- Linux-kselftest-mirror - lists.linaro.org

[PATCH v1] kunit: tool: fix --alltests flag

by Brendan Higgins

Alltests flag evidently stopped working when run from outside of the root of the source tree, so fix that. Also add an additional broken config to the broken_on_uml config. Signed-off-by: Brendan Higgins <brendanhiggins(a)google.com> --- tools/testing/kunit/configs/broken_on_uml.config | 1 + tools/testing/kunit/kunit_kernel.py | 15 ++++++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/tools/testing/kunit/configs/broken_on_uml.config b/tools/testing/kunit/configs/broken_on_uml.config index 239b9f03da2c..a7f0603d33f6 100644 --- a/tools/testing/kunit/configs/broken_on_uml.config +++ b/tools/testing/kunit/configs/broken_on_uml.config @@ -39,3 +39,4 @@ # CONFIG_QCOM_CPR is not set # CONFIG_RESET_BRCMSTB_RESCAL is not set # CONFIG_RESET_INTEL_GW is not set +# CONFIG_ADI_AXI_ADC is not set diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py index e20e2056cb38..1b1826500f61 100644 --- a/tools/testing/kunit/kunit_kernel.py +++ b/tools/testing/kunit/kunit_kernel.py @@ -53,18 +53,23 @@ class LinuxSourceTreeOperations(object): except subprocess.CalledProcessError as e: raise ConfigError(e.output) - def make_allyesconfig(self): + def make_allyesconfig(self, build_dir, make_options): kunit_parser.print_with_timestamp( 'Enabling all CONFIGs for UML...') + command = ['make', 'ARCH=um', 'allyesconfig'] + if make_options: + command.extend(make_options) + if build_dir: + command += ['O=' + build_dir] process = subprocess.Popen( - ['make', 'ARCH=um', 'allyesconfig'], + command, stdout=subprocess.DEVNULL, stderr=subprocess.STDOUT) process.wait() kunit_parser.print_with_timestamp( 'Disabling broken configs to run KUnit tests...') with ExitStack() as es: - config = open(KCONFIG_PATH, 'a') + config = open(get_kconfig_path(build_dir), 'a') disable = open(BROKEN_ALLCONFIG_PATH, 'r').read() config.write(disable) kunit_parser.print_with_timestamp( @@ -161,9 +166,9 @@ class LinuxSourceTree(object): return self.build_config(build_dir, make_options) def build_um_kernel(self, alltests, jobs, build_dir, make_options): - if alltests: - self._ops.make_allyesconfig() try: + if alltests: + self._ops.make_allyesconfig(build_dir, make_options) self._ops.make_olddefconfig(build_dir, make_options) self._ops.make(jobs, build_dir, make_options) except (ConfigError, BuildError) as e: base-commit: 92a2b470086f68bf35eb9f94b6cb5ebdfac41b25 -- 2.28.0.681.g6f77f65b4e-goog

5 years, 1 month

2
1
0 0

BUG: kernel NULL pointer dereference, address: trace_event_raw_event_sched_switch

by Naresh Kamboju

While running kselftest ftracetest on i386 the kernel crash reported on linux next tag 5.9.0-rc5-next-20200921. Good news is that this crash is not seen on today's linux next tag 20200923. metadata: git branch: master git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git git describe: next-20200921 make_kernelversion: 5.9.0-rc5 kernel-config: http://snapshots.linaro.org/openembedded/lkft/lkft/sumo/intel-core2-32/lkft… Reproduce steps: - cd /opt/kselftests/default-in-kernel/ftrace - ./ftracetest crash log, -------------- [ 366.934246] BUG: kernel NULL pointer dereference, address: 00000024 [ 366.940528] #PF: supervisor read access in kernel mode [ 366.945683] #PF: error_code(0x0000) - not-present page [ 366.950828] *pde = 00000000 [ 366.953717] Oops: 0000 [#1] SMP [ 366.956862] CPU: 2 PID: 0 Comm: swapper/2 Tainted: G W 5.9.0-rc5-next-20200921 #1 [ 366.965639] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.0b 07/27/2017 [ 366.973119] EIP: trace_event_raw_event_sched_switch+0x10/0x180 [ 366.978950] Code: 08 5b 5e 5f 5d c3 8d 74 26 00 31 c0 eb e4 e8 07 42 dd 00 8d b4 26 00 00 00 00 55 89 e5 57 56 53 89 c6 89 cf 83 ec 28 8b 45 08 <8b> 5e 24 89 55 cc 89 45 d0 65 a1 14 00 00 00 89 45 f0 31 c0 f6 c7 [ 366.997687] EAX: f5582480 EBX: f5582480 ECX: f5585b40 EDX: 00000000 [ 367.003945] ESI: 00000000 EDI: f5585b40 EBP: f5593f20 ESP: f5593eec [ 367.010203] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210092 [ 367.016978] CR0: 80050033 CR2: 00000024 CR3: 0bfbc000 CR4: 003506d0 [ 367.023236] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 367.029495] DR6: fffe0ff0 DR7: 00000400 [ 367.033323] Call Trace: [ 367.035771] ? cpu_cgroup_can_attach+0x90/0x90 [ 367.040215] ? exc_general_protection+0x280/0x280 [ 367.044922] __schedule+0x4dc/0xa90 [ 367.048415] schedule_idle+0x1c/0x40 [ 367.051993] do_idle+0x185/0x2a0 [ 367.055226] cpu_startup_entry+0x25/0x30 [ 367.059142] start_secondary+0x106/0x140 [ 367.063061] startup_32_smp+0x164/0x168 [ 367.066902] Modules linked in: sch_fq 8021q iptable_filter xt_mark ip_tables cls_bpf veth algif_hash x86_pkg_temp_thermal fuse [last unloaded: test_bpf] [ 367.080550] CR2: 0000000000000024 [ 367.083871] ---[ end trace 41a54e0211ae9de1 ]--- [ 367.083872] BUG: kernel NULL pointer dereference, address: 00000024 [ 367.083873] #PF: supervisor read access in kernel mode [ 367.088489] EIP: trace_event_raw_event_sched_switch+0x10/0x180 [ 367.094743] #PF: error_code(0x0000) - not-present page [ 367.094744] *pde = 00000000 [ 367.099877] Code: 08 5b 5e 5f 5d c3 8d 74 26 00 31 c0 eb e4 e8 07 42 dd 00 8d b4 26 00 00 00 00 55 89 e5 57 56 53 89 c6 89 cf 83 ec 28 8b 45 08 <8b> 5e 24 89 55 cc 89 45 d0 65 a1 14 00 00 00 89 45 f0 31 c0 f6 c7 [ 367.099878] EAX: f5582480 EBX: f5582480 ECX: f5585b40 EDX: 00000000 [ 367.105709] [ 367.105710] Oops: 0000 [#2] SMP [ 367.110846] ESI: 00000000 EDI: f5585b40 EBP: f5593f20 ESP: f5593eec [ 367.110847] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210092 [ 367.113725] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G D W 5.9.0-rc5-next-20200921 #1 [ 367.132462] CR0: 80050033 CR2: 00000024 CR3: 0bfbc000 CR4: 003506d0 [ 367.132463] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 367.138718] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.0b 07/27/2017 [ 367.138720] EIP: trace_event_raw_event_sched_switch+0x10/0x180 [ 367.140210] DR6: fffe0ff0 DR7: 00000400 [ 367.140211] Kernel panic - not syncing: Attempted to kill the idle task! [ 367.143348] Code: 08 5b 5e 5f 5d c3 8d 74 26 00 31 c0 eb e4 e8 07 42 dd 00 8d b4 26 00 00 00 00 55 89 e5 57 56 53 89 c6 89 cf 83 ec 28 8b 45 08 <8b> 5e 24 89 55 cc 89 45 d0 65 a1 14 00 00 00 89 45 f0 31 c0 f6 c7 [ 367.220218] EAX: d5ebb6c0 EBX: d5ebb6c0 ECX: cbca0700 EDX: 00000000 [ 367.226476] ESI: 00000000 EDI: cbca0700 EBP: cbc8bef0 ESP: cbc8bebc [ 367.232733] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210092 [ 367.239512] CR0: 80050033 CR2: 00000024 CR3: 0bfbc000 CR4: 003506d0 [ 367.245767] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 367.252025] DR6: fffe0ff0 DR7: 00000400 [ 367.255855] Call Trace: [ 367.258302] ? pick_next_task_fair+0x154/0x3a0 [ 367.262748] __schedule+0x4dc/0xa90 [ 367.266240] schedule_idle+0x1c/0x40 [ 367.269819] do_idle+0x185/0x2a0 [ 367.273053] cpu_startup_entry+0x25/0x30 [ 367.276978] rest_init+0x166/0x230 [ 367.280375] arch_call_rest_init+0xd/0x19 [ 367.284380] start_kernel+0x481/0x4a0 [ 367.288045] i386_start_kernel+0x48/0x4a [ 367.291970] startup_32_smp+0x164/0x168 [ 367.295803] Modules linked in: sch_fq 8021q iptable_filter xt_mark ip_tables cls_bpf veth algif_hash x86_pkg_temp_thermal fuse [last unloaded: test_bpf] [ 367.309450] CR2: 0000000000000024 [ 367.312762] ---[ end trace 41a54e0211ae9de2 ]--- [ 367.312763] BUG: kernel NULL pointer dereference, address: 00000024 [ 367.312764] #PF: supervisor read access in kernel mode [ 367.317381] EIP: trace_event_raw_event_sched_switch+0x10/0x180 [ 367.323637] #PF: error_code(0x0000) - not-present page [ 367.323638] *pde = 00000000 [ 367.328769] Code: 08 5b 5e 5f 5d c3 8d 74 26 00 31 c0 eb e4 e8 07 42 dd 00 8d b4 26 00 00 00 00 55 89 e5 57 56 53 89 c6 89 cf 83 ec 28 8b 45 08 <8b> 5e 24 89 55 cc 89 45 d0 65 a1 14 00 00 00 89 45 f0 31 c0 f6 c7 [ 367.328770] EAX: f5582480 EBX: f5582480 ECX: f5585b40 EDX: 00000000 [ 367.334600] [ 367.334601] Oops: 0000 [#3] SMP [ 367.339731] ESI: 00000000 EDI: f5585b40 EBP: f5593f20 ESP: f5593eec [ 367.339732] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210092 [ 367.342611] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G D W 5.9.0-rc5-next-20200921 #1 [ 367.361346] CR0: 80050033 CR2: 00000024 CR3: 0bfbc000 CR4: 003506d0 [ 367.361347] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 367.367602] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.0b 07/27/2017 [ 367.367604] EIP: trace_event_raw_event_sched_switch+0x10/0x180 [ 367.369095] DR6: fffe0ff0 DR7: 00000400 [ 367.423685] Code: 08 5b 5e 5f 5d c3 8d 74 26 00 31 c0 eb e4 e8 07 42 dd 00 8d b4 26 00 00 00 00 55 89 e5 57 56 53 89 c6 89 cf 83 ec 28 8b 45 08 <8b> 5e 24 89 55 cc 89 45 d0 65 a1 14 00 00 00 89 45 f0 31 c0 f6 c7 [ 367.442431] EAX: f2dca480 EBX: f2dca480 ECX: f5584900 EDX: 00000000 [ 367.448687] ESI: 00000000 EDI: f5584900 EBP: f5591f20 ESP: f5591eec [ 367.454945] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210092 [ 367.461722] CR0: 80050033 CR2: 00000024 CR3: 0bfbc000 CR4: 003506d0 [ 367.467980] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 367.474236] DR6: fffe0ff0 DR7: 00000400 [ 367.478067] Call Trace: [ 367.480514] ? pick_next_task_fair+0x154/0x3a0 [ 367.484961] __schedule+0x4dc/0xa90 [ 367.488453] ? inet_rtm_getroute+0x214/0x990 [ 367.492724] schedule_idle+0x1c/0x40 [ 367.496302] do_idle+0x185/0x2a0 [ 367.499526] ? inet_rtm_getroute+0x214/0x990 [ 367.503792] cpu_startup_entry+0x25/0x30 [ 367.507715] start_secondary+0x106/0x140 [ 367.511633] ? inet_rtm_getroute+0x214/0x990 [ 367.515898] startup_32_smp+0x164/0x168 [ 367.519738] Modules linked in: sch_fq 8021q iptable_filter xt_mark ip_tables cls_bpf veth algif_hash x86_pkg_temp_thermal fuse [last unloaded: test_bpf] [ 367.533385] CR2: 0000000000000024 [ 367.536698] ---[ end trace 41a54e0211ae9de3 ]--- [ 367.541316] EIP: trace_event_raw_event_sched_switch+0x10/0x180 [ 367.547140] Code: 08 5b 5e 5f 5d c3 8d 74 26 00 31 c0 eb e4 e8 07 42 dd 00 8d b4 26 00 00 00 00 55 89 e5 57 56 53 89 c6 89 cf 83 ec 28 8b 45 08 <8b> 5e 24 89 55 cc 89 45 d0 65 a1 14 00 00 00 89 45 f0 31 c0 f6 c7 [ 367.565877] EAX: f5582480 EBX: f5582480 ECX: f5585b40 EDX: 00000000 [ 367.572135] ESI: 00000000 EDI: f5585b40 EBP: f5593f20 ESP: f5593eec [ 367.578391] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210092 [ 367.585170] CR0: 80050033 CR2: 00000024 CR3: 0bfbc000 CR4: 003506d0 [ 367.591433] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 367.597691] DR6: fffe0ff0 DR7: 00000400 [ 368.219291] Shutting down cpus with NMI [ 368.223134] Kernel Offset: disabled [ 368.226617] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]--- full test log, https://lkft.validation.linaro.org/scheduler/job/1784011 https://lkft.validation.linaro.org/scheduler/job/1776849#L9308 -- Linaro LKFT https://lkft.linaro.org

5 years, 1 month

2
1
0 0

[PATCH 0/6] kselftest: arm64/mte: Tests for user-space MTE

by Amit Daniel Kachhap

These patch series adds below kselftests to test the user-space support for the ARMv8.5 Memory Tagging Extension present in arm64 tree [1]. 1) This test-case verifies that the memory allocated by kernel mmap interface can support tagged memory access. It first checks the presence of tags at address[56:59] and then proceeds with read and write. The pass criteria for this test is that tag fault exception should not happen. 2) This test-case crosses the valid memory to the invalid memory. In this memory area valid tags are not inserted so read and write should not pass. The pass criteria for this test is that tag fault exception should happen for all the illegal addresses. This test also verfies that PSTATE.TCO works properly. 3) This test-case verifies that the memory inherited by child process from parent process should have same tags copied. The pass criteria for this test is that tag fault exception should not happen. 4) This test checks different mmap flags with PROT_MTE memory protection. 5) This testcase checks that KSM should not merge pages containing different MTE tag values. However, if the tags are same then the pages may merge. This testcase uses the generic ksm sysfs interfaces to verify the MTE behaviour, so this testcase is not fullproof and may be impacted due to other load in the system. 6) Fifth test verifies that syscalls read/write etc works by considering that user pointer has valid/invalid allocation tags. To simplify the testing, a copy of the patchset on top of a recent linux tree can be found at [2]. Thanks, Amit Daniel [1]: https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/mte [2]: http://linux-arm.org/git?p=linux-ak.git;a=shortlog;h=refs/heads/kselftest-m… Amit Daniel Kachhap (6): kselftest/arm64: Add utilities and a test to validate mte memory kselftest/arm64: Verify mte tag inclusion via prctl kselftest/arm64: Check forked child mte memory accessibility kselftest/arm64: Verify all different mmap MTE options kselftest/arm64: Verify KSM page merge for MTE pages kselftest/arm64: Check mte tagged user address in kernel tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/mte/.gitignore | 6 + tools/testing/selftests/arm64/mte/Makefile | 29 ++ .../selftests/arm64/mte/check_buffer_fill.c | 476 ++++++++++++++++++ .../selftests/arm64/mte/check_child_memory.c | 195 +++++++ .../selftests/arm64/mte/check_ksm_options.c | 131 +++++ .../selftests/arm64/mte/check_mmap_options.c | 262 ++++++++++ .../arm64/mte/check_tags_inclusion.c | 183 +++++++ .../selftests/arm64/mte/check_user_mem.c | 118 +++++ .../selftests/arm64/mte/mte_common_util.c | 374 ++++++++++++++ .../selftests/arm64/mte/mte_common_util.h | 135 +++++ tools/testing/selftests/arm64/mte/mte_def.h | 26 + .../testing/selftests/arm64/mte/mte_helper.S | 116 +++++ 13 files changed, 2052 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/arm64/mte/.gitignore create mode 100644 tools/testing/selftests/arm64/mte/Makefile create mode 100644 tools/testing/selftests/arm64/mte/check_buffer_fill.c create mode 100644 tools/testing/selftests/arm64/mte/check_child_memory.c create mode 100644 tools/testing/selftests/arm64/mte/check_ksm_options.c create mode 100644 tools/testing/selftests/arm64/mte/check_mmap_options.c create mode 100644 tools/testing/selftests/arm64/mte/check_tags_inclusion.c create mode 100644 tools/testing/selftests/arm64/mte/check_user_mem.c create mode 100644 tools/testing/selftests/arm64/mte/mte_common_util.c create mode 100644 tools/testing/selftests/arm64/mte/mte_common_util.h create mode 100644 tools/testing/selftests/arm64/mte/mte_def.h create mode 100644 tools/testing/selftests/arm64/mte/mte_helper.S -- 2.17.1

5 years, 1 month

3
12
0 0

[REGRESSION] kselftest: next-20200921

by LKFT

## Kernel * kernel: 5.9.0-rc5 * git repo: ['https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git', 'https://gitlab.com/Linaro/lkft/mirrors/next/linux-next'] * git branch: master * git commit: b10b8ad862118bf42c28a98b0f067619aadcfb23 * git describe: next-20200921 * Test details: https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20200921 ## Regressions (compared to build next-20200918) x86: kselftest-vsyscall-mode-native: * proc_read kselftest-vsyscall-mode-none: * net_fib-onlink-tests.sh kselftest: * kvm_vmx_preemption_timer_test ## Fixes (compared to build next-20200918) juno-r2: kselftest: * cgroup_test_freezer x86: kselftest-vsyscall-mode-native: * pidfd_pidfd_test * tc-testing_tdc.sh kselftest-vsyscall-mode-none: * x86_fsgsbase_64 kselftest: * rtc_rtctest ## Summary ### hi6220-hikey, kselftest * total: 289 * pass: 130 * fail: 121 * skip: 38 * xfail: 0 ### i386, kselftest * total: 55 * pass: 26 * fail: 22 * skip: 7 * xfail: 0 ### juno-r2, kselftest * total: 289 * pass: 129 * fail: 122 * skip: 38 * xfail: 0 ### x86, kselftest * total: 314 * pass: 167 * fail: 113 * skip: 34 * xfail: 0 ### x86, kselftest-vsyscall-mode-native * total: 314 * pass: 166 * fail: 114 * skip: 34 * xfail: 0 ### x86, kselftest-vsyscall-mode-none * total: 313 * pass: 166 * fail: 113 * skip: 34 * xfail: 0 ## Environments * dragonboard-410c * hi6220-hikey * i386 * juno-r2 * juno-r2-compat * juno-r2-kasan * nxp-ls2088 * qemu_arm * qemu_arm64 * qemu_i386 * qemu_x86_64 * x15 * x86 * x86-kasan ## Suites * kselftest * kselftest-vsyscall-mode-native * kselftest-vsyscall-mode-none ## Failures ### hi6220-hikey, kselftest * bpf_test_verifier * bpf_test_tag * bpf_test_maps * bpf_test_lpm_map * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_kmod.sh * bpf_test_sock_addr.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tcp_check_syncookie.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * memory-hotplug_mem-on-off-test.sh * net_run_netsocktests * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_ip_defrag.sh * net_udpgso_bench.sh * net_fib_rule_tests.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_tcp_fastopen_backup_key.sh * net_l2tp.sh * net_fib_nexthops.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_nat.sh * netfilter_conntrack_icmp_related.sh * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_test * pidfd_pidfd_fdinfo_test * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * sysctl_sysctl.sh * tc-testing_tdc.sh ### i386, kselftest * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_clear_sighand * clone3_clone3_cap_checkpoint_restore * core_close_range_test ### juno-r2, kselftest * bpf_test_verifier * bpf_test_tag * bpf_test_maps * bpf_test_lpm_map * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tcp_check_syncookie.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * cpufreq_main.sh * firmware_fw_run_tests.sh * ftrace_ftracetest * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * memory-hotplug_mem-on-off-test.sh * mincore_mincore_selftest * net_run_netsocktests * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_fib_rule_tests.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_tcp_fastopen_backup_key.sh * net_l2tp.sh * net_fib_nexthops.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_nat.sh * netfilter_conntrack_icmp_related.sh * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_test * pidfd_pidfd_fdinfo_test * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * sysctl_sysctl.sh * tc-testing_tdc.sh ### x86, kselftest * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_vmx_preemption_timer_test * kvm_debug_regs * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * mincore_mincore_selftest * mqueue_mq_perf_tests * net_run_netsocktests * net_xfrm_policy.sh * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_l2tp.sh * net_traceroute.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * vm_run_vmtests * x86_syscall_numbering_64 ### x86, kselftest-vsyscall-mode-native * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_debug_regs * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * mincore_mincore_selftest * mqueue_mq_perf_tests * net_run_netsocktests * net_xfrm_policy.sh * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_l2tp.sh * net_traceroute.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_read * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * vm_run_vmtests * x86_syscall_numbering_64 ### x86, kselftest-vsyscall-mode-none * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_vmx_preemption_timer_test * kvm_debug_regs * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * mincore_mincore_selftest * mqueue_mq_perf_tests * net_run_netsocktests * net_xfrm_policy.sh * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_l2tp.sh * net_traceroute.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * vm_run_vmtests * x86_syscall_numbering_64 ## Skips ### hi6220-hikey, kselftest * arm64_sve-ptrace * arm64_sve-probe-vls * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * intel_pstate_run.sh * ir_ir_loopback.sh * livepatch_test-livepatch.sh * livepatch_test-callbacks.sh * livepatch_test-shadow-vars.sh * livepatch_test-state.sh * livepatch_test-ftrace.sh * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * net_xfrm_policy.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * proc_proc-pid-vm * pstore_pstore_post_reboot_tests ### i386, kselftest * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh ### juno-r2, kselftest * arm64_sve-ptrace * arm64_sve-probe-vls * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * intel_pstate_run.sh * ir_ir_loopback.sh * livepatch_test-livepatch.sh * livepatch_test-callbacks.sh * livepatch_test-shadow-vars.sh * livepatch_test-state.sh * livepatch_test-ftrace.sh * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * net_xfrm_policy.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * proc_proc-pid-vm * pstore_pstore_post_reboot_tests ### x86, kselftest * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * kvm_mmio_warning_test * kvm_svm_vmcall_test * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * pstore_pstore_post_reboot_tests * tpm2_test_smoke.sh * tpm2_test_space.sh ### x86, kselftest-vsyscall-mode-native * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * kvm_mmio_warning_test * kvm_svm_vmcall_test * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * pstore_pstore_post_reboot_tests * tpm2_test_smoke.sh * tpm2_test_space.sh ### x86, kselftest-vsyscall-mode-none * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * kvm_mmio_warning_test * kvm_svm_vmcall_test * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * pstore_pstore_post_reboot_tests * tpm2_test_smoke.sh * tpm2_test_space.sh -- Linaro LKFT https://lkft.linaro.org

5 years, 1 month

1
0
0 0

[RFC PATCH 00/11] Introduce Simple atomic and non-atomic counters

by Shuah Khan

This patch series is a result of discussion at the refcount_t BOF the Linux Plumbers Conference. In this discussion, we identifed a need for looking closely and investigating atomic_t usages in the kernel when it is used strictly as a counter wothout it controlling object lifetimes and state changes. There are a number of atomic_t usages in the kernel where atomic_t api is used strictly for counting and not for managing object lifetime. In some cases, atomic_t might not even be needed. The purpose of these counters is twofold: 1. clearly differentiate atomic_t counters from atomic_t usages that guard object lifetimes, hence prone to overflow and underflow errors. It allows tools that scan for underflow and overflow on atomic_t usages to detect overflow and underflows to scan just the cases that are prone to errors. 2. provides non-atomic counters for cases where atomic isn't necessary. Simple atomic and non-atomic counters api provides interfaces for simple atomic and non-atomic counters that just count, and don't guard resource lifetimes. Counters will wrap around to 0 when it overflows and should not be used to guard resource lifetimes, device usage and open counts that control state changes, and pm states. Using counter_atomic to guard lifetimes could lead to use-after free when it overflows and undefined behavior when used to manage state changes and device usage/open states. This patch series introduces Simple atomic and non-atomic counters. Counter atomic ops leverage atomic_t and provide a sub-set of atomic_t ops. In addition this patch series converts a few drivers to use the new api. The following criteria is used for select variables for conversion: 1. Variable doesn't guard object lifetimes, manage state changes e.g: device usage counts, device open counts, and pm states. 2. Variable is used for stats and counters. 3. The conversion doesn't change the overflow behavior. Please review and let me know if non-stat conversions e.g: probe_count, deferred_trigger_count make sense. Shuah Khan (11): counters: Introduce counter and counter_atomic counters selftests:lib:test_counters: add new test for counters drivers/base: convert deferred_trigger_count and probe_count to counter_atomic drivers/base/devcoredump: convert devcd_count to counter_atomic drivers/acpi: convert seqno counter_atomic drivers/acpi/apei: convert seqno counter_atomic drivers/android/binder: convert stats, transaction_log to counter_atomic drivers/base/test/test_async_driver_probe: convert to use counter_atomic drivers/char/ipmi: convert stats to use counter_atomic drivers/misc/vmw_vmci: convert num guest devices counter to counter_atomic drivers/edac: convert pci counters to counter_atomic Documentation/core-api/counters.rst | 158 +++++++++ MAINTAINERS | 8 + drivers/acpi/acpi_extlog.c | 5 +- drivers/acpi/apei/ghes.c | 5 +- drivers/android/binder.c | 41 +-- drivers/android/binder_internal.h | 3 +- drivers/base/dd.c | 19 +- drivers/base/devcoredump.c | 5 +- drivers/base/test/test_async_driver_probe.c | 23 +- drivers/char/ipmi/ipmi_msghandler.c | 9 +- drivers/char/ipmi/ipmi_si_intf.c | 9 +- drivers/edac/edac_pci.h | 5 +- drivers/edac/edac_pci_sysfs.c | 28 +- drivers/misc/vmw_vmci/vmci_guest.c | 9 +- include/linux/counters.h | 343 +++++++++++++++++++ lib/Kconfig | 10 + lib/Makefile | 1 + lib/test_counters.c | 283 +++++++++++++++ tools/testing/selftests/lib/Makefile | 1 + tools/testing/selftests/lib/config | 1 + tools/testing/selftests/lib/test_counters.sh | 5 + 21 files changed, 897 insertions(+), 74 deletions(-) create mode 100644 Documentation/core-api/counters.rst create mode 100644 include/linux/counters.h create mode 100644 lib/test_counters.c create mode 100755 tools/testing/selftests/lib/test_counters.sh -- 2.25.1

5 years, 1 month

1
1
0 0

[PATCH v5 bpf-next 0/6] bpf: add helpers to support BTF-based kernel data display

by Alan Maguire

This series attempts to provide a simple way for BPF programs (and in future other consumers) to utilize BPF Type Format (BTF) information to display kernel data structures in-kernel. The use case this functionality is applied to here is to support a snprintf()-like helper to copy a BTF representation of kernel data to a string, and a BPF seq file helper to display BTF data for an iterator. There is already support in kernel/bpf/btf.c for "show" functionality; the changes here generalize that support from seq-file specific verifier display to the more generic case and add another specific use case; rather than seq_printf()ing the show data, it is copied to a supplied string using a snprintf()-like function. Other future consumers of the show functionality could include a bpf_printk_btf() function which printk()ed the data instead. Oops messaging in particular would be an interesting application for such functionality. The above potential use case hints at a potential reply to a reasonable objection that such typed display should be solved by tracing programs, where the in-kernel tracing records data and the userspace program prints it out. While this is certainly the recommended approach for most cases, I believe having an in-kernel mechanism would be valuable also. Critically in BPF programs it greatly simplifies debugging and tracing of such data to invoking a simple helper. One challenge raised in an earlier iteration of this work - where the BTF printing was implemented as a printk() format specifier - was that the amount of data printed per printk() was large, and other format specifiers were far simpler. Here we sidestep that concern by printing components of the BTF representation as we go for the seq file case, and in the string case the snprintf()-like operation is intended to be a basis for perf event or ringbuf output. The reasons for avoiding bpf_trace_printk are that 1. bpf_trace_printk() strings are restricted in size and cannot display anything beyond trivial data structures; and 2. bpf_trace_printk() is for debugging purposes only. As Alexei suggested, a bpf_trace_puts() helper could solve this in the future but it still would be limited by the 1000 byte limit for traced strings. Default output for an sk_buff looks like this (zeroed fields are omitted): (struct sk_buff){ .transport_header = (__u16)65535, .mac_header = (__u16)65535, .end = (sk_buff_data_t)192, .head = (unsigned char *)0x000000007524fd8b, .data = (unsigned char *)0x000000007524fd8b, .truesize = (unsigned int)768, .users = (refcount_t){ .refs = (atomic_t){ .counter = (int)1, }, }, } Flags can modify aspects of output format; see patch 3 for more details. Changes since v4: - Changed approach from a BPF trace event-centric design to one utilizing a snprintf()-like helper and an iter helper (Alexei, patches 3,5) - Added tests to verify BTF output (patch 4) - Added support to tests for verifying BTF type_id-based display as well as type name via __builtin_btf_type_id (Andrii, patch 4). - Augmented task iter tests to cover the BTF-based seq helper. Because a task_struct's BTF-based representation would overflow the PAGE_SIZE limit on iterator data, the "struct fs_struct" (task->fs) is displayed for each task instead (Alexei, patch 6). Changes since v3: - Moved to RFC since the approach is different (and bpf-next is closed) - Rather than using a printk() format specifier as the means of invoking BTF-enabled display, a dedicated BPF helper is used. This solves the issue of printk() having to output large amounts of data using a complex mechanism such as BTF traversal, but still provides a way for the display of such data to be achieved via BPF programs. Future work could include a bpf_printk_btf() function to invoke display via printk() where the elements of a data structure are printk()ed one at a time. Thanks to Petr Mladek, Andy Shevchenko and Rasmus Villemoes who took time to look at the earlier printk() format-specifier-focused version of this and provided feedback clarifying the problems with that approach. - Added trace id to the bpf_trace_printk events as a means of separating output from standard bpf_trace_printk() events, ensuring it can be easily parsed by the reader. - Added bpf_trace_btf() helper tests which do simple verification of the various display options. Changes since v2: - Alexei and Yonghong suggested it would be good to use probe_kernel_read() on to-be-shown data to ensure safety during operation. Safe copy via probe_kernel_read() to a buffer object in "struct btf_show" is used to support this. A few different approaches were explored including dynamic allocation and per-cpu buffers. The downside of dynamic allocation is that it would be done during BPF program execution for bpf_trace_printk()s using %pT format specifiers. The problem with per-cpu buffers is we'd have to manage preemption and since the display of an object occurs over an extended period and in printk context where we'd rather not change preemption status, it seemed tricky to manage buffer safety while considering preemption. The approach of utilizing stack buffer space via the "struct btf_show" seemed like the simplest approach. The stack size of the associated functions which have a "struct btf_show" on their stack to support show operation (btf_type_snprintf_show() and btf_type_seq_show()) stays under 500 bytes. The compromise here is the safe buffer we use is small - 256 bytes - and as a result multiple probe_kernel_read()s are needed for larger objects. Most objects of interest are smaller than this (e.g. "struct sk_buff" is 224 bytes), and while task_struct is a notable exception at ~8K, performance is not the priority for BTF-based display. (Alexei and Yonghong, patch 2). - safe buffer use is the default behaviour (and is mandatory for BPF) but unsafe display - meaning no safe copy is done and we operate on the object itself - is supported via a 'u' option. - pointers are prefixed with 0x for clarity (Alexei, patch 2) - added additional comments and explanations around BTF show code, especially around determining whether objects such zeroed. Also tried to comment safe object scheme used. (Yonghong, patch 2) - added late_initcall() to initialize vmlinux BTF so that it would not have to be initialized during printk operation (Alexei, patch 5) - removed CONFIG_BTF_PRINTF config option as it is not needed; CONFIG_DEBUG_INFO_BTF can be used to gate test behaviour and determining behaviour of type-based printk can be done via retrieval of BTF data; if it's not there BTF was unavailable or broken (Alexei, patches 4,6) - fix bpf_trace_printk test to use vmlinux.h and globals via skeleton infrastructure, removing need for perf events (Andrii, patch 8) Changes since v1: - changed format to be more drgn-like, rendering indented type info along with type names by default (Alexei) - zeroed values are omitted (Arnaldo) by default unless the '0' modifier is specified (Alexei) - added an option to print pointer values without obfuscation. The reason to do this is the sysctls controlling pointer display are likely to be irrelevant in many if not most tracing contexts. Some questions on this in the outstanding questions section below... - reworked printk format specifer so that we no longer rely on format %pT<type> but instead use a struct * which contains type information (Rasmus). This simplifies the printk parsing, makes use more dynamic and also allows specification by BTF id as well as name. - removed incorrect patch which tried to fix dereferencing of resolved BTF info for vmlinux; instead we skip modifiers for the relevant case (array element type determination) (Alexei). - fixed issues with negative snprintf format length (Rasmus) - added test cases for various data structure formats; base types, typedefs, structs, etc. - tests now iterate through all typedef, enum, struct and unions defined for vmlinux BTF and render a version of the target dummy value which is either all zeros or all 0xff values; the idea is this exercises the "skip if zero" and "print everything" cases. - added support in BPF for using the %pT format specifier in bpf_trace_printk() - added BPF tests which ensure %pT format specifier use works (Alexei). Alan Maguire (6): bpf: provide function to get vmlinux BTF information bpf: move to generic BTF show support, apply it to seq files/strings bpf: add bpf_btf_snprintf helper selftests/bpf: add bpf_btf_snprintf helper tests bpf: add bpf_seq_btf_write helper selftests/bpf: add test for bpf_seq_btf_write helper include/linux/bpf.h | 3 + include/linux/btf.h | 40 + include/uapi/linux/bpf.h | 78 ++ kernel/bpf/btf.c | 978 ++++++++++++++++++--- kernel/bpf/helpers.c | 4 + kernel/bpf/verifier.c | 18 +- kernel/trace/bpf_trace.c | 133 +++ scripts/bpf_helpers_doc.py | 2 + tools/include/uapi/linux/bpf.h | 78 ++ tools/testing/selftests/bpf/prog_tests/bpf_iter.c | 66 ++ .../selftests/bpf/prog_tests/btf_snprintf.c | 55 ++ .../selftests/bpf/progs/bpf_iter_task_btf.c | 49 ++ .../selftests/bpf/progs/netif_receive_skb.c | 260 ++++++ 13 files changed, 1656 insertions(+), 108 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/btf_snprintf.c create mode 100644 tools/testing/selftests/bpf/progs/bpf_iter_task_btf.c create mode 100644 tools/testing/selftests/bpf/progs/netif_receive_skb.c -- 1.8.3.1

5 years, 1 month

2
7
0 0

[PATCH] selftests: Add missing gitignore entries

by Gabriel Krisman Bertazi

Prevent them from polluting git status after building selftests. Signed-off-by: Gabriel Krisman Bertazi <krisman(a)collabora.com> --- tools/testing/selftests/firmware/.gitignore | 2 ++ tools/testing/selftests/netfilter/.gitignore | 2 ++ tools/testing/selftests/ptrace/.gitignore | 1 + 3 files changed, 5 insertions(+) create mode 100644 tools/testing/selftests/firmware/.gitignore create mode 100644 tools/testing/selftests/netfilter/.gitignore diff --git a/tools/testing/selftests/firmware/.gitignore b/tools/testing/selftests/firmware/.gitignore new file mode 100644 index 000000000000..62abc92a94c4 --- /dev/null +++ b/tools/testing/selftests/firmware/.gitignore @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: GPL-2.0-only +fw_namespace diff --git a/tools/testing/selftests/netfilter/.gitignore b/tools/testing/selftests/netfilter/.gitignore new file mode 100644 index 000000000000..8448f74adfec --- /dev/null +++ b/tools/testing/selftests/netfilter/.gitignore @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: GPL-2.0-only +nf-queue diff --git a/tools/testing/selftests/ptrace/.gitignore b/tools/testing/selftests/ptrace/.gitignore index 7bebf9534a86..792318aaa30c 100644 --- a/tools/testing/selftests/ptrace/.gitignore +++ b/tools/testing/selftests/ptrace/.gitignore @@ -1,3 +1,4 @@ # SPDX-License-Identifier: GPL-2.0-only get_syscall_info peeksiginfo +vmaccess -- 2.28.0

5 years, 1 month

2
2
0 0

[PATCH v2 0/4] selftests/seccomp: Refactor change_syscall()

by Kees Cook

v1: https://lore.kernel.org/lkml/20200912110820.597135-1-keescook@chromium.org v2: - Took Acked patches into -next - refactored powerpc syscall setting implementation - refactored clone3 args implementation Hi, This finishes the refactoring of the seccomp selftest logic used in for ptrace syscall number/return handling for powerpc. Additionally fixes clone3 (which seccomp depends on for testing) to run under MIPS where an old struct clone_args has become visible. (FWIW, I expect to take these via the seccomp tree.) Thanks, Kees Cook (4): selftests/seccomp: Record syscall during ptrace entry selftests/seccomp: Allow syscall nr and ret value to be set separately selftests/seccomp: powerpc: Set syscall return during ptrace syscall exit selftests/clone3: Avoid OS-defined clone_args tools/testing/selftests/clone3/clone3.c | 45 +++---- .../clone3/clone3_cap_checkpoint_restore.c | 4 +- .../selftests/clone3/clone3_clear_sighand.c | 2 +- .../selftests/clone3/clone3_selftests.h | 24 ++-- .../testing/selftests/clone3/clone3_set_tid.c | 4 +- tools/testing/selftests/seccomp/seccomp_bpf.c | 120 ++++++++++++++---- 6 files changed, 131 insertions(+), 68 deletions(-) -- 2.25.1

5 years, 1 month

2
8
0 0

[REGRESSION] kselftest: next-20200918

by LKFT

## Kernel * kernel: 5.9.0-rc5 * git repo: ['https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git', 'https://gitlab.com/Linaro/lkft/mirrors/next/linux-next'] * git branch: master * git commit: b652d2a5f2a4e93d803cc33eb57fdc41ee528500 * git describe: next-20200918 * Test details: https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20200918 ## Regressions (compared to build next-20200917) juno-r2: kselftest: * cgroup_test_freezer x86: kselftest-vsyscall-mode-native: * net_fib-onlink-tests.sh * tc-testing_tdc.sh kselftest-vsyscall-mode-none: * kvm_vmx_preemption_timer_test ## Fixes (compared to build next-20200917) x86: kselftest: * kvm_vmx_preemption_timer_test * net_ip_defrag.sh * proc_read i386: kselftest: * pidfd_pidfd_test ## Summary ### i386, kselftest * total: 318 * pass: 144 * fail: 135 * skip: 39 * xfail: 0 ### juno-r2, kselftest * total: 278 * pass: 127 * fail: 116 * skip: 35 * xfail: 0 ### x86, kselftest * total: 312 * pass: 167 * fail: 111 * skip: 34 * xfail: 0 ### x86, kselftest-vsyscall-mode-native * total: 315 * pass: 166 * fail: 115 * skip: 34 * xfail: 0 ### x86, kselftest-vsyscall-mode-none * total: 314 * pass: 166 * fail: 114 * skip: 34 * xfail: 0 ## Environments * dragonboard-410c * hi6220-hikey * i386 * juno-r2 * juno-r2-compat * juno-r2-kasan * nxp-ls2088 * qemu_arm * qemu_arm64 * qemu_i386 * qemu_x86_64 * x15 * x86 * x86-kasan ## Suites * kselftest * kselftest-vsyscall-mode-native * kselftest-vsyscall-mode-none ## Failures ### i386, kselftest * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_clear_sighand * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_cr4_cpuid_sync_test * kvm_evmcs_test * kvm_hyperv_cpuid * kvm_mmio_warning_test * kvm_platform_info_test * kvm_set_sregs_test * kvm_smm_test * kvm_state_test * kvm_vmx_preemption_timer_test * kvm_svm_vmcall_test * kvm_sync_regs_test * kvm_vmx_close_while_nested_test * kvm_vmx_dirty_log_test * kvm_vmx_set_nested_state_test * kvm_vmx_tsc_adjust_test * kvm_xss_msr_test * kvm_debug_regs * kvm_clear_dirty_log_test * kvm_demand_paging_test * kvm_dirty_log_test * kvm_kvm_create_max_vcpus * kvm_set_memory_region_test * kvm_steal_time * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * mincore_mincore_selftest * mqueue_mq_perf_tests * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_l2tp.sh * net_traceroute.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-self-syscall * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * vm_run_vmtests ### juno-r2, kselftest * bpf_test_tag * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tcp_check_syncookie.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * cgroup_test_freezer * clone3_clone3_cap_checkpoint_restore * core_close_range_test * cpufreq_main.sh * firmware_fw_run_tests.sh * ftrace_ftracetest * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * memory-hotplug_mem-on-off-test.sh * mincore_mincore_selftest * net_run_netsocktests * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_fib_rule_tests.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_tcp_fastopen_backup_key.sh * net_l2tp.sh * net_fib_nexthops.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_nat.sh * netfilter_conntrack_icmp_related.sh * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_test * pidfd_pidfd_fdinfo_test * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * sysctl_sysctl.sh * tc-testing_tdc.sh ### x86, kselftest * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_debug_regs * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * mqueue_mq_perf_tests * net_xfrm_policy.sh * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_l2tp.sh * net_traceroute.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * vm_run_vmtests * x86_syscall_numbering_64 ### x86, kselftest-vsyscall-mode-native * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_debug_regs * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * mincore_mincore_selftest * mqueue_mq_perf_tests * net_run_netsocktests * net_xfrm_policy.sh * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_l2tp.sh * net_traceroute.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_test * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * tc-testing_tdc.sh * vm_run_vmtests * x86_syscall_numbering_64 ### x86, kselftest-vsyscall-mode-none * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_vmx_preemption_timer_test * kvm_debug_regs * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * mincore_mincore_selftest * mqueue_mq_perf_tests * net_run_netsocktests * net_xfrm_policy.sh * net_fib_tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_l2tp.sh * net_traceroute.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * vm_run_vmtests * x86_fsgsbase_64 * x86_syscall_numbering_64 ## Skips ### i386, kselftest * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * livepatch_test-livepatch.sh * livepatch_test-callbacks.sh * livepatch_test-shadow-vars.sh * livepatch_test-state.sh * livepatch_test-ftrace.sh * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * memory-hotplug_mem-on-off-test.sh * net_reuseport_bpf_numa * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * proc_proc-pid-vm * pstore_pstore_post_reboot_tests * tpm2_test_smoke.sh * tpm2_test_space.sh ### juno-r2, kselftest * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * intel_pstate_run.sh * ir_ir_loopback.sh * livepatch_test-livepatch.sh * livepatch_test-callbacks.sh * livepatch_test-shadow-vars.sh * livepatch_test-state.sh * livepatch_test-ftrace.sh * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * net_xfrm_policy.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * proc_proc-pid-vm * pstore_pstore_post_reboot_tests ### x86, kselftest * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * kvm_mmio_warning_test * kvm_svm_vmcall_test * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * pstore_pstore_post_reboot_tests * tpm2_test_smoke.sh * tpm2_test_space.sh ### x86, kselftest-vsyscall-mode-native * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * kvm_mmio_warning_test * kvm_svm_vmcall_test * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * pstore_pstore_post_reboot_tests * tpm2_test_smoke.sh * tpm2_test_space.sh ### x86, kselftest-vsyscall-mode-none * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * kvm_mmio_warning_test * kvm_svm_vmcall_test * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * pstore_pstore_post_reboot_tests * tpm2_test_smoke.sh * tpm2_test_space.sh -- Linaro LKFT https://lkft.linaro.org

5 years, 1 month

1
0
0 0

[PATCH 00/15] selftests/seccomp: Refactor change_syscall()

by Kees Cook

Hi, This refactors the seccomp selftest macros used in change_syscall(), in an effort to remove special cases for mips, arm, arm64, and xtensa, which paves the way for powerpc fixes. I'm not entirely done testing, but all-arch build tests and x86_64 selftests pass. I'll be doing arm, arm64, and i386 selftests shortly, but I currently don't have an easy way to check xtensa, mips, nor powerpc. Any help there would be appreciated! (FWIW, I expect to take these via the seccomp tree.) Thanks, -Kees Kees Cook (15): selftests/seccomp: Refactor arch register macros to avoid xtensa special case selftests/seccomp: Provide generic syscall setting macro selftests/seccomp: mips: Define SYSCALL_NUM_SET macro selftests/seccomp: arm: Define SYSCALL_NUM_SET macro selftests/seccomp: arm64: Define SYSCALL_NUM_SET macro selftests/seccomp: mips: Remove O32-specific macro selftests/seccomp: Remove syscall setting #ifdefs selftests/seccomp: Convert HAVE_GETREG into ARCH_GETREG/ARCH_SETREG selftests/seccomp: Convert REGSET calls into ARCH_GETREG/ARCH_SETREG selftests/seccomp: Avoid redundant register flushes selftests/seccomp: Remove SYSCALL_NUM_RET_SHARE_REG in favor of SYSCALL_RET_SET selftests/seccomp: powerpc: Fix seccomp return value testing selftests/seccomp: powerpc: Set syscall return during ptrace syscall exit selftests/clone3: Avoid OS-defined clone_args selftests/seccomp: Use __NR_mknodat instead of __NR_mknod .../selftests/clone3/clone3_selftests.h | 16 +- tools/testing/selftests/seccomp/seccomp_bpf.c | 313 ++++++++++-------- 2 files changed, 184 insertions(+), 145 deletions(-) -- 2.25.1

5 years, 1 month

4
38
0 0

[PATCH v2 0/6] selftests: arm64: Add floating point selftests

by Mark Brown

This series imports a series of tests for FPSIMD and SVE originally written by Dave Martin to the tree. Since these extensions have some overlap in terms of register usage and must sometimes be tested together they're dropped into a single directory. I've adapted some of the tests to run within the kselftest framework but there are also some stress tests here that are intended to be run as soak tests so aren't suitable for running by default and are mostly just integrated with the build system. There doesn't seem to be a more suitable home for those stress tests and they are very useful for work on these areas of the code so it seems useful to have them somewhere in tree. v2: Rebased onto v5.9-rc1 Mark Brown (6): selftests: arm64: Test case for enumeration of SVE vector lengths selftests: arm64: Add test for the SVE ptrace interface selftests: arm64: Add stress tests for FPSMID and SVE context switching selftests: arm64: Add utility to set SVE vector lengths selftests: arm64: Add wrapper scripts for stress tests selftests: arm64: Add build and documentation for FP tests tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/fp/.gitignore | 5 + tools/testing/selftests/arm64/fp/Makefile | 17 + tools/testing/selftests/arm64/fp/README | 100 +++ .../testing/selftests/arm64/fp/asm-offsets.h | 11 + tools/testing/selftests/arm64/fp/assembler.h | 57 ++ .../testing/selftests/arm64/fp/fpsimd-stress | 60 ++ .../testing/selftests/arm64/fp/fpsimd-test.S | 482 +++++++++++++ .../selftests/arm64/fp/sve-probe-vls.c | 58 ++ .../selftests/arm64/fp/sve-ptrace-asm.S | 33 + tools/testing/selftests/arm64/fp/sve-ptrace.c | 336 +++++++++ tools/testing/selftests/arm64/fp/sve-stress | 59 ++ tools/testing/selftests/arm64/fp/sve-test.S | 672 ++++++++++++++++++ tools/testing/selftests/arm64/fp/vlset.c | 155 ++++ 14 files changed, 2046 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/arm64/fp/.gitignore create mode 100644 tools/testing/selftests/arm64/fp/Makefile create mode 100644 tools/testing/selftests/arm64/fp/README create mode 100644 tools/testing/selftests/arm64/fp/asm-offsets.h create mode 100644 tools/testing/selftests/arm64/fp/assembler.h create mode 100755 tools/testing/selftests/arm64/fp/fpsimd-stress create mode 100644 tools/testing/selftests/arm64/fp/fpsimd-test.S create mode 100644 tools/testing/selftests/arm64/fp/sve-probe-vls.c create mode 100644 tools/testing/selftests/arm64/fp/sve-ptrace-asm.S create mode 100644 tools/testing/selftests/arm64/fp/sve-ptrace.c create mode 100755 tools/testing/selftests/arm64/fp/sve-stress create mode 100644 tools/testing/selftests/arm64/fp/sve-test.S create mode 100644 tools/testing/selftests/arm64/fp/vlset.c -- 2.20.1

5 years, 1 month

4
13
0 0

[PATCH v3 0/4] kselftests/arm64: add PAuth tests

by Boyan Karatotev

Pointer Authentication (PAuth) is a security feature introduced in ARMv8.3. It introduces instructions to sign addresses and later check for potential corruption using a second modifier value and one of a set of keys. The signature, in the form of the Pointer Authentication Code (PAC), is stored in some of the top unused bits of the virtual address (e.g. [54: 49] if TBID0 is enabled and TnSZ is set to use a 48 bit VA space). A set of controls are present to enable/disable groups of instructions (which use certain keys) for compatibility with libraries that do not utilize the feature. PAuth is used to verify the integrity of return addresses on the stack with less memory than the stack canary. This patchset adds kselftests to verify the kernel's configuration of the feature and its runtime behaviour. There are 7 tests which verify that: * an authentication failure leads to a SIGSEGV * the data/instruction instruction groups are enabled * the generic instructions are enabled * all 5 keys are different for a single thread * exec() changes all keys to new different ones * context switching preserves the 4 data/instruction keys * context switching preserves the generic keys The tests have been verified to work on qemu without a working PAUTH Implementation and on ARM's FVP with a full or partial PAuth implementation. Changes in v3: * remove double blank lines * Patch 1: "kselftests: add a basic arm64 Pointer Authentication test" * shorten pac_corruptor.S to cut out unnecessary code * add second signal handler to cover ARMv8.6 compatibily * Patch 3: "kselftests/arm64: add PAuth test for whether exec() changes keys" * change name of "exec_unique_keys" to "exec_changed_keys" * change reporting of error to be how many keys were left unchanged * Path 4: "kselftests/arm64: add PAuth tests for single threaded consistency and key uniqueness" * change unique to different * rename "single_thread_unique_keys" to "single_thread_different_keys" * change reporting of error to be how many keys were left unchanged Changes in v2: * remove extra lines at end of files * Patch 1: "kselftests: add a basic arm64 Pointer Authentication test" * add checks for a compatible compiler in Makefile * Patch 4: "kselftests: add PAuth tests for single threaded consistency and key uniqueness" * rephrase comment for clarity in pac.c Cc: Shuah Khan <shuah(a)kernel.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Reviewed-by: Vincenzo Frascino <Vincenzo.Frascino(a)arm.com> Reviewed-by: Amit Daniel Kachhap <amit.kachhap(a)arm.com> Signed-off-by: Boyan Karatotev <boyan.karatotev(a)arm.com> Acked-by: Shuah Khan <skhan(a)linuxfoundation.org> Boyan Karatotev (4): kselftests/arm64: add a basic Pointer Authentication test kselftests/arm64: add nop checks for PAuth tests kselftests/arm64: add PAuth test for whether exec() changes keys kselftests/arm64: add PAuth tests for single threaded consistency and differently initialized keys tools/testing/selftests/arm64/Makefile | 2 +- .../testing/selftests/arm64/pauth/.gitignore | 2 + tools/testing/selftests/arm64/pauth/Makefile | 39 ++ .../selftests/arm64/pauth/exec_target.c | 34 ++ tools/testing/selftests/arm64/pauth/helper.c | 39 ++ tools/testing/selftests/arm64/pauth/helper.h | 28 ++ tools/testing/selftests/arm64/pauth/pac.c | 368 ++++++++++++++++++ .../selftests/arm64/pauth/pac_corruptor.S | 19 + 8 files changed, 530 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/arm64/pauth/.gitignore create mode 100644 tools/testing/selftests/arm64/pauth/Makefile create mode 100644 tools/testing/selftests/arm64/pauth/exec_target.c create mode 100644 tools/testing/selftests/arm64/pauth/helper.c create mode 100644 tools/testing/selftests/arm64/pauth/helper.h create mode 100644 tools/testing/selftests/arm64/pauth/pac.c create mode 100644 tools/testing/selftests/arm64/pauth/pac_corruptor.S -- 2.28.0

5 years, 1 month

2
5
0 0

[REGRESSION] kselftest: next-20200917

by LKFT

## Kernel * kernel: 5.9.0-rc5 * git repo: ['https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git', 'https://gitlab.com/Linaro/lkft/mirrors/next/linux-next'] * git branch: master * git commit: 860461e4fcaa76200d2d1a53523e0ff7be92e6e8 * git describe: next-20200917 * Test details: https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20200917 ## Regressions (compared to build next-20200916) i386: kselftest: * pidfd_pidfd_test x86: kselftest-vsyscall-mode-native: * pidfd_pidfd_test kselftest-vsyscall-mode-none: * rtc_rtctest * x86_fsgsbase_64 kselftest: * kvm_vmx_preemption_timer_test * net_ip_defrag.sh * proc_read ## Fixes (compared to build next-20200916) x86: kselftest-vsyscall-mode-native: * cgroup_test_freezer * kvm_vmx_preemption_timer_test * net_fib-onlink-tests.sh kselftest-vsyscall-mode-none: * net_fib-onlink-tests.sh ## Summary ### hi6220-hikey, kselftest * total: 72 * pass: 38 * fail: 27 * skip: 7 * xfail: 0 ### i386, kselftest * total: 319 * pass: 143 * fail: 137 * skip: 39 * xfail: 0 ### juno-r2, kselftest * total: 281 * pass: 128 * fail: 117 * skip: 36 * xfail: 0 ### x86, kselftest * total: 314 * pass: 165 * fail: 116 * skip: 33 * xfail: 0 ### x86, kselftest-vsyscall-mode-native * total: 313 * pass: 168 * fail: 112 * skip: 33 * xfail: 0 ### x86, kselftest-vsyscall-mode-none * total: 313 * pass: 167 * fail: 112 * skip: 34 * xfail: 0 ## Environments * dragonboard-410c * hi6220-hikey * i386 * juno-r2 * juno-r2-compat * juno-r2-kasan * nxp-ls2088 * qemu_arm * qemu_arm64 * qemu_i386 * qemu_x86_64 * x15 * x86 * x86-kasan ## Suites * kselftest * kselftest-vsyscall-mode-native * kselftest-vsyscall-mode-none ## Failures ### hi6220-hikey, kselftest * bpf_test_verifier * bpf_test_tag * bpf_test_maps * bpf_test_lpm_map * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_kmod.sh * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tcp_check_syncookie.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test ### i386, kselftest * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_clear_sighand * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_cr4_cpuid_sync_test * kvm_evmcs_test * kvm_hyperv_cpuid * kvm_mmio_warning_test * kvm_platform_info_test * kvm_set_sregs_test * kvm_smm_test * kvm_state_test * kvm_vmx_preemption_timer_test * kvm_svm_vmcall_test * kvm_sync_regs_test * kvm_vmx_close_while_nested_test * kvm_vmx_dirty_log_test * kvm_vmx_set_nested_state_test * kvm_vmx_tsc_adjust_test * kvm_xss_msr_test * kvm_debug_regs * kvm_clear_dirty_log_test * kvm_demand_paging_test * kvm_dirty_log_test * kvm_kvm_create_max_vcpus * kvm_set_memory_region_test * kvm_steal_time * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * mincore_mincore_selftest * mqueue_mq_perf_tests * net_run_netsocktests * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_l2tp.sh * net_traceroute.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_test * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-self-syscall * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * vm_run_vmtests ### juno-r2, kselftest * bpf_test_verifier * bpf_test_tag * bpf_test_maps * bpf_test_lpm_map * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tcp_check_syncookie.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * cpufreq_main.sh * firmware_fw_run_tests.sh * ftrace_ftracetest * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * memory-hotplug_mem-on-off-test.sh * mincore_mincore_selftest * net_run_netsocktests * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_fib_rule_tests.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_tcp_fastopen_backup_key.sh * net_l2tp.sh * net_fib_nexthops.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_nat.sh * netfilter_conntrack_icmp_related.sh * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_test * pidfd_pidfd_fdinfo_test * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * sysctl_sysctl.sh * tc-testing_tdc.sh ### x86, kselftest * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_vmx_preemption_timer_test * kvm_debug_regs * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * mincore_mincore_selftest * mqueue_mq_perf_tests * net_run_netsocktests * net_xfrm_policy.sh * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_ip_defrag.sh * net_udpgso_bench.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_l2tp.sh * net_traceroute.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_read * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * vm_run_vmtests * x86_syscall_numbering_64 ### x86, kselftest-vsyscall-mode-native * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_debug_regs * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * mincore_mincore_selftest * mqueue_mq_perf_tests * net_run_netsocktests * net_xfrm_policy.sh * net_fib_tests.sh * net_pmtu.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_l2tp.sh * net_traceroute.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_test * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * vm_run_vmtests * x86_syscall_numbering_64 ### x86, kselftest-vsyscall-mode-none * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_debug_regs * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * mincore_mincore_selftest * mqueue_mq_perf_tests * net_run_netsocktests * net_xfrm_policy.sh * net_fib_tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_l2tp.sh * net_traceroute.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * vm_run_vmtests * x86_fsgsbase_64 * x86_syscall_numbering_64 ## Skips ### hi6220-hikey, kselftest * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh ### i386, kselftest * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * livepatch_test-livepatch.sh * livepatch_test-callbacks.sh * livepatch_test-shadow-vars.sh * livepatch_test-state.sh * livepatch_test-ftrace.sh * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * memory-hotplug_mem-on-off-test.sh * net_reuseport_bpf_numa * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * proc_proc-pid-vm * pstore_pstore_post_reboot_tests * tpm2_test_smoke.sh * tpm2_test_space.sh ### juno-r2, kselftest * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * intel_pstate_run.sh * ir_ir_loopback.sh * livepatch_test-livepatch.sh * livepatch_test-callbacks.sh * livepatch_test-shadow-vars.sh * livepatch_test-state.sh * livepatch_test-ftrace.sh * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * net_xfrm_policy.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * proc_proc-pid-vm * pstore_pstore_post_reboot_tests ### x86, kselftest * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * kvm_mmio_warning_test * kvm_svm_vmcall_test * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * pstore_pstore_post_reboot_tests * tpm2_test_smoke.sh * tpm2_test_space.sh ### x86, kselftest-vsyscall-mode-native * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * kvm_mmio_warning_test * kvm_svm_vmcall_test * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * pstore_pstore_post_reboot_tests * tpm2_test_smoke.sh * tpm2_test_space.sh ### x86, kselftest-vsyscall-mode-none * bpf_test_xdp_veth.sh * bpf_test_bpftool_metadata.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * kvm_mmio_warning_test * kvm_svm_vmcall_test * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * pstore_pstore_post_reboot_tests * tpm2_test_smoke.sh * tpm2_test_space.sh -- Linaro LKFT https://lkft.linaro.org

5 years, 1 month

1
0
0 0

[PATCH] selftests/harness: Flush stdout before forking

by Michael Ellerman

The test harness forks() a child to run each test. Both the parent and the child print to stdout using libc functions. That can lead to duplicated (or more) output if the libc buffers are not flushed before forking. It's generally not seen when running programs directly, because stdout will usually be line buffered when it's pointing to a terminal. This was noticed when running the seccomp_bpf test, eg: $ ./seccomp_bpf | tee test.log $ grep -c "TAP version 13" test.log 2 But we only expect the TAP header to appear once. It can be exacerbated using stdbuf to increase the buffer size: $ stdbuf -o 1MB ./seccomp_bpf > test.log $ grep -c "TAP version 13" test.log 13 The fix is simple, we just flush stdout & stderr before fork. Usually stderr is unbuffered, but that can be changed, so flush it as well just to be safe. Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> --- tools/testing/selftests/kselftest_harness.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/testing/selftests/kselftest_harness.h b/tools/testing/selftests/kselftest_harness.h index 4f78e4805633..f19804df244c 100644 --- a/tools/testing/selftests/kselftest_harness.h +++ b/tools/testing/selftests/kselftest_harness.h @@ -971,6 +971,11 @@ void __run_test(struct __fixture_metadata *f, ksft_print_msg(" RUN %s%s%s.%s ...\n", f->name, variant->name[0] ? "." : "", variant->name, t->name); + + /* Make sure output buffers are flushed before fork */ + fflush(stdout); + fflush(stderr); + t->pid = fork(); if (t->pid < 0) { ksft_print_msg("ERROR SPAWNING TEST CHILD\n"); -- 2.25.1

5 years, 1 month

4
7
0 0

[PATCH bpf-next v3 0/5] bpf: add MPTCP subflow support

by Nicolas Rybowski

Previously it was not possible to make a distinction between plain TCP sockets and MPTCP subflow sockets on the BPF_PROG_TYPE_SOCK_OPS hook. This patch series now enables a fine control of subflow sockets. In its current state, it allows to put different sockopt on each subflow from a same MPTCP connection (socket mark, TCP congestion algorithm, ...) using BPF programs. It should also be the basis of exposing MPTCP-specific fields through BPF. v2 -> v3: - minor modifications in new MPTCP selftests (Song). More details in patch notes. - rebase on latest bpf-next - the new is_mptcp field in bpf_tcp_sock is left as an __u32 to keep cohesion with the is_fullsock field from bpf_sock_ops. Also it seems easier with a __u32 on the verifier side. v1 -> v2: - add basic mandatory selftests for the new helper and is_mptcp field (Alexei) - rebase on latest bpf-next Nicolas Rybowski (5): bpf: expose is_mptcp flag to bpf_tcp_sock mptcp: attach subflow socket to parent cgroup bpf: add 'bpf_mptcp_sock' structure and helper bpf: selftests: add MPTCP test base bpf: selftests: add bpf_mptcp_sock() verifier tests include/linux/bpf.h | 33 +++++ include/uapi/linux/bpf.h | 15 +++ kernel/bpf/verifier.c | 30 +++++ net/core/filter.c | 13 +- net/mptcp/Makefile | 2 + net/mptcp/bpf.c | 72 +++++++++++ net/mptcp/subflow.c | 27 ++++ scripts/bpf_helpers_doc.py | 2 + tools/include/uapi/linux/bpf.h | 15 +++ tools/testing/selftests/bpf/config | 1 + tools/testing/selftests/bpf/network_helpers.c | 37 +++++- tools/testing/selftests/bpf/network_helpers.h | 3 + .../testing/selftests/bpf/prog_tests/mptcp.c | 118 ++++++++++++++++++ tools/testing/selftests/bpf/progs/mptcp.c | 48 +++++++ tools/testing/selftests/bpf/verifier/sock.c | 63 ++++++++++ 15 files changed, 473 insertions(+), 6 deletions(-) create mode 100644 net/mptcp/bpf.c create mode 100644 tools/testing/selftests/bpf/prog_tests/mptcp.c create mode 100644 tools/testing/selftests/bpf/progs/mptcp.c -- 2.28.0

5 years, 1 month

1
0
0 0

[PATCH bpf-next v3 5/5] bpf: selftests: add bpf_mptcp_sock() verifier tests

by Nicolas Rybowski

This patch adds verifier side tests for the new bpf_mptcp_sock() helper. Here are the new tests : - NULL bpf_sock is correctly handled - We cannot access a field from bpf_mptcp_sock if the latter is NULL - We can access a field from bpf_mptcp_sock if the latter is not NULL - We cannot modify a field from bpf_mptcp_sock. Note that "token" is currently the only field in bpf_mptcp_sock. Currently, there is no easy way to test the token field since we cannot get back the mptcp_sock in userspace, this could be a future amelioration. Acked-by: Matthieu Baerts <matthieu.baerts(a)tessares.net> Acked-by: Song Liu <songliubraving(a)fb.com> Signed-off-by: Nicolas Rybowski <nicolas.rybowski(a)tessares.net> --- Notes: v1 -> v2: - new patch: mandatory selftests (Alexei) tools/testing/selftests/bpf/verifier/sock.c | 63 +++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/tools/testing/selftests/bpf/verifier/sock.c b/tools/testing/selftests/bpf/verifier/sock.c index b1aac2641498..9ce7c7ec3b5e 100644 --- a/tools/testing/selftests/bpf/verifier/sock.c +++ b/tools/testing/selftests/bpf/verifier/sock.c @@ -631,3 +631,66 @@ .prog_type = BPF_PROG_TYPE_SK_REUSEPORT, .result = ACCEPT, }, +{ + "bpf_mptcp_sock(skops->sk): no !skops->sk check", + .insns = { + BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct bpf_sock_ops, sk)), + BPF_EMIT_CALL(BPF_FUNC_mptcp_sock), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_SOCK_OPS, + .result = REJECT, + .errstr = "type=sock_or_null expected=sock_common", +}, +{ + "bpf_mptcp_sock(skops->sk): no NULL check on ret", + .insns = { + BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct bpf_sock_ops, sk)), + BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + BPF_EMIT_CALL(BPF_FUNC_mptcp_sock), + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_mptcp_sock, token)), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_SOCK_OPS, + .result = REJECT, + .errstr = "invalid mem access 'mptcp_sock_or_null'", +}, +{ + "bpf_mptcp_sock(skops->sk): msk->token", + .insns = { + BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct bpf_sock_ops, sk)), + BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + BPF_EMIT_CALL(BPF_FUNC_mptcp_sock), + BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), + BPF_EXIT_INSN(), + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_mptcp_sock, token)), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_SOCK_OPS, + .result = ACCEPT, +}, +{ + "bpf_mptcp_sock(skops->sk): msk->token cannot be modified", + .insns = { + BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct bpf_sock_ops, sk)), + BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + BPF_EMIT_CALL(BPF_FUNC_mptcp_sock), + BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), + BPF_EXIT_INSN(), + BPF_ST_MEM(BPF_W, BPF_REG_0, offsetof(struct bpf_mptcp_sock, token), 0x2a), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_SOCK_OPS, + .result = REJECT, + .errstr = "cannot write into mptcp_sock", +}, -- 2.28.0

5 years, 1 month

1
0
0 0

[PATCH bpf-next v3 4/5] bpf: selftests: add MPTCP test base

by Nicolas Rybowski

This patch adds a base for MPTCP specific tests. It is currently limited to the is_mptcp field in case of plain TCP connection because for the moment there is no easy way to get the subflow sk from a msk in userspace. This implies that we cannot lookup the sk_storage attached to the subflow sk in the sockops program. Acked-by: Matthieu Baerts <matthieu.baerts(a)tessares.net> Acked-by: Song Liu <songliubraving(a)fb.com> Signed-off-by: Nicolas Rybowski <nicolas.rybowski(a)tessares.net> --- Notes: v2 -> v3: - remove useless close_client_fd label (Song) - remove error count increment (Song) v1 -> v2: - new patch: mandatory selftests (Alexei) tools/testing/selftests/bpf/config | 1 + tools/testing/selftests/bpf/network_helpers.c | 37 +++++- tools/testing/selftests/bpf/network_helpers.h | 3 + .../testing/selftests/bpf/prog_tests/mptcp.c | 118 ++++++++++++++++++ tools/testing/selftests/bpf/progs/mptcp.c | 48 +++++++ 5 files changed, 202 insertions(+), 5 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/mptcp.c create mode 100644 tools/testing/selftests/bpf/progs/mptcp.c diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/bpf/config index 2118e23ac07a..8377836ea976 100644 --- a/tools/testing/selftests/bpf/config +++ b/tools/testing/selftests/bpf/config @@ -39,3 +39,4 @@ CONFIG_BPF_JIT=y CONFIG_BPF_LSM=y CONFIG_SECURITY=y CONFIG_LIRC=y +CONFIG_MPTCP=y diff --git a/tools/testing/selftests/bpf/network_helpers.c b/tools/testing/selftests/bpf/network_helpers.c index 12ee40284da0..85cbb683965c 100644 --- a/tools/testing/selftests/bpf/network_helpers.c +++ b/tools/testing/selftests/bpf/network_helpers.c @@ -14,6 +14,10 @@ #include "bpf_util.h" #include "network_helpers.h" +#ifndef IPPROTO_MPTCP +#define IPPROTO_MPTCP 262 +#endif + #define clean_errno() (errno == 0 ? "None" : strerror(errno)) #define log_err(MSG, ...) ({ \ int __save = errno; \ @@ -66,8 +70,8 @@ static int settimeo(int fd, int timeout_ms) #define save_errno_close(fd) ({ int __save = errno; close(fd); errno = __save; }) -int start_server(int family, int type, const char *addr_str, __u16 port, - int timeout_ms) +static int start_server_proto(int family, int type, int protocol, + const char *addr_str, __u16 port, int timeout_ms) { struct sockaddr_storage addr = {}; socklen_t len; @@ -76,7 +80,7 @@ int start_server(int family, int type, const char *addr_str, __u16 port, if (make_sockaddr(family, addr_str, port, &addr, &len)) return -1; - fd = socket(family, type, 0); + fd = socket(family, type, protocol); if (fd < 0) { log_err("Failed to create server socket"); return -1; @@ -104,6 +108,19 @@ int start_server(int family, int type, const char *addr_str, __u16 port, return -1; } +int start_server(int family, int type, const char *addr_str, __u16 port, + int timeout_ms) +{ + return start_server_proto(family, type, 0, addr_str, port, timeout_ms); +} + +int start_mptcp_server(int family, const char *addr_str, __u16 port, + int timeout_ms) +{ + return start_server_proto(family, SOCK_STREAM, IPPROTO_MPTCP, addr_str, + port, timeout_ms); +} + int fastopen_connect(int server_fd, const char *data, unsigned int data_len, int timeout_ms) { @@ -153,7 +170,7 @@ static int connect_fd_to_addr(int fd, return 0; } -int connect_to_fd(int server_fd, int timeout_ms) +static int connect_to_fd_proto(int server_fd, int protocol, int timeout_ms) { struct sockaddr_storage addr; struct sockaddr_in *addr_in; @@ -173,7 +190,7 @@ int connect_to_fd(int server_fd, int timeout_ms) } addr_in = (struct sockaddr_in *)&addr; - fd = socket(addr_in->sin_family, type, 0); + fd = socket(addr_in->sin_family, type, protocol); if (fd < 0) { log_err("Failed to create client socket"); return -1; @@ -192,6 +209,16 @@ int connect_to_fd(int server_fd, int timeout_ms) return -1; } +int connect_to_fd(int server_fd, int timeout_ms) +{ + return connect_to_fd_proto(server_fd, 0, timeout_ms); +} + +int connect_to_mptcp_fd(int server_fd, int timeout_ms) +{ + return connect_to_fd_proto(server_fd, IPPROTO_MPTCP, timeout_ms); +} + int connect_fd_to_fd(int client_fd, int server_fd, int timeout_ms) { struct sockaddr_storage addr; diff --git a/tools/testing/selftests/bpf/network_helpers.h b/tools/testing/selftests/bpf/network_helpers.h index 7205f8afdba1..336423a789e9 100644 --- a/tools/testing/selftests/bpf/network_helpers.h +++ b/tools/testing/selftests/bpf/network_helpers.h @@ -35,7 +35,10 @@ extern struct ipv6_packet pkt_v6; int start_server(int family, int type, const char *addr, __u16 port, int timeout_ms); +int start_mptcp_server(int family, const char *addr, __u16 port, + int timeout_ms); int connect_to_fd(int server_fd, int timeout_ms); +int connect_to_mptcp_fd(int server_fd, int timeout_ms); int connect_fd_to_fd(int client_fd, int server_fd, int timeout_ms); int fastopen_connect(int server_fd, const char *data, unsigned int data_len, int timeout_ms); diff --git a/tools/testing/selftests/bpf/prog_tests/mptcp.c b/tools/testing/selftests/bpf/prog_tests/mptcp.c new file mode 100644 index 000000000000..9accf2cfce36 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/mptcp.c @@ -0,0 +1,118 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <test_progs.h> +#include "cgroup_helpers.h" +#include "network_helpers.h" + +struct mptcp_storage { + __u32 invoked; + __u32 is_mptcp; +}; + +static int verify_sk(int map_fd, int client_fd, const char *msg, __u32 is_mptcp) +{ + int err = 0, cfd = client_fd; + struct mptcp_storage val; + + /* Currently there is no easy way to get back the subflow sk from the MPTCP + * sk, thus we cannot access here the sk_storage associated to the subflow + * sk. Also, there is no sk_storage associated with the MPTCP sk since it + * does not trigger sockops events. + * We silently pass this situation at the moment. + */ + if (is_mptcp == 1) + return 0; + + if (CHECK_FAIL(bpf_map_lookup_elem(map_fd, &cfd, &val) < 0)) { + perror("Failed to read socket storage"); + return -1; + } + + if (val.invoked != 1) { + log_err("%s: unexpected invoked count %d != %d", + msg, val.invoked, 1); + err++; + } + + if (val.is_mptcp != is_mptcp) { + log_err("%s: unexpected bpf_tcp_sock.is_mptcp %d != %d", + msg, val.is_mptcp, is_mptcp); + err++; + } + + return err; +} + +static int run_test(int cgroup_fd, int server_fd, bool is_mptcp) +{ + int client_fd, prog_fd, map_fd, err; + struct bpf_object *obj; + struct bpf_map *map; + + struct bpf_prog_load_attr attr = { + .prog_type = BPF_PROG_TYPE_SOCK_OPS, + .file = "./mptcp.o", + .expected_attach_type = BPF_CGROUP_SOCK_OPS, + }; + + err = bpf_prog_load_xattr(&attr, &obj, &prog_fd); + if (err) { + log_err("Failed to load BPF object"); + return -1; + } + + map = bpf_map__next(NULL, obj); + map_fd = bpf_map__fd(map); + + err = bpf_prog_attach(prog_fd, cgroup_fd, BPF_CGROUP_SOCK_OPS, 0); + if (err) { + log_err("Failed to attach BPF program"); + goto close_bpf_object; + } + + client_fd = is_mptcp ? connect_to_mptcp_fd(server_fd, 0) : + connect_to_fd(server_fd, 0); + if (client_fd < 0) { + err = -1; + goto close_bpf_object; + } + + err = is_mptcp ? verify_sk(map_fd, client_fd, "MPTCP subflow socket", 1) : + verify_sk(map_fd, client_fd, "plain TCP socket", 0); + + close(client_fd); + +close_bpf_object: + bpf_object__close(obj); + return err; +} + +void test_mptcp(void) +{ + int server_fd, cgroup_fd; + + cgroup_fd = test__join_cgroup("/mptcp"); + if (CHECK_FAIL(cgroup_fd < 0)) + return; + + /* without MPTCP */ + server_fd = start_server(AF_INET, SOCK_STREAM, NULL, 0, 0); + if (CHECK_FAIL(server_fd < 0)) + goto with_mptcp; + + CHECK_FAIL(run_test(cgroup_fd, server_fd, false)); + + close(server_fd); + +with_mptcp: + /* with MPTCP */ + server_fd = start_mptcp_server(AF_INET, NULL, 0, 0); + if (CHECK_FAIL(server_fd < 0)) + goto close_cgroup_fd; + + CHECK_FAIL(run_test(cgroup_fd, server_fd, true)); + + close(server_fd); + +close_cgroup_fd: + close(cgroup_fd); +} diff --git a/tools/testing/selftests/bpf/progs/mptcp.c b/tools/testing/selftests/bpf/progs/mptcp.c new file mode 100644 index 000000000000..be5ee8dac2b3 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/mptcp.c @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <linux/bpf.h> +#include <bpf/bpf_helpers.h> + +char _license[] SEC("license") = "GPL"; +__u32 _version SEC("version") = 1; + +struct mptcp_storage { + __u32 invoked; + __u32 is_mptcp; +}; + +struct { + __uint(type, BPF_MAP_TYPE_SK_STORAGE); + __uint(map_flags, BPF_F_NO_PREALLOC); + __type(key, int); + __type(value, struct mptcp_storage); +} socket_storage_map SEC(".maps"); + +SEC("sockops") +int _sockops(struct bpf_sock_ops *ctx) +{ + struct mptcp_storage *storage; + struct bpf_tcp_sock *tcp_sk; + int op = (int)ctx->op; + struct bpf_sock *sk; + + sk = ctx->sk; + if (!sk) + return 1; + + storage = bpf_sk_storage_get(&socket_storage_map, sk, 0, + BPF_SK_STORAGE_GET_F_CREATE); + if (!storage) + return 1; + + if (op != BPF_SOCK_OPS_TCP_CONNECT_CB) + return 1; + + tcp_sk = bpf_tcp_sock(sk); + if (!tcp_sk) + return 1; + + storage->invoked++; + storage->is_mptcp = tcp_sk->is_mptcp; + + return 1; +} -- 2.28.0

5 years, 1 month

1
0
0 0

[PATCH] selftests/seccomp: fix ptrace tests on powerpc

by Thadeu Lima de Souza Cascardo

As pointed out by Michael Ellerman, the ptrace ABI on powerpc does not allow or require the return code to be set on syscall entry when skipping the syscall. It will always return ENOSYS and the return code must be set on syscall exit. This code does that, behaving more similarly to strace. It still sets the return code on entry, which is overridden on powerpc, and it will always repeat the same on exit. Also, on powerpc, the errno is not inverted, and depends on ccr.so being set. This has been tested on powerpc and amd64. Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Kees Cook <keescook(a)google.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> --- tools/testing/selftests/seccomp/seccomp_bpf.c | 24 +++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 252140a52553..b90a9190ba88 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -1738,6 +1738,14 @@ void change_syscall(struct __test_metadata *_metadata, TH_LOG("Can't modify syscall return on this architecture"); #else regs.SYSCALL_RET = result; +# if defined(__powerpc__) + if (result < 0) { + regs.SYSCALL_RET = -result; + regs.ccr |= 0x10000000; + } else { + regs.ccr &= ~0x10000000; + } +# endif #endif #ifdef HAVE_GETREGS @@ -1796,6 +1804,7 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee, int ret, nr; unsigned long msg; static bool entry; + int *syscall_nr = args; /* * The traditional way to tell PTRACE_SYSCALL entry/exit @@ -1809,10 +1818,15 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee, EXPECT_EQ(entry ? PTRACE_EVENTMSG_SYSCALL_ENTRY : PTRACE_EVENTMSG_SYSCALL_EXIT, msg); - if (!entry) + if (!entry && !syscall_nr) return; - nr = get_syscall(_metadata, tracee); + if (entry) + nr = get_syscall(_metadata, tracee); + else + nr = *syscall_nr; + if (syscall_nr) + *syscall_nr = nr; if (nr == __NR_getpid) change_syscall(_metadata, tracee, __NR_getppid, 0); @@ -1889,9 +1903,10 @@ TEST_F(TRACE_syscall, ptrace_syscall_redirected) TEST_F(TRACE_syscall, ptrace_syscall_errno) { + int syscall_nr = -1; /* Swap SECCOMP_RET_TRACE tracer for PTRACE_SYSCALL tracer. */ teardown_trace_fixture(_metadata, self->tracer); - self->tracer = setup_trace_fixture(_metadata, tracer_ptrace, NULL, + self->tracer = setup_trace_fixture(_metadata, tracer_ptrace, &syscall_nr, true); /* Tracer should skip the open syscall, resulting in ESRCH. */ @@ -1900,9 +1915,10 @@ TEST_F(TRACE_syscall, ptrace_syscall_errno) TEST_F(TRACE_syscall, ptrace_syscall_faked) { + int syscall_nr = -1; /* Swap SECCOMP_RET_TRACE tracer for PTRACE_SYSCALL tracer. */ teardown_trace_fixture(_metadata, self->tracer); - self->tracer = setup_trace_fixture(_metadata, tracer_ptrace, NULL, + self->tracer = setup_trace_fixture(_metadata, tracer_ptrace, &syscall_nr, true); /* Tracer should skip the gettid syscall, resulting fake pid. */ -- 2.25.1

5 years, 1 month

3
6
0 0

[PATCH net-next] selftests: mptcp: interpret \n as a new line

by Matthieu Baerts

In case of errors, this message was printed: (...) # read: Resource temporarily unavailable # client exit code 0, server 3 # \nnetns ns1-0-BJlt5D socket stat for 10003: (...) Obviously, the idea was to add a new line before the socket stat and not print "\nnetns". Fixes: b08fbf241064 ("selftests: add test-cases for MPTCP MP_JOIN") Fixes: 048d19d444be ("mptcp: add basic kselftest for mptcp") Signed-off-by: Matthieu Baerts <matthieu.baerts(a)tessares.net> --- Notes: This commit improves the output in selftests in case of errors, mostly seen when modifying MPTCP code. The selftests behaviour is not changed. That's why this patch is proposed only for net-next. tools/testing/selftests/net/mptcp/mptcp_connect.sh | 4 ++-- tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/net/mptcp/mptcp_connect.sh b/tools/testing/selftests/net/mptcp/mptcp_connect.sh index e4df9ba64824..2cfd87d94db8 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_connect.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_connect.sh @@ -443,9 +443,9 @@ do_transfer() duration=$(printf "(duration %05sms)" $duration) if [ ${rets} -ne 0 ] || [ ${retc} -ne 0 ]; then echo "$duration [ FAIL ] client exit code $retc, server $rets" 1>&2 - echo "\nnetns ${listener_ns} socket stat for $port:" 1>&2 + echo -e "\nnetns ${listener_ns} socket stat for ${port}:" 1>&2 ip netns exec ${listener_ns} ss -nita 1>&2 -o "sport = :$port" - echo "\nnetns ${connector_ns} socket stat for $port:" 1>&2 + echo -e "\nnetns ${connector_ns} socket stat for ${port}:" 1>&2 ip netns exec ${connector_ns} ss -nita 1>&2 -o "dport = :$port" cat "$capout" diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index f39c1129ce5f..c2943e4dfcfe 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -176,9 +176,9 @@ do_transfer() if [ ${rets} -ne 0 ] || [ ${retc} -ne 0 ]; then echo " client exit code $retc, server $rets" 1>&2 - echo "\nnetns ${listener_ns} socket stat for $port:" 1>&2 + echo -e "\nnetns ${listener_ns} socket stat for ${port}:" 1>&2 ip netns exec ${listener_ns} ss -nita 1>&2 -o "sport = :$port" - echo "\nnetns ${connector_ns} socket stat for $port:" 1>&2 + echo -e "\nnetns ${connector_ns} socket stat for ${port}:" 1>&2 ip netns exec ${connector_ns} ss -nita 1>&2 -o "dport = :$port" cat "$capout" -- 2.27.0

5 years, 1 month

3
2
0 0

Re: [REGRESSION] kselftest: next-20200915

by Shuah Khan

On 9/15/20 11:52 AM, Justin Cook wrote: > Hello, > > Linaro had previously been sending out a report based on our testing of > the linux kernel using kselftest. We paused sending that report to fix a > few issues. We are now continuing the process, starting with this report. > > If you have any questions, comments, feedback, or concerns please email > lkft(a)linaro.org <mailto:lkft@linaro.org>. > > Thanks, > > Justin > Hi Justin, Thanks for the report. It would be nice to see the reports. However, it is hard for me to determine which tests failed and why. > On Tue, 15 Sep 2020 at 12:44, LKFT <lkft(a)linaro.org > <mailto:lkft@linaro.org>> wrote: > > ## Kernel > * kernel: 5.9.0-rc5 > * git repo: > ['https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git', > 'https://gitlab.com/Linaro/lkft/mirrors/next/linux-next'] > * git branch: master > * git commit: 6b02addb1d1748d21dd1261e46029b264be4e5a0 > * git describe: next-20200915 > * Test details: > https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20200915 > > ## Regressions (compared to build next-20200914) > > juno-r2: > kselftest: > * memfd_memfd_test > > x86: > kselftest-vsyscall-mode-native: > * kvm_vmx_preemption_timer_test I looked for the above two failures to start with since these are regressions and couldn't find them. Are the regressions tied to new commits in linux-next from the mm and kvm trees? thanks, -- Shuah

5 years, 1 month

2
2
0 0

[REGRESSION] kselftest: next-20200916

by LKFT

## Kernel * kernel: 5.9.0-rc5 * git repo: ['https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git', 'https://gitlab.com/Linaro/lkft/mirrors/next/linux-next'] * git branch: master * git commit: 5fa35f247b563a7893f3f68f19d00ace2ccf3dff * git describe: next-20200916 * Test details: https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20200916 ## Regressions (compared to build next-20200915) x86: kselftest-vsyscall-mode-none: * kvm_vmx_preemption_timer_test kselftest: * kvm_vmx_preemption_timer_test ## Fixes (compared to build next-20200915) x86: kselftest-vsyscall-mode-native: * cgroup_test_freezer * kvm_vmx_preemption_timer_test ## Summary ### i386, kselftest * total: 294 * pass: 123 * fail: 133 * skip: 38 * xfail: 0 ### x86, kselftest * total: 312 * pass: 167 * fail: 112 * skip: 33 * xfail: 0 ### x86, kselftest-vsyscall-mode-native * total: 313 * pass: 165 * fail: 115 * skip: 33 * xfail: 0 ### x86, kselftest-vsyscall-mode-none * total: 310 * pass: 166 * fail: 111 * skip: 33 * xfail: 0 ## Environments * dragonboard-410c * hi6220-hikey * i386 * juno-r2 * juno-r2-compat * juno-r2-kasan * nxp-ls2088 * qemu_arm * qemu_arm64 * qemu_i386 * qemu_x86_64 * x15 * x86 * x86-kasan ## Suites * kselftest * kselftest-vsyscall-mode-native * kselftest-vsyscall-mode-none ## Failures ### i386, kselftest * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_clear_sighand * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_cr4_cpuid_sync_test * kvm_evmcs_test * kvm_hyperv_cpuid * kvm_mmio_warning_test * kvm_platform_info_test * kvm_set_sregs_test * kvm_smm_test * kvm_state_test * kvm_vmx_preemption_timer_test * kvm_svm_vmcall_test * kvm_sync_regs_test * kvm_vmx_close_while_nested_test * kvm_vmx_dirty_log_test * kvm_vmx_set_nested_state_test * kvm_vmx_tsc_adjust_test * kvm_xss_msr_test * kvm_debug_regs * kvm_clear_dirty_log_test * kvm_demand_paging_test * kvm_dirty_log_test * kvm_kvm_create_max_vcpus * kvm_set_memory_region_test * kvm_steal_time * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * mincore_mincore_selftest * mqueue_mq_perf_tests * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_l2tp.sh * net_traceroute.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-self-syscall * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh ### x86, kselftest * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_debug_regs * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * mincore_mincore_selftest * mqueue_mq_perf_tests * net_xfrm_policy.sh * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_l2tp.sh * net_traceroute.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * vm_run_vmtests * x86_syscall_numbering_64 ### x86, kselftest-vsyscall-mode-native * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * cgroup_test_freezer * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_vmx_preemption_timer_test * kvm_debug_regs * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * mincore_mincore_selftest * mqueue_mq_perf_tests * net_run_netsocktests * net_xfrm_policy.sh * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_psock_snd.sh * net_test_vxlan_under_vrf.sh * net_l2tp.sh * net_traceroute.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * rtc_rtctest * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * vm_run_vmtests * x86_syscall_numbering_64 ### x86, kselftest-vsyscall-mode-none * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_debug_regs * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh * mincore_mincore_selftest * mqueue_mq_perf_tests * net_run_netsocktests * net_xfrm_policy.sh * net_fib_tests.sh * net_fib-onlink-tests.sh * net_pmtu.sh * net_udpgso_bench.sh * net_test_vxlan_under_vrf.sh * net_l2tp.sh * net_traceroute.sh * net_altnames.sh * net_icmp_redirect.sh * net_txtimestamp.sh * net_vrf-xfrm-tests.sh * net_devlink_port_split.py * netfilter_nft_concat_range.sh * netfilter_nft_queue.sh * pidfd_pidfd_open_test * pidfd_pidfd_poll_test * proc_proc-fsconfig-hidepid * pstore_pstore_tests * ptrace_vmaccess * openat2_openat2_test * openat2_resolve_test * openat2_rename_attack_test * seccomp_seccomp_bpf * seccomp_seccomp_benchmark * splice_short_splice_read.sh * vm_run_vmtests * x86_syscall_numbering_64 ## Skips ### i386, kselftest * bpf_test_xdp_veth.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * livepatch_test-livepatch.sh * livepatch_test-callbacks.sh * livepatch_test-shadow-vars.sh * livepatch_test-state.sh * livepatch_test-ftrace.sh * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * memory-hotplug_mem-on-off-test.sh * net_reuseport_bpf_numa * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * proc_proc-pid-vm * pstore_pstore_post_reboot_tests * tpm2_test_smoke.sh * tpm2_test_space.sh ### x86, kselftest * bpf_test_xdp_veth.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * kvm_mmio_warning_test * kvm_svm_vmcall_test * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * pstore_pstore_post_reboot_tests * tpm2_test_smoke.sh * tpm2_test_space.sh ### x86, kselftest-vsyscall-mode-native * bpf_test_xdp_veth.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * kvm_mmio_warning_test * kvm_svm_vmcall_test * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * pstore_pstore_post_reboot_tests * tpm2_test_smoke.sh * tpm2_test_space.sh ### x86, kselftest-vsyscall-mode-none * bpf_test_xdp_veth.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * kvm_mmio_warning_test * kvm_svm_vmcall_test * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh * netfilter_ipvs.sh * netfilter_nft_conntrack_helper.sh * netfilter_nft_meta.sh * pstore_pstore_post_reboot_tests * tpm2_test_smoke.sh * tpm2_test_space.sh -- Linaro LKFT https://lkft.linaro.org

5 years, 1 month

1
0
0 0

[PATCH v2 0/4] kselftests/arm64: add PAuth tests

by Boyan Karatotev

Pointer Authentication (PAuth) is a security feature introduced in ARMv8.3. It introduces instructions to sign addresses and later check for potential corruption using a second modifier value and one of a set of keys. The signature, in the form of the Pointer Authentication Code (PAC), is stored in some of the top unused bits of the virtual address (e.g. [54: 49] if TBID0 is enabled and TnSZ is set to use a 48 bit VA space). A set of controls are present to enable/disable groups of instructions (which use certain keys) for compatibility with libraries that do not utilize the feature. PAuth is used to verify the integrity of return addresses on the stack with less memory than the stack canary. This patchset adds kselftests to verify the kernel's configuration of the feature and its runtime behaviour. There are 7 tests which verify that: * an authentication failure leads to a SIGSEGV * the data/instruction instruction groups are enabled * the generic instructions are enabled * all 5 keys are unique for a single thread * exec() changes all keys to new unique ones * context switching preserves the 4 data/instruction keys * context switching preserves the generic keys The tests have been verified to work on qemu without a working PAUTH Implementation and on ARM's FVP with a full or partial PAuth implementation. Changes in v2: * remove extra lines at end of files * Patch 1: "kselftests: add a basic arm64 Pointer Authentication test" * add checks for a compatible compiler in Makefile * Patch 4: "kselftests: add PAuth tests for single threaded consistency and key uniqueness" * rephrase comment for clarity in pac.c Cc: Shuah Khan <shuah(a)kernel.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Reviewed-by: Vincenzo Frascino <Vincenzo.Frascino(a)arm.com> Reviewed-by: Amit Daniel Kachhap <amit.kachhap(a)arm.com> Signed-off-by: Boyan Karatotev <boyan.karatotev(a)arm.com> Boyan Karatotev (4): kselftests/arm64: add a basic Pointer Authentication test kselftests/arm64: add nop checks for PAuth tests kselftests/arm64: add PAuth test for whether exec() changes keys kselftests/arm64: add PAuth tests for single threaded consistency and key uniqueness tools/testing/selftests/arm64/Makefile | 2 +- .../testing/selftests/arm64/pauth/.gitignore | 2 + tools/testing/selftests/arm64/pauth/Makefile | 39 ++ .../selftests/arm64/pauth/exec_target.c | 35 ++ tools/testing/selftests/arm64/pauth/helper.c | 40 ++ tools/testing/selftests/arm64/pauth/helper.h | 29 ++ tools/testing/selftests/arm64/pauth/pac.c | 348 ++++++++++++++++++ .../selftests/arm64/pauth/pac_corruptor.S | 35 ++ 8 files changed, 529 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/arm64/pauth/.gitignore create mode 100644 tools/testing/selftests/arm64/pauth/Makefile create mode 100644 tools/testing/selftests/arm64/pauth/exec_target.c create mode 100644 tools/testing/selftests/arm64/pauth/helper.c create mode 100644 tools/testing/selftests/arm64/pauth/helper.h create mode 100644 tools/testing/selftests/arm64/pauth/pac.c create mode 100644 tools/testing/selftests/arm64/pauth/pac_corruptor.S -- 2.17.1

5 years, 1 month

7
12
0 0

Re: [patch 00/13] preempt: Make preempt count unconditional

by Matthew Wilcox

On Mon, Sep 14, 2020 at 11:55:24PM +0200, Thomas Gleixner wrote: > But just look at any check which uses preemptible(), especially those > which check !preemptible(): hmm. +++ b/include/linux/preempt.h @@ -180,7 +180,9 @@ do { \ #define preempt_enable_no_resched() sched_preempt_enable_no_resched() +#ifndef MODULE #define preemptible() (preempt_count() == 0 && !irqs_disabled()) +#endif #ifdef CONFIG_PREEMPTION #define preempt_enable() \ $ git grep -w preemptible drivers (slightly trimmed by hand to remove, eg, comments) drivers/firmware/arm_sdei.c: WARN_ON_ONCE(preemptible()); drivers/firmware/arm_sdei.c: WARN_ON_ONCE(preemptible()); drivers/firmware/arm_sdei.c: WARN_ON_ONCE(preemptible()); drivers/firmware/arm_sdei.c: WARN_ON_ONCE(preemptible()); drivers/firmware/arm_sdei.c: WARN_ON(preemptible()); drivers/firmware/efi/efi-pstore.c: preemptible(), record->size, record->psi->buf); drivers/irqchip/irq-gic-v4.c: WARN_ON(preemptible()); drivers/irqchip/irq-gic-v4.c: WARN_ON(preemptible()); drivers/scsi/hisi_sas/hisi_sas_main.c: if (!preemptible()) drivers/xen/time.c: BUG_ON(preemptible()); That only looks like two drivers that need more than WARNectomies. Although maybe rcu_read_load_sched_held() or rcu_read_lock_any_held() might get called from a module ...

5 years, 1 month

2
1
0 0

[PATCH 0/4] kselftests/arm64: add PAuth tests

by Boyan Karatotev

Pointer Authentication (PAuth) is a security feature introduced in ARMv8.3. It introduces instructions to sign addresses and later check for potential corruption using a second modifier value and one of a set of keys. The signature, in the form of the Pointer Authentication Code (PAC), is stored in some of the top unused bits of the virtual address (e.g. [54: 49] if TBID0 is enabled and TnSZ is set to use a 48 bit VA space). A set of controls are present to enable/disable groups of instructions (which use certain keys) for compatibility with libraries that do not utilize the feature. PAuth is used to verify the integrity of return addresses on the stack with less memory than the stack canary. This patchset adds kselftests to verify the kernel's configuration of the feature and its runtime behaviour. There are 7 tests which verify that: * an authentication failure leads to a SIGSEGV * the data/instruction instruction groups are enabled * the generic instructions are enabled * all 5 keys are unique for a single thread * exec() changes all keys to new unique ones * context switching preserves the 4 data/instruction keys * context switching preserves the generic keys The tests have been verified to work on qemu without a working PAUTH Implementation and on ARM's FVP with a full or partial PAuth implementation. Note: This patchset is only verified for ARMv8.3 and there will be some changes required for ARMv8.6. More details can be found here [1]. Once ARMv8.6 PAuth is merged the first test in this series will required to be updated. [1] https://lore.kernel.org/linux-arm-kernel/1597734671-23407-1-git-send-email-… Cc: Shuah Khan <shuah(a)kernel.org> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Signed-off-by: Boyan Karatotev <boyan.karatotev(a)arm.com> Boyan Karatotev (4): kselftests/arm64: add a basic Pointer Authentication test kselftests/arm64: add nop checks for PAuth tests kselftests/arm64: add PAuth test for whether exec() changes keys kselftests/arm64: add PAuth tests for single threaded consistency and key uniqueness tools/testing/selftests/arm64/Makefile | 2 +- .../testing/selftests/arm64/pauth/.gitignore | 2 + tools/testing/selftests/arm64/pauth/Makefile | 29 ++ .../selftests/arm64/pauth/exec_target.c | 35 ++ tools/testing/selftests/arm64/pauth/helper.c | 41 +++ tools/testing/selftests/arm64/pauth/helper.h | 30 ++ tools/testing/selftests/arm64/pauth/pac.c | 347 ++++++++++++++++++ .../selftests/arm64/pauth/pac_corruptor.S | 36 ++ 8 files changed, 521 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/arm64/pauth/.gitignore create mode 100644 tools/testing/selftests/arm64/pauth/Makefile create mode 100644 tools/testing/selftests/arm64/pauth/exec_target.c create mode 100644 tools/testing/selftests/arm64/pauth/helper.c create mode 100644 tools/testing/selftests/arm64/pauth/helper.h create mode 100644 tools/testing/selftests/arm64/pauth/pac.c create mode 100644 tools/testing/selftests/arm64/pauth/pac_corruptor.S -- 2.17.1

5 years, 1 month

5
23
0 0

[PATCH v20 00/12] Landlock LSM

by Mickaël Salaün

Hi, This new patch series mainly replace the landlock(2) command multiplexor with 4 new dedicated syscalls: * landlock_get_features(2) * landlock_create_ruleset(2) * landlock_add_rule(2) * landlock_enforce_ruleset(2) The SLOC count is 1264 for security/landlock/ and 1712 for tools/testing/selftest/landlock/ . Test coverage for security/landlock/ is 93.6% of lines. The code not covered only deals with internal kernel errors (e.g. memory allocation) and race conditions. The compiled documentation is available here: https://landlock.io/linux-doc/landlock-v20/security/landlock/index.html This series can be applied on top of v5.8-rc4 . This can be tested with CONFIG_SECURITY_LANDLOCK and CONFIG_SAMPLE_LANDLOCK. This patch series can be found in a Git repository here: https://github.com/landlock-lsm/linux/commits/landlock-v20 I would really appreciate constructive comments on this patch series. # Landlock LSM The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM [1], it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user-space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves. Landlock is inspired by seccomp-bpf but instead of filtering syscalls and their raw arguments, a Landlock rule can restrict the use of kernel objects like file hierarchies, according to the kernel semantic. Landlock also takes inspiration from other OS sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD Pledge/Unveil. In this current form, Landlock misses some access-control features. This enables to minimize this patch series and ease review. This series still addresses multiple use cases, especially with the combined use of seccomp-bpf: applications with built-in sandboxing, init systems, security sandbox tools and security-oriented APIs [2]. Previous version: https://lore.kernel.org/lkml/20200707180955.53024-1-mic@digikod.net/ [1] https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler… [2] https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.n… Casey Schaufler (1): LSM: Infrastructure management of the superblock Mickaël Salaün (11): landlock: Add object management landlock: Add ruleset and domain management landlock: Set up the security framework and manage credentials landlock: Add ptrace restrictions fs,security: Add sb_delete hook landlock: Support filesystem access-control landlock: Add syscall implementations arch: Wire up Landlock syscalls selftests/landlock: Add initial tests samples/landlock: Add a sandbox manager example landlock: Add user and kernel documentation Documentation/security/index.rst | 1 + Documentation/security/landlock/index.rst | 18 + Documentation/security/landlock/kernel.rst | 69 + Documentation/security/landlock/user.rst | 271 +++ MAINTAINERS | 11 + arch/Kconfig | 7 + arch/alpha/kernel/syscalls/syscall.tbl | 4 + arch/arm/tools/syscall.tbl | 4 + arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 8 + arch/ia64/kernel/syscalls/syscall.tbl | 4 + arch/m68k/kernel/syscalls/syscall.tbl | 4 + arch/microblaze/kernel/syscalls/syscall.tbl | 4 + arch/mips/kernel/syscalls/syscall_n32.tbl | 4 + arch/mips/kernel/syscalls/syscall_n64.tbl | 4 + arch/mips/kernel/syscalls/syscall_o32.tbl | 4 + arch/parisc/kernel/syscalls/syscall.tbl | 4 + arch/powerpc/kernel/syscalls/syscall.tbl | 4 + arch/s390/kernel/syscalls/syscall.tbl | 4 + arch/sh/kernel/syscalls/syscall.tbl | 4 + arch/sparc/kernel/syscalls/syscall.tbl | 4 + arch/um/Kconfig | 1 + arch/x86/entry/syscalls/syscall_32.tbl | 4 + arch/x86/entry/syscalls/syscall_64.tbl | 4 + arch/xtensa/kernel/syscalls/syscall.tbl | 4 + fs/super.c | 1 + include/linux/lsm_hook_defs.h | 1 + include/linux/lsm_hooks.h | 3 + include/linux/security.h | 4 + include/linux/syscalls.h | 8 + include/uapi/asm-generic/unistd.h | 10 +- include/uapi/linux/landlock.h | 209 ++ kernel/sys_ni.c | 6 + samples/Kconfig | 7 + samples/Makefile | 1 + samples/landlock/.gitignore | 1 + samples/landlock/Makefile | 15 + samples/landlock/sandboxer.c | 248 +++ security/Kconfig | 11 +- security/Makefile | 2 + security/landlock/Kconfig | 18 + security/landlock/Makefile | 4 + security/landlock/common.h | 20 + security/landlock/cred.c | 46 + security/landlock/cred.h | 58 + security/landlock/fs.c | 609 ++++++ security/landlock/fs.h | 60 + security/landlock/object.c | 66 + security/landlock/object.h | 91 + security/landlock/ptrace.c | 120 ++ security/landlock/ptrace.h | 14 + security/landlock/ruleset.c | 342 ++++ security/landlock/ruleset.h | 157 ++ security/landlock/setup.c | 40 + security/landlock/setup.h | 18 + security/landlock/syscall.c | 571 ++++++ security/security.c | 51 +- security/selinux/hooks.c | 58 +- security/selinux/include/objsec.h | 6 + security/selinux/ss/services.c | 3 +- security/smack/smack.h | 6 + security/smack/smack_lsm.c | 35 +- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/landlock/.gitignore | 2 + tools/testing/selftests/landlock/Makefile | 29 + tools/testing/selftests/landlock/base_test.c | 154 ++ tools/testing/selftests/landlock/common.h | 122 ++ tools/testing/selftests/landlock/config | 5 + tools/testing/selftests/landlock/fs_test.c | 1698 +++++++++++++++++ .../testing/selftests/landlock/ptrace_test.c | 310 +++ tools/testing/selftests/landlock/true.c | 5 + 71 files changed, 5621 insertions(+), 77 deletions(-) create mode 100644 Documentation/security/landlock/index.rst create mode 100644 Documentation/security/landlock/kernel.rst create mode 100644 Documentation/security/landlock/user.rst create mode 100644 include/uapi/linux/landlock.h create mode 100644 samples/landlock/.gitignore create mode 100644 samples/landlock/Makefile create mode 100644 samples/landlock/sandboxer.c create mode 100644 security/landlock/Kconfig create mode 100644 security/landlock/Makefile create mode 100644 security/landlock/common.h create mode 100644 security/landlock/cred.c create mode 100644 security/landlock/cred.h create mode 100644 security/landlock/fs.c create mode 100644 security/landlock/fs.h create mode 100644 security/landlock/object.c create mode 100644 security/landlock/object.h create mode 100644 security/landlock/ptrace.c create mode 100644 security/landlock/ptrace.h create mode 100644 security/landlock/ruleset.c create mode 100644 security/landlock/ruleset.h create mode 100644 security/landlock/setup.c create mode 100644 security/landlock/setup.h create mode 100644 security/landlock/syscall.c create mode 100644 tools/testing/selftests/landlock/.gitignore create mode 100644 tools/testing/selftests/landlock/Makefile create mode 100644 tools/testing/selftests/landlock/base_test.c create mode 100644 tools/testing/selftests/landlock/common.h create mode 100644 tools/testing/selftests/landlock/config create mode 100644 tools/testing/selftests/landlock/fs_test.c create mode 100644 tools/testing/selftests/landlock/ptrace_test.c create mode 100644 tools/testing/selftests/landlock/true.c -- 2.28.0.rc2

5 years, 2 months

3
18
0 0

Re: [patch 08/13] sched: Clenaup PREEMPT_COUNT leftovers

by Valentin Schneider

On 14/09/20 21:42, Thomas Gleixner wrote: > CONFIG_PREEMPT_COUNT is now unconditionally enabled and will be > removed. Cleanup the leftovers before doing so. > > Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> > Cc: Ingo Molnar <mingo(a)redhat.com> > Cc: Peter Zijlstra <peterz(a)infradead.org> > Cc: Juri Lelli <juri.lelli(a)redhat.com> > Cc: Vincent Guittot <vincent.guittot(a)linaro.org> > Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com> > Cc: Steven Rostedt <rostedt(a)goodmis.org> > Cc: Ben Segall <bsegall(a)google.com> > Cc: Mel Gorman <mgorman(a)suse.de> > Cc: Daniel Bristot de Oliveira <bristot(a)redhat.com> Small nit below; Reviewed-by: Valentin Schneider <valentin.schneider(a)arm.com> > --- > kernel/sched/core.c | 6 +----- > lib/Kconfig.debug | 1 - > 2 files changed, 1 insertion(+), 6 deletions(-) > > --- a/kernel/sched/core.c > +++ b/kernel/sched/core.c > @@ -3706,8 +3706,7 @@ asmlinkage __visible void schedule_tail( > * finish_task_switch() for details. > * > * finish_task_switch() will drop rq->lock() and lower preempt_count > - * and the preempt_enable() will end up enabling preemption (on > - * PREEMPT_COUNT kernels). I suppose this wanted to be s/PREEMPT_COUNT/PREEMPT/ in the first place, which ought to be still relevant. > + * and the preempt_enable() will end up enabling preemption. > */ > > rq = finish_task_switch(prev);

5 years, 2 months

1
0
0 0

Re: [patch 03/13] preempt: Clenaup PREEMPT_COUNT leftovers

by Valentin Schneider

On 14/09/20 21:42, Thomas Gleixner wrote: > CONFIG_PREEMPT_COUNT is now unconditionally enabled and will be > removed. Cleanup the leftovers before doing so. > > Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> > Cc: Ingo Molnar <mingo(a)kernel.org> > Cc: Peter Zijlstra <peterz(a)infradead.org> > Cc: Juri Lelli <juri.lelli(a)redhat.com> > Cc: Vincent Guittot <vincent.guittot(a)linaro.org> > Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com> > Cc: Steven Rostedt <rostedt(a)goodmis.org> > Cc: Ben Segall <bsegall(a)google.com> > Cc: Mel Gorman <mgorman(a)suse.de> > Cc: Daniel Bristot de Oliveira <bristot(a)redhat.com> Reviewed-by: Valentin Schneider <valentin.schneider(a)arm.com>

5 years, 2 months

1
0
0 0

Re: [PATCH 2/2 v7] rseq/selftests: test MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ

by Mathieu Desnoyers

[ Adding selftests maintainer and mailing list in CC. You should add them to the CC list of the selftests patches for the next round. ] ----- On Sep 15, 2020, at 2:55 PM, Peter Oskolkov posk(a)google.com wrote: > Based on Google-internal RSEQ work done by > Paul Turner and Andrew Hunter. > > This patch adds a selftest for MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ. > The test quite often fails without the previous patch in this patchset, > but consistently passes with it. Did you consider moving this test into tools/testing/selftests/rseq/param_test.c instead, and update the script "run_param_test.sh" accordingly ? You would leverage for free all the work I have done to insert configurable delay loops into the critical sections, which will very likely increase the likelihood of failure tremendously. Reproducible frequent and fast failure is really something we want to aim for here when a bug is hiding. > > v3: added rseq_offset_deref_addv() to x86_64 to make the test > more explicit; on other architectures I kept using existing > rseq_cmpeqv_cmpeqv_storev() as I have no easy way to test > there. Added a comment explaining why the test works this way. > v4: skipped the test if rseq_offset_deref_addv() is not present > (that is, on all architectures other than x86_64). > > Signed-off-by: Peter Oskolkov <posk(a)google.com> > --- > .../selftests/rseq/basic_percpu_ops_test.c | 187 ++++++++++++++++++ > tools/testing/selftests/rseq/rseq-x86.h | 57 ++++++ > 2 files changed, 244 insertions(+) > > diff --git a/tools/testing/selftests/rseq/basic_percpu_ops_test.c > b/tools/testing/selftests/rseq/basic_percpu_ops_test.c > index eb3f6db36d36..e6e10ba4b9ed 100644 > --- a/tools/testing/selftests/rseq/basic_percpu_ops_test.c > +++ b/tools/testing/selftests/rseq/basic_percpu_ops_test.c > @@ -3,16 +3,24 @@ > #include <assert.h> > #include <pthread.h> > #include <sched.h> > +#include <stdatomic.h> That would be the first time stdatomic.h is included in the kernel selftests. Do we want this dependency ? > #include <stdint.h> > #include <stdio.h> > #include <stdlib.h> > #include <string.h> > #include <stddef.h> > +#include <syscall.h> > +#include <unistd.h> > > #include "rseq.h" > > #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0])) > > +/* The local <linux/membarrier.h> may not contain the commands below. */ > +#define MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ (1<<7) > +#define MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_RSEQ (1<<8) > +#define MEMBARRIER_CMD_FLAG_CPU (1<<0) > + The usual way to build and run tests AFAIK is to do "make headers_install" first, and then build the tests against those headers. Therefore, when building the tests, the additional membarrier commands and flags should always be there. Please remove those duplicated preprocessor defines. > struct percpu_lock_entry { > intptr_t v; > } __attribute__((aligned(128))); > @@ -289,6 +297,183 @@ void test_percpu_list(void) > assert(sum == expected_sum); > } > > +struct test_membarrier_thread_args { > + int stop; > + intptr_t percpu_list_ptr; > +}; > + > +/* Worker threads modify data in their "active" percpu lists. */ > +void *test_membarrier_worker_thread(void *arg) > +{ > + struct test_membarrier_thread_args *args = > + (struct test_membarrier_thread_args *)arg; > + const int iters = 10 * 1000 * 1000; > + int i; > + > + if (rseq_register_current_thread()) { > + fprintf(stderr, "Error: rseq_register_current_thread(...) failed(%d): %s\n", > + errno, strerror(errno)); > + abort(); > + } > + > + /* Wait for initialization. */ > + while (!atomic_load(&args->percpu_list_ptr)) {} > + > + for (i = 0; i < iters; ++i) { > + int ret; > + > + do { > + int cpu = rseq_cpu_start(); > + > + ret = rseq_offset_deref_addv(&args->percpu_list_ptr, > + 128 * cpu, 1, cpu); That 128 happens to be related to: struct percpu_list_entry { struct percpu_list_node *head; } __attribute__((aligned(128))); struct percpu_list { struct percpu_list_entry c[CPU_SETSIZE]; }; Please don't hardcode numbers like that. Instead: + ret = rseq_offset_deref_addv(&args->percpu_list_ptr, + sizeof(struct percpu_list_entry) * cpu, 1, cpu); > + } while (rseq_unlikely(ret)); > + } > + > + if (rseq_unregister_current_thread()) { > + fprintf(stderr, "Error: rseq_unregister_current_thread(...) failed(%d): > %s\n", > + errno, strerror(errno)); > + abort(); > + } > + return NULL; > +} > + > +void test_membarrier_init_percpu_list(struct percpu_list *list) > +{ > + int i; > + > + memset(list, 0, sizeof(*list)); > + for (i = 0; i < CPU_SETSIZE; i++) { > + struct percpu_list_node *node; > + > + node = malloc(sizeof(*node)); > + assert(node); > + node->data = 0; > + node->next = NULL; > + list->c[i].head = node; > + } > +} > + > +void test_membarrier_free_percpu_list(struct percpu_list *list) > +{ > + int i; > + > + for (i = 0; i < CPU_SETSIZE; i++) > + free(list->c[i].head); > +} > + > +static int sys_membarrier(int cmd, int flags, int cpu_id) > +{ > + return syscall(__NR_membarrier, cmd, flags, cpu_id); > +} > + > +/* > + * The manager thread swaps per-cpu lists that worker threads see, > + * and validates that there are no unexpected modifications. > + */ > +void *test_membarrier_manager_thread(void *arg) > +{ > + struct test_membarrier_thread_args *args = > + (struct test_membarrier_thread_args *)arg; > + struct percpu_list list_a, list_b; > + intptr_t expect_a = 0, expect_b = 0; > + int cpu_a = 0, cpu_b = 0; > + > + if (rseq_register_current_thread()) { > + fprintf(stderr, "Error: rseq_register_current_thread(...) failed(%d): %s\n", > + errno, strerror(errno)); > + abort(); > + } > + > + /* Init lists. */ > + test_membarrier_init_percpu_list(&list_a); > + test_membarrier_init_percpu_list(&list_b); > + > + atomic_store(&args->percpu_list_ptr, (intptr_t)&list_a); > + > + while (!atomic_load(&args->stop)) { > + /* list_a is "active". */ > + cpu_a = rand() % CPU_SETSIZE; > + /* > + * As list_b is "inactive", we should never see changes > + * to list_b. > + */ > + if (expect_b != atomic_load(&list_b.c[cpu_b].head->data)) { > + fprintf(stderr, "Membarrier test failed\n"); > + abort(); > + } > + > + /* Make list_b "active". */ > + atomic_store(&args->percpu_list_ptr, (intptr_t)&list_b); > + sys_membarrier(MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ, > + MEMBARRIER_CMD_FLAG_CPU, cpu_a); missing error check. > + /* > + * Cpu A should now only modify list_b, so we values we -> the > + * in list_a should be stable. > + */ > + expect_a = atomic_load(&list_a.c[cpu_a].head->data); > + > + cpu_b = rand() % CPU_SETSIZE; > + /* > + * As list_a is "inactive", we should never see changes > + * to list_a. > + */ > + if (expect_a != atomic_load(&list_a.c[cpu_a].head->data)) { > + fprintf(stderr, "Membarrier test failed\n"); > + abort(); > + } > + > + /* Make list_a "active". */ > + atomic_store(&args->percpu_list_ptr, (intptr_t)&list_a); > + sys_membarrier(MEMBARRIER_CMD_PRIVATE_EXPEDITED_RSEQ, > + MEMBARRIER_CMD_FLAG_CPU, cpu_b); missing error check. > + /* Remember a value from list_b. */ > + expect_b = atomic_load(&list_b.c[cpu_b].head->data); > + } > + > + test_membarrier_free_percpu_list(&list_a); > + test_membarrier_free_percpu_list(&list_b); > + > + if (rseq_unregister_current_thread()) { > + fprintf(stderr, "Error: rseq_unregister_current_thread(...) failed(%d): > %s\n", > + errno, strerror(errno)); > + abort(); > + } > + return NULL; > +} > + > +/* Test MEMBARRIER_CMD_PRIVATE_RESTART_RSEQ_ON_CPU membarrier command. */ > +void test_membarrier(void) > +{ > +#ifndef RSEQ_ARCH_HAS_OFFSET_DEREF_ADDV Please lift the preprocessor conditional outside of the function, e.g.: #ifdef RSEQ_ARCH_HAS_OFFSET_DEREF_ADDV void test_membarrier(void) { [... code goes here...] } #else /* RSEQ_ARCH_HAS_OFFSET_DEREF_ADDV /* void test_membarrier(void) { } #endif /* RSEQ_ARCH_HAS_OFFSET_DEREF_ADDV */ > + fprintf(stderr, "rseq_offset_deref_addv is not implemented on this > architecture. " > + "Skipping membarrier test.\n"); > + return; > +#else > + struct test_membarrier_thread_args thread_args; > + pthread_t worker_threads[CPU_SETSIZE]; > + pthread_t manager_thread; > + int i; > + > + sys_membarrier(MEMBARRIER_CMD_REGISTER_PRIVATE_EXPEDITED_RSEQ, 0, 0); Missing error handling. > + > + thread_args.stop = 0; > + thread_args.percpu_list_ptr = 0; > + pthread_create(&manager_thread, NULL, > + test_membarrier_manager_thread, &thread_args); > + > + for (i = 0; i < CPU_SETSIZE; i++) > + pthread_create(&worker_threads[i], NULL, > + test_membarrier_worker_thread, &thread_args); > + > + for (i = 0; i < CPU_SETSIZE; i++) > + pthread_join(worker_threads[i], NULL); > + > + atomic_store(&thread_args.stop, 1); > + pthread_join(manager_thread, NULL); Arguably the existing tests do not check pthread_* errors, but I guess it would not hurt to do so. > +#endif > +} > + > int main(int argc, char **argv) > { > if (rseq_register_current_thread()) { > @@ -300,6 +485,8 @@ int main(int argc, char **argv) > test_percpu_spinlock(); > printf("percpu_list\n"); > test_percpu_list(); > + printf("membarrier\n"); > + test_membarrier(); > if (rseq_unregister_current_thread()) { > fprintf(stderr, "Error: rseq_unregister_current_thread(...) failed(%d): %s\n", > errno, strerror(errno)); > diff --git a/tools/testing/selftests/rseq/rseq-x86.h > b/tools/testing/selftests/rseq/rseq-x86.h > index b2da6004fe30..640411518e46 100644 > --- a/tools/testing/selftests/rseq/rseq-x86.h > +++ b/tools/testing/selftests/rseq/rseq-x86.h > @@ -279,6 +279,63 @@ int rseq_addv(intptr_t *v, intptr_t count, int cpu) > #endif > } > > +#define RSEQ_ARCH_HAS_OFFSET_DEREF_ADDV > + > +/* > + * pval = *(ptr+off) > + * *pval += inc; > + */ Addition to rseq-x86.h should be split into its own commit. Thanks, Mathieu > +static inline __attribute__((always_inline)) > +int rseq_offset_deref_addv(intptr_t *ptr, off_t off, intptr_t inc, int cpu) > +{ > + RSEQ_INJECT_C(9) > + > + __asm__ __volatile__ goto ( > + RSEQ_ASM_DEFINE_TABLE(3, 1f, 2f, 4f) /* start, commit, abort */ > +#ifdef RSEQ_COMPARE_TWICE > + RSEQ_ASM_DEFINE_EXIT_POINT(1f, %l[error1]) > +#endif > + /* Start rseq by storing table entry pointer into rseq_cs. */ > + RSEQ_ASM_STORE_RSEQ_CS(1, 3b, RSEQ_CS_OFFSET(%[rseq_abi])) > + RSEQ_ASM_CMP_CPU_ID(cpu_id, RSEQ_CPU_ID_OFFSET(%[rseq_abi]), 4f) > + RSEQ_INJECT_ASM(3) > +#ifdef RSEQ_COMPARE_TWICE > + RSEQ_ASM_CMP_CPU_ID(cpu_id, RSEQ_CPU_ID_OFFSET(%[rseq_abi]), %l[error1]) > +#endif > + /* get p+v */ > + "movq %[ptr], %%rbx\n\t" > + "addq %[off], %%rbx\n\t" > + /* get pv */ > + "movq (%%rbx), %%rcx\n\t" > + /* *pv += inc */ > + "addq %[inc], (%%rcx)\n\t" > + "2:\n\t" > + RSEQ_INJECT_ASM(4) > + RSEQ_ASM_DEFINE_ABORT(4, "", abort) > + : /* gcc asm goto does not allow outputs */ > + : [cpu_id] "r" (cpu), > + [rseq_abi] "r" (&__rseq_abi), > + /* final store input */ > + [ptr] "m" (*ptr), > + [off] "er" (off), > + [inc] "er" (inc) > + : "memory", "cc", "rax", "rbx", "rcx" > + RSEQ_INJECT_CLOBBER > + : abort > +#ifdef RSEQ_COMPARE_TWICE > + , error1 > +#endif > + ); > + return 0; > +abort: > + RSEQ_INJECT_FAILED > + return -1; > +#ifdef RSEQ_COMPARE_TWICE > +error1: > + rseq_bug("cpu_id comparison failed"); > +#endif > +} > + > static inline __attribute__((always_inline)) > int rseq_cmpeqv_trystorev_storev(intptr_t *v, intptr_t expect, > intptr_t *v2, intptr_t newv2, > -- > 2.28.0.618.gf4bc123cb7-goog -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com

5 years, 2 months

1
0
0 0

[REGRESSION] kselftest: next-20200915

by LKFT

## Kernel * kernel: 5.9.0-rc5 * git repo: ['https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git', 'https://gitlab.com/Linaro/lkft/mirrors/next/linux-next'] * git branch: master * git commit: 6b02addb1d1748d21dd1261e46029b264be4e5a0 * git describe: next-20200915 * Test details: https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20200915 ## Regressions (compared to build next-20200914) juno-r2: kselftest: * memfd_memfd_test x86: kselftest-vsyscall-mode-native: * kvm_vmx_preemption_timer_test ## Fixes (compared to build next-20200914) x86: kselftest-vsyscall-mode-none: * kvm_vmx_preemption_timer_test ## Summary ### hi6220-hikey, kselftest * total: 161 * pass: 53 * fail: 79 * skip: 29 * xfail: 0 ### i386, kselftest * total: 166 * pass: 35 * fail: 102 * skip: 29 * xfail: 0 ### juno-r2, kselftest * total: 163 * pass: 57 * fail: 77 * skip: 29 * xfail: 0 ### x86, kselftest * total: 167 * pass: 59 * fail: 81 * skip: 27 * xfail: 0 ### x86, kselftest-vsyscall-mode-native * total: 168 * pass: 61 * fail: 80 * skip: 27 * xfail: 0 ### x86, kselftest-vsyscall-mode-none * total: 164 * pass: 58 * fail: 79 * skip: 27 * xfail: 0 ## Environments * dragonboard-410c * hi6220-hikey * i386 * juno-r2 * juno-r2-compat * juno-r2-kasan * nxp-ls2088 * qemu_arm * qemu_arm64 * qemu_i386 * qemu_x86_64 * x15 * x86 * x86-kasan ## Suites * kselftest * kselftest-vsyscall-mode-native * kselftest-vsyscall-mode-none ## Failures ### hi6220-hikey, kselftest * bpf_test_verifier * bpf_test_tag * bpf_test_maps * bpf_test_lpm_map * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_kmod.sh * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tcp_check_syncookie.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh ### i386, kselftest * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_tc_tunnel.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_clear_sighand * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_cr4_cpuid_sync_test * kvm_evmcs_test * kvm_hyperv_cpuid * kvm_mmio_warning_test * kvm_platform_info_test * kvm_set_sregs_test * kvm_smm_test * kvm_state_test * kvm_vmx_preemption_timer_test * kvm_svm_vmcall_test * kvm_sync_regs_test * kvm_vmx_close_while_nested_test * kvm_vmx_dirty_log_test * kvm_vmx_set_nested_state_test * kvm_vmx_tsc_adjust_test * kvm_xss_msr_test * kvm_debug_regs * kvm_clear_dirty_log_test * kvm_demand_paging_test * kvm_dirty_log_test * kvm_kvm_create_max_vcpus * kvm_set_memory_region_test * kvm_steal_time * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh ### juno-r2, kselftest * bpf_test_maps * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tcp_check_syncookie.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * cpufreq_main.sh * firmware_fw_run_tests.sh * ftrace_ftracetest * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh ### x86, kselftest * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_vmx_preemption_timer_test * kvm_debug_regs * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh ### x86, kselftest-vsyscall-mode-native * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_socket_cookie * bpf_test_netcnt * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_debug_regs * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh ### x86, kselftest-vsyscall-mode-none * bpf_test_progs * bpf_test_dev_cgroup * bpf_test_tcpbpf_user * bpf_get_cgroup_id_user * bpf_test_tcpnotify_user * bpf_test_sock_fields * bpf_test_sysctl * bpf_test_progs-no_alu32 * bpf_test_sock_addr.sh * bpf_test_tunnel.sh * bpf_test_lwt_seg6local.sh * bpf_test_flow_dissector.sh * bpf_test_lwt_ip_encap.sh * bpf_test_tc_tunnel.sh * bpf_test_tc_edt.sh * bpf_test_xdping.sh * bpf_test_bpftool.sh * clone3_clone3_cap_checkpoint_restore * core_close_range_test * firmware_fw_run_tests.sh * ftrace_ftracetest * intel_pstate_run.sh * kvm_vmx_preemption_timer_test * kvm_debug_regs * lkdtm_BUG.sh * lkdtm_WARNING.sh * lkdtm_WARNING_MESSAGE.sh * lkdtm_EXCEPTION.sh * lkdtm_CORRUPT_LIST_ADD.sh * lkdtm_CORRUPT_LIST_DEL.sh * lkdtm_STACK_GUARD_PAGE_LEADING.sh * lkdtm_STACK_GUARD_PAGE_TRAILING.sh * lkdtm_UNSET_SMEP.sh * lkdtm_CORRUPT_PAC.sh * lkdtm_UNALIGNED_LOAD_STORE_WRITE.sh * lkdtm_READ_AFTER_FREE.sh * lkdtm_READ_BUDDY_AFTER_FREE.sh * lkdtm_SLAB_FREE_DOUBLE.sh * lkdtm_SLAB_FREE_CROSS.sh * lkdtm_SLAB_FREE_PAGE.sh * lkdtm_EXEC_DATA.sh * lkdtm_EXEC_STACK.sh * lkdtm_EXEC_KMALLOC.sh * lkdtm_EXEC_VMALLOC.sh * lkdtm_EXEC_RODATA.sh * lkdtm_EXEC_USERSPACE.sh * lkdtm_EXEC_NULL.sh * lkdtm_ACCESS_USERSPACE.sh * lkdtm_ACCESS_NULL.sh * lkdtm_WRITE_RO.sh * lkdtm_WRITE_RO_AFTER_INIT.sh * lkdtm_WRITE_KERN.sh * lkdtm_REFCOUNT_INC_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_OVERFLOW.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_OVERFLOW.sh * lkdtm_REFCOUNT_DEC_ZERO.sh * lkdtm_REFCOUNT_DEC_NEGATIVE.sh * lkdtm_REFCOUNT_DEC_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_SUB_AND_TEST_NEGATIVE.sh * lkdtm_REFCOUNT_INC_ZERO.sh * lkdtm_REFCOUNT_ADD_ZERO.sh * lkdtm_REFCOUNT_INC_SATURATED.sh * lkdtm_REFCOUNT_DEC_SATURATED.sh * lkdtm_REFCOUNT_ADD_SATURATED.sh * lkdtm_REFCOUNT_INC_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_ADD_NOT_ZERO_SATURATED.sh * lkdtm_REFCOUNT_DEC_AND_TEST_SATURATED.sh * lkdtm_REFCOUNT_SUB_AND_TEST_SATURATED.sh * lkdtm_USERCOPY_HEAP_SIZE_TO.sh * lkdtm_USERCOPY_HEAP_SIZE_FROM.sh * lkdtm_USERCOPY_HEAP_WHITELIST_TO.sh * lkdtm_USERCOPY_HEAP_WHITELIST_FROM.sh * lkdtm_USERCOPY_STACK_FRAME_TO.sh * lkdtm_USERCOPY_STACK_FRAME_FROM.sh * lkdtm_USERCOPY_STACK_BEYOND.sh * lkdtm_USERCOPY_KERNEL.sh * lkdtm_STACKLEAK_ERASING.sh * lkdtm_CFI_FORWARD_PROTO.sh ## Skips ### hi6220-hikey, kselftest * bpf_test_xdp_veth.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * intel_pstate_run.sh * ir_ir_loopback.sh * livepatch_test-livepatch.sh * livepatch_test-callbacks.sh * livepatch_test-shadow-vars.sh * livepatch_test-state.sh * livepatch_test-ftrace.sh * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh ### i386, kselftest * bpf_test_xdp_veth.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * livepatch_test-livepatch.sh * livepatch_test-callbacks.sh * livepatch_test-shadow-vars.sh * livepatch_test-state.sh * livepatch_test-ftrace.sh * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh ### juno-r2, kselftest * bpf_test_xdp_veth.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * intel_pstate_run.sh * ir_ir_loopback.sh * livepatch_test-livepatch.sh * livepatch_test-callbacks.sh * livepatch_test-shadow-vars.sh * livepatch_test-state.sh * livepatch_test-ftrace.sh * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh ### x86, kselftest * bpf_test_xdp_veth.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * kvm_mmio_warning_test * kvm_svm_vmcall_test * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh ### x86, kselftest-vsyscall-mode-native * bpf_test_xdp_veth.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * kvm_mmio_warning_test * kvm_svm_vmcall_test * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh ### x86, kselftest-vsyscall-mode-none * bpf_test_xdp_veth.sh * cgroup_test_memcontrol * cgroup_test_kmem * cgroup_test_core * cgroup_test_stress.sh * efivarfs_efivarfs.sh * fpu_run_test_fpu.sh * ir_ir_loopback.sh * kexec_test_kexec_load.sh * kexec_test_kexec_file_load.sh * kvm_mmio_warning_test * kvm_svm_vmcall_test * lkdtm_PANIC.sh * lkdtm_LOOP.sh * lkdtm_EXHAUST_STACK.sh * lkdtm_CORRUPT_STACK.sh * lkdtm_CORRUPT_STACK_STRONG.sh * lkdtm_DOUBLE_FAULT.sh * lkdtm_OVERWRITE_ALLOCATION.sh * lkdtm_WRITE_AFTER_FREE.sh * lkdtm_WRITE_BUDDY_AFTER_FREE.sh * lkdtm_SOFTLOCKUP.sh * lkdtm_HARDLOCKUP.sh * lkdtm_SPINLOCKUP.sh * lkdtm_HUNG_TASK.sh * lkdtm_REFCOUNT_TIMING.sh * lkdtm_ATOMIC_TIMING.sh -- Linaro LKFT https://lkft.linaro.org

5 years, 2 months

2
1
0 0

Re: [patch 00/13] preempt: Make preempt count unconditional

by Paul E. McKenney

On Mon, Sep 14, 2020 at 01:59:15PM -0700, Linus Torvalds wrote: > On Mon, Sep 14, 2020 at 1:45 PM Thomas Gleixner <tglx(a)linutronix.de> wrote: > > > > Recently merged code does: > > > > gfp = preemptible() ? GFP_KERNEL : GFP_ATOMIC; > > > > Looks obviously correct, except for the fact that preemptible() is > > unconditionally false for CONFIF_PREEMPT_COUNT=n, i.e. all allocations in > > that code use GFP_ATOMIC on such kernels. > > I don't think this is a good reason to entirely get rid of the no-preempt thing. > > The above is just garbage. It's bogus. You can't do it. > > Blaming the no-preempt code for this bug is extremely unfair, imho. > > And the no-preempt code does help make for much better code generation > for simple spinlocks. > > Where is that horribly buggy recent code? It's not in that exact > format, certainly, since 'grep' doesn't find it. It would be convenient for that "gfp =" code to work, as this would allow better cache locality while invoking RCU callbacks, and would further provide better robustness to callback floods. The full story is quite long, but here are alternatives have not yet been proven to be abject failures: 1. Use workqueues to do the allocations in a clean context. While waiting for the allocations, the callbacks are queued in the old cache-busting manner. This functions correctly, but in the meantime (which on busy systems can be some time) the cache locality and robustness are lost. 2. Provide the ability to allocate memory in raw atomic context. This is extremely effective, especially when used in combination with #1 above, but as you might suspect, the MM guys don't like it much. In contrast, with Thomas's patch series, call_rcu() and kvfree_rcu() could just look at preemptible() to see whether or not it was safe to allocate memory, even in !PREEMPT kernels -- and in the common case, it almost always would be safe. It is quite possible that this approach would work in isolation, or failing that, that adding #1 above would do the trick. I understand that this is all very hand-wavy, and I do apologize for that. If you really want the full sad story with performance numbers and the works, let me know! Thanx, Paul

5 years, 2 months

1
0
0 0

[PATCH 0/2] selftests/vm: fix some minor aggravating factors in the Makefile

by John Hubbard

Hi, This fixes a couple of minor aggravating factors that I ran across while trying to do some changes in selftests/vm. These are simple things, but like most things with GNU Make, it's rarely obvious what's wrong until you understand *the entire Makefile and all of its includes*. So while there is, of course, joy in learning those details, I thought I'd fix these little things, so as to allow others to skip out on the Joy if they so choose. :) First of all, if you have an item (let's choose userfaultfd for an example) that fails to build, you might do this: $ make -j32 # ...you observe a failed item in the threaded output # OK, let's get a closer look $ make # ...but now the build quietly "succeeds". That's what Patch 0001 fixes. Second, if you instead attempt this approach for your closer look (a casual mistake, as it's not supported): $ make userfaultfd # ...userfaultfd fails to link, due to incomplete LDLIBS That's what Patch 0002 fixes. John Hubbard (2): selftests/vm: fix false build success on the second and later attempts selftests/vm: fix incorrect gcc invocation in some cases tools/testing/selftests/vm/Makefile | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) -- 2.28.0

5 years, 2 months

2
3
0 0

[PATCH bpf-next v2 4/5] bpf: selftests: add MPTCP test base

by Nicolas Rybowski

This patch adds a base for MPTCP specific tests. It is currently limited to the is_mptcp field in case of plain TCP connection because for the moment there is no easy way to get the subflow sk from a msk in userspace. This implies that we cannot lookup the sk_storage attached to the subflow sk in the sockops program. Acked-by: Matthieu Baerts <matthieu.baerts(a)tessares.net> Signed-off-by: Nicolas Rybowski <nicolas.rybowski(a)tessares.net> --- Notes: v1 -> v2: - new patch: mandatory selftests (Alexei) tools/testing/selftests/bpf/config | 1 + tools/testing/selftests/bpf/network_helpers.c | 37 +++++- tools/testing/selftests/bpf/network_helpers.h | 3 + .../testing/selftests/bpf/prog_tests/mptcp.c | 119 ++++++++++++++++++ tools/testing/selftests/bpf/progs/mptcp.c | 48 +++++++ 5 files changed, 203 insertions(+), 5 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/mptcp.c create mode 100644 tools/testing/selftests/bpf/progs/mptcp.c diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/bpf/config index 2118e23ac07a..8377836ea976 100644 --- a/tools/testing/selftests/bpf/config +++ b/tools/testing/selftests/bpf/config @@ -39,3 +39,4 @@ CONFIG_BPF_JIT=y CONFIG_BPF_LSM=y CONFIG_SECURITY=y CONFIG_LIRC=y +CONFIG_MPTCP=y diff --git a/tools/testing/selftests/bpf/network_helpers.c b/tools/testing/selftests/bpf/network_helpers.c index 12ee40284da0..85cbb683965c 100644 --- a/tools/testing/selftests/bpf/network_helpers.c +++ b/tools/testing/selftests/bpf/network_helpers.c @@ -14,6 +14,10 @@ #include "bpf_util.h" #include "network_helpers.h" +#ifndef IPPROTO_MPTCP +#define IPPROTO_MPTCP 262 +#endif + #define clean_errno() (errno == 0 ? "None" : strerror(errno)) #define log_err(MSG, ...) ({ \ int __save = errno; \ @@ -66,8 +70,8 @@ static int settimeo(int fd, int timeout_ms) #define save_errno_close(fd) ({ int __save = errno; close(fd); errno = __save; }) -int start_server(int family, int type, const char *addr_str, __u16 port, - int timeout_ms) +static int start_server_proto(int family, int type, int protocol, + const char *addr_str, __u16 port, int timeout_ms) { struct sockaddr_storage addr = {}; socklen_t len; @@ -76,7 +80,7 @@ int start_server(int family, int type, const char *addr_str, __u16 port, if (make_sockaddr(family, addr_str, port, &addr, &len)) return -1; - fd = socket(family, type, 0); + fd = socket(family, type, protocol); if (fd < 0) { log_err("Failed to create server socket"); return -1; @@ -104,6 +108,19 @@ int start_server(int family, int type, const char *addr_str, __u16 port, return -1; } +int start_server(int family, int type, const char *addr_str, __u16 port, + int timeout_ms) +{ + return start_server_proto(family, type, 0, addr_str, port, timeout_ms); +} + +int start_mptcp_server(int family, const char *addr_str, __u16 port, + int timeout_ms) +{ + return start_server_proto(family, SOCK_STREAM, IPPROTO_MPTCP, addr_str, + port, timeout_ms); +} + int fastopen_connect(int server_fd, const char *data, unsigned int data_len, int timeout_ms) { @@ -153,7 +170,7 @@ static int connect_fd_to_addr(int fd, return 0; } -int connect_to_fd(int server_fd, int timeout_ms) +static int connect_to_fd_proto(int server_fd, int protocol, int timeout_ms) { struct sockaddr_storage addr; struct sockaddr_in *addr_in; @@ -173,7 +190,7 @@ int connect_to_fd(int server_fd, int timeout_ms) } addr_in = (struct sockaddr_in *)&addr; - fd = socket(addr_in->sin_family, type, 0); + fd = socket(addr_in->sin_family, type, protocol); if (fd < 0) { log_err("Failed to create client socket"); return -1; @@ -192,6 +209,16 @@ int connect_to_fd(int server_fd, int timeout_ms) return -1; } +int connect_to_fd(int server_fd, int timeout_ms) +{ + return connect_to_fd_proto(server_fd, 0, timeout_ms); +} + +int connect_to_mptcp_fd(int server_fd, int timeout_ms) +{ + return connect_to_fd_proto(server_fd, IPPROTO_MPTCP, timeout_ms); +} + int connect_fd_to_fd(int client_fd, int server_fd, int timeout_ms) { struct sockaddr_storage addr; diff --git a/tools/testing/selftests/bpf/network_helpers.h b/tools/testing/selftests/bpf/network_helpers.h index 7205f8afdba1..336423a789e9 100644 --- a/tools/testing/selftests/bpf/network_helpers.h +++ b/tools/testing/selftests/bpf/network_helpers.h @@ -35,7 +35,10 @@ extern struct ipv6_packet pkt_v6; int start_server(int family, int type, const char *addr, __u16 port, int timeout_ms); +int start_mptcp_server(int family, const char *addr, __u16 port, + int timeout_ms); int connect_to_fd(int server_fd, int timeout_ms); +int connect_to_mptcp_fd(int server_fd, int timeout_ms); int connect_fd_to_fd(int client_fd, int server_fd, int timeout_ms); int fastopen_connect(int server_fd, const char *data, unsigned int data_len, int timeout_ms); diff --git a/tools/testing/selftests/bpf/prog_tests/mptcp.c b/tools/testing/selftests/bpf/prog_tests/mptcp.c new file mode 100644 index 000000000000..0e65d64868e9 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/mptcp.c @@ -0,0 +1,119 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <test_progs.h> +#include "cgroup_helpers.h" +#include "network_helpers.h" + +struct mptcp_storage { + __u32 invoked; + __u32 is_mptcp; +}; + +static int verify_sk(int map_fd, int client_fd, const char *msg, __u32 is_mptcp) +{ + int err = 0, cfd = client_fd; + struct mptcp_storage val; + + /* Currently there is no easy way to get back the subflow sk from the MPTCP + * sk, thus we cannot access here the sk_storage associated to the subflow + * sk. Also, there is no sk_storage associated with the MPTCP sk since it + * does not trigger sockops events. + * We silently pass this situation at the moment. + */ + if (is_mptcp == 1) + return 0; + + if (CHECK_FAIL(bpf_map_lookup_elem(map_fd, &cfd, &val) < 0)) { + perror("Failed to read socket storage"); + return -1; + } + + if (val.invoked != 1) { + log_err("%s: unexpected invoked count %d != %d", + msg, val.invoked, 1); + err++; + } + + if (val.is_mptcp != is_mptcp) { + log_err("%s: unexpected bpf_tcp_sock.is_mptcp %d != %d", + msg, val.is_mptcp, is_mptcp); + err++; + } + + return err; +} + +static int run_test(int cgroup_fd, int server_fd, bool is_mptcp) +{ + int client_fd, prog_fd, map_fd, err; + struct bpf_object *obj; + struct bpf_map *map; + + struct bpf_prog_load_attr attr = { + .prog_type = BPF_PROG_TYPE_SOCK_OPS, + .file = "./mptcp.o", + .expected_attach_type = BPF_CGROUP_SOCK_OPS, + }; + + err = bpf_prog_load_xattr(&attr, &obj, &prog_fd); + if (err) { + log_err("Failed to load BPF object"); + return -1; + } + + map = bpf_map__next(NULL, obj); + map_fd = bpf_map__fd(map); + + err = bpf_prog_attach(prog_fd, cgroup_fd, BPF_CGROUP_SOCK_OPS, 0); + if (err) { + log_err("Failed to attach BPF program"); + goto close_bpf_object; + } + + client_fd = is_mptcp ? connect_to_mptcp_fd(server_fd, 0) : + connect_to_fd(server_fd, 0); + if (client_fd < 0) { + err = -1; + goto close_client_fd; + } + + err += is_mptcp ? verify_sk(map_fd, client_fd, "MPTCP subflow socket", 1) : + verify_sk(map_fd, client_fd, "plain TCP socket", 0); + +close_client_fd: + close(client_fd); + +close_bpf_object: + bpf_object__close(obj); + return err; +} + +void test_mptcp(void) +{ + int server_fd, cgroup_fd; + + cgroup_fd = test__join_cgroup("/mptcp"); + if (CHECK_FAIL(cgroup_fd < 0)) + return; + + /* without MPTCP */ + server_fd = start_server(AF_INET, SOCK_STREAM, NULL, 0, 0); + if (CHECK_FAIL(server_fd < 0)) + goto with_mptcp; + + CHECK_FAIL(run_test(cgroup_fd, server_fd, false)); + + close(server_fd); + +with_mptcp: + /* with MPTCP */ + server_fd = start_mptcp_server(AF_INET, NULL, 0, 0); + if (CHECK_FAIL(server_fd < 0)) + goto close_cgroup_fd; + + CHECK_FAIL(run_test(cgroup_fd, server_fd, true)); + + close(server_fd); + +close_cgroup_fd: + close(cgroup_fd); +} diff --git a/tools/testing/selftests/bpf/progs/mptcp.c b/tools/testing/selftests/bpf/progs/mptcp.c new file mode 100644 index 000000000000..be5ee8dac2b3 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/mptcp.c @@ -0,0 +1,48 @@ +// SPDX-License-Identifier: GPL-2.0 +#include <linux/bpf.h> +#include <bpf/bpf_helpers.h> + +char _license[] SEC("license") = "GPL"; +__u32 _version SEC("version") = 1; + +struct mptcp_storage { + __u32 invoked; + __u32 is_mptcp; +}; + +struct { + __uint(type, BPF_MAP_TYPE_SK_STORAGE); + __uint(map_flags, BPF_F_NO_PREALLOC); + __type(key, int); + __type(value, struct mptcp_storage); +} socket_storage_map SEC(".maps"); + +SEC("sockops") +int _sockops(struct bpf_sock_ops *ctx) +{ + struct mptcp_storage *storage; + struct bpf_tcp_sock *tcp_sk; + int op = (int)ctx->op; + struct bpf_sock *sk; + + sk = ctx->sk; + if (!sk) + return 1; + + storage = bpf_sk_storage_get(&socket_storage_map, sk, 0, + BPF_SK_STORAGE_GET_F_CREATE); + if (!storage) + return 1; + + if (op != BPF_SOCK_OPS_TCP_CONNECT_CB) + return 1; + + tcp_sk = bpf_tcp_sock(sk); + if (!tcp_sk) + return 1; + + storage->invoked++; + storage->is_mptcp = tcp_sk->is_mptcp; + + return 1; +} -- 2.28.0

5 years, 2 months

3
3
0 0

Re: [patch 04/13] lockdep: Clenaup PREEMPT_COUNT leftovers

by Will Deacon

On Mon, Sep 14, 2020 at 10:42:13PM +0200, Thomas Gleixner wrote: > CONFIG_PREEMPT_COUNT is now unconditionally enabled and will be > removed. Cleanup the leftovers before doing so. > > Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> > Cc: Peter Zijlstra <peterz(a)infradead.org> > Cc: Ingo Molnar <mingo(a)kernel.org> > Cc: Will Deacon <will(a)kernel.org> > --- > include/linux/lockdep.h | 6 ++---- > lib/Kconfig.debug | 1 - > 2 files changed, 2 insertions(+), 5 deletions(-) > > --- a/include/linux/lockdep.h > +++ b/include/linux/lockdep.h > @@ -585,16 +585,14 @@ do { \ > > #define lockdep_assert_preemption_enabled() \ > do { \ > - WARN_ON_ONCE(IS_ENABLED(CONFIG_PREEMPT_COUNT) && \ > - debug_locks && \ > + WARN_ON_ONCE(debug_locks && \ > (preempt_count() != 0 || \ > !raw_cpu_read(hardirqs_enabled))); \ > } while (0) > > #define lockdep_assert_preemption_disabled() \ > do { \ > - WARN_ON_ONCE(IS_ENABLED(CONFIG_PREEMPT_COUNT) && \ > - debug_locks && \ > + WARN_ON_ONCE(debug_locks && \ > (preempt_count() == 0 && \ > raw_cpu_read(hardirqs_enabled))); \ > } while (0) > --- a/lib/Kconfig.debug > +++ b/lib/Kconfig.debug > @@ -1161,7 +1161,6 @@ config PROVE_LOCKING > select DEBUG_RWSEMS > select DEBUG_WW_MUTEX_SLOWPATH > select DEBUG_LOCK_ALLOC > - select PREEMPT_COUNT > select TRACE_IRQFLAGS > default n > help Acked-by: Will Deacon <will(a)kernel.org> Will

5 years, 2 months

1
0
0 0

Re: [patch 06/13] locking/bitspinlock: Clenaup PREEMPT_COUNT leftovers

by Will Deacon

On Mon, Sep 14, 2020 at 10:42:15PM +0200, Thomas Gleixner wrote: > CONFIG_PREEMPT_COUNT is now unconditionally enabled and will be > removed. Cleanup the leftovers before doing so. > > Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> > --- > include/linux/bit_spinlock.h | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > --- a/include/linux/bit_spinlock.h > +++ b/include/linux/bit_spinlock.h > @@ -90,10 +90,8 @@ static inline int bit_spin_is_locked(int > { > #if defined(CONFIG_SMP) || defined(CONFIG_DEBUG_SPINLOCK) > return test_bit(bitnum, addr); > -#elif defined CONFIG_PREEMPT_COUNT > - return preempt_count(); > #else > - return 1; > + return preempt_count(); > #endif Acked-by: Will Deacon <will(a)kernel.org> Will

5 years, 2 months

1
0
0 0

[PATCH v38 22/24] selftests/x86: Add a selftest for SGX

by Jarkko Sakkinen

Add a selftest for SGX. It is a trivial test where a simple enclave copies one 64-bit word of memory between two memory locations. Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/sgx/.gitignore | 2 + tools/testing/selftests/sgx/Makefile | 53 +++ tools/testing/selftests/sgx/call.S | 44 ++ tools/testing/selftests/sgx/defines.h | 21 + tools/testing/selftests/sgx/load.c | 277 ++++++++++++ tools/testing/selftests/sgx/main.c | 232 ++++++++++ tools/testing/selftests/sgx/main.h | 38 ++ tools/testing/selftests/sgx/sigstruct.c | 395 ++++++++++++++++++ tools/testing/selftests/sgx/test_encl.c | 20 + tools/testing/selftests/sgx/test_encl.lds | 40 ++ .../selftests/sgx/test_encl_bootstrap.S | 89 ++++ 12 files changed, 1212 insertions(+) create mode 100644 tools/testing/selftests/sgx/.gitignore create mode 100644 tools/testing/selftests/sgx/Makefile create mode 100644 tools/testing/selftests/sgx/call.S create mode 100644 tools/testing/selftests/sgx/defines.h create mode 100644 tools/testing/selftests/sgx/load.c create mode 100644 tools/testing/selftests/sgx/main.c create mode 100644 tools/testing/selftests/sgx/main.h create mode 100644 tools/testing/selftests/sgx/sigstruct.c create mode 100644 tools/testing/selftests/sgx/test_encl.c create mode 100644 tools/testing/selftests/sgx/test_encl.lds create mode 100644 tools/testing/selftests/sgx/test_encl_bootstrap.S diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 9018f45d631d..fee80cda6304 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -68,6 +68,7 @@ TARGETS += user TARGETS += vm TARGETS += x86 TARGETS += zram +TARGETS += sgx #Please keep the TARGETS list alphabetically sorted # Run "make quicktest=1 run_tests" or # "make quicktest=1 kselftest" from top level Makefile diff --git a/tools/testing/selftests/sgx/.gitignore b/tools/testing/selftests/sgx/.gitignore new file mode 100644 index 000000000000..fbaf0bda9a92 --- /dev/null +++ b/tools/testing/selftests/sgx/.gitignore @@ -0,0 +1,2 @@ +test_sgx +test_encl.elf diff --git a/tools/testing/selftests/sgx/Makefile b/tools/testing/selftests/sgx/Makefile new file mode 100644 index 000000000000..95e5c4df8014 --- /dev/null +++ b/tools/testing/selftests/sgx/Makefile @@ -0,0 +1,53 @@ +top_srcdir = ../../../.. + +include ../lib.mk + +.PHONY: all clean + +CAN_BUILD_X86_64 := $(shell ../x86/check_cc.sh $(CC) \ + ../x86/trivial_64bit_program.c) + +ifndef OBJCOPY +OBJCOPY := $(CROSS_COMPILE)objcopy +endif + +INCLUDES := -I$(top_srcdir)/tools/include +HOST_CFLAGS := -Wall -Werror -g $(INCLUDES) -fPIC -z noexecstack +ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \ + -fno-stack-protector -mrdrnd $(INCLUDES) + +TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx $(OUTPUT)/test_encl.elf + +ifeq ($(CAN_BUILD_X86_64), 1) +all: $(TEST_CUSTOM_PROGS) +endif + +$(OUTPUT)/test_sgx: $(OUTPUT)/main.o \ + $(OUTPUT)/load.o \ + $(OUTPUT)/sigstruct.o \ + $(OUTPUT)/call.o + $(CC) $(HOST_CFLAGS) -o $@ $^ -lcrypto + +$(OUTPUT)/main.o: main.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/load.o: load.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/sigstruct.o: sigstruct.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/call.o: call.S + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/test_encl.elf: test_encl.lds test_encl.c test_encl_bootstrap.S + $(CC) $(ENCL_CFLAGS) -T $^ -o $@ + +EXTRA_CLEAN := \ + $(OUTPUT)/test_encl.elf \ + $(OUTPUT)/load.o \ + $(OUTPUT)/call.o \ + $(OUTPUT)/main.o \ + $(OUTPUT)/sigstruct.o \ + $(OUTPUT)/test_sgx \ + $(OUTPUT)/test_sgx.o \ diff --git a/tools/testing/selftests/sgx/call.S b/tools/testing/selftests/sgx/call.S new file mode 100644 index 000000000000..f640532cda93 --- /dev/null +++ b/tools/testing/selftests/sgx/call.S @@ -0,0 +1,44 @@ +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */ +/** +* Copyright(c) 2016-18 Intel Corporation. +*/ + + .text + + .global sgx_call_vdso +sgx_call_vdso: + .cfi_startproc + push %r15 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r15, 0 + push %r14 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r14, 0 + push %r13 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r13, 0 + push %r12 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r12, 0 + push %rbx + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %rbx, 0 + push $0 + .cfi_adjust_cfa_offset 8 + push 0x38(%rsp) + .cfi_adjust_cfa_offset 8 + call *eenter(%rip) + add $0x10, %rsp + .cfi_adjust_cfa_offset -0x10 + pop %rbx + .cfi_adjust_cfa_offset -8 + pop %r12 + .cfi_adjust_cfa_offset -8 + pop %r13 + .cfi_adjust_cfa_offset -8 + pop %r14 + .cfi_adjust_cfa_offset -8 + pop %r15 + .cfi_adjust_cfa_offset -8 + ret + .cfi_endproc diff --git a/tools/testing/selftests/sgx/defines.h b/tools/testing/selftests/sgx/defines.h new file mode 100644 index 000000000000..be8969922804 --- /dev/null +++ b/tools/testing/selftests/sgx/defines.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright(c) 2016-19 Intel Corporation. + */ + +#ifndef DEFINES_H +#define DEFINES_H + +#include <stdint.h> + +#define PAGE_SIZE 4096 +#define PAGE_MASK (~(PAGE_SIZE - 1)) + +#define __aligned(x) __attribute__((__aligned__(x))) +#define __packed __attribute__((packed)) + +#include "../../../../arch/x86/kernel/cpu/sgx/arch.h" +#include "../../../../arch/x86/include/asm/enclu.h" +#include "../../../../arch/x86/include/uapi/asm/sgx.h" + +#endif /* DEFINES_H */ diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c new file mode 100644 index 000000000000..8ce0c4ac9a49 --- /dev/null +++ b/tools/testing/selftests/sgx/load.c @@ -0,0 +1,277 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <assert.h> +#include <elf.h> +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/ioctl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/types.h> +#include "defines.h" +#include "main.h" + +void encl_delete(struct encl *encl) +{ + if (encl->encl_base) + munmap((void *)encl->encl_base, encl->encl_size); + + if (encl->bin) + munmap(encl->bin, encl->bin_size); + + if (encl->fd) + close(encl->fd); + + if (encl->segment_tbl) + free(encl->segment_tbl); + + memset(encl, 0, sizeof(*encl)); +} + +static bool encl_map_bin(const char *path, struct encl *encl) +{ + struct stat sb; + void *bin; + int ret; + int fd; + + fd = open(path, O_RDONLY); + if (fd == -1) { + perror("open()"); + return false; + } + + ret = stat(path, &sb); + if (ret) { + perror("stat()"); + goto err; + } + + bin = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); + if (bin == MAP_FAILED) { + perror("mmap()"); + goto err; + } + + encl->bin = bin; + encl->bin_size = sb.st_size; + + close(fd); + return true; + +err: + close(fd); + return false; +} + +static bool encl_ioc_create(struct encl *encl) +{ + struct sgx_secs *secs = &encl->secs; + struct sgx_enclave_create ioc; + int rc; + + assert(encl->encl_base != 0); + + memset(secs, 0, sizeof(*secs)); + secs->ssa_frame_size = 1; + secs->attributes = SGX_ATTR_MODE64BIT; + secs->xfrm = 3; + secs->base = encl->encl_base; + secs->size = encl->encl_size; + + ioc.src = (unsigned long)secs; + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_CREATE, &ioc); + if (rc) { + fprintf(stderr, "SGX_IOC_ENCLAVE_CREATE failed: errno=%d\n", + errno); + munmap((void *)secs->base, encl->encl_size); + return false; + } + + return true; +} + +static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg) +{ + struct sgx_enclave_add_pages ioc; + struct sgx_secinfo secinfo; + int rc; + + memset(&secinfo, 0, sizeof(secinfo)); + secinfo.flags = seg->flags; + + ioc.src = (uint64_t)encl->src + seg->offset; + ioc.offset = seg->offset; + ioc.length = seg->size; + ioc.secinfo = (unsigned long)&secinfo; + ioc.flags = SGX_PAGE_MEASURE; + + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc); + if (rc < 0) { + fprintf(stderr, "SGX_IOC_ENCLAVE_ADD_PAGES failed: errno=%d.\n", + errno); + return false; + } + + return true; +} + +bool encl_load(const char *path, struct encl *encl) +{ + Elf64_Phdr *phdr_tbl; + off_t src_offset; + Elf64_Ehdr *ehdr; + int i, j; + int ret; + + memset(encl, 0, sizeof(*encl)); + + ret = open("/dev/sgx/enclave", O_RDWR); + if (ret < 0) { + fprintf(stderr, "Unable to open /dev/sgx\n"); + goto err; + } + + encl->fd = ret; + + if (!encl_map_bin(path, encl)) + goto err; + + ehdr = encl->bin; + phdr_tbl = encl->bin + ehdr->e_phoff; + + for (i = 0; i < ehdr->e_phnum; i++) { + Elf64_Phdr *phdr = &phdr_tbl[i]; + + if (phdr->p_type == PT_LOAD) + encl->nr_segments++; + } + + encl->segment_tbl = calloc(encl->nr_segments, + sizeof(struct encl_segment)); + if (!encl->segment_tbl) + goto err; + + for (i = 0, j = 0; i < ehdr->e_phnum; i++) { + Elf64_Phdr *phdr = &phdr_tbl[i]; + unsigned int flags = phdr->p_flags; + struct encl_segment *seg; + + if (phdr->p_type != PT_LOAD) + continue; + + seg = &encl->segment_tbl[j]; + + if (!!(flags & ~(PF_R | PF_W | PF_X))) { + fprintf(stderr, + "%d has invalid segment flags 0x%02x.\n", i, + phdr->p_flags); + goto err; + } + + if (j == 0 && flags != (PF_R | PF_W)) { + fprintf(stderr, + "TCS has invalid segment flags 0x%02x.\n", + phdr->p_flags); + goto err; + } + + if (j == 0) { + src_offset = (phdr->p_offset & PAGE_MASK) - src_offset; + + seg->prot = PROT_READ | PROT_WRITE; + seg->flags = SGX_PAGE_TYPE_TCS << 8; + } else { + seg->prot = (phdr->p_flags & PF_R) ? PROT_READ : 0; + seg->prot |= (phdr->p_flags & PF_W) ? PROT_WRITE : 0; + seg->prot |= (phdr->p_flags & PF_X) ? PROT_EXEC : 0; + seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot; + } + + seg->offset = (phdr->p_offset & PAGE_MASK) - src_offset; + seg->size = (phdr->p_filesz + PAGE_SIZE - 1) & PAGE_MASK; + + printf("0x%016lx 0x%016lx 0x%02x\n", seg->offset, seg->size, + seg->prot); + + j++; + } + + assert(j == encl->nr_segments); + + encl->src = encl->bin + src_offset; + encl->src_size = encl->segment_tbl[j - 1].offset + + encl->segment_tbl[j - 1].size; + + for (encl->encl_size = 4096; encl->encl_size < encl->src_size; ) + encl->encl_size <<= 1; + + return true; + +err: + encl_delete(encl); + return false; +} + +static bool encl_map_area(struct encl *encl) +{ + size_t encl_size = encl->encl_size; + void *area; + + area = mmap(NULL, encl_size * 2, PROT_NONE, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + if (area == MAP_FAILED) { + perror("mmap"); + return false; + } + + encl->encl_base = ((uint64_t)area + encl_size - 1) & ~(encl_size - 1); + + munmap(area, encl->encl_base - (uint64_t)area); + munmap((void *)(encl->encl_base + encl_size), + (uint64_t)area + encl_size - encl->encl_base); + + return true; +} + +bool encl_build(struct encl *encl) +{ + struct sgx_enclave_init ioc; + int ret; + int i; + + if (!encl_map_area(encl)) + return false; + + if (!encl_ioc_create(encl)) + return false; + + /* + * Pages must be added before mapping VMAs because their permissions + * cap the VMA permissions. + */ + for (i = 0; i < encl->nr_segments; i++) { + struct encl_segment *seg = &encl->segment_tbl[i]; + + if (!encl_ioc_add_pages(encl, seg)) + return false; + } + + ioc.sigstruct = (uint64_t)&encl->sigstruct; + ret = ioctl(encl->fd, SGX_IOC_ENCLAVE_INIT, &ioc); + if (ret) { + fprintf(stderr, "SGX_IOC_ENCLAVE_INIT failed: errno=%d\n", + errno); + return false; + } + + return true; +} diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c new file mode 100644 index 000000000000..44acb3c72067 --- /dev/null +++ b/tools/testing/selftests/sgx/main.c @@ -0,0 +1,232 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <elf.h> +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/ioctl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/types.h> +#include "defines.h" +#include "main.h" + +static const uint64_t MAGIC = 0x1122334455667788ULL; +vdso_sgx_enter_enclave_t eenter; + +struct vdso_symtab { + Elf64_Sym *elf_symtab; + const char *elf_symstrtab; + Elf64_Word *elf_hashtab; +}; + +static void *vdso_get_base_addr(char *envp[]) +{ + Elf64_auxv_t *auxv; + int i; + + for (i = 0; envp[i]; i++) + ; + + auxv = (Elf64_auxv_t *)&envp[i + 1]; + + for (i = 0; auxv[i].a_type != AT_NULL; i++) { + if (auxv[i].a_type == AT_SYSINFO_EHDR) + return (void *)auxv[i].a_un.a_val; + } + + return NULL; +} + +static Elf64_Dyn *vdso_get_dyntab(void *addr) +{ + Elf64_Ehdr *ehdr = addr; + Elf64_Phdr *phdrtab = addr + ehdr->e_phoff; + int i; + + for (i = 0; i < ehdr->e_phnum; i++) + if (phdrtab[i].p_type == PT_DYNAMIC) + return addr + phdrtab[i].p_offset; + + return NULL; +} + +static void *vdso_get_dyn(void *addr, Elf64_Dyn *dyntab, Elf64_Sxword tag) +{ + int i; + + for (i = 0; dyntab[i].d_tag != DT_NULL; i++) + if (dyntab[i].d_tag == tag) + return addr + dyntab[i].d_un.d_ptr; + + return NULL; +} + +static bool vdso_get_symtab(void *addr, struct vdso_symtab *symtab) +{ + Elf64_Dyn *dyntab = vdso_get_dyntab(addr); + + symtab->elf_symtab = vdso_get_dyn(addr, dyntab, DT_SYMTAB); + if (!symtab->elf_symtab) + return false; + + symtab->elf_symstrtab = vdso_get_dyn(addr, dyntab, DT_STRTAB); + if (!symtab->elf_symstrtab) + return false; + + symtab->elf_hashtab = vdso_get_dyn(addr, dyntab, DT_HASH); + if (!symtab->elf_hashtab) + return false; + + return true; +} + +static unsigned long elf_sym_hash(const char *name) +{ + unsigned long h = 0, high; + + while (*name) { + h = (h << 4) + *name++; + high = h & 0xf0000000; + + if (high) + h ^= high >> 24; + + h &= ~high; + } + + return h; +} + +static Elf64_Sym *vdso_symtab_get(struct vdso_symtab *symtab, const char *name) +{ + Elf64_Word bucketnum = symtab->elf_hashtab[0]; + Elf64_Word *buckettab = &symtab->elf_hashtab[2]; + Elf64_Word *chaintab = &symtab->elf_hashtab[2 + bucketnum]; + Elf64_Sym *sym; + Elf64_Word i; + + for (i = buckettab[elf_sym_hash(name) % bucketnum]; i != STN_UNDEF; + i = chaintab[i]) { + sym = &symtab->elf_symtab[i]; + if (!strcmp(name, &symtab->elf_symstrtab[sym->st_name])) + return sym; + } + + return NULL; +} + +int check_result(struct sgx_enclave_run *run, int ret, uint64_t result, + const char *test) +{ + if (ret) { + printf("FAIL: %s() returned: %d\n", test, ret); + return ret; + } else if (run->exit_reason != SGX_SYNCHRONOUS_EXIT) { + printf("FAIL: %s() exit reason, expected: %u, got: %u\n", + test, SGX_SYNCHRONOUS_EXIT, run->exit_reason); + return -EIO; + } else if (result != MAGIC) { + printf("FAIL: %s(), expected: 0x%lx, got: 0x%lx\n", + test, MAGIC, result); + return -EIO; + } else if (run->user_data) { + printf("FAIL: %s() user data, expected: 0x0, got: 0x%llx\n", + test, run->user_data); + return -EIO; + } + return 0; +} + +static int exit_handler(long rdi, long rsi, long rdx, long ursp, long r8, long r9, + struct sgx_enclave_run *run) +{ + run->user_data = 0; + return 0; +} + +int main(int argc, char *argv[], char *envp[]) +{ + struct sgx_enclave_run run; + struct vdso_symtab symtab; + Elf64_Sym *eenter_sym; + uint64_t result = 0; + struct encl encl; + unsigned int i; + void *addr; + int ret; + + if (!encl_load("test_encl.elf", &encl)) + goto err; + + if (!encl_measure(&encl)) + goto err; + + if (!encl_build(&encl)) + goto err; + + /* + * An enclave consumer only must do this. + */ + for (i = 0; i < encl.nr_segments; i++) { + struct encl_segment *seg = &encl.segment_tbl[i]; + + addr = mmap((void *)encl.encl_base + seg->offset, seg->size, + seg->prot, MAP_SHARED | MAP_FIXED, encl.fd, 0); + if (addr == MAP_FAILED) { + fprintf(stderr, "mmap() failed, errno=%d.\n", errno); + exit(1); + } + } + + memset(&run, 0, sizeof(run)); + run.tcs = encl.encl_base; + + addr = vdso_get_base_addr(envp); + if (!addr) + goto err; + + if (!vdso_get_symtab(addr, &symtab)) + goto err; + + eenter_sym = vdso_symtab_get(&symtab, "__vdso_sgx_enter_enclave"); + if (!eenter_sym) + goto err; + + eenter = addr + eenter_sym->st_value; + + ret = sgx_call_vdso((void *)&MAGIC, &result, 0, EENTER, NULL, NULL, &run); + if (check_result(&run, ret, result, "sgx_call_vdso")) + goto err; + + + /* Invoke the vDSO directly. */ + result = 0; + ret = eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER, + 0, 0, &run); + if (check_result(&run, ret, result, "eenter")) + goto err; + + /* And with an exit handler. */ + run.user_handler = exit_handler; + run.user_data = 0xdeadbeef; + ret = eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER, + 0, 0, &run); + if (check_result(&run, ret, result, "exit_handler")) + goto err; + + printf("SUCCESS\n"); + encl_delete(&encl); + exit(0); + +err: + encl_delete(&encl); + exit(1); +} diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h new file mode 100644 index 000000000000..2b4777942500 --- /dev/null +++ b/tools/testing/selftests/sgx/main.h @@ -0,0 +1,38 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright(c) 2016-19 Intel Corporation. + */ + +#ifndef MAIN_H +#define MAIN_H + +struct encl_segment { + off_t offset; + size_t size; + unsigned int prot; + unsigned int flags; +}; + +struct encl { + int fd; + void *bin; + off_t bin_size; + void *src; + size_t src_size; + size_t encl_size; + off_t encl_base; + unsigned int nr_segments; + struct encl_segment *segment_tbl; + struct sgx_secs secs; + struct sgx_sigstruct sigstruct; +}; + +void encl_delete(struct encl *ctx); +bool encl_load(const char *path, struct encl *encl); +bool encl_measure(struct encl *encl); +bool encl_build(struct encl *encl); + +int sgx_call_vdso(void *rdi, void *rsi, long rdx, u32 leaf, void *r8, void *r9, + struct sgx_enclave_run *run); + +#endif /* MAIN_H */ diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c new file mode 100644 index 000000000000..ceddad478672 --- /dev/null +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -0,0 +1,395 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#define _GNU_SOURCE +#include <assert.h> +#include <getopt.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <unistd.h> +#include <openssl/err.h> +#include <openssl/pem.h> +#include "defines.h" +#include "main.h" + +struct q1q2_ctx { + BN_CTX *bn_ctx; + BIGNUM *m; + BIGNUM *s; + BIGNUM *q1; + BIGNUM *qr; + BIGNUM *q2; +}; + +static void free_q1q2_ctx(struct q1q2_ctx *ctx) +{ + BN_CTX_free(ctx->bn_ctx); + BN_free(ctx->m); + BN_free(ctx->s); + BN_free(ctx->q1); + BN_free(ctx->qr); + BN_free(ctx->q2); +} + +static bool alloc_q1q2_ctx(const uint8_t *s, const uint8_t *m, + struct q1q2_ctx *ctx) +{ + ctx->bn_ctx = BN_CTX_new(); + ctx->s = BN_bin2bn(s, SGX_MODULUS_SIZE, NULL); + ctx->m = BN_bin2bn(m, SGX_MODULUS_SIZE, NULL); + ctx->q1 = BN_new(); + ctx->qr = BN_new(); + ctx->q2 = BN_new(); + + if (!ctx->bn_ctx || !ctx->s || !ctx->m || !ctx->q1 || !ctx->qr || + !ctx->q2) { + free_q1q2_ctx(ctx); + return false; + } + + return true; +} + +static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1, + uint8_t *q2) +{ + struct q1q2_ctx ctx; + + if (!alloc_q1q2_ctx(s, m, &ctx)) { + fprintf(stderr, "Not enough memory for Q1Q2 calculation\n"); + return false; + } + + if (!BN_mul(ctx.q1, ctx.s, ctx.s, ctx.bn_ctx)) + goto out; + + if (!BN_div(ctx.q1, ctx.qr, ctx.q1, ctx.m, ctx.bn_ctx)) + goto out; + + if (BN_num_bytes(ctx.q1) > SGX_MODULUS_SIZE) { + fprintf(stderr, "Too large Q1 %d bytes\n", + BN_num_bytes(ctx.q1)); + goto out; + } + + if (!BN_mul(ctx.q2, ctx.s, ctx.qr, ctx.bn_ctx)) + goto out; + + if (!BN_div(ctx.q2, NULL, ctx.q2, ctx.m, ctx.bn_ctx)) + goto out; + + if (BN_num_bytes(ctx.q2) > SGX_MODULUS_SIZE) { + fprintf(stderr, "Too large Q2 %d bytes\n", + BN_num_bytes(ctx.q2)); + goto out; + } + + BN_bn2bin(ctx.q1, q1); + BN_bn2bin(ctx.q2, q2); + + free_q1q2_ctx(&ctx); + return true; +out: + free_q1q2_ctx(&ctx); + return false; +} + +struct sgx_sigstruct_payload { + struct sgx_sigstruct_header header; + struct sgx_sigstruct_body body; +}; + +static bool check_crypto_errors(void) +{ + int err; + bool had_errors = false; + const char *filename; + int line; + char str[256]; + + for ( ; ; ) { + if (ERR_peek_error() == 0) + break; + + had_errors = true; + err = ERR_get_error_line(&filename, &line); + ERR_error_string_n(err, str, sizeof(str)); + fprintf(stderr, "crypto: %s: %s:%d\n", str, filename, line); + } + + return had_errors; +} + +static inline const BIGNUM *get_modulus(RSA *key) +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return key->n; +#else + const BIGNUM *n; + + RSA_get0_key(key, &n, NULL, NULL); + return n; +#endif +} + +static RSA *gen_sign_key(void) +{ + BIGNUM *e; + RSA *key; + int ret; + + e = BN_new(); + key = RSA_new(); + + if (!e || !key) + goto err; + + ret = BN_set_word(e, RSA_3); + if (ret != 1) + goto err; + + ret = RSA_generate_key_ex(key, 3072, e, NULL); + if (ret != 1) + goto err; + + BN_free(e); + + return key; + +err: + RSA_free(key); + BN_free(e); + + return NULL; +} + +static void reverse_bytes(void *data, int length) +{ + int i = 0; + int j = length - 1; + uint8_t temp; + uint8_t *ptr = data; + + while (i < j) { + temp = ptr[i]; + ptr[i] = ptr[j]; + ptr[j] = temp; + i++; + j--; + } +} + +enum mrtags { + MRECREATE = 0x0045544145524345, + MREADD = 0x0000000044444145, + MREEXTEND = 0x00444E4554584545, +}; + +static bool mrenclave_update(EVP_MD_CTX *ctx, const void *data) +{ + if (!EVP_DigestUpdate(ctx, data, 64)) { + fprintf(stderr, "digest update failed\n"); + return false; + } + + return true; +} + +static bool mrenclave_commit(EVP_MD_CTX *ctx, uint8_t *mrenclave) +{ + unsigned int size; + + if (!EVP_DigestFinal_ex(ctx, (unsigned char *)mrenclave, &size)) { + fprintf(stderr, "digest commit failed\n"); + return false; + } + + if (size != 32) { + fprintf(stderr, "invalid digest size = %u\n", size); + return false; + } + + return true; +} + +struct mrecreate { + uint64_t tag; + uint32_t ssaframesize; + uint64_t size; + uint8_t reserved[44]; +} __attribute__((__packed__)); + + +static bool mrenclave_ecreate(EVP_MD_CTX *ctx, uint64_t blob_size) +{ + struct mrecreate mrecreate; + uint64_t encl_size; + + for (encl_size = 0x1000; encl_size < blob_size; ) + encl_size <<= 1; + + memset(&mrecreate, 0, sizeof(mrecreate)); + mrecreate.tag = MRECREATE; + mrecreate.ssaframesize = 1; + mrecreate.size = encl_size; + + if (!EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)) + return false; + + return mrenclave_update(ctx, &mrecreate); +} + +struct mreadd { + uint64_t tag; + uint64_t offset; + uint64_t flags; /* SECINFO flags */ + uint8_t reserved[40]; +} __attribute__((__packed__)); + +static bool mrenclave_eadd(EVP_MD_CTX *ctx, uint64_t offset, uint64_t flags) +{ + struct mreadd mreadd; + + memset(&mreadd, 0, sizeof(mreadd)); + mreadd.tag = MREADD; + mreadd.offset = offset; + mreadd.flags = flags; + + return mrenclave_update(ctx, &mreadd); +} + +struct mreextend { + uint64_t tag; + uint64_t offset; + uint8_t reserved[48]; +} __attribute__((__packed__)); + +static bool mrenclave_eextend(EVP_MD_CTX *ctx, uint64_t offset, + const uint8_t *data) +{ + struct mreextend mreextend; + int i; + + for (i = 0; i < 0x1000; i += 0x100) { + memset(&mreextend, 0, sizeof(mreextend)); + mreextend.tag = MREEXTEND; + mreextend.offset = offset + i; + + if (!mrenclave_update(ctx, &mreextend)) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x00])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x40])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x80])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0xC0])) + return false; + } + + return true; +} + +static bool mrenclave_segment(EVP_MD_CTX *ctx, struct encl *encl, + struct encl_segment *seg) +{ + uint64_t end = seg->offset + seg->size; + uint64_t offset; + + for (offset = seg->offset; offset < end; offset += PAGE_SIZE) { + if (!mrenclave_eadd(ctx, offset, seg->flags)) + return false; + + if (!mrenclave_eextend(ctx, offset, encl->src + offset)) + return false; + } + + return true; +} + +bool encl_measure(struct encl *encl) +{ + uint64_t header1[2] = {0x000000E100000006, 0x0000000000010000}; + uint64_t header2[2] = {0x0000006000000101, 0x0000000100000060}; + struct sgx_sigstruct *sigstruct = &encl->sigstruct; + struct sgx_sigstruct_payload payload; + uint8_t digest[SHA256_DIGEST_LENGTH]; + unsigned int siglen; + RSA *key = NULL; + EVP_MD_CTX *ctx; + int i; + + memset(sigstruct, 0, sizeof(*sigstruct)); + + sigstruct->header.header1[0] = header1[0]; + sigstruct->header.header1[1] = header1[1]; + sigstruct->header.header2[0] = header2[0]; + sigstruct->header.header2[1] = header2[1]; + sigstruct->exponent = 3; + sigstruct->body.attributes = SGX_ATTR_MODE64BIT; + sigstruct->body.xfrm = 3; + + /* sanity check */ + if (check_crypto_errors()) + goto err; + + key = gen_sign_key(); + if (!key) + goto err; + + BN_bn2bin(get_modulus(key), sigstruct->modulus); + + ctx = EVP_MD_CTX_create(); + if (!ctx) + goto err; + + if (!mrenclave_ecreate(ctx, encl->src_size)) + goto err; + + for (i = 0; i < encl->nr_segments; i++) { + struct encl_segment *seg = &encl->segment_tbl[i]; + + if (!mrenclave_segment(ctx, encl, seg)) + goto err; + } + + if (!mrenclave_commit(ctx, sigstruct->body.mrenclave)) + goto err; + + memcpy(&payload.header, &sigstruct->header, sizeof(sigstruct->header)); + memcpy(&payload.body, &sigstruct->body, sizeof(sigstruct->body)); + + SHA256((unsigned char *)&payload, sizeof(payload), digest); + + if (!RSA_sign(NID_sha256, digest, SHA256_DIGEST_LENGTH, + sigstruct->signature, &siglen, key)) + goto err; + + if (!calc_q1q2(sigstruct->signature, sigstruct->modulus, sigstruct->q1, + sigstruct->q2)) + goto err; + + /* BE -> LE */ + reverse_bytes(sigstruct->signature, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->modulus, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->q1, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->q2, SGX_MODULUS_SIZE); + + EVP_MD_CTX_destroy(ctx); + RSA_free(key); + return true; + +err: + EVP_MD_CTX_destroy(ctx); + RSA_free(key); + return false; +} diff --git a/tools/testing/selftests/sgx/test_encl.c b/tools/testing/selftests/sgx/test_encl.c new file mode 100644 index 000000000000..ede915399742 --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl.c @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <stddef.h> +#include "defines.h" + +static void *memcpy(void *dest, const void *src, size_t n) +{ + size_t i; + + for (i = 0; i < n; i++) + ((char *)dest)[i] = ((char *)src)[i]; + + return dest; +} + +void encl_body(void *rdi, void *rsi) +{ + memcpy(rsi, rdi, 8); +} diff --git a/tools/testing/selftests/sgx/test_encl.lds b/tools/testing/selftests/sgx/test_encl.lds new file mode 100644 index 000000000000..0fbbda7e665e --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl.lds @@ -0,0 +1,40 @@ +OUTPUT_FORMAT(elf64-x86-64) + +PHDRS +{ + tcs PT_LOAD; + text PT_LOAD; + data PT_LOAD; +} + +SECTIONS +{ + . = 0; + .tcs : { + *(.tcs*) + } : tcs + + . = ALIGN(4096); + .text : { + *(.text*) + *(.rodata*) + } : text + + . = ALIGN(4096); + .data : { + *(.data*) + } : data + + /DISCARD/ : { + *(.comment*) + *(.note*) + *(.debug*) + *(.eh_frame*) + } +} + +ASSERT(!DEFINED(.altinstructions), "ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.altinstr_replacement), "ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.discard.retpoline_safe), "RETPOLINE ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.discard.nospec), "RETPOLINE ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.got.plt), "Libcalls are not supported in enclaves") diff --git a/tools/testing/selftests/sgx/test_encl_bootstrap.S b/tools/testing/selftests/sgx/test_encl_bootstrap.S new file mode 100644 index 000000000000..6836ea86126e --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl_bootstrap.S @@ -0,0 +1,89 @@ +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */ +/* + * Copyright(c) 2016-18 Intel Corporation. + */ + + .macro ENCLU + .byte 0x0f, 0x01, 0xd7 + .endm + + .section ".tcs", "aw" + .balign 4096 + + .fill 1, 8, 0 # STATE (set by CPU) + .fill 1, 8, 0 # FLAGS + .quad encl_ssa # OSSA + .fill 1, 4, 0 # CSSA (set by CPU) + .fill 1, 4, 1 # NSSA + .quad encl_entry # OENTRY + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME) + .fill 1, 8, 0 # OFSBASE + .fill 1, 8, 0 # OGSBASE + .fill 1, 4, 0xFFFFFFFF # FSLIMIT + .fill 1, 4, 0xFFFFFFFF # GSLIMIT + .fill 4024, 1, 0 # Reserved + + # Identical to the previous TCS. + .fill 1, 8, 0 # STATE (set by CPU) + .fill 1, 8, 0 # FLAGS + .quad encl_ssa # OSSA + .fill 1, 4, 0 # CSSA (set by CPU) + .fill 1, 4, 1 # NSSA + .quad encl_entry # OENTRY + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME) + .fill 1, 8, 0 # OFSBASE + .fill 1, 8, 0 # OGSBASE + .fill 1, 4, 0xFFFFFFFF # FSLIMIT + .fill 1, 4, 0xFFFFFFFF # GSLIMIT + .fill 4024, 1, 0 # Reserved + + .text + +encl_entry: + # RBX contains the base address for TCS, which is also the first address + # inside the enclave. By adding the value of le_stack_end to it, we get + # the absolute address for the stack. + lea (encl_stack)(%rbx), %rax + xchg %rsp, %rax + push %rax + + push %rcx # push the address after EENTER + push %rbx # push the enclave base address + + call encl_body + + pop %rbx # pop the enclave base address + + /* Clear volatile GPRs, except RAX (EEXIT leaf). */ + xor %rcx, %rcx + xor %rdx, %rdx + xor %rdi, %rdi + xor %rsi, %rsi + xor %r8, %r8 + xor %r9, %r9 + xor %r10, %r10 + xor %r11, %r11 + + # Reset status flags. + add %rdx, %rdx # OF = SF = AF = CF = 0; ZF = PF = 1 + + # Prepare EEXIT target by popping the address of the instruction after + # EENTER to RBX. + pop %rbx + + # Restore the caller stack. + pop %rax + mov %rax, %rsp + + # EEXIT + mov $4, %rax + enclu + + .section ".data", "aw" + +encl_ssa: + .space 4096 + + .balign 4096 + .space 8192 +encl_stack: -- 2.25.1

5 years, 2 months

1
0
0 0

[PATCH v38 22/24] selftests/x86: Add a selftest for SGX

by Jarkko Sakkinen

Add a selftest for SGX. It is a trivial test where a simple enclave copies one 64-bit word of memory between two memory locations. Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/sgx/.gitignore | 2 + tools/testing/selftests/sgx/Makefile | 53 +++ tools/testing/selftests/sgx/call.S | 44 ++ tools/testing/selftests/sgx/defines.h | 21 + tools/testing/selftests/sgx/load.c | 277 ++++++++++++ tools/testing/selftests/sgx/main.c | 232 ++++++++++ tools/testing/selftests/sgx/main.h | 38 ++ tools/testing/selftests/sgx/sigstruct.c | 395 ++++++++++++++++++ tools/testing/selftests/sgx/test_encl.c | 20 + tools/testing/selftests/sgx/test_encl.lds | 40 ++ .../selftests/sgx/test_encl_bootstrap.S | 89 ++++ 12 files changed, 1212 insertions(+) create mode 100644 tools/testing/selftests/sgx/.gitignore create mode 100644 tools/testing/selftests/sgx/Makefile create mode 100644 tools/testing/selftests/sgx/call.S create mode 100644 tools/testing/selftests/sgx/defines.h create mode 100644 tools/testing/selftests/sgx/load.c create mode 100644 tools/testing/selftests/sgx/main.c create mode 100644 tools/testing/selftests/sgx/main.h create mode 100644 tools/testing/selftests/sgx/sigstruct.c create mode 100644 tools/testing/selftests/sgx/test_encl.c create mode 100644 tools/testing/selftests/sgx/test_encl.lds create mode 100644 tools/testing/selftests/sgx/test_encl_bootstrap.S diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 9018f45d631d..fee80cda6304 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -68,6 +68,7 @@ TARGETS += user TARGETS += vm TARGETS += x86 TARGETS += zram +TARGETS += sgx #Please keep the TARGETS list alphabetically sorted # Run "make quicktest=1 run_tests" or # "make quicktest=1 kselftest" from top level Makefile diff --git a/tools/testing/selftests/sgx/.gitignore b/tools/testing/selftests/sgx/.gitignore new file mode 100644 index 000000000000..fbaf0bda9a92 --- /dev/null +++ b/tools/testing/selftests/sgx/.gitignore @@ -0,0 +1,2 @@ +test_sgx +test_encl.elf diff --git a/tools/testing/selftests/sgx/Makefile b/tools/testing/selftests/sgx/Makefile new file mode 100644 index 000000000000..95e5c4df8014 --- /dev/null +++ b/tools/testing/selftests/sgx/Makefile @@ -0,0 +1,53 @@ +top_srcdir = ../../../.. + +include ../lib.mk + +.PHONY: all clean + +CAN_BUILD_X86_64 := $(shell ../x86/check_cc.sh $(CC) \ + ../x86/trivial_64bit_program.c) + +ifndef OBJCOPY +OBJCOPY := $(CROSS_COMPILE)objcopy +endif + +INCLUDES := -I$(top_srcdir)/tools/include +HOST_CFLAGS := -Wall -Werror -g $(INCLUDES) -fPIC -z noexecstack +ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \ + -fno-stack-protector -mrdrnd $(INCLUDES) + +TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx $(OUTPUT)/test_encl.elf + +ifeq ($(CAN_BUILD_X86_64), 1) +all: $(TEST_CUSTOM_PROGS) +endif + +$(OUTPUT)/test_sgx: $(OUTPUT)/main.o \ + $(OUTPUT)/load.o \ + $(OUTPUT)/sigstruct.o \ + $(OUTPUT)/call.o + $(CC) $(HOST_CFLAGS) -o $@ $^ -lcrypto + +$(OUTPUT)/main.o: main.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/load.o: load.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/sigstruct.o: sigstruct.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/call.o: call.S + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/test_encl.elf: test_encl.lds test_encl.c test_encl_bootstrap.S + $(CC) $(ENCL_CFLAGS) -T $^ -o $@ + +EXTRA_CLEAN := \ + $(OUTPUT)/test_encl.elf \ + $(OUTPUT)/load.o \ + $(OUTPUT)/call.o \ + $(OUTPUT)/main.o \ + $(OUTPUT)/sigstruct.o \ + $(OUTPUT)/test_sgx \ + $(OUTPUT)/test_sgx.o \ diff --git a/tools/testing/selftests/sgx/call.S b/tools/testing/selftests/sgx/call.S new file mode 100644 index 000000000000..f640532cda93 --- /dev/null +++ b/tools/testing/selftests/sgx/call.S @@ -0,0 +1,44 @@ +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */ +/** +* Copyright(c) 2016-18 Intel Corporation. +*/ + + .text + + .global sgx_call_vdso +sgx_call_vdso: + .cfi_startproc + push %r15 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r15, 0 + push %r14 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r14, 0 + push %r13 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r13, 0 + push %r12 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r12, 0 + push %rbx + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %rbx, 0 + push $0 + .cfi_adjust_cfa_offset 8 + push 0x38(%rsp) + .cfi_adjust_cfa_offset 8 + call *eenter(%rip) + add $0x10, %rsp + .cfi_adjust_cfa_offset -0x10 + pop %rbx + .cfi_adjust_cfa_offset -8 + pop %r12 + .cfi_adjust_cfa_offset -8 + pop %r13 + .cfi_adjust_cfa_offset -8 + pop %r14 + .cfi_adjust_cfa_offset -8 + pop %r15 + .cfi_adjust_cfa_offset -8 + ret + .cfi_endproc diff --git a/tools/testing/selftests/sgx/defines.h b/tools/testing/selftests/sgx/defines.h new file mode 100644 index 000000000000..be8969922804 --- /dev/null +++ b/tools/testing/selftests/sgx/defines.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright(c) 2016-19 Intel Corporation. + */ + +#ifndef DEFINES_H +#define DEFINES_H + +#include <stdint.h> + +#define PAGE_SIZE 4096 +#define PAGE_MASK (~(PAGE_SIZE - 1)) + +#define __aligned(x) __attribute__((__aligned__(x))) +#define __packed __attribute__((packed)) + +#include "../../../../arch/x86/kernel/cpu/sgx/arch.h" +#include "../../../../arch/x86/include/asm/enclu.h" +#include "../../../../arch/x86/include/uapi/asm/sgx.h" + +#endif /* DEFINES_H */ diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c new file mode 100644 index 000000000000..8ce0c4ac9a49 --- /dev/null +++ b/tools/testing/selftests/sgx/load.c @@ -0,0 +1,277 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <assert.h> +#include <elf.h> +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/ioctl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/types.h> +#include "defines.h" +#include "main.h" + +void encl_delete(struct encl *encl) +{ + if (encl->encl_base) + munmap((void *)encl->encl_base, encl->encl_size); + + if (encl->bin) + munmap(encl->bin, encl->bin_size); + + if (encl->fd) + close(encl->fd); + + if (encl->segment_tbl) + free(encl->segment_tbl); + + memset(encl, 0, sizeof(*encl)); +} + +static bool encl_map_bin(const char *path, struct encl *encl) +{ + struct stat sb; + void *bin; + int ret; + int fd; + + fd = open(path, O_RDONLY); + if (fd == -1) { + perror("open()"); + return false; + } + + ret = stat(path, &sb); + if (ret) { + perror("stat()"); + goto err; + } + + bin = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); + if (bin == MAP_FAILED) { + perror("mmap()"); + goto err; + } + + encl->bin = bin; + encl->bin_size = sb.st_size; + + close(fd); + return true; + +err: + close(fd); + return false; +} + +static bool encl_ioc_create(struct encl *encl) +{ + struct sgx_secs *secs = &encl->secs; + struct sgx_enclave_create ioc; + int rc; + + assert(encl->encl_base != 0); + + memset(secs, 0, sizeof(*secs)); + secs->ssa_frame_size = 1; + secs->attributes = SGX_ATTR_MODE64BIT; + secs->xfrm = 3; + secs->base = encl->encl_base; + secs->size = encl->encl_size; + + ioc.src = (unsigned long)secs; + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_CREATE, &ioc); + if (rc) { + fprintf(stderr, "SGX_IOC_ENCLAVE_CREATE failed: errno=%d\n", + errno); + munmap((void *)secs->base, encl->encl_size); + return false; + } + + return true; +} + +static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg) +{ + struct sgx_enclave_add_pages ioc; + struct sgx_secinfo secinfo; + int rc; + + memset(&secinfo, 0, sizeof(secinfo)); + secinfo.flags = seg->flags; + + ioc.src = (uint64_t)encl->src + seg->offset; + ioc.offset = seg->offset; + ioc.length = seg->size; + ioc.secinfo = (unsigned long)&secinfo; + ioc.flags = SGX_PAGE_MEASURE; + + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc); + if (rc < 0) { + fprintf(stderr, "SGX_IOC_ENCLAVE_ADD_PAGES failed: errno=%d.\n", + errno); + return false; + } + + return true; +} + +bool encl_load(const char *path, struct encl *encl) +{ + Elf64_Phdr *phdr_tbl; + off_t src_offset; + Elf64_Ehdr *ehdr; + int i, j; + int ret; + + memset(encl, 0, sizeof(*encl)); + + ret = open("/dev/sgx/enclave", O_RDWR); + if (ret < 0) { + fprintf(stderr, "Unable to open /dev/sgx\n"); + goto err; + } + + encl->fd = ret; + + if (!encl_map_bin(path, encl)) + goto err; + + ehdr = encl->bin; + phdr_tbl = encl->bin + ehdr->e_phoff; + + for (i = 0; i < ehdr->e_phnum; i++) { + Elf64_Phdr *phdr = &phdr_tbl[i]; + + if (phdr->p_type == PT_LOAD) + encl->nr_segments++; + } + + encl->segment_tbl = calloc(encl->nr_segments, + sizeof(struct encl_segment)); + if (!encl->segment_tbl) + goto err; + + for (i = 0, j = 0; i < ehdr->e_phnum; i++) { + Elf64_Phdr *phdr = &phdr_tbl[i]; + unsigned int flags = phdr->p_flags; + struct encl_segment *seg; + + if (phdr->p_type != PT_LOAD) + continue; + + seg = &encl->segment_tbl[j]; + + if (!!(flags & ~(PF_R | PF_W | PF_X))) { + fprintf(stderr, + "%d has invalid segment flags 0x%02x.\n", i, + phdr->p_flags); + goto err; + } + + if (j == 0 && flags != (PF_R | PF_W)) { + fprintf(stderr, + "TCS has invalid segment flags 0x%02x.\n", + phdr->p_flags); + goto err; + } + + if (j == 0) { + src_offset = (phdr->p_offset & PAGE_MASK) - src_offset; + + seg->prot = PROT_READ | PROT_WRITE; + seg->flags = SGX_PAGE_TYPE_TCS << 8; + } else { + seg->prot = (phdr->p_flags & PF_R) ? PROT_READ : 0; + seg->prot |= (phdr->p_flags & PF_W) ? PROT_WRITE : 0; + seg->prot |= (phdr->p_flags & PF_X) ? PROT_EXEC : 0; + seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot; + } + + seg->offset = (phdr->p_offset & PAGE_MASK) - src_offset; + seg->size = (phdr->p_filesz + PAGE_SIZE - 1) & PAGE_MASK; + + printf("0x%016lx 0x%016lx 0x%02x\n", seg->offset, seg->size, + seg->prot); + + j++; + } + + assert(j == encl->nr_segments); + + encl->src = encl->bin + src_offset; + encl->src_size = encl->segment_tbl[j - 1].offset + + encl->segment_tbl[j - 1].size; + + for (encl->encl_size = 4096; encl->encl_size < encl->src_size; ) + encl->encl_size <<= 1; + + return true; + +err: + encl_delete(encl); + return false; +} + +static bool encl_map_area(struct encl *encl) +{ + size_t encl_size = encl->encl_size; + void *area; + + area = mmap(NULL, encl_size * 2, PROT_NONE, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + if (area == MAP_FAILED) { + perror("mmap"); + return false; + } + + encl->encl_base = ((uint64_t)area + encl_size - 1) & ~(encl_size - 1); + + munmap(area, encl->encl_base - (uint64_t)area); + munmap((void *)(encl->encl_base + encl_size), + (uint64_t)area + encl_size - encl->encl_base); + + return true; +} + +bool encl_build(struct encl *encl) +{ + struct sgx_enclave_init ioc; + int ret; + int i; + + if (!encl_map_area(encl)) + return false; + + if (!encl_ioc_create(encl)) + return false; + + /* + * Pages must be added before mapping VMAs because their permissions + * cap the VMA permissions. + */ + for (i = 0; i < encl->nr_segments; i++) { + struct encl_segment *seg = &encl->segment_tbl[i]; + + if (!encl_ioc_add_pages(encl, seg)) + return false; + } + + ioc.sigstruct = (uint64_t)&encl->sigstruct; + ret = ioctl(encl->fd, SGX_IOC_ENCLAVE_INIT, &ioc); + if (ret) { + fprintf(stderr, "SGX_IOC_ENCLAVE_INIT failed: errno=%d\n", + errno); + return false; + } + + return true; +} diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c new file mode 100644 index 000000000000..44acb3c72067 --- /dev/null +++ b/tools/testing/selftests/sgx/main.c @@ -0,0 +1,232 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <elf.h> +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/ioctl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/types.h> +#include "defines.h" +#include "main.h" + +static const uint64_t MAGIC = 0x1122334455667788ULL; +vdso_sgx_enter_enclave_t eenter; + +struct vdso_symtab { + Elf64_Sym *elf_symtab; + const char *elf_symstrtab; + Elf64_Word *elf_hashtab; +}; + +static void *vdso_get_base_addr(char *envp[]) +{ + Elf64_auxv_t *auxv; + int i; + + for (i = 0; envp[i]; i++) + ; + + auxv = (Elf64_auxv_t *)&envp[i + 1]; + + for (i = 0; auxv[i].a_type != AT_NULL; i++) { + if (auxv[i].a_type == AT_SYSINFO_EHDR) + return (void *)auxv[i].a_un.a_val; + } + + return NULL; +} + +static Elf64_Dyn *vdso_get_dyntab(void *addr) +{ + Elf64_Ehdr *ehdr = addr; + Elf64_Phdr *phdrtab = addr + ehdr->e_phoff; + int i; + + for (i = 0; i < ehdr->e_phnum; i++) + if (phdrtab[i].p_type == PT_DYNAMIC) + return addr + phdrtab[i].p_offset; + + return NULL; +} + +static void *vdso_get_dyn(void *addr, Elf64_Dyn *dyntab, Elf64_Sxword tag) +{ + int i; + + for (i = 0; dyntab[i].d_tag != DT_NULL; i++) + if (dyntab[i].d_tag == tag) + return addr + dyntab[i].d_un.d_ptr; + + return NULL; +} + +static bool vdso_get_symtab(void *addr, struct vdso_symtab *symtab) +{ + Elf64_Dyn *dyntab = vdso_get_dyntab(addr); + + symtab->elf_symtab = vdso_get_dyn(addr, dyntab, DT_SYMTAB); + if (!symtab->elf_symtab) + return false; + + symtab->elf_symstrtab = vdso_get_dyn(addr, dyntab, DT_STRTAB); + if (!symtab->elf_symstrtab) + return false; + + symtab->elf_hashtab = vdso_get_dyn(addr, dyntab, DT_HASH); + if (!symtab->elf_hashtab) + return false; + + return true; +} + +static unsigned long elf_sym_hash(const char *name) +{ + unsigned long h = 0, high; + + while (*name) { + h = (h << 4) + *name++; + high = h & 0xf0000000; + + if (high) + h ^= high >> 24; + + h &= ~high; + } + + return h; +} + +static Elf64_Sym *vdso_symtab_get(struct vdso_symtab *symtab, const char *name) +{ + Elf64_Word bucketnum = symtab->elf_hashtab[0]; + Elf64_Word *buckettab = &symtab->elf_hashtab[2]; + Elf64_Word *chaintab = &symtab->elf_hashtab[2 + bucketnum]; + Elf64_Sym *sym; + Elf64_Word i; + + for (i = buckettab[elf_sym_hash(name) % bucketnum]; i != STN_UNDEF; + i = chaintab[i]) { + sym = &symtab->elf_symtab[i]; + if (!strcmp(name, &symtab->elf_symstrtab[sym->st_name])) + return sym; + } + + return NULL; +} + +int check_result(struct sgx_enclave_run *run, int ret, uint64_t result, + const char *test) +{ + if (ret) { + printf("FAIL: %s() returned: %d\n", test, ret); + return ret; + } else if (run->exit_reason != SGX_SYNCHRONOUS_EXIT) { + printf("FAIL: %s() exit reason, expected: %u, got: %u\n", + test, SGX_SYNCHRONOUS_EXIT, run->exit_reason); + return -EIO; + } else if (result != MAGIC) { + printf("FAIL: %s(), expected: 0x%lx, got: 0x%lx\n", + test, MAGIC, result); + return -EIO; + } else if (run->user_data) { + printf("FAIL: %s() user data, expected: 0x0, got: 0x%llx\n", + test, run->user_data); + return -EIO; + } + return 0; +} + +static int exit_handler(long rdi, long rsi, long rdx, long ursp, long r8, long r9, + struct sgx_enclave_run *run) +{ + run->user_data = 0; + return 0; +} + +int main(int argc, char *argv[], char *envp[]) +{ + struct sgx_enclave_run run; + struct vdso_symtab symtab; + Elf64_Sym *eenter_sym; + uint64_t result = 0; + struct encl encl; + unsigned int i; + void *addr; + int ret; + + if (!encl_load("test_encl.elf", &encl)) + goto err; + + if (!encl_measure(&encl)) + goto err; + + if (!encl_build(&encl)) + goto err; + + /* + * An enclave consumer only must do this. + */ + for (i = 0; i < encl.nr_segments; i++) { + struct encl_segment *seg = &encl.segment_tbl[i]; + + addr = mmap((void *)encl.encl_base + seg->offset, seg->size, + seg->prot, MAP_SHARED | MAP_FIXED, encl.fd, 0); + if (addr == MAP_FAILED) { + fprintf(stderr, "mmap() failed, errno=%d.\n", errno); + exit(1); + } + } + + memset(&run, 0, sizeof(run)); + run.tcs = encl.encl_base; + + addr = vdso_get_base_addr(envp); + if (!addr) + goto err; + + if (!vdso_get_symtab(addr, &symtab)) + goto err; + + eenter_sym = vdso_symtab_get(&symtab, "__vdso_sgx_enter_enclave"); + if (!eenter_sym) + goto err; + + eenter = addr + eenter_sym->st_value; + + ret = sgx_call_vdso((void *)&MAGIC, &result, 0, EENTER, NULL, NULL, &run); + if (check_result(&run, ret, result, "sgx_call_vdso")) + goto err; + + + /* Invoke the vDSO directly. */ + result = 0; + ret = eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER, + 0, 0, &run); + if (check_result(&run, ret, result, "eenter")) + goto err; + + /* And with an exit handler. */ + run.user_handler = exit_handler; + run.user_data = 0xdeadbeef; + ret = eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER, + 0, 0, &run); + if (check_result(&run, ret, result, "exit_handler")) + goto err; + + printf("SUCCESS\n"); + encl_delete(&encl); + exit(0); + +err: + encl_delete(&encl); + exit(1); +} diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h new file mode 100644 index 000000000000..2b4777942500 --- /dev/null +++ b/tools/testing/selftests/sgx/main.h @@ -0,0 +1,38 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright(c) 2016-19 Intel Corporation. + */ + +#ifndef MAIN_H +#define MAIN_H + +struct encl_segment { + off_t offset; + size_t size; + unsigned int prot; + unsigned int flags; +}; + +struct encl { + int fd; + void *bin; + off_t bin_size; + void *src; + size_t src_size; + size_t encl_size; + off_t encl_base; + unsigned int nr_segments; + struct encl_segment *segment_tbl; + struct sgx_secs secs; + struct sgx_sigstruct sigstruct; +}; + +void encl_delete(struct encl *ctx); +bool encl_load(const char *path, struct encl *encl); +bool encl_measure(struct encl *encl); +bool encl_build(struct encl *encl); + +int sgx_call_vdso(void *rdi, void *rsi, long rdx, u32 leaf, void *r8, void *r9, + struct sgx_enclave_run *run); + +#endif /* MAIN_H */ diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c new file mode 100644 index 000000000000..ceddad478672 --- /dev/null +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -0,0 +1,395 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#define _GNU_SOURCE +#include <assert.h> +#include <getopt.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <unistd.h> +#include <openssl/err.h> +#include <openssl/pem.h> +#include "defines.h" +#include "main.h" + +struct q1q2_ctx { + BN_CTX *bn_ctx; + BIGNUM *m; + BIGNUM *s; + BIGNUM *q1; + BIGNUM *qr; + BIGNUM *q2; +}; + +static void free_q1q2_ctx(struct q1q2_ctx *ctx) +{ + BN_CTX_free(ctx->bn_ctx); + BN_free(ctx->m); + BN_free(ctx->s); + BN_free(ctx->q1); + BN_free(ctx->qr); + BN_free(ctx->q2); +} + +static bool alloc_q1q2_ctx(const uint8_t *s, const uint8_t *m, + struct q1q2_ctx *ctx) +{ + ctx->bn_ctx = BN_CTX_new(); + ctx->s = BN_bin2bn(s, SGX_MODULUS_SIZE, NULL); + ctx->m = BN_bin2bn(m, SGX_MODULUS_SIZE, NULL); + ctx->q1 = BN_new(); + ctx->qr = BN_new(); + ctx->q2 = BN_new(); + + if (!ctx->bn_ctx || !ctx->s || !ctx->m || !ctx->q1 || !ctx->qr || + !ctx->q2) { + free_q1q2_ctx(ctx); + return false; + } + + return true; +} + +static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1, + uint8_t *q2) +{ + struct q1q2_ctx ctx; + + if (!alloc_q1q2_ctx(s, m, &ctx)) { + fprintf(stderr, "Not enough memory for Q1Q2 calculation\n"); + return false; + } + + if (!BN_mul(ctx.q1, ctx.s, ctx.s, ctx.bn_ctx)) + goto out; + + if (!BN_div(ctx.q1, ctx.qr, ctx.q1, ctx.m, ctx.bn_ctx)) + goto out; + + if (BN_num_bytes(ctx.q1) > SGX_MODULUS_SIZE) { + fprintf(stderr, "Too large Q1 %d bytes\n", + BN_num_bytes(ctx.q1)); + goto out; + } + + if (!BN_mul(ctx.q2, ctx.s, ctx.qr, ctx.bn_ctx)) + goto out; + + if (!BN_div(ctx.q2, NULL, ctx.q2, ctx.m, ctx.bn_ctx)) + goto out; + + if (BN_num_bytes(ctx.q2) > SGX_MODULUS_SIZE) { + fprintf(stderr, "Too large Q2 %d bytes\n", + BN_num_bytes(ctx.q2)); + goto out; + } + + BN_bn2bin(ctx.q1, q1); + BN_bn2bin(ctx.q2, q2); + + free_q1q2_ctx(&ctx); + return true; +out: + free_q1q2_ctx(&ctx); + return false; +} + +struct sgx_sigstruct_payload { + struct sgx_sigstruct_header header; + struct sgx_sigstruct_body body; +}; + +static bool check_crypto_errors(void) +{ + int err; + bool had_errors = false; + const char *filename; + int line; + char str[256]; + + for ( ; ; ) { + if (ERR_peek_error() == 0) + break; + + had_errors = true; + err = ERR_get_error_line(&filename, &line); + ERR_error_string_n(err, str, sizeof(str)); + fprintf(stderr, "crypto: %s: %s:%d\n", str, filename, line); + } + + return had_errors; +} + +static inline const BIGNUM *get_modulus(RSA *key) +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return key->n; +#else + const BIGNUM *n; + + RSA_get0_key(key, &n, NULL, NULL); + return n; +#endif +} + +static RSA *gen_sign_key(void) +{ + BIGNUM *e; + RSA *key; + int ret; + + e = BN_new(); + key = RSA_new(); + + if (!e || !key) + goto err; + + ret = BN_set_word(e, RSA_3); + if (ret != 1) + goto err; + + ret = RSA_generate_key_ex(key, 3072, e, NULL); + if (ret != 1) + goto err; + + BN_free(e); + + return key; + +err: + RSA_free(key); + BN_free(e); + + return NULL; +} + +static void reverse_bytes(void *data, int length) +{ + int i = 0; + int j = length - 1; + uint8_t temp; + uint8_t *ptr = data; + + while (i < j) { + temp = ptr[i]; + ptr[i] = ptr[j]; + ptr[j] = temp; + i++; + j--; + } +} + +enum mrtags { + MRECREATE = 0x0045544145524345, + MREADD = 0x0000000044444145, + MREEXTEND = 0x00444E4554584545, +}; + +static bool mrenclave_update(EVP_MD_CTX *ctx, const void *data) +{ + if (!EVP_DigestUpdate(ctx, data, 64)) { + fprintf(stderr, "digest update failed\n"); + return false; + } + + return true; +} + +static bool mrenclave_commit(EVP_MD_CTX *ctx, uint8_t *mrenclave) +{ + unsigned int size; + + if (!EVP_DigestFinal_ex(ctx, (unsigned char *)mrenclave, &size)) { + fprintf(stderr, "digest commit failed\n"); + return false; + } + + if (size != 32) { + fprintf(stderr, "invalid digest size = %u\n", size); + return false; + } + + return true; +} + +struct mrecreate { + uint64_t tag; + uint32_t ssaframesize; + uint64_t size; + uint8_t reserved[44]; +} __attribute__((__packed__)); + + +static bool mrenclave_ecreate(EVP_MD_CTX *ctx, uint64_t blob_size) +{ + struct mrecreate mrecreate; + uint64_t encl_size; + + for (encl_size = 0x1000; encl_size < blob_size; ) + encl_size <<= 1; + + memset(&mrecreate, 0, sizeof(mrecreate)); + mrecreate.tag = MRECREATE; + mrecreate.ssaframesize = 1; + mrecreate.size = encl_size; + + if (!EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)) + return false; + + return mrenclave_update(ctx, &mrecreate); +} + +struct mreadd { + uint64_t tag; + uint64_t offset; + uint64_t flags; /* SECINFO flags */ + uint8_t reserved[40]; +} __attribute__((__packed__)); + +static bool mrenclave_eadd(EVP_MD_CTX *ctx, uint64_t offset, uint64_t flags) +{ + struct mreadd mreadd; + + memset(&mreadd, 0, sizeof(mreadd)); + mreadd.tag = MREADD; + mreadd.offset = offset; + mreadd.flags = flags; + + return mrenclave_update(ctx, &mreadd); +} + +struct mreextend { + uint64_t tag; + uint64_t offset; + uint8_t reserved[48]; +} __attribute__((__packed__)); + +static bool mrenclave_eextend(EVP_MD_CTX *ctx, uint64_t offset, + const uint8_t *data) +{ + struct mreextend mreextend; + int i; + + for (i = 0; i < 0x1000; i += 0x100) { + memset(&mreextend, 0, sizeof(mreextend)); + mreextend.tag = MREEXTEND; + mreextend.offset = offset + i; + + if (!mrenclave_update(ctx, &mreextend)) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x00])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x40])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x80])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0xC0])) + return false; + } + + return true; +} + +static bool mrenclave_segment(EVP_MD_CTX *ctx, struct encl *encl, + struct encl_segment *seg) +{ + uint64_t end = seg->offset + seg->size; + uint64_t offset; + + for (offset = seg->offset; offset < end; offset += PAGE_SIZE) { + if (!mrenclave_eadd(ctx, offset, seg->flags)) + return false; + + if (!mrenclave_eextend(ctx, offset, encl->src + offset)) + return false; + } + + return true; +} + +bool encl_measure(struct encl *encl) +{ + uint64_t header1[2] = {0x000000E100000006, 0x0000000000010000}; + uint64_t header2[2] = {0x0000006000000101, 0x0000000100000060}; + struct sgx_sigstruct *sigstruct = &encl->sigstruct; + struct sgx_sigstruct_payload payload; + uint8_t digest[SHA256_DIGEST_LENGTH]; + unsigned int siglen; + RSA *key = NULL; + EVP_MD_CTX *ctx; + int i; + + memset(sigstruct, 0, sizeof(*sigstruct)); + + sigstruct->header.header1[0] = header1[0]; + sigstruct->header.header1[1] = header1[1]; + sigstruct->header.header2[0] = header2[0]; + sigstruct->header.header2[1] = header2[1]; + sigstruct->exponent = 3; + sigstruct->body.attributes = SGX_ATTR_MODE64BIT; + sigstruct->body.xfrm = 3; + + /* sanity check */ + if (check_crypto_errors()) + goto err; + + key = gen_sign_key(); + if (!key) + goto err; + + BN_bn2bin(get_modulus(key), sigstruct->modulus); + + ctx = EVP_MD_CTX_create(); + if (!ctx) + goto err; + + if (!mrenclave_ecreate(ctx, encl->src_size)) + goto err; + + for (i = 0; i < encl->nr_segments; i++) { + struct encl_segment *seg = &encl->segment_tbl[i]; + + if (!mrenclave_segment(ctx, encl, seg)) + goto err; + } + + if (!mrenclave_commit(ctx, sigstruct->body.mrenclave)) + goto err; + + memcpy(&payload.header, &sigstruct->header, sizeof(sigstruct->header)); + memcpy(&payload.body, &sigstruct->body, sizeof(sigstruct->body)); + + SHA256((unsigned char *)&payload, sizeof(payload), digest); + + if (!RSA_sign(NID_sha256, digest, SHA256_DIGEST_LENGTH, + sigstruct->signature, &siglen, key)) + goto err; + + if (!calc_q1q2(sigstruct->signature, sigstruct->modulus, sigstruct->q1, + sigstruct->q2)) + goto err; + + /* BE -> LE */ + reverse_bytes(sigstruct->signature, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->modulus, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->q1, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->q2, SGX_MODULUS_SIZE); + + EVP_MD_CTX_destroy(ctx); + RSA_free(key); + return true; + +err: + EVP_MD_CTX_destroy(ctx); + RSA_free(key); + return false; +} diff --git a/tools/testing/selftests/sgx/test_encl.c b/tools/testing/selftests/sgx/test_encl.c new file mode 100644 index 000000000000..ede915399742 --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl.c @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <stddef.h> +#include "defines.h" + +static void *memcpy(void *dest, const void *src, size_t n) +{ + size_t i; + + for (i = 0; i < n; i++) + ((char *)dest)[i] = ((char *)src)[i]; + + return dest; +} + +void encl_body(void *rdi, void *rsi) +{ + memcpy(rsi, rdi, 8); +} diff --git a/tools/testing/selftests/sgx/test_encl.lds b/tools/testing/selftests/sgx/test_encl.lds new file mode 100644 index 000000000000..0fbbda7e665e --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl.lds @@ -0,0 +1,40 @@ +OUTPUT_FORMAT(elf64-x86-64) + +PHDRS +{ + tcs PT_LOAD; + text PT_LOAD; + data PT_LOAD; +} + +SECTIONS +{ + . = 0; + .tcs : { + *(.tcs*) + } : tcs + + . = ALIGN(4096); + .text : { + *(.text*) + *(.rodata*) + } : text + + . = ALIGN(4096); + .data : { + *(.data*) + } : data + + /DISCARD/ : { + *(.comment*) + *(.note*) + *(.debug*) + *(.eh_frame*) + } +} + +ASSERT(!DEFINED(.altinstructions), "ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.altinstr_replacement), "ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.discard.retpoline_safe), "RETPOLINE ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.discard.nospec), "RETPOLINE ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.got.plt), "Libcalls are not supported in enclaves") diff --git a/tools/testing/selftests/sgx/test_encl_bootstrap.S b/tools/testing/selftests/sgx/test_encl_bootstrap.S new file mode 100644 index 000000000000..6836ea86126e --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl_bootstrap.S @@ -0,0 +1,89 @@ +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */ +/* + * Copyright(c) 2016-18 Intel Corporation. + */ + + .macro ENCLU + .byte 0x0f, 0x01, 0xd7 + .endm + + .section ".tcs", "aw" + .balign 4096 + + .fill 1, 8, 0 # STATE (set by CPU) + .fill 1, 8, 0 # FLAGS + .quad encl_ssa # OSSA + .fill 1, 4, 0 # CSSA (set by CPU) + .fill 1, 4, 1 # NSSA + .quad encl_entry # OENTRY + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME) + .fill 1, 8, 0 # OFSBASE + .fill 1, 8, 0 # OGSBASE + .fill 1, 4, 0xFFFFFFFF # FSLIMIT + .fill 1, 4, 0xFFFFFFFF # GSLIMIT + .fill 4024, 1, 0 # Reserved + + # Identical to the previous TCS. + .fill 1, 8, 0 # STATE (set by CPU) + .fill 1, 8, 0 # FLAGS + .quad encl_ssa # OSSA + .fill 1, 4, 0 # CSSA (set by CPU) + .fill 1, 4, 1 # NSSA + .quad encl_entry # OENTRY + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME) + .fill 1, 8, 0 # OFSBASE + .fill 1, 8, 0 # OGSBASE + .fill 1, 4, 0xFFFFFFFF # FSLIMIT + .fill 1, 4, 0xFFFFFFFF # GSLIMIT + .fill 4024, 1, 0 # Reserved + + .text + +encl_entry: + # RBX contains the base address for TCS, which is also the first address + # inside the enclave. By adding the value of le_stack_end to it, we get + # the absolute address for the stack. + lea (encl_stack)(%rbx), %rax + xchg %rsp, %rax + push %rax + + push %rcx # push the address after EENTER + push %rbx # push the enclave base address + + call encl_body + + pop %rbx # pop the enclave base address + + /* Clear volatile GPRs, except RAX (EEXIT leaf). */ + xor %rcx, %rcx + xor %rdx, %rdx + xor %rdi, %rdi + xor %rsi, %rsi + xor %r8, %r8 + xor %r9, %r9 + xor %r10, %r10 + xor %r11, %r11 + + # Reset status flags. + add %rdx, %rdx # OF = SF = AF = CF = 0; ZF = PF = 1 + + # Prepare EEXIT target by popping the address of the instruction after + # EENTER to RBX. + pop %rbx + + # Restore the caller stack. + pop %rax + mov %rax, %rsp + + # EEXIT + mov $4, %rax + enclu + + .section ".data", "aw" + +encl_ssa: + .space 4096 + + .balign 4096 + .space 8192 +encl_stack: -- 2.25.1

5 years, 2 months

1
0
0 0

Re: [patch 00/13] preempt: Make preempt count unconditional

by Ard Biesheuvel

On Tue, 15 Sep 2020 at 01:43, Linus Torvalds <torvalds(a)linux-foundation.org> wrote: > > On Mon, Sep 14, 2020 at 3:24 PM Linus Torvalds > <torvalds(a)linux-foundation.org> wrote: > > > > Ard and Herbert added to participants: see > > chacha20poly1305_crypt_sg_inplace(), which does > > > > flags = SG_MITER_TO_SG; > > if (!preemptible()) > > flags |= SG_MITER_ATOMIC; > > > > introduced in commit d95312a3ccc0 ("crypto: lib/chacha20poly1305 - > > reimplement crypt_from_sg() routine"). > > As far as I can tell, the only reason for this all is to try to use > "kmap()" rather than "kmap_atomic()". > > And kmap() actually has the much more complex "might_sleep()" tests, > and apparently the "preemptible()" check wasn't even the proper full > debug check, it was just a complete hack to catch the one that > triggered. > This was not driven by a failing check. The documentation of kmap_atomic() states the following: * The use of kmap_atomic/kunmap_atomic is discouraged - kmap/kunmap * gives a more generic (and caching) interface. But kmap_atomic can * be used in IRQ contexts, so in some (very limited) cases we need * it. so if this is no longer accurate, perhaps we should fix it? But another reason I tried to avoid kmap_atomic() is that it disables preemption unconditionally, even on 64-bit architectures where HIGHMEM is irrelevant. So using kmap_atomic() here means that the bulk of WireGuard packet encryption runs with preemption disabled, essentially for legacy reasons. > From a quick look, that code should probably just get rid of > SG_MITER_ATOMIC entirely, and alwayse use kmap_atomic(). > > kmap_atomic() is actually the faster and proper interface to use > anyway (never mind that any of this matters on any sane hardware). The > old kmap() and kunmap() interfaces should generally be avoided like > the plague - yes, they allow sleeping in the middle and that is > sometimes required, but if you don't need that, you should never ever > use them. > > We used to have a very nasty kmap_atomic() that required people to be > very careful and know exactly which atomic entry to use, and that was > admitedly quite nasty. > > So it _looks_ like this code started using kmap() - probably back when > kmap_atomic() was so cumbersome to use - and was then converted > (conditionally) to kmap_atomic() rather than just changed whole-sale. > Is there actually something that wants to use those sg_miter functions > and sleep? > > Because if there is, that choice should come from the outside, not > from inside lib/scatterlist.c trying to make some bad guess based on > the wrong thing entirely. > > Linus

5 years, 2 months

1
0
0 0

[PATCH v14 0/5] KASAN-KUnit Integration

by David Gow

This patchset contains everything needed to integrate KASAN and KUnit. KUnit will be able to: (1) Fail tests when an unexpected KASAN error occurs (2) Pass tests when an expected KASAN error occurs Convert KASAN tests to KUnit with the exception of copy_user_test because KUnit is unable to test those. Add documentation on how to run the KASAN tests with KUnit and what to expect when running these tests. The dependencies for this patchset are all present in 5.9-rc1+. Changes from v13: - Fix some compile warnings in test_kasan_module[9] Changes from v12: - Rebased on top of mainline (ab29a807) - Updated to match latest KUnit guidelines (no longer rename the test) - Fix some small issues with the documentation to match the correct test name and mention the module name. Changes from v11: - Rebased on top of latest -next (20200810) - Fixed a redundant memchr() call in kasan_memchr() - Added Andrey's "Tested-by" to everything. Changes from v10: - Fixed some whitespace issues in patch 2. - Split out the renaming of the KUnit test suite into a separate patch. Changes from v9: - Rebased on top of linux-next (20200731) + kselftest/kunit and [7] - Note that the kasan_rcu_uaf test has not been ported to KUnit, and remains in test_kasan_module. This is because: (a) KUnit's expect failure will not check if the RCU stacktraces show. (b) KUnit is unable to link the failure to the test, as it occurs in an RCU callback. Changes from v8: - Rebased on top of kselftest/kunit - (Which, with this patchset, should rebase cleanly on 5.8-rc7) - Renamed the KUnit test suite, config name to patch the proposed naming guidelines for KUnit tests[6] Changes from v7: - Rebased on top of kselftest/kunit - Rebased on top of v4 of the kunit resources API[1] - Rebased on top of v4 of the FORTIFY_SOURCE fix[2,3,4] - Updated the Kconfig entry to support KUNIT_ALL_TESTS Changes from v6: - Rebased on top of kselftest/kunit - Rebased on top of Daniel Axtens' fix for FORTIFY_SOURCE incompatibilites [2] - Removed a redundant report_enabled() check. - Fixed some places with out of date Kconfig names in the documentation. Changes from v5: - Split out the panic_on_warn changes to a separate patch. - Fix documentation to fewer to the new Kconfig names. - Fix some changes which were in the wrong patch. - Rebase on top of kselftest/kunit (currently identical to 5.7-rc1) Changes from v4: - KASAN no longer will panic on errors if both panic_on_warn and kasan_multishot are enabled. - As a result, the KASAN tests will no-longer disable panic_on_warn. - This also means panic_on_warn no-longer needs to be exported. - The use of temporary "kasan_data" variables has been cleaned up somewhat. - A potential refcount/resource leak should multiple KASAN errors appear during an assertion was fixed. - Some wording changes to the KASAN test Kconfig entries. Changes from v3: - KUNIT_SET_KASAN_DATA and KUNIT_DO_EXPECT_KASAN_FAIL have been combined and included in KUNIT_DO_EXPECT_KASAN_FAIL() instead. - Reordered logic in kasan_update_kunit_status() in report.c to be easier to read. - Added comment to not use the name "kasan_data" for any kunit tests outside of KUNIT_EXPECT_KASAN_FAIL(). Changes since v2: - Due to Alan's changes in [1], KUnit can be built as a module. - The name of the tests that could not be run with KUnit has been changed to be more generic: test_kasan_module. - Documentation on how to run the new KASAN tests and what to expect when running them has been added. - Some variables and functions are now static. - Now save/restore panic_on_warn in a similar way to kasan_multi_shot and renamed the init/exit functions to be more generic to accommodate. - Due to [4] in kasan_strings, kasan_memchr, and kasan_memcmp will fail if CONFIG_AMD_MEM_ENCRYPT is enabled so return early and print message explaining this circumstance. - Changed preprocessor checks to C checks where applicable. Changes since v1: - Make use of Alan Maguire's suggestion to use his patch that allows static resources for integration instead of adding a new attribute to the kunit struct - All KUNIT_EXPECT_KASAN_FAIL statements are local to each test - The definition of KUNIT_EXPECT_KASAN_FAIL is local to the test_kasan.c file since it seems this is the only place this will be used. - Integration relies on KUnit being builtin - copy_user_test has been separated into its own file since KUnit is unable to test these. This can be run as a module just as before, using CONFIG_TEST_KASAN_USER - The addition to the current task has been separated into its own patch as this is a significant enough change to be on its own. [1] https://lore.kernel.org/linux-kselftest/CAFd5g46Uu_5TG89uOm0Dj5CMq+11cwjBns… [2] https://lore.kernel.org/linux-mm/20200424145521.8203-1-dja@axtens.net/ [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [5] https://bugzilla.kernel.org/show_bug.cgi?id=206337 [6] https://lore.kernel.org/linux-kselftest/20200620054944.167330-1-davidgow@go… [7] https://lkml.org/lkml/2020/7/31/571 [8] https://lore.kernel.org/linux-kselftest/8d43e88e-1356-cd63-9152-209b81b1674… [9] https://www.spinics.net/lists/kernel/msg3660451.html David Gow (1): mm: kasan: Do not panic if both panic_on_warn and kasan_multishot set Patricia Alfonso (4): Add KUnit Struct to Current Task KUnit: KASAN Integration KASAN: Port KASAN Tests to KUnit KASAN: Testing Documentation Documentation/dev-tools/kasan.rst | 70 +++ include/kunit/test.h | 5 + include/linux/kasan.h | 6 + include/linux/sched.h | 4 + lib/Kconfig.kasan | 22 +- lib/Makefile | 4 +- lib/kunit/test.c | 13 +- lib/test_kasan.c | 728 ++++++++++++------------------ lib/test_kasan_module.c | 111 +++++ mm/kasan/report.c | 34 +- 10 files changed, 554 insertions(+), 443 deletions(-) create mode 100644 lib/test_kasan_module.c -- 2.28.0.618.gf4bc123cb7-goog

5 years, 2 months

1
5
0 0

[PATCH bpf-next v2 0/6] bpf: BTF support for ksyms

by Hao Luo

v1 -> v2: - Move check_pseudo_btf_id from check_ld_imm() to replace_map_fd_with_map_ptr() and rename the latter. - Add bpf_this_cpu_ptr(). - Use bpf_core_types_are_compat() in libbpf.c for checking type compatibility. - Rewrite typed ksym extern type in BTF with int to save space. - Minor revision of bpf_per_cpu_ptr()'s comments. - Avoid using long in tests that use skeleton. - Refactored test_ksyms.c by moving kallsyms_find() to trace_helpers.c - Fold the patches that sync include/linux/uapi and tools/include/linux/uapi. rfc -> v1: - Encode VAR's btf_id for PSEUDO_BTF_ID. - More checks in verifier. Checking the btf_id passed as PSEUDO_BTF_ID is valid VAR, its name and type. - Checks in libbpf on type compatibility of ksyms. - Add bpf_per_cpu_ptr() to access kernel percpu vars. Introduced new ARG and RET types for this helper. This patch series extends the previously added __ksym externs with btf support. Right now the __ksym externs are treated as pure 64-bit scalar value. Libbpf replaces ld_imm64 insn of __ksym by its kernel address at load time. This patch series extend those externs with their btf info. Note that btf support for __ksym must come with the kernel btf that has VARs encoded to work properly. The corresponding chagnes in pahole is available at [1] (with a fix at [2] for gcc 4.9+). The first 3 patches in this series add support for general kernel global variables, which include verifier checking (01/06), libpf support (02/06) and selftests for getting typed ksym extern's kernel address (03/06). The next 3 patches extends that capability further by introducing helpers bpf_per_cpu_ptr() and bpf_this_cpu_ptr(), which allows accessing kernel percpu variables correctly (04/06 and 05/06). The tests of this feature were performed against pahole that is extended with [1] and [2]. For kernel BTF that does not have VARs encoded, the selftests will be skipped. [1] https://git.kernel.org/pub/scm/devel/pahole/pahole.git/commit/?id=f3d9054ba… [2] https://www.spinics.net/lists/dwarves/msg00451.html Hao Luo (6): bpf: Introduce pseudo_btf_id bpf/libbpf: BTF support for typed ksyms bpf/selftests: ksyms_btf to test typed ksyms bpf: Introduce bpf_per_cpu_ptr() bpf: Introduce bpf_this_cpu_ptr() bpf/selftests: Test for bpf_per_cpu_ptr() and bpf_this_cpu_ptr() include/linux/bpf.h | 4 + include/linux/bpf_verifier.h | 4 + include/linux/btf.h | 26 +++ include/uapi/linux/bpf.h | 69 ++++++- kernel/bpf/btf.c | 25 --- kernel/bpf/verifier.c | 176 +++++++++++++++++- kernel/trace/bpf_trace.c | 32 ++++ tools/include/uapi/linux/bpf.h | 69 ++++++- tools/lib/bpf/libbpf.c | 116 ++++++++++-- .../testing/selftests/bpf/prog_tests/ksyms.c | 31 +-- .../selftests/bpf/prog_tests/ksyms_btf.c | 73 ++++++++ .../selftests/bpf/progs/test_ksyms_btf.c | 49 +++++ tools/testing/selftests/bpf/trace_helpers.c | 26 +++ tools/testing/selftests/bpf/trace_helpers.h | 4 + 14 files changed, 615 insertions(+), 89 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/ksyms_btf.c create mode 100644 tools/testing/selftests/bpf/progs/test_ksyms_btf.c -- 2.28.0.526.ge36021eeef-goog

5 years, 2 months

2
20
0 0

[PATCH bpf-next v2 5/5] bpf: selftests: add bpf_mptcp_sock() verifier tests

by Nicolas Rybowski

This patch adds verifier side tests for the new bpf_mptcp_sock() helper. Here are the new tests : - NULL bpf_sock is correctly handled - We cannot access a field from bpf_mptcp_sock if the latter is NULL - We can access a field from bpf_mptcp_sock if the latter is not NULL - We cannot modify a field from bpf_mptcp_sock. Note that "token" is currently the only field in bpf_mptcp_sock. Currently, there is no easy way to test the token field since we cannot get back the mptcp_sock in userspace, this could be a future amelioration. Acked-by: Matthieu Baerts <matthieu.baerts(a)tessares.net> Signed-off-by: Nicolas Rybowski <nicolas.rybowski(a)tessares.net> --- Notes: v1 -> v2: - new patch: mandatory selftests (Alexei) tools/testing/selftests/bpf/verifier/sock.c | 63 +++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/tools/testing/selftests/bpf/verifier/sock.c b/tools/testing/selftests/bpf/verifier/sock.c index b1aac2641498..9ce7c7ec3b5e 100644 --- a/tools/testing/selftests/bpf/verifier/sock.c +++ b/tools/testing/selftests/bpf/verifier/sock.c @@ -631,3 +631,66 @@ .prog_type = BPF_PROG_TYPE_SK_REUSEPORT, .result = ACCEPT, }, +{ + "bpf_mptcp_sock(skops->sk): no !skops->sk check", + .insns = { + BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct bpf_sock_ops, sk)), + BPF_EMIT_CALL(BPF_FUNC_mptcp_sock), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_SOCK_OPS, + .result = REJECT, + .errstr = "type=sock_or_null expected=sock_common", +}, +{ + "bpf_mptcp_sock(skops->sk): no NULL check on ret", + .insns = { + BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct bpf_sock_ops, sk)), + BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + BPF_EMIT_CALL(BPF_FUNC_mptcp_sock), + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_mptcp_sock, token)), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_SOCK_OPS, + .result = REJECT, + .errstr = "invalid mem access 'mptcp_sock_or_null'", +}, +{ + "bpf_mptcp_sock(skops->sk): msk->token", + .insns = { + BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct bpf_sock_ops, sk)), + BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + BPF_EMIT_CALL(BPF_FUNC_mptcp_sock), + BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), + BPF_EXIT_INSN(), + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_mptcp_sock, token)), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_SOCK_OPS, + .result = ACCEPT, +}, +{ + "bpf_mptcp_sock(skops->sk): msk->token cannot be modified", + .insns = { + BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct bpf_sock_ops, sk)), + BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + BPF_EMIT_CALL(BPF_FUNC_mptcp_sock), + BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), + BPF_EXIT_INSN(), + BPF_ST_MEM(BPF_W, BPF_REG_0, offsetof(struct bpf_mptcp_sock, token), 0x2a), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_SOCK_OPS, + .result = REJECT, + .errstr = "cannot write into mptcp_sock", +}, -- 2.28.0

5 years, 2 months

2
1
0 0

[RFC v4 0/1] Selftest for cpuidle latency measurement

by Pratik Rajesh Sampat

Changelog v3-->v4: 1. Overhaul in implementation from kernel module to a userspace selftest --- The patch series introduces a mechanism to measure wakeup latency for IPI and timer based interrupts The motivation behind this series is to find significant deviations behind advertised latency and residency values To achieve this in the userspace, IPI latencies are calculated by sending information through pipes and inducing a wakeup, similarly alarm events are setup for calculate timer based wakeup latencies. To account for delays from kernel-userspace interactions baseline observations are taken on a 100% busy CPU and subsequent obervations must be considered relative to that. In theory, wakeups induced by IPI and Timers should have similar wakeup latencies, however in practice there may be deviations which may need to be captured. One downside of the userspace approach in contrast to the kernel implementation is that the run to run variance can turn out to be high in the order of ms; which is the scope of the experiments at times. Another downside of the userspace approach is that it takes much longer to run and hence a command-line option quick and full are added to make sure quick 1 CPU tests can be carried out when needed and otherwise it can carry out a full system comprehensive test. Usage --- ./cpuidle --mode <full / quick / num_cpus> --output <output location> full: runs on all CPUS quick: run on a random CPU num_cpus: Limit the number of CPUS to run on Sample output snippet --------------------- --IPI Latency Test--- SRC_CPU DEST_CPU IPI_Latency(ns) ... 0 5 256178 0 6 478161 0 7 285445 0 8 273553 Expected IPI latency(ns): 100000 Observed Average IPI latency(ns): 248334 --Timeout Latency Test-- --Baseline Timeout Latency measurement: CPU Busy-- Wakeup_src Baseline_delay(ns) ... 32 972405 33 1004287 34 986663 35 994022 Expected timeout(ns): 10000000 Observed Average timeout diff(ns): 991844 Pratik Rajesh Sampat (1): selftests/cpuidle: Add support for cpuidle latency measurement tools/testing/selftests/Makefile | 1 + tools/testing/selftests/cpuidle/Makefile | 7 + tools/testing/selftests/cpuidle/cpuidle.c | 616 ++++++++++++++++++++++ tools/testing/selftests/cpuidle/settings | 1 + 4 files changed, 625 insertions(+) create mode 100644 tools/testing/selftests/cpuidle/Makefile create mode 100644 tools/testing/selftests/cpuidle/cpuidle.c create mode 100644 tools/testing/selftests/cpuidle/settings -- 2.26.2

5 years, 2 months

4
8
0 0

[RFC PATCH 0/1] selftests/run_kselftest.sh: make each test individually selectable

by Hangbin Liu

Hi, this patch enhanced the run_kselftest.sh to make the tests individually selectable. I'm not sure the if I could add the reuslt in the patch commit, as the log is too long. So I just put the result to the cover-letter: Note: I use `tr -s "/-" "_"` to cover the path name in tests to function name. e.g. networking/timestamping -> networking_timestamping. I'm not sure if it's legal in Makefile. Before the patch: ]# ./kselftest_install.sh /tmp/kselftests ]# cat /tmp/kselftests/run_kselftest.sh #!/bin/sh BASE_DIR=$(realpath $(dirname $0)) cd $BASE_DIR . ./kselftest/runner.sh ROOT=$PWD if [ "$1" = "--summary" ]; then logfile=$BASE_DIR/output.log cat /dev/null > $logfile fi [ -w /dev/kmsg ] && echo "kselftest: Running tests in android" >> /dev/kmsg cd android run_many \ "run.sh" cd $ROOT ...<snip>... [ -w /dev/kmsg ] && echo "kselftest: Running tests in zram" >> /dev/kmsg cd zram run_many \ "zram.sh" cd $ROOT After the patch: ]# ./kselftest_install.sh /tmp/kselftests ]# cat /tmp/kselftests/run_kselftest.sh #!/bin/sh BASE_DIR=$(realpath $(dirname $0)) . ./kselftest/runner.sh TESTS="android ...<snip>... zram" run_android() { [ -w /dev/kmsg ] && echo "kselftest: Running tests in android" >> /dev/kmsg cd android run_many \ "run.sh" cd $ROOT } ...<snip>... run_zram() { [ -w /dev/kmsg ] && echo "kselftest: Running tests in zram" >> /dev/kmsg cd zram run_many \ "zram.sh" cd $ROOT } usage() { cat <<EOF usage: ${0##*/} OPTS -s | --summary Only print summary info and put detailed log in output.log -t | --tests Test name you want to run specifically -h | --help Show this usage info EOF } while true; do case "$1" in -s | --summary ) logfile=$BASE_DIR/output.log; cat /dev/null > $logfile; shift ;; -t | --tests ) TESTS=$2; shift 2 ;; -h | --help ) usage; exit 0;; "" ) break;; * ) usage; exit 1;; esac done cd $BASE_DIR ROOT=$PWD for test in $TESTS; do run_$test done Hangbin Liu (1): selftests/run_kselftest.sh: make each test individually selectable tools/testing/selftests/Makefile | 48 +++++++++++++++++++++++++------- tools/testing/selftests/lib.mk | 2 +- 2 files changed, 39 insertions(+), 11 deletions(-) -- 2.19.2

5 years, 2 months

3
8
0 0

[PATCH v2] selftests/seccomp: fix ptrace tests on powerpc

by Thadeu Lima de Souza Cascardo

As pointed out by Michael Ellerman, the ptrace ABI on powerpc does not allow or require the return code to be set on syscall entry when skipping the syscall. It will always return ENOSYS and the return code must be set on syscall exit. This code does that, behaving more similarly to strace. It still sets the return code on entry, which is overridden on powerpc, and it will always repeat the same on exit. Also, on powerpc, the errno is not inverted, and depends on ccr.so being set. This has been tested on powerpc and amd64. Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Kees Cook <keescook(a)google.com> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> --- tools/testing/selftests/seccomp/seccomp_bpf.c | 81 ++++++++++++------- 1 file changed, 53 insertions(+), 28 deletions(-) diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 7a6d40286a42..0ddc0846e9c0 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -1837,15 +1837,24 @@ void change_syscall(struct __test_metadata *_metadata, #endif /* If syscall is skipped, change return value. */ - if (syscall == -1) + if (syscall == -1) { #ifdef SYSCALL_NUM_RET_SHARE_REG TH_LOG("Can't modify syscall return on this architecture"); - #elif defined(__xtensa__) regs.SYSCALL_RET(regs) = result; +#elif defined(__powerpc__) + /* Error is signaled by CR0 SO bit and error code is positive. */ + if (result < 0) { + regs.SYSCALL_RET = -result; + regs.ccr |= 0x10000000; + } else { + regs.SYSCALL_RET = result; + regs.ccr &= ~0x10000000; + } #else regs.SYSCALL_RET = result; #endif + } #ifdef HAVE_GETREGS ret = ptrace(PTRACE_SETREGS, tracee, 0, &regs); @@ -1897,12 +1906,44 @@ void tracer_seccomp(struct __test_metadata *_metadata, pid_t tracee, } +FIXTURE(TRACE_syscall) { + struct sock_fprog prog; + pid_t tracer, mytid, mypid, parent; +}; + +FIXTURE_VARIANT(TRACE_syscall) { + /* + * All of the SECCOMP_RET_TRACE behaviors can be tested with either + * SECCOMP_RET_TRACE+PTRACE_CONT or plain ptrace()+PTRACE_SYSCALL. + * This indicates if we should use SECCOMP_RET_TRACE (false), or + * ptrace (true). + */ + bool use_ptrace; + + /* + * Some archs (like ppc) only support changing the return code during + * syscall exit when ptrace is used. As the syscall number might not + * be available anymore during syscall exit, it needs to be saved + * during syscall enter. + */ + int syscall_nr; +}; + +FIXTURE_VARIANT_ADD(TRACE_syscall, ptrace) { + .use_ptrace = true, +}; + +FIXTURE_VARIANT_ADD(TRACE_syscall, seccomp) { + .use_ptrace = false, +}; + void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee, int status, void *args) { int ret, nr; unsigned long msg; static bool entry; + FIXTURE_VARIANT(TRACE_syscall) * variant = args; /* * The traditional way to tell PTRACE_SYSCALL entry/exit @@ -1916,10 +1957,15 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee, EXPECT_EQ(entry ? PTRACE_EVENTMSG_SYSCALL_ENTRY : PTRACE_EVENTMSG_SYSCALL_EXIT, msg); - if (!entry) + if (!entry && !variant) return; - nr = get_syscall(_metadata, tracee); + if (entry) + nr = get_syscall(_metadata, tracee); + else if (variant) + nr = variant->syscall_nr; + if (variant) + variant->syscall_nr = nr; if (nr == __NR_getpid) change_syscall(_metadata, tracee, __NR_getppid, 0); @@ -1929,29 +1975,6 @@ void tracer_ptrace(struct __test_metadata *_metadata, pid_t tracee, change_syscall(_metadata, tracee, -1, -ESRCH); } -FIXTURE(TRACE_syscall) { - struct sock_fprog prog; - pid_t tracer, mytid, mypid, parent; -}; - -FIXTURE_VARIANT(TRACE_syscall) { - /* - * All of the SECCOMP_RET_TRACE behaviors can be tested with either - * SECCOMP_RET_TRACE+PTRACE_CONT or plain ptrace()+PTRACE_SYSCALL. - * This indicates if we should use SECCOMP_RET_TRACE (false), or - * ptrace (true). - */ - bool use_ptrace; -}; - -FIXTURE_VARIANT_ADD(TRACE_syscall, ptrace) { - .use_ptrace = true, -}; - -FIXTURE_VARIANT_ADD(TRACE_syscall, seccomp) { - .use_ptrace = false, -}; - FIXTURE_SETUP(TRACE_syscall) { struct sock_filter filter[] = { @@ -1992,7 +2015,9 @@ FIXTURE_SETUP(TRACE_syscall) self->tracer = setup_trace_fixture(_metadata, variant->use_ptrace ? tracer_ptrace : tracer_seccomp, - NULL, variant->use_ptrace); + variant->use_ptrace ? (void *) variant + : NULL, + variant->use_ptrace); ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); ASSERT_EQ(0, ret); -- 2.25.1

5 years, 2 months

4
3
0 0

[PATCH 0/3] xtensa: add seccomp support

by Max Filippov

Hello, this series adds support for seccomp filter on xtensa and updates selftests/seccomp. Max Filippov (3): xtensa: expose syscall through user_pt_regs xtensa: add seccomp support selftests/seccomp: add xtensa support .../seccomp/seccomp-filter/arch-support.txt | 2 +- arch/xtensa/Kconfig | 15 +++++++++++++++ arch/xtensa/include/asm/Kbuild | 1 + arch/xtensa/include/asm/thread_info.h | 5 ++++- arch/xtensa/include/uapi/asm/ptrace.h | 3 ++- arch/xtensa/kernel/ptrace.c | 8 +++++++- tools/testing/selftests/seccomp/seccomp_bpf.c | 16 +++++++++++++++- 7 files changed, 45 insertions(+), 5 deletions(-) -- 2.20.1

5 years, 2 months

2
5
0 0

[PATCH bpf-next v2 0/5] bpf: add MPTCP subflow support

by Nicolas Rybowski

Previously it was not possible to make a distinction between plain TCP sockets and MPTCP subflow sockets on the BPF_PROG_TYPE_SOCK_OPS hook. This patch series now enables a fine control of subflow sockets. In its current state, it allows to put different sockopt on each subflow from a same MPTCP connection (socket mark, TCP congestion algorithm, ...) using BPF programs. It should also be the basis of exposing MPTCP-specific fields through BPF. v1 -> v2: - add basic mandatory selftests for the new helper and is_mptcp field (Alexei) - rebase on latest bpf-next Nicolas Rybowski (5): bpf: expose is_mptcp flag to bpf_tcp_sock mptcp: attach subflow socket to parent cgroup bpf: add 'bpf_mptcp_sock' structure and helper bpf: selftests: add MPTCP test base bpf: selftests: add bpf_mptcp_sock() verifier tests include/linux/bpf.h | 33 +++++ include/uapi/linux/bpf.h | 15 +++ kernel/bpf/verifier.c | 30 +++++ net/core/filter.c | 13 +- net/mptcp/Makefile | 2 + net/mptcp/bpf.c | 72 +++++++++++ net/mptcp/subflow.c | 27 ++++ scripts/bpf_helpers_doc.py | 2 + tools/include/uapi/linux/bpf.h | 15 +++ tools/testing/selftests/bpf/config | 1 + tools/testing/selftests/bpf/network_helpers.c | 37 +++++- tools/testing/selftests/bpf/network_helpers.h | 3 + .../testing/selftests/bpf/prog_tests/mptcp.c | 119 ++++++++++++++++++ tools/testing/selftests/bpf/progs/mptcp.c | 48 +++++++ tools/testing/selftests/bpf/verifier/sock.c | 63 ++++++++++ 15 files changed, 474 insertions(+), 6 deletions(-) create mode 100644 net/mptcp/bpf.c create mode 100644 tools/testing/selftests/bpf/prog_tests/mptcp.c create mode 100644 tools/testing/selftests/bpf/progs/mptcp.c -- 2.28.0

5 years, 2 months

1
0
0 0

[PATCH v37 22/24] selftests/x86: Add a selftest for SGX

by Jarkko Sakkinen

Add a selftest for SGX. It is a trivial test where a simple enclave copies one 64-bit word of memory between two memory locations. Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/sgx/.gitignore | 2 + tools/testing/selftests/sgx/Makefile | 53 +++ tools/testing/selftests/sgx/call.S | 44 ++ tools/testing/selftests/sgx/defines.h | 21 + tools/testing/selftests/sgx/load.c | 277 ++++++++++++ tools/testing/selftests/sgx/main.c | 232 ++++++++++ tools/testing/selftests/sgx/main.h | 38 ++ tools/testing/selftests/sgx/sigstruct.c | 395 ++++++++++++++++++ tools/testing/selftests/sgx/test_encl.c | 20 + tools/testing/selftests/sgx/test_encl.lds | 40 ++ .../selftests/sgx/test_encl_bootstrap.S | 89 ++++ 12 files changed, 1212 insertions(+) create mode 100644 tools/testing/selftests/sgx/.gitignore create mode 100644 tools/testing/selftests/sgx/Makefile create mode 100644 tools/testing/selftests/sgx/call.S create mode 100644 tools/testing/selftests/sgx/defines.h create mode 100644 tools/testing/selftests/sgx/load.c create mode 100644 tools/testing/selftests/sgx/main.c create mode 100644 tools/testing/selftests/sgx/main.h create mode 100644 tools/testing/selftests/sgx/sigstruct.c create mode 100644 tools/testing/selftests/sgx/test_encl.c create mode 100644 tools/testing/selftests/sgx/test_encl.lds create mode 100644 tools/testing/selftests/sgx/test_encl_bootstrap.S diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 9018f45d631d..fee80cda6304 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -68,6 +68,7 @@ TARGETS += user TARGETS += vm TARGETS += x86 TARGETS += zram +TARGETS += sgx #Please keep the TARGETS list alphabetically sorted # Run "make quicktest=1 run_tests" or # "make quicktest=1 kselftest" from top level Makefile diff --git a/tools/testing/selftests/sgx/.gitignore b/tools/testing/selftests/sgx/.gitignore new file mode 100644 index 000000000000..fbaf0bda9a92 --- /dev/null +++ b/tools/testing/selftests/sgx/.gitignore @@ -0,0 +1,2 @@ +test_sgx +test_encl.elf diff --git a/tools/testing/selftests/sgx/Makefile b/tools/testing/selftests/sgx/Makefile new file mode 100644 index 000000000000..95e5c4df8014 --- /dev/null +++ b/tools/testing/selftests/sgx/Makefile @@ -0,0 +1,53 @@ +top_srcdir = ../../../.. + +include ../lib.mk + +.PHONY: all clean + +CAN_BUILD_X86_64 := $(shell ../x86/check_cc.sh $(CC) \ + ../x86/trivial_64bit_program.c) + +ifndef OBJCOPY +OBJCOPY := $(CROSS_COMPILE)objcopy +endif + +INCLUDES := -I$(top_srcdir)/tools/include +HOST_CFLAGS := -Wall -Werror -g $(INCLUDES) -fPIC -z noexecstack +ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \ + -fno-stack-protector -mrdrnd $(INCLUDES) + +TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx $(OUTPUT)/test_encl.elf + +ifeq ($(CAN_BUILD_X86_64), 1) +all: $(TEST_CUSTOM_PROGS) +endif + +$(OUTPUT)/test_sgx: $(OUTPUT)/main.o \ + $(OUTPUT)/load.o \ + $(OUTPUT)/sigstruct.o \ + $(OUTPUT)/call.o + $(CC) $(HOST_CFLAGS) -o $@ $^ -lcrypto + +$(OUTPUT)/main.o: main.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/load.o: load.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/sigstruct.o: sigstruct.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/call.o: call.S + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/test_encl.elf: test_encl.lds test_encl.c test_encl_bootstrap.S + $(CC) $(ENCL_CFLAGS) -T $^ -o $@ + +EXTRA_CLEAN := \ + $(OUTPUT)/test_encl.elf \ + $(OUTPUT)/load.o \ + $(OUTPUT)/call.o \ + $(OUTPUT)/main.o \ + $(OUTPUT)/sigstruct.o \ + $(OUTPUT)/test_sgx \ + $(OUTPUT)/test_sgx.o \ diff --git a/tools/testing/selftests/sgx/call.S b/tools/testing/selftests/sgx/call.S new file mode 100644 index 000000000000..f640532cda93 --- /dev/null +++ b/tools/testing/selftests/sgx/call.S @@ -0,0 +1,44 @@ +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */ +/** +* Copyright(c) 2016-18 Intel Corporation. +*/ + + .text + + .global sgx_call_vdso +sgx_call_vdso: + .cfi_startproc + push %r15 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r15, 0 + push %r14 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r14, 0 + push %r13 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r13, 0 + push %r12 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r12, 0 + push %rbx + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %rbx, 0 + push $0 + .cfi_adjust_cfa_offset 8 + push 0x38(%rsp) + .cfi_adjust_cfa_offset 8 + call *eenter(%rip) + add $0x10, %rsp + .cfi_adjust_cfa_offset -0x10 + pop %rbx + .cfi_adjust_cfa_offset -8 + pop %r12 + .cfi_adjust_cfa_offset -8 + pop %r13 + .cfi_adjust_cfa_offset -8 + pop %r14 + .cfi_adjust_cfa_offset -8 + pop %r15 + .cfi_adjust_cfa_offset -8 + ret + .cfi_endproc diff --git a/tools/testing/selftests/sgx/defines.h b/tools/testing/selftests/sgx/defines.h new file mode 100644 index 000000000000..be8969922804 --- /dev/null +++ b/tools/testing/selftests/sgx/defines.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright(c) 2016-19 Intel Corporation. + */ + +#ifndef DEFINES_H +#define DEFINES_H + +#include <stdint.h> + +#define PAGE_SIZE 4096 +#define PAGE_MASK (~(PAGE_SIZE - 1)) + +#define __aligned(x) __attribute__((__aligned__(x))) +#define __packed __attribute__((packed)) + +#include "../../../../arch/x86/kernel/cpu/sgx/arch.h" +#include "../../../../arch/x86/include/asm/enclu.h" +#include "../../../../arch/x86/include/uapi/asm/sgx.h" + +#endif /* DEFINES_H */ diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c new file mode 100644 index 000000000000..8ce0c4ac9a49 --- /dev/null +++ b/tools/testing/selftests/sgx/load.c @@ -0,0 +1,277 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <assert.h> +#include <elf.h> +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/ioctl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/types.h> +#include "defines.h" +#include "main.h" + +void encl_delete(struct encl *encl) +{ + if (encl->encl_base) + munmap((void *)encl->encl_base, encl->encl_size); + + if (encl->bin) + munmap(encl->bin, encl->bin_size); + + if (encl->fd) + close(encl->fd); + + if (encl->segment_tbl) + free(encl->segment_tbl); + + memset(encl, 0, sizeof(*encl)); +} + +static bool encl_map_bin(const char *path, struct encl *encl) +{ + struct stat sb; + void *bin; + int ret; + int fd; + + fd = open(path, O_RDONLY); + if (fd == -1) { + perror("open()"); + return false; + } + + ret = stat(path, &sb); + if (ret) { + perror("stat()"); + goto err; + } + + bin = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); + if (bin == MAP_FAILED) { + perror("mmap()"); + goto err; + } + + encl->bin = bin; + encl->bin_size = sb.st_size; + + close(fd); + return true; + +err: + close(fd); + return false; +} + +static bool encl_ioc_create(struct encl *encl) +{ + struct sgx_secs *secs = &encl->secs; + struct sgx_enclave_create ioc; + int rc; + + assert(encl->encl_base != 0); + + memset(secs, 0, sizeof(*secs)); + secs->ssa_frame_size = 1; + secs->attributes = SGX_ATTR_MODE64BIT; + secs->xfrm = 3; + secs->base = encl->encl_base; + secs->size = encl->encl_size; + + ioc.src = (unsigned long)secs; + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_CREATE, &ioc); + if (rc) { + fprintf(stderr, "SGX_IOC_ENCLAVE_CREATE failed: errno=%d\n", + errno); + munmap((void *)secs->base, encl->encl_size); + return false; + } + + return true; +} + +static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg) +{ + struct sgx_enclave_add_pages ioc; + struct sgx_secinfo secinfo; + int rc; + + memset(&secinfo, 0, sizeof(secinfo)); + secinfo.flags = seg->flags; + + ioc.src = (uint64_t)encl->src + seg->offset; + ioc.offset = seg->offset; + ioc.length = seg->size; + ioc.secinfo = (unsigned long)&secinfo; + ioc.flags = SGX_PAGE_MEASURE; + + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc); + if (rc < 0) { + fprintf(stderr, "SGX_IOC_ENCLAVE_ADD_PAGES failed: errno=%d.\n", + errno); + return false; + } + + return true; +} + +bool encl_load(const char *path, struct encl *encl) +{ + Elf64_Phdr *phdr_tbl; + off_t src_offset; + Elf64_Ehdr *ehdr; + int i, j; + int ret; + + memset(encl, 0, sizeof(*encl)); + + ret = open("/dev/sgx/enclave", O_RDWR); + if (ret < 0) { + fprintf(stderr, "Unable to open /dev/sgx\n"); + goto err; + } + + encl->fd = ret; + + if (!encl_map_bin(path, encl)) + goto err; + + ehdr = encl->bin; + phdr_tbl = encl->bin + ehdr->e_phoff; + + for (i = 0; i < ehdr->e_phnum; i++) { + Elf64_Phdr *phdr = &phdr_tbl[i]; + + if (phdr->p_type == PT_LOAD) + encl->nr_segments++; + } + + encl->segment_tbl = calloc(encl->nr_segments, + sizeof(struct encl_segment)); + if (!encl->segment_tbl) + goto err; + + for (i = 0, j = 0; i < ehdr->e_phnum; i++) { + Elf64_Phdr *phdr = &phdr_tbl[i]; + unsigned int flags = phdr->p_flags; + struct encl_segment *seg; + + if (phdr->p_type != PT_LOAD) + continue; + + seg = &encl->segment_tbl[j]; + + if (!!(flags & ~(PF_R | PF_W | PF_X))) { + fprintf(stderr, + "%d has invalid segment flags 0x%02x.\n", i, + phdr->p_flags); + goto err; + } + + if (j == 0 && flags != (PF_R | PF_W)) { + fprintf(stderr, + "TCS has invalid segment flags 0x%02x.\n", + phdr->p_flags); + goto err; + } + + if (j == 0) { + src_offset = (phdr->p_offset & PAGE_MASK) - src_offset; + + seg->prot = PROT_READ | PROT_WRITE; + seg->flags = SGX_PAGE_TYPE_TCS << 8; + } else { + seg->prot = (phdr->p_flags & PF_R) ? PROT_READ : 0; + seg->prot |= (phdr->p_flags & PF_W) ? PROT_WRITE : 0; + seg->prot |= (phdr->p_flags & PF_X) ? PROT_EXEC : 0; + seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot; + } + + seg->offset = (phdr->p_offset & PAGE_MASK) - src_offset; + seg->size = (phdr->p_filesz + PAGE_SIZE - 1) & PAGE_MASK; + + printf("0x%016lx 0x%016lx 0x%02x\n", seg->offset, seg->size, + seg->prot); + + j++; + } + + assert(j == encl->nr_segments); + + encl->src = encl->bin + src_offset; + encl->src_size = encl->segment_tbl[j - 1].offset + + encl->segment_tbl[j - 1].size; + + for (encl->encl_size = 4096; encl->encl_size < encl->src_size; ) + encl->encl_size <<= 1; + + return true; + +err: + encl_delete(encl); + return false; +} + +static bool encl_map_area(struct encl *encl) +{ + size_t encl_size = encl->encl_size; + void *area; + + area = mmap(NULL, encl_size * 2, PROT_NONE, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + if (area == MAP_FAILED) { + perror("mmap"); + return false; + } + + encl->encl_base = ((uint64_t)area + encl_size - 1) & ~(encl_size - 1); + + munmap(area, encl->encl_base - (uint64_t)area); + munmap((void *)(encl->encl_base + encl_size), + (uint64_t)area + encl_size - encl->encl_base); + + return true; +} + +bool encl_build(struct encl *encl) +{ + struct sgx_enclave_init ioc; + int ret; + int i; + + if (!encl_map_area(encl)) + return false; + + if (!encl_ioc_create(encl)) + return false; + + /* + * Pages must be added before mapping VMAs because their permissions + * cap the VMA permissions. + */ + for (i = 0; i < encl->nr_segments; i++) { + struct encl_segment *seg = &encl->segment_tbl[i]; + + if (!encl_ioc_add_pages(encl, seg)) + return false; + } + + ioc.sigstruct = (uint64_t)&encl->sigstruct; + ret = ioctl(encl->fd, SGX_IOC_ENCLAVE_INIT, &ioc); + if (ret) { + fprintf(stderr, "SGX_IOC_ENCLAVE_INIT failed: errno=%d\n", + errno); + return false; + } + + return true; +} diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c new file mode 100644 index 000000000000..44acb3c72067 --- /dev/null +++ b/tools/testing/selftests/sgx/main.c @@ -0,0 +1,232 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <elf.h> +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/ioctl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/types.h> +#include "defines.h" +#include "main.h" + +static const uint64_t MAGIC = 0x1122334455667788ULL; +vdso_sgx_enter_enclave_t eenter; + +struct vdso_symtab { + Elf64_Sym *elf_symtab; + const char *elf_symstrtab; + Elf64_Word *elf_hashtab; +}; + +static void *vdso_get_base_addr(char *envp[]) +{ + Elf64_auxv_t *auxv; + int i; + + for (i = 0; envp[i]; i++) + ; + + auxv = (Elf64_auxv_t *)&envp[i + 1]; + + for (i = 0; auxv[i].a_type != AT_NULL; i++) { + if (auxv[i].a_type == AT_SYSINFO_EHDR) + return (void *)auxv[i].a_un.a_val; + } + + return NULL; +} + +static Elf64_Dyn *vdso_get_dyntab(void *addr) +{ + Elf64_Ehdr *ehdr = addr; + Elf64_Phdr *phdrtab = addr + ehdr->e_phoff; + int i; + + for (i = 0; i < ehdr->e_phnum; i++) + if (phdrtab[i].p_type == PT_DYNAMIC) + return addr + phdrtab[i].p_offset; + + return NULL; +} + +static void *vdso_get_dyn(void *addr, Elf64_Dyn *dyntab, Elf64_Sxword tag) +{ + int i; + + for (i = 0; dyntab[i].d_tag != DT_NULL; i++) + if (dyntab[i].d_tag == tag) + return addr + dyntab[i].d_un.d_ptr; + + return NULL; +} + +static bool vdso_get_symtab(void *addr, struct vdso_symtab *symtab) +{ + Elf64_Dyn *dyntab = vdso_get_dyntab(addr); + + symtab->elf_symtab = vdso_get_dyn(addr, dyntab, DT_SYMTAB); + if (!symtab->elf_symtab) + return false; + + symtab->elf_symstrtab = vdso_get_dyn(addr, dyntab, DT_STRTAB); + if (!symtab->elf_symstrtab) + return false; + + symtab->elf_hashtab = vdso_get_dyn(addr, dyntab, DT_HASH); + if (!symtab->elf_hashtab) + return false; + + return true; +} + +static unsigned long elf_sym_hash(const char *name) +{ + unsigned long h = 0, high; + + while (*name) { + h = (h << 4) + *name++; + high = h & 0xf0000000; + + if (high) + h ^= high >> 24; + + h &= ~high; + } + + return h; +} + +static Elf64_Sym *vdso_symtab_get(struct vdso_symtab *symtab, const char *name) +{ + Elf64_Word bucketnum = symtab->elf_hashtab[0]; + Elf64_Word *buckettab = &symtab->elf_hashtab[2]; + Elf64_Word *chaintab = &symtab->elf_hashtab[2 + bucketnum]; + Elf64_Sym *sym; + Elf64_Word i; + + for (i = buckettab[elf_sym_hash(name) % bucketnum]; i != STN_UNDEF; + i = chaintab[i]) { + sym = &symtab->elf_symtab[i]; + if (!strcmp(name, &symtab->elf_symstrtab[sym->st_name])) + return sym; + } + + return NULL; +} + +int check_result(struct sgx_enclave_run *run, int ret, uint64_t result, + const char *test) +{ + if (ret) { + printf("FAIL: %s() returned: %d\n", test, ret); + return ret; + } else if (run->exit_reason != SGX_SYNCHRONOUS_EXIT) { + printf("FAIL: %s() exit reason, expected: %u, got: %u\n", + test, SGX_SYNCHRONOUS_EXIT, run->exit_reason); + return -EIO; + } else if (result != MAGIC) { + printf("FAIL: %s(), expected: 0x%lx, got: 0x%lx\n", + test, MAGIC, result); + return -EIO; + } else if (run->user_data) { + printf("FAIL: %s() user data, expected: 0x0, got: 0x%llx\n", + test, run->user_data); + return -EIO; + } + return 0; +} + +static int exit_handler(long rdi, long rsi, long rdx, long ursp, long r8, long r9, + struct sgx_enclave_run *run) +{ + run->user_data = 0; + return 0; +} + +int main(int argc, char *argv[], char *envp[]) +{ + struct sgx_enclave_run run; + struct vdso_symtab symtab; + Elf64_Sym *eenter_sym; + uint64_t result = 0; + struct encl encl; + unsigned int i; + void *addr; + int ret; + + if (!encl_load("test_encl.elf", &encl)) + goto err; + + if (!encl_measure(&encl)) + goto err; + + if (!encl_build(&encl)) + goto err; + + /* + * An enclave consumer only must do this. + */ + for (i = 0; i < encl.nr_segments; i++) { + struct encl_segment *seg = &encl.segment_tbl[i]; + + addr = mmap((void *)encl.encl_base + seg->offset, seg->size, + seg->prot, MAP_SHARED | MAP_FIXED, encl.fd, 0); + if (addr == MAP_FAILED) { + fprintf(stderr, "mmap() failed, errno=%d.\n", errno); + exit(1); + } + } + + memset(&run, 0, sizeof(run)); + run.tcs = encl.encl_base; + + addr = vdso_get_base_addr(envp); + if (!addr) + goto err; + + if (!vdso_get_symtab(addr, &symtab)) + goto err; + + eenter_sym = vdso_symtab_get(&symtab, "__vdso_sgx_enter_enclave"); + if (!eenter_sym) + goto err; + + eenter = addr + eenter_sym->st_value; + + ret = sgx_call_vdso((void *)&MAGIC, &result, 0, EENTER, NULL, NULL, &run); + if (check_result(&run, ret, result, "sgx_call_vdso")) + goto err; + + + /* Invoke the vDSO directly. */ + result = 0; + ret = eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER, + 0, 0, &run); + if (check_result(&run, ret, result, "eenter")) + goto err; + + /* And with an exit handler. */ + run.user_handler = exit_handler; + run.user_data = 0xdeadbeef; + ret = eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER, + 0, 0, &run); + if (check_result(&run, ret, result, "exit_handler")) + goto err; + + printf("SUCCESS\n"); + encl_delete(&encl); + exit(0); + +err: + encl_delete(&encl); + exit(1); +} diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h new file mode 100644 index 000000000000..2b4777942500 --- /dev/null +++ b/tools/testing/selftests/sgx/main.h @@ -0,0 +1,38 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright(c) 2016-19 Intel Corporation. + */ + +#ifndef MAIN_H +#define MAIN_H + +struct encl_segment { + off_t offset; + size_t size; + unsigned int prot; + unsigned int flags; +}; + +struct encl { + int fd; + void *bin; + off_t bin_size; + void *src; + size_t src_size; + size_t encl_size; + off_t encl_base; + unsigned int nr_segments; + struct encl_segment *segment_tbl; + struct sgx_secs secs; + struct sgx_sigstruct sigstruct; +}; + +void encl_delete(struct encl *ctx); +bool encl_load(const char *path, struct encl *encl); +bool encl_measure(struct encl *encl); +bool encl_build(struct encl *encl); + +int sgx_call_vdso(void *rdi, void *rsi, long rdx, u32 leaf, void *r8, void *r9, + struct sgx_enclave_run *run); + +#endif /* MAIN_H */ diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c new file mode 100644 index 000000000000..ceddad478672 --- /dev/null +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -0,0 +1,395 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#define _GNU_SOURCE +#include <assert.h> +#include <getopt.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <unistd.h> +#include <openssl/err.h> +#include <openssl/pem.h> +#include "defines.h" +#include "main.h" + +struct q1q2_ctx { + BN_CTX *bn_ctx; + BIGNUM *m; + BIGNUM *s; + BIGNUM *q1; + BIGNUM *qr; + BIGNUM *q2; +}; + +static void free_q1q2_ctx(struct q1q2_ctx *ctx) +{ + BN_CTX_free(ctx->bn_ctx); + BN_free(ctx->m); + BN_free(ctx->s); + BN_free(ctx->q1); + BN_free(ctx->qr); + BN_free(ctx->q2); +} + +static bool alloc_q1q2_ctx(const uint8_t *s, const uint8_t *m, + struct q1q2_ctx *ctx) +{ + ctx->bn_ctx = BN_CTX_new(); + ctx->s = BN_bin2bn(s, SGX_MODULUS_SIZE, NULL); + ctx->m = BN_bin2bn(m, SGX_MODULUS_SIZE, NULL); + ctx->q1 = BN_new(); + ctx->qr = BN_new(); + ctx->q2 = BN_new(); + + if (!ctx->bn_ctx || !ctx->s || !ctx->m || !ctx->q1 || !ctx->qr || + !ctx->q2) { + free_q1q2_ctx(ctx); + return false; + } + + return true; +} + +static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1, + uint8_t *q2) +{ + struct q1q2_ctx ctx; + + if (!alloc_q1q2_ctx(s, m, &ctx)) { + fprintf(stderr, "Not enough memory for Q1Q2 calculation\n"); + return false; + } + + if (!BN_mul(ctx.q1, ctx.s, ctx.s, ctx.bn_ctx)) + goto out; + + if (!BN_div(ctx.q1, ctx.qr, ctx.q1, ctx.m, ctx.bn_ctx)) + goto out; + + if (BN_num_bytes(ctx.q1) > SGX_MODULUS_SIZE) { + fprintf(stderr, "Too large Q1 %d bytes\n", + BN_num_bytes(ctx.q1)); + goto out; + } + + if (!BN_mul(ctx.q2, ctx.s, ctx.qr, ctx.bn_ctx)) + goto out; + + if (!BN_div(ctx.q2, NULL, ctx.q2, ctx.m, ctx.bn_ctx)) + goto out; + + if (BN_num_bytes(ctx.q2) > SGX_MODULUS_SIZE) { + fprintf(stderr, "Too large Q2 %d bytes\n", + BN_num_bytes(ctx.q2)); + goto out; + } + + BN_bn2bin(ctx.q1, q1); + BN_bn2bin(ctx.q2, q2); + + free_q1q2_ctx(&ctx); + return true; +out: + free_q1q2_ctx(&ctx); + return false; +} + +struct sgx_sigstruct_payload { + struct sgx_sigstruct_header header; + struct sgx_sigstruct_body body; +}; + +static bool check_crypto_errors(void) +{ + int err; + bool had_errors = false; + const char *filename; + int line; + char str[256]; + + for ( ; ; ) { + if (ERR_peek_error() == 0) + break; + + had_errors = true; + err = ERR_get_error_line(&filename, &line); + ERR_error_string_n(err, str, sizeof(str)); + fprintf(stderr, "crypto: %s: %s:%d\n", str, filename, line); + } + + return had_errors; +} + +static inline const BIGNUM *get_modulus(RSA *key) +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return key->n; +#else + const BIGNUM *n; + + RSA_get0_key(key, &n, NULL, NULL); + return n; +#endif +} + +static RSA *gen_sign_key(void) +{ + BIGNUM *e; + RSA *key; + int ret; + + e = BN_new(); + key = RSA_new(); + + if (!e || !key) + goto err; + + ret = BN_set_word(e, RSA_3); + if (ret != 1) + goto err; + + ret = RSA_generate_key_ex(key, 3072, e, NULL); + if (ret != 1) + goto err; + + BN_free(e); + + return key; + +err: + RSA_free(key); + BN_free(e); + + return NULL; +} + +static void reverse_bytes(void *data, int length) +{ + int i = 0; + int j = length - 1; + uint8_t temp; + uint8_t *ptr = data; + + while (i < j) { + temp = ptr[i]; + ptr[i] = ptr[j]; + ptr[j] = temp; + i++; + j--; + } +} + +enum mrtags { + MRECREATE = 0x0045544145524345, + MREADD = 0x0000000044444145, + MREEXTEND = 0x00444E4554584545, +}; + +static bool mrenclave_update(EVP_MD_CTX *ctx, const void *data) +{ + if (!EVP_DigestUpdate(ctx, data, 64)) { + fprintf(stderr, "digest update failed\n"); + return false; + } + + return true; +} + +static bool mrenclave_commit(EVP_MD_CTX *ctx, uint8_t *mrenclave) +{ + unsigned int size; + + if (!EVP_DigestFinal_ex(ctx, (unsigned char *)mrenclave, &size)) { + fprintf(stderr, "digest commit failed\n"); + return false; + } + + if (size != 32) { + fprintf(stderr, "invalid digest size = %u\n", size); + return false; + } + + return true; +} + +struct mrecreate { + uint64_t tag; + uint32_t ssaframesize; + uint64_t size; + uint8_t reserved[44]; +} __attribute__((__packed__)); + + +static bool mrenclave_ecreate(EVP_MD_CTX *ctx, uint64_t blob_size) +{ + struct mrecreate mrecreate; + uint64_t encl_size; + + for (encl_size = 0x1000; encl_size < blob_size; ) + encl_size <<= 1; + + memset(&mrecreate, 0, sizeof(mrecreate)); + mrecreate.tag = MRECREATE; + mrecreate.ssaframesize = 1; + mrecreate.size = encl_size; + + if (!EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)) + return false; + + return mrenclave_update(ctx, &mrecreate); +} + +struct mreadd { + uint64_t tag; + uint64_t offset; + uint64_t flags; /* SECINFO flags */ + uint8_t reserved[40]; +} __attribute__((__packed__)); + +static bool mrenclave_eadd(EVP_MD_CTX *ctx, uint64_t offset, uint64_t flags) +{ + struct mreadd mreadd; + + memset(&mreadd, 0, sizeof(mreadd)); + mreadd.tag = MREADD; + mreadd.offset = offset; + mreadd.flags = flags; + + return mrenclave_update(ctx, &mreadd); +} + +struct mreextend { + uint64_t tag; + uint64_t offset; + uint8_t reserved[48]; +} __attribute__((__packed__)); + +static bool mrenclave_eextend(EVP_MD_CTX *ctx, uint64_t offset, + const uint8_t *data) +{ + struct mreextend mreextend; + int i; + + for (i = 0; i < 0x1000; i += 0x100) { + memset(&mreextend, 0, sizeof(mreextend)); + mreextend.tag = MREEXTEND; + mreextend.offset = offset + i; + + if (!mrenclave_update(ctx, &mreextend)) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x00])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x40])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x80])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0xC0])) + return false; + } + + return true; +} + +static bool mrenclave_segment(EVP_MD_CTX *ctx, struct encl *encl, + struct encl_segment *seg) +{ + uint64_t end = seg->offset + seg->size; + uint64_t offset; + + for (offset = seg->offset; offset < end; offset += PAGE_SIZE) { + if (!mrenclave_eadd(ctx, offset, seg->flags)) + return false; + + if (!mrenclave_eextend(ctx, offset, encl->src + offset)) + return false; + } + + return true; +} + +bool encl_measure(struct encl *encl) +{ + uint64_t header1[2] = {0x000000E100000006, 0x0000000000010000}; + uint64_t header2[2] = {0x0000006000000101, 0x0000000100000060}; + struct sgx_sigstruct *sigstruct = &encl->sigstruct; + struct sgx_sigstruct_payload payload; + uint8_t digest[SHA256_DIGEST_LENGTH]; + unsigned int siglen; + RSA *key = NULL; + EVP_MD_CTX *ctx; + int i; + + memset(sigstruct, 0, sizeof(*sigstruct)); + + sigstruct->header.header1[0] = header1[0]; + sigstruct->header.header1[1] = header1[1]; + sigstruct->header.header2[0] = header2[0]; + sigstruct->header.header2[1] = header2[1]; + sigstruct->exponent = 3; + sigstruct->body.attributes = SGX_ATTR_MODE64BIT; + sigstruct->body.xfrm = 3; + + /* sanity check */ + if (check_crypto_errors()) + goto err; + + key = gen_sign_key(); + if (!key) + goto err; + + BN_bn2bin(get_modulus(key), sigstruct->modulus); + + ctx = EVP_MD_CTX_create(); + if (!ctx) + goto err; + + if (!mrenclave_ecreate(ctx, encl->src_size)) + goto err; + + for (i = 0; i < encl->nr_segments; i++) { + struct encl_segment *seg = &encl->segment_tbl[i]; + + if (!mrenclave_segment(ctx, encl, seg)) + goto err; + } + + if (!mrenclave_commit(ctx, sigstruct->body.mrenclave)) + goto err; + + memcpy(&payload.header, &sigstruct->header, sizeof(sigstruct->header)); + memcpy(&payload.body, &sigstruct->body, sizeof(sigstruct->body)); + + SHA256((unsigned char *)&payload, sizeof(payload), digest); + + if (!RSA_sign(NID_sha256, digest, SHA256_DIGEST_LENGTH, + sigstruct->signature, &siglen, key)) + goto err; + + if (!calc_q1q2(sigstruct->signature, sigstruct->modulus, sigstruct->q1, + sigstruct->q2)) + goto err; + + /* BE -> LE */ + reverse_bytes(sigstruct->signature, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->modulus, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->q1, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->q2, SGX_MODULUS_SIZE); + + EVP_MD_CTX_destroy(ctx); + RSA_free(key); + return true; + +err: + EVP_MD_CTX_destroy(ctx); + RSA_free(key); + return false; +} diff --git a/tools/testing/selftests/sgx/test_encl.c b/tools/testing/selftests/sgx/test_encl.c new file mode 100644 index 000000000000..ede915399742 --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl.c @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <stddef.h> +#include "defines.h" + +static void *memcpy(void *dest, const void *src, size_t n) +{ + size_t i; + + for (i = 0; i < n; i++) + ((char *)dest)[i] = ((char *)src)[i]; + + return dest; +} + +void encl_body(void *rdi, void *rsi) +{ + memcpy(rsi, rdi, 8); +} diff --git a/tools/testing/selftests/sgx/test_encl.lds b/tools/testing/selftests/sgx/test_encl.lds new file mode 100644 index 000000000000..0fbbda7e665e --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl.lds @@ -0,0 +1,40 @@ +OUTPUT_FORMAT(elf64-x86-64) + +PHDRS +{ + tcs PT_LOAD; + text PT_LOAD; + data PT_LOAD; +} + +SECTIONS +{ + . = 0; + .tcs : { + *(.tcs*) + } : tcs + + . = ALIGN(4096); + .text : { + *(.text*) + *(.rodata*) + } : text + + . = ALIGN(4096); + .data : { + *(.data*) + } : data + + /DISCARD/ : { + *(.comment*) + *(.note*) + *(.debug*) + *(.eh_frame*) + } +} + +ASSERT(!DEFINED(.altinstructions), "ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.altinstr_replacement), "ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.discard.retpoline_safe), "RETPOLINE ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.discard.nospec), "RETPOLINE ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.got.plt), "Libcalls are not supported in enclaves") diff --git a/tools/testing/selftests/sgx/test_encl_bootstrap.S b/tools/testing/selftests/sgx/test_encl_bootstrap.S new file mode 100644 index 000000000000..6836ea86126e --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl_bootstrap.S @@ -0,0 +1,89 @@ +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */ +/* + * Copyright(c) 2016-18 Intel Corporation. + */ + + .macro ENCLU + .byte 0x0f, 0x01, 0xd7 + .endm + + .section ".tcs", "aw" + .balign 4096 + + .fill 1, 8, 0 # STATE (set by CPU) + .fill 1, 8, 0 # FLAGS + .quad encl_ssa # OSSA + .fill 1, 4, 0 # CSSA (set by CPU) + .fill 1, 4, 1 # NSSA + .quad encl_entry # OENTRY + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME) + .fill 1, 8, 0 # OFSBASE + .fill 1, 8, 0 # OGSBASE + .fill 1, 4, 0xFFFFFFFF # FSLIMIT + .fill 1, 4, 0xFFFFFFFF # GSLIMIT + .fill 4024, 1, 0 # Reserved + + # Identical to the previous TCS. + .fill 1, 8, 0 # STATE (set by CPU) + .fill 1, 8, 0 # FLAGS + .quad encl_ssa # OSSA + .fill 1, 4, 0 # CSSA (set by CPU) + .fill 1, 4, 1 # NSSA + .quad encl_entry # OENTRY + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME) + .fill 1, 8, 0 # OFSBASE + .fill 1, 8, 0 # OGSBASE + .fill 1, 4, 0xFFFFFFFF # FSLIMIT + .fill 1, 4, 0xFFFFFFFF # GSLIMIT + .fill 4024, 1, 0 # Reserved + + .text + +encl_entry: + # RBX contains the base address for TCS, which is also the first address + # inside the enclave. By adding the value of le_stack_end to it, we get + # the absolute address for the stack. + lea (encl_stack)(%rbx), %rax + xchg %rsp, %rax + push %rax + + push %rcx # push the address after EENTER + push %rbx # push the enclave base address + + call encl_body + + pop %rbx # pop the enclave base address + + /* Clear volatile GPRs, except RAX (EEXIT leaf). */ + xor %rcx, %rcx + xor %rdx, %rdx + xor %rdi, %rdi + xor %rsi, %rsi + xor %r8, %r8 + xor %r9, %r9 + xor %r10, %r10 + xor %r11, %r11 + + # Reset status flags. + add %rdx, %rdx # OF = SF = AF = CF = 0; ZF = PF = 1 + + # Prepare EEXIT target by popping the address of the instruction after + # EENTER to RBX. + pop %rbx + + # Restore the caller stack. + pop %rax + mov %rax, %rsp + + # EEXIT + mov $4, %rax + enclu + + .section ".data", "aw" + +encl_ssa: + .space 4096 + + .balign 4096 + .space 8192 +encl_stack: -- 2.25.1

5 years, 2 months

1
0
0 0

[PATCH v3] Documentation: kunit: Add naming guidelines

by David Gow

As discussed in [1], KUnit tests have hitherto not had a particularly consistent naming scheme. This adds documentation outlining how tests and test suites should be named, including how those names should be used in Kconfig entries and filenames. [1]: https://lore.kernel.org/linux-kselftest/202006141005.BA19A9D3@keescook/t/#u Signed-off-by: David Gow <davidgow(a)google.com> Reviewed-by: Kees Cook <keescook(a)chromium.org> Reviewed-by: Brendan Higgins <brendanhiggins(a)google.com> Reviewed-by: Marco Elver <elver(a)google.com> Reviewed-by: Tim Bird <tim.bird(a)sony.com> --- This is v3 of the KUnit test naming guidelines. It's basically just v2 with some spelling fixes (thanks Marco). Changelog: v3: - Fix a few typos. - Add Marco and Tim's Reviewed-bys. v2: https://lore.kernel.org/linux-kselftest/20200909051631.2960347-1-davidgow@g… - Rewrote the filename section to use "_test" as a suffix, and focus on module names, not filenames. - Add a motivating introduction, which also calls out existing tests and tests which cause problems when run automatically (long running, flaky tests) as reasons to avoid the guidelines. - Talk about including the type of test in the suite name, but only if theres an actual confict. (And update the example for this). v1: https://lore.kernel.org/linux-kselftest/20200702071416.1780522-1-davidgow@g… - Fixed a bit of space/tab confusion in the index (Thanks, Randy) - Added some more examples (and some test case examples). - Added some examples of what not to call subsystems and suites. - No longer explicitly require "If unsure, put N" in Kconfig entries. - Minor formatting changes RFC: https://lore.kernel.org/linux-kselftest/20200620054944.167330-1-davidgow@go… - Initial version Documentation/dev-tools/kunit/index.rst | 1 + Documentation/dev-tools/kunit/style.rst | 207 ++++++++++++++++++++++++ 2 files changed, 208 insertions(+) create mode 100644 Documentation/dev-tools/kunit/style.rst diff --git a/Documentation/dev-tools/kunit/index.rst b/Documentation/dev-tools/kunit/index.rst index e93606ecfb01..c234a3ab3c34 100644 --- a/Documentation/dev-tools/kunit/index.rst +++ b/Documentation/dev-tools/kunit/index.rst @@ -11,6 +11,7 @@ KUnit - Unit Testing for the Linux Kernel usage kunit-tool api/index + style faq What is KUnit? diff --git a/Documentation/dev-tools/kunit/style.rst b/Documentation/dev-tools/kunit/style.rst new file mode 100644 index 000000000000..2352b7292eb5 --- /dev/null +++ b/Documentation/dev-tools/kunit/style.rst @@ -0,0 +1,207 @@ +.. SPDX-License-Identifier: GPL-2.0 + +=========================== +Test Style and Nomenclature +=========================== + +To make finding, writing, and using KUnit tests as simple as possible, it's +strongly encouraged that they are named and written according to the guidelines +below. While it's possible to write KUnit tests which do not follow these rules, +they may break some tooling, may conflict with other tests, and may not be run +automatically by testing systems. + +It's recommended that you only deviate from these guidelines when: + +1. Porting tests to KUnit which are already known with an existing name, or +2. Writing tests which would cause serious problems if automatically run (e.g., + non-deterministically producing false positives or negatives, or taking an + extremely long time to run). + +Subsystems, Suites, and Tests +============================= + +In order to make tests as easy to find as possible, they're grouped into suites +and subsystems. A test suite is a group of tests which test a related area of +the kernel, and a subsystem is a set of test suites which test different parts +of the same kernel subsystem or driver. + +Subsystems +---------- + +Every test suite must belong to a subsystem. A subsystem is a collection of one +or more KUnit test suites which test the same driver or part of the kernel. A +rule of thumb is that a test subsystem should match a single kernel module. If +the code being tested can't be compiled as a module, in many cases the subsystem +should correspond to a directory in the source tree or an entry in the +MAINTAINERS file. If unsure, follow the conventions set by tests in similar +areas. + +Test subsystems should be named after the code being tested, either after the +module (wherever possible), or after the directory or files being tested. Test +subsystems should be named to avoid ambiguity where necessary. + +If a test subsystem name has multiple components, they should be separated by +underscores. *Do not* include "test" or "kunit" directly in the subsystem name +unless you are actually testing other tests or the kunit framework itself. + +Example subsystems could be: + +``ext4`` + Matches the module and filesystem name. +``apparmor`` + Matches the module name and LSM name. +``kasan`` + Common name for the tool, prominent part of the path ``mm/kasan`` +``snd_hda_codec_hdmi`` + Has several components (``snd``, ``hda``, ``codec``, ``hdmi``) separated by + underscores. Matches the module name. + +Avoid names like these: + +``linear-ranges`` + Names should use underscores, not dashes, to separate words. Prefer + ``linear_ranges``. +``qos-kunit-test`` + As well as using underscores, this name should not have "kunit-test" as a + suffix, and ``qos`` is ambiguous as a subsystem name. ``power_qos`` would be a + better name. +``pc_parallel_port`` + The corresponding module name is ``parport_pc``, so this subsystem should also + be named ``parport_pc``. + +.. note:: + The KUnit API and tools do not explicitly know about subsystems. They're + simply a way of categorising test suites and naming modules which + provides a simple, consistent way for humans to find and run tests. This + may change in the future, though. + +Suites +------ + +KUnit tests are grouped into test suites, which cover a specific area of +functionality being tested. Test suites can have shared initialisation and +shutdown code which is run for all tests in the suite. +Not all subsystems will need to be split into multiple test suites (e.g. simple drivers). + +Test suites are named after the subsystem they are part of. If a subsystem +contains several suites, the specific area under test should be appended to the +subsystem name, separated by an underscore. + +In the event that there are multiple types of test using KUnit within a +subsystem (e.g., both unit tests and integration tests), they should be put into +separate suites, with the type of test as the last element in the suite name. +Unless these tests are actually present, avoid using ``_test``, ``_unittest`` or +similar in the suite name. + +The full test suite name (including the subsystem name) should be specified as +the ``.name`` member of the ``kunit_suite`` struct, and forms the base for the +module name (see below). + +Example test suites could include: + +``ext4_inode`` + Part of the ``ext4`` subsystem, testing the ``inode`` area. +``kunit_try_catch`` + Part of the ``kunit`` implementation itself, testing the ``try_catch`` area. +``apparmor_property_entry`` + Part of the ``apparmor`` subsystem, testing the ``property_entry`` area. +``kasan`` + The ``kasan`` subsystem has only one suite, so the suite name is the same as + the subsystem name. + +Avoid names like: + +``ext4_ext4_inode`` + There's no reason to state the subsystem twice. +``property_entry`` + The suite name is ambiguous without the subsystem name. +``kasan_integration_test`` + Because there is only one suite in the ``kasan`` subsystem, the suite should + just be called ``kasan``. There's no need to redundantly add + ``integration_test``. Should a separate test suite with, for example, unit + tests be added, then that suite could be named ``kasan_unittest`` or similar. + +Test Cases +---------- + +Individual tests consist of a single function which tests a constrained +codepath, property, or function. In the test output, individual tests' results +will show up as subtests of the suite's results. + +Tests should be named after what they're testing. This is often the name of the +function being tested, with a description of the input or codepath being tested. +As tests are C functions, they should be named and written in accordance with +the kernel coding style. + +.. note:: + As tests are themselves functions, their names cannot conflict with + other C identifiers in the kernel. This may require some creative + naming. It's a good idea to make your test functions `static` to avoid + polluting the global namespace. + +Example test names include: + +``unpack_u32_with_null_name`` + Tests the ``unpack_u32`` function when a NULL name is passed in. +``test_list_splice`` + Tests the ``list_splice`` macro. It has the prefix ``test_`` to avoid a + name conflict with the macro itself. + + +Should it be necessary to refer to a test outside the context of its test suite, +the *fully-qualified* name of a test should be the suite name followed by the +test name, separated by a colon (i.e. ``suite:test``). + +Test Kconfig Entries +==================== + +Every test suite should be tied to a Kconfig entry. + +This Kconfig entry must: + +* be named ``CONFIG_<name>_KUNIT_TEST``: where <name> is the name of the test + suite. +* be listed either alongside the config entries for the driver/subsystem being + tested, or be under [Kernel Hacking]→[Kernel Testing and Coverage] +* depend on ``CONFIG_KUNIT`` +* be visible only if ``CONFIG_KUNIT_ALL_TESTS`` is not enabled. +* have a default value of ``CONFIG_KUNIT_ALL_TESTS``. +* have a brief description of KUnit in the help text + +Unless there's a specific reason not to (e.g. the test is unable to be built as +a module), Kconfig entries for tests should be tristate. + +An example Kconfig entry: + +.. code-block:: none + + config FOO_KUNIT_TEST + tristate "KUnit test for foo" if !KUNIT_ALL_TESTS + depends on KUNIT + default KUNIT_ALL_TESTS + help + This builds unit tests for foo. + + For more information on KUnit and unit tests in general, please refer + to the KUnit documentation in Documentation/dev-tools/kunit + + If unsure, say N + + +Test File and Module Names +========================== + +KUnit tests can often be compiled as a module. These modules should be named +after the test suite, followed by ``_test``. If this is likely to conflict with +non-KUnit tests, the suffix ``_kunit`` can also be used. + +The easiest way of achieving this is to name the file containing the test suite +``<suite>_test.c`` (or, as above, ``<suite>_kunit.c``). This file should be +placed next to the code under test. + +If the suite name contains some or all of the name of the test's parent +directory, it may make sense to modify the source filename to reduce redundancy. +For example, a ``foo_firmware`` suite could be in the ``foo/firmware_test.c`` +file. + + -- 2.28.0.526.ge36021eeef-goog

5 years, 2 months

1
0
0 0

[PATCH v3 0/8] tracing/boot: Add new options for tracing specific period

by Masami Hiramatsu

Hi, Here is the 3rd version of the series to improve the boot-time tracing to support kretprobe and tracing_on option. Previous version is here: https://lkml.kernel.org/r/159894698993.1478826.2813843560314595660.stgit@de… This version adds uprobe %return suffix support ([5/8]) and the testcases ([8/8]), and update kprobe %suffix support([4/8]) and the uprobe event document([6/8]). The combination of tracing_on and kretprobe allows us to trace events while a specific function call period. For example, the below bootconfig will make a function callgraph in the pci_proc_init() function at boot time. ftrace { tracing_on = 0 # off at start tracer = function_graph event.kprobes { start_event { probes = "pci_proc_init" actions = "traceon" } end_event { probes = "pci_proc_init%return" actions = "traceoff" } } } Here is the example output; # tracer: function_graph # # CPU DURATION FUNCTION CALLS # | | | | | | | 0) | pci_proc_init() { 0) | proc_mkdir() { 0) | proc_mkdir_data() { 0) | __proc_create() { 0) | _raw_read_lock() { 0) 0.179 us | preempt_count_add(); 0) 0.203 us | do_raw_read_lock(); 0) 1.210 us | } 0) | __xlate_proc_name() { 0) 0.449 us | pde_subdir_find(); 0) 0.913 us | } 0) | _raw_read_unlock() { 0) 0.169 us | do_raw_read_unlock(); 0) 0.175 us | preempt_count_sub(); 0) 0.841 us | } 0) | kmem_cache_alloc() { 0) | fs_reclaim_acquire() { 0) 0.154 us | __need_fs_reclaim(); 0) 0.240 us | fs_reclaim_acquire.part.0(); 0) 0.889 us | } 0) | fs_reclaim_release() { 0) 0.174 us | __need_fs_reclaim(); 0) 0.516 us | } 0) 0.157 us | should_failslab(); 0) | rcu_read_lock_sched_held() { 0) | rcu_read_lock_held_common() { 0) 0.156 us | rcu_is_watching(); 0) 0.158 us | rcu_lockdep_current_cpu_online(); 0) 0.735 us | } 0) 1.054 us | } 0) 3.407 us | } 0) 0.168 us | __raw_spin_lock_init(); 0) 7.575 us | } 0) | proc_register() { 0) | _raw_spin_lock_irqsave() { 0) 0.187 us | preempt_count_add(); ... Thank you, --- Masami Hiramatsu (8): kprobes: tracing/kprobes: Fix to kill kprobes on initmem after boot tracing/boot: Add per-instance tracing_on option support Documentation: tracing: Add tracing_on option to boot-time tracer tracing/kprobes: Support perf-style return probe tracing/uprobes: Support perf-style return probe Documentation: tracing: Add %return suffix description Documentation: tracing: boot: Add an example of tracing function-calls selftests/ftrace: Add %return suffix tests Documentation/trace/boottime-trace.rst | 24 ++++++++++++++++++++ Documentation/trace/kprobetrace.rst | 2 ++ Documentation/trace/uprobetracer.rst | 2 ++ include/linux/kprobes.h | 5 ++++ init/main.c | 2 ++ kernel/kprobes.c | 22 ++++++++++++++++++ kernel/trace/trace.c | 4 ++- kernel/trace/trace_boot.c | 10 ++++++++ kernel/trace/trace_kprobe.c | 18 ++++++++++++++- kernel/trace/trace_probe.h | 1 + kernel/trace/trace_uprobe.c | 15 ++++++++++++- .../ftrace/test.d/kprobe/kprobe_syntax_errors.tc | 6 +++++ .../test.d/kprobe/kretprobe_return_suffix.tc | 21 ++++++++++++++++++ .../ftrace/test.d/kprobe/uprobe_syntax_errors.tc | 6 +++++ 14 files changed, 134 insertions(+), 4 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/kprobe/kretprobe_return_suffix.tc -- Masami Hiramatsu (Linaro) <mhiramat(a)kernel.org>

5 years, 2 months

4
14
0 0

[PATCH v13 0/5] KASAN-KUnit Integration

by David Gow

This patchset contains everything needed to integrate KASAN and KUnit. KUnit will be able to: (1) Fail tests when an unexpected KASAN error occurs (2) Pass tests when an expected KASAN error occurs Convert KASAN tests to KUnit with the exception of copy_user_test because KUnit is unable to test those. Add documentation on how to run the KASAN tests with KUnit and what to expect when running these tests. The dependencies for this patchset are all present in 5.9-rc1+. Changes from v12: - Rebased on top of mainline (ab29a807) - Updated to match latest KUnit guidelines (no longer rename the test) - Fix some small issues with the documentation to match the correct test name and mention the module name. Changes from v11: - Rebased on top of latest -next (20200810) - Fixed a redundant memchr() call in kasan_memchr() - Added Andrey's "Tested-by" to everything. Changes from v10: - Fixed some whitespace issues in patch 2. - Split out the renaming of the KUnit test suite into a separate patch. Changes from v9: - Rebased on top of linux-next (20200731) + kselftest/kunit and [7] - Note that the kasan_rcu_uaf test has not been ported to KUnit, and remains in test_kasan_module. This is because: (a) KUnit's expect failure will not check if the RCU stacktraces show. (b) KUnit is unable to link the failure to the test, as it occurs in an RCU callback. Changes from v8: - Rebased on top of kselftest/kunit - (Which, with this patchset, should rebase cleanly on 5.8-rc7) - Renamed the KUnit test suite, config name to patch the proposed naming guidelines for KUnit tests[6] Changes from v7: - Rebased on top of kselftest/kunit - Rebased on top of v4 of the kunit resources API[1] - Rebased on top of v4 of the FORTIFY_SOURCE fix[2,3,4] - Updated the Kconfig entry to support KUNIT_ALL_TESTS Changes from v6: - Rebased on top of kselftest/kunit - Rebased on top of Daniel Axtens' fix for FORTIFY_SOURCE incompatibilites [2] - Removed a redundant report_enabled() check. - Fixed some places with out of date Kconfig names in the documentation. Changes from v5: - Split out the panic_on_warn changes to a separate patch. - Fix documentation to fewer to the new Kconfig names. - Fix some changes which were in the wrong patch. - Rebase on top of kselftest/kunit (currently identical to 5.7-rc1) Changes from v4: - KASAN no longer will panic on errors if both panic_on_warn and kasan_multishot are enabled. - As a result, the KASAN tests will no-longer disable panic_on_warn. - This also means panic_on_warn no-longer needs to be exported. - The use of temporary "kasan_data" variables has been cleaned up somewhat. - A potential refcount/resource leak should multiple KASAN errors appear during an assertion was fixed. - Some wording changes to the KASAN test Kconfig entries. Changes from v3: - KUNIT_SET_KASAN_DATA and KUNIT_DO_EXPECT_KASAN_FAIL have been combined and included in KUNIT_DO_EXPECT_KASAN_FAIL() instead. - Reordered logic in kasan_update_kunit_status() in report.c to be easier to read. - Added comment to not use the name "kasan_data" for any kunit tests outside of KUNIT_EXPECT_KASAN_FAIL(). Changes since v2: - Due to Alan's changes in [1], KUnit can be built as a module. - The name of the tests that could not be run with KUnit has been changed to be more generic: test_kasan_module. - Documentation on how to run the new KASAN tests and what to expect when running them has been added. - Some variables and functions are now static. - Now save/restore panic_on_warn in a similar way to kasan_multi_shot and renamed the init/exit functions to be more generic to accommodate. - Due to [4] in kasan_strings, kasan_memchr, and kasan_memcmp will fail if CONFIG_AMD_MEM_ENCRYPT is enabled so return early and print message explaining this circumstance. - Changed preprocessor checks to C checks where applicable. Changes since v1: - Make use of Alan Maguire's suggestion to use his patch that allows static resources for integration instead of adding a new attribute to the kunit struct - All KUNIT_EXPECT_KASAN_FAIL statements are local to each test - The definition of KUNIT_EXPECT_KASAN_FAIL is local to the test_kasan.c file since it seems this is the only place this will be used. - Integration relies on KUnit being builtin - copy_user_test has been separated into its own file since KUnit is unable to test these. This can be run as a module just as before, using CONFIG_TEST_KASAN_USER - The addition to the current task has been separated into its own patch as this is a significant enough change to be on its own. [1] https://lore.kernel.org/linux-kselftest/CAFd5g46Uu_5TG89uOm0Dj5CMq+11cwjBns… [2] https://lore.kernel.org/linux-mm/20200424145521.8203-1-dja@axtens.net/ [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [5] https://bugzilla.kernel.org/show_bug.cgi?id=206337 [6] https://lore.kernel.org/linux-kselftest/20200620054944.167330-1-davidgow@go… [7] https://lkml.org/lkml/2020/7/31/571 [8] https://lore.kernel.org/linux-kselftest/8d43e88e-1356-cd63-9152-209b81b1674… David Gow (1): mm: kasan: Do not panic if both panic_on_warn and kasan_multishot set Patricia Alfonso (4): Add KUnit Struct to Current Task KUnit: KASAN Integration KASAN: Port KASAN Tests to KUnit KASAN: Testing Documentation Documentation/dev-tools/kasan.rst | 70 +++ include/kunit/test.h | 5 + include/linux/kasan.h | 6 + include/linux/sched.h | 4 + lib/Kconfig.kasan | 22 +- lib/Makefile | 3 +- lib/kunit/test.c | 13 +- lib/test_kasan.c | 728 ++++++++++++------------------ lib/test_kasan_module.c | 111 +++++ mm/kasan/report.c | 34 +- 10 files changed, 553 insertions(+), 443 deletions(-) create mode 100644 lib/test_kasan_module.c -- 2.28.0.526.ge36021eeef-goog

5 years, 2 months

2
6
0 0

[PATCH v2] selftests/lkdtm: Use "comm" instead of "diff" for dmesg

by Kees Cook

Instead of full GNU diff (which smaller boot environments may not have), use "comm" which is more available. Reported-by: Naresh Kamboju <naresh.kamboju(a)linaro.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: linux-kselftest(a)vger.kernel.org Fixes: f131d9edc29d ("selftests/lkdtm: Don't clear dmesg when running tests") Signed-off-by: Kees Cook <keescook(a)chromium.org> --- v2: add --nocheck-order, thanks to Joe Lawrence v1: https://lore.kernel.org/lkml/202006261358.3E8AA623A9@keescook/ --- tools/testing/selftests/lkdtm/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/lkdtm/run.sh b/tools/testing/selftests/lkdtm/run.sh index 8383eb89d88a..bb7a1775307b 100755 --- a/tools/testing/selftests/lkdtm/run.sh +++ b/tools/testing/selftests/lkdtm/run.sh @@ -82,7 +82,7 @@ dmesg > "$DMESG" ($SHELL -c 'cat <(echo '"$test"') >'"$TRIGGER" 2>/dev/null) || true # Record and dump the results -dmesg | diff --changed-group-format='%>' --unchanged-group-format='' "$DMESG" - > "$LOG" || true +dmesg | comm --nocheck-order -13 "$DMESG" - > "$LOG" || true cat "$LOG" # Check for expected output -- 2.25.1

5 years, 2 months

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror