kvm test Makefile doesn't fully support cross-builds and installs.
UNAME_M = $(shell uname -m) variable is used to define the target
programs and libraries to be built from arch specific sources in
sub-directories.
For cross-builds to work, UNAME_M has to map to ARCH and arch specific
directories and targets in this Makefile.
UNAME_M variable to used to run the compiles pointing to the right arch
directories and build the right targets for these supported architectures.
TEST_GEN_PROGS and LIBKVM are set using UNAME_M variable.
LINUX_TOOL_ARCH_INCLUDE is set using ARCH variable.
x86_64 targets are named to include x86_64 as a suffix and directories
for includes are in x86_64 sub-directory. s390x and aarch64 follow the
same convention. "uname -m" doesn't result in the correct mapping for
s390x and aarch64. Fix it to set UNAME_M correctly for s390x and aarch64
cross-builds.
In addition, Makefile doesn't create arch sub-directories in the case of
relocatable builds and test programs under s390x and x86_64 directories
fail to build. This is a problem for native and cross-builds. Fix it to
create all necessary directories keying off of TEST_GEN_PROGS.
The following use-cases work with this change:
Native x86_64:
make O=/tmp/kselftest -C tools/testing/selftests TARGETS=kvm install \
INSTALL_PATH=$HOME/x86_64
arm64 cross-build:
make O=$HOME/arm64_build/ ARCH=arm64 HOSTCC=gcc \
CROSS_COMPILE=aarch64-linux-gnu- defconfig
make O=$HOME/arm64_build/ ARCH=arm64 HOSTCC=gcc \
CROSS_COMPILE=aarch64-linux-gnu- all
make kselftest-install TARGETS=kvm O=$HOME/arm64_build ARCH=arm64 \
HOSTCC=gcc CROSS_COMPILE=aarch64-linux-gnu-
s390x cross-build:
make O=$HOME/s390x_build/ ARCH=s390 HOSTCC=gcc \
CROSS_COMPILE=s390x-linux-gnu- defconfig
make O=$HOME/s390x_build/ ARCH=s390 HOSTCC=gcc \
CROSS_COMPILE=s390x-linux-gnu- all
make kselftest-install TARGETS=kvm O=$HOME/s390x_build/ ARCH=s390 \
HOSTCC=gcc CROSS_COMPILE=s390x-linux-gnu- all
No regressions in the following use-cases:
make -C tools/testing/selftests TARGETS=kvm
make kselftest-all TARGETS=kvm
Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org>
---
tools/testing/selftests/kvm/Makefile | 29 +++++++++++++++++++++++++++-
1 file changed, 28 insertions(+), 1 deletion(-)
diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile
index 712a2ddd2a27..b728c0a0f9b2 100644
--- a/tools/testing/selftests/kvm/Makefile
+++ b/tools/testing/selftests/kvm/Makefile
@@ -5,8 +5,34 @@ all:
top_srcdir = ../../../..
KSFT_KHDR_INSTALL := 1
+
+# For cross-builds to work, UNAME_M has to map to ARCH and arch specific
+# directories and targets in this Makefile. "uname -m" doesn't map to
+# arch specific sub-directory names.
+#
+# UNAME_M variable to used to run the compiles pointing to the right arch
+# directories and build the right targets for these supported architectures.
+#
+# TEST_GEN_PROGS and LIBKVM are set using UNAME_M variable.
+# LINUX_TOOL_ARCH_INCLUDE is set using ARCH variable.
+#
+# x86_64 targets are named to include x86_64 as a suffix and directories
+# for includes are in x86_64 sub-directory. s390x and aarch64 follow the
+# same convention. "uname -m" doesn't result in the correct mapping for
+# s390x and aarch64.
+#
+# No change necessary for x86_64
UNAME_M := $(shell uname -m)
+# Set UNAME_M for arm64 compile/install to work
+ifeq ($(ARCH),arm64)
+ UNAME_M := aarch64
+endif
+# Set UNAME_M s390x compile/install to work
+ifeq ($(ARCH),s390)
+ UNAME_M := s390x
+endif
+
LIBKVM = lib/assert.c lib/elf.c lib/io.c lib/kvm_util.c lib/sparsebit.c lib/test_util.c
LIBKVM_x86_64 = lib/x86_64/processor.c lib/x86_64/vmx.c lib/x86_64/svm.c lib/x86_64/ucall.c
LIBKVM_aarch64 = lib/aarch64/processor.c lib/aarch64/ucall.c
@@ -53,7 +79,7 @@ LIBKVM += $(LIBKVM_$(UNAME_M))
INSTALL_HDR_PATH = $(top_srcdir)/usr
LINUX_HDR_PATH = $(INSTALL_HDR_PATH)/include/
LINUX_TOOL_INCLUDE = $(top_srcdir)/tools/include
-LINUX_TOOL_ARCH_INCLUDE = $(top_srcdir)/tools/arch/x86/include
+LINUX_TOOL_ARCH_INCLUDE = $(top_srcdir)/tools/arch/$(ARCH)/include
CFLAGS += -Wall -Wstrict-prototypes -Wuninitialized -O2 -g -std=gnu99 \
-fno-stack-protector -fno-PIE -I$(LINUX_TOOL_INCLUDE) \
-I$(LINUX_TOOL_ARCH_INCLUDE) -I$(LINUX_HDR_PATH) -Iinclude \
@@ -84,6 +110,7 @@ $(LIBKVM_OBJ): $(OUTPUT)/%.o: %.c
$(OUTPUT)/libkvm.a: $(LIBKVM_OBJ)
$(AR) crs $@ $^
+x := $(shell mkdir -p $(sort $(dir $(TEST_GEN_PROGS))))
all: $(STATIC_LIBS)
$(TEST_GEN_PROGS): $(STATIC_LIBS)
--
2.20.1
Liu Yiding <liuyd.fnst(a)cn.fujitsu.com> wrote:
> Hi, all.
>
> Our team works on testing kernel commit and reporting regression.
>
> Tool selftests is important to us.
>
> Recently i enabled netfilter in out testing env, i met below failed
> subtests.
>
> ```
>
> "kernel-selftests.netfilter.nft_nat.sh.fail": [
> "kernel-selftests.netfilter.conntrack_icmp_related.sh.fail": [
> "kernel-selftests.netfilter.nft_flowtable.sh.fail": [
> "kernel-selftests.netfilter.nft_concat_range.sh.fail": [
>
> ```
>
> Our testing env:
>
>
> It looks that i missed some modules or i get wrong config of nftables. I had
> opend kconfig mentioned in netfilter/config.
Maybe its incomplete. From a quick glance, all of these should be on:
# CONFIG_NFT_OBJREF is not set
# CONFIG_NFT_NAT is not set
# CONFIG_NF_FLOW_TABLE is not set
# CONFIG_NF_TABLES_NETDEV is not set
Hi, Andrey.
I noticed you add test_sysctl to tools/bpf, so drop this problem to you.
When I run selftests: bpf: test_sysctl, failed with
"(test_sysctl.c:1490: errno: Permission denied) >>> Loading program
(./test_sysctl_prog.o) error."
Testing env: "Debian GNU/Linux 9 (stretch)"
kernel: 5.7.0-rc2 5.7.0-rc1 5.6 both failed
Whole run log and kconfig please see the attatchment.
Error info
```
root@vm-snb-42
/usr/src/perf_selftests-x86_64-rhel-7.6-kselftests-ae83d0b416db002fe95601e7f97f64b59514d936/tools/testing/selftests/bpf#
./test_sysctl
Test case: sysctl wrong attach_type .. [PASS]
Test case: sysctl:read allow all .. [PASS]
Test case: sysctl:read deny all .. [PASS]
[snip]
libbpf: -- END LOG --
libbpf: failed to load program 'cgroup/sysctl'
libbpf: failed to load object './test_sysctl_prog.o'
(test_sysctl.c:1490: errno: Permission denied) >>> Loading program
(./test_sysctl_prog.o) error.
Test case: C prog: read tcp_mem .. [FAIL]
Summary: 37 PASSED, 3 FAILED
```
--
Best Regards.
Ma Xinjian
It is possible to get multiple records from trace during test and then more
than 4 arguments are assigned to ARGS. This situation results in the failure
of kprobe_args_type.tc. For example:
-----------------------------------------------------------
grep testprobe trace
ftracetest-5902 [001] d... 111195.682227: testprobe: (_do_fork+0x0/0x460) arg1=334823024 arg2=334823024 arg3=0x13f4fe70 arg4=7
pmlogger-5949 [000] d... 111195.709898: testprobe: (_do_fork+0x0/0x460) arg1=345308784 arg2=345308784 arg3=0x1494fe70 arg4=7
grep testprobe trace
sed -e 's/.* arg1=\(.*\) arg2=\(.*\) arg3=\(.*\) arg4=\(.*\)/\1 \2 \3 \4/'
ARGS='334823024 334823024 0x13f4fe70 7
345308784 345308784 0x1494fe70 7'
-----------------------------------------------------------
We don't care which process calls do_fork so just check the first record to
fix the issue.
Signed-off-by: Xiao Yang <yangx.jy(a)cn.fujitsu.com>
---
.../testing/selftests/ftrace/test.d/kprobe/kprobe_args_type.tc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_type.tc b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_type.tc
index 1bcb67dcae26..81490ecaaa92 100644
--- a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_type.tc
+++ b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_type.tc
@@ -38,7 +38,7 @@ for width in 64 32 16 8; do
echo 0 > events/kprobes/testprobe/enable
: "Confirm the arguments is recorded in given types correctly"
- ARGS=`grep "testprobe" trace | sed -e 's/.* arg1=\(.*\) arg2=\(.*\) arg3=\(.*\) arg4=\(.*\)/\1 \2 \3 \4/'`
+ ARGS=`grep "testprobe" trace | head -n 1 | sed -e 's/.* arg1=\(.*\) arg2=\(.*\) arg3=\(.*\) arg4=\(.*\)/\1 \2 \3 \4/'`
check_types $ARGS $width
: "Clear event for next loop"
--
2.25.1
On Sat, Apr 18, 2020 at 11:28 PM Alan Maguire <alan.maguire(a)oracle.com> wrote:
>
>
> On Fri, 17 Apr 2020, David Gow wrote:
>
> > This patchset contains everything needed to integrate KASAN and KUnit.
> >
> > KUnit will be able to:
> > (1) Fail tests when an unexpected KASAN error occurs
> > (2) Pass tests when an expected KASAN error occurs
> >
> > Convert KASAN tests to KUnit with the exception of copy_user_test
> > because KUnit is unable to test those.
> >
>
> I tried building and running and things look good but I am
> still seeing the three failures I reported before, even with
> CONFIG_AMD_MEM_ENCRYPT not set. My config is attached if you
> want to try and reproduce at your end. Oddly this config was
> working before IIRC (once CONFIG_AMD_MEM_ENCRYPT was not set).
>
> Here's the failures:
>
> # kasan_memchr: EXPECTATION FAILED at lib/test_kasan.c:545
> Expected fail_data.report_expected == fail_data.report_found, but
> fail_data.report_expected == 1
> fail_data.report_found == 0
> not ok 31 - kasan_memchr
> # kasan_memcmp: EXPECTATION FAILED at lib/test_kasan.c:566
> Expected fail_data.report_expected == fail_data.report_found, but
> fail_data.report_expected == 1
> fail_data.report_found == 0
> not ok 32 - kasan_memcmp
I was able to reproduce these (along with a kasan_strings) failure,
and the cause seems to be some combination of __builtin functions
being inlined by the compiler and potentially dead code elimination,
as fixed by Daniel Axtens here:
https://lkml.org/lkml/2020/4/23/708
I've sent out v7 of the patchset[1], which I've rebased on top of
Daniel's patches, and can no longer reproduce those test failures with
your .config.
Cheers,
-- David
[1]: https://lkml.org/lkml/2020/4/24/80
Hi Andrii.
sorry to bother you again.
I run bpf: test_progs on debian 9, and failed with"Segmentation fault".
CONFIG_DEBUG_INFO_BTF was enabled in kconfig.
Testing env: "Debian GNU/Linux 9 (stretch)"
kernel: v5.7-rc2 v5.6 both failed
Whole run log and kconfig please see the attatchment.
Error info
```
root@vm-snb-42
/usr/src/perf_selftests-x86_64-rhel-7.6-kselftests-ae83d0b416db002fe95601e7f97f64b59514d936/tools/testing/selftests/bpf#
./test_progs
#1 attach_probe:OK
#2 bpf_obj_id:OK
#3/1 dctcp:OK
[snip]
libbpf: bpf_fentry_test1 is not found in vmlinux BTF
libbpf: failed to load object 'fentry_test'
libbpf: failed to load BPF skeleton 'fentry_test': -2
test_fentry_fexit:FAIL:fentry_skel_load fentry skeleton failed
#13 fentry_fexit:FAIL
libbpf: bpf_fentry_test1 is not found in vmlinux BTF
libbpf: failed to load object 'fentry_test'
libbpf: failed to load BPF skeleton 'fentry_test': -2
test_fentry_test:FAIL:fentry_skel_load fentry skeleton failed
#14 fentry_test:FAIL
#15 fexit_bpf2bpf:OK
libbpf: bpf_fentry_test1 is not found in vmlinux BTF
test_fexit_stress:FAIL:find_vmlinux_btf_id failed: -2
#16 fexit_stress:FAIL
libbpf: bpf_fentry_test1 is not found in vmlinux BTF
libbpf: failed to load object 'fexit_test'
libbpf: failed to load BPF skeleton 'fexit_test': -2
test_fexit_test:FAIL:fexit_skel_load fexit skeleton failed
#17 fexit_test:FAIL
#18 flow_dissector:OK
#19 flow_dissector_load_bytes:OK
#20 flow_dissector_reattach:OK
#21 get_stack_raw_tp:OK
#22 global_data:OK
#23 global_data_init:OK
test_kfree_skb:PASS:prog_load sched cls 0 nsec
libbpf: eth_type_trans is not found in vmlinux BTF
libbpf: failed to load object './kfree_skb.o'
test_kfree_skb:FAIL:prog_load raw tp err -22 errno 1
#24 kfree_skb:FAIL
#25 l4lb_all:OK
#26/1 pin_raw_tp:OK
#26/2 pin_tp_btf:OK
#26 link_pinning:OK
#27 map_lock:OK
Segmentation fault
```
--
Best Regards.
Ma Xinjian
Hi Andrii.
I noticed you add tools/testing/selftests/bpf/progs/test_btf_*, so drop
this problem to you.
I failed to run bpf: test_btf on debian9(stretch), hope you can give me
some suggestion.
Testing env: "Debian GNU/Linux 9 (stretch)"
kernel: 5.7.0-rc2 5.6 both failed
Description: run bpf: test_btf failed with ""Arg#0 type PTR in
test_long_fname_2() is not supported yet.""
Whole run log and kconfig please see the attatchment.
Error info
```
root@vm-snb-42
/usr/src/perf_selftests-x86_64-rhel-7.6-kselftests-ae83d0b416db002fe95601e7f97f64b59514d936/tools/testing/selftests/bpf#
./test_btf
BTF raw test[1] (struct test #1): OK
BTF raw test[2] (struct test #2): OK
BTF raw test[3] (struct test #3 Invalid member offset): OK
[snip]
BTF libbpf test[1] (test_btf_haskv.o): libbpf: load bpf program failed:
Invalid argument
libbpf: -- BEGIN DUMP LOG ---
libbpf:
Validating test_long_fname_2() func#1...
Arg#0 type PTR in test_long_fname_2() is not supported yet.
processed 0 insns (limit 1000000) max_states_per_insn 0 total_states 0
peak_states 0 mark_read 0
libbpf: -- END LOG --
libbpf: failed to load program 'dummy_tracepoint'
libbpf: failed to load object 'test_btf_haskv.o'
do_test_file:4201:FAIL bpf_object__load: -4007
BTF libbpf test[2] (test_btf_newkv.o): libbpf: load bpf program failed:
Invalid argument
libbpf: -- BEGIN DUMP LOG ---
libbpf:
Validating test_long_fname_2() func#1...
Arg#0 type PTR in test_long_fname_2() is not supported yet.
processed 0 insns (limit 1000000) max_states_per_insn 0 total_states 0
peak_states 0 mark_read 0
libbpf: -- END LOG --
libbpf: failed to load program 'dummy_tracepoint'
libbpf: failed to load object 'test_btf_newkv.o'
do_test_file:4201:FAIL bpf_object__load: -4007
BTF libbpf test[3] (test_btf_nokv.o): libbpf: load bpf program failed:
Invalid argument
libbpf: -- BEGIN DUMP LOG ---
libbpf:
Validating test_long_fname_2() func#1...
Arg#0 type PTR in test_long_fname_2() is not supported yet.
processed 0 insns (limit 1000000) max_states_per_insn 0 total_states 0
peak_states 0 mark_read 0
libbpf: -- END LOG --
libbpf: failed to load program 'dummy_tracepoint'
libbpf: failed to load object 'test_btf_nokv.o'
do_test_file:4201:FAIL bpf_object__load: -4007
[snip]
```
--
Best Regards.
Ma Xinjian
Hi Linus,
Please pull the following Kselftest update for Linux 5.7-rc3.
This kselftest update for Linux 5.7-rc3 consists of fixes to runner
scripts and individual test run-time bugs. Includes fixes to tpm2
and memfd test run-time regressions.
diff is attached.
thanks,
-- Shuah
----------------------------------------------------------------
The following changes since commit 8f3d9f354286745c751374f5f1fcafee6b3f3136:
Linux 5.7-rc1 (2020-04-12 12:35:55 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
tags/linux-kselftest-5.7-rc3
for you to fetch changes up to b87080eab4c1377706c113fc9c0157f19ea8fed1:
selftests/ipc: Fix test failure seen after initial test run
(2020-04-14 10:24:28 -0600)
----------------------------------------------------------------
linux-kselftest-5.7-rc3
This kselftest update for Linux 5.7-rc3 consists of fixes to runner
scripts and individual test run-time bugs. Includes fixes to tpm2
and memfd test run-time regressions.
----------------------------------------------------------------
Andrea Righi (1):
kselftest/runner: allow to properly deliver signals to tests
Colin Ian King (1):
selftests/harness: fix spelling mistake "SIGARLM" -> "SIGALRM"
Jarkko Sakkinen (1):
Revert "Kernel selftests: tpm2: check for tpm support"
Sandipan Das (2):
selftests: vm: Do not override definition of ARCH
selftests: vm: Fix 64-bit test builds for powerpc64le
Shuah Khan (1):
selftests: Fix memfd test run-time regression
Thadeu Lima de Souza Cascardo (1):
selftests/seccomp: allow clock_nanosleep instead of nanosleep
Tyler Hicks (1):
selftests/ipc: Fix test failure seen after initial test run
Xiao Yang (1):
selftests/ftrace: Add CONFIG_SAMPLE_FTRACE_DIRECT=m kconfig
tools/testing/selftests/ftrace/config | 1 +
tools/testing/selftests/ipc/msgque.c | 2 +-
tools/testing/selftests/kselftest/runner.sh | 2 +-
tools/testing/selftests/kselftest_harness.h | 6 +++---
tools/testing/selftests/memfd/Makefile | 3 ++-
tools/testing/selftests/seccomp/seccomp_bpf.c | 14 ++++++++------
tools/testing/selftests/tpm2/test_smoke.sh | 13 ++-----------
tools/testing/selftests/tpm2/test_space.sh | 9 +--------
tools/testing/selftests/vm/Makefile | 4 ++--
tools/testing/selftests/vm/run_vmtests | 2 +-
10 files changed, 22 insertions(+), 34 deletions(-)
----------------------------------------------------------------
In this workflow:
$ make ARCH=um defconfig && make ARCH=um -j8
[snip]
$ make ARCH=um mrproper
[snip]
$ make ARCH=um defconfig O=./build_um && make ARCH=um -j8 O=./build_um
[snip]
CC scripts/mod/empty.o
In file included from ../include/linux/types.h:6,
from ../include/linux/mod_devicetable.h:12,
from ../scripts/mod/devicetable-offsets.c:3:
../include/uapi/linux/types.h:5:10: fatal error: asm/types.h: No such file or directory
5 | #include <asm/types.h>
| ^~~~~~~~~~~~~
compilation terminated.
make[2]: *** [../scripts/Makefile.build:100: scripts/mod/devicetable-offsets.s] Error 1
make[2]: *** Waiting for unfinished jobs....
make[1]: *** [/home/iha/sdb/opensource/lkmp/linux-kselftest.git/Makefile:1140: prepare0] Error 2
make[1]: Leaving directory '/home/iha/sdb/opensource/lkmp/linux-kselftest.git/build_um'
make: *** [Makefile:180: sub-make] Error 2
The cause of the error was because arch/$(SUBARCH)/include/generated files
weren't properly cleaned by `make ARCH=um mrproper`.
Fixes: a788b2ed81ab ("kbuild: check arch/$(SRCARCH)/include/generated
before out-of-tree build").
Reported-by: Theodore Ts'o <tytso(a)mit.edu>
Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org>
Reviewed-by: Brendan Higgins <brendanhiggins(a)google.com>
Tested-by: Brendan Higgins <brendanhiggins(a)google.com>
Suggested-by: Masahiro Yamada <masahiroy(a)kernel.org>
Link: https://groups.google.com/forum/#!msg/kunit-dev/QmA27YEgEgI/hvS1kiz2CwAJ
---
v2:
* Explains what this PATCH does and the importance as suggested
by Brendan Higgins.
v3:
* This problem only affects ARCH=um builds then arch/um/Makefile has
been changed as suggested by Masahiro Yamada;
* And with that the description has also been changed, and also to explain
missing points and correct the tags as suggested by Masahiro Yamada:
- Fix missing command `make ARCH=um mrproper`;
- Add build error message;
- Add "Fixes" tag instead of "This bug was ...";
- Add "Link" tag instead of "Related bug ...";
- Add Reported-by and Suggested-by;
---
arch/um/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/um/Makefile b/arch/um/Makefile
index d2daa206872d..275f5ffdf6f0 100644
--- a/arch/um/Makefile
+++ b/arch/um/Makefile
@@ -140,6 +140,7 @@ export CFLAGS_vmlinux := $(LINK-y) $(LINK_WRAPS) $(LD_FLAGS_CMDLINE)
# When cleaning we don't include .config, so we don't include
# TT or skas makefiles and don't clean skas_ptregs.h.
CLEAN_FILES += linux x.i gmon.out
+MRPROPER_DIRS += arch/$(SUBARCH)/include/generated
archclean:
@find . \( -name '*.bb' -o -name '*.bbg' -o -name '*.da' \
--
2.25.1
Hi, Aleksa.
I met error "Operation not supported" when i ran selftests/openat2
```
# openat2 unexpectedly returned # -95 (Operation not supported)
not ok 106 openat2 with valid how.mode and O_TMPFILE succeeds
```
Is there any limits to run selftests/openat2?
Some info of my testing env.
```
root@vm-snb-79 ~# df -h
/usr/src/linux-selftests-x86_64-rhel-7.6-7111951b8d4973bda27ff663f2cf18b663d15b48/tools/testing/selftests/openat2
Filesystem Size Used Avail Use% Mounted on
none 0 0 0 - /
root@vm-snb-79 ~# uname -r
5.6.0-00335-g7111951b8d497
```
--
Best regards.
Liu Yiding
v3:
- use the quotes with correct format in the commit message of patch 4/4,
sorry for that
Tiezhu Yang (4):
selftests: kmod: Use variable NAME in kmod_test_0001()
kmod: Remove redundant "be an" in the comment
kmod: Return directly if module name is empty in request_module()
test_kmod: Avoid potential double free in trigger_config_run_type()
kernel/kmod.c | 10 +++++++---
lib/test_kmod.c | 2 +-
tools/testing/selftests/kmod/kmod.sh | 4 ++--
3 files changed, 10 insertions(+), 6 deletions(-)
--
2.1.0
This patchset contains everything needed to integrate KASAN and KUnit.
KUnit will be able to:
(1) Fail tests when an unexpected KASAN error occurs
(2) Pass tests when an expected KASAN error occurs
Convert KASAN tests to KUnit with the exception of copy_user_test
because KUnit is unable to test those.
Add documentation on how to run the KASAN tests with KUnit and what to
expect when running these tests.
Depends on "[PATCH v3 kunit-next 0/2] kunit: extend kunit resources
API" patchset [1]
Changes from v5:
- Split out the panic_on_warn changes to a separate patch.
- Fix documentation to fewer to the new Kconfig names.
- Fix some changes which were in the wrong patch.
- Rebase on top of kselftest/kunit (currently identical to 5.7-rc1)
Changes from v4:
- KASAN no longer will panic on errors if both panic_on_warn and
kasan_multishot are enabled.
- As a result, the KASAN tests will no-longer disable panic_on_warn.
- This also means panic_on_warn no-longer needs to be exported.
- The use of temporary "kasan_data" variables has been cleaned up
somewhat.
- A potential refcount/resource leak should multiple KASAN errors
appear during an assertion was fixed.
- Some wording changes to the KASAN test Kconfig entries.
Changes from v3:
- KUNIT_SET_KASAN_DATA and KUNIT_DO_EXPECT_KASAN_FAIL have been
combined and included in KUNIT_DO_EXPECT_KASAN_FAIL() instead.
- Reordered logic in kasan_update_kunit_status() in report.c to be
easier to read.
- Added comment to not use the name "kasan_data" for any kunit tests
outside of KUNIT_EXPECT_KASAN_FAIL().
Changes since v2:
- Due to Alan's changes in [1], KUnit can be built as a module.
- The name of the tests that could not be run with KUnit has been
changed to be more generic: test_kasan_module.
- Documentation on how to run the new KASAN tests and what to expect
when running them has been added.
- Some variables and functions are now static.
- Now save/restore panic_on_warn in a similar way to kasan_multi_shot
and renamed the init/exit functions to be more generic to accommodate.
- Due to [2] in kasan_strings, kasan_memchr, and
kasan_memcmp will fail if CONFIG_AMD_MEM_ENCRYPT is enabled so return
early and print message explaining this circumstance.
- Changed preprocessor checks to C checks where applicable.
Changes since v1:
- Make use of Alan Maguire's suggestion to use his patch that allows
static resources for integration instead of adding a new attribute to
the kunit struct
- All KUNIT_EXPECT_KASAN_FAIL statements are local to each test
- The definition of KUNIT_EXPECT_KASAN_FAIL is local to the
test_kasan.c file since it seems this is the only place this will
be used.
- Integration relies on KUnit being builtin
- copy_user_test has been separated into its own file since KUnit
is unable to test these. This can be run as a module just as before,
using CONFIG_TEST_KASAN_USER
- The addition to the current task has been separated into its own
patch as this is a significant enough change to be on its own.
[1] https://lore.kernel.org/linux-kselftest/1585313122-26441-1-git-send-email-a…
[2] https://bugzilla.kernel.org/show_bug.cgi?id=206337
David Gow (1):
mm: kasan: Do not panic if both panic_on_warn and kasan_multishot set
Patricia Alfonso (4):
Add KUnit Struct to Current Task
KUnit: KASAN Integration
KASAN: Port KASAN Tests to KUnit
KASAN: Testing Documentation
Documentation/dev-tools/kasan.rst | 70 +++
include/kunit/test.h | 5 +
include/linux/kasan.h | 6 +
include/linux/sched.h | 4 +
lib/Kconfig.kasan | 18 +-
lib/Makefile | 3 +-
lib/kunit/test.c | 13 +-
lib/test_kasan.c | 682 +++++++++++++-----------------
lib/test_kasan_module.c | 76 ++++
mm/kasan/report.c | 37 +-
10 files changed, 513 insertions(+), 401 deletions(-)
create mode 100644 lib/test_kasan_module.c
--
2.26.1.301.g55bc3eb7cb9-goog
This patch fixes an encoding bug in emit_stx for BPF_B when the source
register is BPF_REG_FP.
The current implementation for BPF_STX BPF_B in emit_stx saves one REX
byte when the operands can be encoded using Mod-R/M alone. The lower 8
bits of registers %rax, %rbx, %rcx, and %rdx can be accessed without using
a REX prefix via %al, %bl, %cl, and %dl, respectively. Other registers,
(e.g., %rsi, %rdi, %rbp, %rsp) require a REX prefix to use their 8-bit
equivalents (%sil, %dil, %bpl, %spl).
The current code checks if the source for BPF_STX BPF_B is BPF_REG_1
or BPF_REG_2 (which map to %rdi and %rsi), in which case it emits the
required REX prefix. However, it misses the case when the source is
BPF_REG_FP (mapped to %rbp).
The result is that BPF_STX BPF_B with BPF_REG_FP as the source operand
will read from register %ch instead of the correct %bpl. This patch fixes
the problem by fixing and refactoring the check on which registers need
the extra REX byte. Since no BPF registers map to %rsp, there is no need
to handle %spl.
Fixes: 622582786c9e0 ("net: filter: x86: internal BPF JIT")
Signed-off-by: Xi Wang <xi.wang(a)gmail.com>
Signed-off-by: Luke Nelson <luke.r.nels(a)gmail.com>
---
arch/x86/net/bpf_jit_comp.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
index 5ea7c2cf7ab4..42b6709e6dc7 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -158,6 +158,19 @@ static bool is_ereg(u32 reg)
BIT(BPF_REG_AX));
}
+/*
+ * is_ereg_8l() == true if BPF register 'reg' is mapped to access x86-64
+ * lower 8-bit registers dil,sil,bpl,spl,r8b..r15b, which need extra byte
+ * of encoding. al,cl,dl,bl have simpler encoding.
+ */
+static bool is_ereg_8l(u32 reg)
+{
+ return is_ereg(reg) ||
+ (1 << reg) & (BIT(BPF_REG_1) |
+ BIT(BPF_REG_2) |
+ BIT(BPF_REG_FP));
+}
+
static bool is_axreg(u32 reg)
{
return reg == BPF_REG_0;
@@ -598,9 +611,8 @@ static void emit_stx(u8 **pprog, u32 size, u32 dst_reg, u32 src_reg, int off)
switch (size) {
case BPF_B:
/* Emit 'mov byte ptr [rax + off], al' */
- if (is_ereg(dst_reg) || is_ereg(src_reg) ||
- /* We have to add extra byte for x86 SIL, DIL regs */
- src_reg == BPF_REG_1 || src_reg == BPF_REG_2)
+ if (is_ereg(dst_reg) || is_ereg_8l(src_reg))
+ /* Add extra byte for eregs or SIL,DIL,BPL in src_reg */
EMIT2(add_2mod(0x40, dst_reg, src_reg), 0x88);
else
EMIT1(0x88);
--
2.17.1
From: Heikki Krogerus <heikki.krogerus(a)linux.intel.com>
Previously, kobjects were released before the associated kobj_types;
this can cause a kobject deallocation to fail when the kobject has
children; an example of this is in software_node_unregister_nodes(); it
calls release on the parent before children meaning that children can be
released after the parent, which may be needed for removal.
So, take a reference to the parent before we delete a node to ensure
that the parent is not released before the children.
Reported-by: Naresh Kamboju <naresh.kamboju(a)linaro.org>
Fixes: 7589238a8cf3 ("Revert "software node: Simplify software_node_release() function"")
Link: https://lore.kernel.org/linux-kselftest/CAFd5g44s5NQvT8TG_x4rwbqoa7zWzkV0TX…
Co-developed-by: Brendan Higgins <brendanhiggins(a)google.com>
Signed-off-by: Brendan Higgins <brendanhiggins(a)google.com>
---
This patch is based on the diff written by Heikki linked above.
Heikki, can you either reply with a Signed-off-by? Otherwise, I can
resend with me as the author and I will list you as the Co-developed-by.
Sorry for all the CCs: I just want to make sure everyone who was a party
to the original bug sees this.
---
lib/kobject.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/kobject.c b/lib/kobject.c
index 83198cb37d8d..5921e2470b46 100644
--- a/lib/kobject.c
+++ b/lib/kobject.c
@@ -663,6 +663,7 @@ EXPORT_SYMBOL(kobject_get_unless_zero);
*/
static void kobject_cleanup(struct kobject *kobj)
{
+ struct kobject *parent = kobj->parent;
struct kobj_type *t = get_ktype(kobj);
const char *name = kobj->name;
@@ -680,6 +681,9 @@ static void kobject_cleanup(struct kobject *kobj)
kobject_uevent(kobj, KOBJ_REMOVE);
}
+ /* make sure the parent is not released before the (last) child */
+ kobject_get(parent);
+
/* remove from sysfs if the caller did not do it */
if (kobj->state_in_sysfs) {
pr_debug("kobject: '%s' (%p): auto cleanup kobject_del\n",
@@ -693,6 +697,8 @@ static void kobject_cleanup(struct kobject *kobj)
t->release(kobj);
}
+ kobject_put(parent);
+
/* free name if we allocated it */
if (name) {
pr_debug("kobject: '%s': free name\n", name);
base-commit: 8632e9b5645bbc2331d21d892b0d6961c1a08429
--
2.26.0.110.g2183baf09c-goog
From: Colin Ian King <colin.king(a)canonical.com>
There a are several spelling mistakes in various messages. Fix these.
There are three spelling mistakes in various messages. Fix these.
Signed-off-by: Colin Ian King <colin.king(a)canonical.com>
---
tools/testing/selftests/vm/khugepaged.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/tools/testing/selftests/vm/khugepaged.c b/tools/testing/selftests/vm/khugepaged.c
index 490055290d7f..399a67d54e52 100644
--- a/tools/testing/selftests/vm/khugepaged.c
+++ b/tools/testing/selftests/vm/khugepaged.c
@@ -537,7 +537,7 @@ static void collapse_max_ptes_none(void)
p = alloc_mapping();
fill_memory(p, 0, (hpage_pmd_nr - max_ptes_none - 1) * page_size);
- if (wait_for_scan("Do not collapse with max_ptes_none exeeded", p))
+ if (wait_for_scan("Do not collapse with max_ptes_none exceeded", p))
fail("Timeout");
else if (check_huge(p))
fail("Fail");
@@ -576,7 +576,7 @@ static void collapse_swapin_single_pte(void)
goto out;
}
- if (wait_for_scan("Collapse with swaping in single PTE entry", p))
+ if (wait_for_scan("Collapse with swapping in single PTE entry", p))
fail("Timeout");
else if (check_huge(p))
success("OK");
@@ -607,7 +607,7 @@ static void collapse_max_ptes_swap(void)
goto out;
}
- if (wait_for_scan("Do not collapse with max_ptes_swap exeeded", p))
+ if (wait_for_scan("Do not collapse with max_ptes_swap exceeded", p))
fail("Timeout");
else if (check_huge(p))
fail("Fail");
@@ -654,14 +654,14 @@ static void collapse_single_pte_entry_compound(void)
fail("Fail");
madvise(p, hpage_pmd_size, MADV_NOHUGEPAGE);
- printf("Split huge page leaving single PTE mapping compount page...");
+ printf("Split huge page leaving single PTE mapping compound page...");
madvise(p + page_size, hpage_pmd_size - page_size, MADV_DONTNEED);
if (!check_huge(p))
success("OK");
else
fail("Fail");
- if (wait_for_scan("Collapse PTE table with single PTE mapping compount page", p))
+ if (wait_for_scan("Collapse PTE table with single PTE mapping compound page", p))
fail("Timeout");
else if (check_huge(p))
success("OK");
@@ -685,7 +685,7 @@ static void collapse_full_of_compound(void)
else
fail("Fail");
- printf("Split huge page leaving single PTE page table full of compount pages...");
+ printf("Split huge page leaving single PTE page table full of compound pages...");
madvise(p, page_size, MADV_NOHUGEPAGE);
madvise(p, hpage_pmd_size, MADV_NOHUGEPAGE);
if (!check_huge(p))
@@ -908,7 +908,7 @@ static void collapse_max_ptes_shared()
else
fail("Fail");
- if (wait_for_scan("Do not collapse with max_ptes_shared exeeded", p))
+ if (wait_for_scan("Do not collapse with max_ptes_shared exceeded", p))
fail("Timeout");
else if (!check_huge(p))
success("OK");
--
2.25.1
This series adds basic self tests for HMM and are intended for Jason
Gunthorpe's rdma tree since I believe he is planning to make some HMM
related changes that this can help test.
Changes v8 -> v9:
Rebased to linux-5.7.0-rc1.
Moved include/uapi/linux/test_hmm.h to lib/test_hmm_uapi.h
Added calls to release_mem_region() to free device private addresses
Applied Jason's suggested changes for v8.
Added a check for no VMA read access before migrating to device private
memory.
Changes v7 -> v8:
Rebased to Jason's rdma/hmm tree, plus Jason's 6 patch series
"Small hmm_range_fault() cleanups".
Applied a number of changes from Jason's comments.
Changes v6 -> v7:
Rebased to linux-5.6.0-rc6
Reverted back to just using mmu_interval_notifier_insert() and making
this series only introduce HMM self tests.
Changes v5 -> v6:
Rebased to linux-5.5.0-rc6
Refactored mmu interval notifier patches
Converted nouveau to use the new mmu interval notifier API
Changes v4 -> v5:
Added mmu interval notifier insert/remove/update callable from the
invalidate() callback
Updated HMM tests to use the new core interval notifier API
Changes v1 -> v4:
https://lore.kernel.org/linux-mm/20191104222141.5173-1-rcampbell@nvidia.com
Ralph Campbell (3):
mm/hmm/test: add selftest driver for HMM
mm/hmm/test: add selftests for HMM
MAINTAINERS: add HMM selftests
MAINTAINERS | 3 +
lib/Kconfig.debug | 13 +
lib/Makefile | 1 +
lib/test_hmm.c | 1175 ++++++++++++++++++++
lib/test_hmm_uapi.h | 59 +
tools/testing/selftests/vm/.gitignore | 1 +
tools/testing/selftests/vm/Makefile | 3 +
tools/testing/selftests/vm/config | 2 +
tools/testing/selftests/vm/hmm-tests.c | 1359 ++++++++++++++++++++++++
tools/testing/selftests/vm/run_vmtests | 16 +
tools/testing/selftests/vm/test_hmm.sh | 97 ++
11 files changed, 2729 insertions(+)
create mode 100644 lib/test_hmm.c
create mode 100644 lib/test_hmm_uapi.h
create mode 100644 tools/testing/selftests/vm/hmm-tests.c
create mode 100755 tools/testing/selftests/vm/test_hmm.sh
--
2.25.2
Hello Brendan Higgins,
The patch 5f3e06208920: "kunit: test: add support for test abort"
from Sep 23, 2019, leads to the following static checker warning:
lib/kunit/try-catch.c:93 kunit_try_catch_run()
misplaced newline? ' # %s: Unknown error: %d
lib/kunit/try-catch.c
58 void kunit_try_catch_run(struct kunit_try_catch *try_catch, void *context)
59 {
60 DECLARE_COMPLETION_ONSTACK(try_completion);
61 struct kunit *test = try_catch->test;
62 struct task_struct *task_struct;
63 int exit_code, time_remaining;
64
65 try_catch->context = context;
66 try_catch->try_completion = &try_completion;
67 try_catch->try_result = 0;
68 task_struct = kthread_run(kunit_generic_run_threadfn_adapter,
69 try_catch,
70 "kunit_try_catch_thread");
71 if (IS_ERR(task_struct)) {
72 try_catch->catch(try_catch->context);
73 return;
74 }
75
76 time_remaining = wait_for_completion_timeout(&try_completion,
77 kunit_test_timeout());
78 if (time_remaining == 0) {
79 kunit_err(test, "try timed out\n");
^^
The kunit_log() macro adds its own newline. Most of the callers add
a newline. It should be the callers add a newline because that's how
everything else works in the kernel.
The dev_printk() stuff will sometimes add a newline, but never a
duplicate newline. In other words, it's slightly complicated. But
basically the caller should add a newline.
80 try_catch->try_result = -ETIMEDOUT;
81 }
82
83 exit_code = try_catch->try_result;
84
85 if (!exit_code)
86 return;
87
88 if (exit_code == -EFAULT)
89 try_catch->try_result = 0;
90 else if (exit_code == -EINTR)
91 kunit_err(test, "wake_up_process() was never called\n");
^^
92 else if (exit_code)
93 kunit_err(test, "Unknown error: %d\n", exit_code);
^^
94
95 try_catch->catch(try_catch->context);
96 }
regards,
dan carpenter
> It should set config->test_fs instead of config->test_driver as NULL
> after kfree_const(config->test_fs) to avoid potential double free.
I suggest to improve this change description.
* How do you think about a wording variant like the following?
Reset the member “test_fs” of the test configuration after a call
of the function “kfree_const” to a null pointer so that a double
memory release will not be performed.
* Would you like to add the tag “Fixes”?
Regards,
Markus
From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org>
[ Upstream commit b43e78f65b1d35fd3e13c7b23f9b64ea83c9ad3a ]
As the ftrace selftests can run for a long period of time, disable the
timeout that the general selftests have. If a selftest hangs, then it
probably means the machine will hang too.
Link: https://lore.kernel.org/r/alpine.LSU.2.21.1911131604170.18679@pobox.suse.cz
Suggested-by: Miroslav Benes <mbenes(a)suse.cz>
Tested-by: Miroslav Benes <mbenes(a)suse.cz>
Reviewed-by: Miroslav Benes <mbenes(a)suse.cz>
Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
tools/testing/selftests/ftrace/settings | 1 +
1 file changed, 1 insertion(+)
create mode 100644 tools/testing/selftests/ftrace/settings
diff --git a/tools/testing/selftests/ftrace/settings b/tools/testing/selftests/ftrace/settings
new file mode 100644
index 0000000000000..e7b9417537fbc
--- /dev/null
+++ b/tools/testing/selftests/ftrace/settings
@@ -0,0 +1 @@
+timeout=0
--
2.20.1
From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org>
[ Upstream commit b43e78f65b1d35fd3e13c7b23f9b64ea83c9ad3a ]
As the ftrace selftests can run for a long period of time, disable the
timeout that the general selftests have. If a selftest hangs, then it
probably means the machine will hang too.
Link: https://lore.kernel.org/r/alpine.LSU.2.21.1911131604170.18679@pobox.suse.cz
Suggested-by: Miroslav Benes <mbenes(a)suse.cz>
Tested-by: Miroslav Benes <mbenes(a)suse.cz>
Reviewed-by: Miroslav Benes <mbenes(a)suse.cz>
Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
tools/testing/selftests/ftrace/settings | 1 +
1 file changed, 1 insertion(+)
create mode 100644 tools/testing/selftests/ftrace/settings
diff --git a/tools/testing/selftests/ftrace/settings b/tools/testing/selftests/ftrace/settings
new file mode 100644
index 0000000000000..e7b9417537fbc
--- /dev/null
+++ b/tools/testing/selftests/ftrace/settings
@@ -0,0 +1 @@
+timeout=0
--
2.20.1
Hi,
My name is felix. I have a quick and easy business offer that
will benefit us both immensely. The amount involved is over 9.4
Milli0n in US d0llars.
I await your immediate reply so that I can give full details.
Rgds
Felix
This introduces a test case to check memory slots with overlapped
regions on the guest address cannot be added. The cases checked
are described in the block comment upon test_overlap_memory_regions()
(see the patch 01).
I didn't see the need to calcute the addresses on compile/run-time, so I
just left them hard-coded (remember: aligned 1M to work on s390x).
It works on x86_64, aarch64, and s390x.
The patch is based on queue branch.
Ah, I did some cosmetic changes on test_add_max_memory_regions() too. If
it is not OK to be in a single patch...let me know.
Wainer dos Santos Moschetta (1):
selftests: kvm: Add overlapped memory regions test
.../selftests/kvm/set_memory_region_test.c | 75 ++++++++++++++++++-
1 file changed, 74 insertions(+), 1 deletion(-)
--
2.17.2
Hi,
This new patch series brings some improvements while simplifying the
code, fixes some bugs and adds more tests:
Use a bitfield of layers to properly manage superset and subset of
access rights, whatever their order in the stack of layers [1].
Allow to open pipes and similar special files through /proc/self/fd, as
well as internal filesystems such as nsfs through /proc/self/ns, because
disconnected path cannot be evaluated. Such special filesystems could
be handled with a future evolution.
For the sake of simplicity, forbid reparenting when linking or renaming
to protect against possible privilege escalation. This could happen by
changing the hierarchy of a file or directory in relation to an enforced
access policy (from the set of layers). This will be relaxed in the
future with more complex code.
Rename the unlink and rmdir access rights to a more generic ones:
remove_dir and remove_file. Indeed it makes sense to also use them for
the action of renaming a file or a directory, which may lead to the
removal of the source file or directory. Replace the link_to,
rename_from and rename_to access rights with remove_file, remove_dir and
make_* .
Add multiple tests to check semantic, and improve test coverage for
security/landlock to 94.1% of lines (best possible with deterministic
user space tests).
Add current limitations to documentation: file renaming and linking,
OverlayFS and special filesystems (e.g. nsfs).
The previously identified memory accounting limitation can already be
solved with the (kernel) Memory Resource Controller from cgroup.
The SLOC count is 1267 for security/landlock/ and 1643 for
tools/testing/selftest/landlock/ .
The compiled documentation is available here:
https://landlock.io/linux-doc/landlock-v16/security/landlock/index.html
This series can be applied on top of v5.7-rc1. This can be tested with
CONFIG_SECURITY_LANDLOCK and CONFIG_SAMPLE_LANDLOCK. This patch series
can be found in a Git repository here:
https://github.com/landlock-lsm/linux/commits/landlock-v16
I would really appreciate constructive comments on this patch series.
# Landlock LSM
The goal of Landlock is to enable to restrict ambient rights (e.g.
global filesystem access) for a set of processes. Because Landlock is a
stackable LSM [2], it makes possible to create safe security sandboxes
as new security layers in addition to the existing system-wide
access-controls. This kind of sandbox is expected to help mitigate the
security impact of bugs or unexpected/malicious behaviors in user-space
applications. Landlock empowers any process, including unprivileged
ones, to securely restrict themselves.
Landlock is inspired by seccomp-bpf but instead of filtering syscalls
and their raw arguments, a Landlock rule can restrict the use of kernel
objects like file hierarchies, according to the kernel semantic.
Landlock also takes inspiration from other OS sandbox mechanisms: XNU
Sandbox, FreeBSD Capsicum or OpenBSD Pledge/Unveil.
Previous version:
https://lore.kernel.org/lkml/20200326202731.693608-1-mic@digikod.net/
[1] https://lore.kernel.org/lkml/e07fe473-1801-01cc-12ae-b3167f95250e@digikod.n…
[2] https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler…
Regards,
Mickaël Salaün (10):
landlock: Add object management
landlock: Add ruleset and domain management
landlock: Set up the security framework and manage credentials
landlock: Add ptrace restrictions
fs,landlock: Support filesystem access-control
landlock: Add syscall implementation
arch: Wire up landlock() syscall
selftests/landlock: Add initial tests
samples/landlock: Add a sandbox manager example
landlock: Add user and kernel documentation
Documentation/security/index.rst | 1 +
Documentation/security/landlock/index.rst | 18 +
Documentation/security/landlock/kernel.rst | 69 +
Documentation/security/landlock/user.rst | 268 +++
MAINTAINERS | 12 +
arch/alpha/kernel/syscalls/syscall.tbl | 1 +
arch/arm/tools/syscall.tbl | 1 +
arch/arm64/include/asm/unistd.h | 2 +-
arch/arm64/include/asm/unistd32.h | 2 +
arch/ia64/kernel/syscalls/syscall.tbl | 1 +
arch/m68k/kernel/syscalls/syscall.tbl | 1 +
arch/microblaze/kernel/syscalls/syscall.tbl | 1 +
arch/mips/kernel/syscalls/syscall_n32.tbl | 1 +
arch/mips/kernel/syscalls/syscall_n64.tbl | 1 +
arch/mips/kernel/syscalls/syscall_o32.tbl | 1 +
arch/parisc/kernel/syscalls/syscall.tbl | 1 +
arch/powerpc/kernel/syscalls/syscall.tbl | 1 +
arch/s390/kernel/syscalls/syscall.tbl | 1 +
arch/sh/kernel/syscalls/syscall.tbl | 1 +
arch/sparc/kernel/syscalls/syscall.tbl | 1 +
arch/x86/entry/syscalls/syscall_32.tbl | 1 +
arch/x86/entry/syscalls/syscall_64.tbl | 1 +
arch/xtensa/kernel/syscalls/syscall.tbl | 1 +
fs/super.c | 2 +
include/linux/fs.h | 5 +
include/linux/landlock.h | 22 +
include/linux/syscalls.h | 3 +
include/uapi/asm-generic/unistd.h | 4 +-
include/uapi/linux/landlock.h | 296 +++
kernel/sys_ni.c | 3 +
samples/Kconfig | 7 +
samples/Makefile | 1 +
samples/landlock/.gitignore | 1 +
samples/landlock/Makefile | 15 +
samples/landlock/sandboxer.c | 228 +++
security/Kconfig | 11 +-
security/Makefile | 2 +
security/landlock/Kconfig | 18 +
security/landlock/Makefile | 4 +
security/landlock/common.h | 20 +
security/landlock/cred.c | 46 +
security/landlock/cred.h | 58 +
security/landlock/fs.c | 601 ++++++
security/landlock/fs.h | 42 +
security/landlock/object.c | 66 +
security/landlock/object.h | 91 +
security/landlock/ptrace.c | 120 ++
security/landlock/ptrace.h | 14 +
security/landlock/ruleset.c | 344 ++++
security/landlock/ruleset.h | 161 ++
security/landlock/setup.c | 39 +
security/landlock/setup.h | 18 +
security/landlock/syscall.c | 501 +++++
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/landlock/.gitignore | 4 +
tools/testing/selftests/landlock/Makefile | 29 +
tools/testing/selftests/landlock/common.h | 42 +
tools/testing/selftests/landlock/config | 5 +
tools/testing/selftests/landlock/test_base.c | 156 ++
tools/testing/selftests/landlock/test_fs.c | 1696 +++++++++++++++++
.../testing/selftests/landlock/test_ptrace.c | 291 +++
tools/testing/selftests/landlock/true.c | 5 +
62 files changed, 5353 insertions(+), 7 deletions(-)
create mode 100644 Documentation/security/landlock/index.rst
create mode 100644 Documentation/security/landlock/kernel.rst
create mode 100644 Documentation/security/landlock/user.rst
create mode 100644 include/linux/landlock.h
create mode 100644 include/uapi/linux/landlock.h
create mode 100644 samples/landlock/.gitignore
create mode 100644 samples/landlock/Makefile
create mode 100644 samples/landlock/sandboxer.c
create mode 100644 security/landlock/Kconfig
create mode 100644 security/landlock/Makefile
create mode 100644 security/landlock/common.h
create mode 100644 security/landlock/cred.c
create mode 100644 security/landlock/cred.h
create mode 100644 security/landlock/fs.c
create mode 100644 security/landlock/fs.h
create mode 100644 security/landlock/object.c
create mode 100644 security/landlock/object.h
create mode 100644 security/landlock/ptrace.c
create mode 100644 security/landlock/ptrace.h
create mode 100644 security/landlock/ruleset.c
create mode 100644 security/landlock/ruleset.h
create mode 100644 security/landlock/setup.c
create mode 100644 security/landlock/setup.h
create mode 100644 security/landlock/syscall.c
create mode 100644 tools/testing/selftests/landlock/.gitignore
create mode 100644 tools/testing/selftests/landlock/Makefile
create mode 100644 tools/testing/selftests/landlock/common.h
create mode 100644 tools/testing/selftests/landlock/config
create mode 100644 tools/testing/selftests/landlock/test_base.c
create mode 100644 tools/testing/selftests/landlock/test_fs.c
create mode 100644 tools/testing/selftests/landlock/test_ptrace.c
create mode 100644 tools/testing/selftests/landlock/true.c
--
2.26.1
This patchset contains everything needed to integrate KASAN and KUnit.
KUnit will be able to:
(1) Fail tests when an unexpected KASAN error occurs
(2) Pass tests when an expected KASAN error occurs
Convert KASAN tests to KUnit with the exception of copy_user_test
because KUnit is unable to test those.
Add documentation on how to run the KASAN tests with KUnit and what to
expect when running these tests.
Depends on "[PATCH v3 kunit-next 0/2] kunit: extend kunit resources
API" patchset [1]
Changes from v4:
- KASAN no longer will panic on errors if both panic_on_warn and
kasan_multishot are enabled.
- As a result, the KASAN tests will no-longer disable panic_on_warn.
- This also means panic_on_warn no-longer needs to be exported.
- The use of temporary "kasan_data" variables has been cleaned up
somewhat.
- A potential refcount/resource leak should multiple KASAN errors
appear during an assertion was fixed.
- Some wording changes to the KASAN test Kconfig entries.
Changes from v3:
- KUNIT_SET_KASAN_DATA and KUNIT_DO_EXPECT_KASAN_FAIL have been
combined and included in KUNIT_DO_EXPECT_KASAN_FAIL() instead.
- Reordered logic in kasan_update_kunit_status() in report.c to be
easier to read.
- Added comment to not use the name "kasan_data" for any kunit tests
outside of KUNIT_EXPECT_KASAN_FAIL().
Changes since v2:
- Due to Alan's changes in [1], KUnit can be built as a module.
- The name of the tests that could not be run with KUnit has been
changed to be more generic: test_kasan_module.
- Documentation on how to run the new KASAN tests and what to expect
when running them has been added.
- Some variables and functions are now static.
- Now save/restore panic_on_warn in a similar way to kasan_multi_shot
and renamed the init/exit functions to be more generic to accommodate.
- Due to [2] in kasan_strings, kasan_memchr, and
kasan_memcmp will fail if CONFIG_AMD_MEM_ENCRYPT is enabled so return
early and print message explaining this circumstance.
- Changed preprocessor checks to C checks where applicable.
Changes since v1:
- Make use of Alan Maguire's suggestion to use his patch that allows
static resources for integration instead of adding a new attribute to
the kunit struct
- All KUNIT_EXPECT_KASAN_FAIL statements are local to each test
- The definition of KUNIT_EXPECT_KASAN_FAIL is local to the
test_kasan.c file since it seems this is the only place this will
be used.
- Integration relies on KUnit being builtin
- copy_user_test has been separated into its own file since KUnit
is unable to test these. This can be run as a module just as before,
using CONFIG_TEST_KASAN_USER
- The addition to the current task has been separated into its own
patch as this is a significant enough change to be on its own.
[1] https://lore.kernel.org/linux-kselftest/1585313122-26441-1-git-send-email-a…
[2] https://bugzilla.kernel.org/show_bug.cgi?id=206337
Patricia Alfonso (4):
Add KUnit Struct to Current Task
KUnit: KASAN Integration
KASAN: Port KASAN Tests to KUnit
KASAN: Testing Documentation
Documentation/dev-tools/kasan.rst | 70 ++++
include/kunit/test.h | 5 +
include/linux/kasan.h | 6 +
include/linux/sched.h | 4 +
lib/Kconfig.kasan | 18 +-
lib/Makefile | 3 +-
lib/kunit/test.c | 13 +-
lib/test_kasan.c | 668 +++++++++++++-----------------
lib/test_kasan_module.c | 76 ++++
mm/kasan/report.c | 34 +-
10 files changed, 504 insertions(+), 393 deletions(-)
create mode 100644 lib/test_kasan_module.c
--
2.26.0.110.g2183baf09c-goog