- Linux-kselftest-mirror - lists.linaro.org

[PATCH AUTOSEL 5.4 172/175] selftests/bpf, flow_dissector: Close TAP device FD after the test

by Sasha Levin

From: Jakub Sitnicki <jakub(a)cloudflare.com> [ Upstream commit b8215dce7dfd817ca38807f55165bf502146cd68 ] test_flow_dissector leaves a TAP device after it's finished, potentially interfering with other tests that will run after it. Fix it by closing the TAP descriptor on cleanup. Fixes: 0905beec9f52 ("selftests/bpf: run flow dissector tests in skb-less mode") Signed-off-by: Jakub Sitnicki <jakub(a)cloudflare.com> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Link: https://lore.kernel.org/bpf/20200531082846.2117903-11-jakub@cloudflare.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/prog_tests/flow_dissector.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c index 92563898867c..9f3634c9971d 100644 --- a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c +++ b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c @@ -523,6 +523,7 @@ void test_flow_dissector(void) CHECK_ATTR(err, tests[i].name, "bpf_map_delete_elem %d\n", err); } + close(tap_fd); bpf_prog_detach(prog_fd, BPF_FLOW_DISSECTOR); bpf_object__close(obj); } -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.4 140/175] selftests/bpf: CONFIG_IPV6_SEG6_BPF required for test_seg6_loop.o

by Sasha Levin

From: Alan Maguire <alan.maguire(a)oracle.com> [ Upstream commit 3c8e8cf4b18b3a7034fab4c4504fc4b54e4b6195 ] test_seg6_loop.o uses the helper bpf_lwt_seg6_adjust_srh(); it will not be present if CONFIG_IPV6_SEG6_BPF is not specified. Fixes: b061017f8b4d ("selftests/bpf: add realistic loop tests") Signed-off-by: Alan Maguire <alan.maguire(a)oracle.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Link: https://lore.kernel.org/bpf/1590147389-26482-2-git-send-email-alan.maguire@… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/config | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/bpf/config index 5dc109f4c097..b9601f13cf03 100644 --- a/tools/testing/selftests/bpf/config +++ b/tools/testing/selftests/bpf/config @@ -25,6 +25,7 @@ CONFIG_XDP_SOCKETS=y CONFIG_FTRACE_SYSCALLS=y CONFIG_IPV6_TUNNEL=y CONFIG_IPV6_GRE=y +CONFIG_IPV6_SEG6_BPF=y CONFIG_NET_FOU=m CONFIG_NET_FOU_IP_TUNNELS=y CONFIG_IPV6_FOU=m -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.4 125/175] selftests: fix flower parent qdisc

by Sasha Levin

From: Vlad Buslov <vladbu(a)mellanox.com> [ Upstream commit 0531b0357ba37464e5c0033e1b7c69bbf5ecd8fb ] Flower tests used to create ingress filter with specified parent qdisc "parent ffff:" but dump them on "ingress". With recent commit that fixed tcm_parent handling in dump those are not considered same parent anymore, which causes iproute2 tc to emit additional "parent ffff:" in first line of filter dump output. The change in output causes filter match in tests to fail. Prevent parent qdisc output when dumping filters in flower tests by always correctly specifying "ingress" parent both when creating and dumping filters. Fixes: a7df4870d79b ("net_sched: fix tcm_parent in tc filter dump") Signed-off-by: Vlad Buslov <vladbu(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- .../selftests/tc-testing/tc-tests/filters/tests.json | 6 +++--- tools/testing/selftests/tc-testing/tdc_batch.py | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/tc-testing/tc-tests/filters/tests.json b/tools/testing/selftests/tc-testing/tc-tests/filters/tests.json index 0f89cd50a94b..152ffa45e857 100644 --- a/tools/testing/selftests/tc-testing/tc-tests/filters/tests.json +++ b/tools/testing/selftests/tc-testing/tc-tests/filters/tests.json @@ -54,7 +54,7 @@ "setup": [ "$TC qdisc add dev $DEV2 ingress" ], - "cmdUnderTest": "$TC filter add dev $DEV2 protocol ip pref 1 parent ffff: handle 0xffffffff flower action ok", + "cmdUnderTest": "$TC filter add dev $DEV2 protocol ip pref 1 ingress handle 0xffffffff flower action ok", "expExitCode": "0", "verifyCmd": "$TC filter show dev $DEV2 ingress", "matchPattern": "filter protocol ip pref 1 flower.*handle 0xffffffff", @@ -99,9 +99,9 @@ }, "setup": [ "$TC qdisc add dev $DEV2 ingress", - "$TC filter add dev $DEV2 protocol ip prio 1 parent ffff: flower dst_mac e4:11:22:11:4a:51 src_mac e4:11:22:11:4a:50 ip_proto tcp src_ip 1.1.1.1 dst_ip 2.2.2.2 action drop" + "$TC filter add dev $DEV2 protocol ip prio 1 ingress flower dst_mac e4:11:22:11:4a:51 src_mac e4:11:22:11:4a:50 ip_proto tcp src_ip 1.1.1.1 dst_ip 2.2.2.2 action drop" ], - "cmdUnderTest": "$TC filter add dev $DEV2 protocol ip prio 1 parent ffff: flower dst_mac e4:11:22:11:4a:51 src_mac e4:11:22:11:4a:50 ip_proto tcp src_ip 1.1.1.1 dst_ip 2.2.2.2 action drop", + "cmdUnderTest": "$TC filter add dev $DEV2 protocol ip prio 1 ingress flower dst_mac e4:11:22:11:4a:51 src_mac e4:11:22:11:4a:50 ip_proto tcp src_ip 1.1.1.1 dst_ip 2.2.2.2 action drop", "expExitCode": "2", "verifyCmd": "$TC -s filter show dev $DEV2 ingress", "matchPattern": "filter protocol ip pref 1 flower chain 0 handle", diff --git a/tools/testing/selftests/tc-testing/tdc_batch.py b/tools/testing/selftests/tc-testing/tdc_batch.py index 6a2bd2cf528e..995f66ce43eb 100755 --- a/tools/testing/selftests/tc-testing/tdc_batch.py +++ b/tools/testing/selftests/tc-testing/tdc_batch.py @@ -72,21 +72,21 @@ mac_prefix = args.mac_prefix def format_add_filter(device, prio, handle, skip, src_mac, dst_mac, share_action): - return ("filter add dev {} {} protocol ip parent ffff: handle {} " + return ("filter add dev {} {} protocol ip ingress handle {} " " flower {} src_mac {} dst_mac {} action drop {}".format( device, prio, handle, skip, src_mac, dst_mac, share_action)) def format_rep_filter(device, prio, handle, skip, src_mac, dst_mac, share_action): - return ("filter replace dev {} {} protocol ip parent ffff: handle {} " + return ("filter replace dev {} {} protocol ip ingress handle {} " " flower {} src_mac {} dst_mac {} action drop {}".format( device, prio, handle, skip, src_mac, dst_mac, share_action)) def format_del_filter(device, prio, handle, skip, src_mac, dst_mac, share_action): - return ("filter del dev {} {} protocol ip parent ffff: handle {} " + return ("filter del dev {} {} protocol ip ingress handle {} " "flower".format(device, prio, handle)) -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.4 083/175] selftests/bpf: Fix memory leak in extract_build_id()

by Sasha Levin

From: Andrii Nakryiko <andriin(a)fb.com> [ Upstream commit 9f56bb531a809ecaa7f0ddca61d2cf3adc1cb81a ] getline() allocates string, which has to be freed. Fixes: 81f77fd0deeb ("bpf: add selftest for stackmap with BPF_F_STACK_BUILD_ID") Signed-off-by: Andrii Nakryiko <andriin(a)fb.com> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Cc: Song Liu <songliubraving(a)fb.com> Link: https://lore.kernel.org/bpf/20200429012111.277390-7-andriin@fb.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/test_progs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/bpf/test_progs.c b/tools/testing/selftests/bpf/test_progs.c index 3bf18364c67c..8cb3469dd11f 100644 --- a/tools/testing/selftests/bpf/test_progs.c +++ b/tools/testing/selftests/bpf/test_progs.c @@ -293,6 +293,7 @@ int extract_build_id(char *build_id, size_t size) len = size; memcpy(build_id, line, len); build_id[len] = '\0'; + free(line); return 0; err: fclose(fp); -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.6 262/606] kselftests: dmabuf-heaps: Fix confused return value on expected error testing

by Sasha Levin

From: John Stultz <john.stultz(a)linaro.org> [ Upstream commit 4bb9d46d47b105a774f9dca642f5271375bca4b2 ] When I added the expected error testing, I forgot I need to set the return to zero when we successfully see an error. Without this change we only end up testing a single heap before the test quits. Cc: Shuah Khan <shuah(a)kernel.org> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Benjamin Gaignard <benjamin.gaignard(a)linaro.org> Cc: Brian Starkey <brian.starkey(a)arm.com> Cc: Laura Abbott <labbott(a)redhat.com> Cc: "Andrew F. Davis" <afd(a)ti.com> Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: John Stultz <john.stultz(a)linaro.org> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c b/tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c index cd5e1f602ac9..909da9cdda97 100644 --- a/tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c +++ b/tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c @@ -351,6 +351,7 @@ static int test_alloc_errors(char *heap_name) } printf("Expected error checking passed\n"); + ret = 0; out: if (dmabuf_fd >= 0) close(dmabuf_fd); -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.7 269/274] selftests/bpf, flow_dissector: Close TAP device FD after the test

by Sasha Levin

From: Jakub Sitnicki <jakub(a)cloudflare.com> [ Upstream commit b8215dce7dfd817ca38807f55165bf502146cd68 ] test_flow_dissector leaves a TAP device after it's finished, potentially interfering with other tests that will run after it. Fix it by closing the TAP descriptor on cleanup. Fixes: 0905beec9f52 ("selftests/bpf: run flow dissector tests in skb-less mode") Signed-off-by: Jakub Sitnicki <jakub(a)cloudflare.com> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Link: https://lore.kernel.org/bpf/20200531082846.2117903-11-jakub@cloudflare.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/prog_tests/flow_dissector.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c index 92563898867c..9f3634c9971d 100644 --- a/tools/testing/selftests/bpf/prog_tests/flow_dissector.c +++ b/tools/testing/selftests/bpf/prog_tests/flow_dissector.c @@ -523,6 +523,7 @@ void test_flow_dissector(void) CHECK_ATTR(err, tests[i].name, "bpf_map_delete_elem %d\n", err); } + close(tap_fd); bpf_prog_detach(prog_fd, BPF_FLOW_DISSECTOR); bpf_object__close(obj); } -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.6 202/606] bpf: Prevent mmap()'ing read-only maps as writable

by Sasha Levin

From: Andrii Nakryiko <andriin(a)fb.com> [ Upstream commit dfeb376dd4cb2c5004aeb625e2475f58a5ff2ea7 ] As discussed in [0], it's dangerous to allow mapping BPF map, that's meant to be frozen and is read-only on BPF program side, because that allows user-space to actually store a writable view to the page even after it is frozen. This is exacerbated by BPF verifier making a strong assumption that contents of such frozen map will remain unchanged. To prevent this, disallow mapping BPF_F_RDONLY_PROG mmap()'able BPF maps as writable, ever. [0] https://lore.kernel.org/bpf/CAEf4BzYGWYhXdp6BJ7_=9OQPJxQpgug080MMjdSB72i9R+… Fixes: fc9702273e2e ("bpf: Add mmap() support for BPF_MAP_TYPE_ARRAY") Suggested-by: Jann Horn <jannh(a)google.com> Signed-off-by: Andrii Nakryiko <andriin(a)fb.com> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Reviewed-by: Jann Horn <jannh(a)google.com> Link: https://lore.kernel.org/bpf/20200519053824.1089415-1-andriin@fb.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/bpf/syscall.c | 17 ++++++++++++++--- tools/testing/selftests/bpf/prog_tests/mmap.c | 13 ++++++++++++- tools/testing/selftests/bpf/progs/test_mmap.c | 8 ++++++++ 3 files changed, 34 insertions(+), 4 deletions(-) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index e04ea4c8f935..c0ab9bfdf28a 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -629,9 +629,20 @@ static int bpf_map_mmap(struct file *filp, struct vm_area_struct *vma) mutex_lock(&map->freeze_mutex); - if ((vma->vm_flags & VM_WRITE) && map->frozen) { - err = -EPERM; - goto out; + if (vma->vm_flags & VM_WRITE) { + if (map->frozen) { + err = -EPERM; + goto out; + } + /* map is meant to be read-only, so do not allow mapping as + * writable, because it's possible to leak a writable page + * reference and allows user-space to still modify it after + * freezing, while verifier will assume contents do not change + */ + if (map->map_flags & BPF_F_RDONLY_PROG) { + err = -EACCES; + goto out; + } } /* set default open/close callbacks */ diff --git a/tools/testing/selftests/bpf/prog_tests/mmap.c b/tools/testing/selftests/bpf/prog_tests/mmap.c index b0e789678aa4..5495b669fccc 100644 --- a/tools/testing/selftests/bpf/prog_tests/mmap.c +++ b/tools/testing/selftests/bpf/prog_tests/mmap.c @@ -19,7 +19,7 @@ void test_mmap(void) const size_t map_sz = roundup_page(sizeof(struct map_data)); const int zero = 0, one = 1, two = 2, far = 1500; const long page_size = sysconf(_SC_PAGE_SIZE); - int err, duration = 0, i, data_map_fd; + int err, duration = 0, i, data_map_fd, rdmap_fd; struct bpf_map *data_map, *bss_map; void *bss_mmaped = NULL, *map_mmaped = NULL, *tmp1, *tmp2; struct test_mmap__bss *bss_data; @@ -36,6 +36,17 @@ void test_mmap(void) data_map = skel->maps.data_map; data_map_fd = bpf_map__fd(data_map); + rdmap_fd = bpf_map__fd(skel->maps.rdonly_map); + tmp1 = mmap(NULL, 4096, PROT_READ | PROT_WRITE, MAP_SHARED, rdmap_fd, 0); + if (CHECK(tmp1 != MAP_FAILED, "rdonly_write_mmap", "unexpected success\n")) { + munmap(tmp1, 4096); + goto cleanup; + } + /* now double-check if it's mmap()'able at all */ + tmp1 = mmap(NULL, 4096, PROT_READ, MAP_SHARED, rdmap_fd, 0); + if (CHECK(tmp1 == MAP_FAILED, "rdonly_read_mmap", "failed: %d\n", errno)) + goto cleanup; + bss_mmaped = mmap(NULL, bss_sz, PROT_READ | PROT_WRITE, MAP_SHARED, bpf_map__fd(bss_map), 0); if (CHECK(bss_mmaped == MAP_FAILED, "bss_mmap", diff --git a/tools/testing/selftests/bpf/progs/test_mmap.c b/tools/testing/selftests/bpf/progs/test_mmap.c index 6239596cd14e..4eb42cff5fe9 100644 --- a/tools/testing/selftests/bpf/progs/test_mmap.c +++ b/tools/testing/selftests/bpf/progs/test_mmap.c @@ -7,6 +7,14 @@ char _license[] SEC("license") = "GPL"; +struct { + __uint(type, BPF_MAP_TYPE_ARRAY); + __uint(max_entries, 4096); + __uint(map_flags, BPF_F_MMAPABLE | BPF_F_RDONLY_PROG); + __type(key, __u32); + __type(value, char); +} rdonly_map SEC(".maps"); + struct { __uint(type, BPF_MAP_TYPE_ARRAY); __uint(max_entries, 512 * 4); /* at least 4 pages of data */ -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.7 226/274] selftests/bpf: CONFIG_LIRC required for test_lirc_mode2.sh

by Sasha Levin

From: Alan Maguire <alan.maguire(a)oracle.com> [ Upstream commit a5dfaa2ab94057dd75c7911143482a0a85593c14 ] test_lirc_mode2.sh assumes presence of /sys/class/rc/rc0/lirc*/uevent which will not be present unless CONFIG_LIRC=y Fixes: 6bdd533cee9a ("bpf: add selftest for lirc_mode2 type program") Signed-off-by: Alan Maguire <alan.maguire(a)oracle.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Link: https://lore.kernel.org/bpf/1590147389-26482-3-git-send-email-alan.maguire@… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/config | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/bpf/config index 48e058552eb7..2118e23ac07a 100644 --- a/tools/testing/selftests/bpf/config +++ b/tools/testing/selftests/bpf/config @@ -38,3 +38,4 @@ CONFIG_IPV6_SIT=m CONFIG_BPF_JIT=y CONFIG_BPF_LSM=y CONFIG_SECURITY=y +CONFIG_LIRC=y -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.7 225/274] selftests/bpf: CONFIG_IPV6_SEG6_BPF required for test_seg6_loop.o

by Sasha Levin

From: Alan Maguire <alan.maguire(a)oracle.com> [ Upstream commit 3c8e8cf4b18b3a7034fab4c4504fc4b54e4b6195 ] test_seg6_loop.o uses the helper bpf_lwt_seg6_adjust_srh(); it will not be present if CONFIG_IPV6_SEG6_BPF is not specified. Fixes: b061017f8b4d ("selftests/bpf: add realistic loop tests") Signed-off-by: Alan Maguire <alan.maguire(a)oracle.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Link: https://lore.kernel.org/bpf/1590147389-26482-2-git-send-email-alan.maguire@… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/config | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/bpf/config index 60e3ae5d4e48..48e058552eb7 100644 --- a/tools/testing/selftests/bpf/config +++ b/tools/testing/selftests/bpf/config @@ -25,6 +25,7 @@ CONFIG_XDP_SOCKETS=y CONFIG_FTRACE_SYSCALLS=y CONFIG_IPV6_TUNNEL=y CONFIG_IPV6_GRE=y +CONFIG_IPV6_SEG6_BPF=y CONFIG_NET_FOU=m CONFIG_NET_FOU_IP_TUNNELS=y CONFIG_IPV6_FOU=m -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.7 208/274] selftests/bpf: Fix test_align verifier log patterns

by Sasha Levin

From: Stanislav Fomichev <sdf(a)google.com> [ Upstream commit 5366d2269139ba8eb6a906d73a0819947e3e4e0a ] Commit 294f2fc6da27 ("bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()") changed the way verifier logs some of its state, adjust the test_align accordingly. Where possible, I tried to not copy-paste the entire log line and resorted to dropping the last closing brace instead. Fixes: 294f2fc6da27 ("bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()") Signed-off-by: Stanislav Fomichev <sdf(a)google.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Link: https://lore.kernel.org/bpf/20200515194904.229296-1-sdf@google.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/test_align.c | 41 ++++++++++++------------ 1 file changed, 21 insertions(+), 20 deletions(-) diff --git a/tools/testing/selftests/bpf/test_align.c b/tools/testing/selftests/bpf/test_align.c index 0262f7b374f9..c9c9bdce9d6d 100644 --- a/tools/testing/selftests/bpf/test_align.c +++ b/tools/testing/selftests/bpf/test_align.c @@ -359,15 +359,15 @@ static struct bpf_align_test tests[] = { * is still (4n), fixed offset is not changed. * Also, we create a new reg->id. */ - {29, "R5_w=pkt(id=4,off=18,r=0,umax_value=2040,var_off=(0x0; 0x7fc))"}, + {29, "R5_w=pkt(id=4,off=18,r=0,umax_value=2040,var_off=(0x0; 0x7fc)"}, /* At the time the word size load is performed from R5, * its total fixed offset is NET_IP_ALIGN + reg->off (18) * which is 20. Then the variable offset is (4n), so * the total offset is 4-byte aligned and meets the * load's requirements. */ - {33, "R4=pkt(id=4,off=22,r=22,umax_value=2040,var_off=(0x0; 0x7fc))"}, - {33, "R5=pkt(id=4,off=18,r=22,umax_value=2040,var_off=(0x0; 0x7fc))"}, + {33, "R4=pkt(id=4,off=22,r=22,umax_value=2040,var_off=(0x0; 0x7fc)"}, + {33, "R5=pkt(id=4,off=18,r=22,umax_value=2040,var_off=(0x0; 0x7fc)"}, }, }, { @@ -410,15 +410,15 @@ static struct bpf_align_test tests[] = { /* Adding 14 makes R6 be (4n+2) */ {9, "R6_w=inv(id=0,umin_value=14,umax_value=1034,var_off=(0x2; 0x7fc))"}, /* Packet pointer has (4n+2) offset */ - {11, "R5_w=pkt(id=1,off=0,r=0,umin_value=14,umax_value=1034,var_off=(0x2; 0x7fc))"}, - {13, "R4=pkt(id=1,off=4,r=0,umin_value=14,umax_value=1034,var_off=(0x2; 0x7fc))"}, + {11, "R5_w=pkt(id=1,off=0,r=0,umin_value=14,umax_value=1034,var_off=(0x2; 0x7fc)"}, + {13, "R4=pkt(id=1,off=4,r=0,umin_value=14,umax_value=1034,var_off=(0x2; 0x7fc)"}, /* At the time the word size load is performed from R5, * its total fixed offset is NET_IP_ALIGN + reg->off (0) * which is 2. Then the variable offset is (4n+2), so * the total offset is 4-byte aligned and meets the * load's requirements. */ - {15, "R5=pkt(id=1,off=0,r=4,umin_value=14,umax_value=1034,var_off=(0x2; 0x7fc))"}, + {15, "R5=pkt(id=1,off=0,r=4,umin_value=14,umax_value=1034,var_off=(0x2; 0x7fc)"}, /* Newly read value in R6 was shifted left by 2, so has * known alignment of 4. */ @@ -426,15 +426,15 @@ static struct bpf_align_test tests[] = { /* Added (4n) to packet pointer's (4n+2) var_off, giving * another (4n+2). */ - {19, "R5_w=pkt(id=2,off=0,r=0,umin_value=14,umax_value=2054,var_off=(0x2; 0xffc))"}, - {21, "R4=pkt(id=2,off=4,r=0,umin_value=14,umax_value=2054,var_off=(0x2; 0xffc))"}, + {19, "R5_w=pkt(id=2,off=0,r=0,umin_value=14,umax_value=2054,var_off=(0x2; 0xffc)"}, + {21, "R4=pkt(id=2,off=4,r=0,umin_value=14,umax_value=2054,var_off=(0x2; 0xffc)"}, /* At the time the word size load is performed from R5, * its total fixed offset is NET_IP_ALIGN + reg->off (0) * which is 2. Then the variable offset is (4n+2), so * the total offset is 4-byte aligned and meets the * load's requirements. */ - {23, "R5=pkt(id=2,off=0,r=4,umin_value=14,umax_value=2054,var_off=(0x2; 0xffc))"}, + {23, "R5=pkt(id=2,off=0,r=4,umin_value=14,umax_value=2054,var_off=(0x2; 0xffc)"}, }, }, { @@ -469,16 +469,16 @@ static struct bpf_align_test tests[] = { .matches = { {4, "R5_w=pkt_end(id=0,off=0,imm=0)"}, /* (ptr - ptr) << 2 == unknown, (4n) */ - {6, "R5_w=inv(id=0,smax_value=9223372036854775804,umax_value=18446744073709551612,var_off=(0x0; 0xfffffffffffffffc))"}, + {6, "R5_w=inv(id=0,smax_value=9223372036854775804,umax_value=18446744073709551612,var_off=(0x0; 0xfffffffffffffffc)"}, /* (4n) + 14 == (4n+2). We blow our bounds, because * the add could overflow. */ - {7, "R5_w=inv(id=0,var_off=(0x2; 0xfffffffffffffffc))"}, + {7, "R5_w=inv(id=0,smin_value=-9223372036854775806,smax_value=9223372036854775806,umin_value=2,umax_value=18446744073709551614,var_off=(0x2; 0xfffffffffffffffc)"}, /* Checked s>=0 */ - {9, "R5=inv(id=0,umin_value=2,umax_value=9223372036854775806,var_off=(0x2; 0x7ffffffffffffffc))"}, + {9, "R5=inv(id=0,umin_value=2,umax_value=9223372034707292158,var_off=(0x2; 0x7fffffff7ffffffc)"}, /* packet pointer + nonnegative (4n+2) */ - {11, "R6_w=pkt(id=1,off=0,r=0,umin_value=2,umax_value=9223372036854775806,var_off=(0x2; 0x7ffffffffffffffc))"}, - {13, "R4_w=pkt(id=1,off=4,r=0,umin_value=2,umax_value=9223372036854775806,var_off=(0x2; 0x7ffffffffffffffc))"}, + {11, "R6_w=pkt(id=1,off=0,r=0,umin_value=2,umax_value=9223372034707292158,var_off=(0x2; 0x7fffffff7ffffffc)"}, + {13, "R4_w=pkt(id=1,off=4,r=0,umin_value=2,umax_value=9223372034707292158,var_off=(0x2; 0x7fffffff7ffffffc)"}, /* NET_IP_ALIGN + (4n+2) == (4n), alignment is fine. * We checked the bounds, but it might have been able * to overflow if the packet pointer started in the @@ -486,7 +486,7 @@ static struct bpf_align_test tests[] = { * So we did not get a 'range' on R6, and the access * attempt will fail. */ - {15, "R6_w=pkt(id=1,off=0,r=0,umin_value=2,umax_value=9223372036854775806,var_off=(0x2; 0x7ffffffffffffffc))"}, + {15, "R6_w=pkt(id=1,off=0,r=0,umin_value=2,umax_value=9223372034707292158,var_off=(0x2; 0x7fffffff7ffffffc)"}, } }, { @@ -528,7 +528,7 @@ static struct bpf_align_test tests[] = { /* New unknown value in R7 is (4n) */ {11, "R7_w=inv(id=0,umax_value=1020,var_off=(0x0; 0x3fc))"}, /* Subtracting it from R6 blows our unsigned bounds */ - {12, "R6=inv(id=0,smin_value=-1006,smax_value=1034,var_off=(0x2; 0xfffffffffffffffc))"}, + {12, "R6=inv(id=0,smin_value=-1006,smax_value=1034,umin_value=2,umax_value=18446744073709551614,var_off=(0x2; 0xfffffffffffffffc)"}, /* Checked s>= 0 */ {14, "R6=inv(id=0,umin_value=2,umax_value=1034,var_off=(0x2; 0x7fc))"}, /* At the time the word size load is performed from R5, @@ -537,7 +537,8 @@ static struct bpf_align_test tests[] = { * the total offset is 4-byte aligned and meets the * load's requirements. */ - {20, "R5=pkt(id=1,off=0,r=4,umin_value=2,umax_value=1034,var_off=(0x2; 0x7fc))"}, + {20, "R5=pkt(id=1,off=0,r=4,umin_value=2,umax_value=1034,var_off=(0x2; 0x7fc)"}, + }, }, { @@ -579,18 +580,18 @@ static struct bpf_align_test tests[] = { /* Adding 14 makes R6 be (4n+2) */ {11, "R6_w=inv(id=0,umin_value=14,umax_value=74,var_off=(0x2; 0x7c))"}, /* Subtracting from packet pointer overflows ubounds */ - {13, "R5_w=pkt(id=1,off=0,r=8,umin_value=18446744073709551542,umax_value=18446744073709551602,var_off=(0xffffffffffffff82; 0x7c))"}, + {13, "R5_w=pkt(id=1,off=0,r=8,umin_value=18446744073709551542,umax_value=18446744073709551602,var_off=(0xffffffffffffff82; 0x7c)"}, /* New unknown value in R7 is (4n), >= 76 */ {15, "R7_w=inv(id=0,umin_value=76,umax_value=1096,var_off=(0x0; 0x7fc))"}, /* Adding it to packet pointer gives nice bounds again */ - {16, "R5_w=pkt(id=2,off=0,r=0,umin_value=2,umax_value=1082,var_off=(0x2; 0x7fc))"}, + {16, "R5_w=pkt(id=2,off=0,r=0,umin_value=2,umax_value=1082,var_off=(0x2; 0xfffffffc)"}, /* At the time the word size load is performed from R5, * its total fixed offset is NET_IP_ALIGN + reg->off (0) * which is 2. Then the variable offset is (4n+2), so * the total offset is 4-byte aligned and meets the * load's requirements. */ - {20, "R5=pkt(id=2,off=0,r=4,umin_value=2,umax_value=1082,var_off=(0x2; 0x7fc))"}, + {20, "R5=pkt(id=2,off=0,r=4,umin_value=2,umax_value=1082,var_off=(0x2; 0xfffffffc)"}, }, }, }; -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.7 203/274] selftests: fix flower parent qdisc

by Sasha Levin

From: Vlad Buslov <vladbu(a)mellanox.com> [ Upstream commit 0531b0357ba37464e5c0033e1b7c69bbf5ecd8fb ] Flower tests used to create ingress filter with specified parent qdisc "parent ffff:" but dump them on "ingress". With recent commit that fixed tcm_parent handling in dump those are not considered same parent anymore, which causes iproute2 tc to emit additional "parent ffff:" in first line of filter dump output. The change in output causes filter match in tests to fail. Prevent parent qdisc output when dumping filters in flower tests by always correctly specifying "ingress" parent both when creating and dumping filters. Fixes: a7df4870d79b ("net_sched: fix tcm_parent in tc filter dump") Signed-off-by: Vlad Buslov <vladbu(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- .../selftests/tc-testing/tc-tests/filters/tests.json | 6 +++--- tools/testing/selftests/tc-testing/tdc_batch.py | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/testing/selftests/tc-testing/tc-tests/filters/tests.json b/tools/testing/selftests/tc-testing/tc-tests/filters/tests.json index 8877f7b2b809..12aa4bc1f6a0 100644 --- a/tools/testing/selftests/tc-testing/tc-tests/filters/tests.json +++ b/tools/testing/selftests/tc-testing/tc-tests/filters/tests.json @@ -32,7 +32,7 @@ "setup": [ "$TC qdisc add dev $DEV2 ingress" ], - "cmdUnderTest": "$TC filter add dev $DEV2 protocol ip pref 1 parent ffff: handle 0xffffffff flower action ok", + "cmdUnderTest": "$TC filter add dev $DEV2 protocol ip pref 1 ingress handle 0xffffffff flower action ok", "expExitCode": "0", "verifyCmd": "$TC filter show dev $DEV2 ingress", "matchPattern": "filter protocol ip pref 1 flower.*handle 0xffffffff", @@ -77,9 +77,9 @@ }, "setup": [ "$TC qdisc add dev $DEV2 ingress", - "$TC filter add dev $DEV2 protocol ip prio 1 parent ffff: flower dst_mac e4:11:22:11:4a:51 src_mac e4:11:22:11:4a:50 ip_proto tcp src_ip 1.1.1.1 dst_ip 2.2.2.2 action drop" + "$TC filter add dev $DEV2 protocol ip prio 1 ingress flower dst_mac e4:11:22:11:4a:51 src_mac e4:11:22:11:4a:50 ip_proto tcp src_ip 1.1.1.1 dst_ip 2.2.2.2 action drop" ], - "cmdUnderTest": "$TC filter add dev $DEV2 protocol ip prio 1 parent ffff: flower dst_mac e4:11:22:11:4a:51 src_mac e4:11:22:11:4a:50 ip_proto tcp src_ip 1.1.1.1 dst_ip 2.2.2.2 action drop", + "cmdUnderTest": "$TC filter add dev $DEV2 protocol ip prio 1 ingress flower dst_mac e4:11:22:11:4a:51 src_mac e4:11:22:11:4a:50 ip_proto tcp src_ip 1.1.1.1 dst_ip 2.2.2.2 action drop", "expExitCode": "2", "verifyCmd": "$TC -s filter show dev $DEV2 ingress", "matchPattern": "filter protocol ip pref 1 flower chain 0 handle", diff --git a/tools/testing/selftests/tc-testing/tdc_batch.py b/tools/testing/selftests/tc-testing/tdc_batch.py index 6a2bd2cf528e..995f66ce43eb 100755 --- a/tools/testing/selftests/tc-testing/tdc_batch.py +++ b/tools/testing/selftests/tc-testing/tdc_batch.py @@ -72,21 +72,21 @@ mac_prefix = args.mac_prefix def format_add_filter(device, prio, handle, skip, src_mac, dst_mac, share_action): - return ("filter add dev {} {} protocol ip parent ffff: handle {} " + return ("filter add dev {} {} protocol ip ingress handle {} " " flower {} src_mac {} dst_mac {} action drop {}".format( device, prio, handle, skip, src_mac, dst_mac, share_action)) def format_rep_filter(device, prio, handle, skip, src_mac, dst_mac, share_action): - return ("filter replace dev {} {} protocol ip parent ffff: handle {} " + return ("filter replace dev {} {} protocol ip ingress handle {} " " flower {} src_mac {} dst_mac {} action drop {}".format( device, prio, handle, skip, src_mac, dst_mac, share_action)) def format_del_filter(device, prio, handle, skip, src_mac, dst_mac, share_action): - return ("filter del dev {} {} protocol ip parent ffff: handle {} " + return ("filter del dev {} {} protocol ip ingress handle {} " "flower".format(device, prio, handle)) -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.7 197/274] selftests/bpf: Install generated test progs

by Sasha Levin

From: Yauheni Kaliuta <yauheni.kaliuta(a)redhat.com> [ Upstream commit 309b81f0fdc4209d998bc63f0da52c2e96340d4e ] Before commit 74b5a5968fe8 ("selftests/bpf: Replace test_progs and test_maps w/ general rule") selftests/bpf used generic install target from selftests/lib.mk to install generated bpf test progs by mentioning them in TEST_GEN_FILES variable. Take that functionality back. Fixes: 74b5a5968fe8 ("selftests/bpf: Replace test_progs and test_maps w/ general rule") Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta(a)redhat.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Andrii Nakryiko <andriin(a)fb.com> Link: https://lore.kernel.org/bpf/20200513021722.7787-1-yauheni.kaliuta@redhat.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile index 01c95f8278c7..af139d0e2e0c 100644 --- a/tools/testing/selftests/bpf/Makefile +++ b/tools/testing/selftests/bpf/Makefile @@ -264,6 +264,7 @@ TRUNNER_BPF_OBJS := $$(patsubst %.c,$$(TRUNNER_OUTPUT)/%.o, $$(TRUNNER_BPF_SRCS) TRUNNER_BPF_SKELS := $$(patsubst %.c,$$(TRUNNER_OUTPUT)/%.skel.h, \ $$(filter-out $(SKEL_BLACKLIST), \ $$(TRUNNER_BPF_SRCS))) +TEST_GEN_FILES += $$(TRUNNER_BPF_OBJS) # Evaluate rules now with extra TRUNNER_XXX variables above already defined $$(eval $$(call DEFINE_TEST_RUNNER_RULES,$1,$2)) -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.6 131/606] KVM: selftests: Fix build for evmcs.h

by Sasha Levin

From: Peter Xu <peterx(a)redhat.com> [ Upstream commit 8ffdaf9155ebe517cdec5edbcca19ba6e7ee9c3c ] I got this error when building kvm selftests: /usr/bin/ld: /home/xz/git/linux/tools/testing/selftests/kvm/libkvm.a(vmx.o):/home/xz/git/linux/tools/testing/selftests/kvm/include/evmcs.h:222: multiple definition of `current_evmcs'; /tmp/cco1G48P.o:/home/xz/git/linux/tools/testing/selftests/kvm/include/evmcs.h:222: first defined here /usr/bin/ld: /home/xz/git/linux/tools/testing/selftests/kvm/libkvm.a(vmx.o):/home/xz/git/linux/tools/testing/selftests/kvm/include/evmcs.h:223: multiple definition of `current_vp_assist'; /tmp/cco1G48P.o:/home/xz/git/linux/tools/testing/selftests/kvm/include/evmcs.h:223: first defined here I think it's because evmcs.h is included both in a test file and a lib file so the structs have multiple declarations when linking. After all it's not a good habit to declare structs in the header files. Cc: Vitaly Kuznetsov <vkuznets(a)redhat.com> Signed-off-by: Peter Xu <peterx(a)redhat.com> Message-Id: <20200504220607.99627-1-peterx(a)redhat.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/kvm/include/evmcs.h | 4 ++-- tools/testing/selftests/kvm/lib/x86_64/vmx.c | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/kvm/include/evmcs.h b/tools/testing/selftests/kvm/include/evmcs.h index 4912d23844bc..e31ac9c5ead0 100644 --- a/tools/testing/selftests/kvm/include/evmcs.h +++ b/tools/testing/selftests/kvm/include/evmcs.h @@ -217,8 +217,8 @@ struct hv_enlightened_vmcs { #define HV_X64_MSR_VP_ASSIST_PAGE_ADDRESS_MASK \ (~((1ull << HV_X64_MSR_VP_ASSIST_PAGE_ADDRESS_SHIFT) - 1)) -struct hv_enlightened_vmcs *current_evmcs; -struct hv_vp_assist_page *current_vp_assist; +extern struct hv_enlightened_vmcs *current_evmcs; +extern struct hv_vp_assist_page *current_vp_assist; int vcpu_enable_evmcs(struct kvm_vm *vm, int vcpu_id); diff --git a/tools/testing/selftests/kvm/lib/x86_64/vmx.c b/tools/testing/selftests/kvm/lib/x86_64/vmx.c index 7aaa99ca4dbc..ce528f3cf093 100644 --- a/tools/testing/selftests/kvm/lib/x86_64/vmx.c +++ b/tools/testing/selftests/kvm/lib/x86_64/vmx.c @@ -17,6 +17,9 @@ bool enable_evmcs; +struct hv_enlightened_vmcs *current_evmcs; +struct hv_vp_assist_page *current_vp_assist; + struct eptPageTableEntry { uint64_t readable:1; uint64_t writable:1; -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.6 119/606] selftests: fix kvm relocatable native/cross builds and installs

by Sasha Levin

From: Shuah Khan <skhan(a)linuxfoundation.org> [ Upstream commit 66d69e081b526b6a6031f0d3ca8ddff71e5707a5 ] kvm test Makefile doesn't fully support cross-builds and installs. UNAME_M = $(shell uname -m) variable is used to define the target programs and libraries to be built from arch specific sources in sub-directories. For cross-builds to work, UNAME_M has to map to ARCH and arch specific directories and targets in this Makefile. UNAME_M variable to used to run the compiles pointing to the right arch directories and build the right targets for these supported architectures. TEST_GEN_PROGS and LIBKVM are set using UNAME_M variable. LINUX_TOOL_ARCH_INCLUDE is set using ARCH variable. x86_64 targets are named to include x86_64 as a suffix and directories for includes are in x86_64 sub-directory. s390x and aarch64 follow the same convention. "uname -m" doesn't result in the correct mapping for s390x and aarch64. Fix it to set UNAME_M correctly for s390x and aarch64 cross-builds. In addition, Makefile doesn't create arch sub-directories in the case of relocatable builds and test programs under s390x and x86_64 directories fail to build. This is a problem for native and cross-builds. Fix it to create all necessary directories keying off of TEST_GEN_PROGS. The following use-cases work with this change: Native x86_64: make O=/tmp/kselftest -C tools/testing/selftests TARGETS=kvm install \ INSTALL_PATH=$HOME/x86_64 arm64 cross-build: make O=$HOME/arm64_build/ ARCH=arm64 HOSTCC=gcc \ CROSS_COMPILE=aarch64-linux-gnu- defconfig make O=$HOME/arm64_build/ ARCH=arm64 HOSTCC=gcc \ CROSS_COMPILE=aarch64-linux-gnu- all make kselftest-install TARGETS=kvm O=$HOME/arm64_build ARCH=arm64 \ HOSTCC=gcc CROSS_COMPILE=aarch64-linux-gnu- s390x cross-build: make O=$HOME/s390x_build/ ARCH=s390 HOSTCC=gcc \ CROSS_COMPILE=s390x-linux-gnu- defconfig make O=$HOME/s390x_build/ ARCH=s390 HOSTCC=gcc \ CROSS_COMPILE=s390x-linux-gnu- all make kselftest-install TARGETS=kvm O=$HOME/s390x_build/ ARCH=s390 \ HOSTCC=gcc CROSS_COMPILE=s390x-linux-gnu- all No regressions in the following use-cases: make -C tools/testing/selftests TARGETS=kvm make kselftest-all TARGETS=kvm Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/kvm/Makefile | 29 +++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/Makefile b/tools/testing/selftests/kvm/Makefile index d91c53b726e6..75dec268787f 100644 --- a/tools/testing/selftests/kvm/Makefile +++ b/tools/testing/selftests/kvm/Makefile @@ -5,8 +5,34 @@ all: top_srcdir = ../../../.. KSFT_KHDR_INSTALL := 1 + +# For cross-builds to work, UNAME_M has to map to ARCH and arch specific +# directories and targets in this Makefile. "uname -m" doesn't map to +# arch specific sub-directory names. +# +# UNAME_M variable to used to run the compiles pointing to the right arch +# directories and build the right targets for these supported architectures. +# +# TEST_GEN_PROGS and LIBKVM are set using UNAME_M variable. +# LINUX_TOOL_ARCH_INCLUDE is set using ARCH variable. +# +# x86_64 targets are named to include x86_64 as a suffix and directories +# for includes are in x86_64 sub-directory. s390x and aarch64 follow the +# same convention. "uname -m" doesn't result in the correct mapping for +# s390x and aarch64. +# +# No change necessary for x86_64 UNAME_M := $(shell uname -m) +# Set UNAME_M for arm64 compile/install to work +ifeq ($(ARCH),arm64) + UNAME_M := aarch64 +endif +# Set UNAME_M s390x compile/install to work +ifeq ($(ARCH),s390) + UNAME_M := s390x +endif + LIBKVM = lib/assert.c lib/elf.c lib/io.c lib/kvm_util.c lib/sparsebit.c LIBKVM_x86_64 = lib/x86_64/processor.c lib/x86_64/vmx.c lib/x86_64/svm.c lib/x86_64/ucall.c LIBKVM_aarch64 = lib/aarch64/processor.c lib/aarch64/ucall.c @@ -47,7 +73,7 @@ LIBKVM += $(LIBKVM_$(UNAME_M)) INSTALL_HDR_PATH = $(top_srcdir)/usr LINUX_HDR_PATH = $(INSTALL_HDR_PATH)/include/ LINUX_TOOL_INCLUDE = $(top_srcdir)/tools/include -LINUX_TOOL_ARCH_INCLUDE = $(top_srcdir)/tools/arch/x86/include +LINUX_TOOL_ARCH_INCLUDE = $(top_srcdir)/tools/arch/$(ARCH)/include CFLAGS += -Wall -Wstrict-prototypes -Wuninitialized -O2 -g -std=gnu99 \ -fno-stack-protector -fno-PIE -I$(LINUX_TOOL_INCLUDE) \ -I$(LINUX_TOOL_ARCH_INCLUDE) -I$(LINUX_HDR_PATH) -Iinclude \ @@ -78,6 +104,7 @@ $(LIBKVM_OBJ): $(OUTPUT)/%.o: %.c $(OUTPUT)/libkvm.a: $(LIBKVM_OBJ) $(AR) crs $@ $^ +x := $(shell mkdir -p $(sort $(dir $(TEST_GEN_PROGS)))) all: $(STATIC_LIBS) $(TEST_GEN_PROGS): $(STATIC_LIBS) -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.6 118/606] ftrace/selftest: make unresolved cases cause failure if --fail-unresolved set

by Sasha Levin

From: Alan Maguire <alan.maguire(a)oracle.com> [ Upstream commit b730d668138cb3dd9ce78f8003986d1adae5523a ] Currently, ftracetest will return 1 (failure) if any unresolved cases are encountered. The unresolved status results from modules and programs not being available, and as such does not indicate any issues with ftrace itself. As such, change the behaviour of ftracetest in line with unsupported cases; if unsupported cases happen, ftracetest still returns 0 unless --fail-unsupported. Here --fail-unresolved is added and the default is to return 0 if unresolved results occur. Signed-off-by: Alan Maguire <alan.maguire(a)oracle.com> Acked-by: Masami Hiramatsu <mhiramat(a)kernel.org> Acked-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/ftrace/ftracetest | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/ftrace/ftracetest b/tools/testing/selftests/ftrace/ftracetest index 144308a757b7..19e9236dec5e 100755 --- a/tools/testing/selftests/ftrace/ftracetest +++ b/tools/testing/selftests/ftrace/ftracetest @@ -17,6 +17,7 @@ echo " -v|--verbose Increase verbosity of test messages" echo " -vv Alias of -v -v (Show all results in stdout)" echo " -vvv Alias of -v -v -v (Show all commands immediately)" echo " --fail-unsupported Treat UNSUPPORTED as a failure" +echo " --fail-unresolved Treat UNRESOLVED as a failure" echo " -d|--debug Debug mode (trace all shell commands)" echo " -l|--logdir <dir> Save logs on the <dir>" echo " If <dir> is -, all logs output in console only" @@ -112,6 +113,10 @@ parse_opts() { # opts UNSUPPORTED_RESULT=1 shift 1 ;; + --fail-unresolved) + UNRESOLVED_RESULT=1 + shift 1 + ;; --logdir|-l) LOG_DIR=$2 shift 2 @@ -176,6 +181,7 @@ KEEP_LOG=0 DEBUG=0 VERBOSE=0 UNSUPPORTED_RESULT=0 +UNRESOLVED_RESULT=0 STOP_FAILURE=0 # Parse command-line options parse_opts $* @@ -280,7 +286,7 @@ eval_result() { # sigval $UNRESOLVED) prlog " [${color_blue}UNRESOLVED${color_reset}]" UNRESOLVED_CASES="$UNRESOLVED_CASES $CASENO" - return 1 # this is a kind of bug.. something happened. + return $UNRESOLVED_RESULT # depends on use case ;; $UNTESTED) prlog " [${color_blue}UNTESTED${color_reset}]" -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.7 135/274] selftests/bpf: Add runqslower binary to .gitignore

by Sasha Levin

From: Andrii Nakryiko <andriin(a)fb.com> [ Upstream commit e4e8f4d047fdcf7ac7d944e266e85d8041f16cd6 ] With recent changes, runqslower is being copied into selftests/bpf root directory. So add it into .gitignore. Fixes: b26d1e2b6028 ("selftests/bpf: Copy runqslower to OUTPUT directory") Signed-off-by: Andrii Nakryiko <andriin(a)fb.com> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Cc: Veronika Kabatova <vkabatov(a)redhat.com> Link: https://lore.kernel.org/bpf/20200429012111.277390-12-andriin@fb.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/.gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/.gitignore b/tools/testing/selftests/bpf/.gitignore index c30079c86998..35a577ca0226 100644 --- a/tools/testing/selftests/bpf/.gitignore +++ b/tools/testing/selftests/bpf/.gitignore @@ -39,4 +39,4 @@ test_cpp /no_alu32 /bpf_gcc /tools - +/runqslower -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.7 134/274] selftests/bpf: Fix bpf_link leak in ns_current_pid_tgid selftest

by Sasha Levin

From: Andrii Nakryiko <andriin(a)fb.com> [ Upstream commit 8d30e80a049ad699264e4a12911e349f93c7279a ] If condition is inverted, but it's also just not necessary. Fixes: 1c1052e0140a ("tools/testing/selftests/bpf: Add self-tests for new helper bpf_get_ns_current_pid_tgid.") Signed-off-by: Andrii Nakryiko <andriin(a)fb.com> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Cc: Carlos Neira <cneirabustos(a)gmail.com> Link: https://lore.kernel.org/bpf/20200429012111.277390-11-andriin@fb.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c index 542240e16564..e74dc501b27f 100644 --- a/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c +++ b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c @@ -80,9 +80,6 @@ void test_ns_current_pid_tgid(void) "User pid/tgid %llu BPF pid/tgid %llu\n", id, bss.pid_tgid)) goto cleanup; cleanup: - if (!link) { - bpf_link__destroy(link); - link = NULL; - } + bpf_link__destroy(link); bpf_object__close(obj); } -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.7 132/274] selftests/bpf: Fix invalid memory reads in core_relo selftest

by Sasha Levin

From: Andrii Nakryiko <andriin(a)fb.com> [ Upstream commit 13c908495e5d51718a6da84ae925fa2aac056380 ] Another one found by AddressSanitizer. input_len is bigger than actually initialized data size. Fixes: c7566a69695c ("selftests/bpf: Add field existence CO-RE relocs tests") Signed-off-by: Andrii Nakryiko <andriin(a)fb.com> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Link: https://lore.kernel.org/bpf/20200429012111.277390-8-andriin@fb.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/prog_tests/core_reloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/prog_tests/core_reloc.c b/tools/testing/selftests/bpf/prog_tests/core_reloc.c index 31e177adbdf1..084ed26a7d78 100644 --- a/tools/testing/selftests/bpf/prog_tests/core_reloc.c +++ b/tools/testing/selftests/bpf/prog_tests/core_reloc.c @@ -392,7 +392,7 @@ static struct core_reloc_test_case test_cases[] = { .input = STRUCT_TO_CHAR_PTR(core_reloc_existence___minimal) { .a = 42, }, - .input_len = sizeof(struct core_reloc_existence), + .input_len = sizeof(struct core_reloc_existence___minimal), .output = STRUCT_TO_CHAR_PTR(core_reloc_existence_output) { .a_exists = 1, .b_exists = 0, -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.7 131/274] selftests/bpf: Fix memory leak in extract_build_id()

by Sasha Levin

From: Andrii Nakryiko <andriin(a)fb.com> [ Upstream commit 9f56bb531a809ecaa7f0ddca61d2cf3adc1cb81a ] getline() allocates string, which has to be freed. Fixes: 81f77fd0deeb ("bpf: add selftest for stackmap with BPF_F_STACK_BUILD_ID") Signed-off-by: Andrii Nakryiko <andriin(a)fb.com> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Cc: Song Liu <songliubraving(a)fb.com> Link: https://lore.kernel.org/bpf/20200429012111.277390-7-andriin@fb.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/test_progs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/bpf/test_progs.c b/tools/testing/selftests/bpf/test_progs.c index 86d0020c9eec..93970ec1c9e9 100644 --- a/tools/testing/selftests/bpf/test_progs.c +++ b/tools/testing/selftests/bpf/test_progs.c @@ -351,6 +351,7 @@ int extract_build_id(char *build_id, size_t size) len = size; memcpy(build_id, line, len); build_id[len] = '\0'; + free(line); return 0; err: fclose(fp); -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.7 130/274] selftests/bpf: Fix memory leak in test selector

by Sasha Levin

From: Andrii Nakryiko <andriin(a)fb.com> [ Upstream commit f25d5416d64c796aa639136eb0b076c8bd579b54 ] Free test selector substrings, which were strdup()'ed. Fixes: b65053cd94f4 ("selftests/bpf: Add whitelist/blacklist of test names to test_progs") Signed-off-by: Andrii Nakryiko <andriin(a)fb.com> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Link: https://lore.kernel.org/bpf/20200429012111.277390-6-andriin@fb.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/test_progs.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/bpf/test_progs.c b/tools/testing/selftests/bpf/test_progs.c index b521e0a512b6..86d0020c9eec 100644 --- a/tools/testing/selftests/bpf/test_progs.c +++ b/tools/testing/selftests/bpf/test_progs.c @@ -420,6 +420,18 @@ static int libbpf_print_fn(enum libbpf_print_level level, return 0; } +static void free_str_set(const struct str_set *set) +{ + int i; + + if (!set) + return; + + for (i = 0; i < set->cnt; i++) + free((void *)set->strs[i]); + free(set->strs); +} + static int parse_str_list(const char *s, struct str_set *set) { char *input, *state = NULL, *next, **tmp, **strs = NULL; @@ -756,11 +768,11 @@ int main(int argc, char **argv) fprintf(stdout, "Summary: %d/%d PASSED, %d SKIPPED, %d FAILED\n", env.succ_cnt, env.sub_succ_cnt, env.skip_cnt, env.fail_cnt); - free(env.test_selector.blacklist.strs); - free(env.test_selector.whitelist.strs); + free_str_set(&env.test_selector.blacklist); + free_str_set(&env.test_selector.whitelist); free(env.test_selector.num_set); - free(env.subtest_selector.blacklist.strs); - free(env.subtest_selector.whitelist.strs); + free_str_set(&env.subtest_selector.blacklist); + free_str_set(&env.subtest_selector.whitelist); free(env.subtest_selector.num_set); return env.fail_cnt ? EXIT_FAILURE : EXIT_SUCCESS; -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.7 129/274] selftests/bpf: Ensure test flavors use correct skeletons

by Sasha Levin

From: Andrii Nakryiko <andriin(a)fb.com> [ Upstream commit 76148faa161e7cfb2d7719f35b37d7db4f3f8596 ] Ensure that test runner flavors include their own skeletons from <flavor>/ directory. Previously, skeletons generated for no-flavor test_progs were used. Apart from fixing correctness, this also makes it possible to compile only flavors individually: $ make clean && make test_progs-no_alu32 ... now succeeds ... Fixes: 74b5a5968fe8 ("selftests/bpf: Replace test_progs and test_maps w/ general rule") Signed-off-by: Andrii Nakryiko <andriin(a)fb.com> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Link: https://lore.kernel.org/bpf/20200429012111.277390-2-andriin@fb.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile index 4e654d41c7af..01c95f8278c7 100644 --- a/tools/testing/selftests/bpf/Makefile +++ b/tools/testing/selftests/bpf/Makefile @@ -324,7 +324,7 @@ $(TRUNNER_TEST_OBJS): $(TRUNNER_OUTPUT)/%.test.o: \ $(TRUNNER_BPF_SKELS) \ $$(BPFOBJ) | $(TRUNNER_OUTPUT) $$(call msg,TEST-OBJ,$(TRUNNER_BINARY),$$@) - cd $$(@D) && $$(CC) $$(CFLAGS) -c $(CURDIR)/$$< $$(LDLIBS) -o $$(@F) + cd $$(@D) && $$(CC) -I. $$(CFLAGS) -c $(CURDIR)/$$< $$(LDLIBS) -o $$(@F) $(TRUNNER_EXTRA_OBJS): $(TRUNNER_OUTPUT)/%.o: \ %.c \ -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.6 076/606] selftests/bpf: Enforce returning 0 for fentry/fexit programs

by Sasha Levin

From: Yonghong Song <yhs(a)fb.com> commit 6d74f64b922b8394dccc52576659cb0dc0a1da7b upstream. There are a few fentry/fexit programs returning non-0. The tests with these programs will break with the previous patch which enfoced return-0 rules. Fix them properly. Fixes: ac065870d928 ("selftests/bpf: Add BPF_PROG, BPF_KPROBE, and BPF_KRETPROBE macros") Signed-off-by: Yonghong Song <yhs(a)fb.com> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Acked-by: Andrii Nakryiko <andriin(a)fb.com> Link: https://lore.kernel.org/bpf/20200514053207.1298479-1-yhs@fb.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- tools/testing/selftests/bpf/progs/test_overhead.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/test_overhead.c b/tools/testing/selftests/bpf/progs/test_overhead.c index bfe9fbcb9684..e15c7589695e 100644 --- a/tools/testing/selftests/bpf/progs/test_overhead.c +++ b/tools/testing/selftests/bpf/progs/test_overhead.c @@ -33,13 +33,13 @@ int prog3(struct bpf_raw_tracepoint_args *ctx) SEC("fentry/__set_task_comm") int BPF_PROG(prog4, struct task_struct *tsk, const char *buf, bool exec) { - return !tsk; + return 0; } SEC("fexit/__set_task_comm") int BPF_PROG(prog5, struct task_struct *tsk, const char *buf, bool exec) { - return !tsk; + return 0; } char _license[] SEC("license") = "GPL"; -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.6 006/606] bpf: Fix bug in mmap() implementation for BPF array map

by Sasha Levin

[ Upstream commit 333291ce5055f2039afc907badaf5b66bc1adfdc ] mmap() subsystem allows user-space application to memory-map region with initial page offset. This wasn't taken into account in initial implementation of BPF array memory-mapping. This would result in wrong pages, not taking into account requested page shift, being memory-mmaped into user-space. This patch fixes this gap and adds a test for such scenario. Fixes: fc9702273e2e ("bpf: Add mmap() support for BPF_MAP_TYPE_ARRAY") Signed-off-by: Andrii Nakryiko <andriin(a)fb.com> Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Acked-by: Yonghong Song <yhs(a)fb.com> Link: https://lore.kernel.org/bpf/20200512235925.3817805-1-andriin@fb.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/bpf/arraymap.c | 7 ++++++- tools/testing/selftests/bpf/prog_tests/mmap.c | 9 +++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c index 95d77770353c..1d6120fd5ba6 100644 --- a/kernel/bpf/arraymap.c +++ b/kernel/bpf/arraymap.c @@ -486,7 +486,12 @@ static int array_map_mmap(struct bpf_map *map, struct vm_area_struct *vma) if (!(map->map_flags & BPF_F_MMAPABLE)) return -EINVAL; - return remap_vmalloc_range(vma, array_map_vmalloc_addr(array), pgoff); + if (vma->vm_pgoff * PAGE_SIZE + (vma->vm_end - vma->vm_start) > + PAGE_ALIGN((u64)array->map.max_entries * array->elem_size)) + return -EINVAL; + + return remap_vmalloc_range(vma, array_map_vmalloc_addr(array), + vma->vm_pgoff + pgoff); } const struct bpf_map_ops array_map_ops = { diff --git a/tools/testing/selftests/bpf/prog_tests/mmap.c b/tools/testing/selftests/bpf/prog_tests/mmap.c index 16a814eb4d64..b0e789678aa4 100644 --- a/tools/testing/selftests/bpf/prog_tests/mmap.c +++ b/tools/testing/selftests/bpf/prog_tests/mmap.c @@ -197,6 +197,15 @@ void test_mmap(void) CHECK_FAIL(map_data->val[far] != 3 * 321); munmap(tmp2, 4 * page_size); + + /* map all 4 pages, but with pg_off=1 page, should fail */ + tmp1 = mmap(NULL, 4 * page_size, PROT_READ, MAP_SHARED | MAP_FIXED, + data_map_fd, page_size /* initial page shift */); + if (CHECK(tmp1 != MAP_FAILED, "adv_mmap7", "unexpected success")) { + munmap(tmp1, 4 * page_size); + goto cleanup; + } + cleanup: if (bss_mmaped) CHECK_FAIL(munmap(bss_mmaped, bss_sz)); -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH AUTOSEL 5.7 023/274] selftests/bpf: Copy runqslower to OUTPUT directory

by Sasha Levin

From: Veronika Kabatova <vkabatov(a)redhat.com> [ Upstream commit b26d1e2b60284dc9f66ffad9ccd5c5da1100bb4b ] $(OUTPUT)/runqslower makefile target doesn't actually create runqslower binary in the $(OUTPUT) directory. As lib.mk expects all TEST_GEN_PROGS_EXTENDED (which runqslower is a part of) to be present in the OUTPUT directory, this results in an error when running e.g. `make install`: rsync: link_stat "tools/testing/selftests/bpf/runqslower" failed: No such file or directory (2) Copy the binary into the OUTPUT directory after building it to fix the error. Fixes: 3a0d3092a4ed ("selftests/bpf: Build runqslower from selftests") Signed-off-by: Veronika Kabatova <vkabatov(a)redhat.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Andrii Nakryiko <andriin(a)fb.com> Link: https://lore.kernel.org/bpf/20200428173742.2988395-1-vkabatov@redhat.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile index 7729892e0b04..4e654d41c7af 100644 --- a/tools/testing/selftests/bpf/Makefile +++ b/tools/testing/selftests/bpf/Makefile @@ -141,7 +141,8 @@ VMLINUX_BTF := $(abspath $(firstword $(wildcard $(VMLINUX_BTF_PATHS)))) $(OUTPUT)/runqslower: $(BPFOBJ) $(Q)$(MAKE) $(submake_extras) -C $(TOOLSDIR)/bpf/runqslower \ OUTPUT=$(SCRATCH_DIR)/ VMLINUX_BTF=$(VMLINUX_BTF) \ - BPFOBJ=$(BPFOBJ) BPF_INCLUDE=$(INCLUDE_DIR) + BPFOBJ=$(BPFOBJ) BPF_INCLUDE=$(INCLUDE_DIR) && \ + cp $(SCRATCH_DIR)/runqslower $@ $(TEST_GEN_PROGS) $(TEST_GEN_PROGS_EXTENDED): $(OUTPUT)/test_stub.o $(BPFOBJ) -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH v2 0/4] selftests/livepatch: rework of test-klp-{callbacks, shadow_vars}

by Yannick Cote

v2: - drop completion variables and flush workqueue [pmladek] - comment typo/pr_info cleanup [kbabulal/mbenes] - cleanup goto ret assignations [pmladek] - allocate pndup[]'s, leave some svar allocations to shadow_get_or_alloc() [pmladek] - change allocation order for cleaner test dmesg output [pmladek] The test-klp-callbacks change implements a synchronization replacement of initial code which relied on solely on sleep delays. Remove the sleeps and pass a block_transition flag from test script to module. Use flush_workqueue() to serialize module output for test result consideration. The test-klp-shadow-vars changes first refactors the code to be more of a readable example as well as continuing to verify the component code. The patch is broken in two to display the renaming and restructuring in part 1 and the addition and change of logic in part 2. The last change frees memory before bailing in case of errors. Patchset to be merged via the livepatching tree is against: livepatching/for-next Joe Lawrence (1): selftests/livepatch: simplify test-klp-callbacks busy target tests Yannick Cote (3): selftests/livepatch: rework test-klp-shadow-vars selftests/livepatch: more verification in test-klp-shadow-vars selftests/livepatch: fix mem leaks in test-klp-shadow-vars lib/livepatch/test_klp_callbacks_busy.c | 37 ++- lib/livepatch/test_klp_shadow_vars.c | 240 ++++++++++-------- .../selftests/livepatch/test-callbacks.sh | 29 +-- .../selftests/livepatch/test-shadow-vars.sh | 81 +++--- 4 files changed, 225 insertions(+), 162 deletions(-) -- 2.25.4

5 years, 5 months

3
8
0 0

[PATCH v6 0/8] firmware: add partial read support in request_firmware_into_buf

by Scott Branden

This patch series adds partial read support in request_firmware_into_buf. In order to accept the enhanced API it has been requested that kernel selftests and upstreamed driver utilize the API enhancement and so are included in this patch series. Also in this patch series is the addition of a new Broadcom VK driver utilizing the new request_firmware_into_buf enhanced API. Further comment followed to add IMA support of the partial reads originating from request_firmware_into_buf calls. Changes from v5: - add IMA FIRMWARE_PARTIAL_READ support - change kernel pread flags to enum - removed legacy support from driver - driver fixes Changes from v4: - handle reset issues if card crashes - allow driver to have min required msix - add card utilization information Changes from v3: - fix sparse warnings - fix printf format specifiers for size_t - fix 32-bit cross-compiling reports 32-bit shifts - use readl/writel,_relaxed to access pci ioremap memory, removed memory barriers and volatile keyword with such change - driver optimizations for interrupt/poll functionalities Changes from v2: - remove unnecessary code and mutex locks in lib/test_firmware.c - remove VK_IOCTL_ACCESS_BAR support from driver and use pci sysfs instead - remove bitfields - remove Kconfig default m - adjust formatting and some naming based on feedback - fix error handling conditions - use appropriate return codes - use memcpy_toio instead of direct access to PCIE bar Scott Branden (8): fs: introduce kernel_pread_file* support firmware: add offset to request_firmware_into_buf test_firmware: add partial read support for request_firmware_into_buf firmware: test partial file reads of request_firmware_into_buf bcm-vk: add bcm_vk UAPI misc: bcm-vk: add Broadcom VK driver MAINTAINERS: bcm-vk: add maintainer for Broadcom VK Driver ima: add FIRMWARE_PARTIAL_READ support MAINTAINERS | 7 + drivers/base/firmware_loader/firmware.h | 5 + drivers/base/firmware_loader/main.c | 59 +- drivers/misc/Kconfig | 1 + drivers/misc/Makefile | 1 + drivers/misc/bcm-vk/Kconfig | 29 + drivers/misc/bcm-vk/Makefile | 11 + drivers/misc/bcm-vk/bcm_vk.h | 408 +++++ drivers/misc/bcm-vk/bcm_vk_dev.c | 1312 +++++++++++++++ drivers/misc/bcm-vk/bcm_vk_msg.c | 1438 +++++++++++++++++ drivers/misc/bcm-vk/bcm_vk_msg.h | 201 +++ drivers/misc/bcm-vk/bcm_vk_sg.c | 271 ++++ drivers/misc/bcm-vk/bcm_vk_sg.h | 60 + drivers/misc/bcm-vk/bcm_vk_tty.c | 352 ++++ drivers/soc/qcom/mdt_loader.c | 7 +- fs/exec.c | 101 +- include/linux/firmware.h | 8 +- include/linux/fs.h | 30 + include/uapi/linux/misc/bcm_vk.h | 99 ++ lib/test_firmware.c | 144 +- security/integrity/ima/ima_main.c | 24 +- .../selftests/firmware/fw_filesystem.sh | 80 + 22 files changed, 4595 insertions(+), 53 deletions(-) create mode 100644 drivers/misc/bcm-vk/Kconfig create mode 100644 drivers/misc/bcm-vk/Makefile create mode 100644 drivers/misc/bcm-vk/bcm_vk.h create mode 100644 drivers/misc/bcm-vk/bcm_vk_dev.c create mode 100644 drivers/misc/bcm-vk/bcm_vk_msg.c create mode 100644 drivers/misc/bcm-vk/bcm_vk_msg.h create mode 100644 drivers/misc/bcm-vk/bcm_vk_sg.c create mode 100644 drivers/misc/bcm-vk/bcm_vk_sg.h create mode 100644 drivers/misc/bcm-vk/bcm_vk_tty.c create mode 100644 include/uapi/linux/misc/bcm_vk.h -- 2.17.1

5 years, 5 months

3
12
0 0

[PATCH] KVM: selftests: delete some dead code

by Dan Carpenter

The "uffd_delay" variable is unsigned so it's always going to be >= 0. Fixes: 0119cb365c93 ("KVM: selftests: Add configurable demand paging delay") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> --- tools/testing/selftests/kvm/demand_paging_test.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/tools/testing/selftests/kvm/demand_paging_test.c b/tools/testing/selftests/kvm/demand_paging_test.c index 360cd3ea4cd67..4eb79621434e6 100644 --- a/tools/testing/selftests/kvm/demand_paging_test.c +++ b/tools/testing/selftests/kvm/demand_paging_test.c @@ -615,8 +615,6 @@ int main(int argc, char *argv[]) break; case 'd': uffd_delay = strtoul(optarg, NULL, 0); - TEST_ASSERT(uffd_delay >= 0, - "A negative UFFD delay is not supported."); break; case 'b': vcpu_memory_bytes = parse_size(optarg); -- 2.26.2

5 years, 5 months

4
5
0 0

[PATCH] khugepaged: selftests: fix timeout condition in wait_for_scan()

by Dan Carpenter

The loop exits with "timeout" set to -1 and not to 0 so the test needs to be fixed. Fixes: e7b592f6caca ("khugepaged: add self test") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> --- tools/testing/selftests/vm/khugepaged.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/vm/khugepaged.c b/tools/testing/selftests/vm/khugepaged.c index 51b89cedd09d1..8b75821302a79 100644 --- a/tools/testing/selftests/vm/khugepaged.c +++ b/tools/testing/selftests/vm/khugepaged.c @@ -502,7 +502,7 @@ static bool wait_for_scan(const char *msg, char *p) madvise(p, hpage_pmd_size, MADV_NOHUGEPAGE); - return !timeout; + return timeout == -1; } static void alloc_at_fault(void) -- 2.26.2

5 years, 5 months

2
1
0 0

[PATCH v2] selftests/ftrace: Use printf instead of echo in kprobe syntax error tests

by Seth Forshee

Test cases which use echo to write strings containing backslashes fail with some shells, as echo's treatment of backslashes in strings varies between shell implementations. Use printf instead, as it should behave consistently across different shells. This requires adjustments to the strings to escape \ and % characters. ftrace_errlog_check() must also re-escape these characters after processing them to remove ^ characters. Signed-off-by: Seth Forshee <seth.forshee(a)canonical.com> --- Changes in v2: - Escape backslashes for a couple of additional tests .../testing/selftests/ftrace/test.d/functions | 6 +++--- .../test.d/kprobe/kprobe_syntax_errors.tc | 20 +++++++++---------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/tools/testing/selftests/ftrace/test.d/functions b/tools/testing/selftests/ftrace/test.d/functions index 5d4550591ff9..b38c6eb029e8 100644 --- a/tools/testing/selftests/ftrace/test.d/functions +++ b/tools/testing/selftests/ftrace/test.d/functions @@ -114,11 +114,11 @@ yield() { } ftrace_errlog_check() { # err-prefix command-with-error-pos-by-^ command-file - pos=$(echo -n "${2%^*}" | wc -c) # error position - command=$(echo "$2" | tr -d ^) + pos=$(printf "${2%^*}" | wc -c) # error position + command=$(printf "$2" | sed -e 's/\^//g' -e 's/%/%%/g' -e 's/\\/\\\\/g') echo "Test command: $command" echo > error_log - (! echo "$command" >> "$3" ) 2> /dev/null + (! printf "$command" >> "$3" ) 2> /dev/null grep "$1: error:" -A 3 error_log N=$(tail -n 1 error_log | wc -c) # " Command: " and "^\n" => 13 diff --git a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_syntax_errors.tc b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_syntax_errors.tc index ef1e9bafb098..039c03d230b9 100644 --- a/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_syntax_errors.tc +++ b/tools/testing/selftests/ftrace/test.d/kprobe/kprobe_syntax_errors.tc @@ -37,14 +37,14 @@ fi check_error 'p vfs_read ^$none_var' # BAD_VAR -check_error 'p vfs_read ^%none_reg' # BAD_REG_NAME +check_error 'p vfs_read ^%%none_reg' # BAD_REG_NAME check_error 'p vfs_read ^@12345678abcde' # BAD_MEM_ADDR check_error 'p vfs_read ^@+10' # FILE_ON_KPROBE grep -q "imm-value" README && \ -check_error 'p vfs_read arg1=\^x' # BAD_IMM +check_error 'p vfs_read arg1=\\^x' # BAD_IMM grep -q "imm-string" README && \ -check_error 'p vfs_read arg1=\"abcd^' # IMMSTR_NO_CLOSE +check_error 'p vfs_read arg1=\\"abcd^' # IMMSTR_NO_CLOSE check_error 'p vfs_read ^+0@0)' # DEREF_NEED_BRACE check_error 'p vfs_read ^+0ab1(@0)' # BAD_DEREF_OFFS @@ -80,7 +80,7 @@ check_error 'p vfs_read arg1=^' # NO_ARG_BODY # instruction boundary check is valid on x86 (at this moment) case $(uname -m) in x86_64|i[3456]86) - echo 'p vfs_read' > kprobe_events + printf 'p vfs_read' > kprobe_events if grep -q FTRACE ../kprobes/list ; then check_error 'p ^vfs_read+3' # BAD_INSN_BNDRY (only if function-tracer is enabled) fi @@ -89,13 +89,13 @@ esac # multiprobe errors if grep -q "Create/append/" README && grep -q "imm-value" README; then -echo 'p:kprobes/testevent _do_fork' > kprobe_events +printf 'p:kprobes/testevent _do_fork' > kprobe_events check_error '^r:kprobes/testevent do_exit' # DIFF_PROBE_TYPE -echo 'p:kprobes/testevent _do_fork abcd=\1' > kprobe_events -check_error 'p:kprobes/testevent _do_fork ^bcd=\1' # DIFF_ARG_TYPE -check_error 'p:kprobes/testevent _do_fork ^abcd=\1:u8' # DIFF_ARG_TYPE -check_error 'p:kprobes/testevent _do_fork ^abcd=\"foo"' # DIFF_ARG_TYPE -check_error '^p:kprobes/testevent _do_fork abcd=\1' # SAME_PROBE +printf 'p:kprobes/testevent _do_fork abcd=\\1' > kprobe_events +check_error 'p:kprobes/testevent _do_fork ^bcd=\\1' # DIFF_ARG_TYPE +check_error 'p:kprobes/testevent _do_fork ^abcd=\\1:u8' # DIFF_ARG_TYPE +check_error 'p:kprobes/testevent _do_fork ^abcd=\\"foo"'# DIFF_ARG_TYPE +check_error '^p:kprobes/testevent _do_fork abcd=\\1' # SAME_PROBE fi exit 0 -- 2.25.0

5 years, 5 months

2
3
0 0

[PATCH v2 0/7] selftsts/ftrace: Add requires list for each test case

by Masami Hiramatsu

Hi, Here is the 2nd version of the series of "requires:" list for simplifying and unifying requirement checks for each test case. The previous version is here. https://lkml.kernel.org/r/159102252279.31199.12855129586058455119.stgit@dev… I've fixed some trival mistakes and add Tom's reviewed-by in this version. Currently, we have many similar requirement checker to find unconfigured or unsupported (in older kernels) feature in each test case. I think it is a good time to unify those similar checks. As same as "description:" or "flags:" line, this series introduces new "requires:" line, and convert current checking code intor the "requires:" line. This requires line gives some good effects, not only simplyfies the code, but also unifies the reason message, and because it checks the requirements before running the testc ase, it skips unneeded ftrace initialization. The requires line supports following checks - tracefs interface check: Check whether the given file or directory in the tracefs. (No suffix) [3/7],[4/7],[5/7] - available tracer check: Check whether the given tracer is available (":tracer" suffix) [6/7] - README feature check: Check whether the given string is in the README (":README" suffix) [7/7] This series also includes the description line fix and unresolved -> unsupported change ([1/7] and [2/7]). Note: Since the requires line returns UNSUPPORTED error, the requirements must be one of ftrace feature, but not the user-space environmental requirement. If there is some issue in user-space (e.g. lack of the command, modules, etc) it must report UNRESOLVED error. Since this series depends on following 2 commits, commit 619ee76f5c9f ("selftests/ftrace: Return unsupported if no error_log file") on Shuah's Kselftest tree commit bea24f766efc ("selftests/ftrace: Distinguish between hist and synthetic event checks") on Steven's Tracing tree This can be applied on the tree which merged both of them. Also, you can get the series from the following. git://git.kernel.org/pub/scm/linux/kernel/git/mhiramat/linux.git ftracetest-requires-v2 Thank you, --- Masami Hiramatsu (7): selftests/ftrace: Allow ":" in description selftests/ftrace: Return unsupported for the unconfigured features selftests/ftrace: Add "requires:" list support selftests/ftrace: Convert required interface checks into requires list selftests/ftrace: Convert check_filter_file() with requires list selftests/ftrace: Support ":tracer" suffix for requires selftests/ftrace: Support ":README" suffix for requires tools/testing/selftests/ftrace/ftracetest | 11 ++++++- .../selftests/ftrace/test.d/00basic/snapshot.tc | 3 +- .../selftests/ftrace/test.d/00basic/trace_pipe.tc | 3 +- .../ftrace/test.d/direct/kprobe-direct.tc | 6 +--- .../ftrace/test.d/dynevent/add_remove_kprobe.tc | 6 +--- .../ftrace/test.d/dynevent/add_remove_synth.tc | 5 +-- .../ftrace/test.d/dynevent/clear_select_events.tc | 11 +------ .../ftrace/test.d/dynevent/generic_clear_event.tc | 8 +---- .../selftests/ftrace/test.d/event/event-enable.tc | 6 +--- .../selftests/ftrace/test.d/event/event-no-pid.tc | 11 +------ .../selftests/ftrace/test.d/event/event-pid.tc | 11 +------ .../ftrace/test.d/event/subsystem-enable.tc | 6 +--- .../ftrace/test.d/event/toplevel-enable.tc | 6 +--- .../ftrace/test.d/ftrace/fgraph-filter-stack.tc | 14 +-------- .../ftrace/test.d/ftrace/fgraph-filter.tc | 8 +---- .../ftrace/test.d/ftrace/func-filter-glob.tc | 8 +---- .../test.d/ftrace/func-filter-notrace-pid.tc | 13 +------- .../ftrace/test.d/ftrace/func-filter-pid.tc | 13 +------- .../ftrace/test.d/ftrace/func-filter-stacktrace.tc | 3 +- .../selftests/ftrace/test.d/ftrace/func_cpumask.tc | 6 +--- .../ftrace/test.d/ftrace/func_event_triggers.tc | 7 ++--- .../ftrace/test.d/ftrace/func_mod_trace.tc | 3 +- .../ftrace/test.d/ftrace/func_profile_stat.tc | 3 +- .../ftrace/test.d/ftrace/func_profiler.tc | 12 +------- .../ftrace/test.d/ftrace/func_set_ftrace_file.tc | 6 ++-- .../ftrace/test.d/ftrace/func_stack_tracer.tc | 8 +---- .../test.d/ftrace/func_traceonoff_triggers.tc | 6 ++-- .../ftrace/test.d/ftrace/tracing-error-log.tc | 12 ++------ tools/testing/selftests/ftrace/test.d/functions | 28 ++++++++++++++---- .../ftrace/test.d/instances/instance-event.tc | 6 +--- .../selftests/ftrace/test.d/instances/instance.tc | 6 +--- .../ftrace/test.d/kprobe/add_and_remove.tc | 3 +- .../selftests/ftrace/test.d/kprobe/busy_check.tc | 3 +- .../selftests/ftrace/test.d/kprobe/kprobe_args.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_args_comm.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_args_string.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_args_symbol.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_args_syntax.tc | 5 +-- .../ftrace/test.d/kprobe/kprobe_args_type.tc | 5 +-- .../ftrace/test.d/kprobe/kprobe_args_user.tc | 4 +-- .../ftrace/test.d/kprobe/kprobe_eventname.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_ftrace.tc | 6 +--- .../ftrace/test.d/kprobe/kprobe_module.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_multiprobe.tc | 5 +-- .../ftrace/test.d/kprobe/kprobe_syntax_errors.tc | 5 +-- .../ftrace/test.d/kprobe/kretprobe_args.tc | 3 +- .../ftrace/test.d/kprobe/kretprobe_maxactive.tc | 4 +-- .../ftrace/test.d/kprobe/multiple_kprobes.tc | 3 +- .../selftests/ftrace/test.d/kprobe/probepoint.tc | 3 +- .../selftests/ftrace/test.d/kprobe/profile.tc | 3 +- .../ftrace/test.d/kprobe/uprobe_syntax_errors.tc | 5 +-- .../ftrace/test.d/preemptirq/irqsoff_tracer.tc | 4 +-- tools/testing/selftests/ftrace/test.d/template | 4 +++ .../selftests/ftrace/test.d/tracer/wakeup.tc | 6 +--- .../selftests/ftrace/test.d/tracer/wakeup_rt.tc | 6 +--- .../inter-event/trigger-action-hist-xfail.tc | 13 +------- .../inter-event/trigger-field-variable-support.tc | 16 +--------- .../trigger-inter-event-combined-hist.tc | 16 +--------- .../inter-event/trigger-multi-actions-accept.tc | 16 +--------- .../inter-event/trigger-onchange-action-hist.tc | 8 +---- .../inter-event/trigger-onmatch-action-hist.tc | 16 +--------- .../trigger-onmatch-onmax-action-hist.tc | 16 +--------- .../inter-event/trigger-onmax-action-hist.tc | 16 +--------- .../inter-event/trigger-snapshot-action-hist.tc | 20 +------------ .../trigger-synthetic-event-createremove.tc | 11 +------ .../inter-event/trigger-synthetic-event-syntax.tc | 11 +------ .../inter-event/trigger-trace-action-hist.tc | 18 +----------- .../ftrace/test.d/trigger/trigger-eventonoff.tc | 11 +------ .../ftrace/test.d/trigger/trigger-filter.tc | 11 +------ .../ftrace/test.d/trigger/trigger-hist-mod.tc | 16 +--------- .../test.d/trigger/trigger-hist-syntax-errors.tc | 18 +----------- .../ftrace/test.d/trigger/trigger-hist.tc | 16 +--------- .../ftrace/test.d/trigger/trigger-multihist.tc | 16 +--------- .../ftrace/test.d/trigger/trigger-snapshot.tc | 16 +--------- .../ftrace/test.d/trigger/trigger-stacktrace.tc | 11 +------ .../test.d/trigger/trigger-trace-marker-hist.tc | 21 +------------- .../trigger/trigger-trace-marker-snapshot.tc | 21 +------------- .../trigger-trace-marker-synthetic-kernel.tc | 31 +------------------- .../trigger/trigger-trace-marker-synthetic.tc | 26 +---------------- .../ftrace/test.d/trigger/trigger-traceonoff.tc | 11 +------ 80 files changed, 119 insertions(+), 633 deletions(-) -- Masami Hiramatsu (Linaro) <mhiramat(a)kernel.org>

5 years, 5 months

2
12
0 0

[PATCH v2] Documentation: kunit: Add some troubleshooting tips to the FAQ

by David Gow

Add an FAQ entry to the KUnit documentation with some tips for troubleshooting KUnit and kunit_tool. These suggestions largely came from an email thread: https://lore.kernel.org/linux-kselftest/41db8bbd-3ba0-8bde-7352-083bf4b947f… Signed-off-by: David Gow <davidgow(a)google.com> Reviewed-by: Alan Maguire <alan.maguire(a)oracle.com> Reviewed-by: Brendan Higgins <brendanhiggins(a)google.com> --- Changes since v1[1] - Added a section about running KUnit outside UML (based heavily on Alan's suggestion in the thread). [1]: https://lore.kernel.org/linux-kselftest/20200602054216.93122-1-davidgow@goo… Documentation/dev-tools/kunit/faq.rst | 40 +++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/Documentation/dev-tools/kunit/faq.rst b/Documentation/dev-tools/kunit/faq.rst index ea55b2467653..1628862e7024 100644 --- a/Documentation/dev-tools/kunit/faq.rst +++ b/Documentation/dev-tools/kunit/faq.rst @@ -61,3 +61,43 @@ test, or an end-to-end test. kernel by installing a production configuration of the kernel on production hardware with a production userspace and then trying to exercise some behavior that depends on interactions between the hardware, the kernel, and userspace. + +KUnit isn't working, what should I do? +====================================== + +Unfortunately, there are a number of things which can break, but here are some +things to try. + +1. Try running ``./tools/testing/kunit/kunit.py run`` with the ``--raw_output`` + parameter. This might show details or error messages hidden by the kunit_tool + parser. +2. Instead of running ``kunit.py run``, try running ``kunit.py config``, + ``kunit.py build``, and ``kunit.py exec`` independently. This can help track + down where an issue is occurring. (If you think the parser is at fault, you + can run it manually against stdin or a file with ``kunit.py parse``.) +3. Running the UML kernel directly can often reveal issues or error messages + kunit_tool ignores. This should be as simple as running ``./vmlinux`` after + building the UML kernel (e.g., by using ``kunit.py build``). Note that UML + has some unusual requirements (such as the host having a tmpfs filesystem + mounted), and has had issues in the past when built statically and the host + has KASLR enabled. (On older host kernels, you may need to run ``setarch + `uname -m` -R ./vmlinux`` to disable KASLR.) +4. Make sure the kernel .config has ``CONFIG_KUNIT=y`` and at least one test + (e.g. ``CONFIG_KUNIT_EXAMPLE_TEST=y``). kunit_tool will keep its .config + around, so you can see what config was used after running ``kunit.py run``. + It also preserves any config changes you might make, so you can + enable/disable things with ``make ARCH=um menuconfig`` or similar, and then + re-run kunit_tool. +5. Try to run ``make ARCH=um defconfig`` before running ``kunit.py run``. This + may help clean up any residual config items which could be causing problems. +6. Finally, try running KUnit outside UML. KUnit and KUnit tests can run be + built into any kernel, or can be built as a module and loaded at runtime. + Doing so should allow you to determine if UML is causing the issue you're + seeing. When tests are built-in, they will execute when the kernel boots, and + modules will automatically execute associated tests when loaded. Test results + can be collected from ``/sys/kernel/debug/kunit/<test suite>/results``, and + can be parsed with ``kunit.py parse``. For more details, see "KUnit on + non-UML architectures" in :doc:`usage`. + +If none of the above tricks help, you are always welcome to email any issues to +kunit-dev(a)googlegroups.com. -- 2.27.0.rc2.251.g90737beb825-goog

5 years, 5 months

1
0
0 0

[PATCH v2] selftests: powerpc: Add test for execute-disabled pkeys

by Sandipan Das

Apart from read and write access, memory protection keys can also be used for restricting execute permission of pages on powerpc. This adds a test to verify if the feature works as expected. Signed-off-by: Sandipan Das <sandipan(a)linux.ibm.com> --- Previous versions can be found at v1: https://lore.kernel.org/linuxppc-dev/20200508162332.65316-1-sandipan@linux.… Changes in v2: - Added .gitignore entry for test binary. - Fixed builds for older distros where siginfo_t might not have si_pkey as a formal member based on discussion with Michael. --- tools/testing/selftests/powerpc/mm/.gitignore | 1 + tools/testing/selftests/powerpc/mm/Makefile | 3 +- .../selftests/powerpc/mm/pkey_exec_prot.c | 336 ++++++++++++++++++ 3 files changed, 339 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/powerpc/mm/pkey_exec_prot.c diff --git a/tools/testing/selftests/powerpc/mm/.gitignore b/tools/testing/selftests/powerpc/mm/.gitignore index 2ca523255b1b..8f841f925baa 100644 --- a/tools/testing/selftests/powerpc/mm/.gitignore +++ b/tools/testing/selftests/powerpc/mm/.gitignore @@ -8,3 +8,4 @@ wild_bctr large_vm_fork_separation bad_accesses tlbie_test +pkey_exec_prot diff --git a/tools/testing/selftests/powerpc/mm/Makefile b/tools/testing/selftests/powerpc/mm/Makefile index b9103c4bb414..2816229f648b 100644 --- a/tools/testing/selftests/powerpc/mm/Makefile +++ b/tools/testing/selftests/powerpc/mm/Makefile @@ -3,7 +3,7 @@ noarg: $(MAKE) -C ../ TEST_GEN_PROGS := hugetlb_vs_thp_test subpage_prot prot_sao segv_errors wild_bctr \ - large_vm_fork_separation bad_accesses + large_vm_fork_separation bad_accesses pkey_exec_prot TEST_GEN_PROGS_EXTENDED := tlbie_test TEST_GEN_FILES := tempfile @@ -17,6 +17,7 @@ $(OUTPUT)/prot_sao: ../utils.c $(OUTPUT)/wild_bctr: CFLAGS += -m64 $(OUTPUT)/large_vm_fork_separation: CFLAGS += -m64 $(OUTPUT)/bad_accesses: CFLAGS += -m64 +$(OUTPUT)/pkey_exec_prot: CFLAGS += -m64 $(OUTPUT)/tempfile: dd if=/dev/zero of=$@ bs=64k count=1 diff --git a/tools/testing/selftests/powerpc/mm/pkey_exec_prot.c b/tools/testing/selftests/powerpc/mm/pkey_exec_prot.c new file mode 100644 index 000000000000..147fb9ed47d5 --- /dev/null +++ b/tools/testing/selftests/powerpc/mm/pkey_exec_prot.c @@ -0,0 +1,336 @@ +// SPDX-License-Identifier: GPL-2.0+ + +/* + * Copyright 2020, Sandipan Das, IBM Corp. + * + * Test if applying execute protection on pages using memory + * protection keys works as expected. + */ + +#define _GNU_SOURCE +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <signal.h> + +#include <time.h> +#include <unistd.h> +#include <sys/mman.h> + +#include "utils.h" + +/* Override definitions as they might be inconsistent */ +#undef PKEY_DISABLE_ACCESS +#define PKEY_DISABLE_ACCESS 0x3 + +#undef PKEY_DISABLE_WRITE +#define PKEY_DISABLE_WRITE 0x2 + +#undef PKEY_DISABLE_EXECUTE +#define PKEY_DISABLE_EXECUTE 0x4 + +/* Older distros might not define this */ +#ifndef SEGV_PKUERR +#define SEGV_PKUERR 4 +#endif + +#define SI_PKEY_OFFSET 0x20 + +#define SYS_pkey_mprotect 386 +#define SYS_pkey_alloc 384 +#define SYS_pkey_free 385 + +#define PKEY_BITS_PER_PKEY 2 +#define NR_PKEYS 32 + +#define PKEY_BITS_MASK ((1UL << PKEY_BITS_PER_PKEY) - 1) + +static unsigned long pkeyreg_get(void) +{ + unsigned long uamr; + + asm volatile("mfspr %0, 0xd" : "=r"(uamr)); + return uamr; +} + +static void pkeyreg_set(unsigned long uamr) +{ + asm volatile("isync; mtspr 0xd, %0; isync;" : : "r"(uamr)); +} + +static void pkey_set_rights(int pkey, unsigned long rights) +{ + unsigned long uamr, shift; + + shift = (NR_PKEYS - pkey - 1) * PKEY_BITS_PER_PKEY; + uamr = pkeyreg_get(); + uamr &= ~(PKEY_BITS_MASK << shift); + uamr |= (rights & PKEY_BITS_MASK) << shift; + pkeyreg_set(uamr); +} + +static int sys_pkey_mprotect(void *addr, size_t len, int prot, int pkey) +{ + return syscall(SYS_pkey_mprotect, addr, len, prot, pkey); +} + +static int sys_pkey_alloc(unsigned long flags, unsigned long rights) +{ + return syscall(SYS_pkey_alloc, flags, rights); +} + +static int sys_pkey_free(int pkey) +{ + return syscall(SYS_pkey_free, pkey); +} + +static volatile int fpkey, fcode, ftype, faults; +static unsigned long pgsize, numinsns; +static volatile unsigned int *faddr; +static unsigned int *insns; + +static void segv_handler(int signum, siginfo_t *sinfo, void *ctx) +{ + int pkey; + +#ifdef si_pkey + pkey = sinfo->si_pkey; +#else + pkey = *((int *)(((char *) sinfo) + SI_PKEY_OFFSET)); +#endif + + /* Check if this fault originated because of the expected reasons */ + if (sinfo->si_code != SEGV_ACCERR && sinfo->si_code != SEGV_PKUERR) { + printf("got an unexpected fault, code = %d\n", + sinfo->si_code); + goto fail; + } + + /* Check if this fault originated from the expected address */ + if (sinfo->si_addr != (void *) faddr) { + printf("got an unexpected fault, addr = %p\n", + sinfo->si_addr); + goto fail; + } + + /* Check if the expected number of faults has been exceeded */ + if (faults == 0) + goto fail; + + fcode = sinfo->si_code; + + /* Restore permissions in order to continue */ + switch (fcode) { + case SEGV_ACCERR: + if (mprotect(insns, pgsize, PROT_READ | PROT_WRITE)) { + perror("mprotect"); + goto fail; + } + break; + case SEGV_PKUERR: + if (pkey != fpkey) + goto fail; + + if (ftype == PKEY_DISABLE_ACCESS) { + pkey_set_rights(fpkey, 0); + } else if (ftype == PKEY_DISABLE_EXECUTE) { + /* + * Reassociate the exec-only pkey with the region + * to be able to continue. Unlike AMR, we cannot + * set IAMR directly from userspace to restore the + * permissions. + */ + if (mprotect(insns, pgsize, PROT_EXEC)) { + perror("mprotect"); + goto fail; + } + } else { + goto fail; + } + break; + } + + faults--; + return; + +fail: + /* Restore all page permissions to avoid repetitive faults */ + if (mprotect(insns, pgsize, PROT_READ | PROT_WRITE | PROT_EXEC)) + perror("mprotect"); + if (sinfo->si_code == SEGV_PKUERR) + pkey_set_rights(pkey, 0); + faults = -1; /* Something unexpected happened */ +} + +static int pkeys_unsupported(void) +{ + bool using_hash = false; + char line[128]; + int pkey; + FILE *f; + + f = fopen("/proc/cpuinfo", "r"); + FAIL_IF(!f); + + /* Protection keys are currently supported on Hash MMU only */ + while (fgets(line, sizeof(line), f)) { + if (strcmp(line, "MMU : Hash\n") == 0) { + using_hash = true; + break; + } + } + + fclose(f); + SKIP_IF(!using_hash); + + /* Check if the system call is supported */ + pkey = sys_pkey_alloc(0, 0); + SKIP_IF(pkey < 0); + sys_pkey_free(pkey); + + return 0; +} + +static int test(void) +{ + struct sigaction act; + int pkey, ret, i; + + ret = pkeys_unsupported(); + if (ret) + return ret; + + /* Setup signal handler */ + act.sa_handler = 0; + act.sa_sigaction = segv_handler; + FAIL_IF(sigprocmask(SIG_SETMASK, 0, &act.sa_mask) != 0); + act.sa_flags = SA_SIGINFO; + act.sa_restorer = 0; + FAIL_IF(sigaction(SIGSEGV, &act, NULL) != 0); + + /* Setup executable region */ + pgsize = sysconf(_SC_PAGESIZE); + numinsns = pgsize / sizeof(unsigned int); + insns = (unsigned int *) mmap(NULL, pgsize, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + FAIL_IF(insns == MAP_FAILED); + + /* Write the instruction words */ + for (i = 0; i < numinsns - 1; i++) + insns[i] = 0x60000000; /* nop */ + + /* + * Later, to jump to the executable region, we use a linked + * branch which sets the return address automatically in LR. + * Use that to return back. + */ + insns[numinsns - 1] = 0x4e800020; /* blr */ + + /* Allocate a pkey that restricts execution */ + pkey = sys_pkey_alloc(0, PKEY_DISABLE_EXECUTE); + FAIL_IF(pkey < 0); + + /* + * Pick a random instruction address from the executable + * region. + */ + srand(time(NULL)); + faddr = &insns[rand() % (numinsns - 1)]; + + /* The following two cases will avoid SEGV_PKUERR */ + ftype = -1; + fpkey = -1; + + /* + * Read an instruction word from the address when AMR bits + * are not set. + * + * This should not generate a fault as having PROT_EXEC + * implicitly allows reads. The pkey currently restricts + * execution only based on the IAMR bits. The AMR bits are + * cleared. + */ + faults = 0; + FAIL_IF(sys_pkey_mprotect(insns, pgsize, PROT_EXEC, pkey) != 0); + printf("read from %p, pkey is execute-disabled\n", (void *) faddr); + i = *faddr; + FAIL_IF(faults != 0); + + /* + * Write an instruction word to the address when AMR bits + * are not set. + * + * This should generate an access fault as having just + * PROT_EXEC also restricts writes. The pkey currently + * restricts execution only based on the IAMR bits. The + * AMR bits are cleared. + */ + faults = 1; + FAIL_IF(sys_pkey_mprotect(insns, pgsize, PROT_EXEC, pkey) != 0); + printf("write to %p, pkey is execute-disabled\n", (void *) faddr); + *faddr = 0x60000000; /* nop */ + FAIL_IF(faults != 0 || fcode != SEGV_ACCERR); + + /* The following three cases will generate SEGV_PKUERR */ + ftype = PKEY_DISABLE_ACCESS; + fpkey = pkey; + + /* + * Read an instruction word from the address when AMR bits + * are set. + * + * This should generate a pkey fault based on AMR bits only + * as having PROT_EXEC implicitly allows reads. + */ + faults = 1; + FAIL_IF(sys_pkey_mprotect(insns, pgsize, PROT_EXEC, pkey) != 0); + printf("read from %p, pkey is execute-disabled, access-disabled\n", + (void *) faddr); + pkey_set_rights(pkey, PKEY_DISABLE_ACCESS); + i = *faddr; + FAIL_IF(faults != 0 || fcode != SEGV_PKUERR); + + /* + * Write an instruction word to the address when AMR bits + * are set. + * + * This should generate two faults. First, a pkey fault based + * on AMR bits and then an access fault based on PROT_EXEC. + */ + faults = 2; + FAIL_IF(sys_pkey_mprotect(insns, pgsize, PROT_EXEC, pkey) != 0); + printf("write to %p, pkey is execute-disabled, access-disabled\n", + (void *) faddr); + pkey_set_rights(pkey, PKEY_DISABLE_ACCESS); + *faddr = 0x60000000; /* nop */ + FAIL_IF(faults != 0 || fcode != SEGV_ACCERR); + + /* + * Jump to the executable region. This should generate a pkey + * fault based on IAMR bits. AMR bits will not affect execution. + */ + faddr = insns; + ftype = PKEY_DISABLE_EXECUTE; + fpkey = pkey; + faults = 1; + FAIL_IF(sys_pkey_mprotect(insns, pgsize, PROT_EXEC, pkey) != 0); + pkey_set_rights(pkey, PKEY_DISABLE_ACCESS); + printf("execute at %p, ", (void *) faddr); + printf("pkey is execute-disabled, access-disabled\n"); + + /* Branch into the executable region */ + asm volatile("mtctr %0" : : "r"((unsigned long) insns)); + asm volatile("bctrl"); + FAIL_IF(faults != 0 || fcode != SEGV_PKUERR); + + /* Cleanup */ + munmap((void *) insns, pgsize); + sys_pkey_free(pkey); + + return 0; +} + +int main(void) +{ + test_harness(test, "pkey_exec_prot"); +} -- 2.25.1

5 years, 5 months

2
4
0 0

[PATCH v5 3/3] tests: add close_range() tests

by Christian Brauner

This adds basic tests for the new close_range() syscall. - test that no invalid flags can be passed - test that a range of file descriptors is correctly closed - test that a range of file descriptors is correctly closed if there there are already closed file descriptors in the range - test that max_fd is correctly capped to the current fdtable maximum Signed-off-by: Christian Brauner <christian.brauner(a)ubuntu.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Jann Horn <jannh(a)google.com> Cc: David Howells <dhowells(a)redhat.com> Cc: Dmitry V. Levin <ldv(a)altlinux.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Florian Weimer <fweimer(a)redhat.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: linux-api(a)vger.kernel.org Cc: linux-kselftest(a)vger.kernel.org --- /* v2 */ unchanged /* v3 */ - Christian Brauner <christian(a)brauner.io>: - verify that close_range() correctly closes a single file descriptor /* v4 */ - Christian Brauner <christian(a)brauner.io>: - add missing Cc for Shuah - add missing Cc for linux-kselftest /* v5 */ - Michael Ellerman <mpe(a)ellerman.id.au>: - remove include of unexported kernel headers - Christian Brauner <christian.brauner(a)ubuntu.com>: - add missing SPDX header to Makefile --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/core/.gitignore | 1 + tools/testing/selftests/core/Makefile | 7 + .../testing/selftests/core/close_range_test.c | 149 ++++++++++++++++++ 4 files changed, 158 insertions(+) create mode 100644 tools/testing/selftests/core/.gitignore create mode 100644 tools/testing/selftests/core/Makefile create mode 100644 tools/testing/selftests/core/close_range_test.c diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 2ff68702fd41..2e387ce83311 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -6,6 +6,7 @@ TARGETS += breakpoints TARGETS += capabilities TARGETS += cgroup TARGETS += clone3 +TARGETS += core TARGETS += cpufreq TARGETS += cpu-hotplug TARGETS += drivers/dma-buf diff --git a/tools/testing/selftests/core/.gitignore b/tools/testing/selftests/core/.gitignore new file mode 100644 index 000000000000..6e6712ce5817 --- /dev/null +++ b/tools/testing/selftests/core/.gitignore @@ -0,0 +1 @@ +close_range_test diff --git a/tools/testing/selftests/core/Makefile b/tools/testing/selftests/core/Makefile new file mode 100644 index 000000000000..f6f2d6f473c6 --- /dev/null +++ b/tools/testing/selftests/core/Makefile @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0-only +CFLAGS += -g -I../../../../usr/include/ + +TEST_GEN_PROGS := close_range_test + +include ../lib.mk + diff --git a/tools/testing/selftests/core/close_range_test.c b/tools/testing/selftests/core/close_range_test.c new file mode 100644 index 000000000000..6d92e239a228 --- /dev/null +++ b/tools/testing/selftests/core/close_range_test.c @@ -0,0 +1,149 @@ +// SPDX-License-Identifier: GPL-2.0 + +#define _GNU_SOURCE +#include <errno.h> +#include <fcntl.h> +#include <linux/kernel.h> +#include <limits.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <syscall.h> +#include <unistd.h> + +#include "../kselftest.h" + +#ifndef __NR_close_range +#define __NR_close_range -1 +#endif + +static inline int sys_close_range(unsigned int fd, unsigned int max_fd, + unsigned int flags) +{ + return syscall(__NR_close_range, fd, max_fd, flags); +} + +#ifndef ARRAY_SIZE +#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) +#endif + +int main(int argc, char **argv) +{ + const char *test_name = "close_range"; + int i, ret; + int open_fds[101]; + int fd_max, fd_mid, fd_min; + + ksft_set_plan(9); + + for (i = 0; i < ARRAY_SIZE(open_fds); i++) { + int fd; + + fd = open("/dev/null", O_RDONLY | O_CLOEXEC); + if (fd < 0) { + if (errno == ENOENT) + ksft_exit_skip( + "%s test: skipping test since /dev/null does not exist\n", + test_name); + + ksft_exit_fail_msg( + "%s test: %s - failed to open /dev/null\n", + strerror(errno), test_name); + } + + open_fds[i] = fd; + } + + fd_min = open_fds[0]; + fd_max = open_fds[99]; + + ret = sys_close_range(fd_min, fd_max, 1); + if (!ret) + ksft_exit_fail_msg( + "%s test: managed to pass invalid flag value\n", + test_name); + if (errno == ENOSYS) + ksft_exit_skip("%s test: close_range() syscall not supported\n", test_name); + + ksft_test_result_pass("do not allow invalid flag values for close_range()\n"); + + fd_mid = open_fds[50]; + ret = sys_close_range(fd_min, fd_mid, 0); + if (ret < 0) + ksft_exit_fail_msg( + "%s test: Failed to close range of file descriptors from %d to %d\n", + test_name, fd_min, fd_mid); + ksft_test_result_pass("close_range() from %d to %d\n", fd_min, fd_mid); + + for (i = 0; i <= 50; i++) { + ret = fcntl(open_fds[i], F_GETFL); + if (ret >= 0) + ksft_exit_fail_msg( + "%s test: Failed to close range of file descriptors from %d to %d\n", + test_name, fd_min, fd_mid); + } + ksft_test_result_pass("fcntl() verify closed range from %d to %d\n", fd_min, fd_mid); + + /* create a couple of gaps */ + close(57); + close(78); + close(81); + close(82); + close(84); + close(90); + + fd_mid = open_fds[51]; + /* Choose slightly lower limit and leave some fds for a later test */ + fd_max = open_fds[92]; + ret = sys_close_range(fd_mid, fd_max, 0); + if (ret < 0) + ksft_exit_fail_msg( + "%s test: Failed to close range of file descriptors from 51 to 100\n", + test_name); + ksft_test_result_pass("close_range() from %d to %d\n", fd_mid, fd_max); + + for (i = 51; i <= 92; i++) { + ret = fcntl(open_fds[i], F_GETFL); + if (ret >= 0) + ksft_exit_fail_msg( + "%s test: Failed to close range of file descriptors from 51 to 100\n", + test_name); + } + ksft_test_result_pass("fcntl() verify closed range from %d to %d\n", fd_mid, fd_max); + + fd_mid = open_fds[93]; + fd_max = open_fds[99]; + /* test that the kernel caps and still closes all fds */ + ret = sys_close_range(fd_mid, UINT_MAX, 0); + if (ret < 0) + ksft_exit_fail_msg( + "%s test: Failed to close range of file descriptors from 51 to 100\n", + test_name); + ksft_test_result_pass("close_range() from %d to %d\n", fd_mid, fd_max); + + for (i = 93; i < 100; i++) { + ret = fcntl(open_fds[i], F_GETFL); + if (ret >= 0) + ksft_exit_fail_msg( + "%s test: Failed to close range of file descriptors from 51 to 100\n", + test_name); + } + ksft_test_result_pass("fcntl() verify closed range from %d to %d\n", fd_mid, fd_max); + + ret = sys_close_range(open_fds[100], open_fds[100], 0); + if (ret < 0) + ksft_exit_fail_msg( + "%s test: Failed to close single file descriptor\n", + test_name); + ksft_test_result_pass("close_range() closed single file descriptor\n"); + + ret = fcntl(open_fds[100], F_GETFL); + if (ret >= 0) + ksft_exit_fail_msg( + "%s test: Failed to close single file descriptor\n", + test_name); + ksft_test_result_pass("fcntl() verify closed single file descriptor\n"); + + return ksft_exit_pass(); +} -- 2.26.2

5 years, 5 months

1
0
0 0

[PATCH] kunit: Fix TabError, remove defconfig code and handle when there is no kunitconfig

by Vitor Massaru Iha

The identation before this code (`if not os.path.exists(cli_args.build_dir):``) was with spaces instead of tabs after fixed up merge conflits, this commit revert spaces to tabs: [iha@bbking linux]$ tools/testing/kunit/kunit.py run File "tools/testing/kunit/kunit.py", line 247 if not linux: ^ TabError: inconsistent use of tabs and spaces in indentation Remove defconfig related code to fix these two errors, the commit 9bdf64b35 was created before 45ba7a893ad, and the commit 9bdf64b35 removes defconfig related code: [iha@bbking linux]$ tools/testing/kunit/kunit.py run Traceback (most recent call last): File "tools/testing/kunit/kunit.py", line 338, in <module> main(sys.argv[1:]) File "tools/testing/kunit/kunit.py", line 215, in main add_config_opts(config_parser) [iha@bbking linux]$ tools/testing/kunit/kunit.py run Traceback (most recent call last): File "tools/testing/kunit/kunit.py", line 337, in <module> main(sys.argv[1:]) File "tools/testing/kunit/kunit.py", line 255, in main result = run_tests(linux, request) File "tools/testing/kunit/kunit.py", line 133, in run_tests request.defconfig, AttributeError: 'KunitRequest' object has no attribute 'defconfig' Handles when there is no .kunitconfig, the error occurs because commit 9bdf64b35 was created before 45ba7a893ad. [iha@bbking linux]$ tools/testing/kunit/kunit.py run Traceback (most recent call last): File "tools/testing/kunit/kunit.py", line 335, in <module> main(sys.argv[1:]) File "tools/testing/kunit/kunit.py", line 246, in main linux = kunit_kernel.LinuxSourceTree() File "/home/iha/sdb/opensource/lkmp/linux/tools/testing/kunit/kunit_kernel.py", line 109, in __init__ self._kconfig.read_from_file(kunitconfig_path) File "/home/iha/sdb/opensource/lkmp/linux/tools/testing/kunit/kunit_config.py", line 88, in read_from_file with open(path, 'r') as f: FileNotFoundError: [Errno 2] No such file or directory: '.kunit/.kunitconfig' Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> --- Fix the fixup on this commits: 9bdf64b, ddbd60c. Some errors occurs because these commits were created before this commit 45ba7a8, as explained in the commit message. --- tools/testing/kunit/kunit.py | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/tools/testing/kunit/kunit.py b/tools/testing/kunit/kunit.py index ec73b07d1265..787b6d4ad716 100755 --- a/tools/testing/kunit/kunit.py +++ b/tools/testing/kunit/kunit.py @@ -23,7 +23,7 @@ import kunit_parser KunitResult = namedtuple('KunitResult', ['status','result','elapsed_time']) KunitConfigRequest = namedtuple('KunitConfigRequest', - ['build_dir', 'defconfig', 'make_options']) + ['build_dir', 'make_options']) KunitBuildRequest = namedtuple('KunitBuildRequest', ['jobs', 'build_dir', 'alltests', 'make_options']) @@ -130,7 +130,6 @@ def run_tests(linux: kunit_kernel.LinuxSourceTree, run_start = time.time() config_request = KunitConfigRequest(request.build_dir, - request.defconfig, request.make_options) config_result = config_tests(linux, config_request) if config_result.status != KunitStatus.SUCCESS: @@ -212,7 +211,6 @@ def main(argv, linux=None): help='Ensures that .config contains all of ' 'the options in .kunitconfig') add_common_opts(config_parser) - add_config_opts(config_parser) build_parser = subparser.add_parser('build', help='Builds a kernel with KUnit tests') add_common_opts(build_parser) @@ -238,11 +236,14 @@ def main(argv, linux=None): cli_args = parser.parse_args(argv) if cli_args.subcommand == 'run': - if not os.path.exists(cli_args.build_dir): - os.mkdir(cli_args.build_dir) - kunit_kernel.kunitconfig_path = os.path.join( - cli_args.build_dir, - kunit_kernel.kunitconfig_path) + if not os.path.exists(cli_args.build_dir): + os.mkdir(cli_args.build_dir) + kunit_kernel.kunitconfig_path = os.path.join( + cli_args.build_dir, + kunit_kernel.kunitconfig_path) + + if not os.path.exists(kunit_kernel.kunitconfig_path): + create_default_kunitconfig() if not linux: linux = kunit_kernel.LinuxSourceTree() @@ -264,11 +265,13 @@ def main(argv, linux=None): cli_args.build_dir, kunit_kernel.kunitconfig_path) + if not os.path.exists(kunit_kernel.kunitconfig_path): + create_default_kunitconfig() + if not linux: linux = kunit_kernel.LinuxSourceTree() request = KunitConfigRequest(cli_args.build_dir, - cli_args.defconfig, cli_args.make_options) result = config_tests(linux, request) kunit_parser.print_with_timestamp(( @@ -284,6 +287,9 @@ def main(argv, linux=None): cli_args.build_dir, kunit_kernel.kunitconfig_path) + if not os.path.exists(kunit_kernel.kunitconfig_path): + create_default_kunitconfig() + if not linux: linux = kunit_kernel.LinuxSourceTree() @@ -305,6 +311,9 @@ def main(argv, linux=None): cli_args.build_dir, kunit_kernel.kunitconfig_path) + if not os.path.exists(kunit_kernel.kunitconfig_path): + create_default_kunitconfig() + if not linux: linux = kunit_kernel.LinuxSourceTree() -- 2.26.2

5 years, 5 months

2
1
0 0

[PATCH v3 0/6] Enable as many KUnit tests as possible

by Anders Roxell

Hi, This patchset will try to enable as many KUnit test fragments as possible for the current .config file. This will make it easier for both developers that tests their specific feature and also for test-systems that would like to get as much as possible for their current .config file. I will send a separate KCSAN KUnit patch after this patchset since that isn't in mainline yet. Since v2: Fixed David's comments. KUNIT_RUN_ALL -> KUNIT_ALL_TESTS, and he suggested a great help text. Since v1: Marco commented to split up the patches, and change a "." to a ",". Cheers, Anders Anders Roxell (6): kunit: Kconfig: enable a KUNIT_ALL_TESTS fragment kunit: default KUNIT_* fragments to KUNIT_ALL_TESTS lib: Kconfig.debug: default KUNIT_* fragments to KUNIT_ALL_TESTS drivers: base: default KUNIT_* fragments to KUNIT_ALL_TESTS fs: ext4: default KUNIT_* fragments to KUNIT_ALL_TESTS security: apparmor: default KUNIT_* fragments to KUNIT_ALL_TESTS drivers/base/Kconfig | 3 ++- drivers/base/test/Kconfig | 3 ++- fs/ext4/Kconfig | 3 ++- lib/Kconfig.debug | 6 ++++-- lib/kunit/Kconfig | 23 ++++++++++++++++++++--- security/apparmor/Kconfig | 3 ++- 6 files changed, 32 insertions(+), 9 deletions(-) -- 2.20.1

5 years, 5 months

3
4
0 0

[PATCH] Documentation: kunit: Add some troubleshooting tips to the FAQ

by David Gow

Add an FAQ entry to the KUnit documentation with some tips for troubleshooting KUnit and kunit_tool. These suggestions largely came from an email thread: https://lore.kernel.org/linux-kselftest/41db8bbd-3ba0-8bde-7352-083bf4b947f… Signed-off-by: David Gow <davidgow(a)google.com> --- Documentation/dev-tools/kunit/faq.rst | 32 +++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/Documentation/dev-tools/kunit/faq.rst b/Documentation/dev-tools/kunit/faq.rst index ea55b2467653..40109d425988 100644 --- a/Documentation/dev-tools/kunit/faq.rst +++ b/Documentation/dev-tools/kunit/faq.rst @@ -61,3 +61,35 @@ test, or an end-to-end test. kernel by installing a production configuration of the kernel on production hardware with a production userspace and then trying to exercise some behavior that depends on interactions between the hardware, the kernel, and userspace. + +KUnit isn't working, what should I do? +====================================== + +Unfortunately, there are a number of things which can break, but here are some +things to try. + +1. Try running ``./tools/testing/kunit/kunit.py run`` with the ``--raw_output`` + parameter. This might show details or error messages hidden by the kunit_tool + parser. +2. Instead of running ``kunit.py run``, try running ``kunit.py config``, + ``kunit.py build``, and ``kunit.py exec`` independently. This can help track + down where an issue is occurring. (If you think the parser is at fault, you + can run it manually against stdin or a file with ``kunit.py parse``.) +3. Running the UML kernel directly can often reveal issues or error messages + kunit_tool ignores. This should be as simple as running ``./vmlinux`` after + building the UML kernel (e.g., by using ``kunit.py build``). Note that UML + has some unusual requirements (such as the host having a tmpfs filesystem + mounted), and has had issues in the past when built statically and the host + has KASLR enabled. (On older host kernels, you may need to run ``setarch + `uname -m` -R ./vmlinux`` to disable KASLR.) +4. Make sure the kernel .config has ``CONFIG_KUNIT=y`` and at least one test + (e.g. ``CONFIG_KUNIT_EXAMPLE_TEST=y``). kunit_tool will keep its .config + around, so you can see what config was used after running ``kunit.py run``. + It also preserves any config changes you might make, so you can + enable/disable things with ``make ARCH=um menuconfig`` or similar, and then + re-run kunit_tool. +5. Finally, running ``make ARCH=um defconfig`` before running ``kunit.py run`` + may help clean up any residual config items which could be causing problems. + +If none of the above tricks help, you are always welcome to email any issues to +kunit-dev(a)googlegroups.com. -- 2.27.0.rc2.251.g90737beb825-goog

5 years, 5 months

3
2
0 0

[PATCH] selftests: net: ip_defrag: ignore EPERM

by Thadeu Lima de Souza Cascardo

When running with conntrack rules, the dropped overlap fragments may cause EPERM to be returned to sendto. Instead of completely failing, just ignore those errors and continue. If this causes packets with overlap fragments to be dropped as expected, that is okay. And if it causes packets that are expected to be received to be dropped, which should not happen, it will be detected as failure. Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> --- tools/testing/selftests/net/ip_defrag.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/net/ip_defrag.c b/tools/testing/selftests/net/ip_defrag.c index b53fb67f8e5e..62ee927bacae 100644 --- a/tools/testing/selftests/net/ip_defrag.c +++ b/tools/testing/selftests/net/ip_defrag.c @@ -192,9 +192,9 @@ static void send_fragment(int fd_raw, struct sockaddr *addr, socklen_t alen, } res = sendto(fd_raw, ip_frame, frag_len, 0, addr, alen); - if (res < 0) + if (res < 0 && errno != EPERM) error(1, errno, "send_fragment"); - if (res != frag_len) + if (res >= 0 && res != frag_len) error(1, 0, "send_fragment: %d vs %d", res, frag_len); frag_counter++; @@ -313,9 +313,9 @@ static void send_udp_frags(int fd_raw, struct sockaddr *addr, iphdr->ip_len = htons(frag_len); } res = sendto(fd_raw, ip_frame, frag_len, 0, addr, alen); - if (res < 0) + if (res < 0 && errno != EPERM) error(1, errno, "sendto overlap: %d", frag_len); - if (res != frag_len) + if (res >= 0 && res != frag_len) error(1, 0, "sendto overlap: %d vs %d", (int)res, frag_len); frag_counter++; } -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH 0/4] selftests, sysctl, lib: Fix prime_numbers and sysctl test to run

by Masami Hiramatsu

Hi, Recently, I found some tests were always skipped. Here is a series of patches to fix those issues. The prime_numbers test is skipped in some cases because prime_numbers.ko is not always compiled. Since the CONFIG_PRIME_NUMBERS is not independently configurable item (it has no title and help), it is enabled only if other configs (DRM_DEBUG_SELFTEST etc.) select it. To fix this issue, I added a title and help for CONFIG_PRIME_NUMBERS. The sysctl test is skipped because - selftests/sysctl/config requires CONFIG_TEST_SYSCTL=y. But since lib/test_sysctl.c doesn't use module_init(), the test_syscall is not listed under /sys/module/ and the test script gives up. - Even if we make CONFIG_TEST_SYSCTL=m, the test script checks /sys/modules/test_sysctl before loading module and gives up. - Ayway, since the test module introduces useless sysctl interface to the kernel, it would better be a module. This series includes fixes for above 3 points. - Fix lib/test_sysctl.c to use module_init() - Fix tools/testing/selftests/sysctl/sysctl.sh to try to load test module if it is not loaded (nor embedded). - Fix tools/testing/selftests/sysctl/config to require CONFIG_TEST_SYSCTL=m, not y. Thank you, --- Masami Hiramatsu (4): lib: Make prime number generator independently selectable lib: Make test_sysctl initialized as module selftests/sysctl: Fix to load test_sysctl module selftests/sysctl: Make sysctl test driver as a module lib/math/Kconfig | 7 ++++++- lib/test_sysctl.c | 2 +- tools/testing/selftests/sysctl/config | 2 +- tools/testing/selftests/sysctl/sysctl.sh | 13 ++----------- 4 files changed, 10 insertions(+), 14 deletions(-) -- Masami Hiramatsu (Linaro) <mhiramat(a)kernel.org>

5 years, 5 months

4
16
0 0

[PATCH 0/4] selftests/livepatch: rework of test-klp-{callbacks, shadow_vars}

by Yannick Cote

The test-klp-callbacks change implement a synchronization replacement of initial code to use completion variables instead of delays. The completion variable interlocks the busy module with the concurrent loading of the target livepatch patches which works with the execution flow instead of estimated time delays. The test-klp-shadow-vars changes first refactors the code to be more of a readable example as well as continuing to verify the component code. The patch is broken in two to display the renaming and restructuring in part 1 and the addition and change of logic in part 2. The last change frees memory before bailing in case of errors. Patchset to be merged via the livepatching tree is against: livepatching/for-next Joe Lawrence (1): selftests/livepatch: rework test-klp-callbacks to use completion variables Yannick Cote (3): selftests/livepatch: rework test-klp-shadow-vars selftests/livepatch: more verification in test-klp-shadow-vars selftests/livepatch: fix mem leaks in test-klp-shadow-vars lib/livepatch/test_klp_callbacks_busy.c | 42 +++- lib/livepatch/test_klp_shadow_vars.c | 222 +++++++++--------- .../selftests/livepatch/test-callbacks.sh | 29 ++- .../selftests/livepatch/test-shadow-vars.sh | 85 ++++--- 4 files changed, 214 insertions(+), 164 deletions(-) -- 2.25.4

5 years, 5 months

5
13
0 0

[PATCH 0/7] selftsts/ftrace: Add requires list for each test case

by Masami Hiramatsu

Hi, Here is a series for adding "requires:" list for simplifying and unifying requirement checks for each test case. This series also includes the description line fix and unresolved -> unsupported change ([1/7] and [2/7]). Currently, we have many similar requirement checker to find unconfigured or unsupported (in older kernels) feature in each test case. I think it is a good time to unify those similar checks. As same as "description:" or "flags:" line, this series introduces new "requires:" line, and convert current checking code intor the "requires:" line. This requires line gives some good effects, not only simplyfies the code, but also unifies the reason message, and because it checks the requirements before running the testc ase, it skips unneeded ftrace initialization. The requires line supports following checks - tracefs interface check: Check whether the given file or directory in the tracefs. (No suffix) [3/7],[4/7],[5/7] - available tracer check: Check whether the given tracer is available (":tracer" suffix) [6/7] - README feature check: Check whether the given string is in the README (":README" suffix) [7/7] Note that since the requires line returns UNSUPPORTED error, the requirements must be one of ftrace feature, but not the user-space environmental requirement. If there is some issue in user-space (e.g. lack of the command, modules, etc) it must report UNRESOLVED error. Since this series depends on following 2 commits, commit 619ee76f5c9f ("selftests/ftrace: Return unsupported if no error_log file") on Shuah's Kselftest tree commit bea24f766efc ("selftests/ftrace: Distinguish between hist and synthetic event checks") on Steven's Tracing tree This can be applied on the tree which merged both of them. Also, you can get the series from the following. git://git.kernel.org/pub/scm/linux/kernel/git/mhiramat/linux.git ftracetest-requires-v1 Thank you, --- Masami Hiramatsu (7): selftests/ftrace: Allow ":" in description selftests/ftrace: Return unsupported for the unconfigured features selftests/ftrace: Add "requires:" list support selftests/ftrace: Convert required interface checks into requires list selftests/ftrace: Convert check_filter_file() with requires list selftests/ftrace: Support ":tracer" suffix for requires selftests/ftrace: Support ":README" suffix for requires tools/testing/selftests/ftrace/ftracetest | 11 ++++++- .../selftests/ftrace/test.d/00basic/snapshot.tc | 3 +- .../selftests/ftrace/test.d/00basic/trace_pipe.tc | 3 +- .../ftrace/test.d/direct/kprobe-direct.tc | 6 +--- .../ftrace/test.d/dynevent/add_remove_kprobe.tc | 6 +--- .../ftrace/test.d/dynevent/add_remove_synth.tc | 5 +-- .../ftrace/test.d/dynevent/clear_select_events.tc | 11 +------ .../ftrace/test.d/dynevent/generic_clear_event.tc | 8 +---- .../selftests/ftrace/test.d/event/event-enable.tc | 6 +--- .../selftests/ftrace/test.d/event/event-no-pid.tc | 11 +------ .../selftests/ftrace/test.d/event/event-pid.tc | 11 +------ .../ftrace/test.d/event/subsystem-enable.tc | 6 +--- .../ftrace/test.d/event/toplevel-enable.tc | 6 +--- .../ftrace/test.d/ftrace/fgraph-filter-stack.tc | 14 +-------- .../ftrace/test.d/ftrace/fgraph-filter.tc | 8 +---- .../ftrace/test.d/ftrace/func-filter-glob.tc | 8 +---- .../test.d/ftrace/func-filter-notrace-pid.tc | 13 +------- .../ftrace/test.d/ftrace/func-filter-pid.tc | 13 +------- .../ftrace/test.d/ftrace/func-filter-stacktrace.tc | 3 +- .../selftests/ftrace/test.d/ftrace/func_cpumask.tc | 6 +--- .../ftrace/test.d/ftrace/func_event_triggers.tc | 7 ++--- .../ftrace/test.d/ftrace/func_mod_trace.tc | 3 +- .../ftrace/test.d/ftrace/func_profile_stat.tc | 3 +- .../ftrace/test.d/ftrace/func_profiler.tc | 12 +------- .../ftrace/test.d/ftrace/func_set_ftrace_file.tc | 6 ++-- .../ftrace/test.d/ftrace/func_stack_tracer.tc | 8 +---- .../test.d/ftrace/func_traceonoff_triggers.tc | 6 ++-- .../ftrace/test.d/ftrace/tracing-error-log.tc | 12 ++------ tools/testing/selftests/ftrace/test.d/functions | 28 ++++++++++++++---- .../ftrace/test.d/instances/instance-event.tc | 6 +--- .../selftests/ftrace/test.d/instances/instance.tc | 6 +--- .../ftrace/test.d/kprobe/add_and_remove.tc | 3 +- .../selftests/ftrace/test.d/kprobe/busy_check.tc | 3 +- .../selftests/ftrace/test.d/kprobe/kprobe_args.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_args_comm.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_args_string.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_args_symbol.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_args_syntax.tc | 5 +-- .../ftrace/test.d/kprobe/kprobe_args_type.tc | 5 +-- .../ftrace/test.d/kprobe/kprobe_args_user.tc | 5 +-- .../ftrace/test.d/kprobe/kprobe_eventname.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_ftrace.tc | 6 +--- .../ftrace/test.d/kprobe/kprobe_module.tc | 3 +- .../ftrace/test.d/kprobe/kprobe_multiprobe.tc | 5 +-- .../ftrace/test.d/kprobe/kprobe_syntax_errors.tc | 5 +-- .../ftrace/test.d/kprobe/kretprobe_args.tc | 3 +- .../ftrace/test.d/kprobe/kretprobe_maxactive.tc | 4 +-- .../ftrace/test.d/kprobe/multiple_kprobes.tc | 3 +- .../selftests/ftrace/test.d/kprobe/probepoint.tc | 3 +- .../selftests/ftrace/test.d/kprobe/profile.tc | 3 +- .../ftrace/test.d/kprobe/uprobe_syntax_errors.tc | 5 +-- .../ftrace/test.d/preemptirq/irqsoff_tracer.tc | 4 +-- tools/testing/selftests/ftrace/test.d/template | 4 +++ .../selftests/ftrace/test.d/tracer/wakeup.tc | 6 +--- .../selftests/ftrace/test.d/tracer/wakeup_rt.tc | 6 +--- .../inter-event/trigger-action-hist-xfail.tc | 13 +------- .../inter-event/trigger-field-variable-support.tc | 16 +--------- .../trigger-inter-event-combined-hist.tc | 16 +--------- .../inter-event/trigger-multi-actions-accept.tc | 16 +--------- .../inter-event/trigger-onchange-action-hist.tc | 8 +---- .../inter-event/trigger-onmatch-action-hist.tc | 16 +--------- .../trigger-onmatch-onmax-action-hist.tc | 16 +--------- .../inter-event/trigger-onmax-action-hist.tc | 16 +--------- .../inter-event/trigger-snapshot-action-hist.tc | 20 +------------ .../trigger-synthetic-event-createremove.tc | 11 +------ .../inter-event/trigger-synthetic-event-syntax.tc | 11 +------ .../inter-event/trigger-trace-action-hist.tc | 18 +----------- .../ftrace/test.d/trigger/trigger-eventonoff.tc | 11 +------ .../ftrace/test.d/trigger/trigger-filter.tc | 11 +------ .../ftrace/test.d/trigger/trigger-hist-mod.tc | 16 +--------- .../test.d/trigger/trigger-hist-syntax-errors.tc | 18 +----------- .../ftrace/test.d/trigger/trigger-hist.tc | 16 +--------- .../ftrace/test.d/trigger/trigger-multihist.tc | 16 +--------- .../ftrace/test.d/trigger/trigger-snapshot.tc | 16 +--------- .../ftrace/test.d/trigger/trigger-stacktrace.tc | 11 +------ .../test.d/trigger/trigger-trace-marker-hist.tc | 21 +------------- .../trigger/trigger-trace-marker-snapshot.tc | 21 +------------- .../trigger-trace-marker-synthetic-kernel.tc | 31 +------------------- .../trigger/trigger-trace-marker-synthetic.tc | 26 +---------------- .../ftrace/test.d/trigger/trigger-traceonoff.tc | 11 +------ 80 files changed, 120 insertions(+), 633 deletions(-) -- Masami Hiramatsu (Linaro) <mhiramat(a)kernel.org>

5 years, 5 months

2
10
0 0

[PATCH] selftests/seccomp: use 90s as timeout

by Thadeu Lima de Souza Cascardo

As seccomp_benchmark tries to calibrate how many samples will take more than 5 seconds to execute, it may end up picking up a number of samples that take 10 (but up to 12) seconds. As the calibration will take double that time, it takes around 20 seconds. Then, it executes the whole thing again, and then once more, with some added overhead. So, the thing might take more than 40 seconds, which is too close to the 45s timeout. That is very dependent on the system where it's executed, so may not be observed always, but it has been observed on x86 VMs. Using a 90s timeout seems safe enough. Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> --- tools/testing/selftests/seccomp/settings | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/seccomp/settings b/tools/testing/selftests/seccomp/settings index d61f00d8cad3..ba4d85f74cd6 100644 --- a/tools/testing/selftests/seccomp/settings +++ b/tools/testing/selftests/seccomp/settings @@ -1 +1 @@ -90 +timeout=90 -- 2.25.1

5 years, 5 months

2
1
0 0

[PATCH] selftests/seccomp: Expand benchmark to per-filter measurements

by Kees Cook

It's useful to see how much (at a minimum) each filter adds to the syscall overhead. Add additional calculations. Signed-off-by: Kees Cook <keescook(a)chromium.org> --- As part of the performance discussions, this is what I'm adding to the seccomp selftest in for-next/seccomp to get more details. https://lore.kernel.org/linux-security-module/202006011116.3F7109A@keescook… This does not include the BPF-bypass mode, which I don't see a way to do without creating major problems with seccomp. ;) --- .../selftests/seccomp/seccomp_benchmark.c | 36 +++++++++++++++---- tools/testing/selftests/seccomp/seccomp_bpf.c | 2 -- 2 files changed, 29 insertions(+), 9 deletions(-) diff --git a/tools/testing/selftests/seccomp/seccomp_benchmark.c b/tools/testing/selftests/seccomp/seccomp_benchmark.c index 5838c8697ec3..eca13fe1fba9 100644 --- a/tools/testing/selftests/seccomp/seccomp_benchmark.c +++ b/tools/testing/selftests/seccomp/seccomp_benchmark.c @@ -68,32 +68,54 @@ int main(int argc, char *argv[]) }; long ret; unsigned long long samples; - unsigned long long native, filtered; + unsigned long long native, filter1, filter2; if (argc > 1) samples = strtoull(argv[1], NULL, 0); else samples = calibrate(); + printf("Current BPF sysctl settings:\n"); + system("sysctl net.core.bpf_jit_enable"); + system("sysctl net.core.bpf_jit_harden"); printf("Benchmarking %llu samples...\n", samples); + /* Native call */ native = timing(CLOCK_PROCESS_CPUTIME_ID, samples) / samples; printf("getpid native: %llu ns\n", native); ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); assert(ret == 0); + /* One filter */ ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog); assert(ret == 0); - filtered = timing(CLOCK_PROCESS_CPUTIME_ID, samples) / samples; - printf("getpid RET_ALLOW: %llu ns\n", filtered); + filter1 = timing(CLOCK_PROCESS_CPUTIME_ID, samples) / samples; + printf("getpid RET_ALLOW 1 filter: %llu ns\n", filter1); - printf("Estimated seccomp overhead per syscall: %llu ns\n", - filtered - native); + if (filter1 == native) + printf("No overhead measured!? Try running again with more samples.\n"); - if (filtered == native) - printf("Trying running again with more samples.\n"); + /* Two filters */ + ret = prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog); + assert(ret == 0); + + filter2 = timing(CLOCK_PROCESS_CPUTIME_ID, samples) / samples; + printf("getpid RET_ALLOW 2 filters: %llu ns\n", filter2); + + /* Calculations */ + printf("Estimated total seccomp overhead for 1 filter: %llu ns\n", + filter1 - native); + + printf("Estimated total seccomp overhead for 2 filters: %llu ns\n", + filter2 - native); + + printf("Estimated seccomp per-filter overhead: %llu ns\n", + filter2 - filter1); + + printf("Estimated seccomp entry overhead: %llu ns\n", + filter1 - native - (filter2 - filter1)); return 0; } diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 4dae278cf77e..402ccb3a4e52 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -3824,7 +3824,6 @@ TEST(user_notification_filter_empty_threaded) /* * TODO: - * - add microbenchmarks * - expand NNP testing * - better arch-specific TRACE and TRAP handlers. * - endianness checking when appropriate @@ -3832,7 +3831,6 @@ TEST(user_notification_filter_empty_threaded) * - arch value testing (x86 modes especially) * - verify that FILTER_FLAG_LOG filters generate log messages * - verify that RET_LOG generates log messages - * - ... */ TEST_HARNESS_MAIN -- 2.25.1 -- Kees Cook

5 years, 5 months

1
0
0 0

[PATCH 5.6 056/177] kselftests: dmabuf-heaps: Fix confused return value on expected error testing

by Greg Kroah-Hartman

From: John Stultz <john.stultz(a)linaro.org> [ Upstream commit 4bb9d46d47b105a774f9dca642f5271375bca4b2 ] When I added the expected error testing, I forgot I need to set the return to zero when we successfully see an error. Without this change we only end up testing a single heap before the test quits. Cc: Shuah Khan <shuah(a)kernel.org> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Benjamin Gaignard <benjamin.gaignard(a)linaro.org> Cc: Brian Starkey <brian.starkey(a)arm.com> Cc: Laura Abbott <labbott(a)redhat.com> Cc: "Andrew F. Davis" <afd(a)ti.com> Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: John Stultz <john.stultz(a)linaro.org> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c b/tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c index cd5e1f602ac9..909da9cdda97 100644 --- a/tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c +++ b/tools/testing/selftests/dmabuf-heaps/dmabuf-heap.c @@ -351,6 +351,7 @@ static int test_alloc_errors(char *heap_name) } printf("Expected error checking passed\n"); + ret = 0; out: if (dmabuf_fd >= 0) close(dmabuf_fd); -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH v2] selftests/seccomp: use 90s as timeout

by Thadeu Lima de Souza Cascardo

As seccomp_benchmark tries to calibrate how many samples will take more than 5 seconds to execute, it may end up picking up a number of samples that take 10 (but up to 12) seconds. As the calibration will take double that time, it takes around 20 seconds. Then, it executes the whole thing again, and then once more, with some added overhead. So, the thing might take more than 40 seconds, which is too close to the 45s timeout. That is very dependent on the system where it's executed, so may not be observed always, but it has been observed on x86 VMs. Using a 90s timeout seems safe enough. Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)canonical.com> --- tools/testing/selftests/seccomp/settings | 1 + 1 file changed, 1 insertion(+) create mode 100644 tools/testing/selftests/seccomp/settings diff --git a/tools/testing/selftests/seccomp/settings b/tools/testing/selftests/seccomp/settings new file mode 100644 index 000000000000..ba4d85f74cd6 --- /dev/null +++ b/tools/testing/selftests/seccomp/settings @@ -0,0 +1 @@ +timeout=90 -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH v31 19/21] selftests/x86: Add a selftest for SGX

by Jarkko Sakkinen

Add a selftest for SGX. It is a trivial test where a simple enclave copies one 64-bit word of memory between two memory locations. Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen(a)linux.intel.com> --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/sgx/.gitignore | 2 + tools/testing/selftests/sgx/Makefile | 53 +++ tools/testing/selftests/sgx/call.S | 54 +++ tools/testing/selftests/sgx/defines.h | 21 + tools/testing/selftests/sgx/load.c | 282 +++++++++++++ tools/testing/selftests/sgx/main.c | 199 +++++++++ tools/testing/selftests/sgx/main.h | 38 ++ tools/testing/selftests/sgx/sigstruct.c | 395 ++++++++++++++++++ tools/testing/selftests/sgx/test_encl.c | 20 + tools/testing/selftests/sgx/test_encl.lds | 40 ++ .../selftests/sgx/test_encl_bootstrap.S | 89 ++++ 12 files changed, 1194 insertions(+) create mode 100644 tools/testing/selftests/sgx/.gitignore create mode 100644 tools/testing/selftests/sgx/Makefile create mode 100644 tools/testing/selftests/sgx/call.S create mode 100644 tools/testing/selftests/sgx/defines.h create mode 100644 tools/testing/selftests/sgx/load.c create mode 100644 tools/testing/selftests/sgx/main.c create mode 100644 tools/testing/selftests/sgx/main.h create mode 100644 tools/testing/selftests/sgx/sigstruct.c create mode 100644 tools/testing/selftests/sgx/test_encl.c create mode 100644 tools/testing/selftests/sgx/test_encl.lds create mode 100644 tools/testing/selftests/sgx/test_encl_bootstrap.S diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 2ff68702fd41..008497495ae4 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -64,6 +64,7 @@ TARGETS += user TARGETS += vm TARGETS += x86 TARGETS += zram +TARGETS += sgx #Please keep the TARGETS list alphabetically sorted # Run "make quicktest=1 run_tests" or # "make quicktest=1 kselftest" from top level Makefile diff --git a/tools/testing/selftests/sgx/.gitignore b/tools/testing/selftests/sgx/.gitignore new file mode 100644 index 000000000000..fbaf0bda9a92 --- /dev/null +++ b/tools/testing/selftests/sgx/.gitignore @@ -0,0 +1,2 @@ +test_sgx +test_encl.elf diff --git a/tools/testing/selftests/sgx/Makefile b/tools/testing/selftests/sgx/Makefile new file mode 100644 index 000000000000..95e5c4df8014 --- /dev/null +++ b/tools/testing/selftests/sgx/Makefile @@ -0,0 +1,53 @@ +top_srcdir = ../../../.. + +include ../lib.mk + +.PHONY: all clean + +CAN_BUILD_X86_64 := $(shell ../x86/check_cc.sh $(CC) \ + ../x86/trivial_64bit_program.c) + +ifndef OBJCOPY +OBJCOPY := $(CROSS_COMPILE)objcopy +endif + +INCLUDES := -I$(top_srcdir)/tools/include +HOST_CFLAGS := -Wall -Werror -g $(INCLUDES) -fPIC -z noexecstack +ENCL_CFLAGS := -Wall -Werror -static -nostdlib -nostartfiles -fPIC \ + -fno-stack-protector -mrdrnd $(INCLUDES) + +TEST_CUSTOM_PROGS := $(OUTPUT)/test_sgx $(OUTPUT)/test_encl.elf + +ifeq ($(CAN_BUILD_X86_64), 1) +all: $(TEST_CUSTOM_PROGS) +endif + +$(OUTPUT)/test_sgx: $(OUTPUT)/main.o \ + $(OUTPUT)/load.o \ + $(OUTPUT)/sigstruct.o \ + $(OUTPUT)/call.o + $(CC) $(HOST_CFLAGS) -o $@ $^ -lcrypto + +$(OUTPUT)/main.o: main.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/load.o: load.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/sigstruct.o: sigstruct.c + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/call.o: call.S + $(CC) $(HOST_CFLAGS) -c $< -o $@ + +$(OUTPUT)/test_encl.elf: test_encl.lds test_encl.c test_encl_bootstrap.S + $(CC) $(ENCL_CFLAGS) -T $^ -o $@ + +EXTRA_CLEAN := \ + $(OUTPUT)/test_encl.elf \ + $(OUTPUT)/load.o \ + $(OUTPUT)/call.o \ + $(OUTPUT)/main.o \ + $(OUTPUT)/sigstruct.o \ + $(OUTPUT)/test_sgx \ + $(OUTPUT)/test_sgx.o \ diff --git a/tools/testing/selftests/sgx/call.S b/tools/testing/selftests/sgx/call.S new file mode 100644 index 000000000000..77131e83db42 --- /dev/null +++ b/tools/testing/selftests/sgx/call.S @@ -0,0 +1,54 @@ +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */ +/** +* Copyright(c) 2016-18 Intel Corporation. +*/ + + .text + + .macro ENCLU + .byte 0x0f, 0x01, 0xd7 + .endm + + .text + + .global sgx_call_vdso +sgx_call_vdso: + .cfi_startproc + push %r15 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r15, 0 + push %r14 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r14, 0 + push %r13 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r13, 0 + push %r12 + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %r12, 0 + push %rbx + .cfi_adjust_cfa_offset 8 + .cfi_rel_offset %rbx, 0 + push $0 + .cfi_adjust_cfa_offset 8 + push 0x48(%rsp) + .cfi_adjust_cfa_offset 8 + push 0x48(%rsp) + .cfi_adjust_cfa_offset 8 + push 0x48(%rsp) + .cfi_adjust_cfa_offset 8 + call *eenter(%rip) + add $0x20, %rsp + .cfi_adjust_cfa_offset -0x20 + pop %rbx + .cfi_adjust_cfa_offset -8 + pop %r12 + .cfi_adjust_cfa_offset -8 + pop %r13 + .cfi_adjust_cfa_offset -8 + pop %r14 + .cfi_adjust_cfa_offset -8 + pop %r15 + .cfi_adjust_cfa_offset -8 + ret + .cfi_endproc diff --git a/tools/testing/selftests/sgx/defines.h b/tools/testing/selftests/sgx/defines.h new file mode 100644 index 000000000000..be8969922804 --- /dev/null +++ b/tools/testing/selftests/sgx/defines.h @@ -0,0 +1,21 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright(c) 2016-19 Intel Corporation. + */ + +#ifndef DEFINES_H +#define DEFINES_H + +#include <stdint.h> + +#define PAGE_SIZE 4096 +#define PAGE_MASK (~(PAGE_SIZE - 1)) + +#define __aligned(x) __attribute__((__aligned__(x))) +#define __packed __attribute__((packed)) + +#include "../../../../arch/x86/kernel/cpu/sgx/arch.h" +#include "../../../../arch/x86/include/asm/enclu.h" +#include "../../../../arch/x86/include/uapi/asm/sgx.h" + +#endif /* DEFINES_H */ diff --git a/tools/testing/selftests/sgx/load.c b/tools/testing/selftests/sgx/load.c new file mode 100644 index 000000000000..91407036541c --- /dev/null +++ b/tools/testing/selftests/sgx/load.c @@ -0,0 +1,282 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <assert.h> +#include <elf.h> +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/ioctl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/types.h> +#include "defines.h" +#include "main.h" + +void encl_delete(struct encl *encl) +{ + if (encl->encl_base) + munmap((void *)encl->encl_base, encl->encl_size); + + if (encl->bin) + munmap(encl->bin, encl->bin_size); + + if (encl->fd) + close(encl->fd); + + if (encl->segment_tbl) + free(encl->segment_tbl); + + memset(encl, 0, sizeof(*encl)); +} + +static bool encl_map_bin(const char *path, struct encl *encl) +{ + struct stat sb; + void *bin; + int ret; + int fd; + + fd = open(path, O_RDONLY); + if (fd == -1) { + perror("open()"); + return false; + } + + ret = stat(path, &sb); + if (ret) { + perror("stat()"); + goto err; + } + + bin = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); + if (bin == MAP_FAILED) { + perror("mmap()"); + goto err; + } + + encl->bin = bin; + encl->bin_size = sb.st_size; + + close(fd); + return true; + +err: + close(fd); + return false; +} + +static bool encl_ioc_create(struct encl *encl) +{ + struct sgx_secs *secs = &encl->secs; + struct sgx_enclave_create ioc; + int rc; + + assert(encl->encl_base != 0); + + memset(secs, 0, sizeof(*secs)); + secs->ssa_frame_size = 1; + secs->attributes = SGX_ATTR_MODE64BIT; + secs->xfrm = 3; + secs->base = encl->encl_base; + secs->size = encl->encl_size; + + ioc.src = (unsigned long)secs; + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_CREATE, &ioc); + if (rc) { + fprintf(stderr, "SGX_IOC_ENCLAVE_CREATE failed: errno=%d\n", + errno); + munmap((void *)secs->base, encl->encl_size); + return false; + } + + return true; +} + +static bool encl_ioc_add_pages(struct encl *encl, struct encl_segment *seg) +{ + struct sgx_enclave_add_pages ioc; + struct sgx_secinfo secinfo; + int rc; + + memset(&secinfo, 0, sizeof(secinfo)); + secinfo.flags = seg->flags; + + ioc.src = (uint64_t)encl->src + seg->offset; + ioc.offset = seg->offset; + ioc.length = seg->size; + ioc.secinfo = (unsigned long)&secinfo; + ioc.flags = SGX_PAGE_MEASURE; + + rc = ioctl(encl->fd, SGX_IOC_ENCLAVE_ADD_PAGES, &ioc); + if (rc) { + fprintf(stderr, "SGX_IOC_ENCLAVE_ADD_PAGES failed: errno=%d.\n", + errno); + return false; + } + + if (ioc.count != ioc.length) { + fprintf(stderr, "A segment not fully processed.\n"); + return false; + } + + return true; +} + +bool encl_load(const char *path, struct encl *encl) +{ + Elf64_Phdr *phdr_tbl; + off_t src_offset; + Elf64_Ehdr *ehdr; + int i, j; + int ret; + + memset(encl, 0, sizeof(*encl)); + + ret = open("/dev/sgx/enclave", O_RDWR); + if (ret < 0) { + fprintf(stderr, "Unable to open /dev/sgx\n"); + goto err; + } + + encl->fd = ret; + + if (!encl_map_bin(path, encl)) + goto err; + + ehdr = encl->bin; + phdr_tbl = encl->bin + ehdr->e_phoff; + + for (i = 0; i < ehdr->e_phnum; i++) { + Elf64_Phdr *phdr = &phdr_tbl[i]; + + if (phdr->p_type == PT_LOAD) + encl->nr_segments++; + } + + encl->segment_tbl = calloc(encl->nr_segments, + sizeof(struct encl_segment)); + if (!encl->segment_tbl) + goto err; + + for (i = 0, j = 0; i < ehdr->e_phnum; i++) { + Elf64_Phdr *phdr = &phdr_tbl[i]; + unsigned int flags = phdr->p_flags; + struct encl_segment *seg; + + if (phdr->p_type != PT_LOAD) + continue; + + seg = &encl->segment_tbl[j]; + + if (!!(flags & ~(PF_R | PF_W | PF_X))) { + fprintf(stderr, + "%d has invalid segment flags 0x%02x.\n", i, + phdr->p_flags); + goto err; + } + + if (j == 0 && flags != (PF_R | PF_W)) { + fprintf(stderr, + "TCS has invalid segment flags 0x%02x.\n", + phdr->p_flags); + goto err; + } + + if (j == 0) { + src_offset = (phdr->p_offset & PAGE_MASK) - src_offset; + + seg->prot = PROT_READ | PROT_WRITE; + seg->flags = SGX_PAGE_TYPE_TCS << 8; + } else { + seg->prot = (phdr->p_flags & PF_R) ? PROT_READ : 0; + seg->prot |= (phdr->p_flags & PF_W) ? PROT_WRITE : 0; + seg->prot |= (phdr->p_flags & PF_X) ? PROT_EXEC : 0; + seg->flags = (SGX_PAGE_TYPE_REG << 8) | seg->prot; + } + + seg->offset = (phdr->p_offset & PAGE_MASK) - src_offset; + seg->size = (phdr->p_filesz + PAGE_SIZE - 1) & PAGE_MASK; + + printf("0x%016lx 0x%016lx 0x%02x\n", seg->offset, seg->size, + seg->prot); + + j++; + } + + assert(j == encl->nr_segments); + + encl->src = encl->bin + src_offset; + encl->src_size = encl->segment_tbl[j - 1].offset + + encl->segment_tbl[j - 1].size; + + for (encl->encl_size = 4096; encl->encl_size < encl->src_size; ) + encl->encl_size <<= 1; + + return true; + +err: + encl_delete(encl); + return false; +} + +static bool encl_map_area(struct encl *encl) +{ + size_t encl_size = encl->encl_size; + void *area; + + area = mmap(NULL, encl_size * 2, PROT_NONE, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + if (area == MAP_FAILED) { + perror("mmap"); + return false; + } + + encl->encl_base = ((uint64_t)area + encl_size - 1) & ~(encl_size - 1); + + munmap(area, encl->encl_base - (uint64_t)area); + munmap((void *)(encl->encl_base + encl_size), + (uint64_t)area + encl_size - encl->encl_base); + + return true; +} + +bool encl_build(struct encl *encl) +{ + struct sgx_enclave_init ioc; + int ret; + int i; + + if (!encl_map_area(encl)) + return false; + + if (!encl_ioc_create(encl)) + return false; + + /* + * Pages must be added before mapping VMAs because their permissions + * cap the VMA permissions. + */ + for (i = 0; i < encl->nr_segments; i++) { + struct encl_segment *seg = &encl->segment_tbl[i]; + + if (!encl_ioc_add_pages(encl, seg)) + return false; + } + + ioc.sigstruct = (uint64_t)&encl->sigstruct; + ret = ioctl(encl->fd, SGX_IOC_ENCLAVE_INIT, &ioc); + if (ret) { + fprintf(stderr, "SGX_IOC_ENCLAVE_INIT failed: errno=%d\n", + errno); + return false; + } + + return true; +} diff --git a/tools/testing/selftests/sgx/main.c b/tools/testing/selftests/sgx/main.c new file mode 100644 index 000000000000..5394b2f6af8e --- /dev/null +++ b/tools/testing/selftests/sgx/main.c @@ -0,0 +1,199 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <elf.h> +#include <errno.h> +#include <fcntl.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/ioctl.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <sys/types.h> +#include "defines.h" +#include "main.h" + +static const uint64_t MAGIC = 0x1122334455667788ULL; +vdso_sgx_enter_enclave_t eenter; + +struct vdso_symtab { + Elf64_Sym *elf_symtab; + const char *elf_symstrtab; + Elf64_Word *elf_hashtab; +}; + +static void *vdso_get_base_addr(char *envp[]) +{ + Elf64_auxv_t *auxv; + int i; + + for (i = 0; envp[i]; i++) + ; + + auxv = (Elf64_auxv_t *)&envp[i + 1]; + + for (i = 0; auxv[i].a_type != AT_NULL; i++) { + if (auxv[i].a_type == AT_SYSINFO_EHDR) + return (void *)auxv[i].a_un.a_val; + } + + return NULL; +} + +static Elf64_Dyn *vdso_get_dyntab(void *addr) +{ + Elf64_Ehdr *ehdr = addr; + Elf64_Phdr *phdrtab = addr + ehdr->e_phoff; + int i; + + for (i = 0; i < ehdr->e_phnum; i++) + if (phdrtab[i].p_type == PT_DYNAMIC) + return addr + phdrtab[i].p_offset; + + return NULL; +} + +static void *vdso_get_dyn(void *addr, Elf64_Dyn *dyntab, Elf64_Sxword tag) +{ + int i; + + for (i = 0; dyntab[i].d_tag != DT_NULL; i++) + if (dyntab[i].d_tag == tag) + return addr + dyntab[i].d_un.d_ptr; + + return NULL; +} + +static bool vdso_get_symtab(void *addr, struct vdso_symtab *symtab) +{ + Elf64_Dyn *dyntab = vdso_get_dyntab(addr); + + symtab->elf_symtab = vdso_get_dyn(addr, dyntab, DT_SYMTAB); + if (!symtab->elf_symtab) + return false; + + symtab->elf_symstrtab = vdso_get_dyn(addr, dyntab, DT_STRTAB); + if (!symtab->elf_symstrtab) + return false; + + symtab->elf_hashtab = vdso_get_dyn(addr, dyntab, DT_HASH); + if (!symtab->elf_hashtab) + return false; + + return true; +} + +static unsigned long elf_sym_hash(const char *name) +{ + unsigned long h = 0, high; + + while (*name) { + h = (h << 4) + *name++; + high = h & 0xf0000000; + + if (high) + h ^= high >> 24; + + h &= ~high; + } + + return h; +} + +static Elf64_Sym *vdso_symtab_get(struct vdso_symtab *symtab, const char *name) +{ + Elf64_Word bucketnum = symtab->elf_hashtab[0]; + Elf64_Word *buckettab = &symtab->elf_hashtab[2]; + Elf64_Word *chaintab = &symtab->elf_hashtab[2 + bucketnum]; + Elf64_Sym *sym; + Elf64_Word i; + + for (i = buckettab[elf_sym_hash(name) % bucketnum]; i != STN_UNDEF; + i = chaintab[i]) { + sym = &symtab->elf_symtab[i]; + if (!strcmp(name, &symtab->elf_symstrtab[sym->st_name])) + return sym; + } + + return NULL; +} + +int main(int argc, char *argv[], char *envp[]) +{ + struct sgx_enclave_exception exception; + struct vdso_symtab symtab; + Elf64_Sym *eenter_sym; + uint64_t result = 0; + struct encl encl; + unsigned int i; + void *addr; + + if (!encl_load("test_encl.elf", &encl)) + goto err; + + if (!encl_measure(&encl)) + goto err; + + if (!encl_build(&encl)) + goto err; + + /* + * An enclave consumer only must do this. + */ + for (i = 0; i < encl.nr_segments; i++) { + struct encl_segment *seg = &encl.segment_tbl[i]; + + addr = mmap((void *)encl.encl_base + seg->offset, seg->size, + seg->prot, MAP_SHARED | MAP_FIXED, encl.fd, 0); + if (addr == MAP_FAILED) { + fprintf(stderr, "mmap() failed, errno=%d.\n", errno); + return false; + } + } + + memset(&exception, 0, sizeof(exception)); + + addr = vdso_get_base_addr(envp); + if (!addr) + goto err; + + if (!vdso_get_symtab(addr, &symtab)) + goto err; + + eenter_sym = vdso_symtab_get(&symtab, "__vdso_sgx_enter_enclave"); + if (!eenter_sym) + goto err; + + eenter = addr + eenter_sym->st_value; + + sgx_call_vdso((void *)&MAGIC, &result, 0, EENTER, NULL, NULL, + (void *)encl.encl_base, &exception, NULL); + if (result != MAGIC) { + printf("FAIL: sgx_call_vdso(), expected: 0x%lx, got: 0x%lx\n", + MAGIC, result); + goto err; + } + + /* Invoke the vDSO directly. */ + result = 0; + eenter((unsigned long)&MAGIC, (unsigned long)&result, 0, EENTER, 0, 0, + (void *)encl.encl_base, &exception, NULL); + if (result != MAGIC) { + printf("FAIL: eenter(), expected: 0x%lx, got: 0x%lx\n", + MAGIC, result); + goto err; + } + + printf("SUCCESS\n"); + encl_delete(&encl); + exit(0); + +err: + encl_delete(&encl); + exit(1); +} diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h new file mode 100644 index 000000000000..999422cc7343 --- /dev/null +++ b/tools/testing/selftests/sgx/main.h @@ -0,0 +1,38 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Copyright(c) 2016-19 Intel Corporation. + */ + +#ifndef MAIN_H +#define MAIN_H + +struct encl_segment { + off_t offset; + size_t size; + unsigned int prot; + unsigned int flags; +}; + +struct encl { + int fd; + void *bin; + off_t bin_size; + void *src; + size_t src_size; + size_t encl_size; + off_t encl_base; + unsigned int nr_segments; + struct encl_segment *segment_tbl; + struct sgx_secs secs; + struct sgx_sigstruct sigstruct; +}; + +void encl_delete(struct encl *ctx); +bool encl_load(const char *path, struct encl *encl); +bool encl_measure(struct encl *encl); +bool encl_build(struct encl *encl); + +int sgx_call_vdso(void *rdi, void *rsi, long rdx, u32 leaf, void *r8, void *r9, + void *tcs, struct sgx_enclave_exception *ei, void *cb); + +#endif /* MAIN_H */ diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c new file mode 100644 index 000000000000..ceddad478672 --- /dev/null +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -0,0 +1,395 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#define _GNU_SOURCE +#include <assert.h> +#include <getopt.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <unistd.h> +#include <openssl/err.h> +#include <openssl/pem.h> +#include "defines.h" +#include "main.h" + +struct q1q2_ctx { + BN_CTX *bn_ctx; + BIGNUM *m; + BIGNUM *s; + BIGNUM *q1; + BIGNUM *qr; + BIGNUM *q2; +}; + +static void free_q1q2_ctx(struct q1q2_ctx *ctx) +{ + BN_CTX_free(ctx->bn_ctx); + BN_free(ctx->m); + BN_free(ctx->s); + BN_free(ctx->q1); + BN_free(ctx->qr); + BN_free(ctx->q2); +} + +static bool alloc_q1q2_ctx(const uint8_t *s, const uint8_t *m, + struct q1q2_ctx *ctx) +{ + ctx->bn_ctx = BN_CTX_new(); + ctx->s = BN_bin2bn(s, SGX_MODULUS_SIZE, NULL); + ctx->m = BN_bin2bn(m, SGX_MODULUS_SIZE, NULL); + ctx->q1 = BN_new(); + ctx->qr = BN_new(); + ctx->q2 = BN_new(); + + if (!ctx->bn_ctx || !ctx->s || !ctx->m || !ctx->q1 || !ctx->qr || + !ctx->q2) { + free_q1q2_ctx(ctx); + return false; + } + + return true; +} + +static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1, + uint8_t *q2) +{ + struct q1q2_ctx ctx; + + if (!alloc_q1q2_ctx(s, m, &ctx)) { + fprintf(stderr, "Not enough memory for Q1Q2 calculation\n"); + return false; + } + + if (!BN_mul(ctx.q1, ctx.s, ctx.s, ctx.bn_ctx)) + goto out; + + if (!BN_div(ctx.q1, ctx.qr, ctx.q1, ctx.m, ctx.bn_ctx)) + goto out; + + if (BN_num_bytes(ctx.q1) > SGX_MODULUS_SIZE) { + fprintf(stderr, "Too large Q1 %d bytes\n", + BN_num_bytes(ctx.q1)); + goto out; + } + + if (!BN_mul(ctx.q2, ctx.s, ctx.qr, ctx.bn_ctx)) + goto out; + + if (!BN_div(ctx.q2, NULL, ctx.q2, ctx.m, ctx.bn_ctx)) + goto out; + + if (BN_num_bytes(ctx.q2) > SGX_MODULUS_SIZE) { + fprintf(stderr, "Too large Q2 %d bytes\n", + BN_num_bytes(ctx.q2)); + goto out; + } + + BN_bn2bin(ctx.q1, q1); + BN_bn2bin(ctx.q2, q2); + + free_q1q2_ctx(&ctx); + return true; +out: + free_q1q2_ctx(&ctx); + return false; +} + +struct sgx_sigstruct_payload { + struct sgx_sigstruct_header header; + struct sgx_sigstruct_body body; +}; + +static bool check_crypto_errors(void) +{ + int err; + bool had_errors = false; + const char *filename; + int line; + char str[256]; + + for ( ; ; ) { + if (ERR_peek_error() == 0) + break; + + had_errors = true; + err = ERR_get_error_line(&filename, &line); + ERR_error_string_n(err, str, sizeof(str)); + fprintf(stderr, "crypto: %s: %s:%d\n", str, filename, line); + } + + return had_errors; +} + +static inline const BIGNUM *get_modulus(RSA *key) +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return key->n; +#else + const BIGNUM *n; + + RSA_get0_key(key, &n, NULL, NULL); + return n; +#endif +} + +static RSA *gen_sign_key(void) +{ + BIGNUM *e; + RSA *key; + int ret; + + e = BN_new(); + key = RSA_new(); + + if (!e || !key) + goto err; + + ret = BN_set_word(e, RSA_3); + if (ret != 1) + goto err; + + ret = RSA_generate_key_ex(key, 3072, e, NULL); + if (ret != 1) + goto err; + + BN_free(e); + + return key; + +err: + RSA_free(key); + BN_free(e); + + return NULL; +} + +static void reverse_bytes(void *data, int length) +{ + int i = 0; + int j = length - 1; + uint8_t temp; + uint8_t *ptr = data; + + while (i < j) { + temp = ptr[i]; + ptr[i] = ptr[j]; + ptr[j] = temp; + i++; + j--; + } +} + +enum mrtags { + MRECREATE = 0x0045544145524345, + MREADD = 0x0000000044444145, + MREEXTEND = 0x00444E4554584545, +}; + +static bool mrenclave_update(EVP_MD_CTX *ctx, const void *data) +{ + if (!EVP_DigestUpdate(ctx, data, 64)) { + fprintf(stderr, "digest update failed\n"); + return false; + } + + return true; +} + +static bool mrenclave_commit(EVP_MD_CTX *ctx, uint8_t *mrenclave) +{ + unsigned int size; + + if (!EVP_DigestFinal_ex(ctx, (unsigned char *)mrenclave, &size)) { + fprintf(stderr, "digest commit failed\n"); + return false; + } + + if (size != 32) { + fprintf(stderr, "invalid digest size = %u\n", size); + return false; + } + + return true; +} + +struct mrecreate { + uint64_t tag; + uint32_t ssaframesize; + uint64_t size; + uint8_t reserved[44]; +} __attribute__((__packed__)); + + +static bool mrenclave_ecreate(EVP_MD_CTX *ctx, uint64_t blob_size) +{ + struct mrecreate mrecreate; + uint64_t encl_size; + + for (encl_size = 0x1000; encl_size < blob_size; ) + encl_size <<= 1; + + memset(&mrecreate, 0, sizeof(mrecreate)); + mrecreate.tag = MRECREATE; + mrecreate.ssaframesize = 1; + mrecreate.size = encl_size; + + if (!EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)) + return false; + + return mrenclave_update(ctx, &mrecreate); +} + +struct mreadd { + uint64_t tag; + uint64_t offset; + uint64_t flags; /* SECINFO flags */ + uint8_t reserved[40]; +} __attribute__((__packed__)); + +static bool mrenclave_eadd(EVP_MD_CTX *ctx, uint64_t offset, uint64_t flags) +{ + struct mreadd mreadd; + + memset(&mreadd, 0, sizeof(mreadd)); + mreadd.tag = MREADD; + mreadd.offset = offset; + mreadd.flags = flags; + + return mrenclave_update(ctx, &mreadd); +} + +struct mreextend { + uint64_t tag; + uint64_t offset; + uint8_t reserved[48]; +} __attribute__((__packed__)); + +static bool mrenclave_eextend(EVP_MD_CTX *ctx, uint64_t offset, + const uint8_t *data) +{ + struct mreextend mreextend; + int i; + + for (i = 0; i < 0x1000; i += 0x100) { + memset(&mreextend, 0, sizeof(mreextend)); + mreextend.tag = MREEXTEND; + mreextend.offset = offset + i; + + if (!mrenclave_update(ctx, &mreextend)) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x00])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x40])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0x80])) + return false; + + if (!mrenclave_update(ctx, &data[i + 0xC0])) + return false; + } + + return true; +} + +static bool mrenclave_segment(EVP_MD_CTX *ctx, struct encl *encl, + struct encl_segment *seg) +{ + uint64_t end = seg->offset + seg->size; + uint64_t offset; + + for (offset = seg->offset; offset < end; offset += PAGE_SIZE) { + if (!mrenclave_eadd(ctx, offset, seg->flags)) + return false; + + if (!mrenclave_eextend(ctx, offset, encl->src + offset)) + return false; + } + + return true; +} + +bool encl_measure(struct encl *encl) +{ + uint64_t header1[2] = {0x000000E100000006, 0x0000000000010000}; + uint64_t header2[2] = {0x0000006000000101, 0x0000000100000060}; + struct sgx_sigstruct *sigstruct = &encl->sigstruct; + struct sgx_sigstruct_payload payload; + uint8_t digest[SHA256_DIGEST_LENGTH]; + unsigned int siglen; + RSA *key = NULL; + EVP_MD_CTX *ctx; + int i; + + memset(sigstruct, 0, sizeof(*sigstruct)); + + sigstruct->header.header1[0] = header1[0]; + sigstruct->header.header1[1] = header1[1]; + sigstruct->header.header2[0] = header2[0]; + sigstruct->header.header2[1] = header2[1]; + sigstruct->exponent = 3; + sigstruct->body.attributes = SGX_ATTR_MODE64BIT; + sigstruct->body.xfrm = 3; + + /* sanity check */ + if (check_crypto_errors()) + goto err; + + key = gen_sign_key(); + if (!key) + goto err; + + BN_bn2bin(get_modulus(key), sigstruct->modulus); + + ctx = EVP_MD_CTX_create(); + if (!ctx) + goto err; + + if (!mrenclave_ecreate(ctx, encl->src_size)) + goto err; + + for (i = 0; i < encl->nr_segments; i++) { + struct encl_segment *seg = &encl->segment_tbl[i]; + + if (!mrenclave_segment(ctx, encl, seg)) + goto err; + } + + if (!mrenclave_commit(ctx, sigstruct->body.mrenclave)) + goto err; + + memcpy(&payload.header, &sigstruct->header, sizeof(sigstruct->header)); + memcpy(&payload.body, &sigstruct->body, sizeof(sigstruct->body)); + + SHA256((unsigned char *)&payload, sizeof(payload), digest); + + if (!RSA_sign(NID_sha256, digest, SHA256_DIGEST_LENGTH, + sigstruct->signature, &siglen, key)) + goto err; + + if (!calc_q1q2(sigstruct->signature, sigstruct->modulus, sigstruct->q1, + sigstruct->q2)) + goto err; + + /* BE -> LE */ + reverse_bytes(sigstruct->signature, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->modulus, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->q1, SGX_MODULUS_SIZE); + reverse_bytes(sigstruct->q2, SGX_MODULUS_SIZE); + + EVP_MD_CTX_destroy(ctx); + RSA_free(key); + return true; + +err: + EVP_MD_CTX_destroy(ctx); + RSA_free(key); + return false; +} diff --git a/tools/testing/selftests/sgx/test_encl.c b/tools/testing/selftests/sgx/test_encl.c new file mode 100644 index 000000000000..ede915399742 --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl.c @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) +// Copyright(c) 2016-18 Intel Corporation. + +#include <stddef.h> +#include "defines.h" + +static void *memcpy(void *dest, const void *src, size_t n) +{ + size_t i; + + for (i = 0; i < n; i++) + ((char *)dest)[i] = ((char *)src)[i]; + + return dest; +} + +void encl_body(void *rdi, void *rsi) +{ + memcpy(rsi, rdi, 8); +} diff --git a/tools/testing/selftests/sgx/test_encl.lds b/tools/testing/selftests/sgx/test_encl.lds new file mode 100644 index 000000000000..0fbbda7e665e --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl.lds @@ -0,0 +1,40 @@ +OUTPUT_FORMAT(elf64-x86-64) + +PHDRS +{ + tcs PT_LOAD; + text PT_LOAD; + data PT_LOAD; +} + +SECTIONS +{ + . = 0; + .tcs : { + *(.tcs*) + } : tcs + + . = ALIGN(4096); + .text : { + *(.text*) + *(.rodata*) + } : text + + . = ALIGN(4096); + .data : { + *(.data*) + } : data + + /DISCARD/ : { + *(.comment*) + *(.note*) + *(.debug*) + *(.eh_frame*) + } +} + +ASSERT(!DEFINED(.altinstructions), "ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.altinstr_replacement), "ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.discard.retpoline_safe), "RETPOLINE ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.discard.nospec), "RETPOLINE ALTERNATIVES are not supported in enclaves") +ASSERT(!DEFINED(.got.plt), "Libcalls are not supported in enclaves") diff --git a/tools/testing/selftests/sgx/test_encl_bootstrap.S b/tools/testing/selftests/sgx/test_encl_bootstrap.S new file mode 100644 index 000000000000..6836ea86126e --- /dev/null +++ b/tools/testing/selftests/sgx/test_encl_bootstrap.S @@ -0,0 +1,89 @@ +/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */ +/* + * Copyright(c) 2016-18 Intel Corporation. + */ + + .macro ENCLU + .byte 0x0f, 0x01, 0xd7 + .endm + + .section ".tcs", "aw" + .balign 4096 + + .fill 1, 8, 0 # STATE (set by CPU) + .fill 1, 8, 0 # FLAGS + .quad encl_ssa # OSSA + .fill 1, 4, 0 # CSSA (set by CPU) + .fill 1, 4, 1 # NSSA + .quad encl_entry # OENTRY + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME) + .fill 1, 8, 0 # OFSBASE + .fill 1, 8, 0 # OGSBASE + .fill 1, 4, 0xFFFFFFFF # FSLIMIT + .fill 1, 4, 0xFFFFFFFF # GSLIMIT + .fill 4024, 1, 0 # Reserved + + # Identical to the previous TCS. + .fill 1, 8, 0 # STATE (set by CPU) + .fill 1, 8, 0 # FLAGS + .quad encl_ssa # OSSA + .fill 1, 4, 0 # CSSA (set by CPU) + .fill 1, 4, 1 # NSSA + .quad encl_entry # OENTRY + .fill 1, 8, 0 # AEP (set by EENTER and ERESUME) + .fill 1, 8, 0 # OFSBASE + .fill 1, 8, 0 # OGSBASE + .fill 1, 4, 0xFFFFFFFF # FSLIMIT + .fill 1, 4, 0xFFFFFFFF # GSLIMIT + .fill 4024, 1, 0 # Reserved + + .text + +encl_entry: + # RBX contains the base address for TCS, which is also the first address + # inside the enclave. By adding the value of le_stack_end to it, we get + # the absolute address for the stack. + lea (encl_stack)(%rbx), %rax + xchg %rsp, %rax + push %rax + + push %rcx # push the address after EENTER + push %rbx # push the enclave base address + + call encl_body + + pop %rbx # pop the enclave base address + + /* Clear volatile GPRs, except RAX (EEXIT leaf). */ + xor %rcx, %rcx + xor %rdx, %rdx + xor %rdi, %rdi + xor %rsi, %rsi + xor %r8, %r8 + xor %r9, %r9 + xor %r10, %r10 + xor %r11, %r11 + + # Reset status flags. + add %rdx, %rdx # OF = SF = AF = CF = 0; ZF = PF = 1 + + # Prepare EEXIT target by popping the address of the instruction after + # EENTER to RBX. + pop %rbx + + # Restore the caller stack. + pop %rax + mov %rax, %rsp + + # EEXIT + mov $4, %rax + enclu + + .section ".data", "aw" + +encl_ssa: + .space 4096 + + .balign 4096 + .space 8192 +encl_stack: -- 2.25.1

5 years, 5 months

1
0
0 0

[PATCH 0/6] nouveau/hmm: add support for mapping large pages

by Ralph Campbell

hmm_range_fault() returns an array of page frame numbers and flags for how the pages are mapped in the requested process' page tables. The PFN can be used to get the struct page with hmm_pfn_to_page() and the page size order can be determined with compound_order(page) but if the page is larger than order 0 (PAGE_SIZE), there is no indication that the page is mapped using a larger page size. To be fully general, hmm_range_fault() would need to return the mapping size to handle cases like a 1GB compound page being mapped with 2MB PMD entries. However, the most common case is the mapping size the same as the underlying compound page size. This series adds a new output flag to indicate this so that callers know it is safe to use a large device page table mapping if one is available. Nouveau and the HMM tests are updated to use the new flag. Note that this series depends on a patch queued in Ben Skeggs' nouveau tree ("nouveau/hmm: map pages after migration") and the patches queued in Jason's HMM tree. There is also a patch outstanding ("nouveau/hmm: fix nouveau_dmem_chunk allocations") that is independent of the above and could be applied before or after. Ralph Campbell (6): nouveau/hmm: map pages after migration nouveau: make nvkm_vmm_ctor() and nvkm_mmu_ptp_get() static nouveau/hmm: fault one page at a time mm/hmm: add output flag for compound page mapping nouveau/hmm: support mapping large sysmem pages hmm: add tests for HMM_PFN_COMPOUND flag drivers/gpu/drm/nouveau/nouveau_dmem.c | 46 ++- drivers/gpu/drm/nouveau/nouveau_dmem.h | 2 + drivers/gpu/drm/nouveau/nouveau_svm.c | 288 +++++++++--------- drivers/gpu/drm/nouveau/nouveau_svm.h | 5 + .../gpu/drm/nouveau/nvkm/subdev/mmu/base.c | 6 +- .../gpu/drm/nouveau/nvkm/subdev/mmu/priv.h | 2 + drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 12 +- drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.h | 3 - .../drm/nouveau/nvkm/subdev/mmu/vmmgp100.c | 29 +- include/linux/hmm.h | 4 +- lib/test_hmm.c | 2 + lib/test_hmm_uapi.h | 2 + mm/hmm.c | 10 +- tools/testing/selftests/vm/hmm-tests.c | 76 +++++ 14 files changed, 311 insertions(+), 176 deletions(-) -- 2.20.1

5 years, 5 months

5
17
0 0

[fixup v2] kunit: use --build_dir=.kunit as default

by Vitor Massaru Iha

To make KUnit easier to use, and to avoid overwriting object and .config files, the default KUnit build directory is set to .kunit Fixed up minor merge conflicts - Shuah Khan <skhan(a)linuxfoundation.org> Fixed this identation error exchanging spaces for tabs between lines 248 and 252: tools/testing/kunit/kunit.py run --defconfig File "tools/testing/kunit/kunit.py", line 254 if not linux: ^ TabError: inconsistent use of tabs and spaces in indentation Signed-off-by: Vitor Massaru Iha <vitor(a)massaru.org> Reviewed-by: Brendan Higgins <brendanhiggins(a)google.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Link: https://bugzilla.kernel.org/show_bug.cgi?id=205221 --- version after merge on kunit brach: v1: * fix identation (tabs instead of spaces) v2: * fix v1 changelog description: fix identation (spaces instead of tabs, lines 248-252); * add python error message on commit message; * fix Link tag on commit message. --- tools/testing/kunit/kunit.py | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/tools/testing/kunit/kunit.py b/tools/testing/kunit/kunit.py index b01838b6f5f9..b3490271a103 100755 --- a/tools/testing/kunit/kunit.py +++ b/tools/testing/kunit/kunit.py @@ -169,7 +169,7 @@ def add_common_opts(parser): parser.add_argument('--build_dir', help='As in the make command, it specifies the build ' 'directory.', - type=str, default='', metavar='build_dir') + type=str, default='.kunit', metavar='build_dir') parser.add_argument('--make_options', help='X=Y make option, can be repeated.', action='append') @@ -245,12 +245,11 @@ def main(argv, linux=None): cli_args = parser.parse_args(argv) if cli_args.subcommand == 'run': - if cli_args.build_dir: - if not os.path.exists(cli_args.build_dir): - os.mkdir(cli_args.build_dir) - kunit_kernel.kunitconfig_path = os.path.join( - cli_args.build_dir, - kunit_kernel.kunitconfig_path) + if not os.path.exists(cli_args.build_dir): + os.mkdir(cli_args.build_dir) + kunit_kernel.kunitconfig_path = os.path.join( + cli_args.build_dir, + kunit_kernel.kunitconfig_path) if not linux: linux = kunit_kernel.LinuxSourceTree() -- 2.26.2

5 years, 5 months

2
2
0 0

[PATCH v18 00/12] Landlock LSM

by Mickaël Salaün

Hi, This new patch series mainly extend the LSM framework and fixes some issues: * Replace landlock_release_inodes() with a new LSM hook security_sb_delete() which is called at superblock shutdown (before unmount). * Replace struct super_block->s_landlock_inode_refs with the LSM infrastructure management of the superblock: Casey Schaufler's work on LSM stacking. The SLOC count is 1304 for security/landlock/ and 1733 for tools/testing/selftest/landlock/ . Test coverage for security/landlock/ is 93.6% of lines. The code not covered only deals with internal kernel errors (e.g. memory allocation) and race conditions. The compiled documentation is available here: https://landlock.io/linux-doc/landlock-v18/security/landlock/index.html This series can be applied on top of v5.7-rc7. This can be tested with CONFIG_SECURITY_LANDLOCK and CONFIG_SAMPLE_LANDLOCK. This patch series can be found in a Git repository here: https://github.com/landlock-lsm/linux/commits/landlock-v18 I would really appreciate constructive comments on this patch series. # Landlock LSM The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM [2], it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user-space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves. Landlock is inspired by seccomp-bpf but instead of filtering syscalls and their raw arguments, a Landlock rule can restrict the use of kernel objects like file hierarchies, according to the kernel semantic. Landlock also takes inspiration from other OS sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD Pledge/Unveil. Previous version: https://lore.kernel.org/lkml/20200511192156.1618284-1-mic@digikod.net/ [1] https://lore.kernel.org/lkml/e07fe473-1801-01cc-12ae-b3167f95250e@digikod.n… [2] https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler… Casey Schaufler (1): LSM: Infrastructure management of the superblock Mickaël Salaün (11): landlock: Add object management landlock: Add ruleset and domain management landlock: Set up the security framework and manage credentials landlock: Add ptrace restrictions fs,security: Add sb_delete hook landlock: Support filesystem access-control landlock: Add syscall implementation arch: Wire up landlock() syscall selftests/landlock: Add initial tests samples/landlock: Add a sandbox manager example landlock: Add user and kernel documentation Documentation/security/index.rst | 1 + Documentation/security/landlock/index.rst | 18 + Documentation/security/landlock/kernel.rst | 69 + Documentation/security/landlock/user.rst | 268 +++ MAINTAINERS | 12 + arch/Kconfig | 7 + arch/alpha/kernel/syscalls/syscall.tbl | 1 + arch/arm/tools/syscall.tbl | 1 + arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 2 + arch/ia64/kernel/syscalls/syscall.tbl | 1 + arch/m68k/kernel/syscalls/syscall.tbl | 1 + arch/microblaze/kernel/syscalls/syscall.tbl | 1 + arch/mips/kernel/syscalls/syscall_n32.tbl | 1 + arch/mips/kernel/syscalls/syscall_n64.tbl | 1 + arch/mips/kernel/syscalls/syscall_o32.tbl | 1 + arch/parisc/kernel/syscalls/syscall.tbl | 1 + arch/powerpc/kernel/syscalls/syscall.tbl | 1 + arch/s390/kernel/syscalls/syscall.tbl | 1 + arch/sh/kernel/syscalls/syscall.tbl | 1 + arch/sparc/kernel/syscalls/syscall.tbl | 1 + arch/um/Kconfig | 1 + arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + arch/xtensa/kernel/syscalls/syscall.tbl | 1 + fs/super.c | 1 + include/linux/lsm_hook_defs.h | 1 + include/linux/lsm_hooks.h | 3 + include/linux/security.h | 4 + include/linux/syscalls.h | 3 + include/uapi/asm-generic/unistd.h | 4 +- include/uapi/linux/landlock.h | 302 +++ kernel/sys_ni.c | 3 + samples/Kconfig | 7 + samples/Makefile | 1 + samples/landlock/.gitignore | 1 + samples/landlock/Makefile | 15 + samples/landlock/sandboxer.c | 228 +++ security/Kconfig | 11 +- security/Makefile | 2 + security/landlock/Kconfig | 18 + security/landlock/Makefile | 4 + security/landlock/common.h | 20 + security/landlock/cred.c | 46 + security/landlock/cred.h | 58 + security/landlock/fs.c | 610 ++++++ security/landlock/fs.h | 60 + security/landlock/object.c | 66 + security/landlock/object.h | 91 + security/landlock/ptrace.c | 120 ++ security/landlock/ptrace.h | 14 + security/landlock/ruleset.c | 342 ++++ security/landlock/ruleset.h | 157 ++ security/landlock/setup.c | 40 + security/landlock/setup.h | 18 + security/landlock/syscall.c | 532 +++++ security/security.c | 51 +- security/selinux/hooks.c | 58 +- security/selinux/include/objsec.h | 6 + security/selinux/ss/services.c | 3 +- security/smack/smack.h | 6 + security/smack/smack_lsm.c | 35 +- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/landlock/.gitignore | 2 + tools/testing/selftests/landlock/Makefile | 29 + tools/testing/selftests/landlock/base_test.c | 163 ++ tools/testing/selftests/landlock/common.h | 108 + tools/testing/selftests/landlock/config | 5 + tools/testing/selftests/landlock/fs_test.c | 1730 +++++++++++++++++ .../testing/selftests/landlock/ptrace_test.c | 293 +++ tools/testing/selftests/landlock/true.c | 5 + 71 files changed, 5596 insertions(+), 77 deletions(-) create mode 100644 Documentation/security/landlock/index.rst create mode 100644 Documentation/security/landlock/kernel.rst create mode 100644 Documentation/security/landlock/user.rst create mode 100644 include/uapi/linux/landlock.h create mode 100644 samples/landlock/.gitignore create mode 100644 samples/landlock/Makefile create mode 100644 samples/landlock/sandboxer.c create mode 100644 security/landlock/Kconfig create mode 100644 security/landlock/Makefile create mode 100644 security/landlock/common.h create mode 100644 security/landlock/cred.c create mode 100644 security/landlock/cred.h create mode 100644 security/landlock/fs.c create mode 100644 security/landlock/fs.h create mode 100644 security/landlock/object.c create mode 100644 security/landlock/object.h create mode 100644 security/landlock/ptrace.c create mode 100644 security/landlock/ptrace.h create mode 100644 security/landlock/ruleset.c create mode 100644 security/landlock/ruleset.h create mode 100644 security/landlock/setup.c create mode 100644 security/landlock/setup.h create mode 100644 security/landlock/syscall.c create mode 100644 tools/testing/selftests/landlock/.gitignore create mode 100644 tools/testing/selftests/landlock/Makefile create mode 100644 tools/testing/selftests/landlock/base_test.c create mode 100644 tools/testing/selftests/landlock/common.h create mode 100644 tools/testing/selftests/landlock/config create mode 100644 tools/testing/selftests/landlock/fs_test.c create mode 100644 tools/testing/selftests/landlock/ptrace_test.c create mode 100644 tools/testing/selftests/landlock/true.c -- 2.26.2

5 years, 5 months

2
14
0 0

Re: [PATCH] selftests/bpf: split -extras target to -static and -gen

by Yauheni Kaliuta

Hi, Alexei! >>>>> On Wed, 27 May 2020 09:48:04 -0700, Alexei Starovoitov wrote: > On Wed, May 27, 2020 at 12:19 AM Yauheni Kaliuta > <yauheni.kaliuta(a)redhat.com> wrote: >> >> Hi, Alexei! >> >> >>>>> On Tue, 26 May 2020 22:37:39 -0700, Alexei Starovoitov wrote: >> >> > On Tue, May 26, 2020 at 10:31 PM Yauheni Kaliuta >> > <yauheni.kaliuta(a)redhat.com> wrote: >> >> >> >> Hi, Andrii! >> >> >> >> >>>>> On Tue, 26 May 2020 17:19:18 -0700, Andrii Nakryiko wrote: >> >> >> >> > On Fri, May 22, 2020 at 1:19 AM Yauheni Kaliuta >> >> > <yauheni.kaliuta(a)redhat.com> wrote: >> >> >> >> >> >> There is difference in depoying static and generated extra resource >> >> >> files between in/out of tree build and flavors: >> >> >> >> >> >> - in case of unflavored out-of-tree build static files are not >> >> >> available and must be copied as well as both static and generated >> >> >> files for flavored build. >> >> >> >> >> >> So split the rules and variables. The name TRUNNER_EXTRA_GEN_FILES >> >> >> is chosen in analogy to TEST_GEN_* variants. >> >> >> >> >> >> >> > Can we keep them together but be smarter about what needs to >> >> > be copied based on source/target directories? I would really >> >> > like to not blow up all these rules. >> >> >> >> I can try, ok, I just find it a bit more clear. But it's good to >> >> get some input from kselftest about OOT build in general. >> >> > I see no value in 'make install' of selftests/bpf >> > and since it's broken just remove that makefile target. >> >> Some CI systems perform testing next stage after building were >> build tree is not available anymore. So it's in use at the >> moment. > such CI systems can do 'cp -r' then It's a discussion for linux-kselftest@ (added). At the moment `make install` is generic kselftest functionality and since bpf is part of that infra it looks a bit strange to break it intentionally. -- WBR, Yauheni Kaliuta

5 years, 5 months

6
20
0 0

[PATCH v7 0/5] KUnit-KASAN Integration

by David Gow

This patchset contains everything needed to integrate KASAN and KUnit. KUnit will be able to: (1) Fail tests when an unexpected KASAN error occurs (2) Pass tests when an expected KASAN error occurs Convert KASAN tests to KUnit with the exception of copy_user_test because KUnit is unable to test those. Add documentation on how to run the KASAN tests with KUnit and what to expect when running these tests. This patchset depends on: - "[PATCH v3 kunit-next 0/2] kunit: extend kunit resources API" [1] - "[PATCH v3 0/3] Fix some incompatibilites between KASAN and FORTIFY_SOURCE" [2] Changes from v6: - Rebased on top of kselftest/kunit - Rebased on top of Daniel Axtens' fix for FORTIFY_SOURCE incompatibilites [2] - Removed a redundant report_enabled() check. - Fixed some places with out of date Kconfig names in the documentation. Changes from v5: - Split out the panic_on_warn changes to a separate patch. - Fix documentation to fewer to the new Kconfig names. - Fix some changes which were in the wrong patch. - Rebase on top of kselftest/kunit (currently identical to 5.7-rc1) Changes from v4: - KASAN no longer will panic on errors if both panic_on_warn and kasan_multishot are enabled. - As a result, the KASAN tests will no-longer disable panic_on_warn. - This also means panic_on_warn no-longer needs to be exported. - The use of temporary "kasan_data" variables has been cleaned up somewhat. - A potential refcount/resource leak should multiple KASAN errors appear during an assertion was fixed. - Some wording changes to the KASAN test Kconfig entries. Changes from v3: - KUNIT_SET_KASAN_DATA and KUNIT_DO_EXPECT_KASAN_FAIL have been combined and included in KUNIT_DO_EXPECT_KASAN_FAIL() instead. - Reordered logic in kasan_update_kunit_status() in report.c to be easier to read. - Added comment to not use the name "kasan_data" for any kunit tests outside of KUNIT_EXPECT_KASAN_FAIL(). Changes since v2: - Due to Alan's changes in [1], KUnit can be built as a module. - The name of the tests that could not be run with KUnit has been changed to be more generic: test_kasan_module. - Documentation on how to run the new KASAN tests and what to expect when running them has been added. - Some variables and functions are now static. - Now save/restore panic_on_warn in a similar way to kasan_multi_shot and renamed the init/exit functions to be more generic to accommodate. - Due to [3] in kasan_strings, kasan_memchr, and kasan_memcmp will fail if CONFIG_AMD_MEM_ENCRYPT is enabled so return early and print message explaining this circumstance. - Changed preprocessor checks to C checks where applicable. Changes since v1: - Make use of Alan Maguire's suggestion to use his patch that allows static resources for integration instead of adding a new attribute to the kunit struct - All KUNIT_EXPECT_KASAN_FAIL statements are local to each test - The definition of KUNIT_EXPECT_KASAN_FAIL is local to the test_kasan.c file since it seems this is the only place this will be used. - Integration relies on KUnit being builtin - copy_user_test has been separated into its own file since KUnit is unable to test these. This can be run as a module just as before, using CONFIG_TEST_KASAN_USER - The addition to the current task has been separated into its own patch as this is a significant enough change to be on its own. [1] https://lore.kernel.org/linux-kselftest/1585313122-26441-1-git-send-email-a… [2] https://lkml.org/lkml/2020/4/23/708 [3] https://bugzilla.kernel.org/show_bug.cgi?id=206337 David Gow (1): mm: kasan: Do not panic if both panic_on_warn and kasan_multishot set Patricia Alfonso (4): Add KUnit Struct to Current Task KUnit: KASAN Integration KASAN: Port KASAN Tests to KUnit KASAN: Testing Documentation Documentation/dev-tools/kasan.rst | 70 +++ include/kunit/test.h | 5 + include/linux/kasan.h | 6 + include/linux/sched.h | 4 + lib/Kconfig.kasan | 18 +- lib/Makefile | 3 +- lib/kunit/test.c | 13 +- lib/test_kasan.c | 688 +++++++++++++----------------- lib/test_kasan_module.c | 76 ++++ mm/kasan/report.c | 34 +- 10 files changed, 514 insertions(+), 403 deletions(-) create mode 100644 lib/test_kasan_module.c -- 2.26.2.303.gf8c07b1a785-goog

5 years, 5 months

6
11
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror