- Linux-kselftest-mirror - lists.linaro.org

[PATCH net-next v7 25/25] testing/selftest: add test tool and scripts for ovpn module

by Antonio Quartulli

The ovpn-cli tool can be compiled and used as selftest for the ovpn kernel module. It implementes the netlink API and can thus be integrated in any script for more automated testing. Along with the tool, 2 scripts are added that perform basic functionality tests by means of network namespaces. The scripts can be performed in sequence by running run.sh Cc: shuah(a)kernel.org Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Antonio Quartulli <antonio(a)openvpn.net> --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/net/ovpn/.gitignore | 2 + tools/testing/selftests/net/ovpn/Makefile | 17 + tools/testing/selftests/net/ovpn/config | 8 + .../selftests/net/ovpn/data-test-tcp.sh | 9 + tools/testing/selftests/net/ovpn/data-test.sh | 150 ++ tools/testing/selftests/net/ovpn/data64.key | 5 + .../testing/selftests/net/ovpn/float-test.sh | 115 ++ tools/testing/selftests/net/ovpn/ovpn-cli.c | 1820 +++++++++++++++++ .../testing/selftests/net/ovpn/tcp_peers.txt | 5 + .../testing/selftests/net/ovpn/udp_peers.txt | 5 + 11 files changed, 2137 insertions(+) create mode 100644 tools/testing/selftests/net/ovpn/.gitignore create mode 100644 tools/testing/selftests/net/ovpn/Makefile create mode 100644 tools/testing/selftests/net/ovpn/config create mode 100755 tools/testing/selftests/net/ovpn/data-test-tcp.sh create mode 100755 tools/testing/selftests/net/ovpn/data-test.sh create mode 100644 tools/testing/selftests/net/ovpn/data64.key create mode 100755 tools/testing/selftests/net/ovpn/float-test.sh create mode 100644 tools/testing/selftests/net/ovpn/ovpn-cli.c create mode 100644 tools/testing/selftests/net/ovpn/tcp_peers.txt create mode 100644 tools/testing/selftests/net/ovpn/udp_peers.txt diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 3b7df5477317..8330f031d167 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -67,6 +67,7 @@ TARGETS += net/hsr TARGETS += net/mptcp TARGETS += net/netfilter TARGETS += net/openvswitch +TARGETS += net/ovpn TARGETS += net/packetdrill TARGETS += net/rds TARGETS += net/tcp_ao diff --git a/tools/testing/selftests/net/ovpn/.gitignore b/tools/testing/selftests/net/ovpn/.gitignore new file mode 100644 index 000000000000..ee44c081ca7c --- /dev/null +++ b/tools/testing/selftests/net/ovpn/.gitignore @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: GPL-2.0+ +ovpn-cli diff --git a/tools/testing/selftests/net/ovpn/Makefile b/tools/testing/selftests/net/ovpn/Makefile new file mode 100644 index 000000000000..171cf047497c --- /dev/null +++ b/tools/testing/selftests/net/ovpn/Makefile @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2020-2024 OpenVPN, Inc. +# +CFLAGS = -Wall -I../../../../../usr/include +CFLAGS += $(shell pkg-config --cflags libnl-3.0 libnl-genl-3.0) + +LDFLAGS = -lmbedtls -lmbedcrypto +LDFLAGS += $(shell pkg-config --libs libnl-3.0 libnl-genl-3.0) + +ovpn-cli: ovpn-cli.c + +TEST_PROGS = data-test.sh \ + data-test-tcp.sh \ + float-test.sh +TEST_GEN_FILES = ovpn-cli + +include ../../lib.mk diff --git a/tools/testing/selftests/net/ovpn/config b/tools/testing/selftests/net/ovpn/config new file mode 100644 index 000000000000..5ff47de23c12 --- /dev/null +++ b/tools/testing/selftests/net/ovpn/config @@ -0,0 +1,8 @@ +CONFIG_NET=y +CONFIG_INET=y +CONFIG_NET_UDP_TUNNEL=y +CONFIG_DST_CACHE=y +CONFIG_CRYPTO_AES=y +CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_CHACHA20POLY1305=y +CONFIG_OVPN=y diff --git a/tools/testing/selftests/net/ovpn/data-test-tcp.sh b/tools/testing/selftests/net/ovpn/data-test-tcp.sh new file mode 100755 index 000000000000..65f05659b5fd --- /dev/null +++ b/tools/testing/selftests/net/ovpn/data-test-tcp.sh @@ -0,0 +1,9 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2024 OpenVPN, Inc. +# +# Author: Antonio Quartulli <antonio(a)openvpn.net> + +PROTO="TCP" + +source data-test.sh diff --git a/tools/testing/selftests/net/ovpn/data-test.sh b/tools/testing/selftests/net/ovpn/data-test.sh new file mode 100755 index 000000000000..8468defb1f1c --- /dev/null +++ b/tools/testing/selftests/net/ovpn/data-test.sh @@ -0,0 +1,150 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2020-2024 OpenVPN, Inc. +# +# Author: Antonio Quartulli <antonio(a)openvpn.net> + +#set -x +set -e + +UDP_PEERS_FILE=${UDP_PEERS_FILE:-udp_peers.txt} +TCP_PEERS_FILE=${TCP_PEERS_FILE:-tcp_peers.txt} +OVPN_CLI=${OVPN_CLI:-./ovpn-cli} +ALG=${ALG:-aes} +PROTO=${PROTO:-UDP} + +create_ns() { + ip netns add peer${1} +} + +setup_ns() { + MODE="P2P" + + if [ ${1} -eq 0 ]; then + MODE="MP" + for p in $(seq 1 ${NUM_PEERS}); do + ip link add veth${p} netns peer0 type veth peer name veth${p} netns peer${p} + + ip -n peer0 addr add 10.10.${p}.1/24 dev veth${p} + ip -n peer0 link set veth${p} up + + ip -n peer${p} addr add 10.10.${p}.2/24 dev veth${p} + ip -n peer${p} link set veth${p} up + done + fi + + ip netns exec peer${1} ${OVPN_CLI} new_iface tun${1} $MODE + ip -n peer${1} addr add ${2} dev tun${1} + ip -n peer${1} link set tun${1} up +} + +add_peer() { + if [ "${PROTO}" == "UDP" ]; then + if [ ${1} -eq 0 ]; then + ip netns exec peer0 ${OVPN_CLI} new_multi_peer tun0 1 ${UDP_PEERS_FILE} + + for p in $(seq 1 ${NUM_PEERS}); do + # ip netns exec peer0 ${OVPN_CLI} new_peer tun0 ${p} ${p} 10.10.${p}.2 1 5.5.5.$((${p} + 1)) + + ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 1 0 ${ALG} 0 data64.key + done + else + ip netns exec peer${1} ${OVPN_CLI} new_peer tun${1} 1 ${1} 10.10.${1}.1 1 + ip netns exec peer${1} ${OVPN_CLI} new_key tun${1} ${1} 1 0 ${ALG} 1 data64.key + fi + else + if [ ${1} -eq 0 ]; then + (ip netns exec peer0 ${OVPN_CLI} listen tun0 1 ${TCP_PEERS_FILE} && { + for p in $(seq 1 ${NUM_PEERS}); do + ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 1 0 ${ALG} 0 data64.key + done + }) & + sleep 5 + else + ip netns exec peer${1} ${OVPN_CLI} connect tun${1} ${1} 10.10.${1}.1 1 data64.key + fi + fi +} + +cleanup() { + for p in $(seq 1 10); do + ip -n peer0 link del veth${p} 2>/dev/null || true + done + for p in $(seq 0 10); do + ip netns exec peer${p} ${OVPN_CLI} del_iface tun${p} 2>/dev/null || true + ip netns del peer${p} 2>/dev/null || true + done +} + +if [ "${PROTO}" == "UDP" ]; then + NUM_PEERS=${NUM_PEERS:-$(wc -l ${UDP_PEERS_FILE} | awk '{print $1}')} +else + NUM_PEERS=${NUM_PEERS:-$(wc -l ${TCP_PEERS_FILE} | awk '{print $1}')} +fi + +cleanup + +for p in $(seq 0 ${NUM_PEERS}); do + create_ns ${p} +done + +for p in $(seq 0 ${NUM_PEERS}); do + setup_ns ${p} 5.5.5.$((${p} + 1))/24 +done + +for p in $(seq 0 ${NUM_PEERS}); do + add_peer ${p} +done + +for p in $(seq 1 ${NUM_PEERS}); do + ip netns exec peer0 ${OVPN_CLI} set_peer tun0 ${p} 60 120 + ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} ${p} 60 120 +done + +for p in $(seq 1 ${NUM_PEERS}); do + ip netns exec peer0 ping -qfc 1000 -w 5 5.5.5.$((${p} + 1)) +done + +ip netns exec peer0 iperf3 -1 -s & +sleep 1 +ip netns exec peer1 iperf3 -Z -t 3 -c 5.5.5.1 + +for p in $(seq 1 ${NUM_PEERS}); do + ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 2 1 ${ALG} 0 data64.key + ip netns exec peer${p} ${OVPN_CLI} new_key tun${p} ${p} 2 1 ${ALG} 1 data64.key + ip netns exec peer${p} ${OVPN_CLI} swap_keys tun${p} ${p} +done + +sleep 1 +echo "Querying all peers:" +ip netns exec peer0 ${OVPN_CLI} get_peer tun0 +ip netns exec peer1 ${OVPN_CLI} get_peer tun1 + +echo "Querying peer 1:" +ip netns exec peer0 ${OVPN_CLI} get_peer tun0 1 + +echo "Querying non-existent peer 10:" +ip netns exec peer0 ${OVPN_CLI} get_peer tun0 10 || true + +ip netns exec peer0 ${OVPN_CLI} del_peer tun0 1 + +echo "Setting timeout to 10s MP:" +# bring ifaces down to prevent traffic being sent +for p in $(seq 0 ${NUM_PEERS}); do + ip -n peer${p} link set tun${p} down +done +# set short timeout +for p in $(seq 1 ${NUM_PEERS}); do + ip netns exec peer0 ${OVPN_CLI} set_peer tun0 ${p} 10 10 || true + ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} ${p} 0 0 +done +# wait for peers to timeout +sleep 15 + +echo "Setting timeout to 10s P2P:" +for p in $(seq 1 ${NUM_PEERS}); do + ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} ${p} 10 10 +done +sleep 15 + +cleanup diff --git a/tools/testing/selftests/net/ovpn/data64.key b/tools/testing/selftests/net/ovpn/data64.key new file mode 100644 index 000000000000..a99e88c4e290 --- /dev/null +++ b/tools/testing/selftests/net/ovpn/data64.key @@ -0,0 +1,5 @@ +jRqMACN7d7/aFQNT8S7jkrBD8uwrgHbG5OQZP2eu4R1Y7tfpS2bf5RHv06Vi163CGoaIiTX99R3B +ia9ycAH8Wz1+9PWv51dnBLur9jbShlgZ2QHLtUc4a/gfT7zZwULXuuxdLnvR21DDeMBaTbkgbai9 +uvAa7ne1liIgGFzbv+Bas4HDVrygxIxuAnP5Qgc3648IJkZ0QEXPF+O9f0n5+QIvGCxkAUVx+5K6 +KIs+SoeWXnAopELmoGSjUpFtJbagXK82HfdqpuUxT2Tnuef0/14SzVE/vNleBNu2ZbyrSAaah8tE +BofkPJUBFY+YQcfZNM5Dgrw3i+Bpmpq/gpdg5w== diff --git a/tools/testing/selftests/net/ovpn/float-test.sh b/tools/testing/selftests/net/ovpn/float-test.sh new file mode 100755 index 000000000000..5e113b767e78 --- /dev/null +++ b/tools/testing/selftests/net/ovpn/float-test.sh @@ -0,0 +1,115 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2020-2024 OpenVPN, Inc. +# +# Author: Antonio Quartulli <antonio(a)openvpn.net> + +#set -x +set -e + +UDP_PEERS_FILE=${UDP_PEERS_FILE:-udp_peers.txt} +TCP_PEERS_FILE=${TCP_PEERS_FILE:-tcp_peers.txt} +OVPN_CLI=${OVPN_CLI:-./ovpn-cli} +ALG=${ALG:-aes} +PROTO=${PROTO:-UDP} + +create_ns() { + ip netns add peer${1} +} + +setup_ns() { + MODE="P2P" + + if [ ${1} -eq 0 ]; then + MODE="MP" + for p in $(seq 1 ${NUM_PEERS}); do + ip link add veth${p} netns peer0 type veth peer name veth${p} netns peer${p} + + ip -n peer0 addr add 10.10.${p}.1/24 dev veth${p} + ip -n peer0 link set veth${p} up + + ip -n peer${p} addr add 10.10.${p}.2/24 dev veth${p} + ip -n peer${p} link set veth${p} up + done + fi + + ip netns exec peer${1} ${OVPN_CLI} new_iface tun${1} $MODE + ip -n peer${1} addr add ${2} dev tun${1} + ip -n peer${1} link set tun${1} up +} + +add_peer() { + if [ "${PROTO}" == "UDP" ]; then + if [ ${1} -eq 0 ]; then + ip netns exec peer0 ${OVPN_CLI} new_multi_peer tun0 1 ${UDP_PEERS_FILE} + + for p in $(seq 1 ${NUM_PEERS}); do + # ip netns exec peer0 ${OVPN_CLI} new_peer tun0 ${p} ${p} 10.10.${p}.2 1 5.5.5.$((${p} + 1)) + ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 1 0 ${ALG} 0 data64.key + done + else + ip netns exec peer${1} ${OVPN_CLI} new_peer tun${1} 1 ${1} 10.10.${1}.1 1 + ip netns exec peer${1} ${OVPN_CLI} new_key tun${1} ${1} 1 0 ${ALG} 1 data64.key + fi + else + if [ ${1} -eq 0 ]; then + (ip netns exec peer0 ${OVPN_CLI} listen tun0 1 ${TCP_PEERS_FILE} && { + for p in $(seq 1 ${NUM_PEERS}); do + ip netns exec peer0 ${OVPN_CLI} new_key tun0 ${p} 1 0 ${ALG} 0 data64.key + done + }) & + sleep 5 + else + ip netns exec peer${1} ${OVPN_CLI} connect tun${1} ${1} 10.10.${1}.1 1 5.5.5.1 data64.key + fi + fi +} + +cleanup() { + for p in $(seq 1 10); do + ip -n peer0 link del veth${p} 2>/dev/null || true + done + for p in $(seq 0 10); do + ip netns exec peer${p} ${OVPN_CLI} del_iface tun${p} 2>/dev/null || true + ip netns del peer${p} 2>/dev/null || true + done +} + +if [ "${PROTO}" == "UDP" ]; then + NUM_PEERS=${NUM_PEERS:-$(wc -l ${UDP_PEERS_FILE} | awk '{print $1}')} +else + NUM_PEERS=${NUM_PEERS:-$(wc -l ${TCP_PEERS_FILE} | awk '{print $1}')} +fi + +cleanup + +for p in $(seq 0 ${NUM_PEERS}); do + create_ns ${p} +done + +for p in $(seq 0 ${NUM_PEERS}); do + setup_ns ${p} 5.5.5.$((${p} + 1))/24 +done + +for p in $(seq 0 ${NUM_PEERS}); do + add_peer ${p} +done + +for p in $(seq 1 ${NUM_PEERS}); do + ip netns exec peer0 ${OVPN_CLI} set_peer tun0 ${p} 60 120 + ip netns exec peer${p} ${OVPN_CLI} set_peer tun${p} ${p} 60 120 +done + +for p in $(seq 1 ${NUM_PEERS}); do + ip netns exec peer0 ping -qfc 1000 -w 5 5.5.5.$((${p} + 1)) +done +# make clients float.. +for p in $(seq 1 ${NUM_PEERS}); do + ip -n peer${p} addr del 10.10.${p}.2/24 dev veth${p} + ip -n peer${p} addr add 10.10.${p}.3/24 dev veth${p} +done +for p in $(seq 1 ${NUM_PEERS}); do + ip netns exec peer${p} ping -qfc 1000 -w 5 5.5.5.1 +done + +cleanup diff --git a/tools/testing/selftests/net/ovpn/ovpn-cli.c b/tools/testing/selftests/net/ovpn/ovpn-cli.c new file mode 100644 index 000000000000..a10ad4881f13 --- /dev/null +++ b/tools/testing/selftests/net/ovpn/ovpn-cli.c @@ -0,0 +1,1820 @@ +// SPDX-License-Identifier: GPL-2.0 +/* OpenVPN data channel accelerator + * + * Copyright (C) 2020-2024 OpenVPN, Inc. + * + * Author: Antonio Quartulli <antonio(a)openvpn.net> + */ + +#include <stdio.h> +#include <inttypes.h> +#include <stdbool.h> +#include <string.h> +#include <errno.h> +#include <unistd.h> +#include <arpa/inet.h> +#include <net/if.h> +#include <netinet/in.h> + +#include <linux/ovpn.h> +#include <linux/types.h> +#include <linux/netlink.h> + +#include <netlink/socket.h> +#include <netlink/netlink.h> +#include <netlink/genl/genl.h> +#include <netlink/genl/family.h> +#include <netlink/genl/ctrl.h> + +#include <mbedtls/base64.h> +#include <mbedtls/error.h> + +#include <sys/socket.h> + +/* we use strscpy to make checkpatch happy */ +#define strscpy strncpy + +/* libnl < 3.5.0 does not set the NLA_F_NESTED on its own, therefore we + * have to explicitly do it to prevent the kernel from failing upon + * parsing of the message + */ +#define nla_nest_start(_msg, _type) \ + nla_nest_start(_msg, (_type) | NLA_F_NESTED) + +uint64_t nla_get_uint(struct nlattr *attr) +{ + if (nla_len(attr) == sizeof(uint32_t)) + return nla_get_u32(attr); + else + return nla_get_u64(attr); +} + +typedef int (*ovpn_nl_cb)(struct nl_msg *msg, void *arg); + +enum ovpn_key_direction { + KEY_DIR_IN = 0, + KEY_DIR_OUT, +}; + +#define KEY_LEN (256 / 8) +#define NONCE_LEN 8 + +#define PEER_ID_UNDEF 0x00FFFFFF + +struct nl_ctx { + struct nl_sock *nl_sock; + struct nl_msg *nl_msg; + struct nl_cb *nl_cb; + + int ovpn_dco_id; +}; + +struct ovpn_ctx { + __u8 key_enc[KEY_LEN]; + __u8 key_dec[KEY_LEN]; + __u8 nonce[NONCE_LEN]; + + enum ovpn_cipher_alg cipher; + + sa_family_t sa_family; + + __u32 peer_id; + __u16 lport; + + union { + struct sockaddr_in in4; + struct sockaddr_in6 in6; + } remote; + + union { + struct sockaddr_in in4; + struct sockaddr_in6 in6; + } peer_ip; + + bool peer_ip_set; + + unsigned int ifindex; + char ifname[IFNAMSIZ]; + enum ovpn_mode mode; + bool mode_set; + + int socket; + int cli_socket; + + __u32 keepalive_interval; + __u32 keepalive_timeout; + + enum ovpn_key_direction key_dir; + enum ovpn_key_slot key_slot; + int key_id; +}; + +static int ovpn_nl_recvmsgs(struct nl_ctx *ctx) +{ + int ret; + + ret = nl_recvmsgs(ctx->nl_sock, ctx->nl_cb); + + switch (ret) { + case -NLE_INTR: + fprintf(stderr, + "netlink received interrupt due to signal - ignoring\n"); + break; + case -NLE_NOMEM: + fprintf(stderr, "netlink out of memory error\n"); + break; + case -NLE_AGAIN: + fprintf(stderr, + "netlink reports blocking read - aborting wait\n"); + break; + default: + if (ret) + fprintf(stderr, "netlink reports error (%d): %s\n", + ret, nl_geterror(-ret)); + break; + } + + return ret; +} + +static struct nl_ctx *nl_ctx_alloc_flags(struct ovpn_ctx *ovpn, int cmd, + int flags) +{ + struct nl_ctx *ctx; + int err, ret; + + ctx = calloc(1, sizeof(*ctx)); + if (!ctx) + return NULL; + + ctx->nl_sock = nl_socket_alloc(); + if (!ctx->nl_sock) { + fprintf(stderr, "cannot allocate netlink socket\n"); + goto err_free; + } + + nl_socket_set_buffer_size(ctx->nl_sock, 8192, 8192); + + ret = genl_connect(ctx->nl_sock); + if (ret) { + fprintf(stderr, "cannot connect to generic netlink: %s\n", + nl_geterror(ret)); + goto err_sock; + } + + /* enable Extended ACK for detailed error reporting */ + err = 1; + setsockopt(nl_socket_get_fd(ctx->nl_sock), SOL_NETLINK, NETLINK_EXT_ACK, + &err, sizeof(err)); + + ctx->ovpn_dco_id = genl_ctrl_resolve(ctx->nl_sock, OVPN_FAMILY_NAME); + if (ctx->ovpn_dco_id < 0) { + fprintf(stderr, "cannot find ovpn_dco netlink component: %d\n", + ctx->ovpn_dco_id); + goto err_free; + } + + ctx->nl_msg = nlmsg_alloc(); + if (!ctx->nl_msg) { + fprintf(stderr, "cannot allocate netlink message\n"); + goto err_sock; + } + + ctx->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); + if (!ctx->nl_cb) { + fprintf(stderr, "failed to allocate netlink callback\n"); + goto err_msg; + } + + nl_socket_set_cb(ctx->nl_sock, ctx->nl_cb); + + genlmsg_put(ctx->nl_msg, 0, 0, ctx->ovpn_dco_id, 0, flags, cmd, 0); + + if (ovpn->ifindex > 0) + NLA_PUT_U32(ctx->nl_msg, OVPN_A_IFINDEX, ovpn->ifindex); + + return ctx; +nla_put_failure: +err_msg: + nlmsg_free(ctx->nl_msg); +err_sock: + nl_socket_free(ctx->nl_sock); +err_free: + free(ctx); + return NULL; +} + +static struct nl_ctx *nl_ctx_alloc(struct ovpn_ctx *ovpn, int cmd) +{ + return nl_ctx_alloc_flags(ovpn, cmd, 0); +} + +static void nl_ctx_free(struct nl_ctx *ctx) +{ + if (!ctx) + return; + + nl_socket_free(ctx->nl_sock); + nlmsg_free(ctx->nl_msg); + nl_cb_put(ctx->nl_cb); + free(ctx); +} + +static int ovpn_nl_cb_error(struct sockaddr_nl (*nla)__attribute__((unused)), + struct nlmsgerr *err, void *arg) +{ + struct nlmsghdr *nlh = (struct nlmsghdr *)err - 1; + struct nlattr *tb_msg[NLMSGERR_ATTR_MAX + 1]; + int len = nlh->nlmsg_len; + struct nlattr *attrs; + int *ret = arg; + int ack_len = sizeof(*nlh) + sizeof(int) + sizeof(*nlh); + + *ret = err->error; + + if (!(nlh->nlmsg_flags & NLM_F_ACK_TLVS)) + return NL_STOP; + + if (!(nlh->nlmsg_flags & NLM_F_CAPPED)) + ack_len += err->msg.nlmsg_len - sizeof(*nlh); + + if (len <= ack_len) + return NL_STOP; + + attrs = (void *)((unsigned char *)nlh + ack_len); + len -= ack_len; + + nla_parse(tb_msg, NLMSGERR_ATTR_MAX, attrs, len, NULL); + if (tb_msg[NLMSGERR_ATTR_MSG]) { + len = strnlen((char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG]), + nla_len(tb_msg[NLMSGERR_ATTR_MSG])); + fprintf(stderr, "kernel error: %*s\n", len, + (char *)nla_data(tb_msg[NLMSGERR_ATTR_MSG])); + } + + if (tb_msg[NLMSGERR_ATTR_MISS_NEST]) { + fprintf(stderr, "missing required nesting type %u\n", + nla_get_u32(tb_msg[NLMSGERR_ATTR_MISS_NEST])); + } + + if (tb_msg[NLMSGERR_ATTR_MISS_TYPE]) { + fprintf(stderr, "missing required attribute type %u\n", + nla_get_u32(tb_msg[NLMSGERR_ATTR_MISS_TYPE])); + } + + return NL_STOP; +} + +static int ovpn_nl_cb_finish(struct nl_msg (*msg)__attribute__((unused)), + void *arg) +{ + int *status = arg; + + *status = 0; + return NL_SKIP; +} + +static int ovpn_nl_cb_ack(struct nl_msg (*msg)__attribute__((unused)), + void *arg) +{ + int *status = arg; + + *status = 0; + return NL_STOP; +} + +static int ovpn_nl_msg_send(struct nl_ctx *ctx, ovpn_nl_cb cb) +{ + int status = 1; + + nl_cb_err(ctx->nl_cb, NL_CB_CUSTOM, ovpn_nl_cb_error, &status); + nl_cb_set(ctx->nl_cb, NL_CB_FINISH, NL_CB_CUSTOM, ovpn_nl_cb_finish, + &status); + nl_cb_set(ctx->nl_cb, NL_CB_ACK, NL_CB_CUSTOM, ovpn_nl_cb_ack, &status); + + if (cb) + nl_cb_set(ctx->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, cb, ctx); + + nl_send_auto_complete(ctx->nl_sock, ctx->nl_msg); + + while (status == 1) + ovpn_nl_recvmsgs(ctx); + + if (status < 0) + fprintf(stderr, "failed to send netlink message: %s (%d)\n", + strerror(-status), status); + + return status; +} + +static int ovpn_read_key(const char *file, struct ovpn_ctx *ctx) +{ + int idx_enc, idx_dec, ret = -1; + unsigned char *ckey = NULL; + __u8 *bkey = NULL; + size_t olen = 0; + long ckey_len; + FILE *fp; + + fp = fopen(file, "r"); + if (!fp) { + fprintf(stderr, "cannot open: %s\n", file); + return -1; + } + + /* get file size */ + fseek(fp, 0L, SEEK_END); + ckey_len = ftell(fp); + rewind(fp); + + /* if the file is longer, let's just read a portion */ + if (ckey_len > 256) + ckey_len = 256; + + ckey = malloc(ckey_len); + if (!ckey) + goto err; + + ret = fread(ckey, 1, ckey_len, fp); + if (ret != ckey_len) { + fprintf(stderr, + "couldn't read enough data from key file: %dbytes read\n", + ret); + goto err; + } + + olen = 0; + ret = mbedtls_base64_decode(NULL, 0, &olen, ckey, ckey_len); + if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) { + char buf[256]; + + mbedtls_strerror(ret, buf, sizeof(buf)); + fprintf(stderr, "unexpected base64 error1: %s (%d)\n", buf, + ret); + + goto err; + } + + bkey = malloc(olen); + if (!bkey) { + fprintf(stderr, "cannot allocate binary key buffer\n"); + goto err; + } + + ret = mbedtls_base64_decode(bkey, olen, &olen, ckey, ckey_len); + if (ret) { + char buf[256]; + + mbedtls_strerror(ret, buf, sizeof(buf)); + fprintf(stderr, "unexpected base64 error2: %s (%d)\n", buf, + ret); + + goto err; + } + + if (olen < 2 * KEY_LEN + NONCE_LEN) { + fprintf(stderr, + "not enough data in key file, found %zdB but needs %dB\n", + olen, 2 * KEY_LEN + NONCE_LEN); + goto err; + } + + switch (ctx->key_dir) { + case KEY_DIR_IN: + idx_enc = 0; + idx_dec = 1; + break; + case KEY_DIR_OUT: + idx_enc = 1; + idx_dec = 0; + break; + } + + memcpy(ctx->key_enc, bkey + KEY_LEN * idx_enc, KEY_LEN); + memcpy(ctx->key_dec, bkey + KEY_LEN * idx_dec, KEY_LEN); + memcpy(ctx->nonce, bkey + 2 * KEY_LEN, NONCE_LEN); + + ret = 0; + +err: + fclose(fp); + free(bkey); + free(ckey); + + return ret; +} + +static int ovpn_read_cipher(const char *cipher, struct ovpn_ctx *ctx) +{ + if (strcmp(cipher, "aes") == 0) + ctx->cipher = OVPN_CIPHER_ALG_AES_GCM; + else if (strcmp(cipher, "chachapoly") == 0) + ctx->cipher = OVPN_CIPHER_ALG_CHACHA20_POLY1305; + else if (strcmp(cipher, "none") == 0) + ctx->cipher = OVPN_CIPHER_ALG_NONE; + else + return -ENOTSUP; + + return 0; +} + +static int ovpn_read_key_direction(const char *dir, struct ovpn_ctx *ctx) +{ + int in_dir; + + in_dir = strtoll(dir, NULL, 10); + switch (in_dir) { + case KEY_DIR_IN: + case KEY_DIR_OUT: + ctx->key_dir = in_dir; + break; + default: + fprintf(stderr, + "invalid key direction provided. Can be 0 or 1 only\n"); + return -1; + } + + return 0; +} + +static int ovpn_socket(struct ovpn_ctx *ctx, sa_family_t family, int proto) +{ + struct sockaddr_storage local_sock; + struct sockaddr_in6 *in6; + struct sockaddr_in *in; + int ret, s, sock_type; + size_t sock_len; + + if (proto == IPPROTO_UDP) + sock_type = SOCK_DGRAM; + else if (proto == IPPROTO_TCP) + sock_type = SOCK_STREAM; + else + return -EINVAL; + + s = socket(family, sock_type, 0); + if (s < 0) { + perror("cannot create socket"); + return -1; + } + + memset((char *)&local_sock, 0, sizeof(local_sock)); + + switch (family) { + case AF_INET: + in = (struct sockaddr_in *)&local_sock; + in->sin_family = family; + in->sin_port = htons(ctx->lport); + in->sin_addr.s_addr = htonl(INADDR_ANY); + sock_len = sizeof(*in); + break; + case AF_INET6: + in6 = (struct sockaddr_in6 *)&local_sock; + in6->sin6_family = family; + in6->sin6_port = htons(ctx->lport); + in6->sin6_addr = in6addr_any; + sock_len = sizeof(*in6); + break; + default: + return -1; + } + + int opt = 1; + + ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)); + + if (ret < 0) { + perror("setsockopt for SO_REUSEADDR"); + return ret; + } + + ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &opt, sizeof(opt)); + if (ret < 0) { + perror("setsockopt for SO_REUSEPORT"); + return ret; + } + + if (family == AF_INET6) { + opt = 0; + if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &opt, + sizeof(opt))) { + perror("failed to set IPV6_V6ONLY"); + return -1; + } + } + + ret = bind(s, (struct sockaddr *)&local_sock, sock_len); + if (ret < 0) { + perror("cannot bind socket"); + goto err_socket; + } + + ctx->socket = s; + ctx->sa_family = family; + return 0; + +err_socket: + close(s); + return -1; +} + +static int ovpn_udp_socket(struct ovpn_ctx *ctx, sa_family_t family) +{ + return ovpn_socket(ctx, family, IPPROTO_UDP); +} + +static int ovpn_listen(struct ovpn_ctx *ctx, sa_family_t family) +{ + int ret; + + ret = ovpn_socket(ctx, family, IPPROTO_TCP); + if (ret < 0) + return ret; + + ret = listen(ctx->socket, 10); + if (ret < 0) { + perror("listen"); + close(ctx->socket); + return -1; + } + + return 0; +} + +static int ovpn_accept(struct ovpn_ctx *ctx) +{ + socklen_t socklen; + int ret; + + socklen = sizeof(ctx->remote); + ret = accept(ctx->socket, (struct sockaddr *)&ctx->remote, &socklen); + if (ret < 0) { + perror("accept"); + goto err; + } + + fprintf(stderr, "Connection received!\n"); + + switch (socklen) { + case sizeof(struct sockaddr_in): + case sizeof(struct sockaddr_in6): + break; + default: + fprintf(stderr, "error: expecting IPv4 or IPv6 connection\n"); + close(ret); + ret = -EINVAL; + goto err; + } + + return ret; +err: + close(ctx->socket); + return ret; +} + +static int ovpn_connect(struct ovpn_ctx *ovpn) +{ + socklen_t socklen; + int s, ret; + + s = socket(ovpn->remote.in4.sin_family, SOCK_STREAM, 0); + if (s < 0) { + perror("cannot create socket"); + return -1; + } + + switch (ovpn->remote.in4.sin_family) { + case AF_INET: + socklen = sizeof(struct sockaddr_in); + break; + case AF_INET6: + socklen = sizeof(struct sockaddr_in6); + break; + default: + return -EOPNOTSUPP; + } + + ret = connect(s, (struct sockaddr *)&ovpn->remote, socklen); + if (ret < 0) { + perror("connect"); + goto err; + } + + fprintf(stderr, "connected\n"); + + ovpn->socket = s; + + return 0; +err: + close(s); + return ret; +} + +static int ovpn_new_peer(struct ovpn_ctx *ovpn, bool is_tcp) +{ + struct nlattr *attr; + struct nl_ctx *ctx; + size_t alen; + int ret = -1; + + ctx = nl_ctx_alloc(ovpn, OVPN_CMD_SET_PEER); + if (!ctx) + return -ENOMEM; + + attr = nla_nest_start(ctx->nl_msg, OVPN_A_PEER); + NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_ID, ovpn->peer_id); + NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_SOCKET, ovpn->socket); + + if (!is_tcp) { + switch (ovpn->remote.in4.sin_family) { + case AF_INET: + alen = sizeof(struct sockaddr_in); + break; + case AF_INET6: + alen = sizeof(struct sockaddr_in6); + break; + default: + fprintf(stderr, + "Invalid family for remote socket address\n"); + goto nla_put_failure; + } + NLA_PUT(ctx->nl_msg, OVPN_A_PEER_SOCKADDR_REMOTE, alen, + &ovpn->remote); + } + + if (ovpn->peer_ip_set) { + switch (ovpn->peer_ip.in4.sin_family) { + case AF_INET: + NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_VPN_IPV4, + ovpn->peer_ip.in4.sin_addr.s_addr); + break; + case AF_INET6: + NLA_PUT(ctx->nl_msg, OVPN_A_PEER_VPN_IPV6, + sizeof(struct in6_addr), + &ovpn->peer_ip.in6.sin6_addr); + break; + default: + fprintf(stderr, "Invalid family for peer address\n"); + goto nla_put_failure; + } + } + + nla_nest_end(ctx->nl_msg, attr); + + ret = ovpn_nl_msg_send(ctx, NULL); +nla_put_failure: + nl_ctx_free(ctx); + return ret; +} + +static int ovpn_set_peer(struct ovpn_ctx *ovpn) +{ + struct nlattr *attr; + struct nl_ctx *ctx; + int ret = -1; + + ctx = nl_ctx_alloc(ovpn, OVPN_CMD_SET_PEER); + if (!ctx) + return -ENOMEM; + + attr = nla_nest_start(ctx->nl_msg, OVPN_A_PEER); + NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_ID, ovpn->peer_id); + NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_KEEPALIVE_INTERVAL, + ovpn->keepalive_interval); + NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_KEEPALIVE_TIMEOUT, + ovpn->keepalive_timeout); + nla_nest_end(ctx->nl_msg, attr); + + ret = ovpn_nl_msg_send(ctx, NULL); +nla_put_failure: + nl_ctx_free(ctx); + return ret; +} + +static int ovpn_del_peer(struct ovpn_ctx *ovpn) +{ + struct nlattr *attr; + struct nl_ctx *ctx; + int ret = -1; + + ctx = nl_ctx_alloc(ovpn, OVPN_CMD_DEL_PEER); + if (!ctx) + return -ENOMEM; + + attr = nla_nest_start(ctx->nl_msg, OVPN_A_PEER); + NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_ID, ovpn->peer_id); + nla_nest_end(ctx->nl_msg, attr); + + ret = ovpn_nl_msg_send(ctx, NULL); +nla_put_failure: + nl_ctx_free(ctx); + return ret; +} + +static int ovpn_handle_peer(struct nl_msg *msg, void *arg) +{ + struct nlattr *attrs_peer[OVPN_A_PEER_MAX + 1]; + struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); + struct nlattr *attrs[OVPN_A_MAX + 1]; + __u16 port = 0; + + nla_parse(attrs, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0), + genlmsg_attrlen(gnlh, 0), NULL); + + if (!attrs[OVPN_A_PEER]) { + fprintf(stderr, "no packet content in netlink message\n"); + return NL_SKIP; + } + + nla_parse(attrs_peer, OVPN_A_PEER_MAX, nla_data(attrs[OVPN_A_PEER]), + nla_len(attrs[OVPN_A_PEER]), NULL); + + if (attrs_peer[OVPN_A_PEER_ID]) + fprintf(stderr, "* Peer %u\n", + nla_get_u32(attrs_peer[OVPN_A_PEER_ID])); + + if (attrs_peer[OVPN_A_PEER_VPN_IPV4]) { + char buf[INET_ADDRSTRLEN]; + + inet_ntop(AF_INET, nla_data(attrs_peer[OVPN_A_PEER_VPN_IPV4]), + buf, sizeof(buf)); + fprintf(stderr, "\tVPN IPv4: %s\n", buf); + } + + if (attrs_peer[OVPN_A_PEER_VPN_IPV6]) { + char buf[INET6_ADDRSTRLEN]; + + inet_ntop(AF_INET6, nla_data(attrs_peer[OVPN_A_PEER_VPN_IPV6]), + buf, sizeof(buf)); + fprintf(stderr, "\tVPN IPv6: %s\n", buf); + } + + if (attrs_peer[OVPN_A_PEER_LOCAL_PORT]) + port = ntohs(nla_get_u16(attrs_peer[OVPN_A_PEER_LOCAL_PORT])); + + if (attrs_peer[OVPN_A_PEER_SOCKADDR_REMOTE]) { + struct sockaddr_storage ss; + struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)&ss; + struct sockaddr_in *in = (struct sockaddr_in *)&ss; + + memcpy(&ss, nla_data(attrs_peer[OVPN_A_PEER_SOCKADDR_REMOTE]), + nla_len(attrs_peer[OVPN_A_PEER_SOCKADDR_REMOTE])); + + if (in->sin_family == AF_INET) { + char buf[INET_ADDRSTRLEN]; + + if (attrs_peer[OVPN_A_PEER_LOCAL_IP]) { + void *p = attrs_peer[OVPN_A_PEER_LOCAL_IP]; + + inet_ntop(AF_INET, nla_data(p), buf, + sizeof(buf)); + fprintf(stderr, "\tLocal: %s:%hu\n", buf, + port); + } + + inet_ntop(AF_INET, &in->sin_addr, buf, sizeof(buf)); + fprintf(stderr, "\tRemote: %s:%u\n", buf, + ntohs(in->sin_port)); + } else if (in->sin_family == AF_INET6) { + char buf[INET6_ADDRSTRLEN]; + + if (attrs_peer[OVPN_A_PEER_LOCAL_IP]) { + void *p = attrs_peer[OVPN_A_PEER_LOCAL_IP]; + + inet_ntop(AF_INET6, nla_data(p), buf, + sizeof(buf)); + fprintf(stderr, "\tLocal: %s\n", buf); + } + + inet_ntop(AF_INET6, &in6->sin6_addr, buf, sizeof(buf)); + fprintf(stderr, "\tRemote: %s:%u (scope-id: %u)\n", buf, + ntohs(in6->sin6_port), + ntohl(in6->sin6_scope_id)); + } + } + + if (attrs_peer[OVPN_A_PEER_KEEPALIVE_INTERVAL]) { + void *p = attrs_peer[OVPN_A_PEER_KEEPALIVE_INTERVAL]; + + fprintf(stderr, "\tKeepalive interval: %u sec\n", + nla_get_u32(p)); + } + + if (attrs_peer[OVPN_A_PEER_KEEPALIVE_TIMEOUT]) + fprintf(stderr, "\tKeepalive timeout: %u sec\n", + nla_get_u32(attrs_peer[OVPN_A_PEER_KEEPALIVE_TIMEOUT])); + + if (attrs_peer[OVPN_A_PEER_VPN_RX_BYTES]) + fprintf(stderr, "\tVPN RX bytes: %" PRIu64 "\n", + nla_get_uint(attrs_peer[OVPN_A_PEER_VPN_RX_BYTES])); + + if (attrs_peer[OVPN_A_PEER_VPN_TX_BYTES]) + fprintf(stderr, "\tVPN TX bytes: %" PRIu64 "\n", + nla_get_uint(attrs_peer[OVPN_A_PEER_VPN_TX_BYTES])); + + if (attrs_peer[OVPN_A_PEER_VPN_RX_PACKETS]) + fprintf(stderr, "\tVPN RX packets: %" PRIu64 "\n", + nla_get_uint(attrs_peer[OVPN_A_PEER_VPN_RX_PACKETS])); + + if (attrs_peer[OVPN_A_PEER_VPN_TX_PACKETS]) + fprintf(stderr, "\tVPN TX packets: %" PRIu64 "\n", + nla_get_uint(attrs_peer[OVPN_A_PEER_VPN_TX_PACKETS])); + + if (attrs_peer[OVPN_A_PEER_LINK_RX_BYTES]) + fprintf(stderr, "\tLINK RX bytes: %" PRIu64 "\n", + nla_get_uint(attrs_peer[OVPN_A_PEER_LINK_RX_BYTES])); + + if (attrs_peer[OVPN_A_PEER_LINK_TX_BYTES]) + fprintf(stderr, "\tLINK TX bytes: %" PRIu64 "\n", + nla_get_uint(attrs_peer[OVPN_A_PEER_LINK_TX_BYTES])); + + if (attrs_peer[OVPN_A_PEER_LINK_RX_PACKETS]) + fprintf(stderr, "\tLINK RX packets: %" PRIu64 "\n", + nla_get_uint(attrs_peer[OVPN_A_PEER_LINK_RX_PACKETS])); + + if (attrs_peer[OVPN_A_PEER_LINK_TX_PACKETS]) + fprintf(stderr, "\tLINK TX packets: %" PRIu64 "\n", + nla_get_uint(attrs_peer[OVPN_A_PEER_LINK_TX_PACKETS])); + + return NL_SKIP; +} + +static int ovpn_get_peer(struct ovpn_ctx *ovpn) +{ + int flags = 0, ret = -1; + struct nlattr *attr; + struct nl_ctx *ctx; + + if (ovpn->peer_id == PEER_ID_UNDEF) + flags = NLM_F_DUMP; + + ctx = nl_ctx_alloc_flags(ovpn, OVPN_CMD_GET_PEER, flags); + if (!ctx) + return -ENOMEM; + + if (ovpn->peer_id != PEER_ID_UNDEF) { + attr = nla_nest_start(ctx->nl_msg, OVPN_A_PEER); + NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_ID, ovpn->peer_id); + nla_nest_end(ctx->nl_msg, attr); + } + + ret = ovpn_nl_msg_send(ctx, ovpn_handle_peer); +nla_put_failure: + nl_ctx_free(ctx); + return ret; +} + +static int ovpn_new_key(struct ovpn_ctx *ovpn) +{ + struct nlattr *peer, *keyconf, *key_dir; + struct nl_ctx *ctx; + int ret = -1; + + ctx = nl_ctx_alloc(ovpn, OVPN_CMD_SET_KEY); + if (!ctx) + return -ENOMEM; + + peer = nla_nest_start(ctx->nl_msg, OVPN_A_PEER); + NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_ID, ovpn->peer_id); + + keyconf = nla_nest_start(ctx->nl_msg, OVPN_A_PEER_KEYCONF); + NLA_PUT_U32(ctx->nl_msg, OVPN_A_KEYCONF_SLOT, ovpn->key_slot); + NLA_PUT_U32(ctx->nl_msg, OVPN_A_KEYCONF_KEY_ID, ovpn->key_id); + NLA_PUT_U32(ctx->nl_msg, OVPN_A_KEYCONF_CIPHER_ALG, ovpn->cipher); + + key_dir = nla_nest_start(ctx->nl_msg, OVPN_A_KEYCONF_ENCRYPT_DIR); + NLA_PUT(ctx->nl_msg, OVPN_A_KEYDIR_CIPHER_KEY, KEY_LEN, ovpn->key_enc); + NLA_PUT(ctx->nl_msg, OVPN_A_KEYDIR_NONCE_TAIL, NONCE_LEN, ovpn->nonce); + nla_nest_end(ctx->nl_msg, key_dir); + + key_dir = nla_nest_start(ctx->nl_msg, OVPN_A_KEYCONF_DECRYPT_DIR); + NLA_PUT(ctx->nl_msg, OVPN_A_KEYDIR_CIPHER_KEY, KEY_LEN, ovpn->key_dec); + NLA_PUT(ctx->nl_msg, OVPN_A_KEYDIR_NONCE_TAIL, NONCE_LEN, ovpn->nonce); + nla_nest_end(ctx->nl_msg, key_dir); + + nla_nest_end(ctx->nl_msg, keyconf); + + nla_nest_end(ctx->nl_msg, peer); + + ret = ovpn_nl_msg_send(ctx, NULL); +nla_put_failure: + nl_ctx_free(ctx); + return ret; +} + +static int ovpn_del_key(struct ovpn_ctx *ovpn) +{ + struct nlattr *peer, *keyconf; + struct nl_ctx *ctx; + int ret = -1; + + ctx = nl_ctx_alloc(ovpn, OVPN_CMD_DEL_KEY); + if (!ctx) + return -ENOMEM; + + peer = nla_nest_start(ctx->nl_msg, OVPN_A_PEER); + NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_ID, ovpn->peer_id); + + keyconf = nla_nest_start(ctx->nl_msg, OVPN_A_PEER_KEYCONF); + NLA_PUT_U32(ctx->nl_msg, OVPN_A_KEYCONF_SLOT, OVPN_KEY_SLOT_PRIMARY); + nla_nest_end(ctx->nl_msg, keyconf); + + nla_nest_end(ctx->nl_msg, peer); + + ret = ovpn_nl_msg_send(ctx, NULL); +nla_put_failure: + nl_ctx_free(ctx); + return ret; +} + +static int ovpn_swap_keys(struct ovpn_ctx *ovpn) +{ + struct nlattr *peer; + struct nl_ctx *ctx; + int ret = -1; + + ctx = nl_ctx_alloc(ovpn, OVPN_CMD_SWAP_KEYS); + if (!ctx) + return -ENOMEM; + + peer = nla_nest_start(ctx->nl_msg, OVPN_A_PEER); + NLA_PUT_U32(ctx->nl_msg, OVPN_A_PEER_ID, ovpn->peer_id); + nla_nest_end(ctx->nl_msg, peer); + + ret = ovpn_nl_msg_send(ctx, NULL); +nla_put_failure: + nl_ctx_free(ctx); + return ret; +} + +static int ovpn_handle_iface(struct nl_msg *msg, void *arg) +{ + struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); + struct nlattr *attrs[OVPN_A_MAX + 1]; + + nla_parse(attrs, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0), + genlmsg_attrlen(gnlh, 0), NULL); + + if (!attrs[OVPN_A_IFNAME]) { + fprintf(stderr, "no ifname in netlink message\n"); + return NL_SKIP; + } + + fprintf(stderr, "Created ifname: %s\n", + (char *)nla_data(attrs[OVPN_A_IFNAME])); + + return NL_SKIP; +} + +static int ovpn_new_iface(struct ovpn_ctx *ovpn) +{ + struct nl_ctx *ctx; + int ret = -1; + + ctx = nl_ctx_alloc(ovpn, OVPN_CMD_NEW_IFACE); + if (!ctx) + return -ENOMEM; + + NLA_PUT(ctx->nl_msg, OVPN_A_IFNAME, strlen(ovpn->ifname) + 1, + ovpn->ifname); + + if (ovpn->mode_set) + NLA_PUT_U32(ctx->nl_msg, OVPN_A_MODE, ovpn->mode); + + fprintf(stdout, "Creating interface %s with mode %u\n", ovpn->ifname, + ovpn->mode); + + ret = ovpn_nl_msg_send(ctx, ovpn_handle_iface); +nla_put_failure: + nl_ctx_free(ctx); + return ret; +} + +static int ovpn_del_iface(struct ovpn_ctx *ovpn) +{ + struct nl_ctx *ctx; + int ret = -1; + + ctx = nl_ctx_alloc(ovpn, OVPN_CMD_DEL_IFACE); + if (!ctx) + return -ENOMEM; + + ret = ovpn_nl_msg_send(ctx, NULL); + nl_ctx_free(ctx); + return ret; +} + +static int nl_seq_check(struct nl_msg *msg, void *arg) +{ + return NL_OK; +} + +struct mcast_handler_args { + const char *group; + int id; +}; + +static int mcast_family_handler(struct nl_msg *msg, void *arg) +{ + struct mcast_handler_args *grp = arg; + struct nlattr *tb[CTRL_ATTR_MAX + 1]; + struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); + struct nlattr *mcgrp; + int rem_mcgrp; + + nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0), + genlmsg_attrlen(gnlh, 0), NULL); + + if (!tb[CTRL_ATTR_MCAST_GROUPS]) + return NL_SKIP; + + nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], rem_mcgrp) { + struct nlattr *tb_mcgrp[CTRL_ATTR_MCAST_GRP_MAX + 1]; + + nla_parse(tb_mcgrp, CTRL_ATTR_MCAST_GRP_MAX, + nla_data(mcgrp), nla_len(mcgrp), NULL); + + if (!tb_mcgrp[CTRL_ATTR_MCAST_GRP_NAME] || + !tb_mcgrp[CTRL_ATTR_MCAST_GRP_ID]) + continue; + if (strncmp(nla_data(tb_mcgrp[CTRL_ATTR_MCAST_GRP_NAME]), + grp->group, nla_len(tb_mcgrp[CTRL_ATTR_MCAST_GRP_NAME]))) + continue; + grp->id = nla_get_u32(tb_mcgrp[CTRL_ATTR_MCAST_GRP_ID]); + break; + } + + return NL_SKIP; +} + +static int mcast_error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err, + void *arg) +{ + int *ret = arg; + + *ret = err->error; + return NL_STOP; +} + +static int mcast_ack_handler(struct nl_msg *msg, void *arg) +{ + int *ret = arg; + + *ret = 0; + return NL_STOP; +} + +static int ovpn_handle_msg(struct nl_msg *msg, void *arg) +{ + struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); + struct nlattr *attrs[OVPN_A_MAX + 1]; + struct nlmsghdr *nlh = nlmsg_hdr(msg); + //enum ovpn_del_peer_reason reason; + char ifname[IF_NAMESIZE]; + __u32 ifindex; + + fprintf(stderr, "received message from ovpn-dco\n"); + + if (!genlmsg_valid_hdr(nlh, 0)) { + fprintf(stderr, "invalid header\n"); + return NL_STOP; + } + + if (nla_parse(attrs, OVPN_A_MAX, genlmsg_attrdata(gnlh, 0), + genlmsg_attrlen(gnlh, 0), NULL)) { + fprintf(stderr, "received bogus data from ovpn-dco\n"); + return NL_STOP; + } + + if (!attrs[OVPN_A_IFINDEX]) { + fprintf(stderr, "no ifindex in this message\n"); + return NL_STOP; + } + + ifindex = nla_get_u32(attrs[OVPN_A_IFINDEX]); + if (!if_indextoname(ifindex, ifname)) { + fprintf(stderr, "cannot resolve ifname for ifindex: %u\n", + ifindex); + return NL_STOP; + } + + switch (gnlh->cmd) { + case OVPN_CMD_DEL_PEER: + /*if (!attrs[OVPN_A_DEL_PEER_REASON]) { + * fprintf(stderr, "no reason in DEL_PEER message\n"); + * return NL_STOP; + *} + * + *reason = nla_get_u8(attrs[OVPN_A_DEL_PEER_REASON]); + *fprintf(stderr, + * "received CMD_DEL_PEER, ifname: %s reason: %d\n", + * ifname, reason); + */ + fprintf(stdout, "received CMD_DEL_PEER\n"); + break; + default: + fprintf(stderr, "received unknown command: %d\n", gnlh->cmd); + return NL_STOP; + } + + return NL_OK; +} + +static int ovpn_get_mcast_id(struct nl_sock *sock, const char *family, + const char *group) +{ + struct nl_msg *msg; + struct nl_cb *cb; + int ret, ctrlid; + struct mcast_handler_args grp = { + .group = group, + .id = -ENOENT, + }; + + msg = nlmsg_alloc(); + if (!msg) + return -ENOMEM; + + cb = nl_cb_alloc(NL_CB_DEFAULT); + if (!cb) { + ret = -ENOMEM; + goto out_fail_cb; + } + + ctrlid = genl_ctrl_resolve(sock, "nlctrl"); + + genlmsg_put(msg, 0, 0, ctrlid, 0, 0, CTRL_CMD_GETFAMILY, 0); + + ret = -ENOBUFS; + NLA_PUT_STRING(msg, CTRL_ATTR_FAMILY_NAME, family); + + ret = nl_send_auto_complete(sock, msg); + if (ret < 0) + goto nla_put_failure; + + ret = 1; + + nl_cb_err(cb, NL_CB_CUSTOM, mcast_error_handler, &ret); + nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, mcast_ack_handler, &ret); + nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, mcast_family_handler, &grp); + + while (ret > 0) + nl_recvmsgs(sock, cb); + + if (ret == 0) + ret = grp.id; + nla_put_failure: + nl_cb_put(cb); + out_fail_cb: + nlmsg_free(msg); + return ret; +} + +static void ovpn_listen_mcast(void) +{ + struct nl_sock *sock; + struct nl_cb *cb; + int mcid, ret; + + sock = nl_socket_alloc(); + if (!sock) { + fprintf(stderr, "cannot allocate netlink socket\n"); + goto err_free; + } + + nl_socket_set_buffer_size(sock, 8192, 8192); + + ret = genl_connect(sock); + if (ret < 0) { + fprintf(stderr, "cannot connect to generic netlink: %s\n", + nl_geterror(ret)); + goto err_free; + } + + mcid = ovpn_get_mcast_id(sock, OVPN_FAMILY_NAME, OVPN_MCGRP_PEERS); + if (mcid < 0) { + fprintf(stderr, "cannot get mcast group: %s\n", + nl_geterror(mcid)); + goto err_free; + } + + ret = nl_socket_add_membership(sock, mcid); + if (ret) { + fprintf(stderr, "failed to join mcast group: %d\n", ret); + goto err_free; + } + + ret = 0; + cb = nl_cb_alloc(NL_CB_DEFAULT); + nl_cb_set(cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM, nl_seq_check, NULL); + nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, ovpn_handle_msg, &ret); + nl_cb_err(cb, NL_CB_CUSTOM, ovpn_nl_cb_error, &ret); + + while (ret != -EINTR) + ret = nl_recvmsgs(sock, cb); + + nl_cb_put(cb); +err_free: + nl_socket_free(sock); +} + +static void usage(const char *cmd) +{ + fprintf(stderr, "Error: invalid arguments.\n\n"); + fprintf(stderr, + "Usage %s <iface> <connect|listen|new_peer|new_multi_peer|set_peer|del_peer|new_key|del_key|recv|send|listen_mcast> [arguments..]\n", + cmd); + fprintf(stderr, "\tiface: tun interface name\n\n"); + + fprintf(stderr, + "* connect <peer_id> <raddr> <rport> <key file>: start connecting peer of TCP-based VPN session\n"); + fprintf(stderr, "\tpeer-id: peer ID of the connecting peer\n"); + fprintf(stderr, "\tremote-addr: peer IP address\n"); + fprintf(stderr, "\tremote-port: peer TCP port\n"); + + fprintf(stderr, + "* listen <lport> <peers_file>: listen for incoming peer TCP connections\n"); + fprintf(stderr, "\tlport: src TCP port\n"); + fprintf(stderr, + "\tpeers_file: file containing one peer per line: Line format:\n"); + fprintf(stderr, "\t\t<peer_id> <vpnaddr>\n\n"); + + fprintf(stderr, + "* new_peer <lport> <peer-id> <raddr> <rport> [vpnaddr]: add new peer\n"); + fprintf(stderr, + "\tpeer-id: peer ID to be used in data packets to/from this peer\n"); + fprintf(stderr, "\tlocal-port: local UDP port\n"); + fprintf(stderr, "\tremote-addr: peer IP address\n"); + fprintf(stderr, "\tremote-port: peer UDP port\n"); + fprintf(stderr, "\tvpnaddr: peer VPN IP\n\n"); + + fprintf(stderr, + "* new_multi_peer <lport> <file>: add multiple peers as listed in the file\n"); + fprintf(stderr, "\tlport: local UDP port to bind to\n"); + fprintf(stderr, + "\tfile: text file containing one peer per line. Line format:\n"); + fprintf(stderr, "\t\t<peer-id> <raddr> <rport> <vpnaddr>\n\n"); + + fprintf(stderr, + "* set_peer <peer-id> <keepalive_interval> <keepalive_timeout>: set peer attributes\n"); + fprintf(stderr, "\tpeer-id: peer ID of the peer to modify\n"); + fprintf(stderr, + "\tkeepalive_interval: interval for sending ping messages\n"); + fprintf(stderr, + "\tkeepalive_timeout: time after which a peer is timed out\n\n"); + + fprintf(stderr, "* del_peer <peer-id>: delete peer\n"); + fprintf(stderr, "\tpeer-id: peer ID of the peer to delete\n\n"); + + fprintf(stderr, + "* new_key <peer-id> <slot> <key_id> <cipher> <key_dir> <key_file>: set data channel key\n"); + fprintf(stderr, + "\tpeer-id: peer ID of the peer to configure the key for\n"); + fprintf(stderr, + "\tcipher: cipher to use, supported: aes (AES-GCM), chachapoly (CHACHA20POLY1305), none\n"); + fprintf(stderr, + "\tkey_dir: key direction, must 0 on one host and 1 on the other\n"); + fprintf(stderr, "\tkey_file: file containing the pre-shared key\n\n"); + + fprintf(stderr, + "* del_key <peer-id>: erase existing data channel key\n"); + fprintf(stderr, "\tpeer-id: peer ID of the peer to modify\n\n"); + + fprintf(stderr, + "* swap_keys <peer-id>: swap primary and seconday key slots\n"); + fprintf(stderr, "\tpeer-id: peer ID of the peer to modify\n\n"); + + fprintf(stderr, + "* listen_mcast: listen to ovpn-dco netlink multicast messages\n"); +} + +static int ovpn_parse_remote(struct ovpn_ctx *ovpn, const char *host, + const char *service, const char *vpnip) +{ + int ret; + struct addrinfo *result; + struct addrinfo hints = { + .ai_family = ovpn->sa_family, + .ai_socktype = SOCK_DGRAM, + .ai_protocol = IPPROTO_UDP + }; + + if (host) { + ret = getaddrinfo(host, service, &hints, &result); + if (ret == EAI_NONAME || ret == EAI_FAIL) + return -1; + + if (!(result->ai_family == AF_INET && + result->ai_addrlen == sizeof(struct sockaddr_in)) && + !(result->ai_family == AF_INET6 && + result->ai_addrlen == sizeof(struct sockaddr_in6))) { + ret = -EINVAL; + goto out; + } + + memcpy(&ovpn->remote, result->ai_addr, result->ai_addrlen); + } + + if (vpnip) { + ret = getaddrinfo(vpnip, NULL, &hints, &result); + if (ret == EAI_NONAME || ret == EAI_FAIL) + return -1; + + if (!(result->ai_family == AF_INET && + result->ai_addrlen == sizeof(struct sockaddr_in)) && + !(result->ai_family == AF_INET6 && + result->ai_addrlen == sizeof(struct sockaddr_in6))) { + ret = -EINVAL; + goto out; + } + + memcpy(&ovpn->peer_ip, result->ai_addr, result->ai_addrlen); + ovpn->sa_family = result->ai_family; + + ovpn->peer_ip_set = true; + } + + ret = 0; +out: + freeaddrinfo(result); + return ret; +} + +static int ovpn_parse_new_peer(struct ovpn_ctx *ovpn, const char *peer_id, + const char *raddr, const char *rport, + const char *vpnip) +{ + ovpn->peer_id = strtoul(peer_id, NULL, 10); + if (errno == ERANGE) { + fprintf(stderr, "peer ID value out of range\n"); + return -1; + } + + return ovpn_parse_remote(ovpn, raddr, rport, vpnip); +} + +static void ovpn_send_tcp_data(int socket) +{ + uint16_t len = htons(1000); + uint8_t buf[1002]; + int ret; + + memcpy(buf, &len, sizeof(len)); + memset(buf + sizeof(len), 0x86, sizeof(buf) - sizeof(len)); + + ret = send(socket, buf, sizeof(buf), 0); + + fprintf(stdout, "Sent %u bytes over TCP socket\n", ret); +} + +static void ovpn_recv_tcp_data(int socket) +{ + uint8_t buf[1002]; + uint16_t len; + int ret; + + ret = recv(socket, buf, sizeof(buf), 0); + + if (ret < 2) { + fprintf(stderr, ">>>> Error while reading TCP data: %d\n", ret); + return; + } + + memcpy(&len, buf, sizeof(len)); + len = ntohs(len); + + fprintf(stdout, ">>>> Received %u bytes over TCP socket, header: %u\n", + ret, len); + +/* int i; + * for (i = 2; i < ret; i++) { + * fprintf(stdout, "0x%.2x ", buf[i]); + * if (i && !((i - 2) % 16)) + * fprintf(stdout, "\n"); + * } + * fprintf(stdout, "\n"); + */ +} + +static int ovpn_parse_set_peer(struct ovpn_ctx *ovpn, int argc, char *argv[]) +{ + if (argc < 5) { + usage(argv[0]); + return -1; + } + + ovpn->keepalive_interval = strtoul(argv[3], NULL, 10); + if (errno == ERANGE) { + fprintf(stderr, "keepalive interval value out of range\n"); + return -1; + } + + ovpn->keepalive_timeout = strtoul(argv[4], NULL, 10); + if (errno == ERANGE) { + fprintf(stderr, "keepalive interval value out of range\n"); + return -1; + } + + return 0; +} + +int main(int argc, char *argv[]) +{ + struct ovpn_ctx ovpn; +// struct nl_ctx *ctx; + int ret; + + if (argc < 2) { + usage(argv[0]); + return -1; + } + + memset(&ovpn, 0, sizeof(ovpn)); + ovpn.sa_family = AF_INET; + ovpn.cli_socket = -1; + + if (argc > 2) { + strscpy(ovpn.ifname, argv[2], IFNAMSIZ - 1); + ovpn.ifname[IFNAMSIZ - 1] = '\0'; + } + + /* all commands except new_iface expect a valid ifindex */ + if (strcmp(argv[1], "new_iface")) { + /* in this case a ifname MUST be defined */ + if (argc < 3) { + usage(argv[0]); + return -1; + } + + ovpn.ifindex = if_nametoindex(ovpn.ifname); + if (!ovpn.ifindex) { + fprintf(stderr, "cannot find interface: %s\n", + strerror(errno)); + return -1; + } + } + + if (!strcmp(argv[1], "new_iface")) { + if (argc > 3) { + if (!strcmp(argv[3], "P2P")) { + ovpn.mode = OVPN_MODE_P2P; + } else if (!strcmp(argv[3], "MP")) { + ovpn.mode = OVPN_MODE_MP; + } else { + fprintf(stderr, "Cannot parse iface mode: %s\n", + argv[3]); + return -1; + } + ovpn.mode_set = true; + } + + ret = ovpn_new_iface(&ovpn); + if (ret < 0) { + fprintf(stderr, "Cannot create interface %s: %d\n", + ovpn.ifname, ret); + return -1; + } + } else if (!strcmp(argv[1], "del_iface")) { + ret = ovpn_del_iface(&ovpn); + if (ret < 0) { + fprintf(stderr, "Cannot delete interface %s: %d\n", + ovpn.ifname, ret); + return -1; + } + } else if (!strcmp(argv[1], "listen")) { + char peer_id[10], vpnip[100]; + int n; + FILE *fp; + + if (argc < 4) { + usage(argv[0]); + return -1; + } + + ovpn.lport = strtoul(argv[3], NULL, 10); + if (errno == ERANGE || ovpn.lport > 65535) { + fprintf(stderr, "lport value out of range\n"); + return -1; + } + + if (argc > 4 && !strcmp(argv[4], "ipv6")) + ovpn.sa_family = AF_INET6; + + ret = ovpn_listen(&ovpn, ovpn.sa_family); + if (ret < 0) { + fprintf(stderr, "cannot listen on TCP socket\n"); + return ret; + } + + fp = fopen(argv[4], "r"); + if (!fp) { + fprintf(stderr, "cannot open file: %s\n", argv[4]); + return -1; + } + + while ((n = fscanf(fp, "%s %s\n", peer_id, vpnip)) == 2) { + struct ovpn_ctx peer_ctx = { 0 }; + + peer_ctx.ifindex = ovpn.ifindex; + peer_ctx.sa_family = ovpn.sa_family; + + peer_ctx.socket = ovpn_accept(&ovpn); + if (peer_ctx.socket < 0) { + fprintf(stderr, "cannot accept connection!\n"); + return -1; + } + + /* store the socket of the first peer to test TCP I/O */ + if (ovpn.cli_socket < 0) + ovpn.cli_socket = peer_ctx.socket; + + ret = ovpn_parse_new_peer(&peer_ctx, peer_id, NULL, + NULL, vpnip); + if (ret < 0) { + fprintf(stderr, "error while parsing line\n"); + return -1; + } + + ret = ovpn_new_peer(&peer_ctx, true); + if (ret < 0) { + fprintf(stderr, + "cannot add peer to VPN: %s %s\n", + peer_id, vpnip); + return ret; + } + } + + if (ovpn.cli_socket >= 0) + ovpn_recv_tcp_data(ovpn.cli_socket); + } else if (!strcmp(argv[1], "connect")) { + if (argc < 5) { + usage(argv[0]); + return -1; + } + + ovpn.sa_family = AF_INET; + + ret = ovpn_parse_new_peer(&ovpn, argv[3], argv[4], argv[5], + NULL); + if (ret < 0) { + fprintf(stderr, "Cannot parse remote peer data\n"); + return ret; + } + + ret = ovpn_connect(&ovpn); + if (ret < 0) { + fprintf(stderr, "cannot connect TCP socket\n"); + return ret; + } + + ret = ovpn_new_peer(&ovpn, true); + if (ret < 0) { + fprintf(stderr, "cannot add peer to VPN\n"); + close(ovpn.socket); + return ret; + } + + if (argc > 6) { + ovpn.key_slot = OVPN_KEY_SLOT_PRIMARY; + ovpn.key_id = 0; + ovpn.cipher = OVPN_CIPHER_ALG_AES_GCM; + ovpn.key_dir = KEY_DIR_OUT; + + ret = ovpn_read_key(argv[6], &ovpn); + if (ret) + return ret; + + ret = ovpn_new_key(&ovpn); + if (ret < 0) { + fprintf(stderr, "cannot set key\n"); + return ret; + } + + ovpn_send_tcp_data(ovpn.socket); + } + } else if (!strcmp(argv[1], "new_peer")) { + if (argc < 7) { + usage(argv[0]); + return -1; + } + + ovpn.lport = strtoul(argv[3], NULL, 10); + if (errno == ERANGE || ovpn.lport > 65535) { + fprintf(stderr, "lport value out of range\n"); + return -1; + } + + const char *vpnip = (argc > 7) ? argv[7] : NULL; + + ret = ovpn_parse_new_peer(&ovpn, argv[4], argv[5], argv[6], + vpnip); + if (ret < 0) + return ret; + + ret = ovpn_udp_socket(&ovpn, AF_INET6); //ovpn.sa_family ? + if (ret < 0) + return ret; + + ret = ovpn_new_peer(&ovpn, false); + if (ret < 0) { + fprintf(stderr, "cannot add peer to VPN\n"); + return ret; + } + } else if (!strcmp(argv[1], "new_multi_peer")) { + char peer_id[10], raddr[128], rport[10], vpnip[100]; + FILE *fp; + int n; + + if (argc < 5) { + usage(argv[0]); + return -1; + } + + ovpn.lport = strtoul(argv[3], NULL, 10); + if (errno == ERANGE || ovpn.lport > 65535) { + fprintf(stderr, "lport value out of range\n"); + return -1; + } + + fp = fopen(argv[4], "r"); + if (!fp) { + fprintf(stderr, "cannot open file: %s\n", argv[4]); + return -1; + } + + ret = ovpn_udp_socket(&ovpn, AF_INET6); + if (ret < 0) + return ret; + + while ((n = fscanf(fp, "%s %s %s %s\n", peer_id, raddr, rport, + vpnip)) == 4) { + struct ovpn_ctx peer_ctx = { 0 }; + + peer_ctx.ifindex = ovpn.ifindex; + peer_ctx.socket = ovpn.socket; + peer_ctx.sa_family = AF_UNSPEC; + + ret = ovpn_parse_new_peer(&peer_ctx, peer_id, raddr, + rport, vpnip); + if (ret < 0) { + fprintf(stderr, "error while parsing line\n"); + return -1; + } + + ret = ovpn_new_peer(&peer_ctx, false); + if (ret < 0) { + fprintf(stderr, + "cannot add peer to VPN: %s %s %s %s\n", + peer_id, raddr, rport, vpnip); + return ret; + } + } + } else if (!strcmp(argv[1], "set_peer")) { + ovpn.peer_id = strtoul(argv[3], NULL, 10); + if (errno == ERANGE) { + fprintf(stderr, "peer ID value out of range\n"); + return -1; + } + + argv++; + argc--; + + ret = ovpn_parse_set_peer(&ovpn, argc, argv); + if (ret < 0) + return ret; + + ret = ovpn_set_peer(&ovpn); + if (ret < 0) { + fprintf(stderr, "cannot set peer to VPN\n"); + return ret; + } + } else if (!strcmp(argv[1], "del_peer")) { + if (argc < 4) { + usage(argv[0]); + return -1; + } + + ovpn.peer_id = strtoul(argv[3], NULL, 10); + if (errno == ERANGE) { + fprintf(stderr, "peer ID value out of range\n"); + return -1; + } + + ret = ovpn_del_peer(&ovpn); + if (ret < 0) { + fprintf(stderr, "cannot delete peer to VPN\n"); + return ret; + } + } else if (!strcmp(argv[1], "get_peer")) { + ovpn.peer_id = PEER_ID_UNDEF; + if (argc > 3) + ovpn.peer_id = strtoul(argv[3], NULL, 10); + + fprintf(stderr, "List of peers connected to: %s\n", + ovpn.ifname); + + ret = ovpn_get_peer(&ovpn); + if (ret < 0) { + fprintf(stderr, "cannot get peer(s): %d\n", ret); + return ret; + } + } else if (!strcmp(argv[1], "new_key")) { + if (argc < 8) { + usage(argv[0]); + return -1; + } + + ovpn.peer_id = strtoul(argv[3], NULL, 10); + if (errno == ERANGE) { + fprintf(stderr, "peer ID value out of range\n"); + return -1; + } + + int slot = strtoul(argv[4], NULL, 10); + + if (errno == ERANGE || slot < 1 || slot > 2) { + fprintf(stderr, "ket slot out of range\n"); + return -1; + } + + switch (slot) { + case 1: + ovpn.key_slot = OVPN_KEY_SLOT_PRIMARY; + break; + case 2: + ovpn.key_slot = OVPN_KEY_SLOT_SECONDARY; + break; + } + + ovpn.key_id = strtoul(argv[5], NULL, 10); + if (errno == ERANGE || ovpn.key_id > 2) { + fprintf(stderr, "ket ID out of range\n"); + return -1; + } + + ret = ovpn_read_cipher(argv[6], &ovpn); + if (ret < 0) + return ret; + + ret = ovpn_read_key_direction(argv[7], &ovpn); + if (ret < 0) + return ret; + + ret = ovpn_read_key(argv[8], &ovpn); + if (ret) + return ret; + + ret = ovpn_new_key(&ovpn); + if (ret < 0) { + fprintf(stderr, "cannot set key\n"); + return ret; + } + } else if (!strcmp(argv[1], "del_key")) { + if (argc < 3) { + usage(argv[0]); + return -1; + } + + ovpn.peer_id = strtoul(argv[3], NULL, 10); + if (errno == ERANGE) { + fprintf(stderr, "peer ID value out of range\n"); + return -1; + } + + argv++; + argc--; + + ret = ovpn_del_key(&ovpn); + if (ret < 0) { + fprintf(stderr, "cannot delete key\n"); + return ret; + } + } else if (!strcmp(argv[1], "swap_keys")) { + if (argc < 3) { + usage(argv[0]); + return -1; + } + + ovpn.peer_id = strtoul(argv[3], NULL, 10); + if (errno == ERANGE) { + fprintf(stderr, "peer ID value out of range\n"); + return -1; + } + + argv++; + argc--; + + ret = ovpn_swap_keys(&ovpn); + if (ret < 0) { + fprintf(stderr, "cannot swap keys\n"); + return ret; + } + } else if (!strcmp(argv[1], "listen_mcast")) { + ovpn_listen_mcast(); + } else { + usage(argv[0]); + return -1; + } + + return ret; +} diff --git a/tools/testing/selftests/net/ovpn/tcp_peers.txt b/tools/testing/selftests/net/ovpn/tcp_peers.txt new file mode 100644 index 000000000000..d753eebe8716 --- /dev/null +++ b/tools/testing/selftests/net/ovpn/tcp_peers.txt @@ -0,0 +1,5 @@ +1 5.5.5.2 +2 5.5.5.3 +3 5.5.5.4 +4 5.5.5.5 +5 5.5.5.6 diff --git a/tools/testing/selftests/net/ovpn/udp_peers.txt b/tools/testing/selftests/net/ovpn/udp_peers.txt new file mode 100644 index 000000000000..32f14bd9347a --- /dev/null +++ b/tools/testing/selftests/net/ovpn/udp_peers.txt @@ -0,0 +1,5 @@ +1 10.10.1.2 1 5.5.5.2 +2 10.10.2.2 1 5.5.5.3 +3 10.10.3.2 1 5.5.5.4 +4 10.10.4.2 1 5.5.5.5 +5 10.10.5.2 1 5.5.5.6 -- 2.44.2

1 year, 1 month

1
0
0 0

[PATCH net-next v2 0/3] selftests/net: packetdrill: netns and two imports

by Willem de Bruijn

From: Willem de Bruijn <willemb(a)google.com> 1/3: run in nets, as discussed, and add missing CONFIGs 2/3: import tcp/zerocopy 3/3: import tcp/slow_start Willem de Bruijn (3): selftests/net: packetdrill: run in netns and expand config selftests/net: packetdrill: import tcp/zerocopy selftests/net: packetdrill: import tcp/slow_start .../selftests/net/packetdrill/Makefile | 1 + .../testing/selftests/net/packetdrill/config | 6 + .../selftests/net/packetdrill/ksft_runner.sh | 4 +- .../selftests/net/packetdrill/set_sysctls.py | 38 ++++++ ...tcp_slow_start_slow-start-ack-per-1pkt.pkt | 56 +++++++++ ...tart_slow-start-ack-per-2pkt-send-5pkt.pkt | 33 +++++ ...tart_slow-start-ack-per-2pkt-send-6pkt.pkt | 34 +++++ ...tcp_slow_start_slow-start-ack-per-2pkt.pkt | 42 +++++++ ...tcp_slow_start_slow-start-ack-per-4pkt.pkt | 35 ++++++ .../tcp_slow_start_slow-start-after-idle.pkt | 39 ++++++ ...slow_start_slow-start-after-win-update.pkt | 50 ++++++++ ...t_slow-start-app-limited-9-packets-out.pkt | 38 ++++++ .../tcp_slow_start_slow-start-app-limited.pkt | 36 ++++++ ..._slow_start_slow-start-fq-ack-per-2pkt.pkt | 63 ++++++++++ .../net/packetdrill/tcp_zerocopy_basic.pkt | 55 ++++++++ .../net/packetdrill/tcp_zerocopy_batch.pkt | 41 ++++++ .../net/packetdrill/tcp_zerocopy_client.pkt | 30 +++++ .../net/packetdrill/tcp_zerocopy_closed.pkt | 44 +++++++ .../packetdrill/tcp_zerocopy_epoll_edge.pkt | 61 +++++++++ .../tcp_zerocopy_epoll_exclusive.pkt | 63 ++++++++++ .../tcp_zerocopy_epoll_oneshot.pkt | 66 ++++++++++ .../tcp_zerocopy_fastopen-client.pkt | 56 +++++++++ .../tcp_zerocopy_fastopen-server.pkt | 44 +++++++ .../net/packetdrill/tcp_zerocopy_maxfrags.pkt | 118 ++++++++++++++++++ .../net/packetdrill/tcp_zerocopy_small.pkt | 57 +++++++++ 25 files changed, 1108 insertions(+), 2 deletions(-) create mode 100755 tools/testing/selftests/net/packetdrill/set_sysctls.py create mode 100644 tools/testing/selftests/net/packetdrill/tcp_slow_start_slow-start-ack-per-1pkt.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_slow_start_slow-start-ack-per-2pkt-send-5pkt.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_slow_start_slow-start-ack-per-2pkt-send-6pkt.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_slow_start_slow-start-ack-per-2pkt.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_slow_start_slow-start-ack-per-4pkt.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_slow_start_slow-start-after-idle.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_slow_start_slow-start-after-win-update.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_slow_start_slow-start-app-limited-9-packets-out.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_slow_start_slow-start-app-limited.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_slow_start_slow-start-fq-ack-per-2pkt.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_zerocopy_basic.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_zerocopy_batch.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_zerocopy_client.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_zerocopy_closed.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_zerocopy_epoll_edge.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_zerocopy_epoll_exclusive.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_zerocopy_epoll_oneshot.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_zerocopy_fastopen-client.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_zerocopy_fastopen-server.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_zerocopy_maxfrags.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_zerocopy_small.pkt -- 2.46.0.598.g6f2099f65c-goog

1 year, 1 month

4
8
0 0

kselftest/next kselftest-lkdtm: 2 runs, 1 regressions (v6.11-rc1-21-ga0474b8d5974e)

by kernelci.org bot

kselftest/next kselftest-lkdtm: 2 runs, 1 regressions (v6.11-rc1-21-ga0474b8d5974e) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ----------------------------+------+-------------+----------+------------------------------+------------ stm32mp157a-dhcor-avenger96 | arm | lab-broonie | gcc-12 | multi_v7_defconfig+kselftest | 1 Details: https://kernelci.org/test/job/kselftest/branch/next/kernel/v6.11-rc1-21-ga0… Test: kselftest-lkdtm Tree: kselftest Branch: next Describe: v6.11-rc1-21-ga0474b8d5974e URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git SHA: a0474b8d5974e142461ac7584c996feea167bcc1 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ----------------------------+------+-------------+----------+------------------------------+------------ stm32mp157a-dhcor-avenger96 | arm | lab-broonie | gcc-12 | multi_v7_defconfig+kselftest | 1 Details: https://kernelci.org/test/plan/id/66e889bc13fabff8bec86855 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig+kselftest Compiler: gcc-12 (arm-linux-gnueabihf-gcc (Debian 12.2.0-14) 12.2.0) Plain log: https://storage.kernelci.org//kselftest/next/v6.11-rc1-21-ga0474b8d5974e/ar… HTML log: https://storage.kernelci.org//kselftest/next/v6.11-rc1-21-ga0474b8d5974e/ar… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bookworm-kselftest/2024031… * kselftest-lkdtm.login: https://kernelci.org/test/case/id/66e889bc13fabff8bec86856 failing since 48 days (last pass: v6.10-rc7-29-gdf09b0bb09ea, first fail: v6.11-rc1)

1 year, 1 month

1
0
0 0

kselftest/next kselftest-seccomp: 2 runs, 3 regressions (v6.11-rc1-21-ga0474b8d5974e)

by kernelci.org bot

kselftest/next kselftest-seccomp: 2 runs, 3 regressions (v6.11-rc1-21-ga0474b8d5974e) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+-------------+----------+------------------------------+------------ meson-gxl-s905x-libretech-cc | arm64 | lab-broonie | gcc-12 | defconfig+kselftest | 2 stm32mp157a-dhcor-avenger96 | arm | lab-broonie | gcc-12 | multi_v7_defconfig+kselftest | 1 Details: https://kernelci.org/test/job/kselftest/branch/next/kernel/v6.11-rc1-21-ga0… Test: kselftest-seccomp Tree: kselftest Branch: next Describe: v6.11-rc1-21-ga0474b8d5974e URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git SHA: a0474b8d5974e142461ac7584c996feea167bcc1 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+-------------+----------+------------------------------+------------ meson-gxl-s905x-libretech-cc | arm64 | lab-broonie | gcc-12 | defconfig+kselftest | 2 Details: https://kernelci.org/test/plan/id/66e88768d950f5c504c86855 Results: 107 PASS, 2 FAIL, 0 SKIP Full config: defconfig+kselftest Compiler: gcc-12 (aarch64-linux-gnu-gcc (Debian 12.2.0-14) 12.2.0) Plain log: https://storage.kernelci.org//kselftest/next/v6.11-rc1-21-ga0474b8d5974e/ar… HTML log: https://storage.kernelci.org//kselftest/next/v6.11-rc1-21-ga0474b8d5974e/ar… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bookworm-kselftest/2024031… * kselftest-seccomp.seccomp_seccomp_benchmark: https://kernelci.org/test/case/id/66e88768d950f5c504c86857 new failure (last pass: v6.11-rc1-20-gaf1ec38c6ccc3) * kselftest-seccomp.seccomp_seccomp_benchmark_per-filter_last_2_diff_per-filter_filters_4: https://kernelci.org/test/case/id/66e88768d950f5c504c8685c new failure (last pass: v6.11-rc1-20-gaf1ec38c6ccc3) platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+-------------+----------+------------------------------+------------ stm32mp157a-dhcor-avenger96 | arm | lab-broonie | gcc-12 | multi_v7_defconfig+kselftest | 1 Details: https://kernelci.org/test/plan/id/66e88e6d0e37a1fe30c869cd Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig+kselftest Compiler: gcc-12 (arm-linux-gnueabihf-gcc (Debian 12.2.0-14) 12.2.0) Plain log: https://storage.kernelci.org//kselftest/next/v6.11-rc1-21-ga0474b8d5974e/ar… HTML log: https://storage.kernelci.org//kselftest/next/v6.11-rc1-21-ga0474b8d5974e/ar… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bookworm-kselftest/2024031… * kselftest-seccomp.login: https://kernelci.org/test/case/id/66e88e6d0e37a1fe30c869ce failing since 48 days (last pass: v6.10-rc7-29-gdf09b0bb09ea, first fail: v6.11-rc1)

1 year, 1 month

1
0
0 0

kselftest/next kselftest-lib: 2 runs, 1 regressions (v6.11-rc1-21-ga0474b8d5974e)

by kernelci.org bot

kselftest/next kselftest-lib: 2 runs, 1 regressions (v6.11-rc1-21-ga0474b8d5974e) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ----------------------------+------+-------------+----------+------------------------------+------------ stm32mp157a-dhcor-avenger96 | arm | lab-broonie | gcc-12 | multi_v7_defconfig+kselftest | 1 Details: https://kernelci.org/test/job/kselftest/branch/next/kernel/v6.11-rc1-21-ga0… Test: kselftest-lib Tree: kselftest Branch: next Describe: v6.11-rc1-21-ga0474b8d5974e URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git SHA: a0474b8d5974e142461ac7584c996feea167bcc1 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ----------------------------+------+-------------+----------+------------------------------+------------ stm32mp157a-dhcor-avenger96 | arm | lab-broonie | gcc-12 | multi_v7_defconfig+kselftest | 1 Details: https://kernelci.org/test/plan/id/66e88cdfac06e7d86dc8687f Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig+kselftest Compiler: gcc-12 (arm-linux-gnueabihf-gcc (Debian 12.2.0-14) 12.2.0) Plain log: https://storage.kernelci.org//kselftest/next/v6.11-rc1-21-ga0474b8d5974e/ar… HTML log: https://storage.kernelci.org//kselftest/next/v6.11-rc1-21-ga0474b8d5974e/ar… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bookworm-kselftest/2024031… * kselftest-lib.login: https://kernelci.org/test/case/id/66e88cdfac06e7d86dc86880 failing since 48 days (last pass: v6.10-rc7-29-gdf09b0bb09ea, first fail: v6.11-rc1)

1 year, 1 month

1
0
0 0

kselftest/next build: 7 builds: 2 failed, 5 passed, 1 warning (v6.11-rc1-21-ga0474b8d5974e)

by kernelci.org bot

kselftest/next build: 7 builds: 2 failed, 5 passed, 1 warning (v6.11-rc1-21-ga0474b8d5974e) Full Build Summary: https://kernelci.org/build/kselftest/branch/next/kernel/v6.11-rc1-21-ga0474… Tree: kselftest Branch: next Git Describe: v6.11-rc1-21-ga0474b8d5974e Git Commit: a0474b8d5974e142461ac7584c996feea167bcc1 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git Built: 4 unique architectures Build Failures Detected: arm64: defconfig+kselftest+arm64-chromebook: (clang-16) FAIL defconfig+kselftest+arm64-chromebook: (gcc-12) FAIL Warnings Detected: arm64: arm: i386: x86_64: x86_64_defconfig+kselftest (clang-16): 1 warning Warnings summary: 1 vmlinux.o: warning: objtool: set_ftrace_ops_ro+0x39: relocation to !ENDBR: .text+0x14ef94 ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- defconfig+kselftest (arm64, gcc-12) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, gcc-12) — FAIL, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, clang-16) — FAIL, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig+kselftest (i386, gcc-12) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v7_defconfig+kselftest (arm, gcc-12) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, gcc-12) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, clang-16) — PASS, 0 errors, 1 warning, 0 section mismatches Warnings: vmlinux.o: warning: objtool: set_ftrace_ops_ro+0x39: relocation to !ENDBR: .text+0x14ef94 --- For more info write to <info(a)kernelci.org>

1 year, 1 month

1
0
0 0

[PATCH net-next] selftests: net: add pmtu_bad.sh regression test

by mitchell.augustin＠canonical.com

From: Mitchell Augustin <mitchell.augustin(a)canonical.com> Introduce a regression test that reproduces a bug in pmtu_ipv6_ipv6_exception which causes veth_A-R1's reference counter to remain > 0 after cleanup should have already completed. On affected kernels/platforms, running this test will result in the following being displayed repeatedly in dmesg: unregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 5 and future attempts to modprobe/rmmod ip6_vti will hang forever. Link: https://lore.kernel.org/all/CAHTA-uZDaJ-71o+bo8a96TV4ck-8niimztQFaa=QoeNdUm… Requested-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Mitchell Augustin <mitchell.augustin(a)canonical.com> --- tools/testing/selftests/net/pmtu_bad.sh | 901 ++++++++++++++++++++++++ 1 file changed, 901 insertions(+) create mode 100755 tools/testing/selftests/net/pmtu_bad.sh diff --git a/tools/testing/selftests/net/pmtu_bad.sh b/tools/testing/selftests/net/pmtu_bad.sh new file mode 100755 index 000000000000..4bbc9815b661 --- /dev/null +++ b/tools/testing/selftests/net/pmtu_bad.sh @@ -0,0 +1,901 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# Pinned version of pmtu.sh pmtu_ipv6_ipv6_exception and all dependencies +# configured to reproduce a kernel bug where the veth_A-R1 device's +# resource counter remains > 0 after cleanup should have already been +# completed. +# +# On affected kernels/platforms, running this test will result in the following +# being displayed repeatedly in dmesg: +# unregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 5 +# +# and future attempts to modprobe/rmmod ip6_vti will hang forever. +# +# Link: https://lore.kernel.org/all/CAHTA-uZDaJ-71o+bo8a96TV4ck-8niimztQFaa=QoeNdUm… +# +# BugLink: https://bugs.launchpad.net/ubuntu-kernel-tests/+bug/2072501 +# +# pmtu.sh: +# Check that route PMTU values match expectations, and that initial device MTU +# values are assigned correctly +# +# Tests currently implemented: +# +# - pmtu_bad +# Sets the CPU governor to "performance" for all CPUs, then +# runs a pinned, affected version of the pmtu_ipv6_ipv6_exception test with +# nexthop objects 100 times. If this causes the following to be output +# to dmesg, the test is considered to have failed and returns an error: +# +# unregister_netdevice: waiting for veth_A-R1 to become free +# +# Otherwise, the test passes. After execution of the test, the CPU governor +# is restored to its original settings. +# - pmtu_ipv6_ipv6_exception +# Same as pmtu_ipv4_vxlan4, but using a IPv4/IPv6 tunnel over IPv4/IPv6, +# instead of VXLAN + +# Pinned version of lib.sh +############################################################################## +# Defines + +WAIT_TIMEOUT=${WAIT_TIMEOUT:=20} +BUSYWAIT_TIMEOUT=$((WAIT_TIMEOUT * 1000)) # ms + +# Kselftest framework requirement - SKIP code is 4. +ksft_skip=4 +# namespace list created by setup_ns +NS_LIST=() + +############################################################################## +# Helpers + +__ksft_status_merge() +{ + local a=$1; shift + local b=$1; shift + local -A weights + local weight=0 + + local i + for i in "$@"; do + weights[$i]=$((weight++)) + done + + if [[ ${weights[$a]} > ${weights[$b]} ]]; then + echo "$a" + return 0 + else + echo "$b" + return 1 + fi +} + +ksft_status_merge() +{ + local a=$1; shift + local b=$1; shift + + __ksft_status_merge "$a" "$b" \ + $ksft_pass $ksft_xfail $ksft_skip $ksft_fail +} + +ksft_exit_status_merge() +{ + local a=$1; shift + local b=$1; shift + + __ksft_status_merge "$a" "$b" \ + $ksft_xfail $ksft_pass $ksft_skip $ksft_fail +} + +loopy_wait() +{ + local sleep_cmd=$1; shift + local timeout_ms=$1; shift + + local start_time="$(date -u +%s%3N)" + while true + do + local out + if out=$("$@"); then + echo -n "$out" + return 0 + fi + + local current_time="$(date -u +%s%3N)" + if ((current_time - start_time > timeout_ms)); then + echo -n "$out" + return 1 + fi + + $sleep_cmd + done +} + +busywait() +{ + local timeout_ms=$1; shift + + loopy_wait : "$timeout_ms" "$@" +} + +# timeout in seconds +slowwait() +{ + local timeout_sec=$1; shift + + loopy_wait "sleep 0.1" "$((timeout_sec * 1000))" "$@" +} + +until_counter_is() +{ + local expr=$1; shift + local current=$("$@") + + echo $((current)) + ((current $expr)) +} + +busywait_for_counter() +{ + local timeout=$1; shift + local delta=$1; shift + + local base=$("$@") + busywait "$timeout" until_counter_is ">= $((base + delta))" "$@" +} + +slowwait_for_counter() +{ + local timeout=$1; shift + local delta=$1; shift + + local base=$("$@") + slowwait "$timeout" until_counter_is ">= $((base + delta))" "$@" +} + +cleanup_ns() +{ + local ns="" + local errexit=0 + local ret=0 + + # disable errexit temporary + if [[ $- =~ "e" ]]; then + errexit=1 + set +e + fi + + for ns in "$@"; do + [ -z "${ns}" ] && continue + ip netns delete "${ns}" &> /dev/null + if ! busywait $BUSYWAIT_TIMEOUT ip netns list \| grep -vq "^$ns$" &> /dev/null; then + echo "Warn: Failed to remove namespace $ns" + ret=1 + fi + done + + [ $errexit -eq 1 ] && set -e + return $ret +} + +cleanup_all_ns() +{ + cleanup_ns "${NS_LIST[@]}" +} + +# setup netns with given names as prefix. e.g +# setup_ns local remote +setup_ns() +{ + local ns="" + local ns_name="" + local ns_list=() + local ns_exist= + for ns_name in "$@"; do + # Some test may setup/remove same netns multi times + if unset ${ns_name} 2> /dev/null; then + ns="${ns_name,,}-$(mktemp -u XXXXXX)" + eval readonly ${ns_name}="$ns" + ns_exist=false + else + eval ns='$'${ns_name} + cleanup_ns "$ns" + ns_exist=true + fi + + if ! ip netns add "$ns"; then + echo "Failed to create namespace $ns_name" + cleanup_ns "${ns_list[@]}" + return $ksft_skip + fi + ip -n "$ns" link set lo up + ! $ns_exist && ns_list+=("$ns") + done + NS_LIST+=("${ns_list[@]}") +} + +tc_rule_stats_get() +{ + local dev=$1; shift + local pref=$1; shift + local dir=$1; shift + local selector=${1:-.packets}; shift + + tc -j -s filter show dev $dev ${dir:-ingress} pref $pref \ + | jq ".[1].options.actions[].stats$selector" +} + +tc_rule_handle_stats_get() +{ + local id=$1; shift + local handle=$1; shift + local selector=${1:-.packets}; shift + local netns=${1:-""}; shift + + tc $netns -j -s filter show $id \ + | jq ".[] | select(.options.handle == $handle) | \ + .options.actions[0].stats$selector" +} + +# Pinned version of net_helper.sh +wait_local_port_listen() +{ + local listener_ns="${1}" + local port="${2}" + local protocol="${3}" + local pattern + local i + + pattern=":$(printf "%04X" "${port}") " + + # for tcp protocol additionally check the socket state + [ ${protocol} = "tcp" ] && pattern="${pattern}0A" + for i in $(seq 10); do + if ip netns exec "${listener_ns}" awk '{print $2" "$4}' \ + /proc/net/"${protocol}"* | grep -q "${pattern}"; then + break + fi + sleep 0.1 + done +} + + + +PAUSE_ON_FAIL=no +VERBOSE=0 +TRACING=0 + +# Some systems don't have a ping6 binary anymore +which ping6 > /dev/null 2>&1 && ping6=$(which ping6) || ping6=$(which ping) + +# Name Description re-run with nh +tests=" + pmtu_bad Runs IPv6 over IPv6: PMTU exceptions 100x w/ performance governor 1" + +# Addressing and routing for tests with routers: four network segments, with +# index SEGMENT between 1 and 4, a common prefix (PREFIX4 or PREFIX6) and an +# identifier ID, which is 1 for hosts (A and B), 2 for routers (R1 and R2). +# Addresses are: +# - IPv4: PREFIX4.SEGMENT.ID (/24) +# - IPv6: PREFIX6:SEGMENT::ID (/64) +prefix4="10.0" +prefix6="fc00" +a_r1=1 +a_r2=2 +b_r1=3 +b_r2=4 +# ns peer segment +routing_addrs=" + A R1 ${a_r1} + A R2 ${a_r2} + B R1 ${b_r1} + B R2 ${b_r2} +" +# Traffic from A to B goes through R1 by default, and through R2, if destined to +# B's address on the b_r2 segment. +# Traffic from B to A goes through R1. +# ns destination gateway +routes=" + A default ${prefix4}.${a_r1}.2 + A ${prefix4}.${b_r2}.1 ${prefix4}.${a_r2}.2 + B default ${prefix4}.${b_r1}.2 + + A default ${prefix6}:${a_r1}::2 + A ${prefix6}:${b_r2}::1 ${prefix6}:${a_r2}::2 + B default ${prefix6}:${b_r1}::2 +" +USE_NH="no" +# ns family nh id destination gateway +nexthops=" + A 4 41 ${prefix4}.${a_r1}.2 veth_A-R1 + A 4 42 ${prefix4}.${a_r2}.2 veth_A-R2 + B 4 41 ${prefix4}.${b_r1}.2 veth_B-R1 + + A 6 61 ${prefix6}:${a_r1}::2 veth_A-R1 + A 6 62 ${prefix6}:${a_r2}::2 veth_A-R2 + B 6 61 ${prefix6}:${b_r1}::2 veth_B-R1 +" + +# nexthop id correlates to id in nexthops config above +# ns family prefix nh id +routes_nh=" + A 4 default 41 + A 4 ${prefix4}.${b_r2}.1 42 + B 4 default 41 + + A 6 default 61 + A 6 ${prefix6}:${b_r2}::1 62 + B 6 default 61 +" + +policy_mark=0x04 +rt_table=main + +veth4_a_addr="192.168.1.1" +veth4_b_addr="192.168.1.2" +veth4_c_addr="192.168.2.10" +veth4_mask="24" +veth6_a_addr="fd00:1::a" +veth6_b_addr="fd00:1::b" +veth6_c_addr="fd00:2::c" +veth6_mask="64" + +tunnel4_a_addr="192.168.2.1" +tunnel4_b_addr="192.168.2.2" +tunnel4_mask="24" +tunnel6_a_addr="fd00:2::a" +tunnel6_b_addr="fd00:2::b" +tunnel6_mask="64" + +dummy6_0_prefix="fc00:1000::" +dummy6_1_prefix="fc00:1001::" +dummy6_mask="64" + +err_buf= +tcpdump_pids= +nettest_pids= +socat_pids= +tmpoutfile= + +err() { + err_buf="${err_buf}${1} +" +} + +err_flush() { + echo -n "${err_buf}" + err_buf= +} + +run_cmd() { + cmd="$*" + + if [ "$VERBOSE" = "1" ]; then + printf " COMMAND: $cmd\n" + fi + + out="$($cmd 2>&1)" + rc=$? + if [ "$VERBOSE" = "1" -a -n "$out" ]; then + echo " $out" + echo + fi + + return $rc +} + +run_cmd_bg() { + cmd="$*" + + if [ "$VERBOSE" = "1" ]; then + printf " COMMAND: %s &\n" "${cmd}" + fi + + $cmd 2>&1 & +} + +# Find the auto-generated name for this namespace +nsname() { + eval echo \$NS_$1 +} + +setup_ipvX_over_ipvY() { + inner=${1} + outer=${2} + + if [ "${outer}" -eq 4 ]; then + a_addr="${prefix4}.${a_r1}.1" + b_addr="${prefix4}.${b_r1}.1" + if [ "${inner}" -eq 4 ]; then + type="ipip" + mode="ipip" + else + type="sit" + mode="ip6ip" + fi + else + a_addr="${prefix6}:${a_r1}::1" + b_addr="${prefix6}:${b_r1}::1" + type="ip6tnl" + if [ "${inner}" -eq 4 ]; then + mode="ipip6" + else + mode="ip6ip6" + fi + fi + + run_cmd ${ns_a} ip link add ip_a type ${type} local ${a_addr} remote ${b_addr} mode ${mode} || return $ksft_skip + run_cmd ${ns_b} ip link add ip_b type ${type} local ${b_addr} remote ${a_addr} mode ${mode} + + run_cmd ${ns_a} ip link set ip_a up + run_cmd ${ns_b} ip link set ip_b up + + if [ "${inner}" = "4" ]; then + run_cmd ${ns_a} ip addr add ${tunnel4_a_addr}/${tunnel4_mask} dev ip_a + run_cmd ${ns_b} ip addr add ${tunnel4_b_addr}/${tunnel4_mask} dev ip_b + else + run_cmd ${ns_a} ip addr add ${tunnel6_a_addr}/${tunnel6_mask} dev ip_a + run_cmd ${ns_b} ip addr add ${tunnel6_b_addr}/${tunnel6_mask} dev ip_b + fi +} + +setup_ip6ip6() { + setup_ipvX_over_ipvY 6 6 +} + +setup_namespaces() { + setup_ns NS_A NS_B NS_C NS_R1 NS_R2 + for n in ${NS_A} ${NS_B} ${NS_C} ${NS_R1} ${NS_R2}; do + # Disable DAD, so that we don't have to wait to use the + # configured IPv6 addresses + ip netns exec ${n} sysctl -q net/ipv6/conf/default/accept_dad=0 + done + ns_a="ip netns exec ${NS_A}" + ns_b="ip netns exec ${NS_B}" + ns_c="ip netns exec ${NS_C}" + ns_r1="ip netns exec ${NS_R1}" + ns_r2="ip netns exec ${NS_R2}" +} + + +setup_routing_old() { + for i in ${routes}; do + [ "${ns}" = "" ] && ns="${i}" && continue + [ "${addr}" = "" ] && addr="${i}" && continue + [ "${gw}" = "" ] && gw="${i}" + + ns_name="$(nsname ${ns})" + + ip -n "${ns_name}" route add "${addr}" table "${rt_table}" via "${gw}" + + ns=""; addr=""; gw="" + done +} + +setup_routing_new() { + for i in ${nexthops}; do + [ "${ns}" = "" ] && ns="${i}" && continue + [ "${fam}" = "" ] && fam="${i}" && continue + [ "${nhid}" = "" ] && nhid="${i}" && continue + [ "${gw}" = "" ] && gw="${i}" && continue + [ "${dev}" = "" ] && dev="${i}" + + ns_name="$(nsname ${ns})" + + ip -n ${ns_name} -${fam} nexthop add id ${nhid} via ${gw} dev ${dev} + + ns=""; fam=""; nhid=""; gw=""; dev="" + + done + + for i in ${routes_nh}; do + [ "${ns}" = "" ] && ns="${i}" && continue + [ "${fam}" = "" ] && fam="${i}" && continue + [ "${addr}" = "" ] && addr="${i}" && continue + [ "${nhid}" = "" ] && nhid="${i}" + + ns_name="$(nsname ${ns})" + + ip -n "${ns_name}" -"${fam}" route add "${addr}" table "${rt_table}" nhid "${nhid}" + + ns=""; fam=""; addr=""; nhid="" + done +} + +setup_routing() { + for i in ${NS_R1} ${NS_R2}; do + ip netns exec ${i} sysctl -q net/ipv4/ip_forward=1 + ip netns exec ${i} sysctl -q net/ipv6/conf/all/forwarding=1 + done + + for i in ${routing_addrs}; do + [ "${ns}" = "" ] && ns="${i}" && continue + [ "${peer}" = "" ] && peer="${i}" && continue + [ "${segment}" = "" ] && segment="${i}" + + ns_name="$(nsname ${ns})" + peer_name="$(nsname ${peer})" + if="veth_${ns}-${peer}" + ifpeer="veth_${peer}-${ns}" + + # Create veth links + ip link add ${if} up netns ${ns_name} type veth peer name ${ifpeer} netns ${peer_name} || return 1 + ip -n ${peer_name} link set dev ${ifpeer} up + + # Add addresses + ip -n ${ns_name} addr add ${prefix4}.${segment}.1/24 dev ${if} + ip -n ${ns_name} addr add ${prefix6}:${segment}::1/64 dev ${if} + + ip -n ${peer_name} addr add ${prefix4}.${segment}.2/24 dev ${ifpeer} + ip -n ${peer_name} addr add ${prefix6}:${segment}::2/64 dev ${ifpeer} + + ns=""; peer=""; segment="" + done + + if [ "$USE_NH" = "yes" ]; then + setup_routing_new + else + setup_routing_old + fi + + return 0 +} + + +setup() { + [ "$(id -u)" -ne 0 ] && echo " need to run as root" && return $ksft_skip + + for arg do + eval setup_${arg} || { echo " ${arg} not supported"; return 1; } + done +} + +trace() { + [ $TRACING -eq 0 ] && return + + for arg do + [ "${ns_cmd}" = "" ] && ns_cmd="${arg}" && continue + ${ns_cmd} tcpdump --immediate-mode -s 0 -i "${arg}" -w "${name}_${arg}.pcap" 2> /dev/null & + tcpdump_pids="${tcpdump_pids} $!" + ns_cmd= + done + sleep 1 +} + + +restore_governors() { + echo "Restoring original CPU governors" + while IFS=' ' read -r cpu governor; do + echo "$governor" | tee "/sys/devices/system/cpu/$cpu/cpufreq/scaling_governor" > /dev/null + done < "$GOVERNOR_STATE_FILE" + rm -rf "$STATE_FILE_DIR" 2>/dev/null +} + + +cleanup() { + for pid in ${tcpdump_pids}; do + kill ${pid} + done + tcpdump_pids= + + for pid in ${nettest_pids}; do + kill ${pid} + done + nettest_pids= + + for pid in ${socat_pids}; do + kill "${pid}" + done + socat_pids= + + cleanup_all_ns + + ip link del veth_A-C 2>/dev/null + ip link del veth_A-R1 2>/dev/null + ovs-vsctl --if-exists del-port vxlan_a 2>/dev/null + ovs-vsctl --if-exists del-br ovs_br0 2>/dev/null + rm -f "$tmpoutfile" +} + +mtu() { + ns_cmd="${1}" + dev="${2}" + mtu="${3}" + + ${ns_cmd} ip link set dev ${dev} mtu ${mtu} +} + +mtu_parse() { + input="${1}" + + next=0 + for i in ${input}; do + [ ${next} -eq 1 -a "${i}" = "lock" ] && next=2 && continue + [ ${next} -eq 1 ] && echo "${i}" && return + [ ${next} -eq 2 ] && echo "lock ${i}" && return + [ "${i}" = "mtu" ] && next=1 + done +} + +link_get() { + ns_cmd="${1}" + name="${2}" + + ${ns_cmd} ip link show dev "${name}" +} + +link_get_mtu() { + ns_cmd="${1}" + name="${2}" + + mtu_parse "$(link_get "${ns_cmd}" ${name})" +} + +route_get_dst_exception() { + ns_cmd="${1}" + dst="${2}" + dsfield="${3}" + + if [ -z "${dsfield}" ]; then + dsfield=0 + fi + + ${ns_cmd} ip route get "${dst}" dsfield "${dsfield}" +} + +route_get_dst_pmtu_from_exception() { + ns_cmd="${1}" + dst="${2}" + dsfield="${3}" + + mtu_parse "$(route_get_dst_exception "${ns_cmd}" "${dst}" "${dsfield}")" +} + +check_pmtu_value() { + expected="${1}" + value="${2}" + event="${3}" + + [ "${expected}" = "any" ] && [ -n "${value}" ] && return 0 + [ "${value}" = "${expected}" ] && return 0 + [ -z "${value}" ] && err " PMTU exception wasn't created after ${event}" && return 1 + [ -z "${expected}" ] && err " PMTU exception shouldn't exist after ${event}" && return 1 + err " found PMTU exception with incorrect MTU ${value}, expected ${expected}, after ${event}" + return 1 +} + + +test_pmtu_ipvX_over_ipvY_exception() { + inner=${1} + outer=${2} + ll_mtu=4000 + + setup namespaces routing ip${inner}ip${outer} || return $ksft_skip + + trace "${ns_a}" ip_a "${ns_b}" ip_b \ + "${ns_a}" veth_A-R1 "${ns_r1}" veth_R1-A \ + "${ns_b}" veth_B-R1 "${ns_r1}" veth_R1-B + + if [ ${inner} -eq 4 ]; then + ping=ping + dst=${tunnel4_b_addr} + else + ping=${ping6} + dst=${tunnel6_b_addr} + fi + + if [ ${outer} -eq 4 ]; then + # IPv4 header + exp_mtu=$((${ll_mtu} - 20)) + else + # IPv6 header Option 4 + exp_mtu=$((${ll_mtu} - 40 - 8)) + fi + + # Create route exception by exceeding link layer MTU + mtu "${ns_a}" veth_A-R1 $((${ll_mtu} + 1000)) + mtu "${ns_r1}" veth_R1-A $((${ll_mtu} + 1000)) + mtu "${ns_b}" veth_B-R1 ${ll_mtu} + mtu "${ns_r1}" veth_R1-B ${ll_mtu} + + mtu "${ns_a}" ip_a $((${ll_mtu} + 1000)) || return + mtu "${ns_b}" ip_b $((${ll_mtu} + 1000)) || return + run_cmd ${ns_a} ${ping} -q -M want -i 0.1 -w 1 -s $((${ll_mtu} + 500)) ${dst} + + # Check that exception was created + pmtu="$(route_get_dst_pmtu_from_exception "${ns_a}" ${dst})" + check_pmtu_value ${exp_mtu} "${pmtu}" "exceeding link layer MTU on ip${inner}ip${outer} interface" +} + +test_pmtu_ipv6_ipv6_exception() { + test_pmtu_ipvX_over_ipvY_exception 6 6 +} + +run_test() { + ( + tname="$1" + tdesc="$2" + + unset IFS + + # Since cleanup() relies on variables modified by this subshell, it + # has to run in this context. + trap cleanup EXIT + + if [ "$VERBOSE" = "1" ]; then + printf "\n##########################################################################\n\n" + fi + + eval test_${tname} + ret=$? + + if [ $ret -eq 0 ]; then + printf "TEST: %-60s [ OK ]\n" "${tdesc}" + elif [ $ret -eq 1 ]; then + printf "TEST: %-60s [FAIL]\n" "${tdesc}" + if [ "${PAUSE_ON_FAIL}" = "yes" ]; then + echo + echo "Pausing. Hit enter to continue" + read a + fi + err_flush + exit 1 + elif [ $ret -eq $ksft_skip ]; then + printf "TEST: %-60s [SKIP]\n" "${tdesc}" + err_flush + fi + + return $ret + ) + ret=$? + case $ret in + 0) + all_skipped=false + [ $exitcode -eq $ksft_skip ] && exitcode=0 + ;; + $ksft_skip) + [ $all_skipped = true ] && exitcode=$ksft_skip + ;; + *) + all_skipped=false + exitcode=1 + ;; + esac + + return $ret +} + +run_test_nh() { + tname="$1" + tdesc="$2" + + USE_NH=yes + run_test "${tname}" "${tdesc} - nexthop objects" + USE_NH=no +} + +usage() { + echo + echo "$0 [OPTIONS]..." + echo "Runs pmtu_ipv6_ipv6_exception test 100x" + echo + echo "Options" + echo " --trace: capture traffic to TEST_INTERFACE.pcap" + echo + echo "Available tests${tests}" + exit 1 +} + +################################################################################ +# + +[ "$(id -u)" -ne 0 ] && echo "ERROR: need to run as root" && exit 1 +exitcode=0 +desc=0 +all_skipped=true + +while getopts :ptv o +do + case $o in + p) PAUSE_ON_FAIL=yes;; + v) VERBOSE=1;; + t) if which tcpdump > /dev/null 2>&1; then + TRACING=1 + else + echo "=== tcpdump not available, tracing disabled" + fi + ;; + *) usage;; + esac +done +shift $(($OPTIND-1)) + +IFS=" +" + +for arg do + # Check first that all requested tests are available before running any + command -v > /dev/null "test_${arg}" || { echo "=== Test ${arg} not found"; usage; } +done + +trap cleanup EXIT + +# start clean +cleanup + +HAVE_NH=no +ip nexthop ls >/dev/null 2>&1 +[ $? -eq 0 ] && HAVE_NH=yes + +name="" +desc="" +rerun_nh=0 + +# Set to performance governor so we can reproduce the bug +STATE_FILE_DIR=$(mktemp -d) +if [[ ! -d "$STATE_FILE_DIR" ]]; then + echo "Could not create temp dir, skipping this test" >&2 + exit 1 +fi + +# Save current CPU governor state to temp file +GOVERNOR_STATE_FILE="$STATE_FILE_DIR/orig_cpu_governors.txt" +touch $GOVERNOR_STATE_FILE +if [[ ! -e "$GOVERNOR_STATE_FILE" ]]; then + echo "Could not save current performance governor states, skipping this test" >&2 + exit 1 +fi +echo "Saving current performance governor settings" +for cpu in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do + if [[ $cpu =~ ^/sys/devices/system/cpu/(cpu[0-9]+)/cpufreq/scaling_governor$ ]]; then + echo "${BASH_REMATCH[1]} $(cat $cpu)" >> "$GOVERNOR_STATE_FILE" + fi +done + +# Restore original CPU governor settings +trap restore_governors EXIT + +echo "Switching CPU governor to performance" +for cpu in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do + if [[ $cpu =~ ^/sys/devices/system/cpu/(cpu[0-9]+)/cpufreq/scaling_governor$ ]]; then + echo "performance" | tee $cpu > /dev/null + fi +done + +for i in $(seq 1 100); +do + name="pmtu_ipv6_ipv6_exception" + desc="Bad PMTU behavior" + + if [ "${HAVE_NH}" = "yes" ]; then + rerun_nh="${t}" + fi + + run_this=1 + for arg do + [ "${arg}" != "${arg#--*}" ] && continue + [ "${arg}" = "${name}" ] && run_this=1 && break + run_this=0 + done + if [ $run_this -eq 1 ]; then + run_test_nh "${name}" "${desc}" + fi + name="" + desc="" + rerun_nh=0 +done + +if dmesg | grep -q "unregister_netdevice: waiting for veth_A-R1 to become free"; then + printf "TEST: Bad PMTU behavior - veth_A-R1 refcount error reproducer [FAIL]\n" + printf "veth_A-R1 has not been released properly\n" + exitcode=1 +else + printf "TEST: Bad PMTU behavior - veth_A-R1 refcount error reproducer [PASS]\n" + printf "No veth_A-R1 errors, considering this test passed\n" + exitcode=0 +fi + +exit ${exitcode} -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH] selftests: livepatch: test livepatching a kprobed function

by Michael Vetter

The test proves that a function that is being kprobed and uses a post_handler cannot be livepatched. Only one ftrace_ops with FTRACE_OPS_FL_IPMODIFY set may be registered to any given function at a time. Signed-off-by: Michael Vetter <mvetter(a)suse.com> --- tools/testing/selftests/livepatch/Makefile | 3 +- .../selftests/livepatch/test-kprobe.sh | 62 +++++++++++++++++++ .../selftests/livepatch/test_modules/Makefile | 3 +- .../livepatch/test_modules/test_klp_kprobe.c | 38 ++++++++++++ 4 files changed, 104 insertions(+), 2 deletions(-) create mode 100755 tools/testing/selftests/livepatch/test-kprobe.sh create mode 100644 tools/testing/selftests/livepatch/test_modules/test_klp_kprobe.c diff --git a/tools/testing/selftests/livepatch/Makefile b/tools/testing/selftests/livepatch/Makefile index 35418a4790be..a080eb54a215 100644 --- a/tools/testing/selftests/livepatch/Makefile +++ b/tools/testing/selftests/livepatch/Makefile @@ -10,7 +10,8 @@ TEST_PROGS := \ test-state.sh \ test-ftrace.sh \ test-sysfs.sh \ - test-syscall.sh + test-syscall.sh \ + test-kprobe.sh TEST_FILES := settings diff --git a/tools/testing/selftests/livepatch/test-kprobe.sh b/tools/testing/selftests/livepatch/test-kprobe.sh new file mode 100755 index 000000000000..0c62c6b81e18 --- /dev/null +++ b/tools/testing/selftests/livepatch/test-kprobe.sh @@ -0,0 +1,62 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2024 SUSE +# Author: Michael Vetter <mvetter(a)suse.com> + +. $(dirname $0)/functions.sh + +MOD_LIVEPATCH=test_klp_livepatch +MOD_KPROBE=test_klp_kprobe + +setup_config + +# Kprobe a function and verify that we can't livepatch that same function +# when it uses a post_handler since only one IPMODIFY maybe be registered +# to any given function at a time. + +start_test "livepatch interaction with kprobed function with post_handler" + +echo 1 > /sys/kernel/debug/kprobes/enabled + +load_mod $MOD_KPROBE has_post_handler=true +load_failing_mod $MOD_LIVEPATCH +unload_mod $MOD_KPROBE + +check_result "% insmod test_modules/test_klp_kprobe.ko has_post_handler=true +% insmod test_modules/$MOD_LIVEPATCH.ko +livepatch: enabling patch '$MOD_LIVEPATCH' +livepatch: '$MOD_LIVEPATCH': initializing patching transition +livepatch: failed to register ftrace handler for function 'cmdline_proc_show' (-16) +livepatch: failed to patch object 'vmlinux' +livepatch: failed to enable patch '$MOD_LIVEPATCH' +livepatch: '$MOD_LIVEPATCH': canceling patching transition, going to unpatch +livepatch: '$MOD_LIVEPATCH': completing unpatching transition +livepatch: '$MOD_LIVEPATCH': unpatching complete +insmod: ERROR: could not insert module test_modules/$MOD_LIVEPATCH.ko: Device or resource busy +% rmmod test_klp_kprobe" + +start_test "livepatch interaction with kprobed function without post_handler" + +load_mod $MOD_KPROBE has_post_handler=false +load_lp $MOD_LIVEPATCH + +unload_mod $MOD_KPROBE +disable_lp $MOD_LIVEPATCH +unload_lp $MOD_LIVEPATCH + +check_result "% insmod test_modules/test_klp_kprobe.ko has_post_handler=false +% insmod test_modules/$MOD_LIVEPATCH.ko +livepatch: enabling patch '$MOD_LIVEPATCH' +livepatch: '$MOD_LIVEPATCH': initializing patching transition +livepatch: '$MOD_LIVEPATCH': starting patching transition +livepatch: '$MOD_LIVEPATCH': completing patching transition +livepatch: '$MOD_LIVEPATCH': patching complete +% rmmod test_klp_kprobe +% echo 0 > /sys/kernel/livepatch/$MOD_LIVEPATCH/enabled +livepatch: '$MOD_LIVEPATCH': initializing unpatching transition +livepatch: '$MOD_LIVEPATCH': starting unpatching transition +livepatch: '$MOD_LIVEPATCH': completing unpatching transition +livepatch: '$MOD_LIVEPATCH': unpatching complete +% rmmod $MOD_LIVEPATCH" + +exit 0 diff --git a/tools/testing/selftests/livepatch/test_modules/Makefile b/tools/testing/selftests/livepatch/test_modules/Makefile index e6e638c4bcba..4981d270f128 100644 --- a/tools/testing/selftests/livepatch/test_modules/Makefile +++ b/tools/testing/selftests/livepatch/test_modules/Makefile @@ -11,7 +11,8 @@ obj-m += test_klp_atomic_replace.o \ test_klp_state2.o \ test_klp_state3.o \ test_klp_shadow_vars.o \ - test_klp_syscall.o + test_klp_syscall.o \ + test_klp_kprobe.o # Ensure that KDIR exists, otherwise skip the compilation modules: diff --git a/tools/testing/selftests/livepatch/test_modules/test_klp_kprobe.c b/tools/testing/selftests/livepatch/test_modules/test_klp_kprobe.c new file mode 100644 index 000000000000..49b579ea1054 --- /dev/null +++ b/tools/testing/selftests/livepatch/test_modules/test_klp_kprobe.c @@ -0,0 +1,38 @@ +// SPDX-License-Identifier: GPL-2.0 +// Copyright (C) 2024 Marcos Paulo de Souza <mpdesouza(a)suse.com> +// Copyright (C) 2024 Michael Vetter <mvetter(a)suse.com> + +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/kprobes.h> + +static bool has_post_handler = true; +module_param(has_post_handler, bool, 0444); + +static void __kprobes post_handler(struct kprobe *p, struct pt_regs *regs, + unsigned long flags) +{ +} + +static struct kprobe kp = { + .symbol_name = "cmdline_proc_show", +}; + +static int __init kprobe_init(void) +{ + if (has_post_handler) + kp.post_handler = post_handler; + + return register_kprobe(&kp); +} + +static void __exit kprobe_exit(void) +{ + unregister_kprobe(&kp); +} + +module_init(kprobe_init) +module_exit(kprobe_exit) +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Michael Vetter <mvetter(a)suse.com>"); +MODULE_DESCRIPTION("Livepatch test: livepatch kprobed function"); -- 2.46.0

1 year, 1 month

2
1
0 0

[PATCH v3 0/3] selftests: kvm: s390: Add ucontrol memory selftests

by Christoph Schlameuss

This patch series adds a some not yet picked selftests to the kvm s390x selftest suite. The additional test cases are covering: * Assert KVM_EXIT_S390_UCONTROL exit on not mapped memory access * Assert functionality of storage keys in ucontrol VM * Assert that memory region operations are rejected for ucontrol VMs Running the test cases requires sys_admin capabilities to start the ucontrol VM. This can be achieved by running as root or with a command like: sudo setpriv --reuid nobody --inh-caps -all,+sys_admin \ --ambient-caps -all,+sys_admin --bounding-set -all,+sys_admin \ ./ucontrol_test --- The patches in this series have been part of the previous patch series. The test cases added here do depend on the fixture added in the earlier patches. From v5 PATCH 7-9 the segment and page table generation has been removed and DAT has been disabled. Since DAT is not necessary to validate the KVM code. https://lore.kernel.org/kvm/20240807154512.316936-1-schlameuss@linux.ibm.co… v3: - fix skey assertion (thanks Claudio) - introduce a wrapper around UCAS map and unmap ioctls to improve readability (Claudio) - add an displacement to accessed memory to assert translation intercepts actually point to segments to the uc_map_unmap test - add an misaligned failing mapping try to the uc_map_unmap test v2: - Reenable KSS intercept and handle it within skey test. - Modify the checked register between storing (sske) and reading (iske) it within the test program to make sure the. - Add an additional state assertion in the end of uc_skey - Fix some typos and white spaces. v1: - Remove segment and page table generation and disable DAT. This is not necessary to validate the KVM code. Christoph Schlameuss (3): selftests: kvm: s390: Add uc_map_unmap VM test case selftests: kvm: s390: Add uc_skey VM test case selftests: kvm: s390: Verify reject memory region operations for ucontrol VMs .../selftests/kvm/s390x/ucontrol_test.c | 256 +++++++++++++++++- 1 file changed, 254 insertions(+), 2 deletions(-) -- 2.46.0

1 year, 1 month

3
9
0 0

[PATCH v5 00/14] integrity: Introduce the Integrity Digest Cache

by Roberto Sassu

From: Roberto Sassu <roberto.sassu(a)huawei.com> Integrity detection and protection has long been a desirable feature, to reach a large user base and mitigate the risk of flaws in the software and attacks. However, while solutions exist, they struggle to reach a large user base, due to requiring higher than desired constraints on performance, flexibility and configurability, that only security conscious people are willing to accept. For example, IMA measurement requires the target platform to collect integrity measurements, and to protect them with the TPM, which introduces a noticeable overhead (up to 10x slower in a microbenchmark) on frequently used system calls, like the open(). IMA Appraisal currently requires individual files to be signed and verified, and Linux distributions to rebuild all packages to include file signatures (this approach has been adopted from Fedora 39+). Like a TPM, also signature verification introduces a significant overhead, especially if it is used to check the integrity of many files. This is where the new Integrity Digest Cache comes into play, it offers additional support for new and existing integrity solutions, to make them faster and easier to deploy. The Integrity Digest Cache can help IMA to reduce the number of TPM operations and to make them happen in a deterministic way. If IMA knows that a file comes from a Linux distribution, it can measure files in a different way: measure the list of digests coming from the distribution (e.g. RPM package headers), and subsequently measure a file if it is not found in that list. The performance improvement comes at the cost of IMA not reporting which files from installed packages were accessed, and in which temporal sequence. This approach might not be suitable for all use cases. The Integrity Digest Cache can also help IMA for appraisal. IMA can simply lookup the calculated digest of an accessed file in the list of digests extracted from package headers, after verifying the header signature. It is sufficient to verify only one signature for all files in the package, as opposed to verifying a signature for each file. The same approach can be followed by other LSMs, such as Integrity Policy Enforcement (IPE), and BPF LSM. The Integrity Digest Cache is not tied to a specific package format. While it currently supports a TLV-based and the RPM formats, it can be easily extended to support more formats, such as DEBs. Focusing on just extracting digests keeps these parsers minimal and reasonably simple (e.g. the RPM parser has ~220 LOC). Included parsers have been verified for memory safety with the Frama-C static analyzer. The parsers with the Frama-C assertions are available here: https://github.com/robertosassu/rpm-formal/ Integrating the Integrity Digest Cache in IMA brings significant performance improvements: up to 67% and 79% for measurement respectively in sequential and parallel file reads; up to 65% and 43% for appraisal respectively in sequential and parallel file reads. The performance can be further enhanced by using fsverity digests instead of conventional file digests, which would make IMA verify only the portion of the file to be read. However, at the moment, fsverity digests are not included in RPM packages. In this case, once rpm is extended to include them, Linux distributions still have to rebuild their packages. The Integrity Digest Cache can support both digest types, so that the functionality is immediately available without waiting for Linux distributions to do the transition. This patch set only includes the patches necessary to extract digests from a TLV-based and RPM data formats, and exposes an API for LSMs to query them. A separate patch set will be provided to integrate it in IMA. This patch set and the follow-up IMA integration can be tested by following the instructions at: https://github.com/linux-integrity/digest-cache-tools This patch set applies on top of: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/l… with commit fa8a4ce432e8 ("ima: fix buffer overrun in ima_eventdigest_init_common"). Changelog v4: - Rename digest_cache LSM to Integrity Digest Cache (suggested by Paul Moore) - Update documentation - Remove forward declaration of struct digest_cache in include/linux/digest_cache.h (suggested by Jarkko) - Add DIGEST_CACHE_FREE digest cache event for notification - Remove digest_cache_found_t typedef and use uintptr_t instead - Add header callback in TLV parser and unexport tlv_parse_hdr() and tlv_parse_data() - Plug the Integrity Digest Cache into the 'ima' LSM - Switch from constructor to zeroing the object cache - Remove notifier and detect digest cache changes by comparing pointers - Rename digest_cache_dir_create() to digest_cache_dir_add_entries() - Introduce digest_cache_dir_create() to create and initialize a directory digest cache - Introduce digest_cache_dir_update_dig_user() to update dig_user with a file digest cache on positive digest lookup - Use up to date directory digest cache, to take into account possible inode eviction for the old ones - Introduce digest_cache_dir_prefetch() to prefetch digest lists - Adjust component name in debug messages (suggested by Jarkko) - Add FILE_PREFETCH and FILE_READ digest cache flags, remove RESET_USER - Reintroduce spin lock for digest cache verification data (needed for the selftests) - Get inode and file descriptor security blob offsets from outside (IMA) - Avoid user-after-free in digest_cache_unref() by decrementing the ref. count after printing the debug message - Check for digest list lookup loops also for the parent directory - Put and clear dig_owner directly in digest_cache_reset_clear_owner() - Move digest cache initialization code from digest_cache_create() to digest_cache_init() - Hold the digest list path until the digest cache is initialized (to avoid premature inode eviction) - Avoid race condition on setting DIR_PREFETCH in the directory digest cache - Introduce digest_cache_dir_prefetch() and do it between digest cache creation and initialization (to avoid lock inversion) - Avoid unnecessary length check in digest_list_parse_rpm() - Declare arrays of strings in tlv parser as static - Emit reset for parent directory on directory entry modification - Rename digest_cache_reset_owner() to digest_cache_reset_clear_owner() and digest_cache_reset_user() to digest_cache_clear_user() - Execute digest_cache_file_release() either if FMODE_WRITE or FMODE_CREATED are set in the file descriptor f_mode - Determine in digest_cache_verif_set() which gfp flag to use depending on verifier ID - Update selftests v3: - Rewrite documentation, and remove the installation instructions since they are now included in the README of digest-cache-tools - Add digest cache event notifier - Drop digest_cache_was_reset(), and send instead to asynchronous notifications - Fix digest_cache LSM Kconfig style issues (suggested by Randy Dunlap) - Propagate digest cache reset to directory entries - Destroy per directory entry mutex - Introduce RESET_USER bit, to clear the dig_user pointer on set/removexattr - Replace 'file content' with 'file data' (suggested by Mimi) - Introduce per digest cache mutex and replace verif_data_lock spinlock - Track changes of security.digest_list xattr - Stop tracking file_open and use file_release instead also for file writes - Add error messages in digest_cache_create() - Load/unload testing kernel module automatically during execution of test - Add tests for digest cache event notifier - Add test for ftruncate() - Remove DIGEST_CACHE_RESET_PREFETCH_BUF command in test and clear the buffer on read instead v2: - Include the TLV parser in this patch set (from user asymmetric keys and signatures) - Move from IMA and make an independent LSM - Remove IMA-specific stuff from this patch set - Add per algorithm hash table - Expect all digest lists to be in the same directory and allow changing the default directory - Support digest lookup on directories, when there is no security.digest_list xattr - Add seq num to digest list file name, to impose ordering on directory iteration - Add a new data type DIGEST_LIST_ENTRY_DATA for the nested data in the tlv digest list format - Add the concept of verification data attached to digest caches - Add the reset mechanism to track changes on digest lists and directory containing the digest lists - Add kernel selftests v1: - Add documentation in Documentation/security/integrity-digest-cache.rst - Pass the mask of IMA actions to digest_cache_alloc() - Add a reference count to the digest cache - Remove the path parameter from digest_cache_get(), and rely on the reference count to avoid the digest cache disappearing while being used - Rename the dentry_to_check parameter of digest_cache_get() to dentry - Rename digest_cache_get() to digest_cache_new() and add digest_cache_get() to set the digest cache in the iint of the inode for which the digest cache was requested - Add dig_owner and dig_user to the iint, to distinguish from which inode the digest cache was created from, and which is using it; consequently it makes the digest cache usable to measure/appraise other digest caches (support not yet enabled) - Add dig_owner_mutex and dig_user_mutex to serialize accesses to dig_owner and dig_user until they are initialized - Enforce strong synchronization and make the contenders wait until dig_owner and dig_user are assigned to the iint the first time - Move checking IMA actions on the digest list earlier, and fail if no action were performed (digest cache not usable) - Remove digest_cache_put(), not needed anymore with the introduction of the reference count - Fail immediately in digest_cache_lookup() if the digest algorithm is not set in the digest cache - Use 64 bit mask for IMA actions on the digest list instead of 8 bit - Return NULL in the inline version of digest_cache_get() - Use list_add_tail() instead of list_add() in the iterator - Copy the digest list path to a separate buffer in digest_cache_iter_dir() - Use digest list parsers verified with Frama-C - Explicitly disable (for now) the possibility in the IMA policy to use the digest cache to measure/appraise other digest lists - Replace exit(<value>) with return <value> in manage_digest_lists.c Roberto Sassu (14): lib: Add TLV parser integrity: Introduce the Integrity Digest Cache digest_cache: Initialize digest caches digest_cache: Add securityfs interface digest_cache: Add hash tables and operations digest_cache: Populate the digest cache from a digest list digest_cache: Parse tlv digest lists digest_cache: Parse rpm digest lists digest_cache: Add management of verification data digest_cache: Add support for directories digest cache: Prefetch digest lists if requested digest_cache: Reset digest cache on file/directory change selftests/digest_cache: Add selftests for the Integrity Digest Cache docs: Add documentation of the Integrity Digest Cache Documentation/security/digest_cache.rst | 814 ++++++++++++++++++ Documentation/security/index.rst | 1 + MAINTAINERS | 10 + include/linux/digest_cache.h | 58 ++ include/linux/kernel_read_file.h | 1 + include/linux/tlv_parser.h | 48 ++ include/uapi/linux/tlv_digest_list.h | 72 ++ include/uapi/linux/tlv_parser.h | 62 ++ include/uapi/linux/xattr.h | 6 + lib/Kconfig | 3 + lib/Makefile | 2 + lib/tlv_parser.c | 221 +++++ lib/tlv_parser.h | 17 + security/integrity/Kconfig | 1 + security/integrity/Makefile | 1 + security/integrity/digest_cache/Kconfig | 33 + security/integrity/digest_cache/Makefile | 11 + security/integrity/digest_cache/dir.c | 397 +++++++++ security/integrity/digest_cache/htable.c | 254 ++++++ security/integrity/digest_cache/internal.h | 277 ++++++ security/integrity/digest_cache/main.c | 559 ++++++++++++ security/integrity/digest_cache/modsig.c | 66 ++ .../integrity/digest_cache/parsers/parsers.h | 15 + security/integrity/digest_cache/parsers/rpm.c | 220 +++++ security/integrity/digest_cache/parsers/tlv.c | 341 ++++++++ security/integrity/digest_cache/populate.c | 157 ++++ security/integrity/digest_cache/reset.c | 227 +++++ security/integrity/digest_cache/secfs.c | 104 +++ security/integrity/digest_cache/verif.c | 131 +++ security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_fs.c | 6 + security/integrity/ima/ima_main.c | 11 +- tools/testing/selftests/Makefile | 1 + .../testing/selftests/digest_cache/.gitignore | 3 + tools/testing/selftests/digest_cache/Makefile | 24 + .../testing/selftests/digest_cache/all_test.c | 749 ++++++++++++++++ tools/testing/selftests/digest_cache/common.c | 78 ++ tools/testing/selftests/digest_cache/common.h | 134 +++ .../selftests/digest_cache/common_user.c | 47 + .../selftests/digest_cache/common_user.h | 17 + tools/testing/selftests/digest_cache/config | 1 + .../selftests/digest_cache/generators.c | 248 ++++++ .../selftests/digest_cache/generators.h | 19 + .../selftests/digest_cache/testmod/Makefile | 16 + .../selftests/digest_cache/testmod/kern.c | 501 +++++++++++ 45 files changed, 5964 insertions(+), 1 deletion(-) create mode 100644 Documentation/security/digest_cache.rst create mode 100644 include/linux/digest_cache.h create mode 100644 include/linux/tlv_parser.h create mode 100644 include/uapi/linux/tlv_digest_list.h create mode 100644 include/uapi/linux/tlv_parser.h create mode 100644 lib/tlv_parser.c create mode 100644 lib/tlv_parser.h create mode 100644 security/integrity/digest_cache/Kconfig create mode 100644 security/integrity/digest_cache/Makefile create mode 100644 security/integrity/digest_cache/dir.c create mode 100644 security/integrity/digest_cache/htable.c create mode 100644 security/integrity/digest_cache/internal.h create mode 100644 security/integrity/digest_cache/main.c create mode 100644 security/integrity/digest_cache/modsig.c create mode 100644 security/integrity/digest_cache/parsers/parsers.h create mode 100644 security/integrity/digest_cache/parsers/rpm.c create mode 100644 security/integrity/digest_cache/parsers/tlv.c create mode 100644 security/integrity/digest_cache/populate.c create mode 100644 security/integrity/digest_cache/reset.c create mode 100644 security/integrity/digest_cache/secfs.c create mode 100644 security/integrity/digest_cache/verif.c create mode 100644 tools/testing/selftests/digest_cache/.gitignore create mode 100644 tools/testing/selftests/digest_cache/Makefile create mode 100644 tools/testing/selftests/digest_cache/all_test.c create mode 100644 tools/testing/selftests/digest_cache/common.c create mode 100644 tools/testing/selftests/digest_cache/common.h create mode 100644 tools/testing/selftests/digest_cache/common_user.c create mode 100644 tools/testing/selftests/digest_cache/common_user.h create mode 100644 tools/testing/selftests/digest_cache/config create mode 100644 tools/testing/selftests/digest_cache/generators.c create mode 100644 tools/testing/selftests/digest_cache/generators.h create mode 100644 tools/testing/selftests/digest_cache/testmod/Makefile create mode 100644 tools/testing/selftests/digest_cache/testmod/kern.c -- 2.34.1

1 year, 1 month

4
22
0 0

[PATCH bpf-next v5 0/8] libbpf, selftests/bpf: Support cross-endian usage

by Tony Ambardar

Hello all, This patch series targets a long-standing BPF usability issue - the lack of general cross-compilation support - by enabling cross-endian usage of libbpf and bpftool, as well as supporting cross-endian build targets for selftests/bpf. Benefits include improved BPF development and testing for embedded systems based on e.g. big-endian MIPS, more build options e.g for s390x systems, and better accessibility to the very latest test tools e.g. 'test_progs'. The series touches many functional areas: BTF.ext handling; object access, introspection, and linking; generation of normal and "light" skeletons. Initial development and testing used mips64, since this arch makes switching the build byte-order trivial and is thus very handy for A/B testing. However, it lacks some key features (bpf2bpf call, kfuncs, etc) making for poor selftests/bpf coverage. Final testing takes the kernel and selftests/bpf cross-built from x86_64 to s390x, and runs the result under QEMU/s390x. That same configuration could also be used on kernel-patches/bpf CI for regression testing endian support or perhaps load-sharing s390x builds across x86_64 systems. This thread includes some background regarding testing on QEMU/s390x and the generally favourable results: https://lore.kernel.org/bpf/ZsEcsaa3juxxQBUf@kodidev-ubuntu/ Earlier versions and related discussion of the series are here: v1: https://lore.kernel.org/bpf/cover.1724216108.git.tony.ambardar@gmail.com/ v2: https://lore.kernel.org/bpf/cover.1724313164.git.tony.ambardar@gmail.com/ v3: https://lore.kernel.org/bpf/cover.1724843049.git.tony.ambardar@gmail.com/ v4: https://lore.kernel.org/bpf/cover.1724976539.git.tony.ambardar@gmail.com/ Feedback and suggestions are welcome! Best regards, Tony Changelog: --------- v4 -> v5: (feedback from Andrii and Eduard) - add separate functions to byte-swap info metadata and records, and ensure ordering so record bswaps occur when metadata is native endian - use new and existing macros to iterate through info sections/records, and check embedded record sizes match that of info structs used - drop use of <cough> evil callbacks - move setting swapped_endian flag to after byte-swapping functions are called during initialization, allowing funcs to infer endianness and drop a 'bool native' call parameter - simplify byte-swapping macro used to generate light skeleton, and use internal lib funcs to swap info records instead of assuming all __u32 - change info bswap library funcs to void return - rework/consolidate new debug statements to reduce their number - remove some unneeded handling of impossible errors, and drop a safety check already handled elsewhere - add and clarify some comments v3 -> v4: - fix a use-after-free ELF data-handling error causing rare CI failures - move bswap functions for func/line/core-relo records to internal header - use bswap functions also for info blobs in light skeleton v2 -> v3: (feedback from Andrii) - improve some log and commit message formatting - restructure BTF.ext endianness safety checks and byte-swapping - use BTF.ext info record definitions for swapping, require BTF v1 - follow BTF API implementation more closely for BTF.ext - explicitly reject loading non-native endianness program into kernel - simplify linker output byte-order setting - drop redundant safety checks during linking - simplify endianness macro and improve blob setup code for light skel - no unexpected test failures after cross-compiling x86_64 -> s390x v1 -> v2: - fixed a light skeleton bug causing test_progs 'map_ptr' failure - simplified some BTF.ext related endianness logic - remove an 'inline' usage related to CI checkpatch failure - improve some formatting noted by checkpatch warnings - unexpected 'test_progs' failures drop 3 -> 2 (x86_64 to s390x cross) Tony Ambardar (8): libbpf: Improve log message formatting libbpf: Fix header comment typos for BTF.ext libbpf: Fix output .symtab byte-order during linking libbpf: Support BTF.ext loading and output in either endianness libbpf: Support opening bpf objects of either endianness libbpf: Support linking bpf objects of either endianness libbpf: Support creating light skeleton of either endianness selftests/bpf: Support cross-endian building tools/lib/bpf/bpf_gen_internal.h | 1 + tools/lib/bpf/btf.c | 242 +++++++++++++++++++++++++-- tools/lib/bpf/btf.h | 3 + tools/lib/bpf/btf_dump.c | 2 +- tools/lib/bpf/btf_relocate.c | 2 +- tools/lib/bpf/gen_loader.c | 191 +++++++++++++++------ tools/lib/bpf/libbpf.c | 57 +++++-- tools/lib/bpf/libbpf.map | 2 + tools/lib/bpf/libbpf_internal.h | 43 ++++- tools/lib/bpf/linker.c | 80 +++++++-- tools/lib/bpf/relo_core.c | 2 +- tools/lib/bpf/skel_internal.h | 3 +- tools/testing/selftests/bpf/Makefile | 7 +- 13 files changed, 529 insertions(+), 106 deletions(-) -- 2.34.1

1 year, 1 month

4
15
0 0

[PATCH bpf-next v4 0/8] libbpf, selftests/bpf: Support cross-endian usage

by Tony Ambardar

Hello all, This patch series targets a long-standing BPF usability issue - the lack of general cross-compilation support - by enabling cross-endian usage of libbpf and bpftool, as well as supporting cross-endian build targets for selftests/bpf. Benefits include improved BPF development and testing for embedded systems based on e.g. big-endian MIPS, more build options e.g for s390x systems, and better accessibility to the very latest test tools e.g. 'test_progs'. Initial development and testing used mips64, since this arch makes switching the build byte-order trivial and is thus very handy for A/B testing. However, it lacks some key features (bpf2bpf call, kfuncs, etc) making for poor selftests/bpf coverage. Final testing takes the kernel and selftests/bpf cross-built from x86_64 to s390x, and runs the result under QEMU/s390x. That same configuration could also be used on kernel-patches/bpf CI for regression testing endian support or perhaps load-sharing s390x builds across x86_64 systems. This thread includes some background regarding testing on QEMU/s390x and the generally favourable results: https://lore.kernel.org/bpf/ZsEcsaa3juxxQBUf@kodidev-ubuntu/ Feedback and suggestions are welcome! Best regards, Tony Changelog: --------- v3 -> v4: - fix a use-after-free ELF data-handling error causing rare CI failures - move bswap functions for func/line/core-relo records to internal header - use bswap functions also for info blobs in light skeleton v2 -> v3: (feedback from Andrii) - improve some log and commit message formatting - restructure BTF.ext endianness safety checks and byte-swapping - use BTF.ext info record definitions for swapping, require BTF v1 - follow BTF API implementation more closely for BTF.ext - explicitly reject loading non-native endianness program into kernel - simplify linker output byte-order setting - drop redundant safety checks during linking - simplify endianness macro and improve blob setup code for light skel - no unexpected test failures after cross-compiling x86_64 -> s390x v1 -> v2: - fixed a light skeleton bug causing test_progs 'map_ptr' failure - simplified some BTF.ext related endianness logic - remove an 'inline' usage related to CI checkpatch failure - improve some formatting noted by checkpatch warnings - unexpected 'test_progs' failures drop 3 -> 2 (x86_64 to s390x cross) Tony Ambardar (8): libbpf: Improve log message formatting libbpf: Fix header comment typos for BTF.ext libbpf: Fix output .symtab byte-order during linking libbpf: Support BTF.ext loading and output in either endianness libbpf: Support opening bpf objects of either endianness libbpf: Support linking bpf objects of either endianness libbpf: Support creating light skeleton of either endianness selftests/bpf: Support cross-endian building tools/lib/bpf/bpf_gen_internal.h | 1 + tools/lib/bpf/btf.c | 196 ++++++++++++++++++++++++--- tools/lib/bpf/btf.h | 3 + tools/lib/bpf/btf_dump.c | 2 +- tools/lib/bpf/btf_relocate.c | 2 +- tools/lib/bpf/gen_loader.c | 187 +++++++++++++++++++------ tools/lib/bpf/libbpf.c | 54 ++++++-- tools/lib/bpf/libbpf.map | 2 + tools/lib/bpf/libbpf_internal.h | 48 ++++++- tools/lib/bpf/linker.c | 92 ++++++++++--- tools/lib/bpf/relo_core.c | 2 +- tools/lib/bpf/skel_internal.h | 3 +- tools/testing/selftests/bpf/Makefile | 7 +- 13 files changed, 502 insertions(+), 97 deletions(-) -- 2.34.1

1 year, 1 month

4
27
0 0

[PATCH] selftests: Makefile: add missing 'net/lib' to targets

by Anders Roxell

Fixes: 1d0dc857b5d8 ("selftests: drv-net: add checksum tests") Signed-off-by: Anders Roxell <anders.roxell(a)linaro.org> --- tools/testing/selftests/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 3b7df5477317..fc3681270afe 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -64,6 +64,7 @@ TARGETS += net TARGETS += net/af_unix TARGETS += net/forwarding TARGETS += net/hsr +TARGETS += net/lib TARGETS += net/mptcp TARGETS += net/netfilter TARGETS += net/openvswitch -- 2.45.2

1 year, 1 month

4
7
0 0

[linux-next:master] [list] 17640748eb: kunit.list-kunit-test.fail

by kernel test robot

Hello, kernel test robot noticed "kunit.list-kunit-test.fail" on: commit: 17640748eb3875e486805e2d98ca1044a3a69b93 ("list: test: fix tests for list_cut_position()") https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master [test failed on linux-next/master 5acd9952f95fb4b7da6d09a3be39195a80845eb6] in testcase: kunit version: with following parameters: group: group-00 compiler: gcc-12 test machine: 8 threads Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz (Skylake) with 16G memory (please refer to attached dmesg/kmsg for entire log/backtrace) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <oliver.sang(a)intel.com> | Closes: https://lore.kernel.org/oe-lkp/202409161554.6c3e8d5d-oliver.sang@intel.com below 2 cases can pass on parent but fail on this commit. 13a6473783aaced3 17640748eb3875e486805e2d98c ---------------- --------------------------- fail:runs %reproduction fail:runs | | | :9 67% 6:6 kunit.list-kunit-test.list_test_list_cut_before.fail :9 67% 6:6 kunit.list-kunit-test.list_test_list_cut_position.fail [ 143.881460] KTAP version 1 [ 143.884865] 1..3 [ 143.887802] KTAP version 1 [ 143.891541] # Subtest: list-kunit-test [ 143.896316] # module: list_test [ 143.896336] 1..39 [ 143.904046] ok 1 list_test_list_init [ 143.904607] ok 2 list_test_list_add [ 143.909698] ok 3 list_test_list_add_tail [ 143.915034] ok 4 list_test_list_del [ 143.920415] ok 5 list_test_list_replace [ 143.925428] ok 6 list_test_list_replace_init [ 143.930900] ok 7 list_test_list_swap [ 143.936712] ok 8 list_test_list_del_init [ 143.941952] ok 9 list_test_list_del_init_careful [ 143.947363] ok 10 list_test_list_move [ 143.953422] ok 11 list_test_list_move_tail [ 143.958536] ok 12 list_test_list_bulk_move_tail [ 143.964192] ok 13 list_test_list_is_head [ 143.970279] ok 14 list_test_list_is_first [ 143.975777] ok 15 list_test_list_is_last [ 143.981871] ok 16 list_test_list_empty [ 143.987375] ok 17 list_test_list_empty_careful [ 143.992611] ok 18 list_test_list_rotate_left [ 143.998511] ok 19 list_test_list_rotate_to_front [ 144.004367] ok 20 list_test_list_is_singular [ 144.010375] # list_test_list_cut_position: EXPECTATION FAILED at lib/list-test.c:409 Expected cur == &entries[i], but cur == ffffc9000126fd70 &entries[i] == ffffc9000126fd50 [ 144.016196] not ok 21 list_test_list_cut_position [ 144.040950] # list_test_list_cut_before: EXPECTATION FAILED at lib/list-test.c:440 Expected cur == &entries[i], but cur == ffffc9000129fd60 &entries[i] == ffffc9000129fd50 [ 144.047033] # list_test_list_cut_before: EXPECTATION FAILED at lib/list-test.c:440 Expected cur == &entries[i], but cur == ffffc9000129fd70 &entries[i] == ffffc9000129fd60 [ 144.071616] not ok 22 list_test_list_cut_before [ 144.096387] ok 23 list_test_list_splice [ 144.102425] ok 24 list_test_list_splice_tail [ 144.107897] ok 25 list_test_list_splice_init [ 144.113704] ok 26 list_test_list_splice_tail_init [ 144.119664] ok 27 list_test_list_entry [ 144.126022] ok 28 list_test_list_entry_is_head [ 144.131275] ok 29 list_test_list_first_entry [ 144.137246] ok 30 list_test_list_last_entry [ 144.143084] ok 31 list_test_list_first_entry_or_null [ 144.148823] ok 32 list_test_list_next_entry [ 144.155283] ok 33 list_test_list_prev_entry [ 144.161048] ok 34 list_test_list_for_each [ 144.166792] ok 35 list_test_list_for_each_prev [ 144.172318] ok 36 list_test_list_for_each_safe [ 144.178278] ok 37 list_test_list_for_each_prev_safe [ 144.184235] ok 38 list_test_list_for_each_entry [ 144.190607] ok 39 list_test_list_for_each_entry_reverse [ 144.196199] # list-kunit-test: pass:37 fail:2 skip:0 total:39 [ 144.202470] # Totals: pass:37 fail:2 skip:0 total:39 [ 144.208908] not ok 1 list-kunit-test The kernel config and materials to reproduce are available at: https://download.01.org/0day-ci/archive/20240916/202409161554.6c3e8d5d-oliv… -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

1 year, 1 month

1
0
0 0

[PATCH] selftests: mm: Fix build errors on armhf

by Muhammad Usama Anjum

The __NR_mmap isn't found on armhf. The mmap() is commonly available system call and its wrapper is presnet on all architectures. So it should be used directly. It solves problem for armhf and doesn't create problem for architectures as well. Remove sys_mmap() functions as they aren't doing anything else other than calling mmap(). There is no need to set errno = 0 manually as glibc always resets it. For reference errors are as following: CC seal_elf seal_elf.c: In function 'sys_mmap': seal_elf.c:39:33: error: '__NR_mmap' undeclared (first use in this function) 39 | sret = (void *) syscall(__NR_mmap, addr, len, prot, | ^~~~~~~~~ mseal_test.c: In function 'sys_mmap': mseal_test.c:90:33: error: '__NR_mmap' undeclared (first use in this function) 90 | sret = (void *) syscall(__NR_mmap, addr, len, prot, | ^~~~~~~~~ Cc: stable(a)vger.kernel.org Fixes: 4926c7a52de7 ("selftest mm/mseal memory sealing") Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- tools/testing/selftests/mm/mseal_test.c | 37 +++++++++---------------- tools/testing/selftests/mm/seal_elf.c | 13 +-------- 2 files changed, 14 insertions(+), 36 deletions(-) diff --git a/tools/testing/selftests/mm/mseal_test.c b/tools/testing/selftests/mm/mseal_test.c index a818f010de479..bfcea5cf9a484 100644 --- a/tools/testing/selftests/mm/mseal_test.c +++ b/tools/testing/selftests/mm/mseal_test.c @@ -81,17 +81,6 @@ static int sys_mprotect_pkey(void *ptr, size_t size, unsigned long orig_prot, return sret; } -static void *sys_mmap(void *addr, unsigned long len, unsigned long prot, - unsigned long flags, unsigned long fd, unsigned long offset) -{ - void *sret; - - errno = 0; - sret = (void *) syscall(__NR_mmap, addr, len, prot, - flags, fd, offset); - return sret; -} - static int sys_munmap(void *ptr, size_t size) { int sret; @@ -172,7 +161,7 @@ static void setup_single_address(int size, void **ptrOut) { void *ptr; - ptr = sys_mmap(NULL, size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + ptr = mmap(NULL, size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); *ptrOut = ptr; } @@ -181,7 +170,7 @@ static void setup_single_address_rw(int size, void **ptrOut) void *ptr; unsigned long mapflags = MAP_ANONYMOUS | MAP_PRIVATE; - ptr = sys_mmap(NULL, size, PROT_READ | PROT_WRITE, mapflags, -1, 0); + ptr = mmap(NULL, size, PROT_READ | PROT_WRITE, mapflags, -1, 0); *ptrOut = ptr; } @@ -205,7 +194,7 @@ bool seal_support(void) void *ptr; unsigned long page_size = getpagesize(); - ptr = sys_mmap(NULL, page_size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + ptr = mmap(NULL, page_size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); if (ptr == (void *) -1) return false; @@ -481,8 +470,8 @@ static void test_seal_zero_address(void) int prot; /* use mmap to change protection. */ - ptr = sys_mmap(0, size, PROT_NONE, - MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); + ptr = mmap(0, size, PROT_NONE, + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); FAIL_TEST_IF_FALSE(ptr == 0); size = get_vma_size(ptr, &prot); @@ -1209,8 +1198,8 @@ static void test_seal_mmap_overwrite_prot(bool seal) } /* use mmap to change protection. */ - ret2 = sys_mmap(ptr, size, PROT_NONE, - MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); + ret2 = mmap(ptr, size, PROT_NONE, + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); @@ -1240,8 +1229,8 @@ static void test_seal_mmap_expand(bool seal) } /* use mmap to expand. */ - ret2 = sys_mmap(ptr, size, PROT_READ, - MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); + ret2 = mmap(ptr, size, PROT_READ, + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); @@ -1268,8 +1257,8 @@ static void test_seal_mmap_shrink(bool seal) } /* use mmap to shrink. */ - ret2 = sys_mmap(ptr, 8 * page_size, PROT_READ, - MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); + ret2 = mmap(ptr, 8 * page_size, PROT_READ, + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); @@ -1650,7 +1639,7 @@ static void test_seal_discard_ro_anon_on_filebacked(bool seal) ret = fallocate(fd, 0, 0, size); FAIL_TEST_IF_FALSE(!ret); - ptr = sys_mmap(NULL, size, PROT_READ, mapflags, fd, 0); + ptr = mmap(NULL, size, PROT_READ, mapflags, fd, 0); FAIL_TEST_IF_FALSE(ptr != MAP_FAILED); if (seal) { @@ -1680,7 +1669,7 @@ static void test_seal_discard_ro_anon_on_shared(bool seal) int ret; unsigned long mapflags = MAP_ANONYMOUS | MAP_SHARED; - ptr = sys_mmap(NULL, size, PROT_READ, mapflags, -1, 0); + ptr = mmap(NULL, size, PROT_READ, mapflags, -1, 0); FAIL_TEST_IF_FALSE(ptr != (void *)-1); if (seal) { diff --git a/tools/testing/selftests/mm/seal_elf.c b/tools/testing/selftests/mm/seal_elf.c index 7aa1366063e4e..d9f8ba8d5050b 100644 --- a/tools/testing/selftests/mm/seal_elf.c +++ b/tools/testing/selftests/mm/seal_elf.c @@ -30,17 +30,6 @@ static int sys_mseal(void *start, size_t len) return sret; } -static void *sys_mmap(void *addr, unsigned long len, unsigned long prot, - unsigned long flags, unsigned long fd, unsigned long offset) -{ - void *sret; - - errno = 0; - sret = (void *) syscall(__NR_mmap, addr, len, prot, - flags, fd, offset); - return sret; -} - static inline int sys_mprotect(void *ptr, size_t size, unsigned long prot) { int sret; @@ -56,7 +45,7 @@ static bool seal_support(void) void *ptr; unsigned long page_size = getpagesize(); - ptr = sys_mmap(NULL, page_size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + ptr = mmap(NULL, page_size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); if (ptr == (void *) -1) return false; -- 2.39.2

1 year, 1 month

4
6
0 0

[PATCH bpf-next 0/2] Support eliding map lookup nullness

by Daniel Xu

This patch allows progs to elide a null check on statically known map lookup keys. In other words, if the verifier can statically prove that the lookup will be in-bounds, allow the prog to drop the null check. This is useful for two reasons: 1. Large numbers of nullness checks (especially when they cannot fail) unnecessarily pushes prog towards BPF_COMPLEXITY_LIMIT_JMP_SEQ. 2. It forms a tighter contract between programmer and verifier. For (1), bpftrace is starting to make heavier use of percpu scratch maps. As a result, for user scripts with large number of unrolled loops, we are starting to hit jump complexity verification errors. These percpu lookups cannot fail anyways, as we only use static key values. Eliding nullness probably results in less work for verifier as well. For (2), percpu scratch maps are often used as a larger stack, as the currrent stack is limited to 512 bytes. In these situations, it is desirable for the programmer to express: "this lookup should never fail, and if it does, it means I messed up the code". By omitting the null check, the programmer can "ask" the verifier to double check the logic. Daniel Xu (2): bpf: verifier: Support eliding map lookup nullness bpf: selftests: verifier: Add nullness elision tests kernel/bpf/verifier.c | 56 +++++++ .../bpf/progs/verifier_array_access.c | 143 ++++++++++++++++++ 2 files changed, 199 insertions(+) -- 2.46.0

1 year, 1 month

1
1
0 0

[PATCH net] selftests: forwarding: Avoid false MDB delete/flush failures

by Jamie Bainbridge

Running this test on a small system produces different failures every test checking deletions, and some flushes. From different test runs: TEST: Common host entries configuration tests (L2) [FAIL] Failed to delete L2 host entry TEST: Common port group entries configuration tests (IPv4 (S, G)) [FAIL] IPv4 (S, G) entry with VLAN 10 not deleted when VLAN was not specified TEST: Common port group entries configuration tests (IPv6 (*, G)) [FAIL] IPv6 (*, G) entry with VLAN 10 not deleted when VLAN was not specified TEST: Flush tests [FAIL] Entry not flushed by specified VLAN ID TEST: Flush tests [FAIL] IPv6 host entry not flushed by "nopermanent" state Add a short sleep after deletion and flush to resolve this. Tested using 25 test runs in a row, resulting in 100% pass OK. Create a variable just for this test to allow short sleep, the default WAIT_TIME of 5 seconds makes the test far longer than necessary. Fixes: b6d00da08610 ("selftests: forwarding: Add bridge MDB test") Signed-off-by: Jamie Bainbridge <jamie.bainbridge(a)gmail.com> --- .../selftests/net/forwarding/bridge_mdb.sh | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tools/testing/selftests/net/forwarding/bridge_mdb.sh b/tools/testing/selftests/net/forwarding/bridge_mdb.sh index d9d587454d207931a539f59be15cbc63d471888f..b3a2a7bc1824f4c394267b283b89e7a3ae19b0fb 100755 --- a/tools/testing/selftests/net/forwarding/bridge_mdb.sh +++ b/tools/testing/selftests/net/forwarding/bridge_mdb.sh @@ -30,6 +30,9 @@ ALL_TESTS=" ctrl_test " +# time to wait for delete and flush to complete +: "${SETTLE_DELAY:=0.1}" + NUM_NETIFS=4 source lib.sh source tc_common.sh @@ -152,6 +155,7 @@ cfg_test_host_common() check_fail $? "Managed to replace $name host entry" bridge mdb del dev br0 port br0 grp $grp $state vid 10 + sleep "$SETTLE_DELAY" bridge mdb get dev br0 grp $grp vid 10 &> /dev/null check_fail $? "Failed to delete $name host entry" @@ -208,6 +212,7 @@ cfg_test_port_common() check_err $? "Failed to replace $name entry" bridge mdb del dev br0 port $swp1 $grp_key permanent vid 10 + sleep "$SETTLE_DELAY" bridge mdb get dev br0 $grp_key vid 10 &> /dev/null check_fail $? "Failed to delete $name entry" @@ -230,6 +235,7 @@ cfg_test_port_common() check_err $? "$name entry with VLAN 20 not added when VLAN was not specified" bridge mdb del dev br0 port $swp1 $grp_key permanent + sleep "$SETTLE_DELAY" bridge mdb get dev br0 $grp_key vid 10 &> /dev/null check_fail $? "$name entry with VLAN 10 not deleted when VLAN was not specified" bridge mdb get dev br0 $grp_key vid 20 &> /dev/null @@ -310,6 +316,7 @@ __cfg_test_port_ip_star_g() bridge -d mdb get dev br0 grp $grp src $src1 vid 10 &> /dev/null check_err $? "(S, G) entry not created" bridge mdb del dev br0 port $swp1 grp $grp vid 10 + sleep "$SETTLE_DELAY" bridge -d mdb get dev br0 grp $grp vid 10 &> /dev/null check_fail $? "(*, G) entry not deleted" bridge -d mdb get dev br0 grp $grp src $src1 vid 10 &> /dev/null @@ -828,6 +835,7 @@ cfg_test_flush() bridge mdb add dev br0 port $swp1 grp 239.1.1.8 vid 10 temp bridge mdb flush dev br0 + sleep "$SETTLE_DELAY" num_entries=$(bridge mdb show dev br0 | wc -l) [[ $num_entries -eq 0 ]] check_err $? 0 "Not all entries flushed after flush all" @@ -840,6 +848,7 @@ cfg_test_flush() bridge mdb add dev br0 port br0 grp 239.1.1.1 vid 10 bridge mdb flush dev br0 port $swp1 + sleep "$SETTLE_DELAY" bridge mdb get dev br0 grp 239.1.1.1 vid 10 | grep -q "port $swp1" check_fail $? "Entry not flushed by specified port" @@ -849,11 +858,13 @@ cfg_test_flush() check_err $? "Host entry flushed by wrong port" bridge mdb flush dev br0 port br0 + sleep "$SETTLE_DELAY" bridge mdb get dev br0 grp 239.1.1.1 vid 10 | grep -q "port br0" check_fail $? "Host entry not flushed by specified port" bridge mdb flush dev br0 + sleep "$SETTLE_DELAY" # Check that when flushing by VLAN ID only entries programmed with the # specified VLAN ID are flushed and the rest are not. @@ -864,6 +875,7 @@ cfg_test_flush() bridge mdb add dev br0 port $swp2 grp 239.1.1.1 vid 20 bridge mdb flush dev br0 vid 10 + sleep "$SETTLE_DELAY" bridge mdb get dev br0 grp 239.1.1.1 vid 10 &> /dev/null check_fail $? "Entry not flushed by specified VLAN ID" @@ -871,6 +883,7 @@ cfg_test_flush() check_err $? "Entry flushed by wrong VLAN ID" bridge mdb flush dev br0 + sleep "$SETTLE_DELAY" # Check that all permanent entries are flushed when "permanent" is # specified and that temporary entries are not. @@ -879,6 +892,7 @@ cfg_test_flush() bridge mdb add dev br0 port $swp2 grp 239.1.1.1 temp vid 10 bridge mdb flush dev br0 permanent + sleep "$SETTLE_DELAY" bridge mdb get dev br0 grp 239.1.1.1 vid 10 | grep -q "port $swp1" check_fail $? "Entry not flushed by \"permanent\" state" @@ -886,6 +900,7 @@ cfg_test_flush() check_err $? "Entry flushed by wrong state (\"permanent\")" bridge mdb flush dev br0 + sleep "$SETTLE_DELAY" # Check that all temporary entries are flushed when "nopermanent" is # specified and that permanent entries are not. @@ -894,6 +909,7 @@ cfg_test_flush() bridge mdb add dev br0 port $swp2 grp 239.1.1.1 temp vid 10 bridge mdb flush dev br0 nopermanent + sleep "$SETTLE_DELAY" bridge mdb get dev br0 grp 239.1.1.1 vid 10 | grep -q "port $swp1" check_err $? "Entry flushed by wrong state (\"nopermanent\")" @@ -901,6 +917,7 @@ cfg_test_flush() check_fail $? "Entry not flushed by \"nopermanent\" state" bridge mdb flush dev br0 + sleep "$SETTLE_DELAY" # Check that L2 host entries are not flushed when "nopermanent" is # specified, but flushed when "permanent" is specified. @@ -908,16 +925,19 @@ cfg_test_flush() bridge mdb add dev br0 port br0 grp 01:02:03:04:05:06 permanent vid 10 bridge mdb flush dev br0 nopermanent + sleep "$SETTLE_DELAY" bridge mdb get dev br0 grp 01:02:03:04:05:06 vid 10 &> /dev/null check_err $? "L2 host entry flushed by wrong state (\"nopermanent\")" bridge mdb flush dev br0 permanent + sleep "$SETTLE_DELAY" bridge mdb get dev br0 grp 01:02:03:04:05:06 vid 10 &> /dev/null check_fail $? "L2 host entry not flushed by \"permanent\" state" bridge mdb flush dev br0 + sleep "$SETTLE_DELAY" # Check that IPv4 host entries are not flushed when "permanent" is # specified, but flushed when "nopermanent" is specified. @@ -925,16 +945,19 @@ cfg_test_flush() bridge mdb add dev br0 port br0 grp 239.1.1.1 temp vid 10 bridge mdb flush dev br0 permanent + sleep "$SETTLE_DELAY" bridge mdb get dev br0 grp 239.1.1.1 vid 10 &> /dev/null check_err $? "IPv4 host entry flushed by wrong state (\"permanent\")" bridge mdb flush dev br0 nopermanent + sleep "$SETTLE_DELAY" bridge mdb get dev br0 grp 239.1.1.1 vid 10 &> /dev/null check_fail $? "IPv4 host entry not flushed by \"nopermanent\" state" bridge mdb flush dev br0 + sleep "$SETTLE_DELAY" # Check that IPv6 host entries are not flushed when "permanent" is # specified, but flushed when "nopermanent" is specified. @@ -942,16 +965,19 @@ cfg_test_flush() bridge mdb add dev br0 port br0 grp ff0e::1 temp vid 10 bridge mdb flush dev br0 permanent + sleep "$SETTLE_DELAY" bridge mdb get dev br0 grp ff0e::1 vid 10 &> /dev/null check_err $? "IPv6 host entry flushed by wrong state (\"permanent\")" bridge mdb flush dev br0 nopermanent + sleep "$SETTLE_DELAY" bridge mdb get dev br0 grp ff0e::1 vid 10 &> /dev/null check_fail $? "IPv6 host entry not flushed by \"nopermanent\" state" bridge mdb flush dev br0 + sleep "$SETTLE_DELAY" # Check that when flushing by routing protocol only entries programmed # with the specified routing protocol are flushed and the rest are not. @@ -961,6 +987,7 @@ cfg_test_flush() bridge mdb add dev br0 port br0 grp 239.1.1.1 vid 10 bridge mdb flush dev br0 proto bgp + sleep "$SETTLE_DELAY" bridge mdb get dev br0 grp 239.1.1.1 vid 10 | grep -q "port $swp1" check_fail $? "Entry not flushed by specified routing protocol" @@ -970,20 +997,25 @@ cfg_test_flush() check_err $? "Host entry flushed by wrong routing protocol" bridge mdb flush dev br0 + sleep "$SETTLE_DELAY" # Test that an error is returned when trying to flush using unsupported # parameters. bridge mdb flush dev br0 src_vni 10 &> /dev/null + sleep "$SETTLE_DELAY" check_fail $? "Managed to flush by source VNI" bridge mdb flush dev br0 dst 198.51.100.1 &> /dev/null + sleep "$SETTLE_DELAY" check_fail $? "Managed to flush by destination IP" bridge mdb flush dev br0 dst_port 4789 &> /dev/null + sleep "$SETTLE_DELAY" check_fail $? "Managed to flush by UDP destination port" bridge mdb flush dev br0 vni 10 &> /dev/null + sleep "$SETTLE_DELAY" check_fail $? "Managed to flush by destination VNI" log_test "Flush tests" -- 2.39.2

1 year, 1 month

2
2
0 0

[PATCH HID v2 00/11] HID: bpf: add a new hook to control hid-generic

by Benjamin Tissoires

This is a slight change from the fundamentals of HID-BPF. In theory, HID-BPF is abstract to the kernel itself, and makes only changes at the HID level (through report descriptors or events emitted to/from the device). However, we have seen a few use cases where HID-BPF might interact with the running kernel when the target device is already handled by a specific device. For example, the XP-Pen/Huion/UC-Logic tablets are handled by hid-uclogic but this driver is also doing a report descriptor fixup without checking if the device has already been fixed by HID-BPF. In the same way, another recent example[0] was when a cheap foot pedal is used and tricks iPhones and Windows machines by presenting itself as a known Apple wireless keyboard. The problem is that this fake keyboard is not presenting a compatible report descriptor and hid-core merges all device nodes together making libinput ignore the keyboard part for historical reasons. Last, there has been a long standing request to allow to disable the input part of a given gamepad while SDL or Steam opens the device through hidraw. This series aims at tackling both of these problems: - first we had a new hook `hid_bpf_driver_probe` which allows the BPF program to decide if the curently probed driver should be used or not - then this same hook can also change the ->driver_data of the struct hid_device_id argument, and we teach hid-generic to use that field as the connect mask. Basically, it means that when we insert a BPF program to fix a device, we can force hid-generic to handle the device, and thus preventing any other kernel driver to tamper with our device. We can also selectively decide to export the hidraw or input nodes when using hid-generic. In the SDL/Steam use case, this would means that the gaming application will load one BPF program per input device it wants to open through hidraw, that BPF program reassigns the input device to hid-generic and disables hid-input, then it can open the new hidraw node. Once that program terminates, the BPF program is removed (either automatically because no-one has the fd of the links open, or manually by SDL/Steam), and the normal driver rebinds to the HID device, restoring full input functionality. This branch is on top of the for-6.12/hidraw and for-6.12/constify-rdesc branches of hid.git, mainly because those branch would conflict otherwise. [0] https://gitlab.freedesktop.org/libinput/libinput/-/issues/1014 Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> --- Changes in v2: - Refactored the API to not use a new hook but hid_bpf_rdesc_fixup instead - Some cleanups in hid-core.c probe() device to not kmemdup multiple time the report descriptor when it's not required - I'm still not 100% sure the HID_QUIRK_IGNORE_HIDINPUT is that required, but I can not think of anything else at the moment to temporary disable any driver input device. - Link to v1: https://lore.kernel.org/r/20240903-hid-bpf-hid-generic-v1-0-9511a565b2da@ke… --- Benjamin Tissoires (11): HID: bpf: move HID-BPF report descriptor fixup earlier HID: core: save one kmemdup during .probe() HID: core: remove one more kmemdup on .probe() HID: bpf: allow write access to quirks field in struct hid_device selftests/hid: add dependency on hid_common.h selftests/hid: cleanup C tests by adding a common struct uhid_device selftests/hid: allow to parametrize bus/vid/pid/rdesc on the test device HID: add per device quirk to force bind to hid-generic selftests/hid: add test for assigning a given device to hid-generic HID: add quirk to prevent hid-input to be used selftests/hid: add test to disable hid-input drivers/hid/bpf/hid_bpf_dispatch.c | 8 +- drivers/hid/bpf/hid_bpf_struct_ops.c | 1 + drivers/hid/hid-core.c | 72 ++++++-- drivers/hid/hid-generic.c | 3 + include/linux/hid.h | 22 ++- include/linux/hid_bpf.h | 9 +- tools/testing/selftests/hid/Makefile | 2 +- tools/testing/selftests/hid/hid_bpf.c | 205 ++++++++++++++++----- tools/testing/selftests/hid/hid_common.h | 112 +++++++---- tools/testing/selftests/hid/hidraw.c | 36 +--- tools/testing/selftests/hid/progs/hid.c | 13 ++ .../testing/selftests/hid/progs/hid_bpf_helpers.h | 7 +- 12 files changed, 343 insertions(+), 147 deletions(-) --- base-commit: e1370d5de7b755600df050979e19fbcd625fb4c6 change-id: 20240829-hid-bpf-hid-generic-61579f5b5945 Best regards, -- Benjamin Tissoires <bentiss(a)kernel.org>

1 year, 1 month

2
16
0 0

[PATCH bpf-next/net v6 0/3] selftests/bpf: new MPTCP subflow subtest

by Matthieu Baerts (NGI0)

In this series from Geliang, modifying MPTCP BPF selftests, we have: - A new MPTCP subflow BPF program setting socket options per subflow: it looks better to have this old test program in the BPF selftests to track regressions and to serve as example. Note: Nicolas is no longer working at Tessares, but he did this work while working for them, and his email address is no longer available. - A new hook in the same BPF program to do the verification step. - A new MPTCP BPF subtest validating the new BPF program added in the first patch, with the help of the new hook added in the second patch. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Changes in v6: - Patch 3/3: use usleep() instead of sleep() - Series: rebased on top of bpf-next/net - Link to v5: https://lore.kernel.org/r/20240910-upstream-bpf-next-20240506-mptcp-subflow… Changes in v5: - See the individual changelog for more details about them - Patch 1/3: set TCP on the 2nd subflow - Patch 2/3: new - Patch 3/3: use the BPF program from patch 2/3 to do the validation instead of using ss. - Series: rebased on top of bpf-next/net - Link to v4: https://lore.kernel.org/r/20240805-upstream-bpf-next-20240506-mptcp-subflow… Changes in v4: - Drop former patch 2/3: MPTCP's pm_nl_ctl requires a new header file: - I will check later if it is possible to avoid having duplicated header files in tools/include/uapi, but no need to block this series for that. Patch 2/3 can be added later if needed. - Patch 2/2: skip the test if 'ip mptcp' is not available. - Link to v3: https://lore.kernel.org/r/20240703-upstream-bpf-next-20240506-mptcp-subflow… Changes in v3: - Sorry for the delay between v2 and v3, this series was conflicting with the "add netns helpers", but it looks like it is on hold: https://lore.kernel.org/cover.1715821541.git.tanggeliang@kylinos.cn - Patch 1/3 includes "bpf_tracing_net.h", introduced in between. - New patch 2/3: "selftests/bpf: Add mptcp pm_nl_ctl link". - Patch 3/3: use the tool introduced in patch 2/3 + SYS_NOFAIL() helper. - Link to v2: https://lore.kernel.org/r/20240509-upstream-bpf-next-20240506-mptcp-subflow… Changes in v2: - Previous patches 1/4 and 2/4 have been dropped from this series: - 1/4: "selftests/bpf: Handle SIGINT when creating netns": - A new version, more generic and no longer specific to MPTCP BPF selftest will be sent later, as part of a new series. (Alexei) - 2/4: "selftests/bpf: Add RUN_MPTCP_TEST macro": - Removed, not to hide helper functions in macros. (Alexei) - The commit message of patch 1/2 has been clarified to avoid some possible confusions spot by Alexei. - Link to v1: https://lore.kernel.org/r/20240507-upstream-bpf-next-20240506-mptcp-subflow… --- Geliang Tang (2): selftests/bpf: Add getsockopt to inspect mptcp subflow selftests/bpf: Add mptcp subflow subtest Nicolas Rybowski (1): selftests/bpf: Add mptcp subflow example MAINTAINERS | 2 +- tools/testing/selftests/bpf/prog_tests/mptcp.c | 127 +++++++++++++++++++++ tools/testing/selftests/bpf/progs/mptcp_bpf.h | 42 +++++++ tools/testing/selftests/bpf/progs/mptcp_subflow.c | 128 ++++++++++++++++++++++ 4 files changed, 298 insertions(+), 1 deletion(-) --- base-commit: 23dc9867329c72b48e5039ac93fbf50d9099cdb3 change-id: 20240506-upstream-bpf-next-20240506-mptcp-subflow-test-faef6654bfa3 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 year, 1 month

2
5
0 0

[PATCH bpf-next] bpf: ringbuf: Support consuming BPF_MAP_TYPE_RINGBUF from prog

by Daniel Xu

Right now there exists prog produce / userspace consume and userspace produce / prog consume support. But it is also useful to have prog produce / prog consume. For example, we want to track the latency overhead of cpumap in production. Since we need to store enqueue timestamps somewhere and cpumap is MPSC, we need an MPSC data structure to shadow cpumap. BPF ringbuf is such a data structure. Rather than reimplement (possibly poorly) a custom ringbuffer in BPF, extend the existing interface to allow the final quadrant of ringbuf usecases to be filled. Note we ignore userspace to userspace use case - there is no need to involve kernel for that. Signed-off-by: Daniel Xu <dxu(a)dxuuu.xyz> --- kernel/bpf/verifier.c | 6 +- tools/testing/selftests/bpf/Makefile | 3 +- .../selftests/bpf/prog_tests/ringbuf.c | 50 +++++++++++++++ .../bpf/progs/test_ringbuf_bpf_to_bpf.c | 64 +++++++++++++++++++ 4 files changed, 120 insertions(+), 3 deletions(-) create mode 100644 tools/testing/selftests/bpf/progs/test_ringbuf_bpf_to_bpf.c diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 53d0556fbbf3..56bfe559f228 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -9142,7 +9142,8 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env, func_id != BPF_FUNC_ringbuf_query && func_id != BPF_FUNC_ringbuf_reserve_dynptr && func_id != BPF_FUNC_ringbuf_submit_dynptr && - func_id != BPF_FUNC_ringbuf_discard_dynptr) + func_id != BPF_FUNC_ringbuf_discard_dynptr && + func_id != BPF_FUNC_user_ringbuf_drain) goto error; break; case BPF_MAP_TYPE_USER_RINGBUF: @@ -9276,7 +9277,8 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env, goto error; break; case BPF_FUNC_user_ringbuf_drain: - if (map->map_type != BPF_MAP_TYPE_USER_RINGBUF) + if (map->map_type != BPF_MAP_TYPE_USER_RINGBUF && + map->map_type != BPF_MAP_TYPE_RINGBUF) goto error; break; case BPF_FUNC_get_stackid: diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile index 9905e3739dd0..233109843d4d 100644 --- a/tools/testing/selftests/bpf/Makefile +++ b/tools/testing/selftests/bpf/Makefile @@ -503,7 +503,8 @@ LINKED_SKELS := test_static_linked.skel.h linked_funcs.skel.h \ LSKELS := fentry_test.c fexit_test.c fexit_sleep.c atomics.c \ trace_printk.c trace_vprintk.c map_ptr_kern.c \ core_kern.c core_kern_overflow.c test_ringbuf.c \ - test_ringbuf_n.c test_ringbuf_map_key.c test_ringbuf_write.c + test_ringbuf_n.c test_ringbuf_map_key.c test_ringbuf_write.c \ + test_ringbuf_bpf_to_bpf.c # Generate both light skeleton and libbpf skeleton for these LSKELS_EXTRA := test_ksyms_module.c test_ksyms_weak.c kfunc_call_test.c \ diff --git a/tools/testing/selftests/bpf/prog_tests/ringbuf.c b/tools/testing/selftests/bpf/prog_tests/ringbuf.c index da430df45aa4..3e7955573ac5 100644 --- a/tools/testing/selftests/bpf/prog_tests/ringbuf.c +++ b/tools/testing/selftests/bpf/prog_tests/ringbuf.c @@ -17,6 +17,7 @@ #include "test_ringbuf_n.lskel.h" #include "test_ringbuf_map_key.lskel.h" #include "test_ringbuf_write.lskel.h" +#include "test_ringbuf_bpf_to_bpf.lskel.h" #define EDONE 7777 @@ -497,6 +498,53 @@ static void ringbuf_map_key_subtest(void) test_ringbuf_map_key_lskel__destroy(skel_map_key); } +static void ringbuf_bpf_to_bpf_subtest(void) +{ + struct test_ringbuf_bpf_to_bpf_lskel *skel; + int err, i; + + skel = test_ringbuf_bpf_to_bpf_lskel__open(); + if (!ASSERT_OK_PTR(skel, "test_ringbuf_bpf_to_bpf_lskel__open")) + return; + + skel->maps.ringbuf.max_entries = getpagesize(); + skel->bss->pid = getpid(); + + err = test_ringbuf_bpf_to_bpf_lskel__load(skel); + if (!ASSERT_OK(err, "test_ringbuf_bpf_to_bpf_lskel__load")) + goto cleanup; + + ringbuf = ring_buffer__new(skel->maps.ringbuf.map_fd, NULL, NULL, NULL); + if (!ASSERT_OK_PTR(ringbuf, "ring_buffer__new")) + goto cleanup; + + err = test_ringbuf_bpf_to_bpf_lskel__attach(skel); + if (!ASSERT_OK(err, "test_ringbuf_bpf_to_bpf_lskel__attach")) + goto cleanup_ringbuf; + + /* Produce N_SAMPLES samples in the ring buffer by calling getpid() */ + skel->bss->value = SAMPLE_VALUE; + for (i = 0; i < N_SAMPLES; i++) + syscall(__NR_getpgid); + + /* Trigger bpf-side consumption */ + syscall(__NR_prctl); + + /* Check correct number samples were consumed */ + if (!ASSERT_EQ(skel->bss->round_tripped, N_SAMPLES, "round_tripped")) + goto cleanup_ringbuf; + + /* Check all samples were consumed */ + err = ring_buffer__consume(ringbuf); + if (!ASSERT_EQ(err, 0, "rb_consume")) + goto cleanup_ringbuf; + +cleanup_ringbuf: + ring_buffer__free(ringbuf); +cleanup: + test_ringbuf_bpf_to_bpf_lskel__destroy(skel); +} + void test_ringbuf(void) { if (test__start_subtest("ringbuf")) @@ -507,4 +555,6 @@ void test_ringbuf(void) ringbuf_map_key_subtest(); if (test__start_subtest("ringbuf_write")) ringbuf_write_subtest(); + if (test__start_subtest("ringbuf_bpf_to_bpf")) + ringbuf_bpf_to_bpf_subtest(); } diff --git a/tools/testing/selftests/bpf/progs/test_ringbuf_bpf_to_bpf.c b/tools/testing/selftests/bpf/progs/test_ringbuf_bpf_to_bpf.c new file mode 100644 index 000000000000..378154922024 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_ringbuf_bpf_to_bpf.c @@ -0,0 +1,64 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include <linux/bpf.h> +#include <unistd.h> +#include <bpf/bpf_helpers.h> +#include "bpf_misc.h" + +struct sample { + long value; +}; + +struct { + __uint(type, BPF_MAP_TYPE_RINGBUF); +} ringbuf SEC(".maps"); + +int pid = 0; +long value = 0; +int round_tripped = 0; + +SEC("fentry/" SYS_PREFIX "sys_getpgid") +int test_ringbuf_bpf_to_bpf_produce(void *ctx) +{ + int cur_pid = bpf_get_current_pid_tgid() >> 32; + struct sample *sample; + + if (cur_pid != pid) + return 0; + + sample = bpf_ringbuf_reserve(&ringbuf, sizeof(*sample), 0); + if (!sample) + return 0; + sample->value = value; + + bpf_ringbuf_submit(sample, 0); + return 0; +} + +static long consume_cb(struct bpf_dynptr *dynptr, void *context) +{ + struct sample *sample = NULL; + + sample = bpf_dynptr_data(dynptr, 0, sizeof(*sample)); + if (!sample) + return 0; + + if (sample->value == value) + round_tripped++; + + return 0; +} + +SEC("fentry/" SYS_PREFIX "sys_prctl") +int test_ringbuf_bpf_to_bpf_consume(void *ctx) +{ + int cur_pid = bpf_get_current_pid_tgid() >> 32; + + if (cur_pid != pid) + return 0; + + bpf_user_ringbuf_drain(&ringbuf, consume_cb, NULL, 0); + return 0; +} + +char _license[] SEC("license") = "GPL"; -- 2.46.0

1 year, 1 month

4
16
0 0

[PATCH] selftest/mm: Do not use hint for riscv mmap

by Chunyan Zhang

When the virtual address range selftest is run on RISC-V platforms, it is observed that using the hint address when calling mmap cannot get the address in the range of that validate_addr() checks, also that will cause '/proc/self/maps' have gaps larger than MAP_CHUNK_SIZE. Signed-off-by: Chunyan Zhang <zhangchunyan(a)iscas.ac.cn> --- tools/testing/selftests/mm/virtual_address_range.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tools/testing/selftests/mm/virtual_address_range.c b/tools/testing/selftests/mm/virtual_address_range.c index 4e4c1e311247..25f3eb304999 100644 --- a/tools/testing/selftests/mm/virtual_address_range.c +++ b/tools/testing/selftests/mm/virtual_address_range.c @@ -64,6 +64,14 @@ #define NR_CHUNKS_HIGH NR_CHUNKS_384TB #endif +#if defined(__riscv) && (__riscv_xlen == 64) +static char *hind_addr(void) +{ + return NULL; +} + +static void validate_addr(char *ptr, int high_addr) { } +#else static char *hind_addr(void) { int bits = HIGH_ADDR_SHIFT + rand() % (63 - HIGH_ADDR_SHIFT); @@ -81,6 +89,7 @@ static void validate_addr(char *ptr, int high_addr) if (addr > HIGH_ADDR_MARK) ksft_exit_fail_msg("Bad address %lx\n", addr); } +#endif static int validate_lower_address_hint(void) { -- 2.34.1

1 year, 1 month

3
2
0 0

[PATCH] kunit: tool: Build compile_commands.json

by Brendan Jackman

compile_commands.json is used by clangd[1] to provide code navigation and completion functionality to editors. See [2] for an example configuration that includes this functionality for VSCode. It can currently be built manually when using kunit.py, by running: ./scripts/clang-tools/gen_compile_commands.py -d .kunit With this change however, it's built automatically so you don't need to manually keep it up to date. Unlike the manual approach, having make build the compile_commands.json means that it appears in the build output tree instead of at the root of the source tree, so you'll need to add --compile-commands-dir= to your clangd args for it to be found. [1] https://clangd.llvm.org/ [2] https://github.com/FlorentRevest/linux-kernel-vscode Signed-off-by: Brendan Jackman <jackmanb(a)google.com> --- tools/testing/kunit/kunit_kernel.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py index 7254c110ff23..61931c4926fd 100644 --- a/tools/testing/kunit/kunit_kernel.py +++ b/tools/testing/kunit/kunit_kernel.py @@ -72,7 +72,8 @@ class LinuxSourceTreeOperations: raise ConfigError(e.output.decode()) def make(self, jobs: int, build_dir: str, make_options: Optional[List[str]]) -> None: - command = ['make', 'ARCH=' + self._linux_arch, 'O=' + build_dir, '--jobs=' + str(jobs)] + command = ['make', 'all', 'compile_commands.json', 'ARCH=' + self._linux_arch, + 'O=' + build_dir, '--jobs=' + str(jobs)] if make_options: command.extend(make_options) if self._cross_compile: --- base-commit: 3c999d1ae3c75991902a1a7dad0cb62c2a3008b4 change-id: 20240516-kunit-compile-commands-d994074fc2be Best regards, -- Brendan Jackman <jackmanb(a)google.com>

1 year, 1 month

3
2
0 0

[PATCH v5] lib/math: Add int_pow test suite

by Luis Felipe Hernandez

Adds test suite for integer based power function. Signed-off-by: Luis Felipe Hernandez <luis.hernandez093(a)gmail.com> --- Changes in v5: - Fix kernel test bot warning - Rebase with latest Changes in v4: - Address checkpatch warning and make kconfig description longer - Use GPL-2.0-only for consistency - Spelling fix fith -> fifth Changes in v3: - Fix compiler warning: explicitly define constant as unsigned int - Add changes in patch revisions Changes in v2: - Address review feedback - Add kconfig entry - Use correct dir and file convention for KUnit - Fix typo - Remove unused static_stub header - Refactor test suite to use paramerterized test cases - Add close to max allowable value to in large_result test case - Add test case with non-power of two exponent - Fix module license --- lib/Kconfig.debug | 16 +++++++++++ lib/math/Makefile | 1 + lib/math/tests/Makefile | 3 ++ lib/math/tests/int_pow_kunit.c | 52 ++++++++++++++++++++++++++++++++++ 4 files changed, 72 insertions(+) create mode 100644 lib/math/tests/Makefile create mode 100644 lib/math/tests/int_pow_kunit.c diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index a30c03a66172..c415f8ca43a7 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -3051,3 +3051,19 @@ config RUST_KERNEL_DOCTESTS endmenu # "Rust" endmenu # Kernel hacking + +config INT_POW_TEST + tristate "Integer exponentiation (int_pow) test" if !KUNIT_ALL_TESTS + depends on KUNIT + default KUNIT_ALL_TESTS + help + This option enables the KUnit test suite for the int_pow function, + which performs integer exponentiation. The test suite is designed to + verify that the implementation of int_pow correctly computes the power + of a given base raised to a given exponent. + + Enabling this option will include tests that check various scenarios + and edge cases to ensure the accuracy and reliability of the exponentiation + function. + + If unsure, say N diff --git a/lib/math/Makefile b/lib/math/Makefile index 91fcdb0c9efe..3c1f92a7459d 100644 --- a/lib/math/Makefile +++ b/lib/math/Makefile @@ -5,5 +5,6 @@ obj-$(CONFIG_CORDIC) += cordic.o obj-$(CONFIG_PRIME_NUMBERS) += prime_numbers.o obj-$(CONFIG_RATIONAL) += rational.o +obj-$(CONFIG_INT_POW_TEST) += tests/int_pow_kunit.o obj-$(CONFIG_TEST_DIV64) += test_div64.o obj-$(CONFIG_RATIONAL_KUNIT_TEST) += rational-test.o diff --git a/lib/math/tests/Makefile b/lib/math/tests/Makefile new file mode 100644 index 000000000000..6a169123320a --- /dev/null +++ b/lib/math/tests/Makefile @@ -0,0 +1,3 @@ +# SPDX-License-Identifier: GPL-2.0-only + +obj-$(CONFIG_INT_POW_TEST) += int_pow_kunit.o diff --git a/lib/math/tests/int_pow_kunit.c b/lib/math/tests/int_pow_kunit.c new file mode 100644 index 000000000000..34b33677d458 --- /dev/null +++ b/lib/math/tests/int_pow_kunit.c @@ -0,0 +1,52 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include <kunit/test.h> +#include <linux/math.h> + +struct test_case_params { + u64 base; + unsigned int exponent; + u64 expected_result; + const char *name; +}; + +static const struct test_case_params params[] = { + { 64, 0, 1, "Power of zero" }, + { 64, 1, 64, "Power of one"}, + { 0, 5, 0, "Base zero" }, + { 1, 64, 1, "Base one" }, + { 2, 2, 4, "Two squared"}, + { 2, 3, 8, "Two cubed"}, + { 5, 5, 3125, "Five raised to the fifth power" }, + { U64_MAX, 1, U64_MAX, "Max base" }, + { 2, 63, 9223372036854775808ULL, "Large result"}, +}; + +static void get_desc(const struct test_case_params *tc, char *desc) +{ + strscpy(desc, tc->name, KUNIT_PARAM_DESC_SIZE); +} + +KUNIT_ARRAY_PARAM(int_pow, params, get_desc); + +static void int_pow_test(struct kunit *test) +{ + const struct test_case_params *tc = (const struct test_case_params *)test->param_value; + + KUNIT_EXPECT_EQ(test, tc->expected_result, int_pow(tc->base, tc->exponent)); +} + +static struct kunit_case math_int_pow_test_cases[] = { + KUNIT_CASE_PARAM(int_pow_test, int_pow_gen_params), + {} +}; + +static struct kunit_suite int_pow_test_suite = { + .name = "math-int_pow", + .test_cases = math_int_pow_test_cases, +}; + +kunit_test_suites(&int_pow_test_suite); + +MODULE_DESCRIPTION("math.int_pow KUnit test suite"); +MODULE_LICENSE("GPL"); -- 2.46.0

1 year, 1 month

3
2
0 0

[PATCH v2 0/3] selftests: kvm: s390: Add ucontrol memory selftests

by Christoph Schlameuss

This patch series adds a some not yet picked selftests to the kvm s390x selftest suite. The additional test cases are covering: * Assert KVM_EXIT_S390_UCONTROL exit on not mapped memory access * Assert functionality of storage keys in ucontrol VM * Assert that memory region operations are rejected for ucontrol VMs Running the test cases requires sys_admin capabilities to start the ucontrol VM. This can be achieved by running as root or with a command like: sudo setpriv --reuid nobody --inh-caps -all,+sys_admin \ --ambient-caps -all,+sys_admin --bounding-set -all,+sys_admin \ ./ucontrol_test --- The patches in this series have been part of the previous patch series. The test cases added here do depend on the fixture added in the earlier patches. From v5 PATCH 7-9 the segment and page table generation has been removed and DAT has been disabled. Since DAT is not necessary to validate the KVM code. https://lore.kernel.org/kvm/20240807154512.316936-1-schlameuss@linux.ibm.co… v2: - Reenable KSS intercept and handle it within skey test. - Modify the checked register between storing (sske) and reading (iske) it within the test program to make sure the. - Add an additional state assertion in the end of uc_skey - Fix some typos and white spaces. v1: - Remove segment and page table generation and disable DAT. This is not necessary to validate the KVM code. Christoph Schlameuss (3): selftests: kvm: s390: Add uc_map_unmap VM test case selftests: kvm: s390: Add uc_skey VM test case selftests: kvm: s390: Verify reject memory region operations for ucontrol VMs .../selftests/kvm/s390x/ucontrol_test.c | 232 +++++++++++++++++- 1 file changed, 230 insertions(+), 2 deletions(-) -- 2.46.0

1 year, 1 month

2
6
0 0

[PATCH v2] selftest/powerpc/benchmark: remove requirement libc-dev

by Madhavan Srinivasan

Currently exec-target.c file is linked as static and this post a requirement to install libc dev package to build. Without it, build-break when compiling selftest/powerpc/benchmark. CC exec_target /usr/bin/ld: cannot find -lc: No such file or directory collect2: error: ld returned 1 exit status exec_target.c is using "syscall" library function which could be replaced with a inline assembly and the same is proposed as a fix here. Suggested-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Madhavan Srinivasan <maddy(a)linux.ibm.com> --- Chnagelog v1: - Add comment for clobber register and proper list of clobber registers as suggested by Michael Ellerman and Christophe Leroy .../selftests/powerpc/benchmarks/Makefile | 2 +- .../selftests/powerpc/benchmarks/exec_target.c | 16 ++++++++++++++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/powerpc/benchmarks/Makefile b/tools/testing/selftests/powerpc/benchmarks/Makefile index 1321922038d0..ca4483c238b9 100644 --- a/tools/testing/selftests/powerpc/benchmarks/Makefile +++ b/tools/testing/selftests/powerpc/benchmarks/Makefile @@ -18,4 +18,4 @@ $(OUTPUT)/context_switch: LDLIBS += -lpthread $(OUTPUT)/fork: LDLIBS += -lpthread -$(OUTPUT)/exec_target: CFLAGS += -static -nostartfiles +$(OUTPUT)/exec_target: CFLAGS += -nostartfiles diff --git a/tools/testing/selftests/powerpc/benchmarks/exec_target.c b/tools/testing/selftests/powerpc/benchmarks/exec_target.c index c14b0fc1edde..a6408d3f26cd 100644 --- a/tools/testing/selftests/powerpc/benchmarks/exec_target.c +++ b/tools/testing/selftests/powerpc/benchmarks/exec_target.c @@ -7,10 +7,22 @@ */ #define _GNU_SOURCE -#include <unistd.h> #include <sys/syscall.h> void _start(void) { - syscall(SYS_exit, 0); + asm volatile ( + "li %%r0, %[sys_exit];" + "li %%r3, 0;" + "sc;" + : + : [sys_exit] "i" (SYS_exit) + /* + * "sc" will clobber r0, r3-r13, cr0, ctr, xer and memory. + * Even though sys_exit never returns, handle clobber + * registers. + */ + : "r0", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "r13", "cr0", "ctr", "xer", "memory" + ); } -- 2.45.2

1 year, 1 month

3
2
0 0

[PATCH RESEND v2 00/19] random: Resolve circular include dependency and include <linux/percpu.h>

by Uros Bizjak

Resent due to missing linux-kernel@ mailing list inclusion. There were several attempts to resolve circular include dependency after the addition of percpu.h: 1c9df907da83 ("random: fix circular include dependency on arm64 after addition of percpu.h"), c0842fbc1b18 ("random32: move the pseudo-random 32-bit definitions to prandom.h") and finally d9f29deb7fe8 ("prandom: Remove unused include") that completely removes the inclusion of <linux/percpu.h>. Due to legacy reasons, <linux/random.h> includes <linux/prandom.h>, but with the commit entry remark: --quote-- A further cleanup step would be to remove this from <linux/random.h> entirely, and make people who use the prandom infrastructure include just the new header file. That's a bit of a churn patch, but grepping for "prandom_" and "next_pseudo_random32" "struct rnd_state" should catch most users. But it turns out that that nice cleanup step is fairly painful, because a _lot_ of code currently seems to depend on the implicit include of <linux/random.h>, which can currently come in a lot of ways, including such fairly core headfers as <linux/net.h>. So the "nice cleanup" part may or may never happen. --/quote-- We would like to include <linux/percpu.h> in <linux/prandom.h>. In [1] we would like to repurpose __percpu tag as a named address space qualifier, where __percpu macro uses defines from <linux/percpu.h>. The major roadblock to inclusion of <linux/percpu.h> is the above mentioned legacy inclusion of <linux/prandom.h> in <linux/random.h> that causes circular include dependency that prevents <linux/percpu.h> inclusion. This patch series is the "nice cleanup" part that: a) Substitutes the inclusion of <linux/random.h> with the inclusion of <linux/prandom.h> where needed (patches 1 - 17). b) Removes legacy inclusion of <linux/prandom.h> from <linux/random.h> (patch 18). c) Includes <linux/percpu.h> in <linux/prandom.h> (patch 19). The whole series was tested by compiling the kernel for x86_64 allconfig and some popular architectures, namely arm64 defconfig, powerpc defconfig and loongarch defconfig. [1] https://lore.kernel.org/lkml/20240812115945.484051-4-ubizjak@gmail.com/ Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: x86(a)kernel.org Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Jani Nikula <jani.nikula(a)linux.intel.com> Cc: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Tvrtko Ursulin <tursulin(a)ursulin.net> Cc: David Airlie <airlied(a)gmail.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Hans Verkuil <hverkuil(a)xs4all.nl> Cc: Mauro Carvalho Chehab <mchehab(a)kernel.org> Cc: Miquel Raynal <miquel.raynal(a)bootlin.com> Cc: Richard Weinberger <richard(a)nod.at> Cc: Vignesh Raghavendra <vigneshr(a)ti.com> Cc: Eric Biggers <ebiggers(a)kernel.org> Cc: "Theodore Y. Ts'o" <tytso(a)mit.edu> Cc: Jaegeuk Kim <jaegeuk(a)kernel.org> Cc: "Jason A. Donenfeld" <Jason(a)zx2c4.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Hannes Reinecke <hare(a)suse.de> Cc: "James E.J. Bottomley" <James.Bottomley(a)HansenPartnership.com> Cc: "Martin K. Petersen" <martin.petersen(a)oracle.com> Cc: Alexei Starovoitov <ast(a)kernel.org> Cc: Daniel Borkmann <daniel(a)iogearbox.net> Cc: John Fastabend <john.fastabend(a)gmail.com> Cc: Andrii Nakryiko <andrii(a)kernel.org> Cc: Martin KaFai Lau <martin.lau(a)linux.dev> Cc: Eduard Zingerman <eddyz87(a)gmail.com> Cc: Song Liu <song(a)kernel.org> Cc: Yonghong Song <yonghong.song(a)linux.dev> Cc: KP Singh <kpsingh(a)kernel.org> Cc: Stanislav Fomichev <sdf(a)fomichev.me> Cc: Hao Luo <haoluo(a)google.com> Cc: Jiri Olsa <jolsa(a)kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Brendan Higgins <brendan.higgins(a)linux.dev> Cc: David Gow <davidgow(a)google.com> Cc: Rae Moar <rmoar(a)google.com> Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Eric Dumazet <edumazet(a)google.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Jiri Pirko <jiri(a)resnulli.us> Cc: Petr Mladek <pmladek(a)suse.com> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Cc: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> Cc: Sergey Senozhatsky <senozhatsky(a)chromium.org> Cc: Stephen Hemminger <stephen(a)networkplumber.org> Cc: Jamal Hadi Salim <jhs(a)mojatatu.com> Cc: Cong Wang <xiyou.wangcong(a)gmail.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> --- v2: - Reword commit messages to mention the removal of legacy inclusion of <linux/prandom.h> from <linux/random.h> - Add missing substitution in crypto/testmgr.c (reported by kernel test robot) - Add Acked-by:. Uros Bizjak (19): x86/kaslr: Include <linux/prandom.h> instead of <linux/random.h> crypto: testmgr: Include <linux/prandom.h> instead of <linux/random.h> drm/i915/selftests: Include <linux/prandom.h> instead of <linux/random.h> drm/lib: Include <linux/prandom.h> instead of <linux/random.h> media: vivid: Include <linux/prandom.h> in vivid-vid-cap.c mtd: tests: Include <linux/prandom.h> instead of <linux/random.h> fscrypt: Include <linux/once.h> in fs/crypto/keyring.c scsi: libfcoe: Include <linux/prandom.h> instead of <linux/random.h> bpf: Include <linux/prandom.h> instead of <linux/random.h> lib/interval_tree_test.c: Include <linux/prandom.h> instead of <linux/random.h> kunit: string-stream-test: Include <linux/prandom.h> instead of <linux/random.h> random32: Include <linux/prandom.h> instead of <linux/random.h> lib/rbtree-test: Include <linux/prandom.h> instead of <linux/random.h> bpf/tests: Include <linux/prandom.h> instead of <linux/random.h> lib/test_parman: Include <linux/prandom.h> instead of <linux/random.h> lib/test_scanf: Include <linux/prandom.h> instead of <linux/random.h> netem: Include <linux/prandom.h> in sch_netem.c random: Do not include <linux/prandom.h> in <linux/random.h> prandom: Include <linux/percpu.h> in <linux/prandom.h> arch/x86/mm/kaslr.c | 2 +- crypto/testmgr.c | 2 +- drivers/gpu/drm/i915/selftests/i915_gem.c | 2 +- drivers/gpu/drm/i915/selftests/i915_random.h | 2 +- drivers/gpu/drm/i915/selftests/scatterlist.c | 2 +- drivers/gpu/drm/lib/drm_random.h | 2 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 1 + drivers/mtd/tests/oobtest.c | 2 +- drivers/mtd/tests/pagetest.c | 2 +- drivers/mtd/tests/subpagetest.c | 2 +- fs/crypto/keyring.c | 1 + include/linux/prandom.h | 1 + include/linux/random.h | 7 ------- include/scsi/libfcoe.h | 2 +- kernel/bpf/core.c | 2 +- lib/interval_tree_test.c | 2 +- lib/kunit/string-stream-test.c | 1 + lib/random32.c | 2 +- lib/rbtree_test.c | 2 +- lib/test_bpf.c | 2 +- lib/test_parman.c | 2 +- lib/test_scanf.c | 2 +- net/sched/sch_netem.c | 1 + 23 files changed, 22 insertions(+), 24 deletions(-) -- 2.46.0

1 year, 1 month

8
28
0 0

[PATCH net-next v26 00/13] Device Memory TCP

by Mina Almasry

v26: https://patchwork.kernel.org/project/netdevbpf/list/?series=888227&state=* ==== No major changes. Only applied Reviewed-by tags from Jakub and addressed reported nits. v25: https://patchwork.kernel.org/project/netdevbpf/list/?series=885396&state=* === Major changes: - Moved devmem.h and mp_dmabuf_devmem.h to internal header files. - Changed the page_pool_params to take in a queue_idx rather than a struct netdev_rx_queue. - Added WARN_ON_ONCE around __skb_checksum readability check and added check to skb_checksum_help(). Other more minor feedback addressed as well. v24: https://patchwork.kernel.org/project/netdevbpf/list/?series=884556&state=* ==== No major changes. Mostly addressing issues in the error paths of dmabuf binding, and code cleanups/improvements from reviewers: Changes: - Fix failing ynl regen error. - Error path fixes & extack error messages in dmabuf binding. - Code cleanup in introspection. - gitignore ynl.d generated file. Full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v24/ v23: https://patchwork.kernel.org/project/netdevbpf/list/?series=882978&state=* ==== Fixing relatively minor issues called out in v22. (thanks again!) Mostly code cleanups, extack error messages, and minor reworks. Nothing major really changed, so the exact changes per commit is called in the commit messages. Full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v23/ v22: https://patchwork.kernel.org/project/netdevbpf/list/?series=881158&state=* ==== v22 aims to resolve the pending issue pointed to in v21, which is the interaction with xdp. In this series I rebase on top of the minor refactor which refactors propagating xdp configuration to slave devices: https://patchwork.kernel.org/project/netdevbpf/list/?series=881994&state=* I then disable setting xdp on devices using memory providers, and propagating xdp configuration to devices using memory providers. Full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v22/ v21: https://patchwork.kernel.org/project/netdevbpf/list/?series=880735&state=* ==== v20 addressed some comments and resolved a test failure, but introduced an unfortunate build error with a config edge case I wasn't testing. v21 simply resolves that error. Major Changes: - Resolve build error with CONFIG_PAGE_POOL=n && CONFIG_NET=y Full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v21/ v20: https://patchwork.kernel.org/project/netdevbpf/list/?series=879373&state=* ==== v20 aims to resolve a couple of bug reports against v19, and addresses some review comments around the page_pool_check_memory_provider mechanism. Major changes: - Test edge cases such as header split disabled in selftest. - Change `offset = 0` back to `offset = offset - start` to resolve issue found in RX path by Taehee (thanks!) - Address a few comments around page_pool_check_memory_provider() from Pavel & Jakub. - Removed some unnecessary includes across various patches in the series. - Removed unnecessary EXPORT_SYMBOL(page_pool_mem_providers) (Jakub). - Fix regression caused by incorrect dev_get_max_mp_channel check, along with rename (Jakub). Full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v20/ v19: https://patchwork.kernel.org/project/netdevbpf/list/?series=876852&state=* ==== v18 got a thorough review (thanks!), and this iteration addresses the feedback. Major changes: - Prevent deactivating mp bound queues. - Prevent installing xdp on mp bound netdevs, or installing mps on xdp installed netdevs. - Fix corner cases in netlink API vis-a-vis missing attributes. - Iron out the unreadable netmem driver support story. To be honest, the conversation with Jakub & Pavel got a bit confusing for me. I've implemented an approach in this set that makes sense to me, and AFAICT, addresses the requirements. It may be good as-is, or it may be a conversation starter/continuer. To be honest IMO there are many ways to skin this cat and I don't see an extremely strong reason to go for one approach over another. Here is one approach you may like. - Don't reset niov dma_addr on allocation & free. - Add some tests to the selftest that catches some of the issues around missing netlink attributes or deactivating mp-bound queues. Full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v19/ v18: https://patchwork.kernel.org/project/netdevbpf/list/?series=874848&state=* ==== v17 got minor feedback: (a) to beef up the description on patch 1 and (b) to remove the leading underscores in the header definition. I applied (a). (b) seems to be against current conventions so I did not apply before further discussion. Full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v17/ v17: https://patchwork.kernel.org/project/netdevbpf/list/?series=869900&state=* ==== v16 also got a very thorough review and some testing (thanks again!). Thes version addresses all the concerns reported on v15, in terms of feedback and issues reported. Major changes: - Use ASSERT_RTNL. - Moved around some of the page_pool helpers definitions so I can hide some netmem helpers in private files as Jakub suggested. - Don't make every net_iov hold a ref on the binding as Jakub suggested. - Fix issue reported by Taehee where we access queues after they have been freed. Full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v17/ v16: https://patchwork.kernel.org/project/netdevbpf/list/?series=866353&state=* ==== v15 got a thorough review and some testing, and this version addresses almost all the feedback. Some more minor comments where the authors said it could be done later, I left out. Major changes: - Addition of dma-buf introspection to page-pool-get and queue-get. - Fixes to selftests suggested by Taehee. - Fixes to documentation suggested by Donald. - A couple of suggestions and fixes to TCP patches by Eric and David. - Fixes to number assignements suggested by Arnd. - Use rtnl_lock()ing to guard against queue reconfiguration while the page_pool initialization is happening. (Jakub). - Fixes to a few warnings reproduced by Taehee. - Fixes to dma-buf binding suggested by Taehee and Jakub. - Fixes to netlink UAPI suggested by Jakub - Applied a number of Reviewed-bys and Acked-bys (including ones I lost from v13+). Full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v16/ One caveat: Taehee reproduced a KASAN warning and reported it here: https://lore.kernel.org/netdev/CAMArcTUdCxOBYGF3vpbq=eBvqZfnc44KBaQTN7H-wqd… I estimate the issue to be minor and easily fixable: https://lore.kernel.org/netdev/CAHS8izNgaqC--GGE2xd85QB=utUnOHmioCsDd1TNxJW… I hope to be able to follow up with a fix to net tree as net-next closes imminently, but if this iteration doesn't make it in, I will repost with a fix squashed after net-next reopens, no problem. v15: https://patchwork.kernel.org/project/netdevbpf/list/?series=865481&state=* ==== No material changes in this version, only a fix to linking against libynl.a from the last version. Per Jakub's instructions I've pulled one of his patches into this series, and now use the new libynl.a correctly, I hope. As usual, the full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v15/ v14: https://patchwork.kernel.org/project/netdevbpf/list/?series=865135&archive=… ==== No material changes in this version. Only rebase and re-verification on top of net-next. v13, I think, raced with commit ebad6d0334793 ("net/ipv4: Use nested-BH locking for ipv4_tcp_sk.") being merged to net-next that caused a patchwork failure to apply. This series should apply cleanly on commit c4532232fa2a4 ("selftests: net: remove unneeded IP_GRE config"). I did not wait the customary 24hr as Jakub said it's OK to repost as soon as I build test the rebased version: https://lore.kernel.org/netdev/20240625075926.146d769d@kernel.org/ v13: https://patchwork.kernel.org/project/netdevbpf/list/?series=861406&archive=… ==== Major changes: -------------- This iteration addresses Pavel's review comments, applies his reviewed-by's, and seeks to fix the patchwork build error (sorry!). As usual, the full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v13/ v12: https://patchwork.kernel.org/project/netdevbpf/list/?series=859747&state=* ==== Major changes: -------------- This iteration only addresses one minor comment from Pavel with regards to the trace printing of netmem, and the patchwork build error introduced in v11 because I missed doing an allmodconfig build, sorry. Other than that v11, AFAICT, received no feedback. There is one discussion about how the specifics of plugging io uring memory through the page pool, but not relevant to content in this particular patchset, AFAICT. As usual, the full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v12/ v11: https://patchwork.kernel.org/project/netdevbpf/list/?series=857457&state=* ==== Major Changes: -------------- v11 addresses feedback received in v10. The major change is the removal of the memory provider ops as requested by Christoph. We still accomplish the same thing, but utilizing direct function calls with if statements rather than generic ops. Additionally address sparse warnings, bugs and review comments from folks that reviewed. As usual, the full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v11/ Detailed changelog: ------------------- - Fixes in netdev_rx_queue_restart() from Pavel & David. - Remove commit e650e8c3a36f5 ("net: page_pool: create hooks for custom page providers") from the series to address Christoph's feedback and rebased other patches on the series on this change. - Fixed build errors with CONFIG_DMA_SHARED_BUFFER && !CONFIG_GENERIC_ALLOCATOR build. - Fixed sparse warnings pointed out by Paolo. - Drop unnecessary gro_pull_from_frag0 checks. - Added Bagas reviewed-by to docs. v10: https://patchwork.kernel.org/project/netdevbpf/list/?series=852422&state=* ==== Major Changes: -------------- v9 was sent right before the merge window closed (sorry!). v10 is almost a re-send of the series now that the merge window re-opened. Only rebased to latest net-next and addressed some minor iterative comments received on v9. As usual, the full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v10/ Detailed changelog: ------------------- - Fixed tokens leaking in DONTNEED setsockopt (Nikolay). - Moved net_iov_dma_addr() to devmem.c and made it a devmem specific helpers (David). - Rename hook alloc_pages to alloc_netmems as alloc_pages is now preprocessor macro defined and causes a build error. v9: === Major Changes: -------------- GVE queue API has been merged. Submitting this version as non-RFC after rebasing on top of the merged API, and dropped the out of tree queue API I was carrying on github. Addressed the little feedback v8 has received. Detailed changelog: ------------------ - Added new patch from David Wei to this series for netdev_rx_queue_restart() - Fixed sparse error. - Removed CONFIG_ checks in netmem_is_net_iov() - Flipped skb->readable to skb->unreadable - Minor fixes to selftests & docs. RFC v8: ======= Major Changes: -------------- - Fixed build error generated by patch-by-patch build. - Applied docs suggestions from Randy. RFC v7: ======= Major Changes: -------------- This revision largely rebases on top of net-next and addresses the feedback RFCv6 received from folks, namely Jakub, Yunsheng, Arnd, David, & Pavel. The series remains in RFC because the queue-API ndos defined in this series are not yet implemented. I have a GVE implementation I carry out of tree for my testing. A upstreamable GVE implementation is in the works. Aside from that, in my estimation all the patches are ready for review/merge. Please do take a look. As usual the full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v7/ Detailed changelog: - Use admin-perm in netlink API. - Addressed feedback from Jakub with regards to netlink API implementation. - Renamed devmem.c functions to something more appropriate for that file. - Improve the performance seen through the page_pool benchmark. - Fix the value definition of all the SO_DEVMEM_* uapi. - Various fixes to documentation. Perf - page-pool benchmark: --------------------------- Improved performance of bench_page_pool_simple.ko tests compared to v6: https://pastebin.com/raw/v5dYRg8L net-next base: 8 cycle fast path. RFC v6: 10 cycle fast path. RFC v7: 9 cycle fast path. RFC v7 with CONFIG_DMA_SHARED_BUFFER disabled: 8 cycle fast path, same as baseline. Perf - Devmem TCP benchmark: --------------------- Perf is about the same regardless of the changes in v7, namely the removal of the static_branch_unlikely to improve the page_pool benchmark performance: 189/200gbps bi-directional throughput with RX devmem TCP and regular TCP TX i.e. ~95% line rate. RFC v6: ======= Major Changes: -------------- This revision largely rebases on top of net-next and addresses the little feedback RFCv5 received. The series remains in RFC because the queue-API ndos defined in this series are not yet implemented. I have a GVE implementation I carry out of tree for my testing. A upstreamable GVE implementation is in the works. Aside from that, in my estimation all the patches are ready for review/merge. Please do take a look. As usual the full devmem TCP changes including the full GVE driver implementation is here: https://github.com/mina/linux/commits/tcpdevmem-v6/ This version also comes with some performance data recorded in the cover letter (see below changelog). Detailed changelog: - Rebased on top of the merged netmem_ref changes. - Converted skb->dmabuf to skb->readable (Pavel). Pavel's original suggestion was to remove the skb->dmabuf flag entirely, but when I looked into it closely, I found the issue that if we remove the flag we have to dereference the shinfo(skb) pointer to obtain the first frag to tell whether an skb is readable or not. This can cause a performance regression if it dirties the cache line when the shinfo(skb) was not really needed. Instead, I converted the skb->dmabuf flag into a generic skb->readable flag which can be re-used by io_uring 0-copy RX. - Squashed a few locking optimizations from Eric Dumazet in the RX path and the DEVMEM_DONTNEED setsockopt. - Expanded the tests a bit. Added validation for invalid scenarios and added some more coverage. Perf - page-pool benchmark: --------------------------- bench_page_pool_simple.ko tests with and without these changes: https://pastebin.com/raw/ncHDwAbn AFAIK the number that really matters in the perf tests is the 'tasklet_page_pool01_fast_path Per elem'. This one measures at about 8 cycles without the changes but there is some 1 cycle noise in some results. With the patches this regresses to 9 cycles with the changes but there is 1 cycle noise occasionally running this test repeatedly. Lastly I tried disable the static_branch_unlikely() in netmem_is_net_iov() check. To my surprise disabling the static_branch_unlikely() check reduces the fast path back to 8 cycles, but the 1 cycle noise remains. Perf - Devmem TCP benchmark: --------------------- 189/200gbps bi-directional throughput with RX devmem TCP and regular TCP TX i.e. ~95% line rate. Major changes in RFC v5: ======================== 1. Rebased on top of 'Abstract page from net stack' series and used the new netmem type to refer to LSB set pointers instead of re-using struct page. 2. Downgraded this series back to RFC and called it RFC v5. This is because this series is now dependent on 'Abstract page from net stack'[1] and the queue API. Both are removed from the series to reduce the patch # and those bits are fairly independent or pre-requisite work. 3. Reworked the page_pool devmem support to use netmem and for some more unified handling. 4. Reworked the reference counting of net_iov (renamed from page_pool_iov) to use pp_ref_count for refcounting. The full changes including the dependent series and GVE page pool support is here: https://github.com/mina/linux/commits/tcpdevmem-rfcv5/ [1] https://patchwork.kernel.org/project/netdevbpf/list/?series=810774 Major changes in v1: ==================== 1. Implemented MVP queue API ndos to remove the userspace-visible driver reset. 2. Fixed issues in the napi_pp_put_page() devmem frag unref path. 3. Removed RFC tag. Many smaller addressed comments across all the patches (patches have individual change log). Full tree including the rest of the GVE driver changes: https://github.com/mina/linux/commits/tcpdevmem-v1 Changes in RFC v3: ================== 1. Pulled in the memory-provider dependency from Jakub's RFC[1] to make the series reviewable and mergeable. 2. Implemented multi-rx-queue binding which was a todo in v2. 3. Fix to cmsg handling. The sticking point in RFC v2[2] was the device reset required to refill the device rx-queues after the dmabuf bind/unbind. The solution suggested as I understand is a subset of the per-queue management ops Jakub suggested or similar: https://lore.kernel.org/netdev/20230815171638.4c057dcd@kernel.org/ This is not addressed in this revision, because: 1. This point was discussed at netconf & netdev and there is openness to using the current approach of requiring a device reset. 2. Implementing individual queue resetting seems to be difficult for my test bed with GVE. My prototype to test this ran into issues with the rx-queues not coming back up properly if reset individually. At the moment I'm unsure if it's a mistake in the POC or a genuine issue in the virtualization stack behind GVE, which currently doesn't test individual rx-queue restart. 3. Our usecases are not bothered by requiring a device reset to refill the buffer queues, and we'd like to support NICs that run into this limitation with resetting individual queues. My thought is that drivers that have trouble with per-queue configs can use the support in this series, while drivers that support new netdev ops to reset individual queues can automatically reset the queue as part of the dma-buf bind/unbind. The same approach with device resets is presented again for consideration with other sticking points addressed. This proposal includes the rx devmem path only proposed for merge. For a snapshot of my entire tree which includes the GVE POC page pool support & device memory support: https://github.com/torvalds/linux/compare/master...mina:linux:tcpdevmem-v3 [1] https://lore.kernel.org/netdev/f8270765-a27b-6ccf-33ea-cda097168d79@redhat.… [2] https://lore.kernel.org/netdev/CAHS8izOVJGJH5WF68OsRWFKJid1_huzzUK+hpKbLcL4… Changes in RFC v2: ================== The sticking point in RFC v1[1] was the dma-buf pages approach we used to deliver the device memory to the TCP stack. RFC v2 is a proof-of-concept that attempts to resolve this by implementing scatterlist support in the networking stack, such that we can import the dma-buf scatterlist directly. This is the approach proposed at a high level here[2]. Detailed changes: 1. Replaced dma-buf pages approach with importing scatterlist into the page pool. 2. Replace the dma-buf pages centric API with a netlink API. 3. Removed the TX path implementation - there is no issue with implementing the TX path with scatterlist approach, but leaving out the TX path makes it easier to review. 4. Functionality is tested with this proposal, but I have not conducted perf testing yet. I'm not sure there are regressions, but I removed perf claims from the cover letter until they can be re-confirmed. 5. Added Signed-off-by: contributors to the implementation. 6. Fixed some bugs with the RX path since RFC v1. Any feedback welcome, but specifically the biggest pending questions needing feedback IMO are: 1. Feedback on the scatterlist-based approach in general. 2. Netlink API (Patch 1 & 2). 3. Approach to handle all the drivers that expect to receive pages from the page pool (Patch 6). [1] https://lore.kernel.org/netdev/dfe4bae7-13a0-3c5d-d671-f61b375cb0b4@gmail.c… [2] https://lore.kernel.org/netdev/CAHS8izPm6XRS54LdCDZVd0C75tA1zHSu6jLVO8nzTLX… ================== * TL;DR: Device memory TCP (devmem TCP) is a proposal for transferring data to and/or from device memory efficiently, without bouncing the data to a host memory buffer. * Problem: A large amount of data transfers have device memory as the source and/or destination. Accelerators drastically increased the volume of such transfers. Some examples include: - ML accelerators transferring large amounts of training data from storage into GPU/TPU memory. In some cases ML training setup time can be as long as 50% of TPU compute time, improving data transfer throughput & efficiency can help improving GPU/TPU utilization. - Distributed training, where ML accelerators, such as GPUs on different hosts, exchange data among them. - Distributed raw block storage applications transfer large amounts of data with remote SSDs, much of this data does not require host processing. Today, the majority of the Device-to-Device data transfers the network are implemented as the following low level operations: Device-to-Host copy, Host-to-Host network transfer, and Host-to-Device copy. The implementation is suboptimal, especially for bulk data transfers, and can put significant strains on system resources, such as host memory bandwidth, PCIe bandwidth, etc. One important reason behind the current state is the kernel’s lack of semantics to express device to network transfers. * Proposal: In this patch series we attempt to optimize this use case by implementing socket APIs that enable the user to: 1. send device memory across the network directly, and 2. receive incoming network packets directly into device memory. Packet _payloads_ go directly from the NIC to device memory for receive and from device memory to NIC for transmit. Packet _headers_ go to/from host memory and are processed by the TCP/IP stack normally. The NIC _must_ support header split to achieve this. Advantages: - Alleviate host memory bandwidth pressure, compared to existing network-transfer + device-copy semantics. - Alleviate PCIe BW pressure, by limiting data transfer to the lowest level of the PCIe tree, compared to traditional path which sends data through the root complex. * Patch overview: ** Part 1: netlink API Gives user ability to bind dma-buf to an RX queue. ** Part 2: scatterlist support Currently the standard for device memory sharing is DMABUF, which doesn't generate struct pages. On the other hand, networking stack (skbs, drivers, and page pool) operate on pages. We have 2 options: 1. Generate struct pages for dmabuf device memory, or, 2. Modify the networking stack to process scatterlist. Approach #1 was attempted in RFC v1. RFC v2 implements approach #2. ** part 3: page pool support We piggy back on page pool memory providers proposal: https://github.com/kuba-moo/linux/tree/pp-providers It allows the page pool to define a memory provider that provides the page allocation and freeing. It helps abstract most of the device memory TCP changes from the driver. ** part 4: support for unreadable skb frags Page pool iovs are not accessible by the host; we implement changes throughput the networking stack to correctly handle skbs with unreadable frags. ** Part 5: recvmsg() APIs We define user APIs for the user to send and receive device memory. Not included with this series is the GVE devmem TCP support, just to simplify the review. Code available here if desired: https://github.com/mina/linux/tree/tcpdevmem This series is built on top of net-next with Jakub's pp-providers changes cherry-picked. * NIC dependencies: 1. (strict) Devmem TCP require the NIC to support header split, i.e. the capability to split incoming packets into a header + payload and to put each into a separate buffer. Devmem TCP works by using device memory for the packet payload, and host memory for the packet headers. 2. (optional) Devmem TCP works better with flow steering support & RSS support, i.e. the NIC's ability to steer flows into certain rx queues. This allows the sysadmin to enable devmem TCP on a subset of the rx queues, and steer devmem TCP traffic onto these queues and non devmem TCP elsewhere. The NIC I have access to with these properties is the GVE with DQO support running in Google Cloud, but any NIC that supports these features would suffice. I may be able to help reviewers bring up devmem TCP on their NICs. * Testing: The series includes a udmabuf kselftest that show a simple use case of devmem TCP and validates the entire data path end to end without a dependency on a specific dmabuf provider. ** Test Setup Kernel: net-next with this series and memory provider API cherry-picked locally. Hardware: Google Cloud A3 VMs. NIC: GVE with header split & RSS & flow steering support. Cc: Pavel Begunkov <asml.silence(a)gmail.com> Cc: David Wei <dw(a)davidwei.uk> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Yunsheng Lin <linyunsheng(a)huawei.com> Cc: Shailend Chand <shailend(a)google.com> Cc: Harshitha Ramamurthy <hramamurthy(a)google.com> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: Jeroen de Borst <jeroendb(a)google.com> Cc: Praveen Kaligineedi <pkaligineedi(a)google.com> Cc: Bagas Sanjaya <bagasdotme(a)gmail.com> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Nikolay Aleksandrov <razor(a)blackwall.org> Cc: Taehee Yoo <ap420073(a)gmail.com> Cc: Donald Hunter <donald.hunter(a)gmail.com> Mina Almasry (13): netdev: add netdev_rx_queue_restart() net: netdev netlink api to bind dma-buf to a net device netdev: support binding dma-buf to netdevice netdev: netdevice devmem allocator page_pool: devmem support memory-provider: dmabuf devmem memory provider net: support non paged skb frags net: add support for skbs with unreadable frags tcp: RX path for devmem TCP net: add SO_DEVMEM_DONTNEED setsockopt to release RX frags net: add devmem TCP documentation selftests: add ncdevmem, netcat for devmem TCP netdev: add dmabuf introspection Documentation/netlink/specs/netdev.yaml | 61 +++ Documentation/networking/devmem.rst | 269 +++++++++++ Documentation/networking/index.rst | 1 + arch/alpha/include/uapi/asm/socket.h | 6 + arch/mips/include/uapi/asm/socket.h | 6 + arch/parisc/include/uapi/asm/socket.h | 6 + arch/sparc/include/uapi/asm/socket.h | 6 + include/linux/netdevice.h | 2 + include/linux/skbuff.h | 61 ++- include/linux/skbuff_ref.h | 9 +- include/linux/socket.h | 1 + include/net/netdev_rx_queue.h | 5 + include/net/netmem.h | 132 +++++- include/net/page_pool/helpers.h | 39 +- include/net/page_pool/types.h | 23 +- include/net/sock.h | 2 + include/net/tcp.h | 3 +- include/trace/events/page_pool.h | 12 +- include/uapi/asm-generic/socket.h | 6 + include/uapi/linux/netdev.h | 13 + include/uapi/linux/uio.h | 18 + net/Kconfig | 5 + net/core/Makefile | 2 + net/core/datagram.c | 6 + net/core/dev.c | 33 +- net/core/devmem.c | 389 ++++++++++++++++ net/core/devmem.h | 180 ++++++++ net/core/gro.c | 3 +- net/core/mp_dmabuf_devmem.h | 44 ++ net/core/netdev-genl-gen.c | 23 + net/core/netdev-genl-gen.h | 6 + net/core/netdev-genl.c | 139 +++++- net/core/netdev_rx_queue.c | 81 ++++ net/core/netmem_priv.h | 31 ++ net/core/page_pool.c | 119 +++-- net/core/page_pool_priv.h | 46 ++ net/core/page_pool_user.c | 32 +- net/core/skbuff.c | 77 +++- net/core/sock.c | 68 +++ net/ethtool/common.c | 8 + net/ipv4/esp4.c | 3 +- net/ipv4/tcp.c | 263 ++++++++++- net/ipv4/tcp_input.c | 13 +- net/ipv4/tcp_ipv4.c | 16 + net/ipv4/tcp_minisocks.c | 2 + net/ipv4/tcp_output.c | 5 +- net/ipv6/esp6.c | 3 +- net/packet/af_packet.c | 4 +- net/xdp/xsk_buff_pool.c | 5 + tools/include/uapi/linux/netdev.h | 13 + tools/net/ynl/lib/.gitignore | 1 + tools/testing/selftests/net/.gitignore | 1 + tools/testing/selftests/net/Makefile | 9 + tools/testing/selftests/net/ncdevmem.c | 570 ++++++++++++++++++++++++ 54 files changed, 2757 insertions(+), 124 deletions(-) create mode 100644 Documentation/networking/devmem.rst create mode 100644 net/core/devmem.c create mode 100644 net/core/devmem.h create mode 100644 net/core/mp_dmabuf_devmem.h create mode 100644 net/core/netdev_rx_queue.c create mode 100644 net/core/netmem_priv.h create mode 100644 tools/testing/selftests/net/ncdevmem.c -- 2.46.0.598.g6f2099f65c-goog

1 year, 1 month

2
14
0 0

[PATCH net 0/3] selftests: mptcp: misc. small fixes

by Matthieu Baerts (NGI0)

Here are some various fixes for the MPTCP selftests. Patch 1 fixes a recently modified test to continue to work as expected on older kernels. This is a fix for a recent fix that can be backported up to v5.15. Patch 2 and 3 include dependences when exporting or installing the tests. Two fixes for v6.11-rc1. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Matthieu Baerts (NGI0) (3): selftests: mptcp: join: restrict fullmesh endp on 1st sf selftests: mptcp: include lib.sh file selftests: mptcp: include net_helper.sh file tools/testing/selftests/net/mptcp/Makefile | 2 ++ tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) --- base-commit: 48aa361c5db0b380c2b75c24984c0d3e7c1e8c09 change-id: 20240910-net-selftests-mptcp-fix-install-2b82ae5a99c8 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 year, 1 month

2
4
0 0

[PATCH] selftests: kselftest: Use strerror() on nolibc

by zhangjiao2

From: zhang jiao <zhangjiao2(a)cmss.chinamobile.com> Nolibc gained an implementation of strerror() recently. Use it and drop the ifndef. Signed-off-by: zhang jiao <zhangjiao2(a)cmss.chinamobile.com> --- tools/testing/selftests/kselftest.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/tools/testing/selftests/kselftest.h b/tools/testing/selftests/kselftest.h index e195ec156859..29fedf609611 100644 --- a/tools/testing/selftests/kselftest.h +++ b/tools/testing/selftests/kselftest.h @@ -373,15 +373,7 @@ static inline __noreturn __printf(1, 2) void ksft_exit_fail_msg(const char *msg, static inline __noreturn void ksft_exit_fail_perror(const char *msg) { -#ifndef NOLIBC ksft_exit_fail_msg("%s: %s (%d)\n", msg, strerror(errno), errno); -#else - /* - * nolibc doesn't provide strerror() and it seems - * inappropriate to add one, just print the errno. - */ - ksft_exit_fail_msg("%s: %d)\n", msg, errno); -#endif } static inline __noreturn void ksft_exit_xfail(void) -- 2.33.0

1 year, 1 month

3
3
0 0

[for-next][PATCH 2/2] selftests/ring-buffer: Handle meta-page bigger than the system

by Steven Rostedt

From: Vincent Donnefort <vdonnefort(a)google.com> Handle the case where the meta-page content is bigger than the system page-size. This prepares the ground for extending features covered by the meta-page. Cc: Shuah Khan <skhan(a)linuxfoundation.org> Cc: linux-kselftest(a)vger.kernel.org Link: https://lore.kernel.org/20240910162335.2993310-3-vdonnefort@google.com Acked-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Vincent Donnefort <vdonnefort(a)google.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- tools/testing/selftests/ring-buffer/map_test.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tools/testing/selftests/ring-buffer/map_test.c b/tools/testing/selftests/ring-buffer/map_test.c index ba12fd31de87..d10a847130fb 100644 --- a/tools/testing/selftests/ring-buffer/map_test.c +++ b/tools/testing/selftests/ring-buffer/map_test.c @@ -92,12 +92,22 @@ int tracefs_cpu_map(struct tracefs_cpu_map_desc *desc, int cpu) if (desc->cpu_fd < 0) return -ENODEV; +again: map = mmap(NULL, page_size, PROT_READ, MAP_SHARED, desc->cpu_fd, 0); if (map == MAP_FAILED) return -errno; desc->meta = (struct trace_buffer_meta *)map; + /* the meta-page is bigger than the original mapping */ + if (page_size < desc->meta->meta_struct_len) { + int meta_page_size = desc->meta->meta_page_size; + + munmap(desc->meta, page_size); + page_size = meta_page_size; + goto again; + } + return 0; } -- 2.45.2

1 year, 1 month

1
0
0 0

[for-next][PATCH 1/2] selftests/ring-buffer: Verify the entire meta-page padding

by Steven Rostedt

From: Vincent Donnefort <vdonnefort(a)google.com> Improve the ring-buffer meta-page test coverage by checking for the entire padding region to be 0 instead of just looking at the first 4 bytes. Cc: linux-kselftest(a)vger.kernel.org Link: https://lore.kernel.org/20240910162335.2993310-2-vdonnefort@google.com Acked-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Vincent Donnefort <vdonnefort(a)google.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- tools/testing/selftests/ring-buffer/map_test.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/ring-buffer/map_test.c b/tools/testing/selftests/ring-buffer/map_test.c index 4bb0192e43f3..ba12fd31de87 100644 --- a/tools/testing/selftests/ring-buffer/map_test.c +++ b/tools/testing/selftests/ring-buffer/map_test.c @@ -231,15 +231,15 @@ TEST_F(map, data_mmap) /* Verify meta-page padding */ if (desc->meta->meta_page_size > getpagesize()) { - void *addr; - data_len = desc->meta->meta_page_size; data = mmap(NULL, data_len, PROT_READ, MAP_SHARED, desc->cpu_fd, 0); ASSERT_NE(data, MAP_FAILED); - addr = (void *)((unsigned long)data + getpagesize()); - ASSERT_EQ(*((int *)addr), 0); + for (int i = desc->meta->meta_struct_len; + i < desc->meta->meta_page_size; i += sizeof(int)) + ASSERT_EQ(*(int *)(data + i), 0); + munmap(data, data_len); } } -- 2.45.2

1 year, 1 month

1
0
0 0

[PATCH RESEND 2/2] ring-buffer/selftest: Handle meta-page bigger than the system

by Vincent Donnefort

Handle the case where the meta-page content is bigger than the system page-size. This prepares the ground for extending features covered by the meta-page. Cc: Shuah Khan <skhan(a)linuxfoundation.org> Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Vincent Donnefort <vdonnefort(a)google.com> diff --git a/tools/testing/selftests/ring-buffer/map_test.c b/tools/testing/selftests/ring-buffer/map_test.c index ba12fd31de87..d10a847130fb 100644 --- a/tools/testing/selftests/ring-buffer/map_test.c +++ b/tools/testing/selftests/ring-buffer/map_test.c @@ -92,12 +92,22 @@ int tracefs_cpu_map(struct tracefs_cpu_map_desc *desc, int cpu) if (desc->cpu_fd < 0) return -ENODEV; +again: map = mmap(NULL, page_size, PROT_READ, MAP_SHARED, desc->cpu_fd, 0); if (map == MAP_FAILED) return -errno; desc->meta = (struct trace_buffer_meta *)map; + /* the meta-page is bigger than the original mapping */ + if (page_size < desc->meta->meta_struct_len) { + int meta_page_size = desc->meta->meta_page_size; + + munmap(desc->meta, page_size); + page_size = meta_page_size; + goto again; + } + return 0; } -- 2.46.0.598.g6f2099f65c-goog

1 year, 1 month

3
4
0 0

[PATCH RESEND 1/2] ring-buffer/selftest: Verify the entire meta-page padding

by Vincent Donnefort

Improve the ring-buffer meta-page test coverage by checking for the entire padding region to be 0 instead of just looking at the first 4 bytes. Cc: Shuah Khan <skhan(a)linuxfoundation.org> Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Vincent Donnefort <vdonnefort(a)google.com> diff --git a/tools/testing/selftests/ring-buffer/map_test.c b/tools/testing/selftests/ring-buffer/map_test.c index 4bb0192e43f3..ba12fd31de87 100644 --- a/tools/testing/selftests/ring-buffer/map_test.c +++ b/tools/testing/selftests/ring-buffer/map_test.c @@ -231,15 +231,15 @@ TEST_F(map, data_mmap) /* Verify meta-page padding */ if (desc->meta->meta_page_size > getpagesize()) { - void *addr; - data_len = desc->meta->meta_page_size; data = mmap(NULL, data_len, PROT_READ, MAP_SHARED, desc->cpu_fd, 0); ASSERT_NE(data, MAP_FAILED); - addr = (void *)((unsigned long)data + getpagesize()); - ASSERT_EQ(*((int *)addr), 0); + for (int i = desc->meta->meta_struct_len; + i < desc->meta->meta_page_size; i += sizeof(int)) + ASSERT_EQ(*(int *)(data + i), 0); + munmap(data, data_len); } } -- 2.46.0.598.g6f2099f65c-goog

1 year, 1 month

3
5
0 0

[PATCH 0/2] selftests: vDSO: s390 fixes

by Heiko Carstens

Two s390 fixes to make vdso selftests running on s390. Jason, given that you carry already a lot of changes for vdso selftests I guess these should be routed via the random tree. Patches apply on top of current random.git master branch. Thanks, Heiko Heiko Carstens (1): selftests: vDSO: fix vdso_config for s390 Jens Remus (1): selftests: vDSO: fix ELF hash table entry size for s390x tools/testing/selftests/vDSO/parse_vdso.c | 14 ++++++++++---- tools/testing/selftests/vDSO/vdso_config.h | 4 ++-- 2 files changed, 12 insertions(+), 6 deletions(-) -- 2.43.0

1 year, 1 month

2
4
0 0

[PATCH net-next] page_pool: add a test module for page_pool

by Yunsheng Lin

The testing is done by ensuring that the page allocated from the page_pool instance is pushed into a ptr_ring instance in a kthread/napi binded to a specified cpu, and a kthread/napi binded to a specified cpu will pop the page from the ptr_ring and free it back to the page_pool. Signed-off-by: Yunsheng Lin <linyunsheng(a)huawei.com> --- tools/testing/selftests/net/Makefile | 3 + .../testing/selftests/net/page_pool/Makefile | 18 + .../selftests/net/page_pool/page_pool_test.c | 433 ++++++++++++++++++ tools/testing/selftests/net/test_page_pool.sh | 175 +++++++ 4 files changed, 629 insertions(+) create mode 100644 tools/testing/selftests/net/page_pool/Makefile create mode 100644 tools/testing/selftests/net/page_pool/page_pool_test.c create mode 100755 tools/testing/selftests/net/test_page_pool.sh diff --git a/tools/testing/selftests/net/Makefile b/tools/testing/selftests/net/Makefile index 27362e40eb37..4d4ddd853ef8 100644 --- a/tools/testing/selftests/net/Makefile +++ b/tools/testing/selftests/net/Makefile @@ -6,6 +6,8 @@ CFLAGS += -I../../../../usr/include/ $(KHDR_INCLUDES) # Additional include paths needed by kselftest.h CFLAGS += -I../ +TEST_GEN_MODS_DIR := page_pool + TEST_PROGS := run_netsocktests run_afpackettests test_bpf.sh netdevice.sh \ rtnetlink.sh xfrm_policy.sh test_blackhole_dev.sh TEST_PROGS += fib_tests.sh fib-onlink-tests.sh pmtu.sh udpgso.sh ip_defrag.sh @@ -96,6 +98,7 @@ TEST_PROGS += fdb_flush.sh TEST_PROGS += fq_band_pktlimit.sh TEST_PROGS += vlan_hw_filter.sh TEST_PROGS += bpf_offload.py +TEST_PROGS += test_page_pool.sh TEST_FILES := settings TEST_FILES += in_netns.sh lib.sh net_helper.sh setup_loopback.sh setup_veth.sh diff --git a/tools/testing/selftests/net/page_pool/Makefile b/tools/testing/selftests/net/page_pool/Makefile new file mode 100644 index 000000000000..4380a70d6391 --- /dev/null +++ b/tools/testing/selftests/net/page_pool/Makefile @@ -0,0 +1,18 @@ +PAGE_POOL_TEST_DIR := $(realpath $(dir $(abspath $(lastword $(MAKEFILE_LIST))))) +KDIR ?= $(abspath $(PAGE_POOL_TEST_DIR)/../../../../..) + +ifeq ($(V),1) +Q = +else +Q = @ +endif + +MODULES = page_pool_test.ko + +obj-m += page_pool_test.o + +all: + +$(Q)make -C $(KDIR) M=$(PAGE_POOL_TEST_DIR) modules + +clean: + +$(Q)make -C $(KDIR) M=$(PAGE_POOL_TEST_DIR) clean diff --git a/tools/testing/selftests/net/page_pool/page_pool_test.c b/tools/testing/selftests/net/page_pool/page_pool_test.c new file mode 100644 index 000000000000..475b64f21b78 --- /dev/null +++ b/tools/testing/selftests/net/page_pool/page_pool_test.c @@ -0,0 +1,433 @@ +// SPDX-License-Identifier: GPL-2.0 + +/* + * Test module for page_pool + * + * Copyright (C) 2024 Yunsheng Lin <linyunsheng(a)huawei.com> + */ + +#include <linux/module.h> +#include <linux/cpumask.h> +#include <linux/completion.h> +#include <linux/device.h> +#include <linux/etherdevice.h> +#include <linux/ptr_ring.h> +#include <linux/kthread.h> +#include <net/page_pool/helpers.h> + +static struct ptr_ring ptr_ring; +static int nr_objs = 512; +static atomic_t nthreads; +static struct completion wait; +static struct page_pool *test_pool; +static struct device *dev; +static u64 dma_mask = DMA_BIT_MASK(64); + +static int nr_test = 2000000; +module_param(nr_test, int, 0); +MODULE_PARM_DESC(nr_test, "number of iterations to test"); + +static bool test_frag; +module_param(test_frag, bool, 0); +MODULE_PARM_DESC(test_frag, "use frag API for testing"); + +static bool test_dma; +module_param(test_dma, bool, 0); +MODULE_PARM_DESC(test_dma, "enable dma mapping for testing"); + +static bool test_napi; +module_param(test_napi, bool, 0); +MODULE_PARM_DESC(test_napi, "use NAPI softirq for testing"); + +static bool test_direct; +module_param(test_direct, bool, 0); +MODULE_PARM_DESC(test_direct, "enable direct recycle for testing"); + +static int test_alloc_len = 2048; +module_param(test_alloc_len, int, 0); +MODULE_PARM_DESC(test_alloc_len, "alloc len for testing"); + +static int test_push_cpu; +module_param(test_push_cpu, int, 0); +MODULE_PARM_DESC(test_push_cpu, "test cpu for pushing page"); + +static int test_pop_cpu; +module_param(test_pop_cpu, int, 0); +MODULE_PARM_DESC(test_pop_cpu, "test cpu for popping page"); + +static void page_pool_test_dev_release(struct device *dev) +{ + kfree(dev); +} + +static struct page_pool *page_pool_test_create(void) +{ + struct page_pool_params page_pool_params = { + .pool_size = nr_objs, + .flags = 0, + .nid = cpu_to_mem(test_push_cpu), + }; + int ret; + + if (test_dma) { + dev = kzalloc(sizeof(*dev), GFP_KERNEL); + if (!dev) + return ERR_PTR(-ENOMEM); + + dev->release = page_pool_test_dev_release; + dev->dma_mask = &dma_mask; + device_initialize(dev); + + ret = dev_set_name(dev, "page_pool_dev"); + if (ret) { + pr_err("page_pool_test dev_set_name() failed: %d\n", + ret); + goto err_out; + } + + ret = dma_set_mask_and_coherent(dev, DMA_BIT_MASK(64)); + if (ret) { + pr_err("page_pool_test set dma mask failed: %d\n", + ret); + goto err_out; + } + + ret = device_add(dev); + if (ret) { + pr_err("page_pool_test device_add() failed: %d\n", ret); + goto err_out; + } + + page_pool_params.dev = dev; + page_pool_params.flags |= PP_FLAG_DMA_MAP; + page_pool_params.dma_dir = DMA_FROM_DEVICE; + } + + return page_pool_create(&page_pool_params); +err_out: + put_device(dev); + return ERR_PTR(ret); +} + +static void page_pool_test_destroy(struct page_pool *pool) +{ + page_pool_destroy(pool); + + if (test_dma) { + device_del(dev); + put_device(dev); + } +} + +static int test_pushed; +static int test_popped; +static int page_pool_pop_thread(void *arg) +{ + struct ptr_ring *ring = arg; + + pr_info("page_pool pop test thread begins on cpu %d\n", + smp_processor_id()); + + while (test_popped < nr_test) { + void *obj = __ptr_ring_consume(ring); + + if (obj) { + test_popped++; + page_pool_put_full_page(test_pool, obj, false); + } else { + cond_resched(); + } + } + + if (atomic_dec_and_test(&nthreads)) + complete(&wait); + + pr_info("page_pool pop test thread exits on cpu %d\n", + smp_processor_id()); + + return 0; +} + +static int page_pool_push_thread(void *arg) +{ + struct ptr_ring *ring = arg; + + pr_info("page_pool push test thread begins on cpu %d\n", + smp_processor_id()); + + while (test_pushed < nr_test) { + struct page *page; + int ret; + + if (test_frag) { + unsigned int offset; + + page = page_pool_dev_alloc_frag(test_pool, &offset, + test_alloc_len); + } else { + page = page_pool_dev_alloc_pages(test_pool); + } + + if (!page) + continue; + + ret = __ptr_ring_produce(ring, page); + if (ret) { + page_pool_put_full_page(test_pool, page, true); + cond_resched(); + } else { + test_pushed++; + } + } + + pr_info("page_pool push test thread exits on cpu %d\n", + smp_processor_id()); + + if (atomic_dec_and_test(&nthreads)) + complete(&wait); + + return 0; +} + +static int page_pool_push_poll(struct napi_struct *napi, int budget) +{ + static bool print = true; + int processed = 0; + + if (unlikely(print)) { + pr_info("page_pool push test napi begins on cpu %d\n", + smp_processor_id()); + print = false; + } + + while (processed < budget && test_pushed < nr_test) { + struct page *page; + int ret; + + if (test_frag) { + unsigned int offset; + + page = page_pool_dev_alloc_frag(test_pool, &offset, + test_alloc_len); + } else { + page = page_pool_dev_alloc_pages(test_pool); + } + + if (!page) + return budget; + + ret = __ptr_ring_produce(&ptr_ring, page); + if (ret) { + page_pool_put_full_page(test_pool, page, true); + return budget; + } + + processed++; + test_pushed++; + } + + if (test_pushed < nr_test) + return budget; + + pr_info("page_pool push test napi exits on cpu %d\n", + smp_processor_id()); + + napi_complete(napi); + if (atomic_dec_and_test(&nthreads)) + complete(&wait); + + return 0; +} + +static int page_pool_pop_poll(struct napi_struct *napi, int budget) +{ + static bool print = true; + int processed = 0; + + if (unlikely(print)) { + pr_info("page_pool pop test napi begins on cpu %d\n", + smp_processor_id()); + print = false; + } + + while (processed < budget && test_popped < nr_test) { + void *obj = __ptr_ring_consume(&ptr_ring); + + if (obj) { + processed++; + test_popped++; + page_pool_put_full_page(test_pool, obj, test_direct); + } else { + return budget; + } + } + + if (test_popped < nr_test) + return budget; + + if (atomic_dec_and_test(&nthreads)) + complete(&wait); + + napi_complete(napi); + pr_info("page_pool pop test napi exits on cpu %d\n", + smp_processor_id()); + + return 0; +} + +static int page_pool_create_test_thread(void) +{ + struct task_struct *tsk_push, *tsk_pop; + + tsk_push = kthread_create_on_cpu(page_pool_push_thread, &ptr_ring, + test_push_cpu, "page_pool_push"); + if (IS_ERR(tsk_push)) + return PTR_ERR(tsk_push); + + tsk_pop = kthread_create_on_cpu(page_pool_pop_thread, &ptr_ring, + test_pop_cpu, "page_pool_pop"); + if (IS_ERR(tsk_pop)) { + kthread_stop(tsk_push); + return PTR_ERR(tsk_pop); + } + + wake_up_process(tsk_push); + wake_up_process(tsk_pop); + + return 0; +} + +static struct napi_struct *pop_napi, *push_napi; +static struct net_device *netdev; +static int page_pool_schedule_napi(void *arg) +{ + struct napi_struct *napi = arg; + + napi_schedule_irqoff(napi); + + return 0; +} + +static int page_pool_create_test_napi(void) +{ + struct task_struct *push_tsk, *pop_tsk; + int ret; + + netdev = alloc_etherdev(sizeof(struct napi_struct) * 2); + if (!netdev) + return -ENOMEM; + + pop_napi = netdev_priv(netdev); + push_napi = pop_napi + 1; + + netif_napi_add(netdev, push_napi, page_pool_push_poll); + netif_napi_add(netdev, pop_napi, page_pool_pop_poll); + + napi_enable(push_napi); + napi_enable(pop_napi); + + push_tsk = kthread_create_on_cpu(page_pool_schedule_napi, push_napi, + test_push_cpu, "page_pool_push_napi"); + if (IS_ERR(push_tsk)) { + ret = PTR_ERR(push_tsk); + goto err_alloc_etherdev; + } + + pop_tsk = kthread_create_on_cpu(page_pool_schedule_napi, pop_napi, + test_pop_cpu, "page_pool_pop_napi"); + if (IS_ERR(pop_tsk)) { + ret = PTR_ERR(pop_tsk); + goto err_push_thread; + } + + wake_up_process(push_tsk); + wake_up_process(pop_tsk); + return 0; + +err_push_thread: + kthread_stop(push_tsk); +err_alloc_etherdev: + free_netdev(netdev); + return ret; +} + +static void page_pool_destroy_test_napi(void) +{ + napi_disable(push_napi); + napi_disable(pop_napi); + + netif_napi_del(push_napi); + netif_napi_del(pop_napi); + + free_netdev(netdev); +} + +static int __init page_pool_test_init(void) +{ + ktime_t start; + u64 duration; + int ret; + + if (test_alloc_len > PAGE_SIZE || test_alloc_len <= 0 || + !cpu_active(test_push_cpu) || !cpu_active(test_pop_cpu) || + (test_direct && (test_push_cpu != test_pop_cpu || !test_napi))) + return -EINVAL; + + ret = ptr_ring_init(&ptr_ring, nr_objs, GFP_KERNEL); + if (ret) + return ret; + + test_pool = page_pool_test_create(); + if (IS_ERR(test_pool)) { + ret = PTR_ERR(test_pool); + goto err_ptr_ring_init; + } + + atomic_set(&nthreads, 2); + init_completion(&wait); + + if (test_napi) + ret = page_pool_create_test_napi(); + else + ret = page_pool_create_test_thread(); + if (ret) + goto err_pool_create; + + start = ktime_get(); + pr_info("waiting for test to complete\n"); + + while (!wait_for_completion_timeout(&wait, msecs_to_jiffies(20000))) + pr_info("page_pool_test progress: pushed = %d, popped = %d\n", + test_pushed, test_popped); + + duration = (u64)ktime_us_delta(ktime_get(), start); + pr_info("%d of iterations for %s%s%s%s testing took: %lluus\n", + nr_test, test_napi ? "napi" : "thread", + test_direct ? " direct" : "", test_dma ? " dma" : "", + test_frag ? " frag" : "", duration); + + ptr_ring_cleanup(&ptr_ring, NULL); + page_pool_test_destroy(test_pool); + + if (test_napi) + page_pool_destroy_test_napi(); + + return -EAGAIN; + +err_pool_create: + page_pool_test_destroy(test_pool); +err_ptr_ring_init: + ptr_ring_cleanup(&ptr_ring, NULL); + return ret; +} + +static void __exit page_pool_test_exit(void) +{ +} + +module_init(page_pool_test_init); +module_exit(page_pool_test_exit); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Yunsheng Lin <linyunsheng(a)huawei.com>"); +MODULE_DESCRIPTION("Test module for page_pool"); diff --git a/tools/testing/selftests/net/test_page_pool.sh b/tools/testing/selftests/net/test_page_pool.sh new file mode 100755 index 000000000000..b9b422f5449d --- /dev/null +++ b/tools/testing/selftests/net/test_page_pool.sh @@ -0,0 +1,175 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (C) 2024 Yunsheng Lin <linyunsheng(a)huawei.com> +# Copyright (C) 2018 Uladzislau Rezki (Sony) <urezki(a)gmail.com> +# +# This is a test script for the kernel test driver to test the +# correctness and performance of page_pool's implementation. +# Therefore it is just a kernel module loader. You can specify +# and pass different parameters in order to: +# a) analyse performance of page_pool; +# b) stressing and stability check of page_pool subsystem. + +DRIVER="./page_pool/page_pool_test.ko" +CPU_LIST=$(grep -m 2 processor /proc/cpuinfo | cut -d ' ' -f 2) +CPU_CNT=$(echo $CPU_LIST | wc -w) +TEST_CPU_0=$(echo $CPU_LIST | awk '{print $1}') + +if [ $CPU_CNT -gt 1 ]; then + TEST_CPU_1=$(echo $CPU_LIST | awk '{print $2}') + NR_TEST=100000000 +else + TEST_CPU_1=$TEST_CPU_0 + NR_TEST=1000000 +fi + +# Kselftest framework requirement - SKIP code is 4. +ksft_skip=4 + +# +# Static templates for testing of page_pool APIs. +# Also it is possible to pass any supported parameters manually. +# +SMOKE_0_PARAM="test_push_cpu=$TEST_CPU_0 test_pop_cpu=$TEST_CPU_0" +SMOKE_1_PARAM="test_push_cpu=$TEST_CPU_0 test_pop_cpu=$TEST_CPU_1" +NONFRAG_PARAM="$SMOKE_1_PARAM nr_test=$NR_TEST" +FRAG_PARAM="$NONFRAG_PARAM test_alloc_len=2048 test_frag=1" +NONFRAG_DMA_PARAM="$NONFRAG_PARAM test_dma=1" +FRAG_DMA_PARAM="$FRAG_PARAM test_dma=1" +NONFRAG_NAPI_PARAM="$NONFRAG_PARAM test_napi=1" +FRAG_NAPI_PARAM="$FRAG_PARAM test_napi=1" +NAPI_PARAM="$SMOKE_0_PARAM test_napi=1" +NAPI_DIRECT_PARAM="$NAPI_PARAM test_direct=1" + +check_test_requirements() +{ + uid=$(id -u) + if [ $uid -ne 0 ]; then + echo "$0: Must be run as root" + exit $ksft_skip + fi + + if ! which insmod > /dev/null 2>&1; then + echo "$0: You need insmod installed" + exit $ksft_skip + fi + + if [ ! -f $DRIVER ]; then + echo "$0: You need to compile page_pool_test module" + exit $ksft_skip + fi +} + +run_nonfrag_check() +{ + echo "Run performance tests to evaluate how fast nonaligned alloc API is." + + insmod $DRIVER $NONFRAG_PARAM > /dev/null 2>&1 + echo "Done." + echo "Check the kernel ring buffer to see the summary." +} + +run_frag_check() +{ + echo "Run performance tests to evaluate how fast aligned alloc API is." + + insmod $DRIVER $FRAG_PARAM > /dev/null 2>&1 + echo "Done." + echo "Check the kernel ring buffer to see the summary." +} + +run_nonfrag_dma_check() +{ + echo "Run performance tests to evaluate nonaligned alloc API with dma mapping." + + insmod $DRIVER $NONFRAG_DMA_PARAM > /dev/null 2>&1 + echo "Done." + echo "Check the kernel ring buffer to see the summary." +} + +run_frag_dma_check() +{ + echo "Run performance tests to evaluate aligned alloc API with dma mapping." + + insmod $DRIVER $FRAG_DMA_PARAM > /dev/null 2>&1 + echo "Done." + echo "Check the kernel ring buffer to see the summary." +} + +run_nonfrag_napi_check() +{ + echo "Run performance tests to evaluate nonaligned alloc API in NAPI testing mode." + + insmod $DRIVER $NONFRAG_NAPI_PARAM > /dev/null 2>&1 + echo "Done." + echo "Check the kernel ring buffer to see the summary." +} + +run_frag_napi_check() +{ + echo "Run performance tests to evaluate aligned alloc API in NAPI testing mode." + + insmod $DRIVER $FRAG_NAPI_PARAM > /dev/null 2>&1 + echo "Done." + echo "Check the kernel ring buffer to see the summary." +} + +run_napi_check() +{ + echo "Run performance in NAPI testing mode." + + insmod $DRIVER $NAPI_PARAM > /dev/null 2>&1 + echo "Done." + echo "Check the kernel ring buffer to see the summary." +} + +run_napi_direct_check() +{ + echo "Run performance tests in NAPI and direct recycle testing mode." + + insmod $DRIVER $NAPI_DIRECT_PARAM > /dev/null 2>&1 + echo "Done." + echo "Check the kernel ring buffer to see the summary." +} + +run_smoke_0_check() +{ + echo "Run smoke_0 test." + + insmod $DRIVER $SMOKE_0_PARAM > /dev/null 2>&1 + echo "Done." + echo "Check the kernel ring buffer to see the summary." +} + +run_smoke_1_check() +{ + echo "Run smoke_1 test." + + insmod $DRIVER $SMOKE_1_PARAM > /dev/null 2>&1 + echo "Done." + echo "Check the kernel ring buffer to see the summary." +} + + +function run_test() +{ + run_smoke_0_check + run_napi_check + run_napi_direct_check + + if [ $CPU_CNT -gt 1 ]; then + run_smoke_1_check + run_nonfrag_check + run_frag_check + run_nonfrag_dma_check + run_frag_dma_check + run_nonfrag_napi_check + run_frag_napi_check + fi +} + +check_test_requirements +run_test + +exit 0 -- 2.33.0

1 year, 1 month

3
4
0 0

[PATCH net] selftests: net: csum: Fix checksums for packets with non-zero padding

by Sean Anderson

Padding is not included in UDP and TCP checksums. Therefore, reduce the length of the checksummed data to include only the data in the IP payload. This fixes spurious reported checksum failures like rx: pkt: sport=33000 len=26 csum=0xc850 verify=0xf9fe pkt: bad csum Technically it is possible for there to be trailing bytes after the UDP data but before the Ethernet padding (e.g. if sizeof(ip) + sizeof(udp) + udp.len < ip.len). However, we don't generate such packets. Fixes: 91a7de85600d ("selftests/net: add csum offload test") Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> --- Found while testing for this very bug in hardware checksum offloads. tools/testing/selftests/net/lib/csum.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/lib/csum.c b/tools/testing/selftests/net/lib/csum.c index b9f3fc3c3426..e0a34e5e8dd5 100644 --- a/tools/testing/selftests/net/lib/csum.c +++ b/tools/testing/selftests/net/lib/csum.c @@ -654,10 +654,16 @@ static int recv_verify_packet_ipv4(void *nh, int len) { struct iphdr *iph = nh; uint16_t proto = cfg_encap ? IPPROTO_UDP : cfg_proto; + uint16_t ip_len; if (len < sizeof(*iph) || iph->protocol != proto) return -1; + ip_len = ntohs(iph->tot_len); + if (ip_len > len || ip_len < sizeof(*iph)) + return -1; + + len = ip_len; iph_addr_p = &iph->saddr; if (proto == IPPROTO_TCP) return recv_verify_packet_tcp(iph + 1, len - sizeof(*iph)); @@ -669,16 +675,22 @@ static int recv_verify_packet_ipv6(void *nh, int len) { struct ipv6hdr *ip6h = nh; uint16_t proto = cfg_encap ? IPPROTO_UDP : cfg_proto; + uint16_t ip_len; if (len < sizeof(*ip6h) || ip6h->nexthdr != proto) return -1; + ip_len = ntohs(ip6h->payload_len); + if (ip_len > len - sizeof(*ip6h)) + return -1; + + len = ip_len; iph_addr_p = &ip6h->saddr; if (proto == IPPROTO_TCP) - return recv_verify_packet_tcp(ip6h + 1, len - sizeof(*ip6h)); + return recv_verify_packet_tcp(ip6h + 1, len); else - return recv_verify_packet_udp(ip6h + 1, len - sizeof(*ip6h)); + return recv_verify_packet_udp(ip6h + 1, len); } /* return whether auxdata includes TP_STATUS_CSUM_VALID */ -- 2.35.1.1320.gc452695387.dirty

1 year, 1 month

5
12
0 0

[PATCH net-next v2 0/2] selftests/net: add packetdrill

by Willem de Bruijn

From: Willem de Bruijn <willemb(a)google.com> Lay the groundwork to import into kselftests the over 150 packetdrill TCP/IP conformance tests on github.com/google/packetdrill. 1/2: add kselftest infra for TEST_PROGS that need an interpreter 2/2: add the specific packetdrill tests Both can go through net-next, I imagine. But let me know if the core infra should go through linux-kselftest. Willem de Bruijn (2): selftests: support interpreted scripts with ksft_runner.sh selftests/net: integrate packetdrill with ksft tools/testing/selftests/Makefile | 5 +- tools/testing/selftests/kselftest/runner.sh | 7 ++- .../selftests/net/packetdrill/Makefile | 9 +++ .../testing/selftests/net/packetdrill/config | 5 ++ .../selftests/net/packetdrill/defaults.sh | 63 +++++++++++++++++++ .../selftests/net/packetdrill/ksft_runner.sh | 41 ++++++++++++ .../net/packetdrill/tcp_inq_client.pkt | 51 +++++++++++++++ .../net/packetdrill/tcp_inq_server.pkt | 51 +++++++++++++++ .../tcp_md5_md5-only-on-client-ack.pkt | 28 +++++++++ 9 files changed, 256 insertions(+), 4 deletions(-) create mode 100644 tools/testing/selftests/net/packetdrill/Makefile create mode 100644 tools/testing/selftests/net/packetdrill/config create mode 100755 tools/testing/selftests/net/packetdrill/defaults.sh create mode 100755 tools/testing/selftests/net/packetdrill/ksft_runner.sh create mode 100644 tools/testing/selftests/net/packetdrill/tcp_inq_client.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_inq_server.pkt create mode 100644 tools/testing/selftests/net/packetdrill/tcp_md5_md5-only-on-client-ack.pkt -- 2.46.0.469.g59c65b2a67-goog

1 year, 1 month

4
14
0 0

[PATCH v2 0/2] Exposing nice CPU usage to userspace

by Joshua Hahn

From: Joshua Hahn <joshua.hahn6(a)gmail.com> v1 -> v2: Edited commit messages for clarity. Niced CPU usage is a metric reported in host-level /prot/stat, but is not reported in cgroup-level statistics in cpu.stat. However, when a host contains multiple tasks across different workloads, it becomes difficult to gauge how much of the task is being spent on niced processes based on /proc/stat alone, since host-level metrics do not provide this cgroup-level granularity. Exposing this metric will allow users to accurately probe the niced CPU metric for each workload, and make more informed decisions when directing higher priority tasks. Joshua Hahn (2): Tracking cgroup-level niced CPU time Selftests for niced CPU statistics include/linux/cgroup-defs.h | 1 + kernel/cgroup/rstat.c | 16 ++++- tools/testing/selftests/cgroup/test_cpu.c | 72 +++++++++++++++++++++++ 3 files changed, 86 insertions(+), 3 deletions(-) -- 2.43.5

1 year, 1 month

3
6
0 0

[PATCH bpf-next/net v5 0/3] selftests/bpf: new MPTCP subflow subtest

by Matthieu Baerts (NGI0)

In this series from Geliang, modifying MPTCP BPF selftests, we have: - A new MPTCP subflow BPF program setting socket options per subflow: it looks better to have this old test program in the BPF selftests to track regressions and to serve as example. Note: Nicolas is no longer working at Tessares, but he did this work while working for them, and his email address is no longer available. - A new hook in the same BPF program to do the verification step. - A new MPTCP BPF subtest validating the new BPF program added in the first patch, with the help of the new hook added in the second patch. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Changes in v5: - See the individual changelog for more details about them - Patch 1/3: set TCP on the 2nd subflow - Patch 2/3: new - Patch 3/3: use the BPF program from patch 2/3 to do the validation instead of using ss. - Link to v4: https://lore.kernel.org/r/20240805-upstream-bpf-next-20240506-mptcp-subflow… Changes in v4: - Drop former patch 2/3: MPTCP's pm_nl_ctl requires a new header file: - I will check later if it is possible to avoid having duplicated header files in tools/include/uapi, but no need to block this series for that. Patch 2/3 can be added later if needed. - Patch 2/2: skip the test if 'ip mptcp' is not available. - Link to v3: https://lore.kernel.org/r/20240703-upstream-bpf-next-20240506-mptcp-subflow… Changes in v3: - Sorry for the delay between v2 and v3, this series was conflicting with the "add netns helpers", but it looks like it is on hold: https://lore.kernel.org/cover.1715821541.git.tanggeliang@kylinos.cn - Patch 1/3 includes "bpf_tracing_net.h", introduced in between. - New patch 2/3: "selftests/bpf: Add mptcp pm_nl_ctl link". - Patch 3/3: use the tool introduced in patch 2/3 + SYS_NOFAIL() helper. - Link to v2: https://lore.kernel.org/r/20240509-upstream-bpf-next-20240506-mptcp-subflow… Changes in v2: - Previous patches 1/4 and 2/4 have been dropped from this series: - 1/4: "selftests/bpf: Handle SIGINT when creating netns": - A new version, more generic and no longer specific to MPTCP BPF selftest will be sent later, as part of a new series. (Alexei) - 2/4: "selftests/bpf: Add RUN_MPTCP_TEST macro": - Removed, not to hide helper functions in macros. (Alexei) - The commit message of patch 1/2 has been clarified to avoid some possible confusions spot by Alexei. - Link to v1: https://lore.kernel.org/r/20240507-upstream-bpf-next-20240506-mptcp-subflow… --- Geliang Tang (2): selftests/bpf: Add getsockopt to inspect mptcp subflow selftests/bpf: Add mptcp subflow subtest Nicolas Rybowski (1): selftests/bpf: Add mptcp subflow example MAINTAINERS | 2 +- tools/testing/selftests/bpf/prog_tests/mptcp.c | 126 +++++++++++++++++++++ tools/testing/selftests/bpf/progs/mptcp_bpf.h | 42 +++++++ tools/testing/selftests/bpf/progs/mptcp_subflow.c | 128 ++++++++++++++++++++++ 4 files changed, 297 insertions(+), 1 deletion(-) --- base-commit: 6b083650a37318112fb60c65fbb6070584f53d93 change-id: 20240506-upstream-bpf-next-20240506-mptcp-subflow-test-faef6654bfa3 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 year, 1 month

2
4
0 0

[PATCH v7 8/8] selftests/pcie_bwctrl: Create selftests

by Ilpo Järvinen

Create selftests for PCIe BW control through the PCIe cooling device sysfs interface. First, the BW control selftest finds the PCIe Port to test with. By default, the PCIe Port with the highest Link Speed is selected but another PCIe Port can be provided with -d parameter. The actual test steps the cur_state of the cooling device one-by-one from max_state to what the cur_state was initially. The speed change is confirmed by observing the current_link_speed for the corresponding PCIe Port. Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> --- MAINTAINERS | 1 + tools/testing/selftests/Makefile | 1 + tools/testing/selftests/pcie_bwctrl/Makefile | 2 + .../pcie_bwctrl/set_pcie_cooling_state.sh | 122 ++++++++++++++++++ .../selftests/pcie_bwctrl/set_pcie_speed.sh | 67 ++++++++++ 5 files changed, 193 insertions(+) create mode 100644 tools/testing/selftests/pcie_bwctrl/Makefile create mode 100755 tools/testing/selftests/pcie_bwctrl/set_pcie_cooling_state.sh create mode 100755 tools/testing/selftests/pcie_bwctrl/set_pcie_speed.sh diff --git a/MAINTAINERS b/MAINTAINERS index 47542dcb9259..dc601dcab8c6 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -17676,6 +17676,7 @@ S: Supported F: drivers/pci/pcie/bwctrl.c F: drivers/thermal/pcie_cooling.c F: include/linux/pci-bwctrl.h +F: tools/testing/selftests/pcie_bwctrl/ PCIE DRIVER FOR AMAZON ANNAPURNA LABS M: Jonathan Chocron <jonnyc(a)amazon.com> diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index bc8fe9e8f7f2..086af950930c 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -69,6 +69,7 @@ TARGETS += net/openvswitch TARGETS += net/tcp_ao TARGETS += net/netfilter TARGETS += nsfs +TARGETS += pcie_bwctrl TARGETS += perf_events TARGETS += pidfd TARGETS += pid_namespace diff --git a/tools/testing/selftests/pcie_bwctrl/Makefile b/tools/testing/selftests/pcie_bwctrl/Makefile new file mode 100644 index 000000000000..3e84e26341d1 --- /dev/null +++ b/tools/testing/selftests/pcie_bwctrl/Makefile @@ -0,0 +1,2 @@ +TEST_PROGS = set_pcie_cooling_state.sh +include ../lib.mk diff --git a/tools/testing/selftests/pcie_bwctrl/set_pcie_cooling_state.sh b/tools/testing/selftests/pcie_bwctrl/set_pcie_cooling_state.sh new file mode 100755 index 000000000000..9df606552af3 --- /dev/null +++ b/tools/testing/selftests/pcie_bwctrl/set_pcie_cooling_state.sh @@ -0,0 +1,122 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0-or-later + +SYSFS= +# Kselftest framework requirement - SKIP code is 4. +ksft_skip=4 +retval=0 +skipmsg="skip all tests:" + +PCIEPORTTYPE="PCIe_Port_Link_Speed" + +prerequisite() +{ + local ports + + if [ $UID != 0 ]; then + echo $skipmsg must be run as root >&2 + exit $ksft_skip + fi + + SYSFS=`mount -t sysfs | head -1 | awk '{ print $3 }'` + + if [ ! -d "$SYSFS" ]; then + echo $skipmsg sysfs is not mounted >&2 + exit $ksft_skip + fi + + if ! ls $SYSFS/class/thermal/cooling_device* > /dev/null 2>&1; then + echo $skipmsg thermal cooling devices missing >&2 + exit $ksft_skip + fi + + ports=`grep -e "^$PCIEPORTTYPE" $SYSFS/class/thermal/cooling_device*/type | wc -l` + if [ $ports -eq 0 ]; then + echo $skipmsg pcie cooling devices missing >&2 + exit $ksft_skip + fi +} + +testport= +find_pcie_port() +{ + local patt="$1" + local pcieports + local max + local cur + local delta + local bestdelta=-1 + + pcieports=`grep -l -F -e "$patt" /sys/class/thermal/cooling_device*/type` + if [ -z "$pcieports" ]; then + return + fi + pcieports=${pcieports//\/type/} + # Find the port with the highest PCIe Link Speed + for port in $pcieports; do + max=`cat $port/max_state` + cur=`cat $port/cur_state` + delta=$((max-cur)) + if [ $delta -gt $bestdelta ]; then + testport="$port" + bestdelta=$delta + fi + done +} + +sysfspcidev= +find_sysfs_pci_dev() +{ + local typefile="$1/type" + local pcidir + + pcidir="$SYSFS/bus/pci/devices/`sed -e "s|^${PCIEPORTTYPE}_||g" $typefile`" + + if [ -r "$pcidir/current_link_speed" ]; then + sysfspcidev="$pcidir/current_link_speed" + fi +} + +usage() +{ + echo "Usage $0 [ -d dev ]" + echo -e "\t-d: PCIe port BDF string (e.g., 0000:00:04.0)" +} + +pattern="$PCIEPORTTYPE" +parse_arguments() +{ + while getopts d:h opt; do + case $opt in + h) + usage "$0" + exit 0 + ;; + d) + pattern="$PCIEPORTTYPE_$OPTARG" + ;; + *) + usage "$0" + exit 0 + ;; + esac + done +} + +parse_arguments "$@" +prerequisite +find_pcie_port "$pattern" +if [ -z "$testport" ]; then + echo $skipmsg "pcie cooling device not found from sysfs" >&2 + exit $ksft_skip +fi +find_sysfs_pci_dev "$testport" +if [ -z "$sysfspcidev" ]; then + echo $skipmsg "PCIe port device not found from sysfs" >&2 + exit $ksft_skip +fi + +./set_pcie_speed.sh "$testport" "$sysfspcidev" +retval=$? + +exit $retval diff --git a/tools/testing/selftests/pcie_bwctrl/set_pcie_speed.sh b/tools/testing/selftests/pcie_bwctrl/set_pcie_speed.sh new file mode 100755 index 000000000000..584596949312 --- /dev/null +++ b/tools/testing/selftests/pcie_bwctrl/set_pcie_speed.sh @@ -0,0 +1,67 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0-or-later + +set -e + +TESTNAME=set_pcie_speed + +declare -a PCIELINKSPEED=( + "2.5 GT/s PCIe" + "5.0 GT/s PCIe" + "8.0 GT/s PCIe" + "16.0 GT/s PCIe" + "32.0 GT/s PCIe" + "64.0 GT/s PCIe" +) + +# Kselftest framework requirement - SKIP code is 4. +ksft_skip=4 +retval=0 + +coolingdev="$1" +statefile="$coolingdev/cur_state" +maxfile="$coolingdev/max_state" +linkspeedfile="$2" + +oldstate=`cat $statefile` +maxstate=`cat $maxfile` + +set_state() +{ + local state=$1 + local linkspeed + local expected_linkspeed + + echo $state > $statefile + + sleep 1 + + linkspeed="`cat $linkspeedfile`" + expected_linkspeed=$((maxstate-state)) + expected_str="${PCIELINKSPEED[$expected_linkspeed]}" + if [ ! "${expected_str}" = "${linkspeed}" ]; then + echo "$TESTNAME failed: expected: ${expected_str}; got ${linkspeed}" + retval=1 + fi +} + +cleanup_skip () +{ + set_state $oldstate + exit $ksft_skip +} + +trap cleanup_skip EXIT + +echo "$TESTNAME: testing states $maxstate .. $oldstate with $coolingdev" +for i in $(seq $maxstate -1 $oldstate); do + set_state "$i" +done + +trap EXIT +if [ $retval -eq 0 ]; then + echo "$TESTNAME [PASS]" +else + echo "$TESTNAME [FAIL]" +fi +exit $retval -- 2.39.2

1 year, 1 month

1
0
0 0

[PATCH net v3 0/2] bpf: devmap: provide rxq after redirect

by Florian Kauer

rxq contains a pointer to the device from where the redirect happened. Currently, the BPF program that was executed after a redirect via BPF_MAP_TYPE_DEVMAP* does not have it set. Add bugfix and related selftest. Signed-off-by: Florian Kauer <florian.kauer(a)linutronix.de> --- Changes in v3: - initialize skel to NULL, thanks Stanislav - Link to v2: https://lore.kernel.org/r/20240906-devel-koalo-fix-ingress-ifindex-v2-0-4ca… Changes in v2: - changed fixes tag - added selftest - Link to v1: https://lore.kernel.org/r/20240905-devel-koalo-fix-ingress-ifindex-v1-1-d12… --- Florian Kauer (2): bpf: devmap: provide rxq after redirect bpf: selftests: send packet to devmap redirect XDP kernel/bpf/devmap.c | 11 +- .../selftests/bpf/prog_tests/xdp_devmap_attach.c | 114 +++++++++++++++++++-- 2 files changed, 115 insertions(+), 10 deletions(-) --- base-commit: 8e69c96df771ab469cec278edb47009351de4da6 change-id: 20240905-devel-koalo-fix-ingress-ifindex-b9293d471db6 Best regards, -- Florian Kauer <florian.kauer(a)linutronix.de>

1 year, 1 month

2
3
0 0

[PATCH bpf-next] selftests/bpf: convert test_xdp_features.sh to test_progs

by Alexis Lothoré (eBPF Foundation)

test_xdp_features.sh is a shell script allowing to test that xdp features advertised by an interface are indeed delivered. The test works by starting two instance of the same program, both attaching specific xdp programs to each side of a veth link, and then make those programs manage packets and collect stats to check whether tested XDP feature is indeed delivered or not. However this test is not integrated in test_progs framework and so can not run automatically in CI. Rewrite test_xdp_features to integrate it in test_progs so it can run automatically in CI. The main changes brought by the rewrite are the following: - instead of running to separated processes (each one managing either the tester veth or the DUT vet), run a single process - slightly change testing direction (v0 is the tester in local namespace, v1 is the Device Under Test in remote namespace) - group all tests previously managed by test_xdp_features as subtests (one per tested XDP feature). As a consequence, run only once some steps instead of once per subtest (eg: starting/stopping the udp server). On the contrary, make sure that each subtest properly cleans up its state (ie detach xdp programs, reset test stats, etc) - since there is now a single process, get rid of the "control" tcp channel used to configure DUT. Configuring the DUT now only consists in switching to DUT network namespace and run the relevant commands - since there is no more control channel, get rid of TLVs, keep only the CMD_ECHO packet type, and set it as a magic - simplify network setup: use only ipv6 instead of both ipv4 and ipv6, force static neighbours instead of waiting for autoconfiguration, do not force gro (fetch xdp features only once xdp programs are loaded instead) The existing XDP programs are reused, with some minor changes: - tester and dut stats maps are converted to global variables for easier usage - programs do not use TLV struct anymore but the magic replacing the echo command - avoid to accidentally make tests pass: drop packets instead of forwarding them to userspace when they do not match the expected payload Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore(a)bootlin.com> --- The xdp_features rewrite has been tested in a x86_64 qemu environment on my machine and in CI. In my environment, the test takes a bit less than 2s to execute. # ./test_progs -a xdp_features #561/1 xdp_features/XDP_PASS:OK #561/2 xdp_features/XDP_DROP:OK #561/3 xdp_features/XDP_ABORTED:OK #561/4 xdp_features/XDP_TX:OK #561/5 xdp_features/XDP_REDIRECT:OK #561/6 xdp_features/XDP_NDO_XMIT:OK #561 xdp_features:OK Summary: 1/6 PASSED, 0 SKIPPED, 0 FAILED --- tools/testing/selftests/bpf/.gitignore | 1 - tools/testing/selftests/bpf/Makefile | 10 +- .../selftests/bpf/prog_tests/xdp_features.c | 446 +++++++++++++ tools/testing/selftests/bpf/progs/xdp_features.c | 49 +- tools/testing/selftests/bpf/test_xdp_features.sh | 107 --- tools/testing/selftests/bpf/xdp_features.c | 718 --------------------- tools/testing/selftests/bpf/xdp_features.h | 17 +- 7 files changed, 462 insertions(+), 886 deletions(-) diff --git a/tools/testing/selftests/bpf/.gitignore b/tools/testing/selftests/bpf/.gitignore index e6533b3400de..93bf35213042 100644 --- a/tools/testing/selftests/bpf/.gitignore +++ b/tools/testing/selftests/bpf/.gitignore @@ -48,4 +48,3 @@ xskxceiver xdp_redirect_multi xdp_synproxy xdp_hw_metadata -xdp_features diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile index 04716a5e43f1..db4a802c3e06 100644 --- a/tools/testing/selftests/bpf/Makefile +++ b/tools/testing/selftests/bpf/Makefile @@ -145,8 +145,7 @@ TEST_PROGS := test_kmod.sh \ test_bpftool.sh \ test_bpftool_metadata.sh \ test_doc_build.sh \ - test_xsk.sh \ - test_xdp_features.sh + test_xsk.sh TEST_PROGS_EXTENDED := with_addr.sh \ with_tunnels.sh ima_setup.sh verify_sig_setup.sh \ @@ -157,7 +156,7 @@ TEST_GEN_PROGS_EXTENDED = \ flow_dissector_load test_flow_dissector test_tcp_check_syncookie_user \ test_lirc_mode2_user xdping test_cpp runqslower bench bpf_testmod.ko \ xskxceiver xdp_redirect_multi xdp_synproxy veristat xdp_hw_metadata \ - xdp_features bpf_test_no_cfi.ko + bpf_test_no_cfi.ko TEST_GEN_FILES += liburandom_read.so urandom_read sign-file uprobe_multi @@ -519,7 +518,6 @@ test_subskeleton_lib.skel.h-deps := test_subskeleton_lib2.bpf.o test_subskeleton test_usdt.skel.h-deps := test_usdt.bpf.o test_usdt_multispec.bpf.o xsk_xdp_progs.skel.h-deps := xsk_xdp_progs.bpf.o xdp_hw_metadata.skel.h-deps := xdp_hw_metadata.bpf.o -xdp_features.skel.h-deps := xdp_features.bpf.o LINKED_BPF_OBJS := $(foreach skel,$(LINKED_SKELS),$($(skel)-deps)) LINKED_BPF_SRCS := $(patsubst %.bpf.o,%.c,$(LINKED_BPF_OBJS)) @@ -787,10 +785,6 @@ $(OUTPUT)/xdp_hw_metadata: xdp_hw_metadata.c $(OUTPUT)/network_helpers.o $(OUTPU $(call msg,BINARY,,$@) $(Q)$(CC) $(CFLAGS) $(filter %.a %.o %.c,$^) $(LDLIBS) -o $@ -$(OUTPUT)/xdp_features: xdp_features.c $(OUTPUT)/network_helpers.o $(OUTPUT)/xdp_features.skel.h | $(OUTPUT) - $(call msg,BINARY,,$@) - $(Q)$(CC) $(CFLAGS) $(filter %.a %.o %.c,$^) $(LDLIBS) -o $@ - # Make sure we are able to include and link libbpf against c++. $(OUTPUT)/test_cpp: test_cpp.cpp $(OUTPUT)/test_core_extern.skel.h $(BPFOBJ) $(call msg,CXX,,$@) diff --git a/tools/testing/selftests/bpf/prog_tests/xdp_features.c b/tools/testing/selftests/bpf/prog_tests/xdp_features.c new file mode 100644 index 000000000000..0daf868dd478 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/xdp_features.c @@ -0,0 +1,446 @@ +// SPDX-License-Identifier: GPL-2.0 + +/** + * Test XDP features + * + * Sets up a veth pair, and for each xdp feature under test: + * - asks the tested interface its xdp capabilities through bpf_xdp_query + * - attach and run some specific programs on both interfaces to check if + * announced capability is respected + */ +#include <pthread.h> +#include <linux/if_link.h> +#include <linux/netdev.h> +#include <linux/if_link.h> +#include <sys/socket.h> +#include "test_progs.h" +#include "network_helpers.h" +#include "xdp_features.skel.h" +#include "xdp_features.h" + +#define TESTER_VETH "v0" +#define TESTER_MAC "00:11:22:33:44:55" +#define TESTER_VETH_IPV6 "2001:db8::1" +#define DUT_NS "xdp_features_ns" +#define DUT_VETH "v1" +#define DUT_MAC "aa:bb:cc:dd:ee:ff" +#define DUT_VETH_IPV6 "2001:db8::11" +#define IP6_MASK 64 +#define LOOP_DELAY_US 10000 +#define TEST_NAME_MAX_LEN 32 +#define TEST_PACKET_COUNT 10 + +struct test_data { + struct xdp_features *skel; + pthread_t dut_echo_thread; + int echo_server_sock; + int tester_ifindex; + int dut_ifindex; + struct sockaddr_storage tester_addr; + struct sockaddr_storage dut_addr; + bool quit_dut_echo_thread; +}; + +static void *run_dut_echo_thread(void *arg) +{ + struct test_data *t = (struct test_data *)arg; + __u32 magic; + + while (!t->quit_dut_echo_thread) { + struct sockaddr_storage addr; + socklen_t addrlen; + size_t n; + + n = recvfrom(t->echo_server_sock, &magic, sizeof(magic), + MSG_WAITALL, (struct sockaddr *)&addr, &addrlen); + if (n != sizeof(magic)) { + usleep(LOOP_DELAY_US); + continue; + } + + if (htonl(magic) != CMD_ECHO) + continue; + + /* Answer echo command with the very same message */ + sendto(t->echo_server_sock, &magic, sizeof(magic), + MSG_NOSIGNAL | MSG_CONFIRM, (struct sockaddr *)&addr, + addrlen); + } + pthread_exit(NULL); +} + +static int dut_start_echo_server(struct test_data *t) +{ + struct nstoken *token; + int err = 0, flags; + + token = open_netns(DUT_NS); + if (!ASSERT_OK_PTR(token, "open dut ns")) + return -EINVAL; + + t->echo_server_sock = + start_server(AF_INET6, SOCK_DGRAM, NULL, DUT_ECHO_PORT, 0); + if (!ASSERT_OK_FD(t->echo_server_sock, "start dut echo server")) { + err = t->echo_server_sock; + goto restore_ns; + } + + flags = fcntl(t->echo_server_sock, F_GETFL, 0); + err = fcntl(t->echo_server_sock, F_SETFL, flags | O_NONBLOCK); + if (!ASSERT_OK(err, "set non-blocking socket")) + goto close_server; + + err = pthread_create(&t->dut_echo_thread, NULL, run_dut_echo_thread, t); + if (!ASSERT_OK(err, "start dut echo thread")) + goto close_server; + + close_netns(token); + return 0; + +close_server: + close(t->echo_server_sock); +restore_ns: + close_netns(token); + return err; +} + +static void dut_stop_echo_server(struct test_data *t) +{ + struct nstoken *token; + + token = open_netns(DUT_NS); + if (!ASSERT_OK_PTR(token, "open dut ns")) + return; + + t->quit_dut_echo_thread = true; + pthread_join(t->dut_echo_thread, NULL); + + close(t->echo_server_sock); + close_netns(token); +} + +static int dut_attach_xdp_prog(struct test_data *t, int flags, + enum netdev_xdp_act drv_feature, + enum xdp_action action) +{ + struct bpf_program *prog; + unsigned int key = 0; + int err, fd = 0; + + if (drv_feature == NETDEV_XDP_ACT_NDO_XMIT) { + struct bpf_devmap_val entry = { .ifindex = t->dut_ifindex }; + + err = bpf_map__update_elem(t->skel->maps.dev_map, &key, + sizeof(key), &entry, sizeof(entry), + 0); + if (!ASSERT_OK(err, "update dev map")) + return err; + + fd = bpf_program__fd(t->skel->progs.xdp_do_redirect_cpumap); + action = XDP_REDIRECT; + } + + switch (action) { + case XDP_TX: + prog = t->skel->progs.xdp_do_tx; + break; + case XDP_DROP: + prog = t->skel->progs.xdp_do_drop; + break; + case XDP_ABORTED: + prog = t->skel->progs.xdp_do_aborted; + break; + case XDP_PASS: + prog = t->skel->progs.xdp_do_pass; + break; + case XDP_REDIRECT: { + struct bpf_cpumap_val entry = { + .qsize = 4096, + .bpf_prog.fd = fd, + }; + + err = bpf_map__update_elem(t->skel->maps.cpu_map, &key, + sizeof(key), &entry, sizeof(entry), + 0); + if (!ASSERT_OK(err, "update cpu map")) + return err; + + prog = t->skel->progs.xdp_do_redirect; + break; + } + default: + return -ENOTSUP; + } + + err = bpf_xdp_attach(t->dut_ifindex, bpf_program__fd(prog), flags, + NULL); + ASSERT_OK(err, "attach xdp prog to dut"); + return err; +} + +static int dut_start_test(struct test_data *t, enum netdev_xdp_act drv_feature, + enum xdp_action action) +{ + int flags = XDP_FLAGS_UPDATE_IF_NOEXIST | XDP_FLAGS_DRV_MODE; + struct nstoken *token = open_netns(DUT_NS); + int err; + + if (!ASSERT_OK_PTR(token, "open dut ns")) + return -EINVAL; + + err = dut_attach_xdp_prog(t, flags, drv_feature, action); + ASSERT_OK(err, "attach xdp program to dut"); + close_netns(token); + + return err; +} + +static void dut_stop_test(struct test_data *t) +{ + int flags = XDP_FLAGS_UPDATE_IF_NOEXIST | XDP_FLAGS_DRV_MODE; + struct nstoken *token = open_netns(DUT_NS); + + if (!ASSERT_OK_PTR(token, "open dut ns")) + return; + + bpf_xdp_detach(t->dut_ifindex, flags, NULL); + close_netns(token); +} + +static int dut_get_xdp_features(struct test_data *t, __u64 *xdp_features) +{ + struct nstoken *token = open_netns(DUT_NS); + int err; + + if (!ASSERT_OK_PTR(token, "open dut ns")) + return -EINVAL; + + LIBBPF_OPTS(bpf_xdp_query_opts, opts); + err = bpf_xdp_query(t->dut_ifindex, XDP_FLAGS_DRV_MODE, &opts); + close_netns(token); + + if (ASSERT_OK(err, "get dut interface xdp features")) + *xdp_features = opts.feature_flags; + + return err; +} + +static int send_echo_msg(struct test_data *t) +{ + __u32 magic = htonl(CMD_ECHO); + int sockfd, n; + + sockfd = socket(AF_INET6, SOCK_DGRAM, 0); + if (!ASSERT_OK_FD(sockfd, "open tester socket")) + return sockfd; + + n = sendto(sockfd, &magic, sizeof(magic), MSG_NOSIGNAL | MSG_CONFIRM, + (struct sockaddr *)&t->dut_addr, + sizeof(struct sockaddr_storage)); + close(sockfd); + + return n == sizeof(magic) ? 0 : -EINVAL; +} + +static bool tester_collect_detected_cap(struct test_data *t, + enum netdev_xdp_act drv_feature, + enum xdp_action action) +{ + if (!t->skel->bss->dut_stats) + return false; + + if (drv_feature == NETDEV_XDP_ACT_NDO_XMIT) + return t->skel->bss->tester_stats > 0; + + switch (action) { + case XDP_PASS: + case XDP_TX: + case XDP_REDIRECT: + return t->skel->bss->tester_stats > 0; + case XDP_DROP: + case XDP_ABORTED: + return t->skel->bss->tester_stats == 0; + default: + break; + } + + return false; +} + +static void reset_test_stats(struct test_data *t, + struct sockaddr_storage *tester_addr, + struct sockaddr_storage *dut_addr) +{ + t->skel->bss->tester_stats = 0; + t->skel->bss->dut_stats = 0; +} + +static int setup_network(struct test_data *t) +{ + struct nstoken *token; + int err; + + err = make_sockaddr(AF_INET6, DUT_VETH_IPV6, DUT_ECHO_PORT, + &t->dut_addr, NULL); + if (!ASSERT_OK(err, "dut data addr")) + return -1; + + err = make_sockaddr(AF_INET6, TESTER_VETH_IPV6, 0, &t->tester_addr, + NULL); + if (!ASSERT_OK(err, "tester addr")) + return -1; + + /* Create interfaces and testing namespace */ + SYS(fail, "ip netns add %s", DUT_NS); + SYS(cleanup_ns, + "ip link add %s address %s type veth peer name %s netns %s address %s", + TESTER_VETH, TESTER_MAC, DUT_VETH, DUT_NS, DUT_MAC); + + /* Configure tester side in local namespace */ + SYS(cleanup_interfaces, "ip a add %s/%d nodad dev %s", TESTER_VETH_IPV6, + IP6_MASK, TESTER_VETH); + SYS(cleanup_interfaces, "ip link set %s up", TESTER_VETH); + SYS(cleanup_interfaces, + "ethtool -K %s tx-checksumming off > /dev/null 2>&1", TESTER_VETH); + SYS(cleanup_interfaces, "ip neigh add %s dev %s lladdr %s", + DUT_VETH_IPV6, TESTER_VETH, DUT_MAC); + t->tester_ifindex = if_nametoindex(TESTER_VETH); + if (!ASSERT_NEQ(t->tester_ifindex, 0, + "get tester veth interface index")) + goto cleanup_interfaces; + + /* Configure dut side in remote namespace */ + token = open_netns(DUT_NS); + if (!ASSERT_OK_PTR(token, "switch to dut ns")) + goto cleanup_interfaces; + SYS(restore_ns, "ip link set %s up", DUT_VETH); + SYS(restore_ns, "ip a add %s/%d nodad dev %s", DUT_VETH_IPV6, IP6_MASK, + DUT_VETH); + SYS(restore_ns, "ethtool -K %s tx-checksumming off > /dev/null 2>&1", + DUT_VETH); + SYS(restore_ns, "ip neigh add %s dev %s lladdr %s", TESTER_VETH_IPV6, + DUT_VETH, TESTER_MAC); + t->dut_ifindex = if_nametoindex(DUT_VETH); + if (!ASSERT_NEQ(t->dut_ifindex, 0, "get dut veth interface index")) + goto restore_ns; + close_netns(token); + + return 0; + +restore_ns: + close_netns(token); +cleanup_interfaces: + SYS_NOFAIL("ip link del %s", TESTER_VETH); +cleanup_ns: + SYS_NOFAIL("ip netns del %s", DUT_NS); +fail: + return 1; +} + +static void cleanup_network(void) +{ + SYS_NOFAIL("ip netns del %s", DUT_NS); + SYS_NOFAIL("ip link del %s", TESTER_VETH); +} + +static int tester_run(char *name, struct test_data *t, + enum netdev_xdp_act drv_feature, enum xdp_action action) +{ + int flags = XDP_FLAGS_UPDATE_IF_NOEXIST | XDP_FLAGS_DRV_MODE; + unsigned long long advertised_feature; + + char test_name[TEST_NAME_MAX_LEN]; + struct bpf_program *prog; + int i, err = -EINVAL; + bool detected_cap; + + if (drv_feature == NETDEV_XDP_ACT_NDO_XMIT || action == XDP_TX) + prog = t->skel->progs.xdp_tester_check_tx; + else + prog = t->skel->progs.xdp_tester_check_rx; + + err = bpf_xdp_attach(t->tester_ifindex, bpf_program__fd(prog), flags, + NULL); + if (!ASSERT_OK(err, "attach xdp program to tester")) + goto out; + + err = dut_start_test(t, drv_feature, action); + if (!ASSERT_OK(err, "send CMD_START to DUT")) + goto out; + + err = dut_get_xdp_features(t, &advertised_feature); + if (!ASSERT_OK(err, "get tester XDP capabilities")) + goto out; + + for (i = 0; i < TEST_PACKET_COUNT; i++) { + err = send_echo_msg(t); + if (!ASSERT_OK(err, "send echo message")) + goto out; + + usleep(LOOP_DELAY_US); + } + dut_stop_test(t); + + detected_cap = tester_collect_detected_cap(t, drv_feature, action); + + snprintf(test_name, TEST_NAME_MAX_LEN, "%s advertised capabilities", + name); + ASSERT_EQ(advertised_feature & drv_feature, drv_feature, test_name); + snprintf(test_name, TEST_NAME_MAX_LEN, "%s detected capabilities", + name); + ASSERT_TRUE(detected_cap, test_name); +out: + reset_test_stats(t, &t->tester_addr, &t->dut_addr); + bpf_xdp_detach(t->tester_ifindex, flags, NULL); + return err < 0 ? err : 0; +} + +void serial_test_xdp_features(void) +{ + struct test_data t = { 0 }; + + if (!ASSERT_OK(setup_network(&t), "setup network")) + return; + + t.skel = xdp_features__open(); + if (!ASSERT_OK_PTR(t.skel, "open skel")) + goto cleanup_network; + t.skel->rodata->tester_addr = + ((struct sockaddr_in6 *)&t.tester_addr)->sin6_addr; + t.skel->rodata->dut_addr = + ((struct sockaddr_in6 *)&t.dut_addr)->sin6_addr; + if (!ASSERT_OK(xdp_features__load(t.skel), "load progs")) + goto cleanup_progs; + if (!ASSERT_OK(xdp_features__attach(t.skel), "attach progs")) + goto cleanup_progs; + + if (!ASSERT_OK(dut_start_echo_server(&t), "start DUT main thread")) + goto cleanup_progs; + + if (test__start_subtest("XDP_PASS")) + tester_run("XDP_PASS", &t, NETDEV_XDP_ACT_BASIC, XDP_PASS); + + if (test__start_subtest("XDP_DROP")) + tester_run("XDP_DROP", &t, NETDEV_XDP_ACT_BASIC, XDP_DROP); + + if (test__start_subtest("XDP_ABORTED")) + tester_run("XDP_ABORTED", &t, NETDEV_XDP_ACT_BASIC, + XDP_ABORTED); + + if (test__start_subtest("XDP_TX")) + tester_run("XDP_TX", &t, NETDEV_XDP_ACT_BASIC, XDP_TX); + + if (test__start_subtest("XDP_REDIRECT")) + tester_run("XDP_REDIRECT", &t, NETDEV_XDP_ACT_REDIRECT, + XDP_REDIRECT); + + if (test__start_subtest("XDP_NDO_XMIT")) + tester_run("XDP_NDO_XMIT", &t, NETDEV_XDP_ACT_NDO_XMIT, 0); + + dut_stop_echo_server(&t); + +cleanup_progs: + xdp_features__destroy(t.skel); +cleanup_network: + cleanup_network(); +} diff --git a/tools/testing/selftests/bpf/progs/xdp_features.c b/tools/testing/selftests/bpf/progs/xdp_features.c index 67424084a38a..451e8fc79534 100644 --- a/tools/testing/selftests/bpf/progs/xdp_features.c +++ b/tools/testing/selftests/bpf/progs/xdp_features.c @@ -30,19 +30,9 @@ struct xdp_cpumap_stats { unsigned int drop; }; -struct { - __uint(type, BPF_MAP_TYPE_ARRAY); - __type(key, __u32); - __type(value, __u32); - __uint(max_entries, 1); -} stats SEC(".maps"); +__u32 tester_stats; +__u32 dut_stats; -struct { - __uint(type, BPF_MAP_TYPE_ARRAY); - __type(key, __u32); - __type(value, __u32); - __uint(max_entries, 1); -} dut_stats SEC(".maps"); struct { __uint(type, BPF_MAP_TYPE_CPUMAP); @@ -67,7 +57,7 @@ xdp_process_echo_packet(struct xdp_md *xdp, bool dut) void *data_end = (void *)(long)xdp->data_end; void *data = (void *)(long)xdp->data; struct ethhdr *eh = data; - struct tlv_hdr *tlv; + __u32 *magic; struct udphdr *uh; __be16 port; @@ -124,28 +114,23 @@ xdp_process_echo_packet(struct xdp_md *xdp, bool dut) if (port != bpf_htons(DUT_ECHO_PORT)) return -EINVAL; - tlv = (struct tlv_hdr *)(uh + 1); - if (tlv + 1 > data_end) + magic = (__u32 *)(uh + 1); + if (magic + 1 > data_end) return -EINVAL; - return bpf_htons(tlv->type) == CMD_ECHO ? 0 : -EINVAL; + return bpf_htonl(*magic) == CMD_ECHO ? 0 : -EINVAL; } static __always_inline int xdp_update_stats(struct xdp_md *xdp, bool tx, bool dut) { - __u32 *val, key = 0; - if (xdp_process_echo_packet(xdp, tx)) return -EINVAL; if (dut) - val = bpf_map_lookup_elem(&dut_stats, &key); + __sync_add_and_fetch(&dut_stats, 1); else - val = bpf_map_lookup_elem(&stats, &key); - - if (val) - __sync_add_and_fetch(val, 1); + __sync_add_and_fetch(&tester_stats, 1); return 0; } @@ -204,7 +189,7 @@ int xdp_do_tx(struct xdp_md *xdp) __u8 tmp_mac[ETH_ALEN]; if (xdp_update_stats(xdp, true, true)) - return XDP_PASS; + return XDP_DROP; __builtin_memcpy(tmp_mac, eh->h_source, ETH_ALEN); __builtin_memcpy(eh->h_source, eh->h_dest, ETH_ALEN); @@ -217,7 +202,7 @@ SEC("xdp") int xdp_do_redirect(struct xdp_md *xdp) { if (xdp_process_echo_packet(xdp, true)) - return XDP_PASS; + return XDP_DROP; return bpf_redirect_map(&cpu_map, 0, 0); } @@ -226,11 +211,7 @@ SEC("tp_btf/xdp_exception") int BPF_PROG(xdp_exception, const struct net_device *dev, const struct bpf_prog *xdp, __u32 act) { - __u32 *val, key = 0; - - val = bpf_map_lookup_elem(&dut_stats, &key); - if (val) - __sync_add_and_fetch(val, 1); + __sync_add_and_fetch(&dut_stats, 1); return 0; } @@ -239,11 +220,7 @@ SEC("tp_btf/xdp_cpumap_kthread") int BPF_PROG(tp_xdp_cpumap_kthread, int map_id, unsigned int processed, unsigned int drops, int sched, struct xdp_cpumap_stats *xdp_stats) { - __u32 *val, key = 0; - - val = bpf_map_lookup_elem(&dut_stats, &key); - if (val) - __sync_add_and_fetch(val, 1); + __sync_add_and_fetch(&dut_stats, 1); return 0; } @@ -256,7 +233,7 @@ int xdp_do_redirect_cpumap(struct xdp_md *xdp) __u8 tmp_mac[ETH_ALEN]; if (xdp_process_echo_packet(xdp, true)) - return XDP_PASS; + return XDP_DROP; __builtin_memcpy(tmp_mac, eh->h_source, ETH_ALEN); __builtin_memcpy(eh->h_source, eh->h_dest, ETH_ALEN); diff --git a/tools/testing/selftests/bpf/test_xdp_features.sh b/tools/testing/selftests/bpf/test_xdp_features.sh deleted file mode 100755 index 0aa71c4455c0..000000000000 --- a/tools/testing/selftests/bpf/test_xdp_features.sh +++ /dev/null @@ -1,107 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: GPL-2.0 - -readonly NS="ns1-$(mktemp -u XXXXXX)" -readonly V0_IP4=10.10.0.11 -readonly V1_IP4=10.10.0.1 -readonly V0_IP6=2001:db8::11 -readonly V1_IP6=2001:db8::1 - -ret=1 - -setup() { - { - ip netns add ${NS} - - ip link add v1 type veth peer name v0 netns ${NS} - - ip link set v1 up - ip addr add $V1_IP4/24 dev v1 - ip addr add $V1_IP6/64 nodad dev v1 - ip -n ${NS} link set dev v0 up - ip -n ${NS} addr add $V0_IP4/24 dev v0 - ip -n ${NS} addr add $V0_IP6/64 nodad dev v0 - - # Enable XDP mode and disable checksum offload - ethtool -K v1 gro on - ethtool -K v1 tx-checksumming off - ip netns exec ${NS} ethtool -K v0 gro on - ip netns exec ${NS} ethtool -K v0 tx-checksumming off - } > /dev/null 2>&1 -} - -cleanup() { - ip link del v1 2> /dev/null - ip netns del ${NS} 2> /dev/null - [ "$(pidof xdp_features)" = "" ] || kill $(pidof xdp_features) 2> /dev/null -} - -wait_for_dut_server() { - while sleep 1; do - ss -tlp | grep -q xdp_features - [ $? -eq 0 ] && break - done -} - -test_xdp_features() { - setup - - ## XDP_PASS - ./xdp_features -f XDP_PASS -D $V1_IP6 -T $V0_IP6 v1 & - wait_for_dut_server - ip netns exec ${NS} ./xdp_features -t -f XDP_PASS \ - -D $V1_IP6 -C $V1_IP6 \ - -T $V0_IP6 v0 - [ $? -ne 0 ] && exit - - ## XDP_DROP - ./xdp_features -f XDP_DROP -D ::ffff:$V1_IP4 -T ::ffff:$V0_IP4 v1 & - wait_for_dut_server - ip netns exec ${NS} ./xdp_features -t -f XDP_DROP \ - -D ::ffff:$V1_IP4 \ - -C ::ffff:$V1_IP4 \ - -T ::ffff:$V0_IP4 v0 - [ $? -ne 0 ] && exit - - ## XDP_ABORTED - ./xdp_features -f XDP_ABORTED -D $V1_IP6 -T $V0_IP6 v1 & - wait_for_dut_server - ip netns exec ${NS} ./xdp_features -t -f XDP_ABORTED \ - -D $V1_IP6 -C $V1_IP6 \ - -T $V0_IP6 v0 - [ $? -ne 0 ] && exit - - ## XDP_TX - ./xdp_features -f XDP_TX -D ::ffff:$V1_IP4 -T ::ffff:$V0_IP4 v1 & - wait_for_dut_server - ip netns exec ${NS} ./xdp_features -t -f XDP_TX \ - -D ::ffff:$V1_IP4 \ - -C ::ffff:$V1_IP4 \ - -T ::ffff:$V0_IP4 v0 - [ $? -ne 0 ] && exit - - ## XDP_REDIRECT - ./xdp_features -f XDP_REDIRECT -D $V1_IP6 -T $V0_IP6 v1 & - wait_for_dut_server - ip netns exec ${NS} ./xdp_features -t -f XDP_REDIRECT \ - -D $V1_IP6 -C $V1_IP6 \ - -T $V0_IP6 v0 - [ $? -ne 0 ] && exit - - ## XDP_NDO_XMIT - ./xdp_features -f XDP_NDO_XMIT -D ::ffff:$V1_IP4 -T ::ffff:$V0_IP4 v1 & - wait_for_dut_server - ip netns exec ${NS} ./xdp_features -t -f XDP_NDO_XMIT \ - -D ::ffff:$V1_IP4 \ - -C ::ffff:$V1_IP4 \ - -T ::ffff:$V0_IP4 v0 - ret=$? - cleanup -} - -set -e -trap cleanup 2 3 6 9 - -test_xdp_features - -exit $ret diff --git a/tools/testing/selftests/bpf/xdp_features.c b/tools/testing/selftests/bpf/xdp_features.c deleted file mode 100644 index 595c79141cf3..000000000000 --- a/tools/testing/selftests/bpf/xdp_features.c +++ /dev/null @@ -1,718 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -#include <uapi/linux/bpf.h> -#include <uapi/linux/netdev.h> -#include <linux/if_link.h> -#include <signal.h> -#include <argp.h> -#include <net/if.h> -#include <sys/socket.h> -#include <netinet/in.h> -#include <netinet/tcp.h> -#include <unistd.h> -#include <arpa/inet.h> -#include <bpf/bpf.h> -#include <bpf/libbpf.h> -#include <pthread.h> - -#include <network_helpers.h> - -#include "xdp_features.skel.h" -#include "xdp_features.h" - -#define RED(str) "\033[0;31m" str "\033[0m" -#define GREEN(str) "\033[0;32m" str "\033[0m" -#define YELLOW(str) "\033[0;33m" str "\033[0m" - -static struct env { - bool verbosity; - char ifname[IF_NAMESIZE]; - int ifindex; - bool is_tester; - struct { - enum netdev_xdp_act drv_feature; - enum xdp_action action; - } feature; - struct sockaddr_storage dut_ctrl_addr; - struct sockaddr_storage dut_addr; - struct sockaddr_storage tester_addr; -} env; - -#define BUFSIZE 128 - -void test__fail(void) { /* for network_helpers.c */ } - -static int libbpf_print_fn(enum libbpf_print_level level, - const char *format, va_list args) -{ - if (level == LIBBPF_DEBUG && !env.verbosity) - return 0; - return vfprintf(stderr, format, args); -} - -static volatile bool exiting; - -static void sig_handler(int sig) -{ - exiting = true; -} - -const char *argp_program_version = "xdp-features 0.0"; -const char argp_program_doc[] = -"XDP features detection application.\n" -"\n" -"XDP features application checks the XDP advertised features match detected ones.\n" -"\n" -"USAGE: ./xdp-features [-vt] [-f <xdp-feature>] [-D <dut-data-ip>] [-T <tester-data-ip>] [-C <dut-ctrl-ip>] <iface-name>\n" -"\n" -"dut-data-ip, tester-data-ip, dut-ctrl-ip: IPv6 or IPv4-mapped-IPv6 addresses;\n" -"\n" -"XDP features\n:" -"- XDP_PASS\n" -"- XDP_DROP\n" -"- XDP_ABORTED\n" -"- XDP_REDIRECT\n" -"- XDP_NDO_XMIT\n" -"- XDP_TX\n"; - -static const struct argp_option opts[] = { - { "verbose", 'v', NULL, 0, "Verbose debug output" }, - { "tester", 't', NULL, 0, "Tester mode" }, - { "feature", 'f', "XDP-FEATURE", 0, "XDP feature to test" }, - { "dut_data_ip", 'D', "DUT-DATA-IP", 0, "DUT IP data channel" }, - { "dut_ctrl_ip", 'C', "DUT-CTRL-IP", 0, "DUT IP control channel" }, - { "tester_data_ip", 'T', "TESTER-DATA-IP", 0, "Tester IP data channel" }, - {}, -}; - -static int get_xdp_feature(const char *arg) -{ - if (!strcmp(arg, "XDP_PASS")) { - env.feature.action = XDP_PASS; - env.feature.drv_feature = NETDEV_XDP_ACT_BASIC; - } else if (!strcmp(arg, "XDP_DROP")) { - env.feature.drv_feature = NETDEV_XDP_ACT_BASIC; - env.feature.action = XDP_DROP; - } else if (!strcmp(arg, "XDP_ABORTED")) { - env.feature.drv_feature = NETDEV_XDP_ACT_BASIC; - env.feature.action = XDP_ABORTED; - } else if (!strcmp(arg, "XDP_TX")) { - env.feature.drv_feature = NETDEV_XDP_ACT_BASIC; - env.feature.action = XDP_TX; - } else if (!strcmp(arg, "XDP_REDIRECT")) { - env.feature.drv_feature = NETDEV_XDP_ACT_REDIRECT; - env.feature.action = XDP_REDIRECT; - } else if (!strcmp(arg, "XDP_NDO_XMIT")) { - env.feature.drv_feature = NETDEV_XDP_ACT_NDO_XMIT; - } else { - return -EINVAL; - } - - return 0; -} - -static char *get_xdp_feature_str(void) -{ - switch (env.feature.action) { - case XDP_PASS: - return YELLOW("XDP_PASS"); - case XDP_DROP: - return YELLOW("XDP_DROP"); - case XDP_ABORTED: - return YELLOW("XDP_ABORTED"); - case XDP_TX: - return YELLOW("XDP_TX"); - case XDP_REDIRECT: - return YELLOW("XDP_REDIRECT"); - default: - break; - } - - if (env.feature.drv_feature == NETDEV_XDP_ACT_NDO_XMIT) - return YELLOW("XDP_NDO_XMIT"); - - return ""; -} - -static error_t parse_arg(int key, char *arg, struct argp_state *state) -{ - switch (key) { - case 'v': - env.verbosity = true; - break; - case 't': - env.is_tester = true; - break; - case 'f': - if (get_xdp_feature(arg) < 0) { - fprintf(stderr, "Invalid xdp feature: %s\n", arg); - argp_usage(state); - return ARGP_ERR_UNKNOWN; - } - break; - case 'D': - if (make_sockaddr(AF_INET6, arg, DUT_ECHO_PORT, - &env.dut_addr, NULL)) { - fprintf(stderr, - "Invalid address assigned to the Device Under Test: %s\n", - arg); - return ARGP_ERR_UNKNOWN; - } - break; - case 'C': - if (make_sockaddr(AF_INET6, arg, DUT_CTRL_PORT, - &env.dut_ctrl_addr, NULL)) { - fprintf(stderr, - "Invalid address assigned to the Device Under Test: %s\n", - arg); - return ARGP_ERR_UNKNOWN; - } - break; - case 'T': - if (make_sockaddr(AF_INET6, arg, 0, &env.tester_addr, NULL)) { - fprintf(stderr, - "Invalid address assigned to the Tester device: %s\n", - arg); - return ARGP_ERR_UNKNOWN; - } - break; - case ARGP_KEY_ARG: - errno = 0; - if (strlen(arg) >= IF_NAMESIZE) { - fprintf(stderr, "Invalid device name: %s\n", arg); - argp_usage(state); - return ARGP_ERR_UNKNOWN; - } - - env.ifindex = if_nametoindex(arg); - if (!env.ifindex) - env.ifindex = strtoul(arg, NULL, 0); - if (!env.ifindex || !if_indextoname(env.ifindex, env.ifname)) { - fprintf(stderr, - "Bad interface index or name (%d): %s\n", - errno, strerror(errno)); - argp_usage(state); - return ARGP_ERR_UNKNOWN; - } - break; - default: - return ARGP_ERR_UNKNOWN; - } - - return 0; -} - -static const struct argp argp = { - .options = opts, - .parser = parse_arg, - .doc = argp_program_doc, -}; - -static void set_env_default(void) -{ - env.feature.drv_feature = NETDEV_XDP_ACT_NDO_XMIT; - env.feature.action = -EINVAL; - env.ifindex = -ENODEV; - strcpy(env.ifname, "unknown"); - make_sockaddr(AF_INET6, "::ffff:127.0.0.1", DUT_CTRL_PORT, - &env.dut_ctrl_addr, NULL); - make_sockaddr(AF_INET6, "::ffff:127.0.0.1", DUT_ECHO_PORT, - &env.dut_addr, NULL); - make_sockaddr(AF_INET6, "::ffff:127.0.0.1", 0, &env.tester_addr, NULL); -} - -static void *dut_echo_thread(void *arg) -{ - unsigned char buf[sizeof(struct tlv_hdr)]; - int sockfd = *(int *)arg; - - while (!exiting) { - struct tlv_hdr *tlv = (struct tlv_hdr *)buf; - struct sockaddr_storage addr; - socklen_t addrlen; - size_t n; - - n = recvfrom(sockfd, buf, sizeof(buf), MSG_WAITALL, - (struct sockaddr *)&addr, &addrlen); - if (n != ntohs(tlv->len)) - continue; - - if (ntohs(tlv->type) != CMD_ECHO) - continue; - - sendto(sockfd, buf, sizeof(buf), MSG_NOSIGNAL | MSG_CONFIRM, - (struct sockaddr *)&addr, addrlen); - } - - pthread_exit((void *)0); - close(sockfd); - - return NULL; -} - -static int dut_run_echo_thread(pthread_t *t, int *sockfd) -{ - int err; - - sockfd = start_reuseport_server(AF_INET6, SOCK_DGRAM, NULL, - DUT_ECHO_PORT, 0, 1); - if (!sockfd) { - fprintf(stderr, - "Failed creating data UDP socket on device %s\n", - env.ifname); - return -errno; - } - - /* start echo channel */ - err = pthread_create(t, NULL, dut_echo_thread, sockfd); - if (err) { - fprintf(stderr, - "Failed creating data UDP thread on device %s: %s\n", - env.ifname, strerror(-err)); - free_fds(sockfd, 1); - return -EINVAL; - } - - return 0; -} - -static int dut_attach_xdp_prog(struct xdp_features *skel, int flags) -{ - enum xdp_action action = env.feature.action; - struct bpf_program *prog; - unsigned int key = 0; - int err, fd = 0; - - if (env.feature.drv_feature == NETDEV_XDP_ACT_NDO_XMIT) { - struct bpf_devmap_val entry = { - .ifindex = env.ifindex, - }; - - err = bpf_map__update_elem(skel->maps.dev_map, - &key, sizeof(key), - &entry, sizeof(entry), 0); - if (err < 0) - return err; - - fd = bpf_program__fd(skel->progs.xdp_do_redirect_cpumap); - action = XDP_REDIRECT; - } - - switch (action) { - case XDP_TX: - prog = skel->progs.xdp_do_tx; - break; - case XDP_DROP: - prog = skel->progs.xdp_do_drop; - break; - case XDP_ABORTED: - prog = skel->progs.xdp_do_aborted; - break; - case XDP_PASS: - prog = skel->progs.xdp_do_pass; - break; - case XDP_REDIRECT: { - struct bpf_cpumap_val entry = { - .qsize = 2048, - .bpf_prog.fd = fd, - }; - - err = bpf_map__update_elem(skel->maps.cpu_map, - &key, sizeof(key), - &entry, sizeof(entry), 0); - if (err < 0) - return err; - - prog = skel->progs.xdp_do_redirect; - break; - } - default: - return -EINVAL; - } - - err = bpf_xdp_attach(env.ifindex, bpf_program__fd(prog), flags, NULL); - if (err) - fprintf(stderr, "Failed attaching XDP program to device %s\n", - env.ifname); - return err; -} - -static int recv_msg(int sockfd, void *buf, size_t bufsize, void *val, - size_t val_size) -{ - struct tlv_hdr *tlv = (struct tlv_hdr *)buf; - size_t len; - - len = recv(sockfd, buf, bufsize, 0); - if (len != ntohs(tlv->len) || len < sizeof(*tlv)) - return -EINVAL; - - if (val) { - len -= sizeof(*tlv); - if (len > val_size) - return -ENOMEM; - - memcpy(val, tlv->data, len); - } - - return 0; -} - -static int dut_run(struct xdp_features *skel) -{ - int flags = XDP_FLAGS_UPDATE_IF_NOEXIST | XDP_FLAGS_DRV_MODE; - int state, err = 0, *sockfd, ctrl_sockfd, echo_sockfd; - struct sockaddr_storage ctrl_addr; - pthread_t dut_thread = 0; - socklen_t addrlen; - - sockfd = start_reuseport_server(AF_INET6, SOCK_STREAM, NULL, - DUT_CTRL_PORT, 0, 1); - if (!sockfd) { - fprintf(stderr, - "Failed creating control socket on device %s\n", env.ifname); - return -errno; - } - - ctrl_sockfd = accept(*sockfd, (struct sockaddr *)&ctrl_addr, &addrlen); - if (ctrl_sockfd < 0) { - fprintf(stderr, - "Failed accepting connections on device %s control socket\n", - env.ifname); - free_fds(sockfd, 1); - return -errno; - } - - /* CTRL loop */ - while (!exiting) { - unsigned char buf[BUFSIZE] = {}; - struct tlv_hdr *tlv = (struct tlv_hdr *)buf; - - err = recv_msg(ctrl_sockfd, buf, BUFSIZE, NULL, 0); - if (err) - continue; - - switch (ntohs(tlv->type)) { - case CMD_START: { - if (state == CMD_START) - continue; - - state = CMD_START; - /* Load the XDP program on the DUT */ - err = dut_attach_xdp_prog(skel, flags); - if (err) - goto out; - - err = dut_run_echo_thread(&dut_thread, &echo_sockfd); - if (err < 0) - goto out; - - tlv->type = htons(CMD_ACK); - tlv->len = htons(sizeof(*tlv)); - err = send(ctrl_sockfd, buf, sizeof(*tlv), 0); - if (err < 0) - goto end_thread; - break; - } - case CMD_STOP: - if (state != CMD_START) - break; - - state = CMD_STOP; - - exiting = true; - bpf_xdp_detach(env.ifindex, flags, NULL); - - tlv->type = htons(CMD_ACK); - tlv->len = htons(sizeof(*tlv)); - err = send(ctrl_sockfd, buf, sizeof(*tlv), 0); - goto end_thread; - case CMD_GET_XDP_CAP: { - LIBBPF_OPTS(bpf_xdp_query_opts, opts); - unsigned long long val; - size_t n; - - err = bpf_xdp_query(env.ifindex, XDP_FLAGS_DRV_MODE, - &opts); - if (err) { - fprintf(stderr, - "Failed querying XDP cap for device %s\n", - env.ifname); - goto end_thread; - } - - tlv->type = htons(CMD_ACK); - n = sizeof(*tlv) + sizeof(opts.feature_flags); - tlv->len = htons(n); - - val = htobe64(opts.feature_flags); - memcpy(tlv->data, &val, sizeof(val)); - - err = send(ctrl_sockfd, buf, n, 0); - if (err < 0) - goto end_thread; - break; - } - case CMD_GET_STATS: { - unsigned int key = 0, val; - size_t n; - - err = bpf_map__lookup_elem(skel->maps.dut_stats, - &key, sizeof(key), - &val, sizeof(val), 0); - if (err) { - fprintf(stderr, - "bpf_map_lookup_elem failed (%d)\n", err); - goto end_thread; - } - - tlv->type = htons(CMD_ACK); - n = sizeof(*tlv) + sizeof(val); - tlv->len = htons(n); - - val = htonl(val); - memcpy(tlv->data, &val, sizeof(val)); - - err = send(ctrl_sockfd, buf, n, 0); - if (err < 0) - goto end_thread; - break; - } - default: - break; - } - } - -end_thread: - pthread_join(dut_thread, NULL); -out: - bpf_xdp_detach(env.ifindex, flags, NULL); - close(ctrl_sockfd); - free_fds(sockfd, 1); - - return err; -} - -static bool tester_collect_detected_cap(struct xdp_features *skel, - unsigned int dut_stats) -{ - unsigned int err, key = 0, val; - - if (!dut_stats) - return false; - - err = bpf_map__lookup_elem(skel->maps.stats, &key, sizeof(key), - &val, sizeof(val), 0); - if (err) { - fprintf(stderr, "bpf_map_lookup_elem failed (%d)\n", err); - return false; - } - - switch (env.feature.action) { - case XDP_PASS: - case XDP_TX: - case XDP_REDIRECT: - return val > 0; - case XDP_DROP: - case XDP_ABORTED: - return val == 0; - default: - break; - } - - if (env.feature.drv_feature == NETDEV_XDP_ACT_NDO_XMIT) - return val > 0; - - return false; -} - -static int send_and_recv_msg(int sockfd, enum test_commands cmd, void *val, - size_t val_size) -{ - unsigned char buf[BUFSIZE] = {}; - struct tlv_hdr *tlv = (struct tlv_hdr *)buf; - int err; - - tlv->type = htons(cmd); - tlv->len = htons(sizeof(*tlv)); - - err = send(sockfd, buf, sizeof(*tlv), 0); - if (err < 0) - return err; - - err = recv_msg(sockfd, buf, BUFSIZE, val, val_size); - if (err < 0) - return err; - - return ntohs(tlv->type) == CMD_ACK ? 0 : -EINVAL; -} - -static int send_echo_msg(void) -{ - unsigned char buf[sizeof(struct tlv_hdr)]; - struct tlv_hdr *tlv = (struct tlv_hdr *)buf; - int sockfd, n; - - sockfd = socket(AF_INET6, SOCK_DGRAM, 0); - if (sockfd < 0) { - fprintf(stderr, - "Failed creating data UDP socket on device %s\n", - env.ifname); - return -errno; - } - - tlv->type = htons(CMD_ECHO); - tlv->len = htons(sizeof(*tlv)); - - n = sendto(sockfd, buf, sizeof(*tlv), MSG_NOSIGNAL | MSG_CONFIRM, - (struct sockaddr *)&env.dut_addr, sizeof(env.dut_addr)); - close(sockfd); - - return n == ntohs(tlv->len) ? 0 : -EINVAL; -} - -static int tester_run(struct xdp_features *skel) -{ - int flags = XDP_FLAGS_UPDATE_IF_NOEXIST | XDP_FLAGS_DRV_MODE; - unsigned long long advertised_feature; - struct bpf_program *prog; - unsigned int stats; - int i, err, sockfd; - bool detected_cap; - - sockfd = socket(AF_INET6, SOCK_STREAM, 0); - if (sockfd < 0) { - fprintf(stderr, - "Failed creating tester service control socket\n"); - return -errno; - } - - if (settimeo(sockfd, 1000) < 0) - return -EINVAL; - - err = connect(sockfd, (struct sockaddr *)&env.dut_ctrl_addr, - sizeof(env.dut_ctrl_addr)); - if (err) { - fprintf(stderr, - "Failed connecting to the Device Under Test control socket\n"); - return -errno; - } - - err = send_and_recv_msg(sockfd, CMD_GET_XDP_CAP, &advertised_feature, - sizeof(advertised_feature)); - if (err < 0) { - close(sockfd); - return err; - } - - advertised_feature = be64toh(advertised_feature); - - if (env.feature.drv_feature == NETDEV_XDP_ACT_NDO_XMIT || - env.feature.action == XDP_TX) - prog = skel->progs.xdp_tester_check_tx; - else - prog = skel->progs.xdp_tester_check_rx; - - err = bpf_xdp_attach(env.ifindex, bpf_program__fd(prog), flags, NULL); - if (err) { - fprintf(stderr, "Failed attaching XDP program to device %s\n", - env.ifname); - goto out; - } - - err = send_and_recv_msg(sockfd, CMD_START, NULL, 0); - if (err) - goto out; - - for (i = 0; i < 10 && !exiting; i++) { - err = send_echo_msg(); - if (err < 0) - goto out; - - sleep(1); - } - - err = send_and_recv_msg(sockfd, CMD_GET_STATS, &stats, sizeof(stats)); - if (err) - goto out; - - /* stop the test */ - err = send_and_recv_msg(sockfd, CMD_STOP, NULL, 0); - /* send a new echo message to wake echo thread of the dut */ - send_echo_msg(); - - detected_cap = tester_collect_detected_cap(skel, ntohl(stats)); - - fprintf(stdout, "Feature %s: [%s][%s]\n", get_xdp_feature_str(), - detected_cap ? GREEN("DETECTED") : RED("NOT DETECTED"), - env.feature.drv_feature & advertised_feature ? GREEN("ADVERTISED") - : RED("NOT ADVERTISED")); -out: - bpf_xdp_detach(env.ifindex, flags, NULL); - close(sockfd); - return err < 0 ? err : 0; -} - -int main(int argc, char **argv) -{ - struct xdp_features *skel; - int err; - - libbpf_set_strict_mode(LIBBPF_STRICT_ALL); - libbpf_set_print(libbpf_print_fn); - - signal(SIGINT, sig_handler); - signal(SIGTERM, sig_handler); - - set_env_default(); - - /* Parse command line arguments */ - err = argp_parse(&argp, argc, argv, 0, NULL, NULL); - if (err) - return err; - - if (env.ifindex < 0) { - fprintf(stderr, "Invalid device name %s\n", env.ifname); - return -ENODEV; - } - - /* Load and verify BPF application */ - skel = xdp_features__open(); - if (!skel) { - fprintf(stderr, "Failed to open and load BPF skeleton\n"); - return -EINVAL; - } - - skel->rodata->tester_addr = - ((struct sockaddr_in6 *)&env.tester_addr)->sin6_addr; - skel->rodata->dut_addr = - ((struct sockaddr_in6 *)&env.dut_addr)->sin6_addr; - - /* Load & verify BPF programs */ - err = xdp_features__load(skel); - if (err) { - fprintf(stderr, "Failed to load and verify BPF skeleton\n"); - goto cleanup; - } - - err = xdp_features__attach(skel); - if (err) { - fprintf(stderr, "Failed to attach BPF skeleton\n"); - goto cleanup; - } - - if (env.is_tester) { - /* Tester */ - fprintf(stdout, "Starting tester service on device %s\n", - env.ifname); - err = tester_run(skel); - } else { - /* DUT */ - fprintf(stdout, "Starting test on device %s\n", env.ifname); - err = dut_run(skel); - } - -cleanup: - xdp_features__destroy(skel); - - return err < 0 ? -err : 0; -} diff --git a/tools/testing/selftests/bpf/xdp_features.h b/tools/testing/selftests/bpf/xdp_features.h index 2670c541713b..2fa7a2e156c7 100644 --- a/tools/testing/selftests/bpf/xdp_features.h +++ b/tools/testing/selftests/bpf/xdp_features.h @@ -1,20 +1,5 @@ /* SPDX-License-Identifier: GPL-2.0 */ -/* test commands */ -enum test_commands { - CMD_STOP, /* CMD */ - CMD_START, /* CMD */ - CMD_ECHO, /* CMD */ - CMD_ACK, /* CMD + data */ - CMD_GET_XDP_CAP, /* CMD */ - CMD_GET_STATS, /* CMD */ -}; +#define CMD_ECHO 0x4543484F /* 4 bytes magic */ -#define DUT_CTRL_PORT 12345 #define DUT_ECHO_PORT 12346 - -struct tlv_hdr { - __be16 type; - __be16 len; - __u8 data[]; -}; --- base-commit: 33a4c81d04d3011e79f70fbc2d68a4d6cb12b9a5 change-id: 20240730-convert_xdp_tests-ccd66bfe33db Best regards, -- Alexis Lothoré, Bootlin Embedded Linux and Kernel engineering https://bootlin.com

1 year, 1 month

3
2
0 0

[PATCH] list: test: Mending tests for list_cut_position()

by I Hsin Cheng

Mending test for list_cut_position*() for the missing check of integer "i" after the second loop. The variable should be checked for second time to make sure both lists after the cut operation are formed as expected. Signed-off-by: I Hsin Cheng <richard120310(a)gmail.com> --- lib/list-test.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/list-test.c b/lib/list-test.c index 37cbc33e9fdb..f59188fc2aca 100644 --- a/lib/list-test.c +++ b/lib/list-test.c @@ -404,10 +404,13 @@ static void list_test_list_cut_position(struct kunit *test) KUNIT_EXPECT_EQ(test, i, 2); + i = 0; list_for_each(cur, &list1) { KUNIT_EXPECT_PTR_EQ(test, cur, &entries[i]); i++; } + + KUNIT_EXPECT_EQ(test, i, 1); } static void list_test_list_cut_before(struct kunit *test) @@ -432,10 +435,13 @@ static void list_test_list_cut_before(struct kunit *test) KUNIT_EXPECT_EQ(test, i, 1); + i = 0; list_for_each(cur, &list1) { KUNIT_EXPECT_PTR_EQ(test, cur, &entries[i]); i++; } + + KUNIT_EXPECT_EQ(i, 2); } static void list_test_list_splice(struct kunit *test) -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH] list: test: Increasing coverage of list_test_list_replace*()

by I Hsin Cheng

Increase the test coverage of list_test_list_replace*() by adding the checks to compare the pointer of "a_new.next" and "a_new.prev" to make sure a perfect circular doubly linked list is formed after the replacement. Signed-off-by: I Hsin Cheng <richard120310(a)gmail.com> --- lib/list-test.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/list-test.c b/lib/list-test.c index 37cbc33e9fdb..e207c4c98d70 100644 --- a/lib/list-test.c +++ b/lib/list-test.c @@ -102,6 +102,8 @@ static void list_test_list_replace(struct kunit *test) /* now: [list] -> a_new -> b */ KUNIT_EXPECT_PTR_EQ(test, list.next, &a_new); KUNIT_EXPECT_PTR_EQ(test, b.prev, &a_new); + KUNIT_EXPECT_PTR_EQ(test, a_new.next, &b); + KUNIT_EXPECT_PTR_EQ(test, a_new.prev, &list); } static void list_test_list_replace_init(struct kunit *test) @@ -118,6 +120,8 @@ static void list_test_list_replace_init(struct kunit *test) /* now: [list] -> a_new -> b */ KUNIT_EXPECT_PTR_EQ(test, list.next, &a_new); KUNIT_EXPECT_PTR_EQ(test, b.prev, &a_new); + KUNIT_EXPECT_PTR_EQ(test, a_new.next, &b); + KUNIT_EXPECT_PTR_EQ(test, a_new.prev, &list); /* check a_old is empty (initialized) */ KUNIT_EXPECT_TRUE(test, list_empty_careful(&a_old)); -- 2.43.0

1 year, 1 month

1
0
0 0

[PATCH net-next v2] selftests: return failure when timestamps can't be reported

by Jason Xing

From: Jason Xing <kernelxing(a)tencent.com> When I was trying to modify the tx timestamping feature, I found that running "./txtimestamp -4 -C -L 127.0.0.1" didn't reflect the error: I succeeded to generate timestamp stored in the skb but later failed to report it to the userspace (which means failed to put css into cmsg). It can happen when someone writes buggy codes in __sock_recv_timestamp(), for example. After adding the check so that running ./txtimestamp will reflect the result correctly like this if there is a bug in the reporting phase: protocol: TCP payload: 10 server port: 9000 family: INET test SND USR: 1725458477 s 667997 us (seq=0, len=0) Failed to report timestamps USR: 1725458477 s 718128 us (seq=0, len=0) Failed to report timestamps USR: 1725458477 s 768273 us (seq=0, len=0) Failed to report timestamps USR: 1725458477 s 818416 us (seq=0, len=0) Failed to report timestamps ... In the future, it will help us detect whether the new coming patch has bugs or not. Signed-off-by: Jason Xing <kernelxing(a)tencent.com> --- v2 Link: https://lore.kernel.org/all/20240904144446.41274-1-kerneljasonxing@gmail.co… 1. mainly change from "parse" to "report", update the commit message. --- tools/testing/selftests/net/txtimestamp.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/txtimestamp.c b/tools/testing/selftests/net/txtimestamp.c index ec60a16c9307..d626f22f9550 100644 --- a/tools/testing/selftests/net/txtimestamp.c +++ b/tools/testing/selftests/net/txtimestamp.c @@ -356,8 +356,12 @@ static void __recv_errmsg_cmsg(struct msghdr *msg, int payload_len) } } - if (batch > 1) + if (batch > 1) { fprintf(stderr, "batched %d timestamps\n", batch); + } else if (!batch) { + fprintf(stderr, "Failed to report timestamps\n"); + test_failed = true; + } } static int recv_errmsg(int fd) -- 2.37.3

1 year, 1 month

4
3
0 0

[PATCH net-next v2 0/5] selftests: mptcp: add time per subtests in TAP output

by Matthieu Baerts (NGI0)

Patches here add 'time=<N>ms' in the diagnostic data of the TAP output, e.g. ok 1 - pm_netlink: defaults addr list # time=9ms This addition is useful to quickly identify which subtests are taking a longer time than the others, or more than expected. Note that there are no specific formats to follow to show this time according to the TAP 13, TAP 14 and KTAP specifications, but we follow the format being parsed by NIPA [1]. Patch 1 modifies mptcp_lib.sh to add this support to all MPTCP selftests. Patch 2 removes the now duplicated info in mptcp_connect.sh Patch 3 slightly improves the precision of the first subtests in all MPTCP subtests. Patches 4 and 5 remove duplicated spaces in TAP output, for the TAP parsers that cannot handle them properly. Link: https://github.com/linux-netdev/nipa/pull/36 Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Changes in v2: - Typo in the commit message of patch 2 (Jakub) - Two additional patches to remove duplicated spaces in TAP output - Link to v1: https://lore.kernel.org/r/20240902-net-next-mptcp-ksft-subtest-time-v1-0-f1… --- Matthieu Baerts (NGI0) (5): selftests: mptcp: lib: add time per subtests in TAP output selftests: mptcp: connect: remote time in TAP output selftests: mptcp: reset the last TS before the first test selftests: mptcp: diag: remove trailing whitespace selftests: mptcp: connect: remove duplicated spaces in TAP output tools/testing/selftests/net/mptcp/diag.sh | 2 +- tools/testing/selftests/net/mptcp/mptcp_connect.sh | 17 ++++++++++------- tools/testing/selftests/net/mptcp/mptcp_join.sh | 3 ++- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 17 ++++++++++++++++- tools/testing/selftests/net/mptcp/mptcp_sockopt.sh | 1 + tools/testing/selftests/net/mptcp/pm_netlink.sh | 2 ++ tools/testing/selftests/net/mptcp/simult_flows.sh | 1 + tools/testing/selftests/net/mptcp/userspace_pm.sh | 1 + 8 files changed, 34 insertions(+), 10 deletions(-) --- base-commit: 52fc70a32573707f70d6b1b5c5fe85cc91457393 change-id: 20240902-net-next-mptcp-ksft-subtest-time-a83cec43d894 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 year, 1 month

2
6
0 0

[PATCH bpf] bpf: Fix error message on kfunc arg type mismatch

by Maxim Mikityanskiy

When "arg#%d expected pointer to ctx, but got %s" error is printed, both template parts actually point to the type of the argument, therefore, it will also say "but got PTR", regardless of what was the actual register type. Fix the message to print the register type in the second part of the template, change the existing test to adapt to the new format, and add a new test to test the case when arg is a pointer to context, but reg is a scalar. Fixes: 00b85860feb8 ("bpf: Rewrite kfunc argument handling") Signed-off-by: Maxim Mikityanskiy <maxim(a)isovalent.com> --- kernel/bpf/verifier.c | 3 ++- tools/testing/selftests/bpf/prog_tests/kfunc_call.c | 1 + tools/testing/selftests/bpf/progs/kfunc_call_fail.c | 7 +++++++ tools/testing/selftests/bpf/verifier/calls.c | 2 +- 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index d8520095ca03..8b9f0a2981d4 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -11948,7 +11948,8 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_ switch (kf_arg_type) { case KF_ARG_PTR_TO_CTX: if (reg->type != PTR_TO_CTX) { - verbose(env, "arg#%d expected pointer to ctx, but got %s\n", i, btf_type_str(t)); + verbose(env, "arg#%d expected pointer to ctx, but got %s\n", + i, reg_type_str(env, reg->type)); return -EINVAL; } diff --git a/tools/testing/selftests/bpf/prog_tests/kfunc_call.c b/tools/testing/selftests/bpf/prog_tests/kfunc_call.c index 5b743212292f..f79c8e53cb3e 100644 --- a/tools/testing/selftests/bpf/prog_tests/kfunc_call.c +++ b/tools/testing/selftests/bpf/prog_tests/kfunc_call.c @@ -68,6 +68,7 @@ static struct kfunc_test_params kfunc_tests[] = { TC_FAIL(kfunc_call_test_get_mem_fail_oob, 0, "min value is outside of the allowed memory range"), TC_FAIL(kfunc_call_test_get_mem_fail_not_const, 0, "is not a const"), TC_FAIL(kfunc_call_test_mem_acquire_fail, 0, "acquire kernel function does not return PTR_TO_BTF_ID"), + TC_FAIL(kfunc_call_test_pointer_arg_type_mismatch, 0, "arg#0 expected pointer to ctx, but got scalar"), /* success cases */ TC_TEST(kfunc_call_test1, 12), diff --git a/tools/testing/selftests/bpf/progs/kfunc_call_fail.c b/tools/testing/selftests/bpf/progs/kfunc_call_fail.c index 4b0b7b79cdfb..08fae306539c 100644 --- a/tools/testing/selftests/bpf/progs/kfunc_call_fail.c +++ b/tools/testing/selftests/bpf/progs/kfunc_call_fail.c @@ -150,4 +150,11 @@ int kfunc_call_test_mem_acquire_fail(struct __sk_buff *skb) return ret; } +SEC("?tc") +int kfunc_call_test_pointer_arg_type_mismatch(struct __sk_buff *skb) +{ + bpf_kfunc_call_test_pass_ctx((void *)10); + return 0; +} + char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/verifier/calls.c b/tools/testing/selftests/bpf/verifier/calls.c index d0cdd156cd55..7afc2619ab14 100644 --- a/tools/testing/selftests/bpf/verifier/calls.c +++ b/tools/testing/selftests/bpf/verifier/calls.c @@ -76,7 +76,7 @@ }, .prog_type = BPF_PROG_TYPE_SCHED_CLS, .result = REJECT, - .errstr = "arg#0 expected pointer to ctx, but got PTR", + .errstr = "arg#0 expected pointer to ctx, but got fp", .fixup_kfunc_btf_id = { { "bpf_kfunc_call_test_pass_ctx", 2 }, }, -- 2.46.0

1 year, 1 month

4
3
0 0

[PATCH v2 0/1] Add KUnit tests for llist

by Artur Alves

Hi all, This is part of a hackathon organized by LKCAMP[1], focused on writing tests using KUnit. We reached out a while ago asking for advice on what would be a useful contribution[2] and ended up choosing data structures that did not yet have tests. This patch adds tests for the llist data structure, defined in include/linux/llist.h, and is inspired by the KUnit tests for the doubly linked list in lib/list-test.c[3]. It is important to note that this patch depends on the patch referenced in [4], as it utilizes the newly created lib/tests/ subdirectory. [1] https://lkcamp.dev/about/ [2] https://lore.kernel.org/all/Zktnt7rjKryTh9-N@arch/ [3] https://elixir.bootlin.com/linux/latest/source/lib/list-test.c [4] https://lore.kernel.org/all/20240720181025.work.002-kees@kernel.org/ --- Changes in v2: - Add MODULE_DESCRIPTION() - Move the tests from lib/llist_kunit.c to lib/tests/llist_kunit.c - Change the license from "GPL v2" to "GPL" Artur Alves (1): lib/llist_kunit.c: add KUnit tests for llist lib/Kconfig.debug | 11 ++ lib/tests/Makefile | 1 + lib/tests/llist_kunit.c | 361 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 373 insertions(+) create mode 100644 lib/tests/llist_kunit.c -- 2.46.0

1 year, 1 month

3
3
0 0

[PATCH v4] lib/math: Add int_pow test suite

by Luis Felipe Hernandez

Adds test suite for integer based power function. Signed-off-by: Luis Felipe Hernandez <luis.hernandez093(a)gmail.com> --- Changes in v4: - Address checkpatch warning and make kconfig description longer - Use GPL-2.0-only for consistency - Spelling fix fith -> fifth Changes in v3: - Fix compiler warning: explicitly define constant as unsigned int - Add changes in patch revisions Changes in v2: - Address review feedback - Add kconfig entry - Use correct dir and file convention for KUnit - Fix typo - Remove unused static_stub header - Refactor test suite to use paramerterized test cases - Add close to max allowable value to in large_result test case - Add test case with non-power of two exponent - Fix module license --- lib/Kconfig.debug | 9 ++++++ lib/math/Makefile | 1 + lib/math/tests/Makefile | 3 ++ lib/math/tests/int_pow_kunit.c | 52 ++++++++++++++++++++++++++++++++++ 4 files changed, 65 insertions(+) create mode 100644 lib/math/tests/Makefile create mode 100644 lib/math/tests/int_pow_kunit.c diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index a30c03a66172..0f98f73d4322 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -3051,3 +3051,12 @@ config RUST_KERNEL_DOCTESTS endmenu # "Rust" endmenu # Kernel hacking + +config INT_POW_TEST + tristate "Integer exponentiation (int_pow) test" if !KUNIT_ALL_TESTS + depends on KUNIT + default KUNIT_ALL_TESTS + help + This option enables the KUnit test suite for the int_pow function, + which performs integer exponentiation. The test suite is designed to + verify that the implementation of int_pow correctly computes the power + of a given base raised to a given exponent. + + Enabling this option will include tests that check various scenarios + and edge cases to ensure the accuracy and reliability of the exponentiation + function. + + If unsure, say N diff --git a/lib/math/Makefile b/lib/math/Makefile index 91fcdb0c9efe..3c1f92a7459d 100644 --- a/lib/math/Makefile +++ b/lib/math/Makefile @@ -5,5 +5,6 @@ obj-$(CONFIG_CORDIC) += cordic.o obj-$(CONFIG_PRIME_NUMBERS) += prime_numbers.o obj-$(CONFIG_RATIONAL) += rational.o +obj-$(CONFIG_INT_POW_TEST) += tests/int_pow_kunit.o obj-$(CONFIG_TEST_DIV64) += test_div64.o obj-$(CONFIG_RATIONAL_KUNIT_TEST) += rational-test.o diff --git a/lib/math/tests/Makefile b/lib/math/tests/Makefile new file mode 100644 index 000000000000..6a169123320a --- /dev/null +++ b/lib/math/tests/Makefile @@ -0,0 +1,3 @@ +# SPDX-License-Identifier: GPL-2.0-only + +obj-$(CONFIG_INT_POW_TEST) += int_pow_kunit.o diff --git a/lib/math/tests/int_pow_kunit.c b/lib/math/tests/int_pow_kunit.c new file mode 100644 index 000000000000..7b6a5ae70eb4 --- /dev/null +++ b/lib/math/tests/int_pow_kunit.c @@ -0,0 +1,52 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include <kunit/test.h> +#include <linux/math.h> + +struct test_case_params { + u64 base; + unsigned int exponent; + u64 expected_result; + const char *name; +}; + +static const struct test_case_params params[] = { + { 64, 0, 1, "Power of zero" }, + { 64, 1, 64, "Power of one"}, + { 0, 5, 0, "Base zero" }, + { 1, 64, 1, "Base one" }, + { 2, 2, 4, "Two squared"}, + { 2, 3, 8, "Two cubed"}, + { 5, 5, 3125, "Five raised to the fifth power" }, + { U64_MAX, 1, U64_MAX, "Max base" }, + { 2, 63, 9223372036854775808, "Large result"}, +}; + +static void get_desc(const struct test_case_params *tc, char *desc) +{ + strscpy(desc, tc->name, KUNIT_PARAM_DESC_SIZE); +} + +KUNIT_ARRAY_PARAM(int_pow, params, get_desc); + +static void int_pow_test(struct kunit *test) +{ + const struct test_case_params *tc = (const struct test_case_params *)test->param_value; + + KUNIT_EXPECT_EQ(test, tc->expected_result, int_pow(tc->base, tc->exponent)); +} + +static struct kunit_case math_int_pow_test_cases[] = { + KUNIT_CASE_PARAM(int_pow_test, int_pow_gen_params), + {} +}; + +static struct kunit_suite int_pow_test_suite = { + .name = "math-int_pow", + .test_cases = math_int_pow_test_cases, +}; + +kunit_test_suites(&int_pow_test_suite); + +MODULE_DESCRIPTION("math.int_pow KUnit test suite"); +MODULE_LICENSE("GPL"); -- 2.46.0

1 year, 1 month

2
2
0 0

[PATCH net-next 0/3] lan743x: This series of patches are for lan743x driver testing

by Mohan Prasad J

This series of patches are for testing the lan743x network driver. Testing comprises autonegotiation, speed, duplex and throughput checks. Tools such as ethtool, iperf3 are used in the testing process. Performance test is done for TCP streams at different speeds. Signed-off-by: Mohan Prasad J <mohan.prasad(a)microchip.com> Mohan Prasad J (3): selftests: lan743x: Add testfile for lan743x network driver selftests: lan743x: Add testcase to check speed and duplex state of lan743x selftests: lan743x: Add testcase to check throughput of lan743x MAINTAINERS | 2 + tools/testing/selftests/Makefile | 2 +- .../drivers/net/hw/microchip/lan743x/Makefile | 7 ++ .../net/hw/microchip/lan743x/lan743x.py | 117 ++++++++++++++++++ .../hw/microchip/lan743x/lib/py/__init__.py | 16 +++ 5 files changed, 143 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/drivers/net/hw/microchip/lan743x/Makefile create mode 100755 tools/testing/selftests/drivers/net/hw/microchip/lan743x/lan743x.py create mode 100644 tools/testing/selftests/drivers/net/hw/microchip/lan743x/lib/py/__init__.py -- 2.43.0

1 year, 1 month

4
14
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror