- Linux-kselftest-mirror - lists.linaro.org

[PATCH 0/2] math: RATIONAL and RATIONAL_KUNIT_TEST improvements

by Geert Uytterhoeven

Hi all, This patch series makes the RATIONAL symbol tristate, so it is not forced builtin if all users are modular, and makes the RATIONAL_KUNIT_TEST depend on RATIONAL, to avoid enabling RATIONAL if there are no real users. Changes compared to v1: - Drop compile-testing and help text for RATIONAL. - Make RATIONAL_KUNIT_TEST depend on RATIONAL. Thanks for your comments! [1] https://lore.kernel.org/r/20210705114633.1500710-1-geert@linux-m68k.org/ Geert Uytterhoeven (2): math: Make RATIONAL tristate math: RATIONAL_KUNIT_TEST should depend on RATIONAL instead of selecting it lib/Kconfig.debug | 3 +-- lib/math/Kconfig | 2 +- lib/math/rational.c | 3 +++ 3 files changed, 5 insertions(+), 3 deletions(-) -- 2.25.1 Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert(a)linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds

3 years, 12 months

2
3
0 0

[PATCH] math: Make RATIONAL tristate

by Geert Uytterhoeven

All but one symbols that select RATIONAL are tristate, but RATIONAL itself is bool. Change it to tristate, so the rational fractions support code can be modular if no builtin code relies on it. While at it, add support for compile-testing and provide a help text. Signed-off-by: Geert Uytterhoeven <geert(a)linux-m68k.org> --- Exposed by commit b6c75c4afceb8bc0 ("lib/math/rational: add Kunit test cases") and CONFIG_KUNIT_ALL_TESTS=m. I'm not so happy RATIONAL_KUNIT_TEST selects RATIONAL, as test code should depend on the presence of the feature to test. Else enabling a test may add unneeded code to a production kernel. Perhaps the "if COMPILE_TEST" should be dropped, making RATIONAL visible, so RATIONAL_KUNIT_TEST can depend on RATIONAL instead? --- lib/math/Kconfig | 5 ++++- lib/math/rational.c | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/math/Kconfig b/lib/math/Kconfig index f19bc9734fa7cc4b..14def252ea7db6e0 100644 --- a/lib/math/Kconfig +++ b/lib/math/Kconfig @@ -14,4 +14,7 @@ config PRIME_NUMBERS If unsure, say N. config RATIONAL - bool + tristate "Rational fractions support" if COMPILE_TEST + help + This option provides support for rational fractions. + This symbol should be selected automatically by drivers that need it. diff --git a/lib/math/rational.c b/lib/math/rational.c index c0ab51d8fbb98d17..ec59d426ea638b0f 100644 --- a/lib/math/rational.c +++ b/lib/math/rational.c @@ -13,6 +13,7 @@ #include <linux/export.h> #include <linux/minmax.h> #include <linux/limits.h> +#include <linux/module.h> /* * calculate best rational approximation for a given fraction @@ -106,3 +107,5 @@ void rational_best_approximation( } EXPORT_SYMBOL(rational_best_approximation); + +MODULE_LICENSE("GPL v2"); -- 2.25.1

3 years, 12 months

2
2
0 0

Re: [PATCH v8 3/8] security/brute: Detect a brute force attack

by Alexander Lobakin

Hi, From: John Wood <john.wood(a)gmx.com> Date: Sat, 5 Jun 2021 17:04:00 +0200 > For a correct management of a fork brute force attack it is necessary to > track all the information related to the application crashes. To do so, > use the extended attributes (xattr) of the executable files and define a > statistical data structure to hold all the necessary information shared > by all the fork hierarchy processes. This info is the number of crashes, > the last crash timestamp and the crash period's moving average. > > The same can be achieved using a pointer to the fork hierarchy > statistical data held by the task_struct structure. But this has an > important drawback: a brute force attack that happens through the execve > system call losts the faults info since these statistics are freed when > the fork hierarchy disappears. Using this method makes not possible to > manage this attack type that can be successfully treated using extended > attributes. > > Also, to avoid false positives during the attack detection it is > necessary to narrow the possible cases. So, only the following scenarios > are taken into account: > > 1.- Launching (fork()/exec()) a setuid/setgid process repeatedly until a > desirable memory layout is got (e.g. Stack Clash). > 2.- Connecting to an exec()ing network daemon (e.g. xinetd) repeatedly > until a desirable memory layout is got (e.g. what CTFs do for simple > network service). > 3.- Launching processes without exec() (e.g. Android Zygote) and > exposing state to attack a sibling. > 4.- Connecting to a fork()ing network daemon (e.g. apache) repeatedly > until the previously shared memory layout of all the other children > is exposed (e.g. kind of related to HeartBleed). > > In each case, a privilege boundary has been crossed: > > Case 1: setuid/setgid process > Case 2: network to local > Case 3: privilege changes > Case 4: network to local > > To mark that a privilege boundary has been crossed it is only necessary > to create a new stats for the executable file via the extended attribute > and only if it has no previous statistical data. This is done using four > different LSM hooks, one per privilege boundary: > > setuid/setgid process --> bprm_creds_from_file hook (based on secureexec > flag). > network to local -------> socket_accept hook (taking into account only > external connections). > privilege changes ------> task_fix_setuid and task_fix_setgid hooks. > > To detect a brute force attack it is necessary that the executable file > statistics be updated in every fatal crash and the most important data > to update is the application crash period. To do so, use the new > "task_fatal_signal" LSM hook added in a previous step. > > The application crash period must be a value that is not prone to change > due to spurious data and follows the real crash period. So, to compute > it, the exponential moving average (EMA) is used. > > Based on the updated statistics two different attacks can be handled. A > slow brute force attack that is detected if the maximum number of faults > per fork hierarchy is reached and a fast brute force attack that is > detected if the application crash period falls below a certain > threshold. > > Moreover, only the signals delivered by the kernel are taken into > account with the exception of the SIGABRT signal since the latter is > used by glibc for stack canary, malloc, etc failures, which may indicate > that a mitigation has been triggered. > > Signed-off-by: John Wood <john.wood(a)gmx.com> > > <snip> > > +static int brute_get_xattr_stats(struct dentry *dentry, struct inode *inode, > + struct brute_stats *stats) > +{ > + int rc; > + struct brute_raw_stats raw_stats; > + > + rc = __vfs_getxattr(dentry, inode, XATTR_NAME_BRUTE, &raw_stats, > + sizeof(raw_stats)); > + if (rc < 0) > + return rc; > + > + stats->faults = le32_to_cpu(raw_stats.faults); > + stats->nsecs = le64_to_cpu(raw_stats.nsecs); > + stats->period = le64_to_cpu(raw_stats.period); > + stats->flags = raw_stats.flags; > + return 0; > +} > > <snip> > > +static int brute_task_execve(struct linux_binprm *bprm, struct file *file) > +{ > + struct dentry *dentry = file_dentry(bprm->file); > + struct inode *inode = file_inode(bprm->file); > + struct brute_stats stats; > + int rc; > + > + inode_lock(inode); > + rc = brute_get_xattr_stats(dentry, inode, &stats); > + if (WARN_ON_ONCE(rc && rc != -ENODATA)) > + goto unlock; I think I caught a problem here. Have you tested this with initramfs? According to init/do_mount.c's init_rootfs()/rootfs_init_fs_context(), when `root=` cmdline parameter is not empty, kernel creates rootfs of type ramfs (tmpfs otherwise). The thing about ramfs is that it doesn't support xattrs. I'm running this v8 on a regular PC with initramfs and having `root=` in cmdline, and Brute doesn't allow the kernel to run any init processes (/init, /sbin/init, ...) with err == -95 (-EOPNOTSUPP) -- I'm getting a WARNING: CPU: 0 PID: 173 at brute_task_execve+0x15d/0x200 <snip> Failed to execute /init (error -95) and so on (and a panic at the end). If I omit `root=` from cmdline, then the kernel runs init process just fine -- I guess because initramfs is then placed inside tmpfs with xattr support. As for me, this ramfs/tmpfs selection based on `root=` presence is ridiculous and I don't see or know any reasons behind that. But that's another story, and ramfs might be not the only one system without xattr support. I think Brute should have a fallback here, e.g. it could simply ignore files from xattr-incapable filesystems instead of such WARNING splats and stuff. > + > + if (rc == -ENODATA && bprm->secureexec) { > + brute_reset_stats(&stats); > + rc = brute_set_xattr_stats(dentry, inode, &stats); > + if (WARN_ON_ONCE(rc)) > + goto unlock; > + } > + > + rc = 0; > +unlock: > + inode_unlock(inode); > + return rc; > +} > + > > <snip> Thanks, Al

3 years, 12 months

2
5
0 0

[PATCH] selftests/sgx: Fix Q1 and Q2 calculation in sigstruct.c

by Jarkko Sakkinen

From: Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> Q1 and Q2 are numbers with *maximum* length of 384 bytes. If the calculated length of Q1 and Q2 is less than 384 bytes, things will go wrong. E.g. if Q2 is 383 bytes, then 1. The bytes of q2 are copied to sigstruct->q2 in calc_q1q2(). 2. The entire sigstruct->q2 is reversed, which results it being 256 * Q2, given that the last byte of sigstruct->q2 is added to before the bytes given by calc_q1q2(). Either change in key or measurement can trigger the bug. E.g. an unmeasured heap could cause a devastating change in Q1 or Q2. Reverse exactly the bytes of Q1 and Q2 in calc_q1q2() before returning to the caller. Link: https://lore.kernel.org/linux-sgx/20210301051836.30738-1-tianjia.zhang@linu… Signed-off-by: Tianjia Zhang <tianjia.zhang(a)linux.alibaba.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- The original patch did a bad job explaining the code change but it turned out making sense. I wrote a new description. tools/testing/selftests/sgx/sigstruct.c | 41 +++++++++++++------------ 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c index dee7a3d6c5a5..92bbc5a15c39 100644 --- a/tools/testing/selftests/sgx/sigstruct.c +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -55,10 +55,27 @@ static bool alloc_q1q2_ctx(const uint8_t *s, const uint8_t *m, return true; } +static void reverse_bytes(void *data, int length) +{ + int i = 0; + int j = length - 1; + uint8_t temp; + uint8_t *ptr = data; + + while (i < j) { + temp = ptr[i]; + ptr[i] = ptr[j]; + ptr[j] = temp; + i++; + j--; + } +} + static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1, uint8_t *q2) { struct q1q2_ctx ctx; + int len; if (!alloc_q1q2_ctx(s, m, &ctx)) { fprintf(stderr, "Not enough memory for Q1Q2 calculation\n"); @@ -89,8 +106,10 @@ static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1, goto out; } - BN_bn2bin(ctx.q1, q1); - BN_bn2bin(ctx.q2, q2); + len = BN_bn2bin(ctx.q1, q1); + reverse_bytes(q1, len); + len = BN_bn2bin(ctx.q2, q2); + reverse_bytes(q2, len); free_q1q2_ctx(&ctx); return true; @@ -152,22 +171,6 @@ static RSA *gen_sign_key(void) return key; } -static void reverse_bytes(void *data, int length) -{ - int i = 0; - int j = length - 1; - uint8_t temp; - uint8_t *ptr = data; - - while (i < j) { - temp = ptr[i]; - ptr[i] = ptr[j]; - ptr[j] = temp; - i++; - j--; - } -} - enum mrtags { MRECREATE = 0x0045544145524345, MREADD = 0x0000000044444145, @@ -367,8 +370,6 @@ bool encl_measure(struct encl *encl) /* BE -> LE */ reverse_bytes(sigstruct->signature, SGX_MODULUS_SIZE); reverse_bytes(sigstruct->modulus, SGX_MODULUS_SIZE); - reverse_bytes(sigstruct->q1, SGX_MODULUS_SIZE); - reverse_bytes(sigstruct->q2, SGX_MODULUS_SIZE); EVP_MD_CTX_destroy(ctx); RSA_free(key); -- 2.32.0

3 years, 12 months

1
0
0 0

[PATCH] selftests: netfilter: Add RFC-7597 Section 5.1 PSID selftests

by Cole Dishington

Add selftests for masquerading into a smaller subset of ports defined by PSID. Signed-off-by: Cole Dishington <Cole.Dishington(a)alliedtelesis.co.nz> --- .../netfilter/nat_masquerade_psid.sh | 158 ++++++++++++++++++ 1 file changed, 158 insertions(+) create mode 100644 tools/testing/selftests/netfilter/nat_masquerade_psid.sh diff --git a/tools/testing/selftests/netfilter/nat_masquerade_psid.sh b/tools/testing/selftests/netfilter/nat_masquerade_psid.sh new file mode 100644 index 000000000000..90e2e5ca4d68 --- /dev/null +++ b/tools/testing/selftests/netfilter/nat_masquerade_psid.sh @@ -0,0 +1,158 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# <:copyright-gpl +# Copyright (C) 2021 Allied Telesis Labs NZ +# +# check that NAT can masquerade using PSID defined ranges. +# +# Setup is: +# +# nsclient1(veth0) -> (veth1)nsrouter(veth2) -> (veth0)nsclient2 +# Setup a nat masquerade rule with psid defined ranges. +# + +# Kselftest framework requirement - SKIP code is 4. +ksft_skip=4 +ret=0 +ns_all="nsclient1 nsrouter nsclient2" + +readonly infile="$(mktemp)" +readonly outfile="$(mktemp)" +readonly datalen=32 +readonly server_port=8080 + +conntrack -V > /dev/null 2>&1 +if [ $? -ne 0 ];then + echo "SKIP: Could not run test without conntrack tool" + exit $ksft_skip +fi + +iptables --version > /dev/null 2>&1 +if [ $? -ne 0 ];then + echo "SKIP: Could not run test without iptables tool" + exit $ksft_skip +fi + +ip -Version > /dev/null 2>&1 +if [ $? -ne 0 ];then + echo "SKIP: Could not run test without ip tool" + exit $ksft_skip +fi + +ipv4() { + echo -n 192.168.$1.$2 +} + +cleanup() { + for n in $ns_all; do ip netns del $n;done + + if [ -f "${outfile}" ]; then + rm "$outfile" + fi + if [ -f "${infile}" ]; then + rm "$infile" + fi +} + +server_listen() { + ip netns exec nsclient2 nc -l -p "$server_port" > "$outfile" & + server_pid=$! + sleep 0.2 +} + +client_connect() { + ip netns exec nsclient1 timeout 2 nc -w 1 -p "$port" $(ipv4 2 2) "$server_port" < $infile +} + +verify_data() { + local _ret=0 + wait "$server_pid" + cmp "$infile" "$outfile" 2>/dev/null + _ret=$? + rm "$outfile" + return $_ret +} + +test_service() { + server_listen + client_connect + verify_data +} + +check_connection() { + entry=$(ip netns exec nsrouter conntrack -p tcp --sport $port -L 2>&1) + entry=${entry##*sport=8080 dport=} + entry=${entry%% *} + [[ "x$(( ($entry & $psid_mask) / $two_power_j ))" = "x$psid" ]] +} + +run_test() { + ip netns exec nsrouter iptables -A FORWARD -i veth1 -j ACCEPT + ip netns exec nsrouter iptables -P FORWARD DROP + ip netns exec nsrouter iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT + ip netns exec nsrouter iptables -t nat --new psid + ip netns exec nsrouter iptables -t nat --insert psid -j MASQUERADE --psid $offset:$psid:$psid_length + ip netns exec nsrouter iptables -t nat -I POSTROUTING -o veth2 -j psid + + # calculate psid mask + two_power_j=$(( $offset / (1 << $psid_length) )) + psid_mask=$(( ( (1 << $psid_length) - 1) * $two_power_j )) + + # Create file + dd if=/dev/urandom of="${infile}" bs="${datalen}" count=1 >/dev/null 2>&1 + + # Test multiple ports + for p in 1 2 3 4 5; do + port=1080$p + + test_service + if [ $? -ne 0 ]; then + ret=1 + break + fi + + check_connection + if [ $? -ne 0 ]; then + ret=1 + break + fi + done + + # tidy up test rules + ip netns exec nsrouter iptables -F + ip netns exec nsrouter iptables -t nat -F + ip netns exec nsrouter iptables -t nat -X psid +} + +for n in $ns_all; do + ip netns add $n + ip -net $n link set lo up +done + +for i in 1 2; do + ip link add veth0 netns nsclient$i type veth peer name veth$i netns nsrouter + + ip -net nsclient$i link set veth0 up + ip -net nsclient$i addr add $(ipv4 $i 2)/24 dev veth0 + + ip -net nsrouter link set veth$i up + ip -net nsrouter addr add $(ipv4 $i 1)/24 dev veth$i +done + +ip -net nsclient1 route add default via $(ipv4 1 1) +ip -net nsclient2 route add default via $(ipv4 2 1) + +ip netns exec nsrouter sysctl -q net.ipv4.conf.all.forwarding=1 + +offset=1024 +psid_length=8 +for psid in 0 52; do + run_test + if [ $? -ne 0 ]; then + break + fi +done + +cleanup +exit $ret -- 2.32.0

3 years, 12 months

1
0
0 0

[PATCH net-next v3 0/3] add benchmark selftest and optimization for ptr_ring

by Yunsheng Lin

Patch 1: add a selftest app to benchmark the performance of ptr_ring. Patch 2: move r->queue[] clearing after r->consumer_head updating. Patch 3: add barrier to ensure the visiblity of r->queue[]. V3: add patch 3 and address most of Michael's comment. V2: add patch 1 and add performance data for patch 2. --- Performance raw data using "perf stat -r" cmd, comparison is also done in patch 2/3. ptr_ring_test_org: patch 1 ptr_ring_test_opt1: patch 1 + patch 2 ptr_ring_test_opt2: patch 1 + patch 2 + patch 3 x86_64(as there is other workload in the x86_64 system, so run 1000 times to get more accurate result): Performance counter stats for './ptr_ring_test_org -s 1000 -m 1 -N 100000000' (1000 runs): 5,291.83 msec task-clock # 1.994 CPUs utilized ( +- 0.41% ) 690 context-switches # 0.130 K/sec ( +- 3.65% ) 8 cpu-migrations # 0.002 K/sec ( +- 5.70% ) 291 page-faults # 0.055 K/sec ( +- 0.05% ) 12,660,040,758 cycles # 2.392 GHz ( +- 0.41% ) 24,202,160,722 instructions # 1.91 insn per cycle ( +- 0.06% ) 3,559,123,597 branches # 672.569 M/sec ( +- 0.07% ) 8,009,010 branch-misses # 0.23% of all branches ( +- 0.11% ) 2.6538 +- 0.0109 seconds time elapsed ( +- 0.41% ) Performance counter stats for './ptr_ring_test_opt1 -s 1000 -m 1 -N 100000000' (1000 runs): 5,064.95 msec task-clock # 1.992 CPUs utilized ( +- 0.55% ) 668 context-switches # 0.132 K/sec ( +- 4.20% ) 9 cpu-migrations # 0.002 K/sec ( +- 4.45% ) 291 page-faults # 0.057 K/sec ( +- 0.06% ) 12,117,262,182 cycles # 2.392 GHz ( +- 0.55% ) 22,586,035,716 instructions # 1.86 insn per cycle ( +- 0.08% ) 3,404,652,345 branches # 672.199 M/sec ( +- 0.10% ) 7,864,190 branch-misses # 0.23% of all branches ( +- 0.16% ) 2.5422 +- 0.0142 seconds time elapsed ( +- 0.56% ) Performance counter stats for './ptr_ring_test_opt2 -s 1000 -m 1 -N 100000000' (1000 runs): 5,105.33 msec task-clock # 1.995 CPUs utilized ( +- 0.47% ) 589 context-switches # 0.115 K/sec ( +- 4.24% ) 11 cpu-migrations # 0.002 K/sec ( +- 4.24% ) 292 page-faults # 0.057 K/sec ( +- 0.04% ) 12,214,160,307 cycles # 2.392 GHz ( +- 0.47% ) 22,756,292,370 instructions # 1.86 insn per cycle ( +- 0.10% ) 3,429,218,233 branches # 671.694 M/sec ( +- 0.12% ) 7,921,984 branch-misses # 0.23% of all branches ( +- 0.15% ) 2.5587 +- 0.0122 seconds time elapsed ( +- 0.47% ) ------------------------------------------------------------------------------------------------- arm64(using taskset to avoid the numa effects): Performance counter stats for 'taskset -c 0-1 ./ptr_ring_test_org -s 1000 -m 1 -N 100000000' (100 runs): 4172.83 msec task-clock # 1.999 CPUs utilized ( +- 0.01% ) 54 context-switches # 0.013 K/sec ( +- 0.29% ) 1 cpu-migrations # 0.000 K/sec 115 page-faults # 0.028 K/sec ( +- 0.16% ) 10848085945 cycles # 2.600 GHz ( +- 0.01% ) 25808501369 instructions # 2.38 insn per cycle ( +- 0.00% ) <not supported> branches 11190266 branch-misses ( +- 0.02% ) 2.087205 +- 0.000130 seconds time elapsed ( +- 0.01% ) Performance counter stats for 'taskset -c 0-1 ./ptr_ring_test_opt1 -s 1000 -m 1 -N 100000000' (100 runs): 3774.91 msec task-clock # 1.999 CPUs utilized ( +- 0.03% ) 50 context-switches # 0.013 K/sec ( +- 0.36% ) 1 cpu-migrations # 0.000 K/sec 114 page-faults # 0.030 K/sec ( +- 0.15% ) 9813658996 cycles # 2.600 GHz ( +- 0.03% ) 23920189000 instructions # 2.44 insn per cycle ( +- 0.01% ) <not supported> branches 10018927 branch-misses ( +- 0.04% ) 1.888224 +- 0.000541 seconds time elapsed ( +- 0.03% ) Performance counter stats for 'taskset -c 0-1 ./ptr_ring_test_opt2 -s 1000 -m 1 -N 100000000' (100 runs): 3785.79 msec task-clock # 1.999 CPUs utilized ( +- 0.03% ) 49 context-switches # 0.013 K/sec ( +- 0.32% ) 1 cpu-migrations # 0.000 K/sec 114 page-faults # 0.030 K/sec ( +- 0.15% ) 9842067534 cycles # 2.600 GHz ( +- 0.03% ) 24074397270 instructions # 2.45 insn per cycle ( +- 0.01% ) <not supported> branches 10091918 branch-misses ( +- 0.04% ) 1.893673 +- 0.000508 seconds time elapsed ( +- 0.03% ) Yunsheng Lin (3): selftests/ptr_ring: add benchmark application for ptr_ring ptr_ring: move r->queue[] clearing after r->consumer_head updating ptr_ring: add barrier to ensure the visiblity of r->queue[] MAINTAINERS | 5 + include/linux/ptr_ring.h | 52 ++++-- tools/testing/selftests/ptr_ring/Makefile | 6 + tools/testing/selftests/ptr_ring/ptr_ring_test.c | 224 +++++++++++++++++++++++ tools/testing/selftests/ptr_ring/ptr_ring_test.h | 130 +++++++++++++ 5 files changed, 399 insertions(+), 18 deletions(-) create mode 100644 tools/testing/selftests/ptr_ring/Makefile create mode 100644 tools/testing/selftests/ptr_ring/ptr_ring_test.c create mode 100644 tools/testing/selftests/ptr_ring/ptr_ring_test.h -- 2.7.4

3 years, 12 months

3
14
0 0

[PATCH 0/4] selftests: add a new test driver for sysfs

by Luis Chamberlain

I had posted a patch to fix a theoretical race with sysfs and device removal [0]. While the issue is no longer present with the patch present, the zram driver has already a lot of enhancements, so much so, that the race alone is very difficult to reproduce. Likewise, the zram driver had a series of other races on module removal which I recently posted fixes for [1], and it makes it unclear if these paper over the possible theoretical sysfs race. Although we even have gdb output from an actual race where this issue presented itself, there are other races which could happen before that and so what we realy need is a clean separate driver where we can experiment and try to reproduce unusual races. This adds such a driver, a new sysfs_test driver, along with a set of new tests for it. We take hint of observed issues with the sysfs on the zram driver, and build sandbox based where wher can try to poke holes at the kernel with. There are two main races we're after trying to reproduce: 1) proving the deadlock is real 2) allowing for enough slack for us to try to see if we can reproduce the syfs / device removal race In order to tackle the second race, we need a bit of help from kernefs, given that the race is difficult to reproduce. So we add fault injection support to kernfs, which allows us to trigger all possible races on write. This should be enough evidence for us to drop the suggested patch for sysfs for the second race. The first race however which leads to a deadlock is clearly explained now and I hope this shows how we need a generic solution. [0] https://lkml.kernel.org/r/20210623215007.862787-1-mcgrof@kernel.org [1] https://lkml.kernel.org/r/20210702043716.2692247-1-mcgrof@kernel.org Luis Chamberlain (4): selftests: add tests_sysfs module kernfs: add initial failure injection support test_sysfs: add support to use kernfs failure injection test_sysfs: demonstrate deadlock fix .../fault-injection/fault-injection.rst | 22 + MAINTAINERS | 9 +- fs/kernfs/Makefile | 1 + fs/kernfs/failure-injection.c | 82 + fs/kernfs/file.c | 13 + fs/kernfs/kernfs-internal.h | 73 + include/linux/kernfs.h | 5 + lib/Kconfig.debug | 23 + lib/Makefile | 1 + lib/test_sysfs.c | 1037 +++++++++++++ tools/testing/selftests/sysfs/Makefile | 12 + tools/testing/selftests/sysfs/config | 5 + tools/testing/selftests/sysfs/sysfs.sh | 1376 +++++++++++++++++ 13 files changed, 2658 insertions(+), 1 deletion(-) create mode 100644 fs/kernfs/failure-injection.c create mode 100644 lib/test_sysfs.c create mode 100644 tools/testing/selftests/sysfs/Makefile create mode 100644 tools/testing/selftests/sysfs/config create mode 100755 tools/testing/selftests/sysfs/sysfs.sh -- 2.27.0

3 years, 12 months

3
9
0 0

Re: [GIT PULL] KUnit update for Linux 5.14-rc1

by pr-tracker-bot＠kernel.org

The pull request you sent on Fri, 2 Jul 2021 10:09:18 -0600: > git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-kunit-fixes-5.14-rc1 has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/a48ad6e7a35dc3f3b521249204daf4c9427628e5 Thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/prtracker.html

3 years, 12 months

1
0
0 0

[GIT PULL] Kselftest update for Linux 5.14-rc1

by Shuah Khan

Hi Linus, Please pull the following Kselftest update for Linux 5.14-rc1. This Kselftest update for Linux 5.14-rc1 consists of fixes to existing tests and framework: -- migrate sgx test to kselftest harness -- add new test cases to sgx test -- ftrace test fix event-no-pid on 1-core machine -- splice test adjust for handler fallback removal diff is attached. Apologies if this message appears to have double spacing. My email client is at fault - I am trying to figure out what changed. thanks, -- Shuah ---------------------------------------------------------------- The following changes since commit d07f6ca923ea0927a1024dfccafc5b53b61cfecc: Linux 5.13-rc2 (2021-05-16 15:27:44 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-next-5.14-rc1 for you to fetch changes up to 4896df9d53ae5521f3ce83751e828ad70bc65c80: selftests/sgx: remove checks for file execute permissions (2021-06-23 18:38:04 -0600) ---------------------------------------------------------------- linux-kselftest-next-5.14-rc1 This Kselftest update for Linux 5.14-rc1 consists of fixes to existing tests and framework: -- migrate sgx test to kselftest harness -- add new test cases to sgx test -- ftrace test fix event-no-pid on 1-core machine -- splice test adjust for handler fallback removal ---------------------------------------------------------------- Dave Hansen (1): selftests/sgx: remove checks for file execute permissions Jarkko Sakkinen (5): selftests/sgx: Rename 'eenter' and 'sgx_call_vdso' selftests/sgx: Migrate to kselftest harness selftests/sgx: Dump enclave memory map selftests/sgx: Add EXPECT_EEXIT() macro selftests/sgx: Refine the test enclave to have storage Kees Cook (3): selftests/tls: Add {} to avoid static checker warning selftests: splice: Adjust for handler fallback removal selftests: lib.mk: Also install "config" and "settings" Krzysztof Kozlowski (1): selftests/ftrace: fix event-no-pid on 1-core machine Po-Hsu Lin (1): selftests: timers: rtcpie: skip test if default RTC device does not exist Xiaochen Shen (1): selftests/resctrl: Fix incorrect parsing of option "-t" .../selftests/ftrace/test.d/event/event-no-pid.tc | 7 + tools/testing/selftests/lib.mk | 1 + tools/testing/selftests/net/tls.c | 3 +- tools/testing/selftests/resctrl/README | 2 +- tools/testing/selftests/resctrl/resctrl_tests.c | 4 +- tools/testing/selftests/sgx/call.S | 6 +- tools/testing/selftests/sgx/defines.h | 10 + tools/testing/selftests/sgx/load.c | 19 +- tools/testing/selftests/sgx/main.c | 239 +++++++++++++-------- tools/testing/selftests/sgx/main.h | 4 +- tools/testing/selftests/sgx/test_encl.c | 19 +- tools/testing/selftests/sgx/test_encl.lds | 3 +- .../testing/selftests/splice/short_splice_read.sh | 119 ++++++++-- tools/testing/selftests/timers/rtcpie.c | 10 +- 14 files changed, 308 insertions(+), 138 deletions(-) ----------------------------------------------------------------

3 years, 12 months

2
1
0 0

[PATCH] KVM: selftests: do not require 64GB in set_memory_region_test

by Christian Borntraeger

Unless the user sets overcommit_memory or has plenty of swap, the latest changes to the testcase will result in ENOMEM failures for hosts with less than 64GB RAM. As we do not use much of the allocated memory, we can use MAP_NORESERVE to avoid this error. Cc: Zenghui Yu <yuzenghui(a)huawei.com> Cc: vkuznets(a)redhat.com Cc: wanghaibin.wang(a)huawei.com Cc: stable(a)vger.kernel.org Fixes: 309505dd5685 ("KVM: selftests: Fix mapping length truncation in m{,un}map()") Signed-off-by: Christian Borntraeger <borntraeger(a)de.ibm.com> --- tools/testing/selftests/kvm/set_memory_region_test.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/set_memory_region_test.c b/tools/testing/selftests/kvm/set_memory_region_test.c index d8812f27648c..d31f54ac4e98 100644 --- a/tools/testing/selftests/kvm/set_memory_region_test.c +++ b/tools/testing/selftests/kvm/set_memory_region_test.c @@ -377,7 +377,8 @@ static void test_add_max_memory_regions(void) (max_mem_slots - 1), MEM_REGION_SIZE >> 10); mem = mmap(NULL, (size_t)max_mem_slots * MEM_REGION_SIZE + alignment, - PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE, -1, 0); TEST_ASSERT(mem != MAP_FAILED, "Failed to mmap() host"); mem_aligned = (void *)(((size_t) mem + alignment - 1) & ~(alignment - 1)); -- 2.31.1

3 years, 12 months

2
1
0 0

[PATCH] selftests/memfd: remove unused variable

by Greg Thelen

Commit 544029862cbb ("selftests/memfd: add tests for F_SEAL_FUTURE_WRITE seal") added an unused variable to mfd_assert_reopen_fd(). Delete the unused variable. Fixes: 544029862cbb ("selftests/memfd: add tests for F_SEAL_FUTURE_WRITE seal") Signed-off-by: Greg Thelen <gthelen(a)google.com> --- tools/testing/selftests/memfd/memfd_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c index 74baab83fec3..192a2899bae8 100644 --- a/tools/testing/selftests/memfd/memfd_test.c +++ b/tools/testing/selftests/memfd/memfd_test.c @@ -56,7 +56,7 @@ static int mfd_assert_new(const char *name, loff_t sz, unsigned int flags) static int mfd_assert_reopen_fd(int fd_in) { - int r, fd; + int fd; char path[100]; sprintf(path, "/proc/self/fd/%d", fd_in); -- 2.32.0.93.g670b81a890-goog

3 years, 12 months

1
0
0 0

[PATCH v2] kunit: tool: Fix error messages for cases of no tests and wrong TAP header

by Rae Moar

This patch addresses misleading error messages reported by kunit_tool in two cases. First, in the case of TAP output having an incorrect header format or missing a header, the parser used to output an error message of 'no tests run!'. Now the parser outputs an error message of 'could not parse test results!'. As an example: Before: $ ./tools/testing/kunit/kunit.py parse /dev/null [ERROR] no tests run! ... After: $ ./tools/testing/kunit/kunit.py parse /dev/null [ERROR] could not parse test results! ... Second, in the case of TAP output with the correct header but no tests, the parser used to output an error message of 'could not parse test results!'. Now the parser outputs an error message of 'no tests run!'. As an example: Before: $ echo -e 'TAP version 14\n1..0' | ./tools/testing/kunit/kunit.py parse [ERROR] could not parse test results! After: $ echo -e 'TAP version 14\n1..0' | ./tools/testing/kunit/kunit.py parse [ERROR] no tests run! Additionally, this patch also corrects the tests in kunit_tool_test.py and adds a test to check the error in the case of TAP output with the correct header but no tests. Signed-off-by: Rae Moar <rmoar(a)google.com> Reviewed-by: David Gow <davidgow(a)google.com> Reviewed-by: Daniel Latypov <dlatypov(a)google.com> --- V1 -> V2: * Simplified log for the test for TAP output with the correct header but no tests * Added examples in commit message of error messages before and after --- tools/testing/kunit/kunit_parser.py | 6 ++++-- tools/testing/kunit/kunit_tool_test.py | 16 +++++++++++++--- ...st_is_test_passed-no_tests_run_no_header.log} | 0 ...t_is_test_passed-no_tests_run_with_header.log | 2 ++ 4 files changed, 19 insertions(+), 5 deletions(-) rename tools/testing/kunit/test_data/{test_is_test_passed-no_tests_run.log => test_is_test_passed-no_tests_run_no_header.log} (100%) create mode 100644 tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log diff --git a/tools/testing/kunit/kunit_parser.py b/tools/testing/kunit/kunit_parser.py index c3c524b79db8..b88db3f51dc5 100644 --- a/tools/testing/kunit/kunit_parser.py +++ b/tools/testing/kunit/kunit_parser.py @@ -338,9 +338,11 @@ def bubble_up_suite_errors(test_suites: Iterable[TestSuite]) -> TestStatus: def parse_test_result(lines: LineStream) -> TestResult: consume_non_diagnostic(lines) if not lines or not parse_tap_header(lines): - return TestResult(TestStatus.NO_TESTS, [], lines) + return TestResult(TestStatus.FAILURE_TO_PARSE_TESTS, [], lines) expected_test_suite_num = parse_test_plan(lines) - if not expected_test_suite_num: + if expected_test_suite_num == 0: + return TestResult(TestStatus.NO_TESTS, [], lines) + elif expected_test_suite_num is None: return TestResult(TestStatus.FAILURE_TO_PARSE_TESTS, [], lines) test_suites = [] for i in range(1, expected_test_suite_num + 1): diff --git a/tools/testing/kunit/kunit_tool_test.py b/tools/testing/kunit/kunit_tool_test.py index bdae0e5f6197..75045aa0f8a1 100755 --- a/tools/testing/kunit/kunit_tool_test.py +++ b/tools/testing/kunit/kunit_tool_test.py @@ -157,8 +157,18 @@ class KUnitParserTest(unittest.TestCase): kunit_parser.TestStatus.FAILURE, result.status) + def test_no_header(self): + empty_log = test_data_path('test_is_test_passed-no_tests_run_no_header.log') + with open(empty_log) as file: + result = kunit_parser.parse_run_tests( + kunit_parser.extract_tap_lines(file.readlines())) + self.assertEqual(0, len(result.suites)) + self.assertEqual( + kunit_parser.TestStatus.FAILURE_TO_PARSE_TESTS, + result.status) + def test_no_tests(self): - empty_log = test_data_path('test_is_test_passed-no_tests_run.log') + empty_log = test_data_path('test_is_test_passed-no_tests_run_with_header.log') with open(empty_log) as file: result = kunit_parser.parse_run_tests( kunit_parser.extract_tap_lines(file.readlines())) @@ -173,7 +183,7 @@ class KUnitParserTest(unittest.TestCase): with open(crash_log) as file: result = kunit_parser.parse_run_tests( kunit_parser.extract_tap_lines(file.readlines())) - print_mock.assert_any_call(StrContains('no tests run!')) + print_mock.assert_any_call(StrContains('could not parse test results!')) print_mock.stop() file.close() @@ -309,7 +319,7 @@ class KUnitJsonTest(unittest.TestCase): result["sub_groups"][1]["test_cases"][0]) def test_no_tests_json(self): - result = self._json_for('test_is_test_passed-no_tests_run.log') + result = self._json_for('test_is_test_passed-no_tests_run_with_header.log') self.assertEqual(0, len(result['sub_groups'])) class StrContains(str): diff --git a/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run.log b/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_no_header.log similarity index 100% rename from tools/testing/kunit/test_data/test_is_test_passed-no_tests_run.log rename to tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_no_header.log diff --git a/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log b/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log new file mode 100644 index 000000000000..5f48ee659d40 --- /dev/null +++ b/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log @@ -0,0 +1,2 @@ +TAP version 14 +1..0 -- 2.32.0.93.g670b81a890-goog

3 years, 12 months

2
1
0 0

[PATCH v8 0/7] Syscall User Dispatch

by Gabriel Krisman Bertazi

Hi, This is v8 of syscall user dispatch. Last version got some acks but there was one small documentation fix I wanted to do, as requested by Florian. This also addresses the commit message fixup Peter requested. The only actual code change from v7 is solving a trivial merge conflict I myself created with the entry code fixup I made week and with something else in the TIP tree. I also shared this with glibc and there wasn't any complaints other than the matter about user-notif vs. siginfo, which was discussed in v7 and the understanding is that it is not necessary now and can be added later, if needed, on the same infrastructure without a new api. I'm not sure about TIP the rules, but is it too late to be queued for the next merge window? I'd love to have this in 5.11 if possible, since it has been flying for quite a while. This is based on tip/master. As usual, a working tree with this patchset is available at: https://gitlab.collabora.com/krisman/linux -b syscall-user-dispatch-v8 Previous submissions are archived at: RFC/v1: https://lkml.org/lkml/2020/7/8/96 v2: https://lkml.org/lkml/2020/7/9/17 v3: https://lkml.org/lkml/2020/7/12/4 v4: https://www.spinics.net/lists/linux-kselftest/msg16377.html v5: https://lkml.org/lkml/2020/8/10/1320 v6: https://lkml.org/lkml/2020/9/4/1122 v7: https://lwn.net/Articles/837598/ Gabriel Krisman Bertazi (7): x86: vdso: Expose sigreturn address on vdso to the kernel signal: Expose SYS_USER_DISPATCH si_code type kernel: Implement selective syscall userspace redirection entry: Support Syscall User Dispatch on common syscall entry selftests: Add kselftest for syscall user dispatch selftests: Add benchmark for syscall user dispatch docs: Document Syscall User Dispatch .../admin-guide/syscall-user-dispatch.rst | 87 +++++ arch/x86/entry/vdso/vdso2c.c | 2 + arch/x86/entry/vdso/vdso32/sigreturn.S | 2 + arch/x86/entry/vdso/vma.c | 15 + arch/x86/include/asm/elf.h | 2 + arch/x86/include/asm/vdso.h | 2 + arch/x86/kernel/signal_compat.c | 2 +- fs/exec.c | 3 + include/linux/entry-common.h | 2 + include/linux/sched.h | 2 + include/linux/syscall_user_dispatch.h | 40 +++ include/linux/thread_info.h | 2 + include/uapi/asm-generic/siginfo.h | 3 +- include/uapi/linux/prctl.h | 5 + kernel/entry/Makefile | 2 +- kernel/entry/common.c | 17 + kernel/entry/common.h | 16 + kernel/entry/syscall_user_dispatch.c | 102 ++++++ kernel/fork.c | 1 + kernel/sys.c | 5 + tools/testing/selftests/Makefile | 1 + .../syscall_user_dispatch/.gitignore | 3 + .../selftests/syscall_user_dispatch/Makefile | 9 + .../selftests/syscall_user_dispatch/config | 1 + .../syscall_user_dispatch/sud_benchmark.c | 200 +++++++++++ .../syscall_user_dispatch/sud_test.c | 310 ++++++++++++++++++ 26 files changed, 833 insertions(+), 3 deletions(-) create mode 100644 Documentation/admin-guide/syscall-user-dispatch.rst create mode 100644 include/linux/syscall_user_dispatch.h create mode 100644 kernel/entry/common.h create mode 100644 kernel/entry/syscall_user_dispatch.c create mode 100644 tools/testing/selftests/syscall_user_dispatch/.gitignore create mode 100644 tools/testing/selftests/syscall_user_dispatch/Makefile create mode 100644 tools/testing/selftests/syscall_user_dispatch/config create mode 100644 tools/testing/selftests/syscall_user_dispatch/sud_benchmark.c create mode 100644 tools/testing/selftests/syscall_user_dispatch/sud_test.c -- 2.29.2

3 years, 12 months

6
17
0 0

[PATCH] kunit: tool: Fix error messages for cases of no tests and wrong TAP header

by Rae Moar

This patch addresses misleading error messages reported by kunit_tool in two cases. First, in the case of TAP output having an incorrect header format or missing a header, the parser used to output an error message of 'no tests run!'. Now the parser outputs an error message of 'could not parse test results!'. As an example: Before: $ ./tools/testing/kunit/kunit.py parse /dev/null [ERROR] no tests run! ... After: $ ./tools/testing/kunit/kunit.py parse /dev/null [ERROR] could not parse test results! ... Second, in the case of TAP output with the correct header but no tests, the parser used to output an error message of 'could not parse test results!'. Now the parser outputs an error message of 'no tests run!'. As an example: Before: $ echo -e 'TAP version 14\n1..0' | ./tools/testing/kunit/kunit.py parse [ERROR] could not parse test results! After: $ echo -e 'TAP version 14\n1..0' | ./tools/testing/kunit/kunit.py parse [ERROR] no tests run! Additionally, this patch also corrects the tests in kunit_tool_test.py and adds a test to check the error in the case of TAP output with the correct header but no tests (the log for this test was simplified from the first version of this patch). Signed-off-by: Rae Moar <rmoar(a)google.com> --- tools/testing/kunit/kunit_parser.py | 6 ++++-- tools/testing/kunit/kunit_tool_test.py | 16 +++++++++++++--- ...st_is_test_passed-no_tests_run_no_header.log} | 0 ...t_is_test_passed-no_tests_run_with_header.log | 2 ++ 4 files changed, 19 insertions(+), 5 deletions(-) rename tools/testing/kunit/test_data/{test_is_test_passed-no_tests_run.log => test_is_test_passed-no_tests_run_no_header.log} (100%) create mode 100644 tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log diff --git a/tools/testing/kunit/kunit_parser.py b/tools/testing/kunit/kunit_parser.py index c3c524b79db8..b88db3f51dc5 100644 --- a/tools/testing/kunit/kunit_parser.py +++ b/tools/testing/kunit/kunit_parser.py @@ -338,9 +338,11 @@ def bubble_up_suite_errors(test_suites: Iterable[TestSuite]) -> TestStatus: def parse_test_result(lines: LineStream) -> TestResult: consume_non_diagnostic(lines) if not lines or not parse_tap_header(lines): - return TestResult(TestStatus.NO_TESTS, [], lines) + return TestResult(TestStatus.FAILURE_TO_PARSE_TESTS, [], lines) expected_test_suite_num = parse_test_plan(lines) - if not expected_test_suite_num: + if expected_test_suite_num == 0: + return TestResult(TestStatus.NO_TESTS, [], lines) + elif expected_test_suite_num is None: return TestResult(TestStatus.FAILURE_TO_PARSE_TESTS, [], lines) test_suites = [] for i in range(1, expected_test_suite_num + 1): diff --git a/tools/testing/kunit/kunit_tool_test.py b/tools/testing/kunit/kunit_tool_test.py index bdae0e5f6197..75045aa0f8a1 100755 --- a/tools/testing/kunit/kunit_tool_test.py +++ b/tools/testing/kunit/kunit_tool_test.py @@ -157,8 +157,18 @@ class KUnitParserTest(unittest.TestCase): kunit_parser.TestStatus.FAILURE, result.status) + def test_no_header(self): + empty_log = test_data_path('test_is_test_passed-no_tests_run_no_header.log') + with open(empty_log) as file: + result = kunit_parser.parse_run_tests( + kunit_parser.extract_tap_lines(file.readlines())) + self.assertEqual(0, len(result.suites)) + self.assertEqual( + kunit_parser.TestStatus.FAILURE_TO_PARSE_TESTS, + result.status) + def test_no_tests(self): - empty_log = test_data_path('test_is_test_passed-no_tests_run.log') + empty_log = test_data_path('test_is_test_passed-no_tests_run_with_header.log') with open(empty_log) as file: result = kunit_parser.parse_run_tests( kunit_parser.extract_tap_lines(file.readlines())) @@ -173,7 +183,7 @@ class KUnitParserTest(unittest.TestCase): with open(crash_log) as file: result = kunit_parser.parse_run_tests( kunit_parser.extract_tap_lines(file.readlines())) - print_mock.assert_any_call(StrContains('no tests run!')) + print_mock.assert_any_call(StrContains('could not parse test results!')) print_mock.stop() file.close() @@ -309,7 +319,7 @@ class KUnitJsonTest(unittest.TestCase): result["sub_groups"][1]["test_cases"][0]) def test_no_tests_json(self): - result = self._json_for('test_is_test_passed-no_tests_run.log') + result = self._json_for('test_is_test_passed-no_tests_run_with_header.log') self.assertEqual(0, len(result['sub_groups'])) class StrContains(str): diff --git a/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run.log b/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_no_header.log similarity index 100% rename from tools/testing/kunit/test_data/test_is_test_passed-no_tests_run.log rename to tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_no_header.log diff --git a/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log b/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log new file mode 100644 index 000000000000..5f48ee659d40 --- /dev/null +++ b/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log @@ -0,0 +1,2 @@ +TAP version 14 +1..0 -- 2.32.0.93.g670b81a890-goog

4 years

2
1
0 0

[PATCH v1 0/4] Landlock filesystem caching

by Mickaël Salaün

Hi, The goal of this patch series is to reduce the performance impact of walking through a lot of files while being landlocked. Indeed, because of the unprivileged nature of Landlock, each file access implies to check access granted to each directory of the path, which slows down open time. Currently, openat(2) calls spend more than 22% of their time in hook_file_open(). The performance impact for a common worth case scenario is significantly reduced thanks to this patch series, theoretically going from O(n) with n as the depth of a path, to O(1) (cf. benchmarks in the caching patch). This series adds a new security hook (resolve_path_at) and uses it to implement access caching in Landlock. I'm planning to build on top of that for other improvements (using task's working directory and task's root directory) but that will require other hook changes. This new hook is also a first step to be able to securely restrict file descriptors used for path resolution (e.g. dirfd in openat2). Caching may be difficult to get right especially for security checks. I extended the current tests and I'm still working on new ones. If you have test/attack scenarios, please share them. I would really appreciate constructive reviews for these critical changes. This series can be applied on top of v5.13 . Regards, Mickaël Salaün (4): fs,security: Add resolve_path_at() hook landlock: Add filesystem rule caching selftests/landlock: Work in a temporary directory selftests/landlock: Check all possible intermediate directories fs/namei.c | 9 + include/linux/lsm_hook_defs.h | 2 + include/linux/lsm_hooks.h | 8 + include/linux/security.h | 9 + security/landlock/cache.h | 77 +++++++ security/landlock/cred.c | 15 +- security/landlock/cred.h | 20 +- security/landlock/fs.c | 224 +++++++++++++++++++-- security/landlock/fs.h | 29 +++ security/landlock/setup.c | 2 + security/security.c | 6 + tools/testing/selftests/landlock/fs_test.c | 205 ++++++++++++++----- 12 files changed, 544 insertions(+), 62 deletions(-) create mode 100644 security/landlock/cache.h base-commit: 62fb9874f5da54fdb243003b386128037319b219 -- 2.32.0

4 years

1
4
0 0

[PATCH] kselftest/kselftest_harness.h: do not redefine ARRAY_SIZE

by Peter Oskolkov

Macro ARRAY_SIZE is defined in tools/include/linux/kernel.h, so if both headers are included there is a warning. Signed-off-by: Peter Oskolkov <posk(a)google.com> --- tools/testing/selftests/kselftest_harness.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests/kselftest_harness.h b/tools/testing/selftests/kselftest_harness.h index ae0f0f33b2a6..75164e23f036 100644 --- a/tools/testing/selftests/kselftest_harness.h +++ b/tools/testing/selftests/kselftest_harness.h @@ -671,7 +671,9 @@ #define EXPECT_STRNE(expected, seen) \ __EXPECT_STR(expected, seen, !=, 0) +#ifndef ARRAY_SIZE #define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0])) +#endif /* Support an optional handler after and ASSERT_* or EXPECT_*. The approach is * not thread-safe, but it should be fine in most sane test scenarios. -- 2.32.0.93.g670b81a890-goog

4 years

2
1
0 0

[PATCH 0/1] add KSM selftests

by Zhansaya Bagdauletkyzy

As a part of the Outreachy internship project, add unit tests for Kernel Samepage Merging. More tests to be added later; they would focus on unmerging, handling zero pages and pages in different NUMA nodes. Zhansaya Bagdauletkyzy (1): selftests: vm: add KSM tests tools/testing/selftests/vm/.gitignore | 1 + tools/testing/selftests/vm/Makefile | 1 + tools/testing/selftests/vm/ksm_tests.c | 289 ++++++++++++++++++++++ tools/testing/selftests/vm/run_vmtests.sh | 16 ++ 4 files changed, 307 insertions(+) create mode 100644 tools/testing/selftests/vm/ksm_tests.c -- 2.25.1

4 years

1
1
0 0

[PATCH v6 23/26] selftest/x86/amx: Test cases for the AMX state management

by Chang S. Bae

This selftest verifies that the XSTATE arch_prctl works for AMX state and that a forked task has the AMX state in the INIT-state. In addition, this test verifies that the kernel correctly context switches unique AMX data, when multiple threads are using AMX. The test also verifies that ptrace() can insert data into existing threads. Finally, add a test case to verify that unused states are excluded, by leaving a known pattern on the signal stack and verifying that it is still intact after taking a subsequent signal. These test cases do not depend on AMX compiler support, as they employ userspace-XSAVE directly to access AMX state. Signed-off-by: Chang S. Bae <chang.seok.bae(a)intel.com> Reviewed-by: Len Brown <len.brown(a)intel.com> Cc: linux-kernel(a)vger.kernel.org Cc: linux-kselftest(a)vger.kernel.org --- Changes from v5: * Adjusted arch_prctl for the updated ABI. * Added test for the dynamic signal xstate buffer. * Fixed XSAVE buffer's header data. Changes from v4: * Added test for arch_prctl. * Excluded tile config details to focus on testing the kernel's ability to manage dynamic user state. * Removed tile instructions. * Simplified the fork() and ptrace() test routine. * Massaged the changelog. Changes from v2: * Updated the test messages and the changelog as tile data is not inherited to a child anymore. * Removed bytecode for the instructions already supported by binutils. * Changed to check the XSAVE availability in a reliable way. Changes from v1: * Removed signal testing code --- tools/testing/selftests/x86/Makefile | 2 +- tools/testing/selftests/x86/amx.c | 859 +++++++++++++++++++++++++++ 2 files changed, 860 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/x86/amx.c diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests/x86/Makefile index b4142cd1c5c2..8a1f62ab3c8e 100644 --- a/tools/testing/selftests/x86/Makefile +++ b/tools/testing/selftests/x86/Makefile @@ -18,7 +18,7 @@ TARGETS_C_32BIT_ONLY := entry_from_vm86 test_syscall_vdso unwind_vdso \ test_FCMOV test_FCOMI test_FISTTP \ vdso_restorer TARGETS_C_64BIT_ONLY := fsgsbase sysret_rip syscall_numbering \ - corrupt_xstate_header + corrupt_xstate_header amx # Some selftests require 32bit support enabled also on 64bit systems TARGETS_C_32BIT_NEEDED := ldt_gdt ptrace_syscall diff --git a/tools/testing/selftests/x86/amx.c b/tools/testing/selftests/x86/amx.c new file mode 100644 index 000000000000..57d8048e70b4 --- /dev/null +++ b/tools/testing/selftests/x86/amx.c @@ -0,0 +1,859 @@ +// SPDX-License-Identifier: GPL-2.0 + +#define _GNU_SOURCE +#include <err.h> +#include <errno.h> +#include <elf.h> +#include <pthread.h> +#include <setjmp.h> +#include <stdio.h> +#include <string.h> +#include <stdbool.h> +#include <unistd.h> +#include <x86intrin.h> + +#include <linux/futex.h> + +#include <sys/ptrace.h> +#include <sys/shm.h> +#include <sys/syscall.h> +#include <sys/wait.h> +#include <sys/uio.h> + + +#ifndef __x86_64__ +# error This test is 64-bit only +#endif + +static inline uint64_t __xgetbv(uint32_t index) +{ + uint32_t eax, edx; + + asm volatile("xgetbv;" + : "=a" (eax), "=d" (edx) + : "c" (index)); + return eax + ((uint64_t)edx << 32); +} + +static inline void __cpuid(uint32_t *eax, uint32_t *ebx, uint32_t *ecx, uint32_t *edx) +{ + asm volatile("cpuid;" + : "=a" (*eax), "=b" (*ebx), "=c" (*ecx), "=d" (*edx) + : "0" (*eax), "2" (*ecx)); +} + +static inline void __xsave(void *buffer, uint32_t lo, uint32_t hi) +{ + asm volatile("xsave (%%rdi)" + : : "D" (buffer), "a" (lo), "d" (hi) + : "memory"); +} + +static inline void __xrstor(void *buffer, uint32_t lo, uint32_t hi) +{ + asm volatile("xrstor (%%rdi)" + : : "D" (buffer), "a" (lo), "d" (hi)); +} + +static void sethandler(int sig, void (*handler)(int, siginfo_t *, void *), + int flags) +{ + struct sigaction sa; + + memset(&sa, 0, sizeof(sa)); + sa.sa_sigaction = handler; + sa.sa_flags = SA_SIGINFO | flags; + sigemptyset(&sa.sa_mask); + if (sigaction(sig, &sa, 0)) + err(1, "sigaction"); +} + +static void clearhandler(int sig) +{ + struct sigaction sa; + + memset(&sa, 0, sizeof(sa)); + sa.sa_handler = SIG_DFL; + sigemptyset(&sa.sa_mask); + if (sigaction(sig, &sa, 0)) + err(1, "sigaction"); +} + +static jmp_buf jmpbuf; + +/* Hardware info check: */ + +static bool xsave_disabled; + +static void handle_sigill(int sig, siginfo_t *si, void *ctx_void) +{ + xsave_disabled = true; + siglongjmp(jmpbuf, 1); +} + +#define XFEATURE_XTILECFG 17 +#define XFEATURE_XTILEDATA 18 +#define XFEATURE_MASK_XTILECFG (1 << XFEATURE_XTILECFG) +#define XFEATURE_MASK_XTILEDATA (1 << XFEATURE_XTILEDATA) +#define XFEATURE_MASK_XTILE (XFEATURE_MASK_XTILECFG | XFEATURE_MASK_XTILEDATA) + +static inline bool check_xsave_capability(void) +{ + sethandler(SIGILL, handle_sigill, 0); + + if ((!sigsetjmp(jmpbuf, 1)) && (__xgetbv(0) & XFEATURE_MASK_XTILEDATA)) { + clearhandler(SIGILL); + return true; + } + + clearhandler(SIGILL); + return false; +} + +static uint32_t xsave_size; + +static uint32_t xsave_xtiledata_offset; +static uint32_t xsave_xtiledata_size; + +static uint32_t xsave_xtilecfg_offset; +static uint32_t xsave_xtilecfg_size; + +#define XSTATE_CPUID 0xd +#define XSTATE_USER_STATE_SUBLEAVE 0x0 + +static void check_cpuid(void) +{ + uint32_t eax, ebx, ecx, edx; + + eax = XSTATE_CPUID; + ecx = XSTATE_USER_STATE_SUBLEAVE; + + __cpuid(&eax, &ebx, &ecx, &edx); + if (!ebx) + err(1, "xstate cpuid: xsave size"); + + xsave_size = ebx; + + eax = XSTATE_CPUID; + ecx = XFEATURE_XTILECFG; + + __cpuid(&eax, &ebx, &ecx, &edx); + if (!eax || !ebx) + err(1, "xstate cpuid: tile config state"); + + xsave_xtilecfg_size = eax; + xsave_xtilecfg_offset = ebx; + + eax = XSTATE_CPUID; + ecx = XFEATURE_XTILEDATA; + + __cpuid(&eax, &ebx, &ecx, &edx); + if (!eax || !ebx) + err(1, "xstate cpuid: tile data state"); + + xsave_xtiledata_size = eax; + xsave_xtiledata_offset = ebx; +} + +/* The helpers for managing XSAVE buffer and tile states: */ + +#define XSAVE_HDR_OFFSET 512 +#define XSAVE_HDR_SIZE 64 + +static inline void clr_xstatehdr(void *xsave) +{ + memset(xsave + XSAVE_HDR_OFFSET, 0, XSAVE_HDR_SIZE); +} + +static inline uint64_t get_xstatebv(void *xsave) +{ + return *(uint64_t *)(xsave + XSAVE_HDR_OFFSET); +} + +static inline void set_xstatebv(void *xsave, uint64_t bv) +{ + *(uint64_t *)(xsave + XSAVE_HDR_OFFSET) = bv; +} + +static void set_rand_tiledata(void *tiledata) +{ + int *ptr = tiledata; + int data = rand(); + int i; + + for (i = 0; i < xsave_xtiledata_size / sizeof(int); i++, ptr++) + *ptr = data; +} + +static void *xsave_buffer, *tiledata; +static int nerrs, errs; + +/* See 'struct _fpx_sw_bytes' at sigcontext.h */ +#define SW_BYTES_OFFSET 464 +/* N.B. The struct's field name varies so read from the offset. */ +#define SW_BYTES_BV_OFFSET SW_BYTES_OFFSET + 8 + +static inline struct _fpx_sw_bytes *get_fpx_sw_bytes(void *xsave) +{ + return (struct _fpx_sw_bytes *)(xsave + SW_BYTES_OFFSET); +} + +static inline uint64_t get_fpx_sw_bytes_xstatebv(void *xsave) +{ + return *(uint64_t *)(xsave + SW_BYTES_BV_OFFSET); +} + +static volatile bool sigsegved; + +static void handle_sigsegv(int sig, siginfo_t *si, void *ctx_void) +{ + ucontext_t *ctx = (ucontext_t*)ctx_void; + void *xsave = ctx->uc_mcontext.fpregs; + struct _fpx_sw_bytes *sw_bytes; + + printf("\tAt SIGSEGV handler,\n"); + + sw_bytes = get_fpx_sw_bytes(xsave); + if (!(sw_bytes->xstate_size < xsave_xtiledata_offset) && + !(get_fpx_sw_bytes_xstatebv(xsave) & XFEATURE_MASK_XTILEDATA)) { + printf("[OK]\tValid xstate size and mask in the SW data of xstate buffer.\n"); + } else { + errs++; + printf("[FAIL]\tInvalid xstate size and/or mask in the SW data of xstate buf.\n"); + } + + sigsegved = true; + ctx->uc_mcontext.gregs[REG_RIP] += 3; /* Skip the faulting XRSTOR */ +} + +/* Return true if XRSTOR is successful; otherwise, false. */ +static bool inline xrstor(void *buffer, uint32_t lo, uint32_t hi) +{ + sigsegved = false; + __xrstor(buffer, lo, hi); + return !sigsegved; +} + +/* arch_prctl test */ + +#define ARCH_ENABLE_XSTATE 0x1020 + +#define TEST_EXECV_ARG "nested" + +static void test_arch_prctl(int argc, char **argv) +{ + pid_t parent, child, grandchild; + + parent = fork(); + if (parent < 0) { + err(1, "fork"); + } else if (parent > 0) { + int status; + + wait(&status); + if (!WIFEXITED(status) || WEXITSTATUS(status)) + err(1, "arch_prctl test parent exit"); + return; + } + + printf("[RUN]\tCheck ARCH_ENABLE_XSTATE around process fork().\n"); + + printf("\tFork a child.\n"); + child = fork(); + if (child < 0) { + err(1, "fork"); + } else if (child > 0) { + int status; + + syscall(SYS_arch_prctl, ARCH_ENABLE_XSTATE, 0); + printf("\tDo ARCH_ENABLE_XSTATE at parent\n"); + + wait(&status); + if (!WIFEXITED(status) || WEXITSTATUS(status)) + err(1, "arch_prctl test child exit"); + _exit(0); + } + + clr_xstatehdr(xsave_buffer); + set_xstatebv(xsave_buffer, XFEATURE_MASK_XTILEDATA); + set_rand_tiledata(xsave_buffer + xsave_xtiledata_offset); + + printf("\tLoad tile data without ARCH_ENABLE_XSTATE at child.\n"); + if (xrstor(xsave_buffer, -1, -1)) { + nerrs++; + printf("[FAIL]\tSucceeded at child.\n"); + } else { + printf("[OK]\tBlocked at child.\n"); + } + + printf("\tDo ARCH_ENABLE_XSTATE at child.\n"); + syscall(SYS_arch_prctl, ARCH_ENABLE_XSTATE, 0); + + printf("\tLoad tile data with ARCH_ENABLE_XSTATE at child:\n"); + sigsegved = false; + if (xrstor(xsave_buffer, -1, -1)) { + printf("[OK]\tSucceeded at child.\n"); + } else { + nerrs++; + printf("[FAIL]\tBlocked at child.\n"); + } + + printf("\tFork a grandchild.\n"); + grandchild = fork(); + if (grandchild < 0) { + err(1, "fork"); + } else if (!grandchild) { + char *args[] = {argv[0], TEST_EXECV_ARG, NULL}; + + if (xrstor(xsave_buffer, -1, -1)) { + printf("[OK]\tSucceeded at grandchild.\n"); + } else { + nerrs++; + printf("[FAIL]\tBlocked at grandchild.\n"); + } + nerrs += execv(args[0], args); + } else { + int status; + + wait(&status); + if (!WIFEXITED(status) || WEXITSTATUS(status)) + err(1, "fork test grandchild"); + } + _exit(0); +} + +/* Testing tile data inheritance */ + +static void test_fork(void) +{ + pid_t child, grandchild; + + child = fork(); + if (child < 0) { + err(1, "fork"); + } else if (child > 0) { + int status; + + wait(&status); + if (!WIFEXITED(status) || WEXITSTATUS(status)) + err(1, "fork test child"); + return; + } + + printf("[RUN]\tCheck tile data inheritance.\n\tBefore fork(), load tile data -- yes:\n"); + + clr_xstatehdr(xsave_buffer); + set_xstatebv(xsave_buffer, XFEATURE_MASK_XTILE); + set_rand_tiledata(xsave_buffer + xsave_xtiledata_offset); + memset(xsave_buffer + xsave_xtilecfg_offset, 1, xsave_xtilecfg_size); + xrstor(xsave_buffer, -1, -1); + + grandchild = fork(); + if (grandchild < 0) { + err(1, "fork"); + } else if (grandchild > 0) { + int status; + + wait(&status); + if (!WIFEXITED(status) || WEXITSTATUS(status)) + err(1, "fork test grand child"); + _exit(0); + } + + if (__xgetbv(1) & XFEATURE_MASK_XTILE) { + nerrs++; + printf("[FAIL]\tIn a child, AMX state is not initialized.\n"); + } else { + printf("[OK]\tIn a child, AMX state is initialized.\n"); + } + _exit(0); +} + +/* Context switching test */ + +#define ITERATIONS 10 +#define NUM_THREADS 5 + +struct futex_info { + int current; + int *futex; + int next; +}; + +static inline void command_wait(struct futex_info *info, int value) +{ + do { + sched_yield(); + } while (syscall(SYS_futex, info->futex, FUTEX_WAIT, value, 0, 0, 0)); +} + +static inline void command_wake(struct futex_info *info, int value) +{ + do { + *info->futex = value; + while (!syscall(SYS_futex, info->futex, FUTEX_WAKE, 1, 0, 0, 0)) + sched_yield(); + } while (0); +} + +static inline int get_iterative_value(int id) +{ + return ((id << 1) & ~0x1); +} + +static inline int get_endpoint_value(int id) +{ + return ((id << 1) | 0x1); +} + +static void *check_tiledata(void *info) +{ + struct futex_info *finfo = (struct futex_info *)info; + void *xsave, *tiledata; + int i; + + xsave = aligned_alloc(64, xsave_size); + if (!xsave) + err(1, "aligned_alloc()"); + + tiledata = malloc(xsave_xtiledata_size); + if (!tiledata) + err(1, "malloc()"); + + set_xstatebv(xsave, XFEATURE_MASK_XTILEDATA); + set_rand_tiledata(xsave + xsave_xtiledata_offset); + xrstor(xsave, -1, -1); + memcpy(tiledata, xsave + xsave_xtiledata_offset, xsave_xtiledata_size); + + for (i = 0; i < ITERATIONS; i++) { + command_wait(finfo, get_iterative_value(finfo->current)); + + __xsave(xsave, XFEATURE_MASK_XTILEDATA, 0); + if (memcmp(tiledata, xsave + xsave_xtiledata_offset, xsave_xtiledata_size)) + errs++; + + set_rand_tiledata(xsave + xsave_xtiledata_offset); + xrstor(xsave, -1, -1); + memcpy(tiledata, xsave + xsave_xtiledata_offset, xsave_xtiledata_size); + + command_wake(finfo, get_iterative_value(finfo->next)); + } + + command_wait(finfo, get_endpoint_value(finfo->current)); + + free(xsave); + free(tiledata); + return NULL; +} + +static int create_threads(int num, struct futex_info *finfo) +{ + const int shm_id = shmget(IPC_PRIVATE, sizeof(int), IPC_CREAT | 0666); + int *futex = shmat(shm_id, NULL, 0); + pthread_t thread; + int i; + + for (i = 0; i < num; i++) { + finfo[i].futex = futex; + finfo[i].current = i + 1; + finfo[i].next = (i + 2) % (num + 1); + + if (pthread_create(&thread, NULL, check_tiledata, &finfo[i])) + err(1, "pthread_create()"); + } + return 0; +} + +static void test_context_switch(void) +{ + struct futex_info *finfo; + int i; + + printf("[RUN]\tCheck tile data context switches.\n"); + printf("\t# of context switches -- %u, # of threads -- %d:\n", + ITERATIONS * NUM_THREADS, NUM_THREADS); + + errs = 0; + + finfo = malloc(sizeof(*finfo) * NUM_THREADS); + if (!finfo) + err(1, "malloc()"); + + create_threads(NUM_THREADS, finfo); + + for (i = 0; i < ITERATIONS; i++) { + command_wake(finfo, get_iterative_value(1)); + command_wait(finfo, get_iterative_value(0)); + } + + for (i = 1; i <= NUM_THREADS; i++) + command_wake(finfo, get_endpoint_value(i)); + + if (errs) { + nerrs += errs; + printf("[FAIL]\tIncorrect cases were found -- (%d / %u).\n", + errs, ITERATIONS * NUM_THREADS); + } else { + printf("[OK]\tNo incorrect case was found.\n"); + } + + free(finfo); + return; +} + +/* Ptrace test */ + +static bool allow_ptracee_dynstate; + +static int write_tiledata(pid_t child) +{ + struct iovec iov; + + iov.iov_base = xsave_buffer; + iov.iov_len = xsave_size; + + clr_xstatehdr(xsave_buffer); + set_xstatebv(xsave_buffer, XFEATURE_MASK_XTILEDATA); + set_rand_tiledata(xsave_buffer + xsave_xtiledata_offset); + memcpy(tiledata, xsave_buffer + xsave_xtiledata_offset, xsave_xtiledata_size); + + if (ptrace(PTRACE_SETREGSET, child, (uint32_t)NT_X86_XSTATE, &iov)) + err(1, "PTRACE_SETREGSET"); + + if (ptrace(PTRACE_GETREGSET, child, (uint32_t)NT_X86_XSTATE, &iov)) + err(1, "PTRACE_GETREGSET"); + + return memcmp(tiledata, xsave_buffer + xsave_xtiledata_offset, xsave_xtiledata_size); +} + +static void test_tile_write(void) +{ + pid_t child; + int status; + + child = fork(); + if (child < 0) { + err(1, "fork"); + } else if (!child) { + if (allow_ptracee_dynstate) + syscall(SYS_arch_prctl, ARCH_ENABLE_XSTATE, 0); + + if (ptrace(PTRACE_TRACEME, 0, NULL, NULL)) + err(1, "PTRACE_TRACEME"); + + raise(SIGTRAP); + _exit(0); + } + + do { + wait(&status); + } while (WSTOPSIG(status) != SIGTRAP); + + printf("\tInject tile data %s ARCH_ENABLE_XSTATE\n", + allow_ptracee_dynstate ? "with" : "without"); + errs = write_tiledata(child); + if (errs) { + nerrs++; + printf("[%s]\tTile data was not written on ptracee.\n", + allow_ptracee_dynstate ? "FAIL" : "OK"); + } else { + printf("[%s]\tTile data was written on ptracee.\n", + allow_ptracee_dynstate ? "OK" : "FAIL"); + } + + ptrace(PTRACE_DETACH, child, NULL, NULL); + wait(&status); + if (!WIFEXITED(status) || WEXITSTATUS(status)) + err(1, "ptrace test"); + + return; +} + +static void test_ptrace(void) +{ + printf("[RUN]\tCheck ptrace() to inject tile data.\n"); + + allow_ptracee_dynstate = false; + test_tile_write(); + + allow_ptracee_dynstate = true; + test_tile_write(); +} + +/* Signal handling test */ + +static bool init_tiledata_state_before_signal; +static bool load_tiledata_at_first; +static volatile bool sigalarmed, sigused; + +#define SIGFRAME_TILEDATA_SIGNATURE 0xFF + +static void handle_sigusr1(int sig, siginfo_t *info, void *ctx_void) +{ + void *xsave = ((ucontext_t *)ctx_void)->uc_mcontext.fpregs; + struct _fpx_sw_bytes *sw_bytes = get_fpx_sw_bytes(xsave); + + if (sw_bytes->xstate_size >= (xsave_xtiledata_offset + xsave_xtiledata_size)) { + memset(xsave + xsave_xtiledata_offset, SIGFRAME_TILEDATA_SIGNATURE, + xsave_xtiledata_size); + } + + sigused = true; +} + +static void handle_sigalrm(int sig, siginfo_t *info, void *ctx_void) +{ + bool tiledata_written = false, tiledata_bit, tiledata_expected; + void *xsave = ((ucontext_t *)ctx_void)->uc_mcontext.fpregs; + struct _fpx_sw_bytes *sw_bytes = get_fpx_sw_bytes(xsave); + char d = SIGFRAME_TILEDATA_SIGNATURE; + int i; + + printf("\tAt signal delivery,\n"); + + /* Check SW reserved data in the buffer: */ + if ((sw_bytes->xstate_size >= (xsave_xtiledata_offset + xsave_xtiledata_size)) && + (get_fpx_sw_bytes_xstatebv(xsave) & XFEATURE_MASK_XTILEDATA)) { + printf("[OK]\tValid xstate size and mask in the SW data of xstate buffer\n"); + } else { + errs++; + printf("[FAIL]\tInvalid xstate size and/or mask in the SW data of xstate buffer\n"); + } + + /* Check XSAVE buffer header: */ + tiledata_expected = (load_tiledata_at_first && !init_tiledata_state_before_signal); + tiledata_bit = get_xstatebv(xsave) & XFEATURE_MASK_XTILEDATA; + + if (tiledata_bit == tiledata_expected) { + printf("[OK]\tTiledata bit is %sset in XSTATE_BV of xstate buffer.\n", + tiledata_bit ? "" : "not "); + } else { + errs++; + printf("[FAIL]\tTiledata bit is %sset in XSTATE_BV of xstate buffer.\n", + tiledata_bit ? "" : "not "); + } + + /* + * Check the sigframe data: + */ + + tiledata_expected = (load_tiledata_at_first && !init_tiledata_state_before_signal); + + if (sw_bytes->xstate_size >= (xsave_xtiledata_offset + xsave_xtiledata_size)) { + for (i = 0; i < xsave_xtiledata_size; i++) { + tiledata_written = memcmp(xsave + xsave_xtiledata_offset + i, &d, 1); + if (tiledata_written) + break; + } + } + + if (tiledata_written == tiledata_expected) { + printf("[OK]\tTiledata is %ssaved in signal buffer.\n", + tiledata_written ? "" : "not "); + } else { + errs++; + printf("[FAIL]\tTiledata is %ssaved in signal buffer.\n", + tiledata_written ? "" : "not "); + } + + /* Load random tiledata to test sigreturn: */ + clr_xstatehdr(xsave_buffer); + set_xstatebv(xsave_buffer, XFEATURE_MASK_XTILEDATA); + set_rand_tiledata(xsave_buffer + xsave_xtiledata_offset); + xrstor(xsave_buffer, -1, -1); + sigalarmed = true; +} + +static void test_signal_handling(void) +{ + pid_t child; + + sigalarmed = false; + sigused = false; + + child = fork(); + if (child < 0) { + err(1, "fork"); + } else if (child > 0) { + do { + int status; + + wait(&status); + if (WIFSTOPPED(status)) + kill(child, SIGCONT); + else if (WIFEXITED(status) && !WEXITSTATUS(status)) + break; + else + err(1, "signal test child"); + } while (1); + return; + } + + printf("\tBefore signal, load tile data -- %s", + load_tiledata_at_first ? "yes, " : "no:\n"); + if (load_tiledata_at_first) + printf("re-initialized -- %s:\n", + init_tiledata_state_before_signal ? "yes" : "no"); + + /* + * Raise SIGUSR1 to pre-fill sig stack. Also, load tiledata to size the pre-fill. + */ + + if (load_tiledata_at_first) { + clr_xstatehdr(xsave_buffer); + set_xstatebv(xsave_buffer, XFEATURE_MASK_XTILEDATA); + xrstor(xsave_buffer, -1, -1); + } + + raise(SIGUSR1); + if (!sigused) + err(1, "SIGUSR1"); + + /* + * Raise SIGALRM to test AMX state handling in signal delivery. Set up the state and + * data before the test. + */ + + if (load_tiledata_at_first) { + clr_xstatehdr(xsave_buffer); + set_xstatebv(xsave_buffer, XFEATURE_MASK_XTILEDATA); + set_rand_tiledata(xsave_buffer + xsave_xtiledata_offset); + xrstor(xsave_buffer, -1, -1); + + if (init_tiledata_state_before_signal) { + clr_xstatehdr(xsave_buffer); + set_xstatebv(xsave_buffer, 0); + xrstor(xsave_buffer, -1, -1); + memset(tiledata, 0, xsave_xtiledata_size); + } else { + memcpy(tiledata, xsave_buffer + xsave_xtiledata_offset, + xsave_xtiledata_size); + } + } else { + memset(tiledata, 0, xsave_xtiledata_size); + } + + raise(SIGALRM); + if (!sigalarmed) + err(1, "SIGALRM"); + + printf("\tAt signal return,\n"); + __xsave(xsave_buffer, XFEATURE_MASK_XTILEDATA, 0); + if (memcmp(tiledata, xsave_buffer + xsave_xtiledata_offset, xsave_xtiledata_size)) { + errs++; + printf("[FAIL]\tTiledata is not restored.\n"); + } else { + printf("[OK]\tTiledata is restored.\n"); + } + + if (errs) + nerrs++; + _exit(0); +} + +static void test_signal(void) +{ + printf("[RUN]\tCheck tile data state in signal path:\n"); + + sethandler(SIGALRM, handle_sigalrm, 0); + sethandler(SIGUSR1, handle_sigusr1, 0); + + load_tiledata_at_first = false; + init_tiledata_state_before_signal = false; + errs = 0; + test_signal_handling(); + + load_tiledata_at_first = true; + init_tiledata_state_before_signal = false; + errs = 0; + test_signal_handling(); + + load_tiledata_at_first = true; + init_tiledata_state_before_signal = true; + errs = 0; + test_signal_handling(); + + clearhandler(SIGALRM); + clearhandler(SIGUSR1); +} + +int main(int argc, char **argv) +{ + cpu_set_t cpuset; + + if (argc == 2) { + int ret; + + if (strcmp(argv[1], TEST_EXECV_ARG)) + return 0; + + printf("\tRun after execv().\n"); + + xsave_buffer = aligned_alloc(64, xsave_size); + if (!xsave_buffer) + err(1, "aligned_alloc()"); + clr_xstatehdr(xsave_buffer); + + set_xstatebv(xsave_buffer, XFEATURE_MASK_XTILE); + set_rand_tiledata(xsave_buffer + xsave_xtiledata_offset); + + sethandler(SIGSEGV, handle_sigsegv, 0); + + if (xrstor(xsave_buffer, -1, -1)) { + printf("[FAIL]\tSucceeded after execv().\n"); + ret = 1; + } else { + printf("[OK]\tBlocked after execv().\n"); + ret = 0; + } + + clearhandler(SIGSEGV); + free(xsave_buffer); + _exit(ret); + } + + /* Check hardware availability at first */ + + if (!check_xsave_capability()) { + if (xsave_disabled) + printf("XSAVE disabled.\n"); + else + printf("Tile data not available.\n"); + return 0; + } + + check_cpuid(); + + xsave_buffer = aligned_alloc(64, xsave_size); + if (!xsave_buffer) + err(1, "aligned_alloc()"); + clr_xstatehdr(xsave_buffer); + + tiledata = malloc(xsave_xtiledata_size); + if (!tiledata) + err(1, "malloc()"); + + nerrs = 0; + + sethandler(SIGSEGV, handle_sigsegv, 0); + + CPU_ZERO(&cpuset); + CPU_SET(0, &cpuset); + + if (sched_setaffinity(0, sizeof(cpuset), &cpuset) != 0) + err(1, "sched_setaffinity to CPU 0"); + + test_arch_prctl(argc, argv); + test_ptrace(); + + syscall(SYS_arch_prctl, ARCH_ENABLE_XSTATE, 0); + test_context_switch(); + test_fork(); + test_signal(); + + clearhandler(SIGSEGV); + + free(xsave_buffer); + free(tiledata); + return nerrs ? 1 : 0; +} -- 2.17.1

4 years

1
0
0 0

[PATCH] kunit: tool: Fix error messages for cases of no tests and wrong TAP header

by Rae Moar

In the case of the TAP output having an incorrect header format, the parser used to output an error message of 'no tests run!'. Additionally, in the case of TAP output with the correct header but no tests, the parser used to output an error message of 'could not parse test results!'. This patch corrects the error messages for these two cases by switching the original outputted error messages and correcting the tests in kunit_toot_test.py. Signed-off-by: Rae Moar <rmoar(a)google.com> --- tools/testing/kunit/kunit_parser.py | 6 +- tools/testing/kunit/kunit_tool_test.py | 16 +++- ...is_test_passed-no_tests_run_no_header.log} | 0 ...s_test_passed-no_tests_run_with_header.log | 77 +++++++++++++++++++ 4 files changed, 94 insertions(+), 5 deletions(-) rename tools/testing/kunit/test_data/{test_is_test_passed-no_tests_run.log => test_is_test_passed-no_tests_run_no_header.log} (100%) create mode 100644 tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log diff --git a/tools/testing/kunit/kunit_parser.py b/tools/testing/kunit/kunit_parser.py index c3c524b79db8..b88db3f51dc5 100644 --- a/tools/testing/kunit/kunit_parser.py +++ b/tools/testing/kunit/kunit_parser.py @@ -338,9 +338,11 @@ def bubble_up_suite_errors(test_suites: Iterable[TestSuite]) -> TestStatus: def parse_test_result(lines: LineStream) -> TestResult: consume_non_diagnostic(lines) if not lines or not parse_tap_header(lines): - return TestResult(TestStatus.NO_TESTS, [], lines) + return TestResult(TestStatus.FAILURE_TO_PARSE_TESTS, [], lines) expected_test_suite_num = parse_test_plan(lines) - if not expected_test_suite_num: + if expected_test_suite_num == 0: + return TestResult(TestStatus.NO_TESTS, [], lines) + elif expected_test_suite_num is None: return TestResult(TestStatus.FAILURE_TO_PARSE_TESTS, [], lines) test_suites = [] for i in range(1, expected_test_suite_num + 1): diff --git a/tools/testing/kunit/kunit_tool_test.py b/tools/testing/kunit/kunit_tool_test.py index bdae0e5f6197..75045aa0f8a1 100755 --- a/tools/testing/kunit/kunit_tool_test.py +++ b/tools/testing/kunit/kunit_tool_test.py @@ -157,8 +157,18 @@ class KUnitParserTest(unittest.TestCase): kunit_parser.TestStatus.FAILURE, result.status) + def test_no_header(self): + empty_log = test_data_path('test_is_test_passed-no_tests_run_no_header.log') + with open(empty_log) as file: + result = kunit_parser.parse_run_tests( + kunit_parser.extract_tap_lines(file.readlines())) + self.assertEqual(0, len(result.suites)) + self.assertEqual( + kunit_parser.TestStatus.FAILURE_TO_PARSE_TESTS, + result.status) + def test_no_tests(self): - empty_log = test_data_path('test_is_test_passed-no_tests_run.log') + empty_log = test_data_path('test_is_test_passed-no_tests_run_with_header.log') with open(empty_log) as file: result = kunit_parser.parse_run_tests( kunit_parser.extract_tap_lines(file.readlines())) @@ -173,7 +183,7 @@ class KUnitParserTest(unittest.TestCase): with open(crash_log) as file: result = kunit_parser.parse_run_tests( kunit_parser.extract_tap_lines(file.readlines())) - print_mock.assert_any_call(StrContains('no tests run!')) + print_mock.assert_any_call(StrContains('could not parse test results!')) print_mock.stop() file.close() @@ -309,7 +319,7 @@ class KUnitJsonTest(unittest.TestCase): result["sub_groups"][1]["test_cases"][0]) def test_no_tests_json(self): - result = self._json_for('test_is_test_passed-no_tests_run.log') + result = self._json_for('test_is_test_passed-no_tests_run_with_header.log') self.assertEqual(0, len(result['sub_groups'])) class StrContains(str): diff --git a/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run.log b/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_no_header.log similarity index 100% rename from tools/testing/kunit/test_data/test_is_test_passed-no_tests_run.log rename to tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_no_header.log diff --git a/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log b/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log new file mode 100644 index 000000000000..18215b236783 --- /dev/null +++ b/tools/testing/kunit/test_data/test_is_test_passed-no_tests_run_with_header.log @@ -0,0 +1,77 @@ +Core dump limits : + soft - 0 + hard - NONE +Checking environment variables for a tempdir...none found +Checking if /dev/shm is on tmpfs...OK +Checking PROT_EXEC mmap in /dev/shm...OK +Adding 24743936 bytes to physical memory to account for exec-shield gap +Linux version 4.12.0-rc3-00010-g7319eb35f493-dirty (brendanhiggins(a)mactruck.svl.corp.google.com) (gcc version 7.3.0 (Debian 7.3.0-5) ) #29 Thu Mar 15 14:57:19 PDT 2018 +Built 1 zonelists in Zone order, mobility grouping on. Total pages: 14038 +Kernel command line: root=98:0 +PID hash table entries: 256 (order: -1, 2048 bytes) +Dentry cache hash table entries: 8192 (order: 4, 65536 bytes) +Inode-cache hash table entries: 4096 (order: 3, 32768 bytes) +Memory: 27868K/56932K available (1681K kernel code, 480K rwdata, 400K rodata, 89K init, 205K bss, 29064K reserved, 0K cma-reserved) +SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1 +NR_IRQS:15 +clocksource: timer: mask: 0xffffffffffffffff max_cycles: 0x1cd42e205, max_idle_ns: 881590404426 ns +Calibrating delay loop... 7384.26 BogoMIPS (lpj=36921344) +pid_max: default: 32768 minimum: 301 +Mount-cache hash table entries: 512 (order: 0, 4096 bytes) +Mountpoint-cache hash table entries: 512 (order: 0, 4096 bytes) +Checking that host ptys support output SIGIO...Yes +Checking that host ptys support SIGIO on close...No, enabling workaround +Using 2.6 host AIO +clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns +futex hash table entries: 256 (order: 0, 6144 bytes) +clocksource: Switched to clocksource timer +console [stderr0] disabled +mconsole (version 2) initialized on /usr/local/google/home/brendanhiggins/.uml/6Ijecl/mconsole +Checking host MADV_REMOVE support...OK +workingset: timestamp_bits=62 max_order=13 bucket_order=0 +Block layer SCSI generic (bsg) driver version 0.4 loaded (major 254) +io scheduler noop registered +io scheduler deadline registered +io scheduler cfq registered (default) +io scheduler mq-deadline registered +io scheduler kyber registered +Initialized stdio console driver +Using a channel type which is configured out of UML +setup_one_line failed for device 1 : Configuration failed +Using a channel type which is configured out of UML +setup_one_line failed for device 2 : Configuration failed +Using a channel type which is configured out of UML +setup_one_line failed for device 3 : Configuration failed +Using a channel type which is configured out of UML +setup_one_line failed for device 4 : Configuration failed +Using a channel type which is configured out of UML +setup_one_line failed for device 5 : Configuration failed +Using a channel type which is configured out of UML +setup_one_line failed for device 6 : Configuration failed +Using a channel type which is configured out of UML +setup_one_line failed for device 7 : Configuration failed +Using a channel type which is configured out of UML +setup_one_line failed for device 8 : Configuration failed +Using a channel type which is configured out of UML +setup_one_line failed for device 9 : Configuration failed +Using a channel type which is configured out of UML +setup_one_line failed for device 10 : Configuration failed +Using a channel type which is configured out of UML +setup_one_line failed for device 11 : Configuration failed +Using a channel type which is configured out of UML +setup_one_line failed for device 12 : Configuration failed +Using a channel type which is configured out of UML +setup_one_line failed for device 13 : Configuration failed +Using a channel type which is configured out of UML +setup_one_line failed for device 14 : Configuration failed +Using a channel type which is configured out of UML +setup_one_line failed for device 15 : Configuration failed +Console initialized on /dev/tty0 +console [tty0] enabled +console [mc-1] enabled +TAP version 14 +1..0 +List of all partitions: +No filesystem could mount root, tried: + +Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(98,0) -- 2.32.0.93.g670b81a890-goog

4 years

3
2
0 0

[PATCH v2] kunit: tool: remove unnecessary "annotations" import

by Daniel Latypov

The import was working around the fact "tuple[T]" was used instead of typing.Tuple[T]. Convert it to use typing.Tuple to be consistent with how the rest of the code is annotated. Signed-off-by: Daniel Latypov <dlatypov(a)google.com> Reviewed-by: David Gow <davidgow(a)google.com> Reviewed-by: Brendan Higgins <brendanhiggins(a)google.com> Tested-by: Brendan Higgins <brendanhiggins(a)google.com> --- v1 -> v2: fix typos in commit message. --- tools/testing/kunit/kunit_kernel.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py index 90bc007f1f93..2c6f916ccbaf 100644 --- a/tools/testing/kunit/kunit_kernel.py +++ b/tools/testing/kunit/kunit_kernel.py @@ -6,15 +6,13 @@ # Author: Felix Guo <felixguoxiuping(a)gmail.com> # Author: Brendan Higgins <brendanhiggins(a)google.com> -from __future__ import annotations import importlib.util import logging import subprocess import os import shutil import signal -from typing import Iterator -from typing import Optional +from typing import Iterator, Optional, Tuple from contextlib import ExitStack @@ -208,7 +206,7 @@ def get_source_tree_ops(arch: str, cross_compile: Optional[str]) -> LinuxSourceT raise ConfigError(arch + ' is not a valid arch') def get_source_tree_ops_from_qemu_config(config_path: str, - cross_compile: Optional[str]) -> tuple[ + cross_compile: Optional[str]) -> Tuple[ str, LinuxSourceTreeOperations]: # The module name/path has very little to do with where the actual file # exists (I learned this through experimentation and could not find it base-commit: 1d71307a6f94df3750f8f884545a769e227172fe -- 2.32.0.93.g670b81a890-goog

4 years

1
0
0 0

[PATCH] selftests: net: devlink_port_split: check devlink returned an element before dereferencing it

by Paolo Pisati

And thus avoid a Python stacktrace: ~/linux/tools/testing/selftests/net$ ./devlink_port_split.py Traceback (most recent call last): File "/home/linux/tools/testing/selftests/net/./devlink_port_split.py", line 277, in <module> main() File "/home/linux/tools/testing/selftests/net/./devlink_port_split.py", line 242, in main dev = list(devs.keys())[0] IndexError: list index out of range Signed-off-by: Paolo Pisati <paolo.pisati(a)canonical.com> --- tools/testing/selftests/net/devlink_port_split.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/testing/selftests/net/devlink_port_split.py b/tools/testing/selftests/net/devlink_port_split.py index 834066d465fc..d162915311fd 100755 --- a/tools/testing/selftests/net/devlink_port_split.py +++ b/tools/testing/selftests/net/devlink_port_split.py @@ -239,6 +239,9 @@ def main(cmdline=None): assert stderr == "" devs = json.loads(stdout)['dev'] + if len(devs.keys()) == 0: + print("no devlink device found") + sys.exit(1) dev = list(devs.keys())[0] cmd = "devlink dev show %s" % dev -- 2.30.2

4 years

2
1
0 0

[PATCH] Documentation: kunit: drop obsolete note about uml_abort for coverage

by Daniel Latypov

Commit b6d5799b0b58 ("kunit: Add 'kunit_shutdown' option") changes KUnit to call kernel_halt() by default when done testing. This fixes the issue with not having .gcda files due to not calling atexit() handlers, and therefore we can stop recommending people manually tweak UML code. The need to use older versions of GCC (<=6) remains however, due to linktime issues, same as before. Note: There also might still be issues with .gcda files as well in newer versions. Signed-off-by: Daniel Latypov <dlatypov(a)google.com> --- Documentation/dev-tools/kunit/running_tips.rst | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/Documentation/dev-tools/kunit/running_tips.rst b/Documentation/dev-tools/kunit/running_tips.rst index 7d99386cf94a..d1626d548fa5 100644 --- a/Documentation/dev-tools/kunit/running_tips.rst +++ b/Documentation/dev-tools/kunit/running_tips.rst @@ -86,19 +86,7 @@ Generating code coverage reports under UML .. note:: TODO(brendanhiggins(a)google.com): There are various issues with UML and versions of gcc 7 and up. You're likely to run into missing ``.gcda`` - files or compile errors. We know one `faulty GCC commit - <https://github.com/gcc-mirror/gcc/commit/8c9434c2f9358b8b8bad2c1990edf10a21…>`_ - but not how we'd go about getting this fixed. The compile errors still - need some investigation. - -.. note:: - TODO(brendanhiggins(a)google.com): for recent versions of Linux - (5.10-5.12, maybe earlier), there's a bug with gcov counters not being - flushed in UML. This translates to very low (<1%) reported coverage. This is - related to the above issue and can be worked around by replacing the - one call to ``uml_abort()`` (it's in ``os_dump_core()``) with a plain - ``exit()``. - + files or compile errors. This is different from the "normal" way of getting coverage information that is documented in Documentation/dev-tools/gcov.rst. base-commit: 87c9c16317882dd6dbbc07e349bc3223e14f3244 -- 2.32.0.93.g670b81a890-goog

4 years

3
2
0 0

[PATCH] kunit: tool: remove unnecessary "annotations" import

by Daniel Latypov

The import was working around the fact "tuple[T]" was used instead of typing.Tuple[T]. Convert it to use type.Tuple to be consistent with how the rest of the code is anotated. Signed-off-by: Daniel Latypov <dlatypov(a)google.com> --- tools/testing/kunit/kunit_kernel.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py index e1951fa60027..5987d5b1b874 100644 --- a/tools/testing/kunit/kunit_kernel.py +++ b/tools/testing/kunit/kunit_kernel.py @@ -6,15 +6,13 @@ # Author: Felix Guo <felixguoxiuping(a)gmail.com> # Author: Brendan Higgins <brendanhiggins(a)google.com> -from __future__ import annotations import importlib.util import logging import subprocess import os import shutil import signal -from typing import Iterator -from typing import Optional +from typing import Iterator, Optional, Tuple from contextlib import ExitStack @@ -208,7 +206,7 @@ def get_source_tree_ops(arch: str, cross_compile: Optional[str]) -> LinuxSourceT raise ConfigError(arch + ' is not a valid arch') def get_source_tree_ops_from_qemu_config(config_path: str, - cross_compile: Optional[str]) -> tuple[ + cross_compile: Optional[str]) -> Tuple[ str, LinuxSourceTreeOperations]: # The module name/path has very little to do with where the actual file # exists (I learned this through experimentation and could not find it base-commit: 87c9c16317882dd6dbbc07e349bc3223e14f3244 -- 2.32.0.93.g670b81a890-goog

4 years

3
2
0 0

[RFC][PATCH 00/12] Huawei Digest Lists

by Roberto Sassu

Introduction Huawei Digest Lists is a simple in kernel database for storing file and metadata digests and for reporting to its users (e.g. Integrity Measurement Architecture or IMA) whether the digests are in the database or not. The choice of placing it in the kernel and not in a user space process is explained later in the Security Assumptions section. The database is populated by directly uploading the so called digest lists, a set of digests concatenated together and preceded by a header including information about them (e.g. whether the file or metadata with a given digest is immutable or not). Digest lists are stored in the kernel memory as they are, the kernel just builds indexes to easily lookup digests. The kernel supports only one digest list format called compact. However, alternative formats (e.g. the RPM header) can be supported through a user space parser that, by invoking the appropriate library (more can be added), converts the original digest list to the compact format and uploads it to the kernel. The database keeps track of whether digest lists have been processed in some way (e.g. measured or appraised by IMA). This is important for example for remote attestation, so that remote verifiers understand what has been loaded in the database. It is a transactional database, i.e. it has the ability to roll back to the beginning of the transaction if an error occurred during the addition of a digest list (the deletion operation always succeeds). This capability has been tested with an ad-hoc fault injection mechanism capable of simulating failures during the operations. Finally, the database exposes to user space, through securityfs, the digest lists currently loaded, the number of digests added, a query interface and an interface to set digest list labels. Binary Integrity Integrity is a fundamental security property in information systems. Integrity could be described as the condition in which a generic component is just after it has been released by the entity that created it. One way to check whether a component is in this condition (called binary integrity) is to calculate its digest and to compare it with a reference value (i.e. the digest calculated in controlled conditions, when the component is released). IMA, a software part of the integrity subsystem, can perform such evaluation and execute different actions: - store the digest in an integrity-protected measurement list, so that it can be sent to a remote verifier for analysis; - compare the calculated digest with a reference value (usually protected with a signature) and deny operations if the file is found corrupted; - store the digest in the system log. Contribution Huawei Digest Lists facilitates the provisioning of reference values for system and application files from software vendors, to the kernel. Possible sources for digest lists are: - RPM headers; - Debian repository metadata. These sources are already usable without any modification required for Linux vendors. If digest list sources are signed (usually they are, like the ones above), remote verifiers could identify their provenance, or Linux vendors could prevent the loading of unsigned ones or those signed with an untrusted key. Possible Usages Provisioned reference values can be used (e.g. by IMA) to make integrity-related decisions (allow list or deny list). Possible usages for IMA are: - avoid recording measurement of files whose digest is found in the pre-provisioned reference values: - reduces the number of TPM operations (PCR extend); - could make a TPM PCR predictable, as the PCR would not be affected by the temporal sequence of executions if binaries are known (no measurement); - exclusively grant access to files whose digest is found in the pre-provisioned reference values: - faster verification time (fewer signature verifications); - no need to generate a signature for every file. Security Assumptions Since digest lists are stored in the kernel memory, they are no susceptible to attacks by user space processes. A locked-down kernel, that accepts only verified kernel modules, will allow digest lists to be added or deleted only though a well-defined and monitored interface. In this situation, the root user is assumed to be untrusted, i.e. it cannot subvert without being detected the mandatory policy stating which files are accessible by the system. Adoption A former version of Huawei Digest Lists is used in the following OSes: - openEuler 20.09 https://github.com/openeuler-mirror/kernel/tree/openEuler-20.09 - openEuler 21.03 https://github.com/openeuler-mirror/kernel/tree/openEuler-21.03 Originally, Huawei Digest Lists was part of IMA. In this version, it has been redesigned as a standalone module with an API that makes its functionality accessible by IMA and, eventually, other subsystems. User Space Support Digest lists can be generated and managed with digest-list-tools: https://github.com/openeuler-mirror/digest-list-tools It includes two main applications: - gen_digest_lists: generates digest lists from files in the filesystem or from the RPM database (more digest list sources can be supported); - manage_digest_lists: converts and uploads digest lists to the kernel. Simple Usage Example 1. Digest list generation (RPM headers and their signature are copied to the specified directory): # mkdir /etc/digest_lists # gen_digest_lists -t file -f rpm+db -d /etc/digest_lists -o add 2. Digest list upload with the user space parser: # manage_digest_lists -p add-digest -d /etc/digest_lists 3. First digest list query: # echo sha256-$(sha256sum /bin/cat) > \ /sys/kernel/security/integrity/digest_lists/digest_query # cat /sys/kernel/security/integrity/digest_lists/digest_query sha256-[...]-0-file_list-rpm-coreutils-8.32-18.fc33.x86_64 (actions: 0): version: 1, algo: sha256, type: 2, modifiers: 1, count: 106, datalen: 3392 4. Second digest list query: # echo sha256-$(sha256sum /bin/zip) > \ /sys/kernel/security/integrity/digest_lists/digest_query # cat /sys/kernel/security/integrity/digest_lists/digest_query sha256-[...]-0-file_list-rpm-zip-3.0-27.fc33.x86_64 (actions: 0): version: 1, algo: sha256, type: 2, modifiers: 1, count: 4, datalen: 128 Architecture This section introduces the high level architecture. 5. add/delete from hash table and add refs to digest list +---------------------------------------------+ | +-----+ +-------------+ +--+ | | key |-->| digest refs |-->...-->| | V +-----+ +-------------+ +--+ +-------------+ +-----+ +-------------+ | digest list | | key |-->| digest refs | | (compact) | +-----+ +-------------+ +-------------+ +-----+ +-------------+ ^ 4. copy to | key |-->| digest refs | | kernel memory +-----+ +-------------+ kernel space -------------------------------------------------------------------------- ^ ^ user space |<----------------+ 3b. upload | +-------------+ +------------+ | 6. query digest | digest list | | user space | 2b. convert | (compact) | | parser | +-------------+ +------------+ 1a. upload ^ 1b. read | +------------+ | RPM header | +------------+ As mentioned before, digest lists can be uploaded directly if they are in the compact format (step 1a) or can be uploaded indirectly by the user space parser if they are in an alternative format (steps 1b-3b). During upload, the kernel makes a copy of the digest list to the kernel memory (step 4), and creates the necessary structures to index the digests (hash table and an array of digest list references to locate the digests in the digest list) (step 5). Finally, digests can be searched from user space through a securityfs file (step 6) or by the kernel itself. Implementation This section describes the implementation of Huawei Digest Lists. Basic Definitions This section introduces the basic definitions required to use digest lists. Compact Digest List Format Compact digest lists consist of one or multiple headers defined as: struct compact_list_hdr { __u8 version; __u8 _reserved; __le16 type; __le16 modifiers; __le16 algo; __le32 count; __le32 datalen; } __packed; which characterize the subsequent block of concatenated digests. The algo field specifies the algorithm used to calculate the digest. The count field specifies how many digests are stored in the subsequent block of digests. The datalen field specifies the length of the subsequent block of digests (it is redundant, it is the same as hash_digest_size[algo] * count). Compact Types Digests can be of different types: - COMPACT_PARSER: digests of executables which are given the ability to parse digest lists not in the compact format and to upload to the kernel the digest list converted to the compact format; - COMPACT_FILE: digests of regular files; - COMPACT_METADATA: digests of file metadata (e.g. the digest calculated by EVM to verify a portable signature); - COMPACT_DIGEST_LIST: digests of digest lists (only used internally by the kernel). Different users of Huawei Digest Lists might query digests with different compact types. For example, IMA would be interested in COMPACT_FILE, as it deals with regular files, while EVM would be interested in COMPACT_METADATA, as it verifies file metadata. Compact Modifiers Digests can also have specific attributes called modifiers (bit position): - COMPACT_MOD_IMMUTABLE: file content or metadata should not be modifiable. IMA might use this information to deny open for writing, or EVM to deny setxattr operations. Actions This section defines a set of possible actions that have been executed on the digest lists (bit position): - COMPACT_ACTION_IMA_MEASURED: the digest list has been measured by IMA; - COMPACT_ACTION_IMA_APPRAISED: the digest list has been successfully appraised by IMA; - COMPACT_ACTION_IMA_APPRAISED_DIGSIG: the digest list has been successfully appraised by IMA by verifying a digital signature. This information might help users of Huawei Digest Lists to decide whether to use the result of a queried digest. For example, if a digest belongs to a digest list that was not measured before, IMA should ignore the result of the query as the measurement list sent to remote verifiers would lack how the database was populated. Compact Digest List Example version: 1, type: 2, modifiers: 0 algo: 4, count: 3, datalen: 96 <SHA256 digest1><SHA256 digest2><SHA256 digest3> version: 1, type: 3, modifiers: 1 algo: 6, count: 2, datalen: 128 <SHA512 digest1><SHA512 digest2> This digest list consists of two blocks. The first block contains three SHA256 digests of regular files. The second block contains two SHA512 digests of immutable metadata. Compact Digest List Operations Finally, this section defines the possible operations that can be performed with digest lists: - DIGEST_LIST_ADD: the digest list is being added; - DIGEST_LIST_DEL: the digest list is being deleted. Objects This section defines the objects to manage digest lists: - digest_list_item: represents a digest list; - digest_list_item_ref: represents a reference to a digest list, i.e. the location at which a digest within a digest list can be accessed; - digest_item: represents a unique digest. They are represented in the following class diagram: digest_offset,-----------+ hdr_offset | | +------------------+ | +----------------------+ | digest_list_item |--- N:1 ---| digest_list_item_ref | +------------------+ +----------------------+ | 1:N | +-------------+ | digest_item | +-------------+ A digest_list_item is associated to one or multiple digest_list_item_ref, one for each digest it contains. However, a digest_list_item_ref is associated to only one digest_list_item, as it represents a single location within a specific digest list. Given that a digest_list_item_ref represents a single location, it is associated to only one digest_item. However, a digest_item can have multiple references (as it might appears multiple times within the same digest list or in different digest lists, if it is duplicated). A digest_list_item is defined as: struct digest_list_item { loff_t size; u8 *buf; u8 actions; u8 digest[64]; enum hash_algo algo; const char *label; }; - size: size of the digest list buffer; - buf: digest list buffer; - actions: actions performed on the digest list; - digest: digest of the digest list; - algo: digest algorithm; - label: label used to identify the digest list (e.g. file name). A digest_list_item_ref is defined as: struct digest_list_item_ref { struct digest_list_item *digest_list; loff_t digest_offset; loff_t hdr_offset; }; - digest_list: pointer to a digest_list_item structure; - digest_offset: offset of the digest related to the digest list buffer; - hdr_offset: offset of the header of the digest block containing the digest. A digest_item is defined as: struct digest_item { struct hlist_node hnext; struct digest_list_item_ref *refs; }; - hnext: pointers of the hash table; - refs: array of digest_list_item_ref structures including a terminator (protected by RCU). All digest list references are stored for a given digest, so that a query result can include the OR of the modifiers and actions of each referenced digest list. The relationship between the described objects can be graphically represented as: Hash table +-------------+ +-------------+ PARSER +-----+ | digest_item | | digest_item | FILE | key |-->| |-->...-->| | METADATA +-----+ |ref0|...|refN| |ref0|...|refN| +-------------+ +-------------+ ref0: | | refN: digest_offset | +-----------------------------+ digest_offset hdr_offset | | hdr_offset V V +--------------------+ | digest_list_item | | | | size, buf, actions | +--------------------+ ^ | Hash table +-------------+ +-------------+ DIGEST_LIST +-----+ |ref0 | |ref0 | | key |-->| |-->...-->| | +-----+ | digest_item | | digest_item | +-------------+ +-------------+ The reference for the digest of the digest list differs from the references for the other digest types. digest_offset and hdr_offset are set to zero, so that the digest of the digest list is retrieved from the digest_list_item structure directly (see get_digest() below). Finally, this section defines useful helpers to access a digest or the header the digest belongs to. For example: static inline struct compact_list_hdr *get_hdr( struct digest_list_item *digest_list, loff_t hdr_offset) { return (struct compact_list_hdr *)(digest_list->buf + hdr_offset); } the header can be obtained by summing the address of the digest list buffer in the digest_list_item structure with hdr_offset. Similarly: static inline u8 *get_digest(struct digest_list_item *digest_list, loff_t digest_offset, loff_t hdr_offset) { /* Digest list digest is stored in a different place. */ if (!digest_offset) return digest_list->digest; return digest_list->buf + digest_offset; } the digest can be obtained by summing the address of the digest list buffer with digest_offset (except for the digest lists, where the digest is stored in the digest field of the digest_list_item structure). Methods This section introduces the methods requires to manage the three objects defined. digest_item Methods digest_add() digest_add() first checks in the hash table for the passed type if a digest_item for the same digest already exists. If not, it creates a new one. Then, digest_add() calls digest_list_ref_add() to add a new reference of the digest list being added to the found or new digest_item. digest_del() digest_del() also searches the digest_item in the hash table. It should be always found, as digest lists can be deleted only if they were added before. Then, digest_del() calls digest_list_ref_del() to delete a reference of the digest list being deleted from the found digest_item. digest_lookup() digest_lookup() searches the passed digest in the hash table. Then, it returns immediately a digest_item (or NULL if the digest is not found) if the modifiers and actions information are not requested by the caller, or iterates over all the valid references of the digest and calculates the OR for both of them. Iteration in the array of references ends when the digest list pointer in a reference is set to NULL. Access to the refs array is protected by RCU to avoid access to digest lists being added or deleted (update is serialized by the securityfs interfaces). digest_lookup() is not exposed to the rest of the kernel, because access to the returned digest_item outside RCU would be illegal. digest_get_info() digest_get_info() is the public version of digest_lookup(), which does not return a digest_item but just the resulting modifiers and actions from the OR of the modifiers and actions from the referenced digest lists. digest_list_item_ref Methods digest_list_ref_add() digest_list_ref_add() adds a new reference at the end of the refs array (also keeps a terminator as the last element). It does not search for duplicates, as a duplicate reference simply means that the digest appears multiple times in the digest list. digest_list_ref_add() does not add the new element in place, but first creates a copy of the current refs array and uses RCU to replace it with the new one. digest_list_ref_del() digest_list_ref_del() first searches in the refs array a reference to a given digest list. Then, it invalidates the found reference so that it is skipped by the reader. Afterwards, it tries to allocate a smaller refs array (with enough slots to store the valid references, except the one being deleted). If memory allocation succeeds, digest_list_ref_del() copies the valid references to the copy of refs and uses RCU to replace the original refs. Otherwise, it keeps the original refs with the invalidated reference. digest_list_item Methods digest_list_add() digest_list_add() first searches the digest of the digest list in the hash table for the COMPACT_DIGEST_LIST type. Addition can be done if the digest list is not found (it is pointless to load the same digest list again). digest_list_add() then creates a new digest_item, representing the digest of the digest list, a special digest_list_item_ref with digest_offset and hdr_offset set to zero, and a new digest_list_item. digest_list_del() digest_list_del() also searches the digest of the digest list in the hash table for the COMPACT_DIGEST_LIST type. Deletion can be done only if the digest list is found. digest_list_del() then deletes the digest_list_item, the special digest_list_item_ref and the digest_item. Parser This section introduces the necessary functions to parse a digest list and to execute the requested operation. The main function is digest_list_parse(), which coordinates the various steps required to add or delete a digest list, and has the logic to roll back when one of the steps fails. 1. Calls digest_list_validate() to validate the passed buffer containing the digest list to ensure that the format is correct. 2. Calls get_digest_list() to create a new digest_list_item for the add operation, or to retrieve the existing one for the delete operation. get_digest_list() refuses to add digest lists that were previously added and to delete digest lists that weren't previously added. Also, get_digest_list() refuses to delete digest lists that are not processed in the same way as when they were added (it would guarantee that also deletion is notified to remote verifiers). 3. Calls _digest_list_parse() which takes the created/retrieved digest_list_item and adds or delete the digests included in the digest list. 4. If an error occurred, performs a rollback to the previous state, by calling _digest_list_parse() with the opposite operation and the buffer size at the time the error occurred. 5. digest_list_parse() deletes the digest_list_item on unsuccessful add or successful delete. Interfaces This section introduces the interfaces in <securityfs>/integrity/digest_lists necessary to interact with Huawei Digest Lists. digest_list_add digest_list_add can be used to upload a digest list and add the digests to the hash table; passed data are interpreted as file path if the first byte is / or as the digest list itself otherwise. ima_measure_critical_data() is called to calculate the digest of the digest list and eventually, if an appropriate rule is set in the IMA policy, to measure it. digest_list_del digest_list_del can be used to upload a digest list and delete the digests from the hash table; data are interpreted in the same way as described for digest_list_add. digest_lists_loaded digest_lists_loaded is a directory containing two files for each loaded digest list: one shows the digest list in binary format, and the other (with .ascii prefix) shows the digest list in ASCII format. Files are added and removed at the same time digest lists are added and removed. digest_label digest_label can be used to set a label to be applied to the next digest list (buffer) loaded through digest_list_add. digest_query digest_query: allows to write a query in the format <algo>-<digest> and to obtain all digest lists that include that digest. digests_count digests_count shows the current number of digests stored in the hash table by type. Testing This section introduces a number of tests to ensure that Huawei Digest Lists works as expected: - digest_list_add_del_test_file_upload; - digest_list_add_del_test_file_upload_fault; - digest_list_add_del_test_buffer_upload; - digest_list_add_del_test_buffer_upload_fault; - digest_list_fuzzing_test. The tests are in tools/testing/selftests/digest_lists/selftest.c. The first four tests randomly perform add, delete and query of digest lists. They internally keep track at any time of the digest lists that are currently uploaded to the kernel. Also, digest lists are generated randomly by selecting an arbitrary digest algorithm and an arbitrary the number of digests. To ensure a good number of collisions, digests are a sequence of zeros, except for the first four bytes that are set with a random number within a defined range. When a query operation is selected, a digest is chosen by getting another random number within the same range. Then, the tests count how many times the digest is found in the internally stored digest lists and in the query result obtained from the kernel. The tests are successful if the obtained numbers are the same. The file_upload variant creates a temporary file from a generated digest list and sends its path to the kernel, so that the file is uploaded. The digest_upload variant directly sends the digest list buffer to the kernel (it will be done by the user space parser after it converts a digest list not in the compact format). The fault variant performs the test by enabling the ad-hoc fault injection mechanism in the kernel (accessible through <debugfs>/fail_digest_lists). The fault injection mechanism randomly injects errors during the addition and deletion of digest lists. When an error occurs, the rollback mechanism performs the reverse operation until the point the error occurred, so that the kernel is left in the same state as when the requested operation began. Since the kernel returns the error to user space, the tests also know that the operation didn't succeed and behave accordingly (they also revert the internal state). Lastly, the fuzzing test simply sends randomly generated digest lists to the kernel, to ensure that the parser is robust enough to handle malformed data. Roberto Sassu (12): ima: Add digest, algo, measured parameters to ima_measure_critical_data() digest_lists: Overview digest_lists: Basic definitions digest_lists: Objects digest_lists: Methods digest_lists: Parser digest_lists: Interfaces - digest_list_add, digest_list_del digest_lists: Interfaces - digest_lists_loaded digest_lists: Interfaces - digest_label digest_lists: Interfaces - digest_query digest_lists: Interfaces - digests_count digest_lists: Tests Documentation/security/digest_lists.rst | 756 +++++++++++ Documentation/security/index.rst | 1 + MAINTAINERS | 14 + include/linux/digest_lists.h | 24 + include/linux/ima.h | 8 +- include/linux/kernel_read_file.h | 1 + include/uapi/linux/digest_lists.h | 43 + security/integrity/Kconfig | 1 + security/integrity/Makefile | 1 + security/integrity/digest_lists/Kconfig | 11 + security/integrity/digest_lists/Makefile | 8 + .../integrity/digest_lists/digest_lists.h | 155 +++ security/integrity/digest_lists/fs.c | 719 ++++++++++ security/integrity/digest_lists/methods.c | 548 ++++++++ security/integrity/digest_lists/parser.c | 270 ++++ security/integrity/ima/ima.h | 3 +- security/integrity/ima/ima_appraise.c | 3 +- security/integrity/ima/ima_asymmetric_keys.c | 3 +- security/integrity/ima/ima_init.c | 3 +- security/integrity/ima/ima_main.c | 32 +- security/integrity/ima/ima_queue_keys.c | 2 +- security/integrity/integrity.h | 4 + security/selinux/ima.c | 5 +- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/digest_lists/Makefile | 6 + tools/testing/selftests/digest_lists/common.c | 109 ++ tools/testing/selftests/digest_lists/common.h | 37 + tools/testing/selftests/digest_lists/config | 3 + .../testing/selftests/digest_lists/selftest.c | 1169 +++++++++++++++++ 29 files changed, 3925 insertions(+), 15 deletions(-) create mode 100644 Documentation/security/digest_lists.rst create mode 100644 include/linux/digest_lists.h create mode 100644 include/uapi/linux/digest_lists.h create mode 100644 security/integrity/digest_lists/Kconfig create mode 100644 security/integrity/digest_lists/Makefile create mode 100644 security/integrity/digest_lists/digest_lists.h create mode 100644 security/integrity/digest_lists/fs.c create mode 100644 security/integrity/digest_lists/methods.c create mode 100644 security/integrity/digest_lists/parser.c create mode 100644 tools/testing/selftests/digest_lists/Makefile create mode 100644 tools/testing/selftests/digest_lists/common.c create mode 100644 tools/testing/selftests/digest_lists/common.h create mode 100644 tools/testing/selftests/digest_lists/config create mode 100644 tools/testing/selftests/digest_lists/selftest.c -- 2.25.1

4 years

4
24
0 0

[PATCH net-next v2 0/2] add benchmark selftest and optimization for ptr_ring

by Yunsheng Lin

Patch 1: add a selftest app to benchmark the performance of ptr_ring. Patch 2: make __ptr_ring_empty() checking more reliable and use the just added selftest to benchmark the performance impact. V2: add patch 1 and add performance data for patch 2. Yunsheng Lin (2): selftests/ptr_ring: add benchmark application for ptr_ring ptr_ring: make __ptr_ring_empty() checking more reliable MAINTAINERS | 5 + include/linux/ptr_ring.h | 25 ++- tools/testing/selftests/ptr_ring/Makefile | 6 + tools/testing/selftests/ptr_ring/ptr_ring_test.c | 249 +++++++++++++++++++++++ tools/testing/selftests/ptr_ring/ptr_ring_test.h | 150 ++++++++++++++ 5 files changed, 426 insertions(+), 9 deletions(-) create mode 100644 tools/testing/selftests/ptr_ring/Makefile create mode 100644 tools/testing/selftests/ptr_ring/ptr_ring_test.c create mode 100644 tools/testing/selftests/ptr_ring/ptr_ring_test.h -- 2.7.4

4 years

3
19
0 0

[PATCH 0/9] LKDTM: Improvements for kernelci.org

by Kees Cook

This is a bunch of LKDTM clean-ups to improve and expand testing, given feedback from testing at kernelci.org. Adds a few new tests as well. (If a pull-request is preferred, please let me know.) Thanks! -Kees Kees Cook (9): selftests/lkdtm: Avoid needing explicit sub-shell selftests/lkdtm: Fix expected text for CR4 pinning selftests/lkdtm: Fix expected text for free poison lkdtm/bugs: XFAIL UNALIGNED_LOAD_STORE_WRITE lkdtm/heap: Add vmalloc linear overflow test lkdtm: Enable DOUBLE_FAULT on all architectures lkdtm: Add CONFIG hints in errors where possible selftests/lkdtm: Enable various testable CONFIGs lkdtm/heap: Add init_on_alloc tests drivers/misc/lkdtm/bugs.c | 11 ++- drivers/misc/lkdtm/cfi.c | 3 +- drivers/misc/lkdtm/core.c | 58 ++++++++++- drivers/misc/lkdtm/fortify.c | 3 +- drivers/misc/lkdtm/heap.c | 97 ++++++++++++++++++- drivers/misc/lkdtm/lkdtm.h | 46 ++++++++- drivers/misc/lkdtm/stackleak.c | 4 +- drivers/misc/lkdtm/usercopy.c | 7 +- tools/testing/selftests/lkdtm/config | 7 ++ tools/testing/selftests/lkdtm/run.sh | 12 ++- .../testing/selftests/lkdtm/stack-entropy.sh | 1 + tools/testing/selftests/lkdtm/tests.txt | 11 ++- 12 files changed, 236 insertions(+), 24 deletions(-) -- 2.30.2

4 years

3
12
0 0

[PATCH v2 00/29] docs: avoid using ReST :doc:`foo` tag

by Mauro Carvalho Chehab

(Maintainers bcc, to avoid too many recipient troubles) As discussed at: https://lore.kernel.org/linux-doc/871r9k6rmy.fsf@meer.lwn.net/ It is better to avoid using :doc:`foo` to refer to Documentation/foo.rst, as the automarkup.py extension should handle it automatically, on most cases. There are a couple of exceptions to this rule: 1. when :doc: tag is used to point to a kernel-doc DOC: markup; 2. when it is used with a named tag, e. g. :doc:`some name <foo>`; On this series: Patch 1 manually adjust the references inside driver-api/pm/devices.rst, as there it uses :file:`foo` to refer to some Documentation/ files; Patch 2 converts a table at Documentation/dev-tools/kunit/api/index.rst into a list, carefully avoiding the The remaining patches convert the other occurrences via a replace script. They were manually edited, in order to honour 80-columns where possible. This series based on docs-next branch. In order to avoid merge conflicts, I rebased it internally against yesterday's linux-next, dropping a patch and a hunk that would have caused conflicts there. I'll re-send the remaining patch (plus another patch) with conflicting changes, together with any other doc:`filename` reference that might still be upstream by 5.14-rc1. --- v2: - dropped media patches (as I merged via my own tree); - removed one patch that would conflict at linux-next (adm1177.rst); - removed one hunk fron kunit patch that would also conflict at linux-next. Mauro Carvalho Chehab (29): docs: devices.rst: better reference documentation docs docs: dev-tools: kunit: don't use a table for docs name docs: admin-guide: pm: avoid using ReST :doc:`foo` markup docs: admin-guide: hw-vuln: avoid using ReST :doc:`foo` markup docs: admin-guide: sysctl: avoid using ReST :doc:`foo` markup docs: block: biodoc.rst: avoid using ReST :doc:`foo` markup docs: bpf: bpf_lsm.rst: avoid using ReST :doc:`foo` markup docs: core-api: avoid using ReST :doc:`foo` markup docs: dev-tools: testing-overview.rst: avoid using ReST :doc:`foo` markup docs: dev-tools: kunit: avoid using ReST :doc:`foo` markup docs: devicetree: bindings: submitting-patches.rst: avoid using ReST :doc:`foo` markup docs: doc-guide: avoid using ReST :doc:`foo` markup docs: driver-api: avoid using ReST :doc:`foo` markup docs: driver-api: gpio: using-gpio.rst: avoid using ReST :doc:`foo` markup docs: driver-api: surface_aggregator: avoid using ReST :doc:`foo` markup docs: driver-api: usb: avoid using ReST :doc:`foo` markup docs: firmware-guide: acpi: avoid using ReST :doc:`foo` markup docs: i2c: avoid using ReST :doc:`foo` markup docs: kernel-hacking: hacking.rst: avoid using ReST :doc:`foo` markup docs: networking: devlink: avoid using ReST :doc:`foo` markup docs: PCI: endpoint: pci-endpoint-cfs.rst: avoid using ReST :doc:`foo` markup docs: PCI: pci.rst: avoid using ReST :doc:`foo` markup docs: process: submitting-patches.rst: avoid using ReST :doc:`foo` markup docs: security: landlock.rst: avoid using ReST :doc:`foo` markup docs: trace: coresight: coresight.rst: avoid using ReST :doc:`foo` markup docs: trace: ftrace.rst: avoid using ReST :doc:`foo` markup docs: userspace-api: landlock.rst: avoid using ReST :doc:`foo` markup docs: virt: kvm: s390-pv-boot.rst: avoid using ReST :doc:`foo` markup docs: x86: avoid using ReST :doc:`foo` markup .../PCI/endpoint/pci-endpoint-cfs.rst | 2 +- Documentation/PCI/pci.rst | 6 +-- .../special-register-buffer-data-sampling.rst | 3 +- Documentation/admin-guide/pm/intel_idle.rst | 16 +++++--- Documentation/admin-guide/pm/intel_pstate.rst | 9 +++-- Documentation/admin-guide/sysctl/abi.rst | 2 +- Documentation/admin-guide/sysctl/kernel.rst | 37 ++++++++++--------- Documentation/block/biodoc.rst | 2 +- Documentation/bpf/bpf_lsm.rst | 13 ++++--- .../core-api/bus-virt-phys-mapping.rst | 2 +- Documentation/core-api/dma-api.rst | 5 ++- Documentation/core-api/dma-isa-lpc.rst | 2 +- Documentation/core-api/index.rst | 4 +- Documentation/dev-tools/kunit/api/index.rst | 8 ++-- Documentation/dev-tools/kunit/faq.rst | 2 +- Documentation/dev-tools/kunit/index.rst | 14 +++---- Documentation/dev-tools/kunit/start.rst | 4 +- Documentation/dev-tools/kunit/tips.rst | 5 ++- Documentation/dev-tools/kunit/usage.rst | 8 ++-- Documentation/dev-tools/testing-overview.rst | 16 ++++---- .../bindings/submitting-patches.rst | 11 +++--- Documentation/doc-guide/contributing.rst | 8 ++-- Documentation/driver-api/gpio/using-gpio.rst | 4 +- Documentation/driver-api/ioctl.rst | 2 +- Documentation/driver-api/pm/devices.rst | 8 ++-- .../surface_aggregator/clients/index.rst | 3 +- .../surface_aggregator/internal.rst | 15 ++++---- .../surface_aggregator/overview.rst | 6 ++- Documentation/driver-api/usb/dma.rst | 6 +-- .../acpi/dsd/data-node-references.rst | 3 +- .../firmware-guide/acpi/dsd/graph.rst | 2 +- .../firmware-guide/acpi/enumeration.rst | 7 ++-- Documentation/i2c/instantiating-devices.rst | 2 +- Documentation/i2c/old-module-parameters.rst | 3 +- Documentation/i2c/smbus-protocol.rst | 4 +- Documentation/kernel-hacking/hacking.rst | 4 +- .../networking/devlink/devlink-region.rst | 2 +- .../networking/devlink/devlink-trap.rst | 4 +- Documentation/process/submitting-patches.rst | 32 ++++++++-------- Documentation/security/landlock.rst | 3 +- Documentation/trace/coresight/coresight.rst | 8 ++-- Documentation/trace/ftrace.rst | 2 +- Documentation/userspace-api/landlock.rst | 11 +++--- Documentation/virt/kvm/s390-pv-boot.rst | 2 +- Documentation/x86/boot.rst | 4 +- Documentation/x86/mtrr.rst | 2 +- 46 files changed, 171 insertions(+), 147 deletions(-) -- 2.31.1

4 years

3
5
0 0

[PATCH] kunit: Fix merge issue in suite filtering test

by David Gow

There were a couple of errors introuced when "kunit: add unit test for filtering suites by names"[1] was merged in c9d80ffc5a. An erroneous '+' was introduced in executor.c, and the executor_test.c file went missing. This causes the kernel to fail to compile if CONFIG_KUNIT is enabled, as reported in [2,3]. As with the original, I've tested by running just the new tests using itself: $ ./tools/testing/kunit/kunit.py run '*exec*' [1]: https://lore.kernel.org/linux-kselftest/20210421020427.2384721-1-dlatypov@g… [2]: https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org/thread/6IKQX5J… [3]: https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org/thread/EKY7ZH5… Fixes: c9d80ffc5a ("kunit: add unit test for filtering suites by names") Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: David Gow <davidgow(a)google.com> --- This is another fix for the kunit-fixes branch, where there seems to have been an issue merging the "kunit: add unit test for filtering suites by names" patch here: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git/c… Again, feel free to squash this into the original patch if that works better. Cheers, -- David lib/kunit/executor.c | 2 +- lib/kunit/executor_test.c | 133 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 134 insertions(+), 1 deletion(-) create mode 100644 lib/kunit/executor_test.c diff --git a/lib/kunit/executor.c b/lib/kunit/executor.c index 672f91486d23..acd1de436f59 100644 --- a/lib/kunit/executor.c +++ b/lib/kunit/executor.c @@ -23,7 +23,7 @@ static char *kunit_shutdown; core_param(kunit_shutdown, kunit_shutdown, charp, 0644); static struct kunit_suite * const * -+kunit_filter_subsuite(struct kunit_suite * const * const subsuite, +kunit_filter_subsuite(struct kunit_suite * const * const subsuite, const char *filter_glob) { int i, n = 0; diff --git a/lib/kunit/executor_test.c b/lib/kunit/executor_test.c new file mode 100644 index 000000000000..cdbe54b16501 --- /dev/null +++ b/lib/kunit/executor_test.c @@ -0,0 +1,133 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * KUnit test for the KUnit executor. + * + * Copyright (C) 2021, Google LLC. + * Author: Daniel Latypov <dlatypov(a)google.com> + */ + +#include <kunit/test.h> + +static void kfree_at_end(struct kunit *test, const void *to_free); +static struct kunit_suite *alloc_fake_suite(struct kunit *test, + const char *suite_name); + +static void filter_subsuite_test(struct kunit *test) +{ + struct kunit_suite *subsuite[3] = {NULL, NULL, NULL}; + struct kunit_suite * const *filtered; + + subsuite[0] = alloc_fake_suite(test, "suite1"); + subsuite[1] = alloc_fake_suite(test, "suite2"); + + /* Want: suite1, suite2, NULL -> suite2, NULL */ + filtered = kunit_filter_subsuite(subsuite, "suite2*"); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, filtered); + kfree_at_end(test, filtered); + + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, filtered[0]); + KUNIT_EXPECT_STREQ(test, (const char *)filtered[0]->name, "suite2"); + + KUNIT_EXPECT_FALSE(test, filtered[1]); +} + +static void filter_subsuite_to_empty_test(struct kunit *test) +{ + struct kunit_suite *subsuite[3] = {NULL, NULL, NULL}; + struct kunit_suite * const *filtered; + + subsuite[0] = alloc_fake_suite(test, "suite1"); + subsuite[1] = alloc_fake_suite(test, "suite2"); + + filtered = kunit_filter_subsuite(subsuite, "not_found"); + kfree_at_end(test, filtered); /* just in case */ + + KUNIT_EXPECT_FALSE_MSG(test, filtered, + "should be NULL to indicate no match"); +} + +static void kfree_subsuites_at_end(struct kunit *test, struct suite_set *suite_set) +{ + struct kunit_suite * const * const *suites; + + kfree_at_end(test, suite_set->start); + for (suites = suite_set->start; suites < suite_set->end; suites++) + kfree_at_end(test, *suites); +} + +static void filter_suites_test(struct kunit *test) +{ + /* Suites per-file are stored as a NULL terminated array */ + struct kunit_suite *subsuites[2][2] = { + {NULL, NULL}, + {NULL, NULL}, + }; + /* Match the memory layout of suite_set */ + struct kunit_suite * const * const suites[2] = { + subsuites[0], subsuites[1], + }; + + const struct suite_set suite_set = { + .start = suites, + .end = suites + 2, + }; + struct suite_set filtered = {.start = NULL, .end = NULL}; + + /* Emulate two files, each having one suite */ + subsuites[0][0] = alloc_fake_suite(test, "suite0"); + subsuites[1][0] = alloc_fake_suite(test, "suite1"); + + /* Filter out suite1 */ + filtered = kunit_filter_suites(&suite_set, "suite0"); + kfree_subsuites_at_end(test, &filtered); /* let us use ASSERTs without leaking */ + KUNIT_ASSERT_EQ(test, filtered.end - filtered.start, (ptrdiff_t)1); + + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, filtered.start); + KUNIT_ASSERT_NOT_ERR_OR_NULL(test, filtered.start[0]); + KUNIT_EXPECT_STREQ(test, (const char *)filtered.start[0][0]->name, "suite0"); +} + +static struct kunit_case executor_test_cases[] = { + KUNIT_CASE(filter_subsuite_test), + KUNIT_CASE(filter_subsuite_to_empty_test), + KUNIT_CASE(filter_suites_test), + {} +}; + +static struct kunit_suite executor_test_suite = { + .name = "kunit_executor_test", + .test_cases = executor_test_cases, +}; + +kunit_test_suites(&executor_test_suite); + +/* Test helpers */ + +static void kfree_res_free(struct kunit_resource *res) +{ + kfree(res->data); +} + +/* Use the resource API to register a call to kfree(to_free). + * Since we never actually use the resource, it's safe to use on const data. + */ +static void kfree_at_end(struct kunit *test, const void *to_free) +{ + /* kfree() handles NULL already, but avoid allocating a no-op cleanup. */ + if (IS_ERR_OR_NULL(to_free)) + return; + kunit_alloc_and_get_resource(test, NULL, kfree_res_free, GFP_KERNEL, + (void *)to_free); +} + +static struct kunit_suite *alloc_fake_suite(struct kunit *test, + const char *suite_name) +{ + struct kunit_suite *suite; + + /* We normally never expect to allocate suites, hence the non-const cast. */ + suite = kunit_kzalloc(test, sizeof(*suite), GFP_KERNEL); + strncpy((char *)suite->name, suite_name, sizeof(suite->name) - 1); + + return suite; +} -- 2.32.0.93.g670b81a890-goog

4 years

3
3
0 0

[PATCH kunit-fixes v5 1/4] kunit: Support skipped tests

by David Gow

The kunit_mark_skipped() macro marks the current test as "skipped", with the provided reason. The kunit_skip() macro will mark the test as skipped, and abort the test. The TAP specification supports this "SKIP directive" as a comment after the "ok" / "not ok" for a test. See the "Directives" section of the TAP spec for details: https://testanything.org/tap-specification.html#directives The 'success' field for KUnit tests is replaced with a kunit_status enum, which can be SUCCESS, FAILURE, or SKIPPED, combined with a 'status_comment' containing information on why a test was skipped. A new 'kunit_status' test suite is added to test this. Signed-off-by: David Gow <davidgow(a)google.com> Tested-by: Marco Elver <elver(a)google.com> Reviewed-by: Daniel Latypov <dlatypov(a)google.com> Reviewed-by: Brendan Higgins <brendanhiggins(a)google.com> --- Changes since v4: https://lore.kernel.org/linux-kselftest/20210611070802.1318911-1-davidgow@g… - Rebase on top of kselftest/kunit-fixes as of 2021-06-25 - This is as of commit c1610aae49 ("kunit: tool: internal refactor of parser input handling") Changes since v3: https://lore.kernel.org/linux-kselftest/20210608064852.609327-1-davidgow@go… - Rebase on top of (and adapt) the fix for parameterised test result propagation: - https://lore.kernel.org/linux-kselftest/20210611035725.1248874-1-davidgow@g… Changes since v2: https://lore.kernel.org/linux-kselftest/20210528075932.347154-1-davidgow@go… - Make the length of the status comment a #define - Fixed a build issue where debugfs was still using the old kunit_status_to_string() function name. Changes since v1: https://lore.kernel.org/linux-kselftest/20210526081112.3652290-1-davidgow@g… - Renamed kunit_status_to_string() to kunit_status_to_ok_not_ok - Fixed incorrect printing of status comments on non-skipped tests. include/kunit/test.h | 73 ++++++++++++++++++++++++++++++++++++++---- lib/kunit/debugfs.c | 2 +- lib/kunit/kunit-test.c | 42 +++++++++++++++++++++++- lib/kunit/test.c | 54 ++++++++++++++++++++----------- 4 files changed, 144 insertions(+), 27 deletions(-) diff --git a/include/kunit/test.h b/include/kunit/test.h index e79ac81f5fca..35b0aed9b739 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -97,6 +97,9 @@ struct kunit; /* Maximum size of parameter description string. */ #define KUNIT_PARAM_DESC_SIZE 128 +/* Maximum size of a status comment. */ +#define KUNIT_STATUS_COMMENT_SIZE 256 + /* * TAP specifies subtest stream indentation of 4 spaces, 8 spaces for a * sub-subtest. See the "Subtests" section in @@ -105,6 +108,18 @@ struct kunit; #define KUNIT_SUBTEST_INDENT " " #define KUNIT_SUBSUBTEST_INDENT " " +/** + * enum kunit_status - Type of result for a test or test suite + * @KUNIT_SUCCESS: Denotes the test suite has not failed nor been skipped + * @KUNIT_FAILURE: Denotes the test has failed. + * @KUNIT_SKIPPED: Denotes the test has been skipped. + */ +enum kunit_status { + KUNIT_SUCCESS, + KUNIT_FAILURE, + KUNIT_SKIPPED, +}; + /** * struct kunit_case - represents an individual test case. * @@ -148,13 +163,20 @@ struct kunit_case { const void* (*generate_params)(const void *prev, char *desc); /* private: internal use only. */ - bool success; + enum kunit_status status; char *log; }; -static inline char *kunit_status_to_string(bool status) +static inline char *kunit_status_to_ok_not_ok(enum kunit_status status) { - return status ? "ok" : "not ok"; + switch (status) { + case KUNIT_SKIPPED: + case KUNIT_SUCCESS: + return "ok"; + case KUNIT_FAILURE: + return "not ok"; + } + return "invalid"; } /** @@ -212,6 +234,7 @@ struct kunit_suite { struct kunit_case *test_cases; /* private: internal use only */ + char status_comment[KUNIT_STATUS_COMMENT_SIZE]; struct dentry *debugfs; char *log; }; @@ -245,19 +268,21 @@ struct kunit { * be read after the test case finishes once all threads associated * with the test case have terminated. */ - bool success; /* Read only after test_case finishes! */ spinlock_t lock; /* Guards all mutable test state. */ + enum kunit_status status; /* Read only after test_case finishes! */ /* * Because resources is a list that may be updated multiple times (with * new resources) from any thread associated with a test case, we must * protect it with some type of lock. */ struct list_head resources; /* Protected by lock. */ + + char status_comment[KUNIT_STATUS_COMMENT_SIZE]; }; static inline void kunit_set_failure(struct kunit *test) { - WRITE_ONCE(test->success, false); + WRITE_ONCE(test->status, KUNIT_FAILURE); } void kunit_init_test(struct kunit *test, const char *name, char *log); @@ -348,7 +373,7 @@ static inline int kunit_run_all_tests(void) #define kunit_suite_for_each_test_case(suite, test_case) \ for (test_case = suite->test_cases; test_case->run_case; test_case++) -bool kunit_suite_has_succeeded(struct kunit_suite *suite); +enum kunit_status kunit_suite_has_succeeded(struct kunit_suite *suite); /* * Like kunit_alloc_resource() below, but returns the struct kunit_resource @@ -640,6 +665,42 @@ void kunit_cleanup(struct kunit *test); void __printf(2, 3) kunit_log_append(char *log, const char *fmt, ...); +/** + * kunit_mark_skipped() - Marks @test_or_suite as skipped + * + * @test_or_suite: The test context object. + * @fmt: A printk() style format string. + * + * Marks the test as skipped. @fmt is given output as the test status + * comment, typically the reason the test was skipped. + * + * Test execution continues after kunit_mark_skipped() is called. + */ +#define kunit_mark_skipped(test_or_suite, fmt, ...) \ + do { \ + WRITE_ONCE((test_or_suite)->status, KUNIT_SKIPPED); \ + scnprintf((test_or_suite)->status_comment, \ + KUNIT_STATUS_COMMENT_SIZE, \ + fmt, ##__VA_ARGS__); \ + } while (0) + +/** + * kunit_skip() - Marks @test_or_suite as skipped + * + * @test_or_suite: The test context object. + * @fmt: A printk() style format string. + * + * Skips the test. @fmt is given output as the test status + * comment, typically the reason the test was skipped. + * + * Test execution is halted after kunit_skip() is called. + */ +#define kunit_skip(test_or_suite, fmt, ...) \ + do { \ + kunit_mark_skipped((test_or_suite), fmt, ##__VA_ARGS__);\ + kunit_try_catch_throw(&((test_or_suite)->try_catch)); \ + } while (0) + /* * printk and log to per-test or per-suite log buffer. Logging only done * if CONFIG_KUNIT_DEBUGFS is 'y'; if it is 'n', no log is allocated/used. diff --git a/lib/kunit/debugfs.c b/lib/kunit/debugfs.c index 9214c493d8b7..b71db0abc12b 100644 --- a/lib/kunit/debugfs.c +++ b/lib/kunit/debugfs.c @@ -64,7 +64,7 @@ static int debugfs_print_results(struct seq_file *seq, void *v) debugfs_print_result(seq, suite, test_case); seq_printf(seq, "%s %d - %s\n", - kunit_status_to_string(success), 1, suite->name); + kunit_status_to_ok_not_ok(success), 1, suite->name); return 0; } diff --git a/lib/kunit/kunit-test.c b/lib/kunit/kunit-test.c index 69f902440a0e..d69efcbed624 100644 --- a/lib/kunit/kunit-test.c +++ b/lib/kunit/kunit-test.c @@ -437,7 +437,47 @@ static void kunit_log_test(struct kunit *test) #endif } +static void kunit_status_set_failure_test(struct kunit *test) +{ + struct kunit fake; + + kunit_init_test(&fake, "fake test", NULL); + + KUNIT_EXPECT_EQ(test, fake.status, (enum kunit_status)KUNIT_SUCCESS); + kunit_set_failure(&fake); + KUNIT_EXPECT_EQ(test, fake.status, (enum kunit_status)KUNIT_FAILURE); +} + +static void kunit_status_mark_skipped_test(struct kunit *test) +{ + struct kunit fake; + + kunit_init_test(&fake, "fake test", NULL); + + /* Before: Should be SUCCESS with no comment. */ + KUNIT_EXPECT_EQ(test, fake.status, KUNIT_SUCCESS); + KUNIT_EXPECT_STREQ(test, fake.status_comment, ""); + + /* Mark the test as skipped. */ + kunit_mark_skipped(&fake, "Accepts format string: %s", "YES"); + + /* After: Should be SKIPPED with our comment. */ + KUNIT_EXPECT_EQ(test, fake.status, (enum kunit_status)KUNIT_SKIPPED); + KUNIT_EXPECT_STREQ(test, fake.status_comment, "Accepts format string: YES"); +} + +static struct kunit_case kunit_status_test_cases[] = { + KUNIT_CASE(kunit_status_set_failure_test), + KUNIT_CASE(kunit_status_mark_skipped_test), + {} +}; + +static struct kunit_suite kunit_status_test_suite = { + .name = "kunit_status", + .test_cases = kunit_status_test_cases, +}; + kunit_test_suites(&kunit_try_catch_test_suite, &kunit_resource_test_suite, - &kunit_log_test_suite); + &kunit_log_test_suite, &kunit_status_test_suite); MODULE_LICENSE("GPL v2"); diff --git a/lib/kunit/test.c b/lib/kunit/test.c index 06f6cff2c0e7..b3d0c8e4e339 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -98,12 +98,14 @@ static void kunit_print_subtest_start(struct kunit_suite *suite) static void kunit_print_ok_not_ok(void *test_or_suite, bool is_test, - bool is_ok, + enum kunit_status status, size_t test_number, - const char *description) + const char *description, + const char *directive) { struct kunit_suite *suite = is_test ? NULL : test_or_suite; struct kunit *test = is_test ? test_or_suite : NULL; + const char *directive_header = (status == KUNIT_SKIPPED) ? " # SKIP " : ""; /* * We do not log the test suite results as doing so would @@ -114,25 +116,31 @@ static void kunit_print_ok_not_ok(void *test_or_suite, * representation. */ if (suite) - pr_info("%s %zd - %s\n", - kunit_status_to_string(is_ok), - test_number, description); + pr_info("%s %zd - %s%s%s\n", + kunit_status_to_ok_not_ok(status), + test_number, description, directive_header, + (status == KUNIT_SKIPPED) ? directive : ""); else - kunit_log(KERN_INFO, test, KUNIT_SUBTEST_INDENT "%s %zd - %s", - kunit_status_to_string(is_ok), - test_number, description); + kunit_log(KERN_INFO, test, + KUNIT_SUBTEST_INDENT "%s %zd - %s%s%s", + kunit_status_to_ok_not_ok(status), + test_number, description, directive_header, + (status == KUNIT_SKIPPED) ? directive : ""); } -bool kunit_suite_has_succeeded(struct kunit_suite *suite) +enum kunit_status kunit_suite_has_succeeded(struct kunit_suite *suite) { const struct kunit_case *test_case; + enum kunit_status status = KUNIT_SKIPPED; kunit_suite_for_each_test_case(suite, test_case) { - if (!test_case->success) - return false; + if (test_case->status == KUNIT_FAILURE) + return KUNIT_FAILURE; + else if (test_case->status == KUNIT_SUCCESS) + status = KUNIT_SUCCESS; } - return true; + return status; } EXPORT_SYMBOL_GPL(kunit_suite_has_succeeded); @@ -143,7 +151,8 @@ static void kunit_print_subtest_end(struct kunit_suite *suite) kunit_print_ok_not_ok((void *)suite, false, kunit_suite_has_succeeded(suite), kunit_suite_counter++, - suite->name); + suite->name, + suite->status_comment); } unsigned int kunit_test_case_num(struct kunit_suite *suite, @@ -252,7 +261,8 @@ void kunit_init_test(struct kunit *test, const char *name, char *log) test->log = log; if (test->log) test->log[0] = '\0'; - test->success = true; + test->status = KUNIT_SUCCESS; + test->status_comment[0] = '\0'; } EXPORT_SYMBOL_GPL(kunit_init_test); @@ -376,7 +386,11 @@ static void kunit_run_case_catch_errors(struct kunit_suite *suite, context.test_case = test_case; kunit_try_catch_run(try_catch, &context); - test_case->success &= test->success; + /* Propagate the parameter result to the test case. */ + if (test->status == KUNIT_FAILURE) + test_case->status = KUNIT_FAILURE; + else if (test_case->status != KUNIT_FAILURE && test->status == KUNIT_SUCCESS) + test_case->status = KUNIT_SUCCESS; } int kunit_run_tests(struct kunit_suite *suite) @@ -388,7 +402,7 @@ int kunit_run_tests(struct kunit_suite *suite) kunit_suite_for_each_test_case(suite, test_case) { struct kunit test = { .param_value = NULL, .param_index = 0 }; - test_case->success = true; + test_case->status = KUNIT_SKIPPED; if (test_case->generate_params) { /* Get initial param. */ @@ -409,7 +423,7 @@ int kunit_run_tests(struct kunit_suite *suite) KUNIT_SUBTEST_INDENT "# %s: %s %d - %s", test_case->name, - kunit_status_to_string(test.success), + kunit_status_to_ok_not_ok(test.status), test.param_index + 1, param_desc); /* Get next param. */ @@ -419,9 +433,10 @@ int kunit_run_tests(struct kunit_suite *suite) } } while (test.param_value); - kunit_print_ok_not_ok(&test, true, test_case->success, + kunit_print_ok_not_ok(&test, true, test_case->status, kunit_test_case_num(suite, test_case), - test_case->name); + test_case->name, + test.status_comment); } kunit_print_subtest_end(suite); @@ -433,6 +448,7 @@ EXPORT_SYMBOL_GPL(kunit_run_tests); static void kunit_init_suite(struct kunit_suite *suite) { kunit_debugfs_create_suite(suite); + suite->status_comment[0] = '\0'; } int __kunit_test_suites_init(struct kunit_suite * const * const suites) -- 2.32.0.93.g670b81a890-goog

4 years

3
5
0 0

[net-next, v3, 00/10] ptp: support virtual clocks and timestamping

by Yangbo Lu

Current PTP driver exposes one PTP device to user which binds network interface/interfaces to provide timestamping. Actually we have a way utilizing timecounter/cyclecounter to virtualize any number of PTP clocks based on a same free running physical clock for using. The purpose of having multiple PTP virtual clocks is for user space to directly/easily use them for multiple domains synchronization. user space: ^ ^ | SO_TIMESTAMPING new flag: | Packets with | SOF_TIMESTAMPING_BIND_PHC | TX/RX HW timestamps v v +--------------------------------------------+ sock: | sock (new member sk_bind_phc) | +--------------------------------------------+ ^ ^ | ethtool_op_get_phc_vclocks | Convert HW timestamps | | to sk_bind_phc v v +--------------+--------------+--------------+ vclock: | ptp1 | ptp2 | ptpN | +--------------+--------------+--------------+ pclock: | ptp0 free running | +--------------------------------------------+ The block diagram may explain how it works. Besides the PTP virtual clocks, the packet HW timestamp converting to the bound PHC is also done in sock driver. For user space, PTP virtual clocks can be created via sysfs, and extended SO_TIMESTAMPING API (new flag SOF_TIMESTAMPING_BIND_PHC) can be used to bind one PTP virtual clock for timestamping. The test tool timestamping.c (together with linuxptp phc_ctl tool) can be used to verify: # echo 4 > /sys/class/ptp/ptp0/n_vclocks [ 129.399472] ptp ptp0: new virtual clock ptp2 [ 129.404234] ptp ptp0: new virtual clock ptp3 [ 129.409532] ptp ptp0: new virtual clock ptp4 [ 129.413942] ptp ptp0: new virtual clock ptp5 [ 129.418257] ptp ptp0: guarantee physical clock free running # # phc_ctl /dev/ptp2 set 10000 # phc_ctl /dev/ptp3 set 20000 # # timestamping eno0 2 SOF_TIMESTAMPING_TX_HARDWARE SOF_TIMESTAMPING_RAW_HARDWARE SOF_TIMESTAMPING_BIND_PHC # timestamping eno0 2 SOF_TIMESTAMPING_RX_HARDWARE SOF_TIMESTAMPING_RAW_HARDWARE SOF_TIMESTAMPING_BIND_PHC # timestamping eno0 3 SOF_TIMESTAMPING_TX_HARDWARE SOF_TIMESTAMPING_RAW_HARDWARE SOF_TIMESTAMPING_BIND_PHC # timestamping eno0 3 SOF_TIMESTAMPING_RX_HARDWARE SOF_TIMESTAMPING_RAW_HARDWARE SOF_TIMESTAMPING_BIND_PHC Changes for v2: - Converted to num_vclocks for creating virtual clocks. - Guranteed physical clock free running when using virtual clocks. - Fixed build warning. - Updated copyright. Changes for v3: - Supported PTP virtual clock in default in PTP driver. - Protected concurrency of ptp->num_vclocks accessing. - Supported PHC vclocks query via ethtool. - Extended SO_TIMESTAMPING API for PHC binding. - Converted HW timestamps to PHC bound, instead of previous binding domain value to PHC idea. - Other minor fixes. Yangbo Lu (10): ptp: add ptp virtual clock driver framework ptp: support ptp physical/virtual clocks conversion ptp: track available ptp vclocks information ptp: add kernel API ptp_get_vclocks_index() ethtool: add a new command for getting PHC virtual clocks ptp: add kernel API ptp_convert_timestamp() net: sock: extend SO_TIMESTAMPING for PHC binding net: socket: support hardware timestamp conversion to PHC bound selftests/net: timestamping: support binding PHC MAINTAINERS: add entry for PTP virtual clock driver Documentation/ABI/testing/sysfs-ptp | 13 ++ MAINTAINERS | 7 + drivers/ptp/Makefile | 2 +- drivers/ptp/ptp_clock.c | 27 ++- drivers/ptp/ptp_private.h | 34 ++++ drivers/ptp/ptp_sysfs.c | 95 +++++++++ drivers/ptp/ptp_vclock.c | 212 +++++++++++++++++++++ include/linux/ethtool.h | 2 + include/linux/ptp_clock_kernel.h | 29 ++- include/net/sock.h | 8 +- include/uapi/linux/ethtool.h | 14 ++ include/uapi/linux/ethtool_netlink.h | 15 ++ include/uapi/linux/net_tstamp.h | 17 +- include/uapi/linux/ptp_clock.h | 5 + net/core/sock.c | 65 ++++++- net/ethtool/Makefile | 2 +- net/ethtool/common.c | 24 +++ net/ethtool/common.h | 2 + net/ethtool/ioctl.c | 27 +++ net/ethtool/netlink.c | 10 + net/ethtool/netlink.h | 2 + net/ethtool/phc_vclocks.c | 86 +++++++++ net/mptcp/sockopt.c | 10 +- net/socket.c | 19 +- tools/testing/selftests/net/timestamping.c | 62 ++++-- 25 files changed, 750 insertions(+), 39 deletions(-) create mode 100644 drivers/ptp/ptp_vclock.c create mode 100644 net/ethtool/phc_vclocks.c base-commit: 89212e160b81e778f829b89743570665810e3b13 -- 2.25.1

4 years

7
27
0 0

[PATCH] tools: timers: remove unneeded semicolons

by 13145886936＠163.com

From: gushengxian <gushengxian(a)yulong.com> Remove unneeded semicolons. Signed-off-by: gushengxian <gushengxian(a)yulong.com> --- tools/testing/selftests/timers/alarmtimer-suspend.c | 2 +- tools/testing/selftests/timers/inconsistency-check.c | 2 +- tools/testing/selftests/timers/nanosleep.c | 2 +- tools/testing/selftests/timers/nsleep-lat.c | 2 +- tools/testing/selftests/timers/set-timer-lat.c | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/timers/alarmtimer-suspend.c b/tools/testing/selftests/timers/alarmtimer-suspend.c index 4da09dbf83ba..54da4b088f4c 100644 --- a/tools/testing/selftests/timers/alarmtimer-suspend.c +++ b/tools/testing/selftests/timers/alarmtimer-suspend.c @@ -79,7 +79,7 @@ char *clockstring(int clockid) return "CLOCK_BOOTTIME_ALARM"; case CLOCK_TAI: return "CLOCK_TAI"; - }; + } return "UNKNOWN_CLOCKID"; } diff --git a/tools/testing/selftests/timers/inconsistency-check.c b/tools/testing/selftests/timers/inconsistency-check.c index 022d3ffe3fbf..e6756d9c60a7 100644 --- a/tools/testing/selftests/timers/inconsistency-check.c +++ b/tools/testing/selftests/timers/inconsistency-check.c @@ -72,7 +72,7 @@ char *clockstring(int clockid) return "CLOCK_BOOTTIME_ALARM"; case CLOCK_TAI: return "CLOCK_TAI"; - }; + } return "UNKNOWN_CLOCKID"; } diff --git a/tools/testing/selftests/timers/nanosleep.c b/tools/testing/selftests/timers/nanosleep.c index 71b5441c2fd9..433a09676aeb 100644 --- a/tools/testing/selftests/timers/nanosleep.c +++ b/tools/testing/selftests/timers/nanosleep.c @@ -72,7 +72,7 @@ char *clockstring(int clockid) return "CLOCK_BOOTTIME_ALARM"; case CLOCK_TAI: return "CLOCK_TAI"; - }; + } return "UNKNOWN_CLOCKID"; } diff --git a/tools/testing/selftests/timers/nsleep-lat.c b/tools/testing/selftests/timers/nsleep-lat.c index eb3e79ed7b4a..a7ca9825e106 100644 --- a/tools/testing/selftests/timers/nsleep-lat.c +++ b/tools/testing/selftests/timers/nsleep-lat.c @@ -72,7 +72,7 @@ char *clockstring(int clockid) return "CLOCK_BOOTTIME_ALARM"; case CLOCK_TAI: return "CLOCK_TAI"; - }; + } return "UNKNOWN_CLOCKID"; } diff --git a/tools/testing/selftests/timers/set-timer-lat.c b/tools/testing/selftests/timers/set-timer-lat.c index 50da45437daa..d60bbcad487f 100644 --- a/tools/testing/selftests/timers/set-timer-lat.c +++ b/tools/testing/selftests/timers/set-timer-lat.c @@ -80,7 +80,7 @@ char *clockstring(int clockid) return "CLOCK_BOOTTIME_ALARM"; case CLOCK_TAI: return "CLOCK_TAI"; - }; + } return "UNKNOWN_CLOCKID"; } -- 2.25.1

4 years

1
0
0 0

Kernel selftests and backward compatibility?

by Vitaly Chikunov

Shuah, Do kselftests require to be backward-compatible? I see Documentation/dev-tools/kselftest.rst does not require this, but maybe it's assumed like in other test suites (or in perf). | In general, the rules for selftests are | | * Do as much as you can if you're not root; | | * Don't take too long; | | * Don't break the build on any architecture, and | | * Don't cause the top-level "make run_tests" to fail if your feature is | unconfigured. For example LTP says: | LTP test should be as backward compatible as possible. [...] | | Therefore LTP test for more current features should be able to cope with older | systems. Also, (it's said[1]) perf, even though in kernel tree, is supposed to work properly on any (older/newer) version of Linux. Can you clarify this point in kselftest.rst? I think, this would be useful for future kselftests developers, users, and packagers. (Currently, I package for ALT Linux kselftests (and perf) from the latest mainline branch, so people could test even older kernels with the latest kselftests. If there is policy to be backward-compatible kselftests in the future could reach a state where users would run them in all pass mode (without selecting only working tests). This, in turn, would increase [ease of] usability of tests and thus frequency of their run and consequentially quality kernel testing overall. Thanks, [1] https://lkml.org/lkml/2020/7/29/677

4 years

2
2
0 0

[PATCH kunit-next] thunderbolt: test: Reinstate a few casts of bitfields

by David Gow

Partially revert "thunderbolt: test: Remove some casts which are no longer required". It turns out that typeof() doesn't support bitfields, so these still need to be cast to the appropriate enum. The only mention of typeof() and bitfields I can find is in the proposal to standardise them: http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2619.htm This was caught by the kernel test robot: https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org/thread/FDKBHAV… Fixes: 8f0877c26e ("thunderbolt: test: Remove some casts which are no longer required") Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: David Gow <davidgow(a)google.com> --- Whoops: I didn't notice this was broken earlier. If it's easier to just revert the broken patch, that's fine, too. Cheers, -- David drivers/thunderbolt/test.c | 66 +++++++++++++++++++++++++------------- 1 file changed, 44 insertions(+), 22 deletions(-) diff --git a/drivers/thunderbolt/test.c b/drivers/thunderbolt/test.c index 247dc9f4757e..3cc36ef639f3 100644 --- a/drivers/thunderbolt/test.c +++ b/drivers/thunderbolt/test.c @@ -384,7 +384,8 @@ static void tb_test_path_single_hop_walk(struct kunit *test) KUNIT_EXPECT_TRUE(test, i < ARRAY_SIZE(test_data)); KUNIT_EXPECT_EQ(test, tb_route(p->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, p->port, test_data[i].port); - KUNIT_EXPECT_EQ(test, p->config.type, test_data[i].type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)p->config.type, + test_data[i].type); i++; } @@ -395,7 +396,8 @@ static void tb_test_path_single_hop_walk(struct kunit *test) KUNIT_EXPECT_TRUE(test, i < ARRAY_SIZE(test_data)); KUNIT_EXPECT_EQ(test, tb_route(p->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, p->port, test_data[i].port); - KUNIT_EXPECT_EQ(test, p->config.type, test_data[i].type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)p->config.type, + test_data[i].type); i--; } @@ -441,7 +443,8 @@ static void tb_test_path_daisy_chain_walk(struct kunit *test) KUNIT_EXPECT_TRUE(test, i < ARRAY_SIZE(test_data)); KUNIT_EXPECT_EQ(test, tb_route(p->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, p->port, test_data[i].port); - KUNIT_EXPECT_EQ(test, p->config.type, test_data[i].type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)p->config.type, + test_data[i].type); i++; } @@ -452,7 +455,8 @@ static void tb_test_path_daisy_chain_walk(struct kunit *test) KUNIT_EXPECT_TRUE(test, i < ARRAY_SIZE(test_data)); KUNIT_EXPECT_EQ(test, tb_route(p->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, p->port, test_data[i].port); - KUNIT_EXPECT_EQ(test, p->config.type, test_data[i].type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)p->config.type, + test_data[i].type); i--; } @@ -502,7 +506,8 @@ static void tb_test_path_simple_tree_walk(struct kunit *test) KUNIT_EXPECT_TRUE(test, i < ARRAY_SIZE(test_data)); KUNIT_EXPECT_EQ(test, tb_route(p->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, p->port, test_data[i].port); - KUNIT_EXPECT_EQ(test, p->config.type, test_data[i].type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)p->config.type, + test_data[i].type); i++; } @@ -513,7 +518,8 @@ static void tb_test_path_simple_tree_walk(struct kunit *test) KUNIT_EXPECT_TRUE(test, i < ARRAY_SIZE(test_data)); KUNIT_EXPECT_EQ(test, tb_route(p->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, p->port, test_data[i].port); - KUNIT_EXPECT_EQ(test, p->config.type, test_data[i].type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)p->config.type, + test_data[i].type); i--; } @@ -584,7 +590,8 @@ static void tb_test_path_complex_tree_walk(struct kunit *test) KUNIT_EXPECT_TRUE(test, i < ARRAY_SIZE(test_data)); KUNIT_EXPECT_EQ(test, tb_route(p->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, p->port, test_data[i].port); - KUNIT_EXPECT_EQ(test, p->config.type, test_data[i].type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)p->config.type, + test_data[i].type); i++; } @@ -595,7 +602,8 @@ static void tb_test_path_complex_tree_walk(struct kunit *test) KUNIT_EXPECT_TRUE(test, i < ARRAY_SIZE(test_data)); KUNIT_EXPECT_EQ(test, tb_route(p->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, p->port, test_data[i].port); - KUNIT_EXPECT_EQ(test, p->config.type, test_data[i].type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)p->config.type, + test_data[i].type); i--; } @@ -685,7 +693,8 @@ static void tb_test_path_max_length_walk(struct kunit *test) KUNIT_EXPECT_TRUE(test, i < ARRAY_SIZE(test_data)); KUNIT_EXPECT_EQ(test, tb_route(p->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, p->port, test_data[i].port); - KUNIT_EXPECT_EQ(test, p->config.type, test_data[i].type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)p->config.type, + test_data[i].type); i++; } @@ -696,7 +705,8 @@ static void tb_test_path_max_length_walk(struct kunit *test) KUNIT_EXPECT_TRUE(test, i < ARRAY_SIZE(test_data)); KUNIT_EXPECT_EQ(test, tb_route(p->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, p->port, test_data[i].port); - KUNIT_EXPECT_EQ(test, p->config.type, test_data[i].type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)p->config.type, + test_data[i].type); i--; } @@ -779,10 +789,12 @@ static void tb_test_path_not_bonded_lane0(struct kunit *test) KUNIT_EXPECT_EQ(test, tb_route(in_port->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, in_port->port, test_data[i].in_port); - KUNIT_EXPECT_EQ(test, in_port->config.type, test_data[i].in_type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)in_port->config.type, + test_data[i].in_type); KUNIT_EXPECT_EQ(test, tb_route(out_port->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, out_port->port, test_data[i].out_port); - KUNIT_EXPECT_EQ(test, out_port->config.type, test_data[i].out_type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)out_port->config.type, + test_data[i].out_type); } tb_path_free(path); } @@ -839,10 +851,12 @@ static void tb_test_path_not_bonded_lane1(struct kunit *test) KUNIT_EXPECT_EQ(test, tb_route(in_port->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, in_port->port, test_data[i].in_port); - KUNIT_EXPECT_EQ(test, in_port->config.type, test_data[i].in_type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)in_port->config.type, + test_data[i].in_type); KUNIT_EXPECT_EQ(test, tb_route(out_port->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, out_port->port, test_data[i].out_port); - KUNIT_EXPECT_EQ(test, out_port->config.type, test_data[i].out_type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)out_port->config.type, + test_data[i].out_type); } tb_path_free(path); } @@ -917,10 +931,12 @@ static void tb_test_path_not_bonded_lane1_chain(struct kunit *test) KUNIT_EXPECT_EQ(test, tb_route(in_port->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, in_port->port, test_data[i].in_port); - KUNIT_EXPECT_EQ(test, in_port->config.type, test_data[i].in_type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)in_port->config.type, + test_data[i].in_type); KUNIT_EXPECT_EQ(test, tb_route(out_port->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, out_port->port, test_data[i].out_port); - KUNIT_EXPECT_EQ(test, out_port->config.type, test_data[i].out_type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)out_port->config.type, + test_data[i].out_type); } tb_path_free(path); } @@ -995,10 +1011,12 @@ static void tb_test_path_not_bonded_lane1_chain_reverse(struct kunit *test) KUNIT_EXPECT_EQ(test, tb_route(in_port->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, in_port->port, test_data[i].in_port); - KUNIT_EXPECT_EQ(test, in_port->config.type, test_data[i].in_type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)in_port->config.type, + test_data[i].in_type); KUNIT_EXPECT_EQ(test, tb_route(out_port->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, out_port->port, test_data[i].out_port); - KUNIT_EXPECT_EQ(test, out_port->config.type, test_data[i].out_type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)out_port->config.type, + test_data[i].out_type); } tb_path_free(path); } @@ -1085,10 +1103,12 @@ static void tb_test_path_mixed_chain(struct kunit *test) KUNIT_EXPECT_EQ(test, tb_route(in_port->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, in_port->port, test_data[i].in_port); - KUNIT_EXPECT_EQ(test, in_port->config.type, test_data[i].in_type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)in_port->config.type, + test_data[i].in_type); KUNIT_EXPECT_EQ(test, tb_route(out_port->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, out_port->port, test_data[i].out_port); - KUNIT_EXPECT_EQ(test, out_port->config.type, test_data[i].out_type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)out_port->config.type, + test_data[i].out_type); } tb_path_free(path); } @@ -1175,10 +1195,12 @@ static void tb_test_path_mixed_chain_reverse(struct kunit *test) KUNIT_EXPECT_EQ(test, tb_route(in_port->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, in_port->port, test_data[i].in_port); - KUNIT_EXPECT_EQ(test, in_port->config.type, test_data[i].in_type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)in_port->config.type, + test_data[i].in_type); KUNIT_EXPECT_EQ(test, tb_route(out_port->sw), test_data[i].route); KUNIT_EXPECT_EQ(test, out_port->port, test_data[i].out_port); - KUNIT_EXPECT_EQ(test, out_port->config.type, test_data[i].out_type); + KUNIT_EXPECT_EQ(test, (enum tb_port_type)out_port->config.type, + test_data[i].out_type); } tb_path_free(path); } -- 2.32.0.288.g62a8d224e6-goog

4 years

2
1
0 0

[PATCH v2] selftests/lkdtm: Use /bin/sh not $SHELL

by Kees Cook

Some environments do not set $SHELL when running tests. There's no need to use $SHELL here anyway, so just replace it with hard-coded path instead. Additionally avoid using bash-isms in the command, so that regular /bin/sh can be used. Suggested-by: Guillaume Tucker <guillaume.tucker(a)collabora.com> Fixes: 46d1a0f03d66 ("selftests/lkdtm: Add tests for LKDTM targets") Cc: stable(a)vger.kernel.org Signed-off-by: Kees Cook <keescook(a)chromium.org> --- tools/testing/selftests/lkdtm/run.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/lkdtm/run.sh b/tools/testing/selftests/lkdtm/run.sh index bb7a1775307b..0f9f22ac004b 100755 --- a/tools/testing/selftests/lkdtm/run.sh +++ b/tools/testing/selftests/lkdtm/run.sh @@ -78,8 +78,9 @@ dmesg > "$DMESG" # Most shells yell about signals and we're expecting the "cat" process # to usually be killed by the kernel. So we have to run it in a sub-shell -# and silence errors. -($SHELL -c 'cat <(echo '"$test"') >'"$TRIGGER" 2>/dev/null) || true +# to avoid terminating this script. Leave stderr alone, just in case +# something _else_ happens. +(/bin/sh -c '(echo '"$test"') | cat >'"$TRIGGER") || true # Record and dump the results dmesg | comm --nocheck-order -13 "$DMESG" - > "$LOG" || true -- 2.25.1

4 years

3
8
0 0

[PATCH] selftests/sgx: remove checks for file execute permissions

by Dave Hansen

The SGX selftests can fail for a bunch of non-obvious reasons like 'noexec' permissions on /dev (which is the default *EVERYWHERE* it seems). A new test mistakenly also looked for +x permission on the /dev/sgx_enclave. File execute permissions really only apply to the ability of execve() to work on a file, *NOT* on the ability for an application to map the file with PROT_EXEC. SGX needs to mmap(PROT_EXEC), but doesn't need to execve() the device file. Remove the check. Fixes: 4284f7acb78b ("selftests/sgx: Improve error detection and messages") Reported-by: Tim Gardner <tim.gardner(a)canonical.com> Cc: Jarkko Sakkinen <jarkko(a)kernel.org> Cc: Reinette Chatre <reinette.chatre(a)intel.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: linux-sgx(a)vger.kernel.org Cc: linux-kselftest(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org --- b/tools/testing/selftests/sgx/load.c | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff -puN tools/testing/selftests/sgx/load.c~sgx-no-file-exec tools/testing/selftests/sgx/load.c --- a/tools/testing/selftests/sgx/load.c~sgx-no-file-exec 2021-06-21 11:48:25.226294281 -0700 +++ b/tools/testing/selftests/sgx/load.c 2021-06-21 12:03:28.023292029 -0700 @@ -150,16 +150,6 @@ bool encl_load(const char *path, struct goto err; } - /* - * This just checks if the /dev file has these permission - * bits set. It does not check that the current user is - * the owner or in the owning group. - */ - if (!(sb.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) { - fprintf(stderr, "no execute permissions on device file %s\n", device_path); - goto err; - } - ptr = mmap(NULL, PAGE_SIZE, PROT_READ, MAP_SHARED, fd, 0); if (ptr == (void *)-1) { perror("mmap for read"); @@ -169,13 +159,13 @@ bool encl_load(const char *path, struct #define ERR_MSG \ "mmap() succeeded for PROT_READ, but failed for PROT_EXEC.\n" \ -" Check that current user has execute permissions on %s and \n" \ -" that /dev does not have noexec set: mount | grep \"/dev .*noexec\"\n" \ +" Check that /dev does not have noexec set:\n" \ +" \tmount | grep \"/dev .*noexec\"\n" \ " If so, remount it executable: mount -o remount,exec /dev\n\n" ptr = mmap(NULL, PAGE_SIZE, PROT_EXEC, MAP_SHARED, fd, 0); if (ptr == (void *)-1) { - fprintf(stderr, ERR_MSG, device_path); + fprintf(stderr, ERR_MSG); goto err; } munmap(ptr, PAGE_SIZE); _

4 years

5
4
0 0

[PATCH] selftests: icmp_redirect: support expected failures

by Andrea Righi

According to a comment in commit 99513cfa16c6 ("selftest: Fixes for icmp_redirect test") the test "IPv6: mtu exception plus redirect" is expected to fail, because of a bug in the IPv6 logic that hasn't been fixed yet apparently. We should probably consider this failure as an "expected failure", therefore change the script to return XFAIL for that particular test and also report the total amount of expected failures at the end of the run. Signed-off-by: Andrea Righi <andrea.righi(a)canonical.com> --- tools/testing/selftests/net/icmp_redirect.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/icmp_redirect.sh b/tools/testing/selftests/net/icmp_redirect.sh index bf361f30d6ef..c19ecc6a8614 100755 --- a/tools/testing/selftests/net/icmp_redirect.sh +++ b/tools/testing/selftests/net/icmp_redirect.sh @@ -63,10 +63,14 @@ log_test() local rc=$1 local expected=$2 local msg="$3" + local xfail=$4 if [ ${rc} -eq ${expected} ]; then printf "TEST: %-60s [ OK ]\n" "${msg}" nsuccess=$((nsuccess+1)) + elif [ ${rc} -eq ${xfail} ]; then + printf "TEST: %-60s [XFAIL]\n" "${msg}" + nxfail=$((nxfail+1)) else ret=1 nfail=$((nfail+1)) @@ -322,7 +326,7 @@ check_exception() ip -netns h1 -6 ro get ${H1_VRF_ARG} ${H2_N2_IP6} | \ grep -v "mtu" | grep -q "${R1_LLADDR}" fi - log_test $? 0 "IPv6: ${desc}" + log_test $? 0 "IPv6: ${desc}" 1 } run_ping() @@ -488,6 +492,7 @@ which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping) ret=0 nsuccess=0 nfail=0 +nxfail=0 while getopts :pv o do @@ -532,5 +537,6 @@ fi printf "\nTests passed: %3d\n" ${nsuccess} printf "Tests failed: %3d\n" ${nfail} +printf "Tests xfailed: %3d\n" ${nxfail} exit $ret -- 2.31.1

4 years

2
1
0 0

[PATCH v2] selftests/ftrace: fix event-no-pid on 1-core machine

by Krzysztof Kozlowski

When running event-no-pid test on small machines (e.g. cloud 1-core instance), other events might not happen: + cat trace + cnt=0 + [ 0 -eq 0 ] + fail No other events were recorded [15] event tracing - restricts events based on pid notrace filtering [FAIL] Schedule a simple sleep task to be sure that some other process events get recorded. Fixes: ebed9628f5c2 ("selftests/ftrace: Add test to test new set_event_notrace_pid file") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> Acked-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- Changes since v1: 1. Correct spelling in commit msg. 2. Add Steven's ack. --- .../testing/selftests/ftrace/test.d/event/event-no-pid.tc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/testing/selftests/ftrace/test.d/event/event-no-pid.tc b/tools/testing/selftests/ftrace/test.d/event/event-no-pid.tc index e6eb78f0b954..9933ed24f901 100644 --- a/tools/testing/selftests/ftrace/test.d/event/event-no-pid.tc +++ b/tools/testing/selftests/ftrace/test.d/event/event-no-pid.tc @@ -57,6 +57,10 @@ enable_events() { echo 1 > tracing_on } +other_task() { + sleep .001 || usleep 1 || sleep 1 +} + echo 0 > options/event-fork do_reset @@ -94,6 +98,9 @@ child=$! echo "child = $child" wait $child +# Be sure some other events will happen for small systems (e.g. 1 core) +other_task + echo 0 > tracing_on cnt=`count_pid $mypid` -- 2.27.0

4 years

3
2
0 0

6/23/2021 Product Inquiry

by John Lewis & Partnersip

Dear linux-kselftest The famous brand John Lewis Partnership, is UK's largest multi- channel retailer with over 126 shops and multiple expansion in Africa furnished by European/Asian/American products. We are sourcing new products to attract new customers and also retain our existing ones, create new partnerships with companies dealing with different kinds of goods globally. Your company's products are of interest to our market as we have an amazing market for your products. Provide us your current catalog through email to review more. We hope to be able to order with you and start a long-term friendly, respectable and solid business partnership. Please we would appreciate it if you could send us your stock availability via email if any. Our payment terms are 15 days net in Europe, 30 days Net in UK and 30 days net in Asia/USA as we operate with over 5297 suppliers around the globe for the past 50 years now. For immediate response Send your reply to robert_turner@johnlewis- trading.com for us to be able to treat with care and urgency. Best Regards Rob Turner Head Of Procurement Operations John Lewis & Partners. robert_turner(a)johnlewis-trading.com Tel: +44-7451-274090 WhatsApp: +447497483925 www.johnlewis.com REGISTERED OFFICE: 171 VICTORIA STREET, LONDON SW1E 5NN

4 years

1
0
0 0

Re: [selftests/lkdtm] 84d8cf25b0: kernel_BUG_at_drivers/misc/lkdtm/bugs.c

by Kees Cook

On Wed, Jun 23, 2021 at 10:35:50PM +0800, kernel test robot wrote: > > > Greeting, > > FYI, we noticed the following commit (built with gcc-9): > > commit: 84d8cf25b0f80da0ac229214864654a7662ec7e4 ("[PATCH v2] selftests/lkdtm: Use /bin/sh not $SHELL") > url: https://github.com/0day-ci/linux/commits/Kees-Cook/selftests-lkdtm-Use-bin-… > base: https://git.kernel.org/cgit/linux/kernel/git/shuah/linux-kselftest.git next > > in testcase: kernel-selftests > version: kernel-selftests-x86_64-f8879e85-1_20210618 > with following parameters: > > group: lkdtm > ucode: 0xe2 Heh. Yes, this is working as intended. :) Most of the lkdtm tests will trigger Oopses, and this is by design: it is checking that the kernel catches bad conditions and freaks out appropriately. -Kees -- Kees Cook

4 years

1
0
0 0

[PATCH] selftests/ftrace: fix event-no-pid on 1-core machine

by Krzysztof Kozlowski

When running event-no-pid test on a small machines (e.g. cloud 1-core instance), other events might not happen: + cat trace + cnt=0 + [ 0 -eq 0 ] + fail No other events were recorded [15] event tracing - restricts events based on pid notrace filtering [FAIL] Schedule a simple sleep task to be sure that some other process events get recorder. Fixes: ebed9628f5c2 ("selftests/ftrace: Add test to test new set_event_notrace_pid file") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> --- .../testing/selftests/ftrace/test.d/event/event-no-pid.tc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/testing/selftests/ftrace/test.d/event/event-no-pid.tc b/tools/testing/selftests/ftrace/test.d/event/event-no-pid.tc index e6eb78f0b954..9933ed24f901 100644 --- a/tools/testing/selftests/ftrace/test.d/event/event-no-pid.tc +++ b/tools/testing/selftests/ftrace/test.d/event/event-no-pid.tc @@ -57,6 +57,10 @@ enable_events() { echo 1 > tracing_on } +other_task() { + sleep .001 || usleep 1 || sleep 1 +} + echo 0 > options/event-fork do_reset @@ -94,6 +98,9 @@ child=$! echo "child = $child" wait $child +# Be sure some other events will happen for small systems (e.g. 1 core) +other_task + echo 0 > tracing_on cnt=`count_pid $mypid` -- 2.27.0

4 years

2
3
0 0

[PATCH] KVM: selftests: fix triple fault if ept=0 in dirty_log_test

by Hou Wenlong

Commit 22f232d134e1 ("KVM: selftests: x86: Set supported CPUIDs on default VM") moved vcpu_set_cpuid into vm_create_with_vcpus, but dirty_log_test doesn't use it to create vm. So vcpu's CPUIDs is not set, the guest's pa_bits in kvm would be smaller than the value queried by userspace. However, the dirty track memory slot is in the highest GPA, the reserved bits in gpte would be set with wrong pa_bits. For shadowpaing, page fault would fail in permission_fault and be injected into guest. Since guest doesn't have idt, it finally leads to vm_exit for triple fault. Move vcpu_set_cpuid into vm_vcpu_add_default to set supported CPUIDs on default vcpu, since almost all tests need it. Fixes: 22f232d134e1 ("KVM: selftests: x86: Set supported CPUIDs on default VM") Signed-off-by: Hou Wenlong <houwenlong93(a)linux.alibaba.com> --- tools/testing/selftests/kvm/lib/kvm_util.c | 4 ---- tools/testing/selftests/kvm/lib/x86_64/processor.c | 3 +++ tools/testing/selftests/kvm/steal_time.c | 2 -- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index a2b732cf96ea..8ea854d7822d 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -375,10 +375,6 @@ struct kvm_vm *vm_create_with_vcpus(enum vm_guest_mode mode, uint32_t nr_vcpus, uint32_t vcpuid = vcpuids ? vcpuids[i] : i; vm_vcpu_add_default(vm, vcpuid, guest_code); - -#ifdef __x86_64__ - vcpu_set_cpuid(vm, vcpuid, kvm_get_supported_cpuid()); -#endif } return vm; diff --git a/tools/testing/selftests/kvm/lib/x86_64/processor.c b/tools/testing/selftests/kvm/lib/x86_64/processor.c index efe235044421..595322b24e4c 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/processor.c +++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c @@ -600,6 +600,9 @@ void vm_vcpu_add_default(struct kvm_vm *vm, uint32_t vcpuid, void *guest_code) /* Setup the MP state */ mp_state.mp_state = 0; vcpu_set_mp_state(vm, vcpuid, &mp_state); + + /* Setup supported CPUIDs */ + vcpu_set_cpuid(vm, vcpuid, kvm_get_supported_cpuid()); } /* diff --git a/tools/testing/selftests/kvm/steal_time.c b/tools/testing/selftests/kvm/steal_time.c index fcc840088c91..a6fe75cb9a6e 100644 --- a/tools/testing/selftests/kvm/steal_time.c +++ b/tools/testing/selftests/kvm/steal_time.c @@ -73,8 +73,6 @@ static void steal_time_init(struct kvm_vm *vm) for (i = 0; i < NR_VCPUS; ++i) { int ret; - vcpu_set_cpuid(vm, i, kvm_get_supported_cpuid()); - /* ST_GPA_BASE is identity mapped */ st_gva[i] = (void *)(ST_GPA_BASE + i * STEAL_TIME_SIZE); sync_global_to_guest(vm, st_gva[i]); -- 2.31.1

4 years

2
1
0 0

[PATCHv8] exec: Fix dead-lock in de_thread with ptrace_attach

by Bernd Edlinger

This introduces signal->unsafe_execve_in_progress, which is used to fix the case when at least one of the sibling threads is traced, and therefore the trace process may dead-lock in ptrace_attach, but de_thread will need to wait for the tracer to continue execution. The solution is to detect this situation and allow ptrace_attach to continue, while de_thread() is still waiting for traced zombies to be eventually released. When the current thread changed the ptrace status from non-traced to traced, we can simply abort the whole execve and restart it by returning -ERESTARTSYS. This needs to be done before changing the thread leader, because the PTRACE_EVENT_EXEC needs to know the old thread pid. Although it is technically after the point of no return, we just have to reset bprm->point_of_no_return here, since at this time only the other threads have received a fatal signal, not the current thread. >From the user's point of view the whole execve was simply delayed until after the ptrace_attach. Other threads die quickly since the cred_guard_mutex is released, but a deadly signal is already pending. In case the mutex_lock_killable misses the signal, ->unsafe_execve_in_progress makes sure they release the mutex immediately and return with -ERESTARTNOINTR. This means there is no API change, unlike the previous version of this patch which was discussed here: https://lore.kernel.org/lkml/b6537ae6-31b1-5c50-f32b-8b8332ace882@hotmail.d… See tools/testing/selftests/ptrace/vmaccess.c for a test case that gets fixed by this change. Note that since the test case was originally designed to test the ptrace_attach returning an error in this situation, the test expectation needed to be adjusted, to allow the API to succeed at the first attempt. Signed-off-by: Bernd Edlinger <bernd.edlinger(a)hotmail.de> --- fs/exec.c | 45 ++++++++++++++++++++++++++----- fs/proc/base.c | 6 +++++ include/linux/sched/signal.h | 13 +++++++++ kernel/ptrace.c | 9 +++++++ kernel/seccomp.c | 12 ++++++--- tools/testing/selftests/ptrace/vmaccess.c | 25 +++++++++++------ 6 files changed, 92 insertions(+), 18 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index 8344fba..ac3fec1 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1040,6 +1040,8 @@ static int de_thread(struct task_struct *tsk) struct signal_struct *sig = tsk->signal; struct sighand_struct *oldsighand = tsk->sighand; spinlock_t *lock = &oldsighand->siglock; + unsigned int prev_ptrace = tsk->ptrace; + struct task_struct *t = tsk; if (thread_group_empty(tsk)) goto no_thread_group; @@ -1057,20 +1059,40 @@ static int de_thread(struct task_struct *tsk) return -EAGAIN; } + while_each_thread(tsk, t) { + if (unlikely(t->ptrace) && t != tsk->group_leader) + sig->unsafe_execve_in_progress = true; + } + sig->group_exit_task = tsk; sig->notify_count = zap_other_threads(tsk); if (!thread_group_leader(tsk)) sig->notify_count--; + spin_unlock_irq(lock); - while (sig->notify_count) { - __set_current_state(TASK_KILLABLE); - spin_unlock_irq(lock); + if (unlikely(sig->unsafe_execve_in_progress)) + mutex_unlock(&sig->cred_guard_mutex); + + for (;;) { + set_current_state(TASK_KILLABLE); + if (!sig->notify_count) + break; schedule(); if (__fatal_signal_pending(tsk)) goto killed; - spin_lock_irq(lock); } - spin_unlock_irq(lock); + __set_current_state(TASK_RUNNING); + + if (unlikely(sig->unsafe_execve_in_progress)) { + if (mutex_lock_killable(&sig->cred_guard_mutex)) + goto killed; + sig->unsafe_execve_in_progress = false; + if (!prev_ptrace && tsk->ptrace) { + sig->group_exit_task = NULL; + sig->notify_count = 0; + return -ERESTARTSYS; + } + } /* * At this point all other threads have exited, all we have to @@ -1255,8 +1277,11 @@ int begin_new_exec(struct linux_binprm * bprm) * Make this the only thread in the thread group. */ retval = de_thread(me); - if (retval) + if (retval) { + if (retval == -ERESTARTSYS) + bprm->point_of_no_return = false; goto out; + } /* * Cancel any io_uring activity across execve @@ -1466,6 +1491,11 @@ static int prepare_bprm_creds(struct linux_binprm *bprm) if (mutex_lock_interruptible(&current->signal->cred_guard_mutex)) return -ERESTARTNOINTR; + if (unlikely(current->signal->unsafe_execve_in_progress)) { + mutex_unlock(&current->signal->cred_guard_mutex); + return -ERESTARTNOINTR; + } + bprm->cred = prepare_exec_creds(); if (likely(bprm->cred)) return 0; @@ -1482,7 +1512,8 @@ static void free_bprm(struct linux_binprm *bprm) } free_arg_pages(bprm); if (bprm->cred) { - mutex_unlock(&current->signal->cred_guard_mutex); + if (!current->signal->unsafe_execve_in_progress) + mutex_unlock(&current->signal->cred_guard_mutex); abort_creds(bprm->cred); } if (bprm->file) { diff --git a/fs/proc/base.c b/fs/proc/base.c index 3851bfc..3b2a55c 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2739,6 +2739,12 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, if (rv < 0) goto out_free; + if (unlikely(current->signal->unsafe_execve_in_progress)) { + mutex_unlock(&current->signal->cred_guard_mutex); + rv = -ERESTARTNOINTR; + goto out_free; + } + rv = security_setprocattr(PROC_I(inode)->op.lsm, file->f_path.dentry->d_name.name, page, count); diff --git a/include/linux/sched/signal.h b/include/linux/sched/signal.h index 3f6a0fc..220a083 100644 --- a/include/linux/sched/signal.h +++ b/include/linux/sched/signal.h @@ -214,6 +214,17 @@ struct signal_struct { #endif /* + * Set while execve is executing but is *not* holding + * cred_guard_mutex to avoid possible dead-locks. + * The cred_guard_mutex is released *after* de_thread() has + * called zap_other_threads(), therefore a fatal signal is + * guaranteed to be already pending in the unlikely event, that + * current->signal->unsafe_execve_in_progress happens to be + * true after the cred_guard_mutex was acquired. + */ + bool unsafe_execve_in_progress; + + /* * Thread is the potential origin of an oom condition; kill first on * oom */ @@ -227,6 +238,8 @@ struct signal_struct { struct mutex cred_guard_mutex; /* guard against foreign influences on * credential calculations * (notably. ptrace) + * Held while execve runs, except when + * a sibling thread is being traced. * Deprecated do not use in new code. * Use exec_update_lock instead. */ diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 61db50f..0cbc1eb 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c @@ -468,6 +468,14 @@ static int ptrace_traceme(void) { int ret = -EPERM; + if (mutex_lock_interruptible(&current->signal->cred_guard_mutex)) + return -ERESTARTNOINTR; + + if (unlikely(current->signal->unsafe_execve_in_progress)) { + mutex_unlock(&current->signal->cred_guard_mutex); + return -ERESTARTNOINTR; + } + write_lock_irq(&tasklist_lock); /* Are we already being traced? */ if (!current->ptrace) { @@ -483,6 +491,7 @@ static int ptrace_traceme(void) } } write_unlock_irq(&tasklist_lock); + mutex_unlock(&current->signal->cred_guard_mutex); return ret; } diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 1d60fc2..b1389ee 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -1824,9 +1824,15 @@ static long seccomp_set_mode_filter(unsigned int flags, * Make sure we cannot change seccomp or nnp state via TSYNC * while another thread is in the middle of calling exec. */ - if (flags & SECCOMP_FILTER_FLAG_TSYNC && - mutex_lock_killable(&current->signal->cred_guard_mutex)) - goto out_put_fd; + if (flags & SECCOMP_FILTER_FLAG_TSYNC) { + if (mutex_lock_killable(&current->signal->cred_guard_mutex)) + goto out_put_fd; + + if (unlikely(current->signal->unsafe_execve_in_progress)) { + mutex_unlock(&current->signal->cred_guard_mutex); + goto out_put_fd; + } + } spin_lock_irq(&current->sighand->siglock); diff --git a/tools/testing/selftests/ptrace/vmaccess.c b/tools/testing/selftests/ptrace/vmaccess.c index 4db327b..c7c2242 100644 --- a/tools/testing/selftests/ptrace/vmaccess.c +++ b/tools/testing/selftests/ptrace/vmaccess.c @@ -39,8 +39,15 @@ static void *thread(void *arg) f = open(mm, O_RDONLY); ASSERT_GE(f, 0); close(f); - f = kill(pid, SIGCONT); - ASSERT_EQ(f, 0); + f = waitpid(-1, NULL, 0); + ASSERT_NE(f, -1); + ASSERT_NE(f, 0); + ASSERT_NE(f, pid); + f = waitpid(-1, NULL, 0); + ASSERT_EQ(f, pid); + f = waitpid(-1, NULL, 0); + ASSERT_EQ(f, -1); + ASSERT_EQ(errno, ECHILD); } TEST(attach) @@ -57,22 +64,24 @@ static void *thread(void *arg) sleep(1); k = ptrace(PTRACE_ATTACH, pid, 0L, 0L); - ASSERT_EQ(errno, EAGAIN); - ASSERT_EQ(k, -1); + ASSERT_EQ(k, 0); k = waitpid(-1, &s, WNOHANG); ASSERT_NE(k, -1); ASSERT_NE(k, 0); ASSERT_NE(k, pid); ASSERT_EQ(WIFEXITED(s), 1); ASSERT_EQ(WEXITSTATUS(s), 0); - sleep(1); - k = ptrace(PTRACE_ATTACH, pid, 0L, 0L); - ASSERT_EQ(k, 0); k = waitpid(-1, &s, 0); ASSERT_EQ(k, pid); ASSERT_EQ(WIFSTOPPED(s), 1); ASSERT_EQ(WSTOPSIG(s), SIGSTOP); - k = ptrace(PTRACE_DETACH, pid, 0L, 0L); + k = ptrace(PTRACE_CONT, pid, 0L, 0L); + ASSERT_EQ(k, 0); + k = waitpid(-1, &s, 0); + ASSERT_EQ(k, pid); + ASSERT_EQ(WIFSTOPPED(s), 1); + ASSERT_EQ(WSTOPSIG(s), SIGTRAP); + k = ptrace(PTRACE_CONT, pid, 0L, 0L); ASSERT_EQ(k, 0); k = waitpid(-1, &s, 0); ASSERT_EQ(k, pid); -- 1.9.1

4 years

4
13
0 0

[PATCH v12 0/7] KVM statistics data fd-based binary interface

by Jing Zhang

This patchset provides a file descriptor for every VM and VCPU to read KVM statistics data in binary format. It is meant to provide a lightweight, flexible, scalable and efficient lock-free solution for user space telemetry applications to pull the statistics data periodically for large scale systems. The pulling frequency could be as high as a few times per second. In this patchset, every statistics data are treated to have some attributes as below: * architecture dependent or generic * VM statistics data or VCPU statistics data * type: cumulative, instantaneous, peak * unit: none for simple counter, nanosecond, microsecond, millisecond, second, Byte, KiByte, MiByte, GiByte, Clock Cycles Since no lock/synchronization is used, the consistency between all the statistics data is not guaranteed. That means not all statistics data are read out at the exact same time, since the statistics data are still being updated by KVM subsystems while they are read out. --- * v11 -> v12 - Revised the structure kvm_stats_header and corresponding code by Paolo's suggestion. Move the id string out of header. - Define stats header and stats descriptors as const. - Update some comments by Greg's review. * v10 -> v11 - Rebase to kvm/queue, commit f1b832550832 (KVM: x86/mmu: Fix TDP MMU page table level) - Separate binary stats implementation commit - Use flexible length array member field in API structure instead of zero-length array member field - Move major binary stats reading function in a separate source file - Move stats id string into vm/vcpu structures - Add some detailed comments and update commit messages - Addressed some other review comments from Greg K.H. and Paolo. * v9 -> v10 - Relocate vcpu stat in vcpu's slab's usercopy region - Fix test issue for capability checking - Update commit message to explain why/how we need to add this new API for KVM statistics * v8 -> v9 - Rebase to commit 8331a2bc0898 (KVM: X86: Introduce KVM_HC_MAP_GPA_RANGE hypercall) - Reduce code duplication between binary and debugfs interface - Add field "offset" in stats descriptor to let us define stats descriptors in any order (not necessary in the order of stats defined in vm/vcpu stats structures) - Add static check to make sure the number of stats descriptors is the same as the number of stats defined in vm/vcpu stats structures - Fix missing/mismatched stats descriptor definition caused by rebase * v7 -> v8 - Rebase to kvm/queue, commit c1dc20e254b4 ("KVM: switch per-VM stats to u64") - Revise code to reflect the per-VM stats type from ulong to u64 - Addressed some other nits * v6 -> v7 - Improve file descriptor allocation function by Krish suggestion - Use "generic stats" instead of "common stats" as Krish suggested - Addressed some other nits from Krish and David Matlack * v5 -> v6 - Use designated initializers for STATS_DESC - Change KVM_STATS_SCALE... to KVM_STATS_BASE... - Use a common function for kvm_[vm|vcpu]_stats_read - Fix some documentation errors/missings - Use TEST_ASSERT in selftest - Use a common function for [vm|vcpu]_stats_test in selftest * v4 -> v5 - Rebase to kvm/queue, commit a4345a7cecfb ("Merge tag 'kvmarm-fixes-5.13-1'") - Change maximum stats name length to 48 - Replace VM_STATS_COMMON/VCPU_STATS_COMMON macros with stats descriptor definition macros. - Fixed some errors/warnings reported by checkpatch.pl * v3 -> v4 - Rebase to kvm/queue, commit 9f242010c3b4 ("KVM: avoid "deadlock" between install_new_memslots and MMU notifier") - Use C-stype comments in the whole patch - Fix wrong count for x86 VCPU stats descriptors - Fix KVM stats data size counting and validity check in selftest * v2 -> v3 - Rebase to kvm/queue, commit edf408f5257b ("KVM: avoid "deadlock" between install_new_memslots and MMU notifier") - Resolve some nitpicks about format * v1 -> v2 - Use ARRAY_SIZE to count the number of stats descriptors - Fix missing `size` field initialization in macro STATS_DESC [1] https://lore.kernel.org/kvm/20210402224359.2297157-1-jingzhangos@google.com [2] https://lore.kernel.org/kvm/20210415151741.1607806-1-jingzhangos@google.com [3] https://lore.kernel.org/kvm/20210423181727.596466-1-jingzhangos@google.com [4] https://lore.kernel.org/kvm/20210429203740.1935629-1-jingzhangos@google.com [5] https://lore.kernel.org/kvm/20210517145314.157626-1-jingzhangos@google.com [6] https://lore.kernel.org/kvm/20210524151828.4113777-1-jingzhangos@google.com [7] https://lore.kernel.org/kvm/20210603211426.790093-1-jingzhangos@google.com [8] https://lore.kernel.org/kvm/20210611124624.1404010-1-jingzhangos@google.com [9] https://lore.kernel.org/kvm/20210614212155.1670777-1-jingzhangos@google.com [10] https://lore.kernel.org/kvm/20210617044146.2667540-1-jingzhangos@google.com [11] https://lore.kernel.org/kvm/20210618044819.3690166-1-jingzhangos@google.com --- Jing Zhang (7): KVM: stats: Separate generic stats from architecture specific ones KVM: stats: Add fd-based API to read binary stats data KVM: stats: Support binary stats retrieval for a VM KVM: stats: Support binary stats retrieval for a VCPU KVM: stats: Add documentation for binary statistics interface KVM: selftests: Add selftest for KVM statistics data binary interface KVM: stats: Remove code duplication for binary and debugfs stats Documentation/virt/kvm/api.rst | 198 ++++++++++++++- arch/arm64/include/asm/kvm_host.h | 9 +- arch/arm64/kvm/Makefile | 2 +- arch/arm64/kvm/guest.c | 48 ++-- arch/mips/include/asm/kvm_host.h | 9 +- arch/mips/kvm/Makefile | 2 +- arch/mips/kvm/mips.c | 90 ++++--- arch/powerpc/include/asm/kvm_host.h | 9 +- arch/powerpc/kvm/Makefile | 2 +- arch/powerpc/kvm/book3s.c | 91 ++++--- arch/powerpc/kvm/book3s_hv.c | 12 +- arch/powerpc/kvm/book3s_pr.c | 2 +- arch/powerpc/kvm/book3s_pr_papr.c | 2 +- arch/powerpc/kvm/booke.c | 76 ++++-- arch/s390/include/asm/kvm_host.h | 9 +- arch/s390/kvm/Makefile | 3 +- arch/s390/kvm/kvm-s390.c | 232 +++++++++-------- arch/x86/include/asm/kvm_host.h | 9 +- arch/x86/kvm/Makefile | 2 +- arch/x86/kvm/x86.c | 109 ++++---- include/linux/kvm_host.h | 182 ++++++++++++-- include/linux/kvm_types.h | 14 ++ include/uapi/linux/kvm.h | 73 ++++++ tools/testing/selftests/kvm/.gitignore | 1 + tools/testing/selftests/kvm/Makefile | 3 + .../testing/selftests/kvm/include/kvm_util.h | 3 + .../selftests/kvm/kvm_binary_stats_test.c | 234 ++++++++++++++++++ tools/testing/selftests/kvm/lib/kvm_util.c | 12 + virt/kvm/binary_stats.c | 144 +++++++++++ virt/kvm/kvm_main.c | 218 +++++++++++++--- 30 files changed, 1443 insertions(+), 357 deletions(-) create mode 100644 tools/testing/selftests/kvm/kvm_binary_stats_test.c create mode 100644 virt/kvm/binary_stats.c base-commit: f1b8325508327a302f1d5cd8a4bf51e2c9c72fa9 -- 2.32.0.288.g62a8d224e6-goog

4 years

2
15
0 0

[PATCH v4 0/1] lib: Convert UUID runtime test to KUnit

by André Almeida

Hi, This patch converts existing UUID runtime test to use KUnit framework. Below, there's a comparison between the old output format and the new one. Keep in mind that even if KUnit seems very verbose, this is the corner case where _every_ test has failed. * This is how the current output looks like in success: test_uuid: all 18 tests passed * And when it fails: test_uuid: conversion test #1 failed on LE data: 'c33f4995-3701-450e-9fbf-206a2e98e576' test_uuid: cmp test #2 failed on LE data: 'c33f4995-3701-450e-9fbf-206a2e98e576' test_uuid: cmp test #2 actual data: 'c33f4995-3701-450e-9fbf-206a2e98e576' test_uuid: conversion test #3 failed on BE data: 'c33f4995-3701-450e-9fbf-206a2e98e576' test_uuid: cmp test #4 failed on BE data: 'c33f4995-3701-450e-9fbf-206a2e98e576' test_uuid: cmp test #4 actual data: 'c33f4995-3701-450e-9fbf-206a2e98e576' test_uuid: conversion test #5 failed on LE data: '64b4371c-77c1-48f9-8221-29f054fc023b' test_uuid: cmp test #6 failed on LE data: '64b4371c-77c1-48f9-8221-29f054fc023b' test_uuid: cmp test #6 actual data: '64b4371c-77c1-48f9-8221-29f054fc023b' test_uuid: conversion test #7 failed on BE data: '64b4371c-77c1-48f9-8221-29f054fc023b' test_uuid: cmp test #8 failed on BE data: '64b4371c-77c1-48f9-8221-29f054fc023b' test_uuid: cmp test #8 actual data: '64b4371c-77c1-48f9-8221-29f054fc023b' test_uuid: conversion test #9 failed on LE data: '0cb4ddff-a545-4401-9d06-688af53e7f84' test_uuid: cmp test #10 failed on LE data: '0cb4ddff-a545-4401-9d06-688af53e7f84' test_uuid: cmp test #10 actual data: '0cb4ddff-a545-4401-9d06-688af53e7f84' test_uuid: conversion test #11 failed on BE data: '0cb4ddff-a545-4401-9d06-688af53e7f84' test_uuid: cmp test #12 failed on BE data: '0cb4ddff-a545-4401-9d06-688af53e7f84' test_uuid: cmp test #12 actual data: '0cb4ddff-a545-4401-9d06-688af53e7f84' test_uuid: negative test #13 passed on wrong LE data: 'c33f4995-3701-450e-9fbf206a2e98e576 ' test_uuid: negative test #14 passed on wrong BE data: 'c33f4995-3701-450e-9fbf206a2e98e576 ' test_uuid: negative test #15 passed on wrong LE data: '64b4371c-77c1-48f9-8221-29f054XX023b' test_uuid: negative test #16 passed on wrong BE data: '64b4371c-77c1-48f9-8221-29f054XX023b' test_uuid: negative test #17 passed on wrong LE data: '0cb4ddff-a545-4401-9d06-688af53e' test_uuid: negative test #18 passed on wrong BE data: '0cb4ddff-a545-4401-9d06-688af53e' test_uuid: failed 18 out of 18 tests * Now, here's how it looks like with KUnit: ======== [PASSED] uuid ======== [PASSED] uuid_correct_be [PASSED] uuid_correct_le [PASSED] uuid_wrong_be [PASSED] uuid_wrong_le * And if every test fail with KUnit: ======== [FAILED] uuid ======== [FAILED] uuid_correct_be # uuid_correct_be: ASSERTION FAILED at lib/test_uuid.c:57 Expected uuid_parse(data->uuid, &be) == 1, but uuid_parse(data->uuid, &be) == 0 failed to parse 'c33f4995-3701-450e-9fbf-206a2e98e576' # uuid_correct_be: not ok 1 - c33f4995-3701-450e-9fbf-206a2e98e576 # uuid_correct_be: ASSERTION FAILED at lib/test_uuid.c:57 Expected uuid_parse(data->uuid, &be) == 1, but uuid_parse(data->uuid, &be) == 0 failed to parse '64b4371c-77c1-48f9-8221-29f054fc023b' # uuid_correct_be: not ok 2 - 64b4371c-77c1-48f9-8221-29f054fc023b # uuid_correct_be: ASSERTION FAILED at lib/test_uuid.c:57 Expected uuid_parse(data->uuid, &be) == 1, but uuid_parse(data->uuid, &be) == 0 failed to parse '0cb4ddff-a545-4401-9d06-688af53e7f84' # uuid_correct_be: not ok 3 - 0cb4ddff-a545-4401-9d06-688af53e7f84 not ok 1 - uuid_correct_be [FAILED] uuid_correct_le # uuid_correct_le: ASSERTION FAILED at lib/test_uuid.c:46 Expected guid_parse(data->uuid, &le) == 1, but guid_parse(data->uuid, &le) == 0 failed to parse 'c33f4995-3701-450e-9fbf-206a2e98e576' # uuid_correct_le: not ok 1 - c33f4995-3701-450e-9fbf-206a2e98e576 # uuid_correct_le: ASSERTION FAILED at lib/test_uuid.c:46 Expected guid_parse(data->uuid, &le) == 1, but guid_parse(data->uuid, &le) == 0 failed to parse '64b4371c-77c1-48f9-8221-29f054fc023b' # uuid_correct_le: not ok 2 - 64b4371c-77c1-48f9-8221-29f054fc023b # uuid_correct_le: ASSERTION FAILED at lib/test_uuid.c:46 Expected guid_parse(data->uuid, &le) == 1, but guid_parse(data->uuid, &le) == 0 failed to parse '0cb4ddff-a545-4401-9d06-688af53e7f84' # uuid_correct_le: not ok 3 - 0cb4ddff-a545-4401-9d06-688af53e7f84 not ok 2 - uuid_correct_le [FAILED] uuid_wrong_be # uuid_wrong_be: ASSERTION FAILED at lib/test_uuid.c:77 Expected uuid_parse(*data, &be) == 0, but uuid_parse(*data, &be) == -22 parsing of 'c33f4995-3701-450e-9fbf206a2e98e576 ' should've failed # uuid_wrong_be: not ok 1 - c33f4995-3701-450e-9fbf206a2e98e576 # uuid_wrong_be: ASSERTION FAILED at lib/test_uuid.c:77 Expected uuid_parse(*data, &be) == 0, but uuid_parse(*data, &be) == -22 parsing of '64b4371c-77c1-48f9-8221-29f054XX023b' should've failed # uuid_wrong_be: not ok 2 - 64b4371c-77c1-48f9-8221-29f054XX023b # uuid_wrong_be: ASSERTION FAILED at lib/test_uuid.c:77 Expected uuid_parse(*data, &be) == 0, but uuid_parse(*data, &be) == -22 parsing of '0cb4ddff-a545-4401-9d06-688af53e' should've failed # uuid_wrong_be: not ok 3 - 0cb4ddff-a545-4401-9d06-688af53e not ok 3 - uuid_wrong_be [FAILED] uuid_wrong_le # uuid_wrong_le: ASSERTION FAILED at lib/test_uuid.c:68 Expected guid_parse(*data, &le) == 0, but guid_parse(*data, &le) == -22 parsing of 'c33f4995-3701-450e-9fbf206a2e98e576 ' should've failed # uuid_wrong_le: not ok 1 - c33f4995-3701-450e-9fbf206a2e98e576 # uuid_wrong_le: ASSERTION FAILED at lib/test_uuid.c:68 Expected guid_parse(*data, &le) == 0, but guid_parse(*data, &le) == -22 parsing of '64b4371c-77c1-48f9-8221-29f054XX023b' should've failed # uuid_wrong_le: not ok 2 - 64b4371c-77c1-48f9-8221-29f054XX023b # uuid_wrong_le: ASSERTION FAILED at lib/test_uuid.c:68 Expected guid_parse(*data, &le) == 0, but guid_parse(*data, &le) == -22 parsing of '0cb4ddff-a545-4401-9d06-688af53e' should've failed # uuid_wrong_le: not ok 3 - 0cb4ddff-a545-4401-9d06-688af53e not ok 4 - uuid_wrong_le Changes from v3: - Drop unnecessary casts and braces. - Simplify Kconfig entry v3: https://lore.kernel.org/lkml/20210610163959.71634-1-andrealmeid@collabora.c… Changes from v2: - Clarify in commit message the new test cases setup v2: https://lore.kernel.org/lkml/20210609233730.164082-1-andrealmeid@collabora.… Changes from v1: - Test suite name: uuid_test -> uuid - Config name: TEST_UUID -> UUID_KUNIT_TEST - Config entry in the Kconfig file left where it is - Converted tests to use _MSG variant v1: https://lore.kernel.org/lkml/20210605215215.171165-1-andrealmeid@collabora.… André Almeida (1): lib: Convert UUID runtime test to KUnit lib/Kconfig.debug | 8 ++- lib/Makefile | 2 +- lib/test_uuid.c | 137 +++++++++++++++++++--------------------------- 3 files changed, 64 insertions(+), 83 deletions(-) -- 2.31.1

4 years

2
3
0 0

[PATCH net 1/2] selftests: tls: clean up uninitialized warnings

by Jakub Kicinski

A bunch of tests uses uninitialized stack memory as random data to send. This is harmless but generates compiler warnings. Explicitly init the buffers with random data. Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- tools/testing/selftests/net/tls.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tools/testing/selftests/net/tls.c b/tools/testing/selftests/net/tls.c index 426d07875a48..58fea6eb588d 100644 --- a/tools/testing/selftests/net/tls.c +++ b/tools/testing/selftests/net/tls.c @@ -25,6 +25,18 @@ #define TLS_PAYLOAD_MAX_LEN 16384 #define SOL_TLS 282 +static void memrnd(void *s, size_t n) +{ + int *dword = s; + char *byte; + + for (; n >= 4; n -= 4) + *dword++ = rand(); + byte = (void *)dword; + while (n--) + *byte++ = rand(); +} + FIXTURE(tls_basic) { int fd, cfd; @@ -308,6 +320,8 @@ TEST_F(tls, recv_max) char recv_mem[TLS_PAYLOAD_MAX_LEN]; char buf[TLS_PAYLOAD_MAX_LEN]; + memrnd(buf, sizeof(buf)); + EXPECT_GE(send(self->fd, buf, send_len, 0), 0); EXPECT_NE(recv(self->cfd, recv_mem, send_len, 0), -1); EXPECT_EQ(memcmp(buf, recv_mem, send_len), 0); @@ -588,6 +602,8 @@ TEST_F(tls, recvmsg_single_max) struct iovec vec; struct msghdr hdr; + memrnd(send_mem, sizeof(send_mem)); + EXPECT_EQ(send(self->fd, send_mem, send_len, 0), send_len); vec.iov_base = (char *)recv_mem; vec.iov_len = TLS_PAYLOAD_MAX_LEN; @@ -610,6 +626,8 @@ TEST_F(tls, recvmsg_multiple) struct msghdr hdr; int i; + memrnd(buf, sizeof(buf)); + EXPECT_EQ(send(self->fd, buf, send_len, 0), send_len); for (i = 0; i < msg_iovlen; i++) { iov_base[i] = (char *)malloc(iov_len); @@ -634,6 +652,8 @@ TEST_F(tls, single_send_multiple_recv) char send_mem[TLS_PAYLOAD_MAX_LEN * 2]; char recv_mem[TLS_PAYLOAD_MAX_LEN * 2]; + memrnd(send_mem, sizeof(send_mem)); + EXPECT_GE(send(self->fd, send_mem, total_len, 0), 0); memset(recv_mem, 0, total_len); -- 2.31.1

4 years

3
4
0 0

[PATCH AUTOSEL 4.19 13/16] KVM: selftests: Fix kvm_check_cap() assertion

by Sasha Levin

From: Fuad Tabba <tabba(a)google.com> [ Upstream commit d8ac05ea13d789d5491a5920d70a05659015441d ] KVM_CHECK_EXTENSION ioctl can return any negative value on error, and not necessarily -1. Change the assertion to reflect that. Signed-off-by: Fuad Tabba <tabba(a)google.com> Message-Id: <20210615150443.1183365-1-tabba(a)google.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/kvm/lib/kvm_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index fb5d2d1e0c04..b138fd5e4620 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -55,7 +55,7 @@ int kvm_check_cap(long cap) exit(KSFT_SKIP); ret = ioctl(kvm_fd, KVM_CHECK_EXTENSION, cap); - TEST_ASSERT(ret != -1, "KVM_CHECK_EXTENSION IOCTL failed,\n" + TEST_ASSERT(ret >= 0, "KVM_CHECK_EXTENSION IOCTL failed,\n" " rc: %i errno: %i", ret, errno); close(kvm_fd); -- 2.30.2

4 years

1
0
0 0

[PATCH AUTOSEL 5.4 21/26] KVM: selftests: Fix kvm_check_cap() assertion

by Sasha Levin

From: Fuad Tabba <tabba(a)google.com> [ Upstream commit d8ac05ea13d789d5491a5920d70a05659015441d ] KVM_CHECK_EXTENSION ioctl can return any negative value on error, and not necessarily -1. Change the assertion to reflect that. Signed-off-by: Fuad Tabba <tabba(a)google.com> Message-Id: <20210615150443.1183365-1-tabba(a)google.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/kvm/lib/kvm_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index 41cf45416060..38de88e5ffbb 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -54,7 +54,7 @@ int kvm_check_cap(long cap) exit(KSFT_SKIP); ret = ioctl(kvm_fd, KVM_CHECK_EXTENSION, cap); - TEST_ASSERT(ret != -1, "KVM_CHECK_EXTENSION IOCTL failed,\n" + TEST_ASSERT(ret >= 0, "KVM_CHECK_EXTENSION IOCTL failed,\n" " rc: %i errno: %i", ret, errno); close(kvm_fd); -- 2.30.2

4 years

1
0
0 0

[PATCH AUTOSEL 5.10 28/35] KVM: selftests: Fix kvm_check_cap() assertion

by Sasha Levin

From: Fuad Tabba <tabba(a)google.com> [ Upstream commit d8ac05ea13d789d5491a5920d70a05659015441d ] KVM_CHECK_EXTENSION ioctl can return any negative value on error, and not necessarily -1. Change the assertion to reflect that. Signed-off-by: Fuad Tabba <tabba(a)google.com> Message-Id: <20210615150443.1183365-1-tabba(a)google.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/kvm/lib/kvm_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index 126c6727a6b0..49805fd16fdf 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -55,7 +55,7 @@ int kvm_check_cap(long cap) exit(KSFT_SKIP); ret = ioctl(kvm_fd, KVM_CHECK_EXTENSION, cap); - TEST_ASSERT(ret != -1, "KVM_CHECK_EXTENSION IOCTL failed,\n" + TEST_ASSERT(ret >= 0, "KVM_CHECK_EXTENSION IOCTL failed,\n" " rc: %i errno: %i", ret, errno); close(kvm_fd); -- 2.30.2

4 years

1
0
0 0

[PATCH AUTOSEL 5.12 31/39] KVM: selftests: Fix kvm_check_cap() assertion

by Sasha Levin

From: Fuad Tabba <tabba(a)google.com> [ Upstream commit d8ac05ea13d789d5491a5920d70a05659015441d ] KVM_CHECK_EXTENSION ioctl can return any negative value on error, and not necessarily -1. Change the assertion to reflect that. Signed-off-by: Fuad Tabba <tabba(a)google.com> Message-Id: <20210615150443.1183365-1-tabba(a)google.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/kvm/lib/kvm_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c index 2f0e4365f61b..8b90256bca96 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -58,7 +58,7 @@ int kvm_check_cap(long cap) exit(KSFT_SKIP); ret = ioctl(kvm_fd, KVM_CHECK_EXTENSION, cap); - TEST_ASSERT(ret != -1, "KVM_CHECK_EXTENSION IOCTL failed,\n" + TEST_ASSERT(ret >= 0, "KVM_CHECK_EXTENSION IOCTL failed,\n" " rc: %i errno: %i", ret, errno); close(kvm_fd); -- 2.30.2

4 years

1
0
0 0

[PATCH AUTOSEL 5.12 24/39] bpf, selftests: Adjust few selftest outcomes wrt unreachable code

by Sasha Levin

From: Daniel Borkmann <daniel(a)iogearbox.net> [ Upstream commit 973377ffe8148180b2651825b92ae91988141b05 ] In almost all cases from test_verifier that have been changed in here, we've had an unreachable path with a load from a register which has an invalid address on purpose. This was basically to make sure that we never walk this path and to have the verifier complain if it would otherwise. Change it to match on the right error for unprivileged given we now test these paths under speculative execution. There's one case where we match on exact # of insns_processed. Due to the extra path, this will of course mismatch on unprivileged. Thus, restrict the test->insn_processed check to privileged-only. In one other case, we result in a 'pointer comparison prohibited' error. This is similarly due to verifying an 'invalid' branch where we end up with a value pointer on one side of the comparison. Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Reviewed-by: John Fastabend <john.fastabend(a)gmail.com> Acked-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/test_verifier.c | 2 +- tools/testing/selftests/bpf/verifier/and.c | 2 ++ tools/testing/selftests/bpf/verifier/bounds.c | 14 ++++++++++++ .../selftests/bpf/verifier/dead_code.c | 2 ++ tools/testing/selftests/bpf/verifier/jmp32.c | 22 +++++++++++++++++++ tools/testing/selftests/bpf/verifier/jset.c | 10 +++++---- tools/testing/selftests/bpf/verifier/unpriv.c | 2 ++ .../selftests/bpf/verifier/value_ptr_arith.c | 7 +++--- 8 files changed, 53 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c index 58b5a349d3ba..ea3158b0d551 100644 --- a/tools/testing/selftests/bpf/test_verifier.c +++ b/tools/testing/selftests/bpf/test_verifier.c @@ -1147,7 +1147,7 @@ static void do_test_single(struct bpf_test *test, bool unpriv, } } - if (test->insn_processed) { + if (!unpriv && test->insn_processed) { uint32_t insn_processed; char *proc; diff --git a/tools/testing/selftests/bpf/verifier/and.c b/tools/testing/selftests/bpf/verifier/and.c index ca8fdb1b3f01..7d7ebee5cc7a 100644 --- a/tools/testing/selftests/bpf/verifier/and.c +++ b/tools/testing/selftests/bpf/verifier/and.c @@ -61,6 +61,8 @@ BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R1 !read_ok", + .result_unpriv = REJECT, .result = ACCEPT, .retval = 0 }, diff --git a/tools/testing/selftests/bpf/verifier/bounds.c b/tools/testing/selftests/bpf/verifier/bounds.c index 8a1caf46ffbc..e061e8799ce2 100644 --- a/tools/testing/selftests/bpf/verifier/bounds.c +++ b/tools/testing/selftests/bpf/verifier/bounds.c @@ -508,6 +508,8 @@ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, -1), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R0 invalid mem access 'inv'", + .result_unpriv = REJECT, .result = ACCEPT }, { @@ -528,6 +530,8 @@ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, -1), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R0 invalid mem access 'inv'", + .result_unpriv = REJECT, .result = ACCEPT }, { @@ -569,6 +573,8 @@ BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R0 min value is outside of the allowed memory range", + .result_unpriv = REJECT, .fixup_map_hash_8b = { 3 }, .result = ACCEPT, }, @@ -589,6 +595,8 @@ BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R0 min value is outside of the allowed memory range", + .result_unpriv = REJECT, .fixup_map_hash_8b = { 3 }, .result = ACCEPT, }, @@ -609,6 +617,8 @@ BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R0 min value is outside of the allowed memory range", + .result_unpriv = REJECT, .fixup_map_hash_8b = { 3 }, .result = ACCEPT, }, @@ -674,6 +684,8 @@ BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R0 min value is outside of the allowed memory range", + .result_unpriv = REJECT, .fixup_map_hash_8b = { 3 }, .result = ACCEPT, }, @@ -695,6 +707,8 @@ BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R0 min value is outside of the allowed memory range", + .result_unpriv = REJECT, .fixup_map_hash_8b = { 3 }, .result = ACCEPT, }, diff --git a/tools/testing/selftests/bpf/verifier/dead_code.c b/tools/testing/selftests/bpf/verifier/dead_code.c index 5cf361d8eb1c..721ec9391be5 100644 --- a/tools/testing/selftests/bpf/verifier/dead_code.c +++ b/tools/testing/selftests/bpf/verifier/dead_code.c @@ -8,6 +8,8 @@ BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 10, -4), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R9 !read_ok", + .result_unpriv = REJECT, .result = ACCEPT, .retval = 7, }, diff --git a/tools/testing/selftests/bpf/verifier/jmp32.c b/tools/testing/selftests/bpf/verifier/jmp32.c index bd5cae4a7f73..1c857b2fbdf0 100644 --- a/tools/testing/selftests/bpf/verifier/jmp32.c +++ b/tools/testing/selftests/bpf/verifier/jmp32.c @@ -87,6 +87,8 @@ BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R9 !read_ok", + .result_unpriv = REJECT, .result = ACCEPT, }, { @@ -150,6 +152,8 @@ BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R9 !read_ok", + .result_unpriv = REJECT, .result = ACCEPT, }, { @@ -213,6 +217,8 @@ BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R9 !read_ok", + .result_unpriv = REJECT, .result = ACCEPT, }, { @@ -280,6 +286,8 @@ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R0 invalid mem access 'inv'", + .result_unpriv = REJECT, .result = ACCEPT, .retval = 2, }, @@ -348,6 +356,8 @@ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R0 invalid mem access 'inv'", + .result_unpriv = REJECT, .result = ACCEPT, .retval = 2, }, @@ -416,6 +426,8 @@ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R0 invalid mem access 'inv'", + .result_unpriv = REJECT, .result = ACCEPT, .retval = 2, }, @@ -484,6 +496,8 @@ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R0 invalid mem access 'inv'", + .result_unpriv = REJECT, .result = ACCEPT, .retval = 2, }, @@ -552,6 +566,8 @@ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R0 invalid mem access 'inv'", + .result_unpriv = REJECT, .result = ACCEPT, .retval = 2, }, @@ -620,6 +636,8 @@ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R0 invalid mem access 'inv'", + .result_unpriv = REJECT, .result = ACCEPT, .retval = 2, }, @@ -688,6 +706,8 @@ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R0 invalid mem access 'inv'", + .result_unpriv = REJECT, .result = ACCEPT, .retval = 2, }, @@ -756,6 +776,8 @@ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R0 invalid mem access 'inv'", + .result_unpriv = REJECT, .result = ACCEPT, .retval = 2, }, diff --git a/tools/testing/selftests/bpf/verifier/jset.c b/tools/testing/selftests/bpf/verifier/jset.c index 8dcd4e0383d5..11fc68da735e 100644 --- a/tools/testing/selftests/bpf/verifier/jset.c +++ b/tools/testing/selftests/bpf/verifier/jset.c @@ -82,8 +82,8 @@ BPF_EXIT_INSN(), }, .prog_type = BPF_PROG_TYPE_SOCKET_FILTER, - .retval_unpriv = 1, - .result_unpriv = ACCEPT, + .errstr_unpriv = "R9 !read_ok", + .result_unpriv = REJECT, .retval = 1, .result = ACCEPT, }, @@ -141,7 +141,8 @@ BPF_EXIT_INSN(), }, .prog_type = BPF_PROG_TYPE_SOCKET_FILTER, - .result_unpriv = ACCEPT, + .errstr_unpriv = "R9 !read_ok", + .result_unpriv = REJECT, .result = ACCEPT, }, { @@ -162,6 +163,7 @@ BPF_EXIT_INSN(), }, .prog_type = BPF_PROG_TYPE_SOCKET_FILTER, - .result_unpriv = ACCEPT, + .errstr_unpriv = "R9 !read_ok", + .result_unpriv = REJECT, .result = ACCEPT, }, diff --git a/tools/testing/selftests/bpf/verifier/unpriv.c b/tools/testing/selftests/bpf/verifier/unpriv.c index bd436df5cc32..111801aea5e3 100644 --- a/tools/testing/selftests/bpf/verifier/unpriv.c +++ b/tools/testing/selftests/bpf/verifier/unpriv.c @@ -420,6 +420,8 @@ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0), BPF_EXIT_INSN(), }, + .errstr_unpriv = "R7 invalid mem access 'inv'", + .result_unpriv = REJECT, .result = ACCEPT, .retval = 0, }, diff --git a/tools/testing/selftests/bpf/verifier/value_ptr_arith.c b/tools/testing/selftests/bpf/verifier/value_ptr_arith.c index 7ae2859d495c..a3e593ddfafc 100644 --- a/tools/testing/selftests/bpf/verifier/value_ptr_arith.c +++ b/tools/testing/selftests/bpf/verifier/value_ptr_arith.c @@ -120,7 +120,7 @@ .fixup_map_array_48b = { 1 }, .result = ACCEPT, .result_unpriv = REJECT, - .errstr_unpriv = "R2 tried to add from different maps, paths or scalars", + .errstr_unpriv = "R2 pointer comparison prohibited", .retval = 0, }, { @@ -159,7 +159,8 @@ BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), // fake-dead code; targeted from branch A to - // prevent dead code sanitization + // prevent dead code sanitization, rejected + // via branch B however BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, 0), BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), @@ -167,7 +168,7 @@ .fixup_map_array_48b = { 1 }, .result = ACCEPT, .result_unpriv = REJECT, - .errstr_unpriv = "R2 tried to add from different maps, paths or scalars", + .errstr_unpriv = "R0 invalid mem access 'inv'", .retval = 0, }, { -- 2.30.2

4 years

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror