- Linux-kselftest-mirror - lists.linaro.org

[PATCH v13 0/9] namei: openat2(2) path resolution restrictions

by Aleksa Sarai

This patchset is being developed here: <https://github.com/cyphar/linux/tree/resolveat/master> It depends on the copy_struct_from_user() helpers being developed here: <https://github.com/cyphar/linux/tree/copy_struct_from_user/master> and posted here: <https://lore.kernel.org/lkml/20190930182810.6090-1-cyphar@cyphar.com/> Patch changelog: v13: * Fix race with the magic-link mode semantics by recomputing the mode during ->get_link() and storing it with nd_jump_link(). A selftest was added for this attack scenario as well. [Jann Horn] * Fix gap in RESOLVE_NO_XDEV with magic-links -- now magic-link resolution is only permitted if the link doesn't jump vfsmounts. * Remove path_is_under() checks for ".." resolution (due to the possibility of O(m*n) lookup behaviour). Instead, return -EAGAIN if a racing rename or mount occurs. Userspace is then encouraged to retry or have another fallback (if after several tries, it still fails it's likely that there is an attack going on -- though failures will occur spuriously because &{rename,mount}_lock are both global). [Linus Torvalds] * Move copy_struct_from_user() to a separate series so it can be merged separately. [Christian Brauner] * Small test improvements (mainly making the TAP output more readable and adding a few new minor test cases). Now the openat2(2) self-tests have ~271 overall test cases. * Expand on changes to path-lookup in the kernel docs. * Kernel-doc fixes. [Randy Dunlap] v12: <https://lore.kernel.org/lkml/20190904201933.10736-1-cyphar@cyphar.com/> v11: <https://lore.kernel.org/lkml/20190820033406.29796-1-cyphar@cyphar.com/> <https://lore.kernel.org/lkml/20190728010207.9781-1-cyphar@cyphar.com/> v10: <https://lore.kernel.org/lkml/20190719164225.27083-1-cyphar@cyphar.com/> v09: <https://lore.kernel.org/lkml/20190706145737.5299-1-cyphar@cyphar.com/> v08: <https://lore.kernel.org/lkml/20190520133305.11925-1-cyphar@cyphar.com/> v07: <https://lore.kernel.org/lkml/20190507164317.13562-1-cyphar@cyphar.com/> v06: <https://lore.kernel.org/lkml/20190506165439.9155-1-cyphar@cyphar.com/> v05: <https://lore.kernel.org/lkml/20190320143717.2523-1-cyphar@cyphar.com/> v04: <https://lore.kernel.org/lkml/20181112142654.341-1-cyphar@cyphar.com/> v03: <https://lore.kernel.org/lkml/20181009070230.12884-1-cyphar@cyphar.com/> v02: <https://lore.kernel.org/lkml/20181009065300.11053-1-cyphar@cyphar.com/> v01: <https://lore.kernel.org/lkml/20180929103453.12025-1-cyphar@cyphar.com/> The need for some sort of control over VFS's path resolution (to avoid malicious paths resulting in inadvertent breakouts) has been a very long-standing desire of many userspace applications. This patchset is a revival of Al Viro's old AT_NO_JUMPS[1,2] patchset (which was a variant of David Drysdale's O_BENEATH patchset[3] which was a spin-off of the Capsicum project[4]) with a few additions and changes made based on the previous discussion within [5] as well as others I felt were useful. In line with the conclusions of the original discussion of AT_NO_JUMPS, the flag has been split up into separate flags. However, instead of being an openat(2) flag it is provided through a new syscall openat2(2) which provides several other improvements to the openat(2) interface (see the patch description for more details). The following new LOOKUP_* flags are added: * LOOKUP_NO_XDEV blocks all mountpoint crossings (upwards, downwards, or through absolute links). Absolute pathnames alone in openat(2) do not trigger this. Magic-link traversal which implies a vfsmount jump is also blocked (though magic-link jumps on the same vfsmount are permitted). * LOOKUP_NO_MAGICLINKS blocks resolution through /proc/$pid/fd-style links. This is done by blocking the usage of nd_jump_link() during resolution in a filesystem. The term "magic-links" is used to match with the only reference to these links in Documentation/, but I'm happy to change the name. It should be noted that this is different to the scope of ~LOOKUP_FOLLOW in that it applies to all path components. However, you can do openat2(NO_FOLLOW|NO_MAGICLINKS) on a magic-link and it will *not* fail (assuming that no parent component was a magic-link), and you will have an fd for the magic-link. * LOOKUP_BENEATH disallows escapes to outside the starting dirfd's tree, using techniques such as ".." or absolute links. Absolute paths in openat(2) are also disallowed. Conceptually this flag is to ensure you "stay below" a certain point in the filesystem tree -- but this requires some additional to protect against various races that would allow escape using "..". Currently LOOKUP_BENEATH implies LOOKUP_NO_MAGICLINKS, because it can trivially beam you around the filesystem (breaking the protection). In future, there might be similar safety checks done as in LOOKUP_IN_ROOT, but that requires more discussion. In addition, two new flags are added that expand on the above ideas: * LOOKUP_NO_SYMLINKS does what it says on the tin. No symlink resolution is allowed at all, including magic-links. Just as with LOOKUP_NO_MAGICLINKS this can still be used with NOFOLLOW to open an fd for the symlink as long as no parent path had a symlink component. * LOOKUP_IN_ROOT is an extension of LOOKUP_BENEATH that, rather than blocking attempts to move past the root, forces all such movements to be scoped to the starting point. This provides chroot(2)-like protection but without the cost of a chroot(2) for each filesystem operation, as well as being safe against race attacks that chroot(2) is not. If a race is detected (as with LOOKUP_BENEATH) then an error is generated, and similar to LOOKUP_BENEATH it is not permitted to cross magic-links with LOOKUP_IN_ROOT. The primary need for this is from container runtimes, which currently need to do symlink scoping in userspace[6] when opening paths in a potentially malicious container. There is a long list of CVEs that could have bene mitigated by having RESOLVE_THIS_ROOT (such as CVE-2017-1002101, CVE-2017-1002102, CVE-2018-15664, and CVE-2019-5736, just to name a few). And further, several semantics of file descriptor "re-opening" are now changed to prevent attacks like CVE-2019-5736 by restricting how magic-links can be resolved (based on their mode). This required some other changes to the semantics of the modes of O_PATH file descriptor's associated /proc/self/fd magic-links. openat2(2) has the ability to further restrict re-opening of its own O_PATH fds, so that users can make even better use of this feature. Finally, O_EMPTYPATH was added so that users can do /proc/self/fd-style re-opening without depending on procfs. The new restricted semantics for magic-links are applied here too. In order to make all of the above more usable, I'm working on libpathrs[7] which is a C-friendly library for safe path resolution. It features a userspace-emulated backend if the kernel doesn't support openat2(2). Hopefully we can get userspace to switch to using it, and thus get openat2(2) support for free once it's ready. [1]: https://lwn.net/Articles/721443/ [2]: https://lore.kernel.org/patchwork/patch/784221/ [3]: https://lwn.net/Articles/619151/ [4]: https://lwn.net/Articles/603929/ [5]: https://lwn.net/Articles/723057/ [6]: https://github.com/cyphar/filepath-securejoin [7]: https://github.com/openSUSE/libpathrs Aleksa Sarai (9): namei: obey trailing magic-link DAC permissions procfs: switch magic-link modes to be more sane open: O_EMPTYPATH: procfs-less file descriptor re-opening namei: O_BENEATH-style path resolution flags namei: LOOKUP_IN_ROOT: chroot-like path resolution namei: permit ".." resolution with LOOKUP_{IN_ROOT,BENEATH} open: openat2(2) syscall selftests: add openat2(2) selftests Documentation: update path-lookup to mention trailing magic-links Documentation/filesystems/path-lookup.rst | 80 ++- arch/alpha/include/uapi/asm/fcntl.h | 1 + arch/alpha/kernel/syscalls/syscall.tbl | 1 + arch/arm/tools/syscall.tbl | 1 + arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 2 + arch/ia64/kernel/syscalls/syscall.tbl | 1 + arch/m68k/kernel/syscalls/syscall.tbl | 1 + arch/microblaze/kernel/syscalls/syscall.tbl | 1 + arch/mips/kernel/syscalls/syscall_n32.tbl | 1 + arch/mips/kernel/syscalls/syscall_n64.tbl | 1 + arch/mips/kernel/syscalls/syscall_o32.tbl | 1 + arch/parisc/include/uapi/asm/fcntl.h | 39 +- arch/parisc/kernel/syscalls/syscall.tbl | 1 + arch/powerpc/kernel/syscalls/syscall.tbl | 1 + arch/s390/kernel/syscalls/syscall.tbl | 1 + arch/sh/kernel/syscalls/syscall.tbl | 1 + arch/sparc/include/uapi/asm/fcntl.h | 1 + arch/sparc/kernel/syscalls/syscall.tbl | 1 + arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + arch/xtensa/kernel/syscalls/syscall.tbl | 1 + fs/fcntl.c | 2 +- fs/internal.h | 1 + fs/namei.c | 286 +++++++-- fs/open.c | 100 ++- fs/proc/base.c | 69 +- fs/proc/fd.c | 45 +- fs/proc/internal.h | 2 +- fs/proc/namespaces.c | 4 +- include/linux/fcntl.h | 21 +- include/linux/fs.h | 8 +- include/linux/namei.h | 15 +- include/linux/syscalls.h | 14 +- include/uapi/asm-generic/fcntl.h | 4 + include/uapi/asm-generic/unistd.h | 5 +- include/uapi/linux/fcntl.h | 42 ++ security/apparmor/apparmorfs.c | 2 +- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/memfd/memfd_test.c | 7 +- tools/testing/selftests/openat2/.gitignore | 1 + tools/testing/selftests/openat2/Makefile | 8 + tools/testing/selftests/openat2/helpers.c | 98 +++ tools/testing/selftests/openat2/helpers.h | 114 ++++ .../testing/selftests/openat2/linkmode_test.c | 590 ++++++++++++++++++ .../testing/selftests/openat2/openat2_test.c | 152 +++++ .../selftests/openat2/rename_attack_test.c | 149 +++++ .../testing/selftests/openat2/resolve_test.c | 522 ++++++++++++++++ 48 files changed, 2258 insertions(+), 145 deletions(-) create mode 100644 tools/testing/selftests/openat2/.gitignore create mode 100644 tools/testing/selftests/openat2/Makefile create mode 100644 tools/testing/selftests/openat2/helpers.c create mode 100644 tools/testing/selftests/openat2/helpers.h create mode 100644 tools/testing/selftests/openat2/linkmode_test.c create mode 100644 tools/testing/selftests/openat2/openat2_test.c create mode 100644 tools/testing/selftests/openat2/rename_attack_test.c create mode 100644 tools/testing/selftests/openat2/resolve_test.c -- 2.23.0

5 years, 9 months

2
15
0 0

[PATCH] tools: bpf: Use !building_out_of_srctree to determine srctree

by Shuah Khan

make TARGETS=bpf kselftest fails with: Makefile:127: tools/build/Makefile.include: No such file or directory When the bpf tool make is invoked from tools Makefile, srctree is cleared and the current logic check for srctree equals to empty string to determine srctree location from CURDIR. When the build in invoked from selftests/bpf Makefile, the srctree is set to "." and the same logic used for srctree equals to empty is needed to determine srctree. Check building_out_of_srctree undefined as the condition for both cases to fix "make TARGETS=bpf kselftest" build failure. Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> --- tools/bpf/Makefile | 6 +++++- tools/lib/bpf/Makefile | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/tools/bpf/Makefile b/tools/bpf/Makefile index fbf5e4a0cb9c..5d1995fd369c 100644 --- a/tools/bpf/Makefile +++ b/tools/bpf/Makefile @@ -12,7 +12,11 @@ INSTALL ?= install CFLAGS += -Wall -O2 CFLAGS += -D__EXPORTED_HEADERS__ -I$(srctree)/include/uapi -I$(srctree)/include -ifeq ($(srctree),) +# This will work when bpf is built in tools env. where srctree +# isn't set and when invoked from selftests build, where srctree +# is set to ".". building_out_of_srctree is undefined for in srctree +# builds +ifndef building_out_of_srctree srctree := $(patsubst %/,%,$(dir $(CURDIR))) srctree := $(patsubst %/,%,$(dir $(srctree))) endif diff --git a/tools/lib/bpf/Makefile b/tools/lib/bpf/Makefile index c6f94cffe06e..20772663d3e1 100644 --- a/tools/lib/bpf/Makefile +++ b/tools/lib/bpf/Makefile @@ -8,7 +8,11 @@ LIBBPF_MAJOR_VERSION := $(firstword $(subst ., ,$(LIBBPF_VERSION))) MAKEFLAGS += --no-print-directory -ifeq ($(srctree),) +# This will work when bpf is built in tools env. where srctree +# isn't set and when invoked from selftests build, where srctree +# is a ".". building_out_of_srctree is undefined for in srctree +# builds +ifndef building_out_of_srctree srctree := $(patsubst %/,%,$(dir $(CURDIR))) srctree := $(patsubst %/,%,$(dir $(srctree))) srctree := $(patsubst %/,%,$(dir $(srctree))) -- 2.20.1

5 years, 9 months

4
6
0 0

[PATCH v3 0/2] selftests: fix prepending $(OUTPUT) to $(TEST_PROGS)

by Ilya Leoshkevich

This patch series fixes the following problem: linux# make kselftest TARGETS=bpf O=/mnt/linux-build # selftests: bpf: test_libbpf.sh # ./test_libbpf.sh: line 23: ./test_libbpf_open: No such file or directory # test_libbpf: failed at file test_l4lb.o # selftests: test_libbpf [FAILED] Patch 1 appends / to $(OUTPUT) in order to make it more uniform with the rest of the tree. Patch 2 fixes the problem by prepending $(OUTPUT) to all members of $(TEST_PROGS). v1->v2: - Append / to $(OUTPUT). - Use $(addprefix) instead of $(foreach). v2->v3: - Split the patch in two. - Improve the commit message. Ilya Leoshkevich (2): selftests: append / to $(OUTPUT) selftests: fix prepending $(OUTPUT) to $(TEST_PROGS) tools/testing/selftests/Makefile | 16 ++++++++-------- tools/testing/selftests/lib.mk | 3 ++- 2 files changed, 10 insertions(+), 9 deletions(-) -- 2.23.0

5 years, 9 months

1
2
0 0

[PATCH v2] selftests: fix prepending $(OUTPUT) to $(TEST_PROGS)

by Ilya Leoshkevich

The current logic prepends $(OUTPUT) only to the first member of $(TEST_PROGS). Use $(addprefix) to prepend it to each member. Also, $(OUTPUT) is assumed to end with a / almost everywhere else in the kernel, make this the case for kselftest as well. Fixes: 1a940687e424 ("selftests: lib.mk: copy test scripts and test files for make O=dir run") Signed-off-by: Ilya Leoshkevich <iii(a)linux.ibm.com> --- v1->v2: - Append / to $(OUTPUT). - Use $(addprefix) instead of $(foreach). tools/testing/selftests/Makefile | 16 ++++++++-------- tools/testing/selftests/lib.mk | 3 ++- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index c3feccb99ff5..49bcd066907e 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -136,31 +136,31 @@ all: khdr @for TARGET in $(TARGETS); do \ BUILD_TARGET=$$BUILD/$$TARGET; \ mkdir $$BUILD_TARGET -p; \ - $(MAKE) OUTPUT=$$BUILD_TARGET -C $$TARGET;\ + $(MAKE) OUTPUT=$$BUILD_TARGET/ -C $$TARGET;\ done; run_tests: all @for TARGET in $(TARGETS); do \ BUILD_TARGET=$$BUILD/$$TARGET; \ - $(MAKE) OUTPUT=$$BUILD_TARGET -C $$TARGET run_tests;\ + $(MAKE) OUTPUT=$$BUILD_TARGET/ -C $$TARGET run_tests;\ done; hotplug: @for TARGET in $(TARGETS_HOTPLUG); do \ BUILD_TARGET=$$BUILD/$$TARGET; \ - $(MAKE) OUTPUT=$$BUILD_TARGET -C $$TARGET;\ + $(MAKE) OUTPUT=$$BUILD_TARGET/ -C $$TARGET;\ done; run_hotplug: hotplug @for TARGET in $(TARGETS_HOTPLUG); do \ BUILD_TARGET=$$BUILD/$$TARGET; \ - $(MAKE) OUTPUT=$$BUILD_TARGET -C $$TARGET run_full_test;\ + $(MAKE) OUTPUT=$$BUILD_TARGET/ -C $$TARGET run_full_test;\ done; clean_hotplug: @for TARGET in $(TARGETS_HOTPLUG); do \ BUILD_TARGET=$$BUILD/$$TARGET; \ - $(MAKE) OUTPUT=$$BUILD_TARGET -C $$TARGET clean;\ + $(MAKE) OUTPUT=$$BUILD_TARGET/ -C $$TARGET clean;\ done; run_pstore_crash: @@ -184,7 +184,7 @@ ifdef INSTALL_PATH install -m 744 kselftest/prefix.pl $(INSTALL_PATH)/kselftest/ @for TARGET in $(TARGETS); do \ BUILD_TARGET=$$BUILD/$$TARGET; \ - $(MAKE) OUTPUT=$$BUILD_TARGET -C $$TARGET INSTALL_PATH=$(INSTALL_PATH)/$$TARGET install; \ + $(MAKE) OUTPUT=$$BUILD_TARGET/ -C $$TARGET INSTALL_PATH=$(INSTALL_PATH)/$$TARGET install; \ done; @# Ask all targets to emit their test scripts @@ -203,7 +203,7 @@ ifdef INSTALL_PATH echo "[ -w /dev/kmsg ] && echo \"kselftest: Running tests in $$TARGET\" >> /dev/kmsg" >> $(ALL_SCRIPT); \ echo "cd $$TARGET" >> $(ALL_SCRIPT); \ echo -n "run_many" >> $(ALL_SCRIPT); \ - $(MAKE) -s --no-print-directory OUTPUT=$$BUILD_TARGET -C $$TARGET emit_tests >> $(ALL_SCRIPT); \ + $(MAKE) -s --no-print-directory OUTPUT=$$BUILD_TARGET/ -C $$TARGET emit_tests >> $(ALL_SCRIPT); \ echo "" >> $(ALL_SCRIPT); \ echo "cd \$$ROOT" >> $(ALL_SCRIPT); \ done; @@ -216,7 +216,7 @@ endif clean: @for TARGET in $(TARGETS); do \ BUILD_TARGET=$$BUILD/$$TARGET; \ - $(MAKE) OUTPUT=$$BUILD_TARGET -C $$TARGET clean;\ + $(MAKE) OUTPUT=$$BUILD_TARGET/ -C $$TARGET clean;\ done; .PHONY: khdr all run_tests hotplug run_hotplug clean_hotplug run_pstore_crash install clean diff --git a/tools/testing/selftests/lib.mk b/tools/testing/selftests/lib.mk index 1c8a1963d03f..27a97a1b4e9e 100644 --- a/tools/testing/selftests/lib.mk +++ b/tools/testing/selftests/lib.mk @@ -75,7 +75,8 @@ ifdef building_out_of_srctree @rsync -aq $(TEST_PROGS) $(TEST_PROGS_EXTENDED) $(TEST_FILES) $(OUTPUT) fi @if [ "X$(TEST_PROGS)" != "X" ]; then - $(call RUN_TESTS, $(TEST_GEN_PROGS) $(TEST_CUSTOM_PROGS) $(OUTPUT)/$(TEST_PROGS)) + $(call RUN_TESTS, $(TEST_GEN_PROGS) $(TEST_CUSTOM_PROGS) \ + $(addprefix $(OUTPUT),$(TEST_PROGS))) else $(call RUN_TESTS, $(TEST_GEN_PROGS) $(TEST_CUSTOM_PROGS)) fi -- 2.21.0

5 years, 9 months

2
2
0 0

[PATCH] selftests: update .gitignore files for selftests/bpf and selftests/zram

by Anatoly Pugachev

selftests: update .gitignore files for selftests/bpf and selftests/zram Signed-off-by: Anatoly Pugachev <matorola(a)gmail.com> --- tools/testing/selftests/bpf/.gitignore | 4 ++++ tools/testing/selftests/zram/.gitignore | 1 + 2 files changed, 5 insertions(+) create mode 100644 tools/testing/selftests/zram/.gitignore diff --git a/tools/testing/selftests/bpf/.gitignore b/tools/testing/selftests/bpf/.gitignore index 7470327edcfe..218ac37f460a 100644 --- a/tools/testing/selftests/bpf/.gitignore +++ b/tools/testing/selftests/bpf/.gitignore @@ -15,6 +15,9 @@ test_libbpf_open test_sock test_sock_addr test_sock_fields +test_sockopt +test_sockopt_multi +test_sockopt_sk urandom_read test_btf test_sockmap @@ -32,6 +35,7 @@ test_section_names test_tcpnotify_user test_libbpf test_tcp_check_syncookie_user +test_tcp_rtt test_sysctl alu32 libbpf.pc diff --git a/tools/testing/selftests/zram/.gitignore b/tools/testing/selftests/zram/.gitignore new file mode 100644 index 000000000000..b4a2cb6fafa6 --- /dev/null +++ b/tools/testing/selftests/zram/.gitignore @@ -0,0 +1 @@ +err.log -- 2.23.0

5 years, 9 months

3
3
0 0

[PATCH 0/2] Simplify kselftest build and install use-cases

by Shuah Khan

This patch series simplifies kselftest use-cases and addresses requests from developers and testers to add support for building and installing from the main Makefile. Shuah Khan (2): Makefile: Add kselftest_build target to build tests selftests: Add kselftest_install target to main Makefile Makefile | 8 ++++++++ tools/testing/selftests/Makefile | 8 ++++++-- tools/testing/selftests/kselftest_install.sh | 4 ++-- 3 files changed, 16 insertions(+), 4 deletions(-) -- 2.20.1

5 years, 9 months

2
4
0 0

[GIT PULL] Kselftest update for Linux 5.4-rc1

by Shuah Khan

Hi Linus, Please pull the following Kselftest update for Linux 5.4-rc1. This Kselftest update for Linux 5.4-rc1 consists of several fixes to existing tests. diff is attached. This pull has just the ksleftest patches I sent in my previous pull request. I dropped the KUnit patches and rebased. I will send another pull request for the KUnit work later on this week. Please note that there is conflict between tools/testing/selftests/tpm2/Makefile between commit: 3fb2179b0f3553a ("selftests/tpm2: Add the missing TEST_FILES assignment") from the tpmdd tree and commit: d04e26067d13f01 ("selftests: tpm2: install python files") Please take the fix from kselftest tree which is the correct version for this change. d04e26067d13f01 ("selftests: tpm2: install python files") Please let me know if you have any questions and/or concerns. thanks, -- Shuah ---------------------------------------------------------------- The following changes since commit d1abaeb3be7b5fa6d7a1fbbd2e14e3310005c4c1: Linux 5.3-rc5 (2019-08-18 14:31:08 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-5.4-rc1.1 for you to fetch changes up to 721cb3c8bc8890e824b7be53bf951960ff7811f9: selftests: tpm2: install python files (2019-09-23 08:33:16 -0600) ---------------------------------------------------------------- linux-kselftest-5.4-rc1.1 This Kselftest update for Linux 5.4-rc1 consists of fixes to existing tests. ---------------------------------------------------------------- Anders Roxell (2): selftests: livepatch: add missing fragments to config selftests: tpm2: install python files George G. Davis (2): selftests: watchdog: Add optional file argument selftests: watchdog: cleanup whitespace in usage options Ilya Leoshkevich (1): selftests: use "$(MAKE)" instead of "make" Masanari Iida (1): selftest/ftrace: Fix typo in trigger-snapshot.tc Tycho Andersen (1): selftests/seccomp: fix build on older kernels tools/testing/selftests/Makefile | 22 ++++++------ .../ftrace/test.d/trigger/trigger-snapshot.tc | 2 +- tools/testing/selftests/livepatch/config | 2 ++ tools/testing/selftests/seccomp/seccomp_bpf.c | 5 +++ tools/testing/selftests/tpm2/Makefile | 1 + tools/testing/selftests/watchdog/watchdog-test.c | 41 +++++++++++++++------- 6 files changed, 48 insertions(+), 25 deletions(-) ----------------------------------------------------------------

5 years, 9 months

2
1
0 0

[PATCH 0/3] selftests: netfilter: introduce test cases for ipvs

by Haishuang Yan

This series patch include test cases for ipvs. The test topology is who as below: +--------------------------------------------------------------+ | | | | ns0 | ns1 | | ----------- | ----------- ----------- | | | veth01 | --------- | veth10 | | veth12 | | | ----------- peer ----------- ----------- | | | | | | | ----------- | | | | | br0 | |----------------- peer |--------------| | ----------- | | | | | | | | | ---------- peer ---------- ----------- | | | veth02 | --------- | veth20 | | veth12 | | | ---------- | ---------- ----------- | | | ns2 | | | | +--------------------------------------------------------------+ Test results: # selftests: netfilter: ipvs.sh # Testing DR mode... # Testing NAT mode... # Testing Tunnel mode... # ipvs.sh: PASS ok 6 selftests: netfilter: ipvs.sh Haishuang Yan (3): selftests: netfilter: add ipvs test script selftests: netfilter: add ipvs nat test case selftests: netfilter: add ipvs tunnel test case tools/testing/selftests/netfilter/Makefile | 2 +- tools/testing/selftests/netfilter/ipvs.sh | 230 +++++++++++++++++++++++++++++ 2 files changed, 231 insertions(+), 1 deletion(-) create mode 100755 tools/testing/selftests/netfilter/ipvs.sh -- 1.8.3.1

5 years, 9 months

2
4
0 0

[PATCH v2 0/2] Fix KSFT toplevel makefile behaviour

by Cristian Marussi

Hi so this series carries two small fixes to the toplevel KSelfTest makefile which I found useful especially while attempting to run the suite in automation. [1/2] While it is already possible to specify a limited list of TARGETS to run, it is not instead easily possible to state a list of targets NOT to run (say due to specific instability issues). Moreover providing such a skip list through a stripped down list of TARGETS it is cumbersome and fragile since this poses the risk to stick to an old stale stripped TARGETS list once upstream decides to add more default targets. A new SKIP_TARGETS Makefile variable is provided by this patch to easily specify a skiplist for target subsystems. [2/2] Currently when some target fails to build, KSFT Makefile just carries on building as much subsystems as it can: unfortunately this is not properly reflected also in the generation of the runlist inside run_kselftest.sh. This patch rectifies this behaviour checking for the existence of a target directory in the INSTALL_PATH before adding the related snippet to the run_kselftest.sh script. Thanks Cristian Changelog v1 --> v2 - added Documentation - various typos fixed - added a proper override when filtering-out SKIP_TARGETS from TARGETS to make it work also when TARGETS is provided too from the cmdline Cristian Marussi (2): kselftest: add capability to skip chosen TARGETS kselftest: exclude failed TARGETS from runlist Documentation/dev-tools/kselftest.rst | 11 +++++++++++ tools/testing/selftests/Makefile | 11 +++++++++++ 2 files changed, 22 insertions(+) -- 2.17.1

5 years, 9 months

1
2
0 0

bug in KBUILD_OUTPUT handling - for relative paths in kselftest

by Tim.Bird＠sony.com

I found a bug in kselftest KBUILD_OUTPUT handling. The following works: $ cd /home/tbird/work/linux $ export KBUILD_OUTPUT=/home/tbird/work/kbuild $ yes '' | make localmodconfig $ make TARGETS=size kselftest But this doesn't work: $ cd /home/tbird/work/linux $ export KBUILD_OUTPUT=../kbuild $ yes '' | make localmodconfig $ make TARGETS=size kselftest I see the following: make[1]: Entering directory '/home/tbird/work/kbuild' make --no-builtin-rules INSTALL_HDR_PATH=$BUILD/usr \ ARCH=x86 -C ../../.. headers_install INSTALL ../kbuild/kselftest/usr/include gcc -static -ffreestanding -nostartfiles -s get_size.c -o ../kbuild/kselftest/size/get_size /usr/bin/ld: cannot open output file ../kbuild/kselftest/size/get_size: No such file or directory collect2: error: ld returned 1 exit status ../lib.mk:138: recipe for target '../kbuild/kselftest/size/get_size' failed make[3]: *** [../kbuild/kselftest/size/get_size] Error 1 Makefile:136: recipe for target 'all' failed make[2]: *** [all] Error 2 /home/tbird/work/linux/Makefile:1240: recipe for target 'kselftest' failed make[1]: *** [kselftest] Error 2 make[1]: Leaving directory '/home/tbird/work/kbuild' Makefile:179: recipe for target 'sub-make' failed make: *** [sub-make] Error 2 This is due to the relative path for KBUILD_OUTPUT being handled incorrectly (I believe) in tools/testing/selftests/Makefile. There are these lines in the Makefile, which are responsible for creating the output directory: BUILD_TARGET=$$BUILD/$$TARGET mkdir $$BUILD_TARGET -p But these are executed from working directory tools/testing/selftests, so the 'size' directory gets created at tools/testing/kbuild/kselftest/size, instead of /home/tbird/work/kbuild/kselftest/size. I can add some code to the Makefile to change the assignment of the variable BUILD, so that if it is a relative path it is relative to $(top_srcdir) instead of the current directory. But I wanted to check and make sure that I'm not breaking anyone else's workflow. I'm not sure what the expectation would be for someone who did this: $ export KBUILD_OUTPUT=../kbuild ; make -C tools/testing/selftests run_tests But I assume if someone is running the kernel's 'make' from the top-level kernel source directory, and they have a relative KBUILD_OUTPUT directory, then they want that output directory to be relative to the top-level directory and not somewhere else. Should I just code up something for review? I use relative KBUILD_OUTPUT paths for a number of my kernel build scripts, and right now these are incompatible with kselftests. Thanks, -- Tim

5 years, 9 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror