain control
Test 3872: Delete sample action with valid index
Test a394: Delete sample action with invalid index
All test results:
1..29
ok 1 9784 - Add valid sample action with mandatory arguments
ok 2 5c91 - Add valid sample action with mandatory arguments and continue
control action
ok 3 334b - Add valid sample action with mandatory arguments and drop
control action
ok 4 da69 - Add valid sample action with mandatory arguments and
reclassify control action
ok 5 13ce - Add valid sample action with mandatory arguments and pipe
control action
ok 6 1886 - Add valid sample action with mandatory arguments and jump
control action
ok 7 7571 - Add sample action with invalid rate
ok 8 b6d4 - Add sample action with mandatory arguments and invalid control
action
ok 9 a874 - Add invalid sample action without mandatory arguments
ok 10 ac01 - Add invalid sample action without mandatory argument rate
ok 11 4203 - Add invalid sample action without mandatory argument group
ok 12 14a7 - Add invalid sample action without mandatory argument group
ok 13 8f2e - Add valid sample action with trunc argument
ok 14 45f8 - Add sample action with maximum rate argument
ok 15 ad0c - Add sample action with maximum trunc argument
ok 16 83a9 - Add sample action with maximum group argument
ok 17 ed27 - Add sample action with invalid rate argument
ok 18 2eae - Add sample action with invalid group argument
ok 19 6ff3 - Add sample action with invalid trunc size
ok 20 2b2a - Add sample action with invalid index
ok 21 dee2 - Add sample action with maximum allowed index
ok 22 560e - Add sample action with cookie
ok 23 704a - Replace existing sample action with new rate argument
ok 24 60eb - Replace existing sample action with new group argument
ok 25 2cce - Replace existing sample action with new trunc argument
ok 26 59d1 - Replace existing sample action with new control argument
ok 27 0a6e - Replace sample action with invalid goto chain control
ok 28 3872 - Delete sample action with valid index
ok 29 a394 - Delete sample action with invalid index
./tdc.py -c action tunnel_key
considering category tunnel_key
considering category action
Test 2b11: Add tunnel_key set action with mandatory parameters
Test dc6b: Add tunnel_key set action with missing mandatory src_ip
parameter
Test 7f25: Add tunnel_key set action with missing mandatory dst_ip
parameter
Test a5e0: Add tunnel_key set action with invalid src_ip parameter
Test eaa8: Add tunnel_key set action with invalid dst_ip parameter
Test 3b09: Add tunnel_key set action with invalid id parameter
Test 9625: Add tunnel_key set action with invalid dst_port parameter
Test 05af: Add tunnel_key set action with optional dst_port parameter
Test da80: Add tunnel_key set action with index at 32-bit maximum
Test d407: Add tunnel_key set action with index exceeding 32-bit maximum
Test 5cba: Add tunnel_key set action with id value at 32-bit maximum
Test e84a: Add tunnel_key set action with id value exceeding 32-bit
maximum
Test 9c19: Add tunnel_key set action with dst_port value at 16-bit maximum
Test 3bd9: Add tunnel_key set action with dst_port value exceeding 16-bit
maximum
Test 68e2: Add tunnel_key unset action
Test 6192: Add tunnel_key unset continue action
Test 061d: Add tunnel_key set continue action with cookie
Test 8acb: Add tunnel_key set continue action with invalid cookie
Test a07e: Add tunnel_key action with no set/unset command specified
Test b227: Add tunnel_key action with csum option
Test 58a7: Add tunnel_key action with nocsum option
Test 2575: Add tunnel_key action with not-supported parameter
Test 7a88: Add tunnel_key action with cookie parameter
Test 4f20: Add tunnel_key action with a single geneve option parameter
Test e33d: Add tunnel_key action with multiple geneve options parameter
Test 0778: Add tunnel_key action with invalid class geneve option
parameter
Test 4ae8: Add tunnel_key action with invalid type geneve option parameter
Test 4039: Add tunnel_key action with short data length geneve option
parameter
Test 26a6: Add tunnel_key action with non-multiple of 4 data length geneve
option parameter
Test f44d: Add tunnel_key action with incomplete geneve options parameter
Test 7afc: Replace tunnel_key set action with all parameters
Test 364d: Replace tunnel_key set action with all parameters and cookie
Test 937c: Fetch all existing tunnel_key actions
Test 6783: Flush all existing tunnel_key actions
Test 8242: Replace tunnel_key set action with invalid goto chain
Test 0cd2: Add tunnel_key set action with no_percpu flag
Test 3671: Delete tunnel_key set action with valid index
Test 8597: Delete tunnel_key set action with invalid index
All test results:
1..38
ok 1 2b11 - Add tunnel_key set action with mandatory parameters
ok 2 dc6b - Add tunnel_key set action with missing mandatory src_ip
parameter
ok 3 7f25 - Add tunnel_key set action with missing mandatory dst_ip
parameter
ok 4 a5e0 - Add tunnel_key set action with invalid src_ip parameter
ok 5 eaa8 - Add tunnel_key set action with invalid dst_ip parameter
ok 6 3b09 - Add tunnel_key set action with invalid id parameter
ok 7 9625 - Add tunnel_key set action with invalid dst_port parameter
ok 8 05af - Add tunnel_key set action with optional dst_port parameter
ok 9 da80 - Add tunnel_key set action with index at 32-bit maximum
ok 10 d407 - Add tunnel_key set action with index exceeding 32-bit maximum
ok 11 5cba - Add tunnel_key set action with id value at 32-bit maximum
ok 12 e84a - Add tunnel_key set action with id value exceeding 32-bit
maximum
ok 13 9c19 - Add tunnel_key set action with dst_port value at 16-bit
maximum
ok 14 3bd9 - Add tunnel_key set action with dst_port value exceeding
16-bit maximum
ok 15 68e2 - Add tunnel_key unset action
ok 16 6192 - Add tunnel_key unset continue action
ok 17 061d - Add tunnel_key set continue action with cookie
ok 18 8acb - Add tunnel_key set continue action with invalid cookie
ok 19 a07e - Add tunnel_key action with no set/unset command specified
ok 20 b227 - Add tunnel_key action with csum option
ok 21 58a7 - Add tunnel_key action with nocsum option
ok 22 2575 - Add tunnel_key action with not-supported parameter
ok 23 7a88 - Add tunnel_key action with cookie parameter
ok 24 4f20 - Add tunnel_key action with a single geneve option parameter
ok 25 e33d - Add tunnel_key action with multiple geneve options parameter
ok 26 0778 - Add tunnel_key action with invalid class geneve option
parameter
ok 27 4ae8 - Add tunnel_key action with invalid type geneve option
parameter
ok 28 4039 - Add tunnel_key action with short data length geneve option
parameter
ok 29 26a6 - Add tunnel_key action with non-multiple of 4 data length
geneve option parameter
ok 30 f44d - Add tunnel_key action with incomplete geneve options
parameter
ok 31 7afc - Replace tunnel_key set action with all parameters
ok 32 364d - Replace tunnel_key set action with all parameters and cookie
ok 33 937c - Fetch all existing tunnel_key actions
ok 34 6783 - Flush all existing tunnel_key actions
ok 35 8242 - Replace tunnel_key set action with invalid goto chain
ok 36 0cd2 - Add tunnel_key set action with no_percpu flag
ok 37 3671 - Delete tunnel_key set action with valid index
ok 38 8597 - Delete tunnel_key set action with invalid index
Zhengchao Shao (8):
selftests/tc-testings: add selftests for ctinfo action
selftests/tc-testings: add selftests for gate action
selftests/tc-testings: add selftests for xt action
selftests/tc-testings: add connmark action deleting test case
selftests/tc-testings: add ife action deleting test case
selftests/tc-testings: add nat action deleting test case
selftests/tc-testings: add sample action deleting test case
selftests/tc-testings: add tunnel_key action deleting test case
.../tc-testing/tc-tests/actions/connmark.json | 50 +++
.../tc-testing/tc-tests/actions/ctinfo.json | 316 ++++++++++++++++++
.../tc-testing/tc-tests/actions/gate.json | 315 +++++++++++++++++
.../tc-testing/tc-tests/actions/ife.json | 50 +++
.../tc-testing/tc-tests/actions/nat.json | 50 +++
.../tc-testing/tc-tests/actions/sample.json | 50 +++
.../tc-tests/actions/tunnel_key.json | 50 +++
.../tc-testing/tc-tests/actions/xt.json | 219 ++++++++++++
8 files changed, 1100 insertions(+)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/actions/ctinfo.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/actions/gate.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/actions/xt.json
--
2.17.1
Hi All,
Intel's Trust Domain Extensions (TDX) protect guest VMs from malicious
hosts and some physical attacks. VM guest with TDX support is called
as a TDX Guest.
In TDX guest, attestation process is used to verify the TDX guest
trustworthiness to other entities before provisioning secrets to the
guest. For example, a key server may request for attestation before
releasing the encryption keys to mount the encrypted rootfs or
secondary drive.
This patch set adds attestation support for the TDX guest. Details
about the TDX attestation process and the steps involved are explained
in the commit log of Patch 1/3 or in Documentation/x86/tdx.rst (added
by patch 3/3).
Following are the details of the patch set:
Patch 1/3 -> Adds TDREPORT support.
Patch 2/3 -> Adds selftest support for TDREPORT feature.
Patch 3/3 -> Add attestation related documentation.
Commit log history is maintained in the individual patches.
Kuppuswamy Sathyanarayanan (3):
x86/tdx: Add TDX Guest attestation interface driver
selftests: tdx: Test TDX attestation GetReport support
Documentation/x86: Document TDX attestation process
Documentation/x86/tdx.rst | 75 +++++++++
arch/x86/coco/tdx/tdx.c | 115 +++++++++++++
arch/x86/include/uapi/asm/tdx.h | 56 +++++++
tools/arch/x86/include/uapi/asm/tdx.h | 56 +++++++
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/tdx/Makefile | 11 ++
tools/testing/selftests/tdx/config | 1 +
tools/testing/selftests/tdx/tdx_attest_test.c | 157 ++++++++++++++++++
8 files changed, 472 insertions(+)
create mode 100644 arch/x86/include/uapi/asm/tdx.h
create mode 100644 tools/arch/x86/include/uapi/asm/tdx.h
create mode 100644 tools/testing/selftests/tdx/Makefile
create mode 100644 tools/testing/selftests/tdx/config
create mode 100644 tools/testing/selftests/tdx/tdx_attest_test.c
--
2.34.1
The walk implementation of most tc cls modules is basically the same.
That is, the values of count and skip are checked first. If count is
greater than or equal to skip, the registered fn function is executed.
Otherwise, increase the value of count. So the code can be refactored.
Then use helper function to replace the code of each cls module in
alphabetical order.
The walk function is invoked during dump. Therefore, test cases related
to the tdc filter need to be added.
Last, thanks to Jamal and Victor for their review.
Add test cases locally and perform the test. The test results are listed
below:
./tdc.py -e 0811
ok 1 0811 - Add multiple basic filter with cmp ematch u8/link layer and
default action and dump them
./tdc.py -e 5129
ok 1 5129 - List basic filters
./tdc.py -c bpf-filter
ok 1 23c3 - Add cBPF filter with valid bytecode
ok 2 1563 - Add cBPF filter with invalid bytecode
ok 3 2334 - Add eBPF filter with valid object-file
ok 4 2373 - Add eBPF filter with invalid object-file
ok 5 4423 - Replace cBPF bytecode
ok 6 5122 - Delete cBPF filter
ok 7 e0a9 - List cBPF filters
./tdc.py -c cgroup
ok 1 6273 - Add cgroup filter with cmp ematch u8/link layer and drop
action
ok 2 4721 - Add cgroup filter with cmp ematch u8/link layer with trans
flag and pass action
ok 3 d392 - Add cgroup filter with cmp ematch u16/link layer and pipe
action
ok 4 0234 - Add cgroup filter with cmp ematch u32/link layer and miltiple
actions
ok 5 8499 - Add cgroup filter with cmp ematch u8/network layer and pass
action
ok 6 b273 - Add cgroup filter with cmp ematch u8/network layer with trans
flag and drop action
ok 7 1934 - Add cgroup filter with cmp ematch u16/network layer and pipe
action
ok 8 2733 - Add cgroup filter with cmp ematch u32/network layer and
miltiple actions
ok 9 3271 - Add cgroup filter with NOT cmp ematch rule and pass action
ok 10 2362 - Add cgroup filter with two ANDed cmp ematch rules and single
action
ok 11 9993 - Add cgroup filter with two ORed cmp ematch rules and single
action
ok 12 2331 - Add cgroup filter with two ANDed cmp ematch rules and one
ORed ematch rule and single action
ok 13 3645 - Add cgroup filter with two ANDed cmp ematch rules and one
NOT ORed ematch rule and single action
ok 14 b124 - Add cgroup filter with u32 ematch u8/zero offset and drop
action
ok 15 7381 - Add cgroup filter with u32 ematch u8/zero offset and invalid
value >0xFF
ok 16 2231 - Add cgroup filter with u32 ematch u8/positive offset and
drop action
ok 17 1882 - Add cgroup filter with u32 ematch u8/invalid mask >0xFF
ok 18 1237 - Add cgroup filter with u32 ematch u8/missing offset
ok 19 3812 - Add cgroup filter with u32 ematch u8/missing AT keyword
ok 20 1112 - Add cgroup filter with u32 ematch u8/missing value
ok 21 3241 - Add cgroup filter with u32 ematch u8/non-numeric value
ok 22 e231 - Add cgroup filter with u32 ematch u8/non-numeric mask
ok 23 4652 - Add cgroup filter with u32 ematch u8/negative offset and
pass action
ok 24 1331 - Add cgroup filter with u32 ematch u16/zero offset and pipe
action
ok 25 e354 - Add cgroup filter with u32 ematch u16/zero offset and
invalid value >0xFFFF
ok 26 3538 - Add cgroup filter with u32 ematch u16/positive offset and
drop action
ok 27 4576 - Add cgroup filter with u32 ematch u16/invalid mask >0xFFFF
ok 28 b842 - Add cgroup filter with u32 ematch u16/missing offset
ok 29 c924 - Add cgroup filter with u32 ematch u16/missing AT keyword
ok 30 cc93 - Add cgroup filter with u32 ematch u16/missing value
ok 31 123c - Add cgroup filter with u32 ematch u16/non-numeric value
ok 32 3675 - Add cgroup filter with u32 ematch u16/non-numeric mask
ok 33 1123 - Add cgroup filter with u32 ematch u16/negative offset and
drop action
ok 34 4234 - Add cgroup filter with u32 ematch u16/nexthdr+ offset and
pass action
ok 35 e912 - Add cgroup filter with u32 ematch u32/zero offset and pipe
action
ok 36 1435 - Add cgroup filter with u32 ematch u32/positive offset and
drop action
ok 37 1282 - Add cgroup filter with u32 ematch u32/missing offset
ok 38 6456 - Add cgroup filter with u32 ematch u32/missing AT keyword
ok 39 4231 - Add cgroup filter with u32 ematch u32/missing value
ok 40 2131 - Add cgroup filter with u32 ematch u32/non-numeric value
ok 41 f125 - Add cgroup filter with u32 ematch u32/non-numeric mask
ok 42 4316 - Add cgroup filter with u32 ematch u32/negative offset and
drop action
ok 43 23ae - Add cgroup filter with u32 ematch u32/nexthdr+ offset and
pipe action
ok 44 23a1 - Add cgroup filter with canid ematch and single SFF
ok 45 324f - Add cgroup filter with canid ematch and single SFF with mask
ok 46 2576 - Add cgroup filter with canid ematch and multiple SFF
ok 47 4839 - Add cgroup filter with canid ematch and multiple SFF with
masks
ok 48 6713 - Add cgroup filter with canid ematch and single EFF
ok 49 4572 - Add cgroup filter with canid ematch and single EFF with mask
ok 50 8031 - Add cgroup filter with canid ematch and multiple EFF
ok 51 ab9d - Add cgroup filter with canid ematch and multiple EFF with
masks
ok 52 5349 - Add cgroup filter with canid ematch and a combination of
SFF/EFF
ok 53 c934 - Add cgroup filter with canid ematch and a combination of
SFF/EFF with masks
ok 54 4319 - Replace cgroup filter with diffferent match
ok 55 4636 - Detele cgroup filter
./tdc.py -c flow
ok 1 5294 - Add flow filter with map key and ops
ok 2 3514 - Add flow filter with map key or ops
ok 3 7534 - Add flow filter with map key xor ops
ok 4 4524 - Add flow filter with map key rshift ops
ok 5 0230 - Add flow filter with map key addend ops
ok 6 2344 - Add flow filter with src map key
ok 7 9304 - Add flow filter with proto map key
ok 8 9038 - Add flow filter with proto-src map key
ok 9 2a03 - Add flow filter with proto-dst map key
ok 10 a073 - Add flow filter with iif map key
ok 11 3b20 - Add flow filter with priority map key
ok 12 8945 - Add flow filter with mark map key
ok 13 c034 - Add flow filter with nfct map key
ok 14 0205 - Add flow filter with nfct-src map key
ok 15 5315 - Add flow filter with nfct-src map key
ok 16 7849 - Add flow filter with nfct-proto-src map key
ok 17 9902 - Add flow filter with nfct-proto-dst map key
ok 18 6742 - Add flow filter with rt-classid map key
ok 19 5432 - Add flow filter with sk-uid map key
ok 20 4234 - Add flow filter with sk-gid map key
ok 21 4522 - Add flow filter with vlan-tag map key
ok 22 4253 - Add flow filter with rxhash map key
ok 23 4452 - Add flow filter with hash key list
ok 24 4341 - Add flow filter with muliple ops
ok 25 4392 - List flow filters
ok 26 4322 - Change flow filter with map key num
ok 27 2320 - Replace flow filter with map key num
ok 28 3213 - Delete flow filter with map key num
./tdc.py -c route
ok 1 e122 - Add route filter with from and to tag
ok 2 6573 - Add route filter with fromif and to tag
ok 3 1362 - Add route filter with to flag and reclassify action
ok 4 4720 - Add route filter with from flag and continue actions
ok 5 2812 - Add route filter with form tag and pipe action
ok 6 7994 - Add route filter with miltiple actions
ok 7 4312 - List route filters
ok 8 2634 - Delete route filter with pipe action
./tdc.py -c rsvp
ok 1 2141 - Add rsvp filter with tcp proto and specific IP address
ok 2 5267 - Add rsvp filter with udp proto and specific IP address
ok 3 2819 - Add rsvp filter with src ip and src port
ok 4 c967 - Add rsvp filter with tunnelid and continue action
ok 5 5463 - Add rsvp filter with tunnel and pipe action
ok 6 2332 - Add rsvp filter with miltiple actions
ok 7 8879 - Add rsvp filter with tunnel and skp flag
ok 8 8261 - List rsvp filters
ok 9 8989 - Delete rsvp filter
./tdc.py -c tcindex
ok 1 8293 - Add tcindex filter with default action
ok 2 7281 - Add tcindex filter with hash size and pass action
ok 3 b294 - Add tcindex filter with mask shift and reclassify action
ok 4 0532 - Add tcindex filter with pass_on and continue actions
ok 5 d473 - Add tcindex filter with pipe action
ok 6 2940 - Add tcindex filter with miltiple actions
ok 7 1893 - List tcindex filters
ok 8 2041 - Change tcindex filter with pass action
ok 9 9203 - Replace tcindex filter with pass action
ok 10 7957 - Delete tcindex filter with drop action
---
v3: Modify the test case format alignment
v2: rectify spelling error; The category name bpf in filters file
is renamed to bpf-filter
---
Zhengchao Shao (9):
net/sched: cls_api: add helper for tc cls walker stats updating
net/sched: use tc_cls_stats_update() in filter
selftests/tc-testings: add selftests for bpf filter
selftests/tc-testings: add selftests for cgroup filter
selftests/tc-testings: add selftests for flow filter
selftests/tc-testings: add selftests for route filter
selftests/tc-testings: add selftests for rsvp filter
selftests/tc-testings: add selftests for tcindex filter
selftests/tc-testings: add list case for basic filter
include/net/pkt_cls.h | 13 +
net/sched/cls_basic.c | 9 +-
net/sched/cls_bpf.c | 8 +-
net/sched/cls_flow.c | 8 +-
net/sched/cls_fw.c | 9 +-
net/sched/cls_route.c | 9 +-
net/sched/cls_rsvp.h | 9 +-
net/sched/cls_tcindex.c | 18 +-
net/sched/cls_u32.c | 20 +-
.../tc-testing/tc-tests/filters/basic.json | 47 +
.../tc-testing/tc-tests/filters/bpf.json | 171 +++
.../tc-testing/tc-tests/filters/cgroup.json | 1236 +++++++++++++++++
.../tc-testing/tc-tests/filters/flow.json | 623 +++++++++
.../tc-testing/tc-tests/filters/route.json | 181 +++
.../tc-testing/tc-tests/filters/rsvp.json | 203 +++
.../tc-testing/tc-tests/filters/tcindex.json | 227 +++
16 files changed, 2716 insertions(+), 75 deletions(-)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/bpf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/cgroup.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/flow.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/route.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/rsvp.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/tcindex.json
--
2.17.1
This series allows privileged Netlink operations from user namespaces. When a
non-root user configures MPTCP endpoints, the memory allocation is now accounted
to this user. See patches 4 and 5.
Apart from that, there are some cleanup:
- Patch 1 adds a macro to improve code readability
- Patch 2 regroups similar checks all together
- Patch 3 uses an explicit boolean instead of a counter to do one more check
Geliang Tang (2):
selftests: mptcp: move prefix tests of addr_nr_ns2 together
mptcp: add do_check_data_fin to replace copied
Matthieu Baerts (1):
mptcp: add mptcp_for_each_subflow_safe helper
Thomas Haller (2):
mptcp: allow privileged operations from user namespaces
mptcp: account memory allocation in mptcp_nl_cmd_add_addr() to user
net/mptcp/pm_netlink.c | 22 +++++++++----------
net/mptcp/protocol.c | 13 ++++++-----
net/mptcp/protocol.h | 2 ++
.../testing/selftests/net/mptcp/mptcp_join.sh | 10 ++++-----
4 files changed, 24 insertions(+), 23 deletions(-)
base-commit: 03fdb11da92fde0bdc0b6e9c1c642b7414d49e8d
--
2.37.2
Dear
Is the below mail from you?
-----
Dzień dobry,
dostrzegam możliwość współpracy z Państwa firmą.
Świadczymy kompleksową obsługę inwestycji w fotowoltaikę, która obniża koszty energii elektrycznej nawet o 90%.
Czy są Państwo zainteresowani weryfikacją wstępnych propozycji?
Pozdrawiam,
Norbert Karecki
----
Raj
Manager - Engineering and Projects
[cid:image001.png@01D8C8E0.52373950]
Jebel Ali Industrial Area 3, P.O.Box 51328, Dubai, UAE.
Ph: +9714-8997900 Fax: +9714-8841589 Mob: +971-56-3656857
www.tristar-group.co<http://www.tristar-group.co/>
This email and any attachments may contain confidential information. If you have received them in error, please delete them and contact Tristar. If the content of this e-mail does not relate to Tristar's business, Tristar does not endorse it. You should check attachments for virus before opening. Tristar Transport is a limited liability company incorporated in the UAE.
The walk implementation of most tc cls modules is basically the same.
That is, the values of count and skip are checked first. If count is
greater than or equal to skip, the registered fn function is executed.
Otherwise, increase the value of count. So the code can be refactored.
Then use helper function to replace the code of each cls module in
alphabetical order.
The walk function is invoked during dump. Therefore, test cases related
to the tdc filter need to be added.
Add test cases locally and perform the test. The test results are listed
below:
./tdc.py -e 0811
ok 1 0811 - Add multiple basic filter with cmp ematch u8/link layer and
default action and dump them
./tdc.py -e 5129
ok 1 5129 - List basic filters
./tdc.py -c filters bpf
ok 13 23c3 - Add cBPF filter with valid bytecode
ok 14 1563 - Add cBPF filter with invalid bytecode
ok 15 2334 - Add eBPF filter with valid object-file
ok 16 2373 - Add eBPF filter with invalid object-file
ok 17 4423 - Replace cBPF bytecode
ok 18 5122 - Delete cBPF filter
ok 19 e0a9 - List cBPF filters
./tdc.py -c filters cgroup
ok 1 6273 - Add cgroup filter with cmp ematch u8/link layer and drop
action
ok 2 4721 - Add cgroup filter with cmp ematch u8/link layer with trans
flag and pass action
ok 3 d392 - Add cgroup filter with cmp ematch u16/link layer and pipe
action
ok 4 0234 - Add cgroup filter with cmp ematch u32/link layer and miltiple
actions
ok 5 8499 - Add cgroup filter with cmp ematch u8/network layer and pass
action
ok 6 b273 - Add cgroup filter with cmp ematch u8/network layer with trans
flag and drop action
ok 7 1934 - Add cgroup filter with cmp ematch u16/network layer and pipe
action
ok 8 2733 - Add cgroup filter with cmp ematch u32/network layer and
miltiple actions
ok 9 3271 - Add cgroup filter with NOT cmp ematch rule and pass action
ok 10 2362 - Add cgroup filter with two ANDed cmp ematch rules and single
action
ok 11 9993 - Add cgroup filter with two ORed cmp ematch rules and single
action
ok 12 2331 - Add cgroup filter with two ANDed cmp ematch rules and one
ORed ematch rule and single action
ok 13 3645 - Add cgroup filter with two ANDed cmp ematch rules and one
NOT ORed ematch rule and single action
ok 14 b124 - Add cgroup filter with u32 ematch u8/zero offset and drop
action
ok 15 7381 - Add cgroup filter with u32 ematch u8/zero offset and invalid
value >0xFF
ok 16 2231 - Add cgroup filter with u32 ematch u8/positive offset and
drop action
ok 17 1882 - Add cgroup filter with u32 ematch u8/invalid mask >0xFF
ok 18 1237 - Add cgroup filter with u32 ematch u8/missing offset
ok 19 3812 - Add cgroup filter with u32 ematch u8/missing AT keyword
ok 20 1112 - Add cgroup filter with u32 ematch u8/missing value
ok 21 3241 - Add cgroup filter with u32 ematch u8/non-numeric value
ok 22 e231 - Add cgroup filter with u32 ematch u8/non-numeric mask
ok 23 4652 - Add cgroup filter with u32 ematch u8/negative offset and
pass action
ok 24 1331 - Add cgroup filter with u32 ematch u16/zero offset and pipe
action
ok 25 e354 - Add cgroup filter with u32 ematch u16/zero offset and
invalid value >0xFFFF
ok 26 3538 - Add cgroup filter with u32 ematch u16/positive offset and
drop action
ok 27 4576 - Add cgroup filter with u32 ematch u16/invalid mask >0xFFFF
ok 28 b842 - Add cgroup filter with u32 ematch u16/missing offset
ok 29 c924 - Add cgroup filter with u32 ematch u16/missing AT keyword
ok 30 cc93 - Add cgroup filter with u32 ematch u16/missing value
ok 31 123c - Add cgroup filter with u32 ematch u16/non-numeric value
ok 32 3675 - Add cgroup filter with u32 ematch u16/non-numeric mask
ok 33 1123 - Add cgroup filter with u32 ematch u16/negative offset and
drop action
ok 34 4234 - Add cgroup filter with u32 ematch u16/nexthdr+ offset and
pass action
ok 35 e912 - Add cgroup filter with u32 ematch u32/zero offset and pipe
action
ok 36 1435 - Add cgroup filter with u32 ematch u32/positive offset and
drop action
ok 37 1282 - Add cgroup filter with u32 ematch u32/missing offset
ok 38 6456 - Add cgroup filter with u32 ematch u32/missing AT keyword
ok 39 4231 - Add cgroup filter with u32 ematch u32/missing value
ok 40 2131 - Add cgroup filter with u32 ematch u32/non-numeric value
ok 41 f125 - Add cgroup filter with u32 ematch u32/non-numeric mask
ok 42 4316 - Add cgroup filter with u32 ematch u32/negative offset and
drop action
ok 43 23ae - Add cgroup filter with u32 ematch u32/nexthdr+ offset and
pipe action
ok 44 23a1 - Add cgroup filter with canid ematch and single SFF
ok 45 324f - Add cgroup filter with canid ematch and single SFF with mask
ok 46 2576 - Add cgroup filter with canid ematch and multiple SFF
ok 47 4839 - Add cgroup filter with canid ematch and multiple SFF with
masks
ok 48 6713 - Add cgroup filter with canid ematch and single EFF
ok 49 4572 - Add cgroup filter with canid ematch and single EFF with mask
ok 50 8031 - Add cgroup filter with canid ematch and multiple EFF
ok 51 ab9d - Add cgroup filter with canid ematch and multiple EFF with
masks
ok 52 5349 - Add cgroup filter with canid ematch and a combination of
SFF/EFF
ok 53 c934 - Add cgroup filter with canid ematch and a combination of
SFF/EFF with masks
ok 54 4319 - Replace cgroup filter with diffferent match
ok 55 4636 - Detele cgroup filter
./tdc.py -c filters flow
ok 1 5294 - Add flow filter with map key and ops
ok 2 3514 - Add flow filter with map key or ops
ok 3 7534 - Add flow filter with map key xor ops
ok 4 4524 - Add flow filter with map key rshift ops
ok 5 0230 - Add flow filter with map key addend ops
ok 6 2344 - Add flow filter with src map key
ok 7 9304 - Add flow filter with proto map key
ok 8 9038 - Add flow filter with proto-src map key
ok 9 2a03 - Add flow filter with proto-dst map key
ok 10 a073 - Add flow filter with iif map key
ok 11 3b20 - Add flow filter with priority map key
ok 12 8945 - Add flow filter with mark map key
ok 13 c034 - Add flow filter with nfct map key
ok 14 0205 - Add flow filter with nfct-src map key
ok 15 5315 - Add flow filter with nfct-src map key
ok 16 7849 - Add flow filter with nfct-proto-src map key
ok 17 9902 - Add flow filter with nfct-proto-dst map key
ok 18 6742 - Add flow filter with rt-classid map key
ok 19 5432 - Add flow filter with sk-uid map key
ok 20 4234 - Add flow filter with sk-gid map key
ok 21 4522 - Add flow filter with vlan-tag map key
ok 22 4253 - Add flow filter with rxhash map key
ok 23 4452 - Add flow filter with hash key list
ok 24 4341 - Add flow filter with muliple ops
ok 25 4322 - List flow filters
ok 26 2320 - Replace flow filter with map key num
ok 27 3213 - Delete flow filter with map key num
./tdc.py -c filters route
ok 1 e122 - Add route filter with from and to tag
ok 2 6573 - Add route filter with fromif and to tag
ok 3 1362 - Add route filter with to flag and reclassify action
ok 4 4720 - Add route filter with from flag and continue actions
ok 5 2812 - Add route filter with form tag and pipe action
ok 6 7994 - Add route filter with miltiple actions
ok 7 4312 - List route filters
ok 8 2634 - Delete route filters with pipe action
./tdc.py -c filters rsvp
ok 1 2141 - Add rsvp filter with tcp proto and specific IP address
ok 2 5267 - Add rsvp filter with udp proto and specific IP address
ok 3 2819 - Add rsvp filter with src ip and src port
ok 4 c967 - Add rsvp filter with tunnelid and continue action
ok 5 5463 - Add rsvp filter with tunnel and pipe action
ok 6 2332 - Add rsvp filter with miltiple actions
ok 7 8879 - Add rsvp filter with tunnel and skp flag
ok 8 8261 - List rsvp filters
ok 9 8989 - Delete rsvp filters
./tdc.py -c filters tcindex
ok 1 8293 - Add tcindex filter with default action
ok 2 7281 - Add tcindex filter with hash size and pass action
ok 3 b294 - Add tcindex filter with mask shift and reclassify action
ok 4 0532 - Add tcindex filter with pass_on and continue actions
ok 5 d473 - Add tcindex filter with pipe action
ok 6 2940 - Add tcindex filter with miltiple actions
ok 7 1893 - List tcindex filters
ok 8 2041 - Change tcindex filters with pass action
ok 9 9203 - Replace tcindex filters with pass action
ok 10 7957 - Delete tcindex filters with drop action
Zhengchao Shao (9):
net/sched: cls_api: add helper for tc cls walker stats updating
net/sched: use tc_cls_stats_update() in filter
selftests/tc-testings: add selftests for bpf filter
selftests/tc-testings: add selftests for cgroup filter
selftests/tc-testings: add selftests for flow filter
selftests/tc-testings: add selftests for route filter
selftests/tc-testings: add selftests for rsvp filter
selftests/tc-testings: add selftests for tcindex filter
selftests/tc-testings: add list case for basic filter
include/net/pkt_cls.h | 13 +
net/sched/cls_basic.c | 9 +-
net/sched/cls_bpf.c | 8 +-
net/sched/cls_flow.c | 8 +-
net/sched/cls_fw.c | 9 +-
net/sched/cls_route.c | 9 +-
net/sched/cls_rsvp.h | 9 +-
net/sched/cls_tcindex.c | 18 +-
net/sched/cls_u32.c | 20 +-
.../tc-testing/tc-tests/filters/basic.json | 47 +
.../tc-testing/tc-tests/filters/bpf.json | 171 +++
.../tc-testing/tc-tests/filters/cgroup.json | 1236 +++++++++++++++++
.../tc-testing/tc-tests/filters/flow.json | 623 +++++++++
.../tc-testing/tc-tests/filters/route.json | 181 +++
.../tc-testing/tc-tests/filters/rsvp.json | 203 +++
.../tc-testing/tc-tests/filters/tcindex.json | 227 +++
16 files changed, 2716 insertions(+), 75 deletions(-)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/bpf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/cgroup.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/flow.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/route.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/rsvp.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/tcindex.json
--
2.17.1
The walk implementation of most tc cls modules is basically the same.
That is, the values of count and skip are checked first. If count is
greater than or equal to skip, the registered fn function is executed.
Otherwise, increase the value of count. So the code can be refactored.
Then use helper function to replace the code of each cls module in
alphabetical order.
The walk function is invoked during dump. Therefore, test cases related
to the tdc filter need to be added.
Add test cases locally and perform the test. The test results are listed
below:
./tdc.py -e 0811
ok 1 0811 - Add multiple basic filter with cmp ematch u8/link layer and
default action and dump them
./tdc.py -e 5129
ok 1 5129 - List basic filters
./tdc.py -c bpf-filter
ok 1 23c3 - Add cBPF filter with valid bytecode
ok 2 1563 - Add cBPF filter with invalid bytecode
ok 3 2334 - Add eBPF filter with valid object-file
ok 4 2373 - Add eBPF filter with invalid object-file
ok 5 4423 - Replace cBPF bytecode
ok 6 5122 - Delete cBPF filter
ok 7 e0a9 - List cBPF filters
./tdc.py -c cgroup
ok 1 6273 - Add cgroup filter with cmp ematch u8/link layer and drop
action
ok 2 4721 - Add cgroup filter with cmp ematch u8/link layer with trans
flag and pass action
ok 3 d392 - Add cgroup filter with cmp ematch u16/link layer and pipe
action
ok 4 0234 - Add cgroup filter with cmp ematch u32/link layer and miltiple
actions
ok 5 8499 - Add cgroup filter with cmp ematch u8/network layer and pass
action
ok 6 b273 - Add cgroup filter with cmp ematch u8/network layer with trans
flag and drop action
ok 7 1934 - Add cgroup filter with cmp ematch u16/network layer and pipe
action
ok 8 2733 - Add cgroup filter with cmp ematch u32/network layer and
miltiple actions
ok 9 3271 - Add cgroup filter with NOT cmp ematch rule and pass action
ok 10 2362 - Add cgroup filter with two ANDed cmp ematch rules and single
action
ok 11 9993 - Add cgroup filter with two ORed cmp ematch rules and single
action
ok 12 2331 - Add cgroup filter with two ANDed cmp ematch rules and one
ORed ematch rule and single action
ok 13 3645 - Add cgroup filter with two ANDed cmp ematch rules and one
NOT ORed ematch rule and single action
ok 14 b124 - Add cgroup filter with u32 ematch u8/zero offset and drop
action
ok 15 7381 - Add cgroup filter with u32 ematch u8/zero offset and invalid
value >0xFF
ok 16 2231 - Add cgroup filter with u32 ematch u8/positive offset and
drop action
ok 17 1882 - Add cgroup filter with u32 ematch u8/invalid mask >0xFF
ok 18 1237 - Add cgroup filter with u32 ematch u8/missing offset
ok 19 3812 - Add cgroup filter with u32 ematch u8/missing AT keyword
ok 20 1112 - Add cgroup filter with u32 ematch u8/missing value
ok 21 3241 - Add cgroup filter with u32 ematch u8/non-numeric value
ok 22 e231 - Add cgroup filter with u32 ematch u8/non-numeric mask
ok 23 4652 - Add cgroup filter with u32 ematch u8/negative offset and
pass action
ok 24 1331 - Add cgroup filter with u32 ematch u16/zero offset and pipe
action
ok 25 e354 - Add cgroup filter with u32 ematch u16/zero offset and
invalid value >0xFFFF
ok 26 3538 - Add cgroup filter with u32 ematch u16/positive offset and
drop action
ok 27 4576 - Add cgroup filter with u32 ematch u16/invalid mask >0xFFFF
ok 28 b842 - Add cgroup filter with u32 ematch u16/missing offset
ok 29 c924 - Add cgroup filter with u32 ematch u16/missing AT keyword
ok 30 cc93 - Add cgroup filter with u32 ematch u16/missing value
ok 31 123c - Add cgroup filter with u32 ematch u16/non-numeric value
ok 32 3675 - Add cgroup filter with u32 ematch u16/non-numeric mask
ok 33 1123 - Add cgroup filter with u32 ematch u16/negative offset and
drop action
ok 34 4234 - Add cgroup filter with u32 ematch u16/nexthdr+ offset and
pass action
ok 35 e912 - Add cgroup filter with u32 ematch u32/zero offset and pipe
action
ok 36 1435 - Add cgroup filter with u32 ematch u32/positive offset and
drop action
ok 37 1282 - Add cgroup filter with u32 ematch u32/missing offset
ok 38 6456 - Add cgroup filter with u32 ematch u32/missing AT keyword
ok 39 4231 - Add cgroup filter with u32 ematch u32/missing value
ok 40 2131 - Add cgroup filter with u32 ematch u32/non-numeric value
ok 41 f125 - Add cgroup filter with u32 ematch u32/non-numeric mask
ok 42 4316 - Add cgroup filter with u32 ematch u32/negative offset and
drop action
ok 43 23ae - Add cgroup filter with u32 ematch u32/nexthdr+ offset and
pipe action
ok 44 23a1 - Add cgroup filter with canid ematch and single SFF
ok 45 324f - Add cgroup filter with canid ematch and single SFF with mask
ok 46 2576 - Add cgroup filter with canid ematch and multiple SFF
ok 47 4839 - Add cgroup filter with canid ematch and multiple SFF with
masks
ok 48 6713 - Add cgroup filter with canid ematch and single EFF
ok 49 4572 - Add cgroup filter with canid ematch and single EFF with mask
ok 50 8031 - Add cgroup filter with canid ematch and multiple EFF
ok 51 ab9d - Add cgroup filter with canid ematch and multiple EFF with
masks
ok 52 5349 - Add cgroup filter with canid ematch and a combination of
SFF/EFF
ok 53 c934 - Add cgroup filter with canid ematch and a combination of
SFF/EFF with masks
ok 54 4319 - Replace cgroup filter with diffferent match
ok 55 4636 - Detele cgroup filter
./tdc.py -c flow
ok 1 5294 - Add flow filter with map key and ops
ok 2 3514 - Add flow filter with map key or ops
ok 3 7534 - Add flow filter with map key xor ops
ok 4 4524 - Add flow filter with map key rshift ops
ok 5 0230 - Add flow filter with map key addend ops
ok 6 2344 - Add flow filter with src map key
ok 7 9304 - Add flow filter with proto map key
ok 8 9038 - Add flow filter with proto-src map key
ok 9 2a03 - Add flow filter with proto-dst map key
ok 10 a073 - Add flow filter with iif map key
ok 11 3b20 - Add flow filter with priority map key
ok 12 8945 - Add flow filter with mark map key
ok 13 c034 - Add flow filter with nfct map key
ok 14 0205 - Add flow filter with nfct-src map key
ok 15 5315 - Add flow filter with nfct-src map key
ok 16 7849 - Add flow filter with nfct-proto-src map key
ok 17 9902 - Add flow filter with nfct-proto-dst map key
ok 18 6742 - Add flow filter with rt-classid map key
ok 19 5432 - Add flow filter with sk-uid map key
ok 20 4234 - Add flow filter with sk-gid map key
ok 21 4522 - Add flow filter with vlan-tag map key
ok 22 4253 - Add flow filter with rxhash map key
ok 23 4452 - Add flow filter with hash key list
ok 24 4341 - Add flow filter with muliple ops
ok 25 4392 - List flow filters
ok 26 4322 - Change flow filter with map key num
ok 27 2320 - Replace flow filter with map key num
ok 28 3213 - Delete flow filter with map key num
./tdc.py -c route
ok 1 e122 - Add route filter with from and to tag
ok 2 6573 - Add route filter with fromif and to tag
ok 3 1362 - Add route filter with to flag and reclassify action
ok 4 4720 - Add route filter with from flag and continue actions
ok 5 2812 - Add route filter with form tag and pipe action
ok 6 7994 - Add route filter with miltiple actions
ok 7 4312 - List route filters
ok 8 2634 - Delete route filter with pipe action
./tdc.py -c rsvp
ok 1 2141 - Add rsvp filter with tcp proto and specific IP address
ok 2 5267 - Add rsvp filter with udp proto and specific IP address
ok 3 2819 - Add rsvp filter with src ip and src port
ok 4 c967 - Add rsvp filter with tunnelid and continue action
ok 5 5463 - Add rsvp filter with tunnel and pipe action
ok 6 2332 - Add rsvp filter with miltiple actions
ok 7 8879 - Add rsvp filter with tunnel and skp flag
ok 8 8261 - List rsvp filters
ok 9 8989 - Delete rsvp filter
./tdc.py -c tcindex
ok 1 8293 - Add tcindex filter with default action
ok 2 7281 - Add tcindex filter with hash size and pass action
ok 3 b294 - Add tcindex filter with mask shift and reclassify action
ok 4 0532 - Add tcindex filter with pass_on and continue actions
ok 5 d473 - Add tcindex filter with pipe action
ok 6 2940 - Add tcindex filter with miltiple actions
ok 7 1893 - List tcindex filters
ok 8 2041 - Change tcindex filter with pass action
ok 9 9203 - Replace tcindex filter with pass action
ok 10 7957 - Delete tcindex filter with drop action
---
v2: rectify spelling error; The category name bpf in filters file
is renamed to bpf-filter
---
Zhengchao Shao (9):
net/sched: cls_api: add helper for tc cls walker stats updating
net/sched: use tc_cls_stats_update() in filter
selftests/tc-testings: add selftests for bpf filter
selftests/tc-testings: add selftests for cgroup filter
selftests/tc-testings: add selftests for flow filter
selftests/tc-testings: add selftests for route filter
selftests/tc-testings: add selftests for rsvp filter
selftests/tc-testings: add selftests for tcindex filter
selftests/tc-testings: add list case for basic filter
include/net/pkt_cls.h | 13 +
net/sched/cls_basic.c | 9 +-
net/sched/cls_bpf.c | 8 +-
net/sched/cls_flow.c | 8 +-
net/sched/cls_fw.c | 9 +-
net/sched/cls_route.c | 9 +-
net/sched/cls_rsvp.h | 9 +-
net/sched/cls_tcindex.c | 18 +-
net/sched/cls_u32.c | 20 +-
.../tc-testing/tc-tests/filters/basic.json | 47 +
.../tc-testing/tc-tests/filters/bpf.json | 171 +++
.../tc-testing/tc-tests/filters/cgroup.json | 1236 +++++++++++++++++
.../tc-testing/tc-tests/filters/flow.json | 623 +++++++++
.../tc-testing/tc-tests/filters/route.json | 181 +++
.../tc-testing/tc-tests/filters/rsvp.json | 203 +++
.../tc-testing/tc-tests/filters/tcindex.json | 227 +++
16 files changed, 2716 insertions(+), 75 deletions(-)
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/bpf.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/cgroup.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/flow.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/route.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/rsvp.json
create mode 100644 tools/testing/selftests/tc-testing/tc-tests/filters/tcindex.json
--
2.17.1
From: Kyle Huey <me(a)kylehuey.com>
When management of the PKRU register was moved away from XSTATE, emulation
of PKRU's existence in XSTATE was added for reading PKRU through ptrace,
but not for writing PKRU through ptrace. This can be seen by running gdb
and executing `p $pkru`, `set $pkru = 42`, and `p $pkru`. On affected
kernels (5.14+) the write to the PKRU register (which gdb performs through
ptrace) is ignored.
There are three APIs that write PKRU: sigreturn, PTRACE_SETREGSET with
NT_X86_XSTATE, and KVM_SET_XSAVE. sigreturn still uses XRSTOR to write to
PKRU. KVM_SET_XSAVE has its own special handling to make PKRU writes take
effect (in fpu_copy_uabi_to_guest_fpstate). Push that down into
copy_uabi_to_xstate and have PTRACE_SETREGSET with NT_X86_XSTATE pass in
a pointer to the appropriate PKRU slot. copy_sigframe_from_user_to_xstate
depends on copy_uabi_to_xstate populating the PKRU field in the task's
XSTATE so that __fpu_restore_sig can do a XRSTOR from it, so continue doing
that.
This also adds code to initialize the PKRU value to the hardware init value
(namely 0) if the PKRU bit is not set in the XSTATE header provided to
ptrace, to match XRSTOR.
Fixes: e84ba47e313d ("x86/fpu: Hook up PKRU into ptrace()")
Signed-off-by: Kyle Huey <me(a)kylehuey.com>
Cc: Dave Hansen <dave.hansen(a)linux.intel.com>
Cc: Thomas Gleixner <tglx(a)linutronix.de>
Cc: Borislav Petkov <bp(a)suse.de>
Cc: stable(a)vger.kernel.org # 5.14+
---
arch/x86/kernel/fpu/core.c | 20 +++++++++-----------
arch/x86/kernel/fpu/regset.c | 2 +-
arch/x86/kernel/fpu/signal.c | 2 +-
arch/x86/kernel/fpu/xstate.c | 25 ++++++++++++++++++++-----
arch/x86/kernel/fpu/xstate.h | 4 ++--
5 files changed, 33 insertions(+), 20 deletions(-)
diff --git a/arch/x86/kernel/fpu/core.c b/arch/x86/kernel/fpu/core.c
index 3b28c5b25e12..c273669e8a00 100644
--- a/arch/x86/kernel/fpu/core.c
+++ b/arch/x86/kernel/fpu/core.c
@@ -391,8 +391,6 @@ int fpu_copy_uabi_to_guest_fpstate(struct fpu_guest *gfpu, const void *buf,
{
struct fpstate *kstate = gfpu->fpstate;
const union fpregs_state *ustate = buf;
- struct pkru_state *xpkru;
- int ret;
if (!cpu_feature_enabled(X86_FEATURE_XSAVE)) {
if (ustate->xsave.header.xfeatures & ~XFEATURE_MASK_FPSSE)
@@ -406,16 +404,16 @@ int fpu_copy_uabi_to_guest_fpstate(struct fpu_guest *gfpu, const void *buf,
if (ustate->xsave.header.xfeatures & ~xcr0)
return -EINVAL;
- ret = copy_uabi_from_kernel_to_xstate(kstate, ustate);
- if (ret)
- return ret;
+ /*
+ * Nullify @vpkru to preserve its current value if PKRU's bit isn't set
+ * in the header. KVM's odd ABI is to leave PKRU untouched in this
+ * case (all other components are eventually re-initialized).
+ * (Not clear that this is actually necessary for compat).
+ */
+ if (!(ustate->xsave.header.xfeatures & XFEATURE_MASK_PKRU))
+ vpkru = NULL;
- /* Retrieve PKRU if not in init state */
- if (kstate->regs.xsave.header.xfeatures & XFEATURE_MASK_PKRU) {
- xpkru = get_xsave_addr(&kstate->regs.xsave, XFEATURE_PKRU);
- *vpkru = xpkru->pkru;
- }
- return 0;
+ return copy_uabi_from_kernel_to_xstate(kstate, ustate, vpkru);
}
EXPORT_SYMBOL_GPL(fpu_copy_uabi_to_guest_fpstate);
#endif /* CONFIG_KVM */
diff --git a/arch/x86/kernel/fpu/regset.c b/arch/x86/kernel/fpu/regset.c
index 75ffaef8c299..6d056b68f4ed 100644
--- a/arch/x86/kernel/fpu/regset.c
+++ b/arch/x86/kernel/fpu/regset.c
@@ -167,7 +167,7 @@ int xstateregs_set(struct task_struct *target, const struct user_regset *regset,
}
fpu_force_restore(fpu);
- ret = copy_uabi_from_kernel_to_xstate(fpu->fpstate, kbuf ?: tmpbuf);
+ ret = copy_uabi_from_kernel_to_xstate(fpu->fpstate, kbuf ?: tmpbuf, &target->thread.pkru);
out:
vfree(tmpbuf);
diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c
index 91d4b6de58ab..558076dbde5b 100644
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -396,7 +396,7 @@ static bool __fpu_restore_sig(void __user *buf, void __user *buf_fx,
fpregs = &fpu->fpstate->regs;
if (use_xsave() && !fx_only) {
- if (copy_sigframe_from_user_to_xstate(fpu->fpstate, buf_fx))
+ if (copy_sigframe_from_user_to_xstate(tsk, buf_fx))
return false;
} else {
if (__copy_from_user(&fpregs->fxsave, buf_fx,
diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
index c8340156bfd2..8f14981a3936 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -1197,7 +1197,7 @@ static int copy_from_buffer(void *dst, unsigned int offset, unsigned int size,
static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf,
- const void __user *ubuf)
+ const void __user *ubuf, u32 *pkru)
{
struct xregs_state *xsave = &fpstate->regs.xsave;
unsigned int offset, size;
@@ -1246,6 +1246,21 @@ static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf,
}
}
+ /*
+ * Update the user protection key storage. Allow KVM to
+ * pass in a NULL pkru pointer if the mask bit is unset
+ * for its legacy ABI behavior.
+ */
+ if (pkru)
+ *pkru = 0;
+
+ if (hdr.xfeatures & XFEATURE_MASK_PKRU) {
+ struct pkru_state *xpkru;
+
+ xpkru = __raw_xsave_addr(xsave, XFEATURE_PKRU);
+ *pkru = xpkru->pkru;
+ }
+
/*
* The state that came in from userspace was user-state only.
* Mask all the user states out of 'xfeatures':
@@ -1264,9 +1279,9 @@ static int copy_uabi_to_xstate(struct fpstate *fpstate, const void *kbuf,
* Convert from a ptrace standard-format kernel buffer to kernel XSAVE[S]
* format and copy to the target thread. Used by ptrace and KVM.
*/
-int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf)
+int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf, u32 *pkru)
{
- return copy_uabi_to_xstate(fpstate, kbuf, NULL);
+ return copy_uabi_to_xstate(fpstate, kbuf, NULL, pkru);
}
/*
@@ -1274,10 +1289,10 @@ int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf)
* XSAVE[S] format and copy to the target thread. This is called from the
* sigreturn() and rt_sigreturn() system calls.
*/
-int copy_sigframe_from_user_to_xstate(struct fpstate *fpstate,
+int copy_sigframe_from_user_to_xstate(struct task_struct *tsk,
const void __user *ubuf)
{
- return copy_uabi_to_xstate(fpstate, NULL, ubuf);
+ return copy_uabi_to_xstate(tsk->thread.fpu.fpstate, NULL, ubuf, &tsk->thread.pkru);
}
static bool validate_independent_components(u64 mask)
diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h
index 5ad47031383b..a4ecb04d8d64 100644
--- a/arch/x86/kernel/fpu/xstate.h
+++ b/arch/x86/kernel/fpu/xstate.h
@@ -46,8 +46,8 @@ extern void __copy_xstate_to_uabi_buf(struct membuf to, struct fpstate *fpstate,
u32 pkru_val, enum xstate_copy_mode copy_mode);
extern void copy_xstate_to_uabi_buf(struct membuf to, struct task_struct *tsk,
enum xstate_copy_mode mode);
-extern int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf);
-extern int copy_sigframe_from_user_to_xstate(struct fpstate *fpstate, const void __user *ubuf);
+extern int copy_uabi_from_kernel_to_xstate(struct fpstate *fpstate, const void *kbuf, u32 *pkru);
+extern int copy_sigframe_from_user_to_xstate(struct task_struct *tsk, const void __user *ubuf);
extern void fpu__init_cpu_xstate(void);
--
2.37.2
Changelog since v5:
- Avoids a second copy from the uabi buffer as suggested.
- Preserves old KVM_SET_XSAVE behavior where leaving the PKRU bit in the
XSTATE header results in PKRU remaining unchanged instead of
reinitializing it.
- Fixed up patch metadata as requested.
Changelog since v4:
- Selftest additionally checks PKRU readbacks through ptrace.
- Selftest flips all PKRU bits (except the default key).
Changelog since v3:
- The v3 patch is now part 1 of 2.
- Adds a selftest in part 2 of 2.
Changelog since v2:
- Removed now unused variables in fpu_copy_uabi_to_guest_fpstate
Changelog since v1:
- Handles the error case of copy_to_buffer().
hi,
The test error is caused by g_vsyscall set failed.
Error output:
selftests: proc: proc-pid-vm
proc-pid-vm: proc-pid-vm.c:389: main: Assertion `rv == len' failed.
Aborted
g_vsyscall is set to 0.
In proc-pid-vm.c:
/*
* 0: vsyscall VMA doesn't exist vsyscall=none
* 1: vsyscall VMA is r-xp vsyscall=emulate
* 2: vsyscall VMA is --xp vsyscall=xonly
*/
static int g_vsyscall;
static const char *str_vsyscall;
static const char str_vsyscall_0[] = "";
static const char str_vsyscall_1[] =
"ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]\n";
static const char str_vsyscall_2[] =
"ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0 [vsyscall]\n";
The /proc/%u/maps output is:
buf=100000000-100001000 r-xp 00000000 00:2d 2 /tmp/#2 (deleted)
ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0 [vsyscall]
So the g_vsyscall should be 2 according to commentary(2: vsyscall VMA is --xp).
Is it a bug?
best regards,
Libhugetlbfs is not being maintained actively, and some distro is
dropping support for it. There are some tests that are good for testing
hugetlb functionality in kernel, which can be migrated to either kernel
kselftests or LTP.
I am submitting this patch to get comments from community on the
following
1. The test framework in ltp is most suitable for the tests that are
in libhugetlbfs/tests/ which follow similar test framework. And there
is already a section for hugetlb specific tests in LTP. So it makes
more sense and less effort to migrate the test to LTP. Though I
recommend migrating these tests to LTP, I would like to discuss tests
should be migrated to LTP or kselftests.
2. Libhugetlbfs tests has license GNU Lesser GPL 2.1 or later, while
kernel and LTP has license GPL2 or later, so can the test be
migrated to kernel/kselftests or LTP.
The below patch is libhugetlbfs/tests/direct.c which has been migrated
to ltp/testcases/kernel/mem/hugetlb/hugemmap/hugemmap07.c
Signed-off-by: Tarun Sahu <tsahu(a)linux.ibm.com>
---
runtest/hugetlb | 2 +
testcases/kernel/mem/.gitignore | 1 +
.../kernel/mem/hugetlb/hugemmap/hugemmap07.c | 106 ++++++++++++++++++
3 files changed, 109 insertions(+)
create mode 100644 testcases/kernel/mem/hugetlb/hugemmap/hugemmap07.c
diff --git a/runtest/hugetlb b/runtest/hugetlb
index f719217ab..ee02835d3 100644
--- a/runtest/hugetlb
+++ b/runtest/hugetlb
@@ -3,6 +3,8 @@ hugemmap02 hugemmap02
hugemmap04 hugemmap04
hugemmap05 hugemmap05
hugemmap06 hugemmap06
+hugemmap07 hugemmap07
+
hugemmap05_1 hugemmap05 -m
hugemmap05_2 hugemmap05 -s
hugemmap05_3 hugemmap05 -s -m
diff --git a/testcases/kernel/mem/.gitignore b/testcases/kernel/mem/.gitignore
index ff2910533..df5256ec8 100644
--- a/testcases/kernel/mem/.gitignore
+++ b/testcases/kernel/mem/.gitignore
@@ -4,6 +4,7 @@
/hugetlb/hugemmap/hugemmap04
/hugetlb/hugemmap/hugemmap05
/hugetlb/hugemmap/hugemmap06
+/hugetlb/hugemmap/hugemmap07
/hugetlb/hugeshmat/hugeshmat01
/hugetlb/hugeshmat/hugeshmat02
/hugetlb/hugeshmat/hugeshmat03
diff --git a/testcases/kernel/mem/hugetlb/hugemmap/hugemmap07.c b/testcases/kernel/mem/hugetlb/hugemmap/hugemmap07.c
new file mode 100644
index 000000000..798735ed0
--- /dev/null
+++ b/testcases/kernel/mem/hugetlb/hugemmap/hugemmap07.c
@@ -0,0 +1,106 @@
+/*
+ * License/Copyright Details
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <sys/mount.h>
+#include <limits.h>
+#include <sys/param.h>
+#include <sys/types.h>
+
+#include "tst_test.h"
+
+#define P0 "ffffffff"
+#define IOSZ 4096
+char buf[IOSZ] __attribute__((aligned(IOSZ)));
+static int fildes = -1, nfildes = -1;
+static char TEMPFILE[MAXPATHLEN];
+static char NTEMPFILE[MAXPATHLEN];
+
+void test_directio(void)
+{
+ long hpage_size;
+ void *p;
+ int ret;
+
+ hpage_size = SAFE_READ_MEMINFO("Hugepagesize:");
+
+ fildes = SAFE_OPEN(TEMPFILE, O_RDWR | O_CREAT, 0600);
+ nfildes = SAFE_OPEN(NTEMPFILE, O_CREAT|O_EXCL|O_RDWR|O_DIRECT, 0600);
+
+ p = mmap(NULL, hpage_size, PROT_READ|PROT_WRITE, MAP_PRIVATE, fildes, 0);
+ if (p == MAP_FAILED)
+ tst_brk(TFAIL | TERRNO, "mmap() Failed on %s", TEMPFILE);
+
+ memcpy(p, P0, 8);
+
+ /* Direct write from huge page */
+ ret = write(nfildes, p, IOSZ);
+ if (ret == -1)
+ tst_brk(TFAIL | TERRNO, "Direct-IO write from huge page");
+ if (ret != IOSZ)
+ tst_brk(TFAIL, "Short direct-IO write from huge page");
+ if (lseek(nfildes, 0, SEEK_SET) == -1)
+ tst_brk(TFAIL | TERRNO, "lseek");
+
+ /* Check for accuracy */
+ ret = read(nfildes, buf, IOSZ);
+ if (ret == -1)
+ tst_brk(TFAIL | TERRNO, "Direct-IO read to normal memory");
+ if (ret != IOSZ)
+ tst_brk(TFAIL, "Short direct-IO read to normal memory");
+ if (memcmp(P0, buf, 8))
+ tst_brk(TFAIL, "Memory mismatch after Direct-IO write");
+ if (lseek(nfildes, 0, SEEK_SET) == -1)
+ tst_brk(TFAIL | TERRNO, "lseek");
+
+ /* Direct read to huge page */
+ memset(p, 0, IOSZ);
+ ret = read(nfildes, p, IOSZ);
+ if (ret == -1)
+ tst_brk(TFAIL | TERRNO, "Direct-IO read to huge page");
+ if (ret != IOSZ)
+ tst_brk(TFAIL, "Short direct-IO read to huge page");
+
+ /* Check for accuracy */
+ if (memcmp(p, P0, 8))
+ tst_brk(TFAIL, "Memory mismatch after Direct-IO read");
+ tst_res(TPASS, "Successfully tested Hugepage Direct I/O");
+}
+
+void setup(void)
+{
+ if (tst_hugepages == 0)
+ tst_brk(TCONF, "Not enough hugepages for testing.");
+
+ if (!Hopt)
+ Hopt = tst_get_tmpdir();
+ SAFE_MOUNT("none", Hopt, "hugetlbfs", 0, NULL);
+
+ snprintf(TEMPFILE, sizeof(TEMPFILE), "%s/mmapfile%d", Hopt, getpid());
+ snprintf(NTEMPFILE, sizeof(NTEMPFILE), "%s/nmmapfile%d", "/home/", getpid());
+}
+
+void cleanup(void)
+{
+ close(fildes);
+ close(nfildes);
+ remove(TEMPFILE);
+ remove(NTEMPFILE);
+ umount2(Hopt, MNT_DETACH);
+}
+
+static struct tst_test test = {
+ .needs_root = 1,
+ .needs_tmpdir = 1,
+ .options = (struct tst_option[]) {
+ {"H:", &Hopt, "Location of hugetlbfs, i.e. -H /var/hugetlbfs"},
+ {"s:", &nr_opt, "Set the number of the been allocated hugepages"},
+ {}
+ },
+ .setup = setup,
+ .cleanup = cleanup,
+ .test_all = test_directio,
+ .hugepages = {2, TST_REQUEST},
+};
--
2.31.1
This patchset contains minor fixes and cleanups for DAMON including
- selftest for a bug we found before (Patch 1),
- fix of region holes in vaddr corner case and a kunit test for it
(Patches 2 and 3), and
- documents/Kconfig updates for title wordsmithing (Patch 4) and more
aggressive DAMON debugfs interface deprecation announcement
(Patches 5-7).
SeongJae Park (7):
selftest/damon: add a test for duplicate context dirs creation
mm/damon/core: avoid holes in newly set monitoring target ranges
mm/damon/core-test: test damon_set_regions
Docs/admin-guide/mm/damon: rename the title of the document
mm/damon/Kconfig: Notify debugfs deprecation plan
Docs/DAMON/start: mention the dependency as sysfs instead of debugfs
Docs/admin-guide/mm/damon/usage: note DAMON debugfs interface
deprecation plan
Documentation/admin-guide/mm/damon/index.rst | 6 ++---
Documentation/admin-guide/mm/damon/start.rst | 13 +++------
Documentation/admin-guide/mm/damon/usage.rst | 5 ++++
mm/damon/Kconfig | 3 +++
mm/damon/core-test.h | 23 ++++++++++++++++
mm/damon/core.c | 24 +++++++++++++++++
tools/testing/selftests/damon/Makefile | 1 +
.../debugfs_duplicate_context_creation.sh | 27 +++++++++++++++++++
8 files changed, 89 insertions(+), 13 deletions(-)
create mode 100644 tools/testing/selftests/damon/debugfs_duplicate_context_creation.sh
--
2.25.1
Hi All,
Intel's Trust Domain Extensions (TDX) protect guest VMs from malicious
hosts and some physical attacks. VM guest with TDX support is called
as a TDX Guest.
In TDX guest, attestation process is used to verify the TDX guest
trustworthiness to other entities before provisioning secrets to the
guest. For example, a key server may request for attestation before
releasing the encryption keys to mount the encrypted rootfs or
secondary drive.
This patch set adds attestation support for the TDX guest. Details
about the TDX attestation process and the steps involved are explained
in the commit log of Patch 1/3 or in Documentation/x86/tdx.rst (added
by patch 3/3).
Following are the details of the patch set:
Patch 1/3 -> Adds TDREPORT support.
Patch 2/3 -> Adds selftest support for TDREPORT feature.
Patch 3/3 -> Add attestation related documentation.
Commit log history is maintained in the individual patches.
Kuppuswamy Sathyanarayanan (3):
x86/tdx: Add TDX Guest attestation interface driver
selftests: tdx: Test TDX attestation GetReport support
Documentation/x86: Document TDX attestation process
Documentation/x86/tdx.rst | 75 +++++++++
arch/x86/coco/tdx/tdx.c | 112 +++++++++++++
arch/x86/include/uapi/asm/tdx.h | 54 ++++++
tools/arch/x86/include/uapi/asm/tdx.h | 54 ++++++
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/tdx/Makefile | 11 ++
tools/testing/selftests/tdx/config | 1 +
tools/testing/selftests/tdx/tdx_attest_test.c | 155 ++++++++++++++++++
8 files changed, 463 insertions(+)
create mode 100644 arch/x86/include/uapi/asm/tdx.h
create mode 100644 tools/arch/x86/include/uapi/asm/tdx.h
create mode 100644 tools/testing/selftests/tdx/Makefile
create mode 100644 tools/testing/selftests/tdx/config
create mode 100644 tools/testing/selftests/tdx/tdx_attest_test.c
--
2.34.1
Hi Linus,
Please pull the following KUnit fixes update for Linux 6.0-rc5.
This KUnit fixes update for Linux 6.0-rc5 consists of 2 fixes to test
build and a fix to incorrect taint reason reporting.
Please note that this update touches drivers/thunderbolt and drivers/virt
Kconfig files.
diff is attached.
thanks,
-- Shuah
----------------------------------------------------------------
The following changes since commit 41a55567b9e31cb852670684404654ec4fd0d8d6:
module: kunit: Load .kunit_test_suites section when CONFIG_KUNIT=m (2022-08-15 13:51:07 -0600)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-kunit-fixes-6.0-rc5
for you to fetch changes up to 2a2dfc869d3345ccdd91322b023f4b0da84acbe7:
tools: Add new "test" taint to kernel-chktaint (2022-09-07 14:51:12 -0600)
----------------------------------------------------------------
linux-kselftest-kunit-fixes-6.0-rc5
This KUnit fixes update for Linux 6.0-rc5 consists of 2 fixes to test
build and a fix to incorrect taint reason reporting.
----------------------------------------------------------------
Joe Fradley (1):
tools: Add new "test" taint to kernel-chktaint
Nico Pache (1):
kunit: fix Kconfig for build-in tests USB4 and Nitro Enclaves
Sander Vanheule (1):
kunit: fix assert_type for comparison macros
drivers/thunderbolt/Kconfig | 3 +--
drivers/virt/nitro_enclaves/Kconfig | 2 +-
include/kunit/test.h | 6 +++---
tools/debugging/kernel-chktaint | 9 +++++++++
4 files changed, 14 insertions(+), 6 deletions(-)
----------------------------------------------------------------
QUIC requires end to end encryption of the data. The application usually
prepares the data in clear text, encrypts and calls send() which implies
multiple copies of the data before the packets hit the networking stack.
Similar to kTLS, QUIC kernel offload of cryptography reduces the memory
pressure by reducing the number of copies.
The scope of kernel support is limited to the symmetric cryptography,
leaving the handshake to the user space library. For QUIC in particular,
the application packets that require symmetric cryptography are the 1RTT
packets with short headers. Kernel will encrypt the application packets
on transmission and decrypt on receive. This series implements Tx only,
because in QUIC server applications Tx outweighs Rx by orders of
magnitude.
Supporting the combination of QUIC and GSO requires the application to
correctly place the data and the kernel to correctly slice it. The
encryption process appends an arbitrary number of bytes (tag) to the end
of the message to authenticate it. The GSO value should include this
overhead, the offload would then subtract the tag size to parse the
input on Tx before chunking and encrypting it.
With the kernel cryptography, the buffer copy operation is conjoined
with the encryption operation. The memory bandwidth is reduced by 5-8%.
When devices supporting QUIC encryption in hardware come to the market,
we will be able to free further 7% of CPU utilization which is used
today for crypto operations.
Adel Abouchaev (6):
Documentation on QUIC kernel Tx crypto.
Define QUIC specific constants, control and data plane structures
Add UDP ULP operations, initialization and handling prototype
functions.
Implement QUIC offload functions
Add flow counters and Tx processing error counter
Add self tests for ULP operations, flow setup and crypto tests
Documentation/networking/index.rst | 1 +
Documentation/networking/quic.rst | 215 ++++
include/net/inet_sock.h | 2 +
include/net/netns/mib.h | 3 +
include/net/quic.h | 63 +
include/net/snmp.h | 6 +
include/net/udp.h | 33 +
include/uapi/linux/quic.h | 68 ++
include/uapi/linux/snmp.h | 9 +
include/uapi/linux/udp.h | 4 +
net/Kconfig | 1 +
net/Makefile | 1 +
net/ipv4/Makefile | 3 +-
net/ipv4/udp.c | 15 +
net/ipv4/udp_ulp.c | 192 +++
net/quic/Kconfig | 16 +
net/quic/Makefile | 8 +
net/quic/quic_main.c | 1533 ++++++++++++++++++++++++
net/quic/quic_proc.c | 45 +
security/security.c | 1 +
tools/testing/selftests/net/.gitignore | 1 +
tools/testing/selftests/net/Makefile | 3 +-
tools/testing/selftests/net/quic.c | 1369 +++++++++++++++++++++
tools/testing/selftests/net/quic.sh | 46 +
24 files changed, 3636 insertions(+), 2 deletions(-)
create mode 100644 Documentation/networking/quic.rst
create mode 100644 include/net/quic.h
create mode 100644 include/uapi/linux/quic.h
create mode 100644 net/ipv4/udp_ulp.c
create mode 100644 net/quic/Kconfig
create mode 100644 net/quic/Makefile
create mode 100644 net/quic/quic_main.c
create mode 100644 net/quic/quic_proc.c
create mode 100644 tools/testing/selftests/net/quic.c
create mode 100755 tools/testing/selftests/net/quic.sh
--
2.30.2
From: Vijay Dhanraj <vijay.dhanraj(a)intel.com>
Add a new test case which is same as augment_via_eaccept but adds a
larger number of EPC pages to stress test EAUG via EACCEPT.
Signed-off-by: Vijay Dhanraj <vijay.dhanraj(a)intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org>
---
v8:
- Specify dynamic heap size in side the test case.
v7:
- Contains now only the test case. Support for dynamic heap is
prepared in prepending patches.
v6:
- Address Reinette's feedback:
https://lore.kernel.org/linux-sgx/Yw6%2FiTzSdSw%2FY%2FVO@kernel.org/
v5:
- Add the klog dump and sysctl option to the commit message.
v4:
- Explain expectations for dirty_page_list in the function header, instead
of an inline comment.
- Improve commit message to explain the conditions better.
- Return the number of pages left dirty to ksgxd() and print warning after
the 2nd call, if there are any.
v3:
- Remove WARN_ON().
- Tuned comments and the commit message a bit.
v2:
- Replaced WARN_ON() with optional pr_info() inside
__sgx_sanitize_pages().
- Rewrote the commit message.
- Added the fixes tag.
---
tools/testing/selftests/sgx/main.c | 112 ++++++++++++++++++++++++++++-
1 file changed, 111 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c
index 78c3b913ce10..e596b45bc5f8 100644
--- a/tools/testing/selftests/sgx/main.c
+++ b/tools/testing/selftests/sgx/main.c
@@ -22,8 +22,10 @@
#include "main.h"
static const size_t ENCL_HEAP_SIZE_DEFAULT = PAGE_SIZE;
+static const unsigned long TIMEOUT_DEFAULT = 900;
static const uint64_t MAGIC = 0x1122334455667788ULL;
static const uint64_t MAGIC2 = 0x8877665544332211ULL;
+
vdso_sgx_enter_enclave_t vdso_sgx_enter_enclave;
/*
@@ -387,7 +389,7 @@ TEST_F(enclave, unclobbered_vdso_oversubscribed)
EXPECT_EQ(self->run.user_data, 0);
}
-TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, 900)
+TEST_F_TIMEOUT(enclave, unclobbered_vdso_oversubscribed_remove, TIMEOUT_DEFAULT)
{
struct sgx_enclave_remove_pages remove_ioc;
struct sgx_enclave_modify_types modt_ioc;
@@ -1245,6 +1247,114 @@ TEST_F(enclave, augment_via_eaccept)
munmap(addr, PAGE_SIZE);
}
+/*
+ * Test for the addition of large number of pages to an initialized enclave via
+ * a pre-emptive run of EACCEPT on every page to be added.
+ */
+TEST_F_TIMEOUT(enclave, augment_via_eaccept_long, TIMEOUT_DEFAULT)
+{
+ /*
+ * The dynamic heap size was chosen based on a bug report:
+ * Message-ID:
+ * <DM8PR11MB55912A7F47A84EC9913A6352F6999(a)DM8PR11MB5591.namprd11.prod.outlook.com>
+ */
+ static const unsigned long DYNAMIC_HEAP_SIZE = 0x200000L * PAGE_SIZE;
+ struct encl_op_get_from_addr get_addr_op;
+ struct encl_op_put_to_addr put_addr_op;
+ struct encl_op_eaccept eaccept_op;
+ size_t total_size = 0;
+ unsigned long i;
+ void *addr;
+
+ if (!sgx2_supported())
+ SKIP(return, "SGX2 not supported");
+
+ ASSERT_TRUE(setup_test_encl_dynamic(ENCL_HEAP_SIZE_DEFAULT, DYNAMIC_HEAP_SIZE,
+ &self->encl, _metadata));
+
+ memset(&self->run, 0, sizeof(self->run));
+ self->run.tcs = self->encl.encl_base;
+
+ for (i = 0; i < self->encl.nr_segments; i++) {
+ struct encl_segment *seg = &self->encl.segment_tbl[i];
+
+ total_size += seg->size;
+ }
+
+ /*
+ * mmap() every page at end of existing enclave to be used for
+ * EDMM.
+ */
+ addr = mmap((void *)self->encl.encl_base + total_size, DYNAMIC_HEAP_SIZE,
+ PROT_READ | PROT_WRITE | PROT_EXEC, MAP_SHARED | MAP_FIXED,
+ self->encl.fd, 0);
+ EXPECT_NE(addr, MAP_FAILED);
+
+ self->run.exception_vector = 0;
+ self->run.exception_error_code = 0;
+ self->run.exception_addr = 0;
+
+ /*
+ * Run EACCEPT on every page to trigger the #PF->EAUG->EACCEPT(again
+ * without a #PF). All should be transparent to userspace.
+ */
+ eaccept_op.flags = SGX_SECINFO_R | SGX_SECINFO_W | SGX_SECINFO_REG | SGX_SECINFO_PENDING;
+ eaccept_op.ret = 0;
+ eaccept_op.header.type = ENCL_OP_EACCEPT;
+
+ for (i = 0; i < DYNAMIC_HEAP_SIZE; i += PAGE_SIZE) {
+ eaccept_op.epc_addr = (uint64_t)(addr + i);
+
+ EXPECT_EQ(ENCL_CALL(&eaccept_op, &self->run, true), 0);
+ if (self->run.exception_vector == 14 &&
+ self->run.exception_error_code == 4 &&
+ self->run.exception_addr == self->encl.encl_base) {
+ munmap(addr, DYNAMIC_HEAP_SIZE);
+ SKIP(return, "Kernel does not support adding pages to initialized enclave");
+ }
+
+ EXPECT_EQ(self->run.exception_vector, 0);
+ EXPECT_EQ(self->run.exception_error_code, 0);
+ EXPECT_EQ(self->run.exception_addr, 0);
+ ASSERT_EQ(eaccept_op.ret, 0);
+ ASSERT_EQ(self->run.function, EEXIT);
+ }
+
+ /*
+ * Pool of pages were successfully added to enclave. Perform sanity
+ * check on first page of the pool only to ensure data can be written
+ * to and read from a dynamically added enclave page.
+ */
+ put_addr_op.value = MAGIC;
+ put_addr_op.addr = (unsigned long)addr;
+ put_addr_op.header.type = ENCL_OP_PUT_TO_ADDRESS;
+
+ EXPECT_EQ(ENCL_CALL(&put_addr_op, &self->run, true), 0);
+
+ EXPECT_EEXIT(&self->run);
+ EXPECT_EQ(self->run.exception_vector, 0);
+ EXPECT_EQ(self->run.exception_error_code, 0);
+ EXPECT_EQ(self->run.exception_addr, 0);
+
+ /*
+ * Read memory from newly added page that was just written to,
+ * confirming that data previously written (MAGIC) is present.
+ */
+ get_addr_op.value = 0;
+ get_addr_op.addr = (unsigned long)addr;
+ get_addr_op.header.type = ENCL_OP_GET_FROM_ADDRESS;
+
+ EXPECT_EQ(ENCL_CALL(&get_addr_op, &self->run, true), 0);
+
+ EXPECT_EQ(get_addr_op.value, MAGIC);
+ EXPECT_EEXIT(&self->run);
+ EXPECT_EQ(self->run.exception_vector, 0);
+ EXPECT_EQ(self->run.exception_error_code, 0);
+ EXPECT_EQ(self->run.exception_addr, 0);
+
+ munmap(addr, DYNAMIC_HEAP_SIZE);
+}
+
/*
* SGX2 page type modification test in two phases:
* Phase 1:
--
2.37.2
From: Roberto Sassu <roberto.sassu(a)huawei.com>
Add a missing fd modes check in map iterators, potentially causing
unauthorized map writes by eBPF programs attached to the iterator. Use this
patch set as an opportunity to start a discussion with the cgroup
developers about whether a security check is missing or not for their
iterator.
Also, extend libbpf with the _opts variant of bpf_*_get_fd_by_id(). Only
bpf_map_get_fd_by_id_opts() is really useful in this patch set, to ensure
that the creation of a map iterator fails with a read-only fd.
Add all variants in this patch set for symmetry with
bpf_map_get_fd_by_id_opts(), and because all the variants share the same
opts structure. Also, add all the variants here, to shrink the patch set
fixing map permissions requested by bpftool, so that the remaining patches
are only about the latter.
Finally, extend the bpf_iter test with the read-only fd check, and test
each _opts variant of bpf_*_get_fd_by_id().
Roberto Sassu (7):
bpf: Add missing fd modes check for map iterators
libbpf: Define bpf_get_fd_opts and introduce
bpf_map_get_fd_by_id_opts()
libbpf: Introduce bpf_prog_get_fd_by_id_opts()
libbpf: Introduce bpf_btf_get_fd_by_id_opts()
libbpf: Introduce bpf_link_get_fd_by_id_opts()
selftests/bpf: Ensure fd modes are checked for map iters and destroy
links
selftests/bpf: Add tests for _opts variants of libbpf
include/linux/bpf.h | 2 +-
kernel/bpf/inode.c | 2 +-
kernel/bpf/map_iter.c | 3 +-
kernel/bpf/syscall.c | 8 +-
net/core/bpf_sk_storage.c | 3 +-
net/core/sock_map.c | 3 +-
tools/lib/bpf/bpf.c | 47 +++++-
tools/lib/bpf/bpf.h | 16 ++
tools/lib/bpf/libbpf.map | 10 +-
tools/lib/bpf/libbpf_version.h | 2 +-
.../selftests/bpf/prog_tests/bpf_iter.c | 34 +++-
.../bpf/prog_tests/libbpf_get_fd_opts.c | 145 ++++++++++++++++++
.../bpf/progs/test_libbpf_get_fd_opts.c | 49 ++++++
13 files changed, 309 insertions(+), 15 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/libbpf_get_fd_opts.c
create mode 100644 tools/testing/selftests/bpf/progs/test_libbpf_get_fd_opts.c
--
2.25.1
Delete the redundant word 'in'.
Signed-off-by: wangjianli <wangjianli(a)cdjrlc.com>
---
tools/testing/selftests/cgroup/test_freezer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/cgroup/test_freezer.c b/tools/testing/selftests/cgroup/test_freezer.c
index ff519029f6f4..b479434e87b7 100644
--- a/tools/testing/selftests/cgroup/test_freezer.c
+++ b/tools/testing/selftests/cgroup/test_freezer.c
@@ -740,7 +740,7 @@ static int test_cgfreezer_ptraced(const char *root)
/*
* cg_check_frozen(cgroup, true) will fail here,
- * because the task in in the TRACEd state.
+ * because the task in the TRACEd state.
*/
if (cg_freeze_wait(cgroup, false))
goto cleanup;
--
2.36.1
1. Correct log info
2. Replace exit with return to make the test exit gracefully
3. Delete fault injection related code
4. Reserve one cpu online when the test offline all cpus
5. Add log info when run full test successfully
Changes in v3:
- Remove config file for patch 2
- Update information of cover letter
Changes in v2:
- Update change log of patch 2
- Update exiting value to avoid incorrect report for patch 2
- Keep online_cpu_expect_fail() and offline_cpu_expect_fail() for
patch 3
Zhao Gongyi (5):
selftests/cpu-hotplug: Correct log info
selftests/cpu-hotplug: Use return instead of exit
selftests/cpu-hotplug: Delete fault injection related code
selftests/cpu-hotplug: Reserve one cpu online at least
selftests/cpu-hotplug: Add log info when test success
tools/testing/selftests/cpu-hotplug/Makefile | 2 +-
tools/testing/selftests/cpu-hotplug/config | 1 -
.../selftests/cpu-hotplug/cpu-on-off-test.sh | 140 +++++-------------
3 files changed, 37 insertions(+), 106 deletions(-)
delete mode 100644 tools/testing/selftests/cpu-hotplug/config
--
2.17.1
Hi,
well, given that the HID changes haven't moved a lot in the past
revisions and that I am cc-ing a bunch of people, I have dropped them
while we focus on the last 2 requirements in bpf-core changes.
I'll submit a HID targeted series when we get these in tree, which
would make things a lore more independent.
For reference, the whole reasons for these 2 main changes are at
https://lore.kernel.org/bpf/20220902132938.2409206-1-benjamin.tissoires@red…
Compared to v10 (in addition of dropping the HID changes), I have
changed the selftests so we can test both light skeletons and libbbpf
calls.
Cheers,
Benjamin
Benjamin Tissoires (7):
selftests/bpf: regroup and declare similar kfuncs selftests in an
array
bpf: split btf_check_subprog_arg_match in two
bpf/verifier: allow all functions to read user provided context
selftests/bpf: add test for accessing ctx from syscall program type
bpf/btf: bump BTF_KFUNC_SET_MAX_CNT
bpf/verifier: allow kfunc to return an allocated mem
selftests/bpf: Add tests for kfunc returning a memory pointer
include/linux/bpf.h | 11 +-
include/linux/bpf_verifier.h | 2 +
include/linux/btf.h | 10 +
kernel/bpf/btf.c | 149 ++++++++++--
kernel/bpf/verifier.c | 66 +++--
net/bpf/test_run.c | 37 +++
tools/testing/selftests/bpf/Makefile | 5 +-
.../selftests/bpf/prog_tests/kfunc_call.c | 227 ++++++++++++++++--
.../selftests/bpf/progs/kfunc_call_fail.c | 160 ++++++++++++
.../selftests/bpf/progs/kfunc_call_test.c | 71 ++++++
10 files changed, 678 insertions(+), 60 deletions(-)
create mode 100644 tools/testing/selftests/bpf/progs/kfunc_call_fail.c
--
2.36.1
QUIC requires end to end encryption of the data. The application usually
prepares the data in clear text, encrypts and calls send() which implies
multiple copies of the data before the packets hit the networking stack.
Similar to kTLS, QUIC kernel offload of cryptography reduces the memory
pressure by reducing the number of copies.
The scope of kernel support is limited to the symmetric cryptography,
leaving the handshake to the user space library. For QUIC in particular,
the application packets that require symmetric cryptography are the 1RTT
packets with short headers. Kernel will encrypt the application packets
on transmission and decrypt on receive. This series implements Tx only,
because in QUIC server applications Tx outweighs Rx by orders of
magnitude.
Supporting the combination of QUIC and GSO requires the application to
correctly place the data and the kernel to correctly slice it. The
encryption process appends an arbitrary number of bytes (tag) to the end
of the message to authenticate it. The GSO value should include this
overhead, the offload would then subtract the tag size to parse the
input on Tx before chunking and encrypting it.
With the kernel cryptography, the buffer copy operation is conjoined
with the encryption operation. The memory bandwidth is reduced by 5-8%.
When devices supporting QUIC encryption in hardware come to the market,
we will be able to free further 7% of CPU utilization which is used
today for crypto operations.
Adel Abouchaev (6):
Documentation on QUIC kernel Tx crypto.
Define QUIC specific constants, control and data plane structures
Add UDP ULP operations, initialization and handling prototype
functions.
Implement QUIC offload functions
Add flow counters and Tx processing error counter
Add self tests for ULP operations, flow setup and crypto tests
Documentation/networking/index.rst | 1 +
Documentation/networking/quic.rst | 211 ++++
include/net/inet_sock.h | 2 +
include/net/netns/mib.h | 3 +
include/net/quic.h | 63 +
include/net/snmp.h | 6 +
include/net/udp.h | 33 +
include/uapi/linux/quic.h | 66 +
include/uapi/linux/snmp.h | 9 +
include/uapi/linux/udp.h | 4 +
net/Kconfig | 1 +
net/Makefile | 1 +
net/ipv4/Makefile | 3 +-
net/ipv4/udp.c | 15 +
net/ipv4/udp_ulp.c | 192 +++
net/quic/Kconfig | 16 +
net/quic/Makefile | 8 +
net/quic/quic_main.c | 1533 ++++++++++++++++++++++++
net/quic/quic_proc.c | 45 +
tools/testing/selftests/net/.gitignore | 1 +
tools/testing/selftests/net/Makefile | 3 +-
tools/testing/selftests/net/quic.c | 1370 +++++++++++++++++++++
tools/testing/selftests/net/quic.sh | 46 +
23 files changed, 3630 insertions(+), 2 deletions(-)
create mode 100644 Documentation/networking/quic.rst
create mode 100644 include/net/quic.h
create mode 100644 include/uapi/linux/quic.h
create mode 100644 net/ipv4/udp_ulp.c
create mode 100644 net/quic/Kconfig
create mode 100644 net/quic/Makefile
create mode 100644 net/quic/quic_main.c
create mode 100644 net/quic/quic_proc.c
create mode 100644 tools/testing/selftests/net/quic.c
create mode 100755 tools/testing/selftests/net/quic.sh
--
2.30.2
From: Roberto Sassu <roberto.sassu(a)huawei.com>
One of the desirable features in security is the ability to restrict import
of data to a given system based on data authenticity. If data import can be
restricted, it would be possible to enforce a system-wide policy based on
the signing keys the system owner trusts.
This feature is widely used in the kernel. For example, if the restriction
is enabled, kernel modules can be plugged in only if they are signed with a
key whose public part is in the primary or secondary keyring.
For eBPF, it can be useful as well. For example, it might be useful to
authenticate data an eBPF program makes security decisions on.
After a discussion in the eBPF mailing list, it was decided that the stated
goal should be accomplished by introducing four new kfuncs:
bpf_lookup_user_key() and bpf_lookup_system_key(), for retrieving a keyring
with keys trusted for signature verification, respectively from its serial
and from a pre-determined ID; bpf_key_put(), to release the reference
obtained with the former two kfuncs, bpf_verify_pkcs7_signature(), for
verifying PKCS#7 signatures.
Other than the key serial, bpf_lookup_user_key() also accepts key lookup
flags, that influence the behavior of the lookup. bpf_lookup_system_key()
accepts pre-determined IDs defined in include/linux/verification.h.
bpf_key_put() accepts the new bpf_key structure, introduced to tell whether
the other structure member, a key pointer, is valid or not. The reason is
that verify_pkcs7_signature() also accepts invalid pointers, set with the
pre-determined ID, to select a system-defined keyring. key_put() must be
called only for valid key pointers.
Since the two key lookup functions allocate memory and one increments a key
reference count, they must be used in conjunction with bpf_key_put(). The
latter must be called only if the lookup functions returned a non-NULL
pointer. The verifier denies the execution of eBPF programs that don't
respect this rule.
The two key lookup functions should be used in alternative, depending on
the use case. While bpf_lookup_user_key() provides great flexibility, it
seems suboptimal in terms of security guarantees, as even if the eBPF
program is assumed to be trusted, the serial used to obtain the key pointer
might come from untrusted user space not choosing one that the system
administrator approves to enforce a mandatory policy.
bpf_lookup_system_key() instead provides much stronger guarantees,
especially if the pre-determined ID is not passed by user space but is
hardcoded in the eBPF program, and that program is signed. In this case,
bpf_verify_pkcs7_signature() will always perform signature verification
with a key that the system administrator approves, i.e. the primary,
secondary or platform keyring.
Nevertheless, key permission checks need to be done accurately. Since
bpf_lookup_user_key() cannot determine how a key will be used by other
kfuncs, it has to defer the permission check to the actual kfunc using the
key. It does it by calling lookup_user_key() with KEY_DEFER_PERM_CHECK as
needed permission. Later, bpf_verify_pkcs7_signature(), if called,
completes the permission check by calling key_validate(). It does not need
to call key_task_permission() with permission KEY_NEED_SEARCH, as it is
already done elsewhere by the key subsystem. Future kfuncs using the
bpf_key structure need to implement the proper checks as well.
Finally, the last kfunc, bpf_verify_pkcs7_signature(), accepts the data and
signature to verify as eBPF dynamic pointers, to minimize the number of
kfunc parameters, and the keyring with keys for signature verification as a
bpf_key structure, returned by one of the two key lookup functions.
bpf_lookup_user_key() and bpf_verify_pkcs7_signature() can be called only
from sleepable programs, because of memory allocation and crypto
operations. For example, the lsm.s/bpf attach point is suitable,
fexit/array_map_update_elem is not.
The correctness of implementation of the new kfuncs and of their usage is
checked with the introduced tests.
The patch set includes a patch from another author (dependency) for sake of
completeness. It is organized as follows.
Patch 1 from KP Singh allows kfuncs to be used by LSM programs. Patch 2
splits is_dynptr_reg_valid_init() and introduces is_dynptr_type_expected(),
to know more precisely the cause of a negative result of a dynamic pointer
check. Patch 3 allows dynamic pointers to be used as kfunc parameters.
Patch 4 exports bpf_dynptr_get_size(), to obtain the real size of data
carried by a dynamic pointer. Patch 5 makes available for new eBPF kfuncs
and programs some key-related definitions. Patch 6 introduces the
bpf_lookup_*_key() and bpf_key_put() kfuncs. Patch 7 introduces the
bpf_verify_pkcs7_signature() kfunc. Patch 8 changes the testing kernel
configuration to compile everything as built-in. Finally, patches 9-12
introduce the tests.
Changelog
v15:
- Add kfunc_dynptr_param test to deny list for s390x
v14:
- Explain that is_dynptr_type_expected() will be useful also for BTF
(suggested by Joanne)
- Rename KEY_LOOKUP_FLAGS_ALL to KEY_LOOKUP_ALL (suggested by Jarkko)
- Swap declaration of spi and dynptr_type in is_dynptr_type_expected()
(suggested by Joanne)
- Reimplement kfunc dynptr tests with a regular eBPF program instead of
executing them with test_verifier (suggested by Joanne)
- Make key lookup flags as enum so that they are automatically exported
through BTF (suggested by Alexei)
v13:
- Split is_dynptr_reg_valid_init() and introduce is_dynptr_type_expected()
to see if the dynamic pointer type passed as argument to a kfunc is
supported (suggested by Kumar)
- Add forward declaration of struct key in include/linux/bpf.h (suggested
by Song)
- Declare mask for key lookup flags, remove key_lookup_flags_check()
(suggested by Jarkko and KP)
- Allow only certain dynamic pointer types (currently, local) to be passed
as argument to kfuncs (suggested by Kumar)
- For each dynamic pointer parameter in kfunc, additionally check if the
passed pointer is to the stack (suggested by Kumar)
- Split the validity/initialization and dynamic pointer type check also in
the verifier, and adjust the expected error message in the test (a test
for an unexpected dynptr type passed to a helper cannot be added due to
missing suitable helpers, but this case has been tested manually)
- Add verifier tests to check the dynamic pointers passed as argument to
kfuncs (suggested by Kumar)
v12:
- Put lookup_key and verify_pkcs7_sig tests in deny list for s390x (JIT
does not support calling kernel function)
v11:
- Move stringify_struct() macro to include/linux/btf.h (suggested by
Daniel)
- Change kernel configuration options in
tools/testing/selftests/bpf/config* from =m to =y
v10:
- Introduce key_lookup_flags_check() and system_keyring_id_check() inline
functions to check parameters (suggested by KP)
- Fix descriptions and comment of key-related kfuncs (suggested by KP)
- Register kfunc set only once (suggested by Alexei)
- Move needed kernel options to the architecture-independent configuration
for testing
v9:
- Drop patch to introduce KF_SLEEPABLE kfunc flag (already merged)
- Rename valid_ptr member of bpf_key to has_ref (suggested by Daniel)
- Check dynamic pointers in kfunc definition with bpf_dynptr_kern struct
definition instead of string, to detect structure renames (suggested by
Daniel)
- Explicitly say that we permit initialized dynamic pointers in kfunc
definition (suggested by Daniel)
- Remove noinline __weak from kfuncs definition (reported by Daniel)
- Simplify key lookup flags check in bpf_lookup_user_key() (suggested by
Daniel)
- Explain the reason for deferring key permission check (suggested by
Daniel)
- Allocate memory with GFP_ATOMIC in bpf_lookup_system_key(), and remove
KF_SLEEPABLE kfunc flag from kfunc declaration (suggested by Daniel)
- Define only one kfunc set and remove the loop for registration
(suggested by Alexei)
v8:
- Define the new bpf_key structure to carry the key pointer and whether
that pointer is valid or not (suggested by Daniel)
- Drop patch to mark a kfunc parameter with the __maybe_null suffix
- Improve documentation of kfuncs
- Introduce bpf_lookup_system_key() to obtain a key pointer suitable for
verify_pkcs7_signature() (suggested by Daniel)
- Use the new kfunc registration API
- Drop patch to test the __maybe_null suffix
- Add tests for bpf_lookup_system_key()
v7:
- Add support for using dynamic and NULL pointers in kfunc (suggested by
Alexei)
- Add new kfunc-related tests
v6:
- Switch back to key lookup helpers + signature verification (until v5),
and defer permission check from bpf_lookup_user_key() to
bpf_verify_pkcs7_signature()
- Add additional key lookup test to illustrate the usage of the
KEY_LOOKUP_CREATE flag and validate the flags (suggested by Daniel)
- Make description of flags of bpf_lookup_user_key() more user-friendly
(suggested by Daniel)
- Fix validation of flags parameter in bpf_lookup_user_key() (reported by
Daniel)
- Rename bpf_verify_pkcs7_signature() keyring-related parameters to
user_keyring and system_keyring to make their purpose more clear
- Accept keyring-related parameters of bpf_verify_pkcs7_signature() as
alternatives (suggested by KP)
- Replace unsigned long type with u64 in helper declaration (suggested by
Daniel)
- Extend the bpf_verify_pkcs7_signature() test by calling the helper
without data, by ensuring that the helper enforces the keyring-related
parameters as alternatives, by ensuring that the helper rejects
inaccessible and expired keyrings, and by checking all system keyrings
- Move bpf_lookup_user_key() and bpf_key_put() usage tests to
ref_tracking.c (suggested by John)
- Call bpf_lookup_user_key() and bpf_key_put() only in sleepable programs
v5:
- Move KEY_LOOKUP_ to include/linux/key.h
for validation of bpf_verify_pkcs7_signature() parameter
- Remove bpf_lookup_user_key() and bpf_key_put() helpers, and the
corresponding tests
- Replace struct key parameter of bpf_verify_pkcs7_signature() with the
keyring serial and lookup flags
- Call lookup_user_key() and key_put() in bpf_verify_pkcs7_signature()
code, to ensure that the retrieved key is used according to the
permission requested at lookup time
- Clarified keyring precedence in the description of
bpf_verify_pkcs7_signature() (suggested by John)
- Remove newline in the second argument of ASSERT_
- Fix helper prototype regular expression in bpf_doc.py
v4:
- Remove bpf_request_key_by_id(), don't return an invalid pointer that
other helpers can use
- Pass the keyring ID (without ULONG_MAX, suggested by Alexei) to
bpf_verify_pkcs7_signature()
- Introduce bpf_lookup_user_key() and bpf_key_put() helpers (suggested by
Alexei)
- Add lookup_key_norelease test, to ensure that the verifier blocks eBPF
programs which don't decrement the key reference count
- Parse raw PKCS#7 signature instead of module-style signature in the
verify_pkcs7_signature test (suggested by Alexei)
- Parse kernel module in user space and pass raw PKCS#7 signature to the
eBPF program for signature verification
v3:
- Rename bpf_verify_signature() back to bpf_verify_pkcs7_signature() to
avoid managing different parameters for each signature verification
function in one helper (suggested by Daniel)
- Use dynamic pointers and export bpf_dynptr_get_size() (suggested by
Alexei)
- Introduce bpf_request_key_by_id() to give more flexibility to the caller
of bpf_verify_pkcs7_signature() to retrieve the appropriate keyring
(suggested by Alexei)
- Fix test by reordering the gcc command line, always compile sign-file
- Improve helper support check mechanism in the test
v2:
- Rename bpf_verify_pkcs7_signature() to a more generic
bpf_verify_signature() and pass the signature type (suggested by KP)
- Move the helper and prototype declaration under #ifdef so that user
space can probe for support for the helper (suggested by Daniel)
- Describe better the keyring types (suggested by Daniel)
- Include linux/bpf.h instead of vmlinux.h to avoid implicit or
redeclaration
- Make the test selfcontained (suggested by Alexei)
v1:
- Don't define new map flag but introduce simple wrapper of
verify_pkcs7_signature() (suggested by Alexei and KP)
KP Singh (1):
bpf: Allow kfuncs to be used in LSM programs
Roberto Sassu (11):
bpf: Move dynptr type check to is_dynptr_type_expected()
btf: Allow dynamic pointer parameters in kfuncs
bpf: Export bpf_dynptr_get_size()
KEYS: Move KEY_LOOKUP_ to include/linux/key.h and define
KEY_LOOKUP_ALL
bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs
bpf: Add bpf_verify_pkcs7_signature() kfunc
selftests/bpf: Compile kernel with everything as built-in
selftests/bpf: Add verifier tests for bpf_lookup_*_key() and
bpf_key_put()
selftests/bpf: Add additional tests for bpf_lookup_*_key()
selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc
selftests/bpf: Add tests for dynamic pointers parameters in kfuncs
include/linux/bpf.h | 9 +
include/linux/bpf_verifier.h | 5 +
include/linux/btf.h | 9 +
include/linux/key.h | 6 +
include/linux/verification.h | 8 +
kernel/bpf/btf.c | 34 ++
kernel/bpf/helpers.c | 2 +-
kernel/bpf/verifier.c | 35 +-
kernel/trace/bpf_trace.c | 180 ++++++++
security/keys/internal.h | 2 -
tools/testing/selftests/bpf/DENYLIST.s390x | 3 +
tools/testing/selftests/bpf/Makefile | 14 +-
tools/testing/selftests/bpf/config | 32 +-
tools/testing/selftests/bpf/config.x86_64 | 7 +-
.../testing/selftests/bpf/prog_tests/dynptr.c | 2 +-
.../bpf/prog_tests/kfunc_dynptr_param.c | 103 +++++
.../selftests/bpf/prog_tests/lookup_key.c | 112 +++++
.../bpf/prog_tests/verify_pkcs7_sig.c | 399 ++++++++++++++++++
.../bpf/progs/test_kfunc_dynptr_param.c | 57 +++
.../selftests/bpf/progs/test_lookup_key.c | 46 ++
.../bpf/progs/test_verify_pkcs7_sig.c | 100 +++++
tools/testing/selftests/bpf/test_verifier.c | 3 +-
.../selftests/bpf/verifier/ref_tracking.c | 139 ++++++
.../testing/selftests/bpf/verify_sig_setup.sh | 104 +++++
24 files changed, 1376 insertions(+), 35 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/kfunc_dynptr_param.c
create mode 100644 tools/testing/selftests/bpf/prog_tests/lookup_key.c
create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
create mode 100644 tools/testing/selftests/bpf/progs/test_kfunc_dynptr_param.c
create mode 100644 tools/testing/selftests/bpf/progs/test_lookup_key.c
create mode 100644 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c
create mode 100755 tools/testing/selftests/bpf/verify_sig_setup.sh
--
2.25.1
The fix for commit e923b0537d28 ("KVM: selftests: Fix target thread to be migrated in rseq_test")
added a call to gettid() which was only added to glibc-2.30 and fails to
compile with older glibc versions.
rseq_test.c: In function 'main':
rseq_test.c:230:33: warning: implicit declaration of function 'gettid'; did you mean 'getgid'? [-Wimplicit-function-declaration]
(void *)(unsigned long)gettid());
^~~~~~
getgid
Switch the call to syscall(SYS_gettid) which was the original advice in the
gettid(2) NOTES section and which works with both new and older glibc versions.
Fixes: e923b0537d28 ("KVM: selftests: Fix target thread to be migrated in rseq_test")
Cc: stable(a)vger.kernel.org # v5.15
Signed-off-by: Liam Merwick <liam.merwick(a)oracle.com>
---
Verified with glibc-2.28 and glibc-2.34 and ensured test case from e923b0537d28 still passes.
tools/testing/selftests/kvm/rseq_test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/kvm/rseq_test.c b/tools/testing/selftests/kvm/rseq_test.c
index fac248a43666..6f88da7e60be 100644
--- a/tools/testing/selftests/kvm/rseq_test.c
+++ b/tools/testing/selftests/kvm/rseq_test.c
@@ -227,7 +227,7 @@ int main(int argc, char *argv[])
ucall_init(vm, NULL);
pthread_create(&migration_thread, NULL, migration_worker,
- (void *)(unsigned long)gettid());
+ (void *)(unsigned long)syscall(SYS_gettid));
for (i = 0; !done; i++) {
vcpu_run(vcpu);
--
2.31.1
ATTENTION
BUSINESS PARTNER,
I AM LUMAR CASEY WORKING WITH AN INSURANCE FINANCIAL INSTITUTE, WITH
MY POSITION AND PRIVILEGES I WAS ABLE TO SOURCE OUT AN OVER DUE
PAYMENT OF 12.8 MILLION POUNDS THAT IS NOW SECURED WITH A SHIPPING
DIPLOMATIC OUTLET.
I AM SEEKING YOUR PARTNERSHIP TO RECEIVE THIS CONSIGNMENT AS AS MY
PARTNER TO INVEST THIS FUND INTO A PROSPEROUS INVESTMENT VENTURE IN
YOUR COUNTRY.
I AWAIT YOUR REPLY TO ENABLE US PROCEED WITH THIS BUSINESS PARTNERSHIP TOGETHER.
REGARDS,
LUMAR CASEY
On Wed, Sep 07, 2022 at 01:42:16PM +0800, kernel test robot wrote:
Hi!
>
> Hi Kees Cook,
>
> the patch "[PATCH 1/2] fortify: Add run-time WARN for cross-field memcpy()"
> raises a persistent WARNING as below report in our tests.
>
> according to commit message, we understand this is kind of expected. but
> we don't have enough knowledge if it reveals a real issue in kernel source
> code and what the next step could be.
>
> so we still report FYI.
>
> if you think it's unnecessary for us to make out this kind of report, please
> let us know. we will consider how to refine our report rules. Thanks a lot!
>
> below is the full report.
It seems that the idea is to continue reporting these warnings, as they
help us identify the places that need to be audited and determine how to
refactor the code (in case it's a false positive), or how to properly fix
it (in case it's an actual bug).
In this case, it seems that the issue was already addressed by this patch:
https://lore.kernel.org/linux-hardening/20220903043749.3102675-1-keescook@c…
Thanks
--
Gustavo
¿Necesita un préstamo?
Ofrecemos todo tipo de préstamos al 3%, envíenos un correo electrónico ahora si está interesado para obtener más información. solo a través de este correo electrónico: suntrustinvestmentloans(a)gmail.com
Hi, Reinette, thanks for your great contribution for EDMM Linux kernel patch. I am trying to follow the newest patch now, and I have some questions on it.
It seems that `sgx_enclave_restrict_permissions()` is able to do permission restrictions for multiple enclave’s pages. After driver invokes ENCLS[EMODPR] to restrict the page’s permission, it should then invoke ENCLS[ETRACK] and send IPIs to ensure stale TLB entries have been flushed. Only in this way, ENCLU[EACCEPT] inside enclave can only succeed.
Current implementation invokes `sgx_enclave_etrack(encl)` after every `__emodpr(…)` in the for loop. My question is:
Can we move the `sgx_enclave_etrack(encl)` out of the for loop? After doing so, `sgx_enclave_etrack(encl)` is invoked **one** time for multiple enclave pages’ permission restriction, instead of N times (N = `modp -> length / PAGE_SIZE`). We may gain some performance optimization from it.
Please correct my if my understanding is incorrect. Looking forward to your reply and Thanks for your time!
BR,
Bojun
Currently our SVE syscall ABI documentation does not reflect the actual
implemented ABI, it says that register state not shared with FPSIMD
becomes undefined on syscall when in reality we always clear it. Since
changing this would cause a change in the observed kernel behaviour
there is a substantial desire to avoid taking advantage of the
documented ABI so instead let's document what we actually do so it's
clear that it is in reality an ABI.
There has been some pushback on tightening the documentation in the past
but it is hard to see who that helps, it makes the implementation
decisions less clear and makes it harder for people to discover and make
use of the actual ABI. The main practical concern is that qemu's user
mode does not currently flush the registers.
v3:
- Rebase onto v6.0-rc3.
v2:
- Rebase onto v6.0-rc1.
Mark Brown (3):
kselftest/arm64: Correct buffer allocation for SVE Z registers
arm64/sve: Document our actual ABI for clearing registers on syscall
kselftest/arm64: Enforce actual ABI for SVE syscalls
Documentation/arm64/sve.rst | 2 +-
.../testing/selftests/arm64/abi/syscall-abi.c | 61 ++++++++++++-------
2 files changed, 41 insertions(+), 22 deletions(-)
base-commit: b90cb1053190353cc30f0fef0ef1f378ccc063c5
--
2.30.2
This series has a few small enhancements for the existing standalone
floating point stress tests and then builds on those with a kselftest
integrated program which gives those a very quick spin from within
kselftest, as well as having an option to set a custom timeout to allow
for use with longer soak testing. This makes it much easier to get
thorough testing of the floating point state management logic, rather
than requiring custom setup for coverage of the various vector lengths
in the system as is needed at present.
It might be nice in future to extend this to attach to some or all of
the test programs with ptrace and read/write their registers as another
means of potentially triggering race conditions or corruption but that's
definitely another step.
v2:
- Rebase onto v6.0-rc3.
- Announce the results of enumeration before we start everything.
Mark Brown (4):
kselftest/arm64: Always encourage preemption for za-test
kselftest/arm64: Count SIGUSR2 deliveries in FP stress tests
kselftest/arm64: Install signal handlers before output in FP stress
tests
kselftest/arm64: kselftest harness for FP stress tests
tools/testing/selftests/arm64/fp/.gitignore | 1 +
tools/testing/selftests/arm64/fp/Makefile | 5 +-
.../testing/selftests/arm64/fp/asm-offsets.h | 1 +
tools/testing/selftests/arm64/fp/fp-stress.c | 535 ++++++++++++++++++
.../testing/selftests/arm64/fp/fpsimd-test.S | 51 +-
tools/testing/selftests/arm64/fp/sve-test.S | 51 +-
tools/testing/selftests/arm64/fp/za-test.S | 58 +-
7 files changed, 641 insertions(+), 61 deletions(-)
create mode 100644 tools/testing/selftests/arm64/fp/fp-stress.c
base-commit: b90cb1053190353cc30f0fef0ef1f378ccc063c5
--
2.30.2