- Linux-kselftest-mirror - lists.linaro.org

[PATCH v2 0/3] selftests/resctrl: Add Hygon CPUs support and bug fixes

by Xiaochen Shen

The resctrl selftest currently exhibits several failures on Hygon CPUs due to missing vendor detection and edge-case handling specific to Hygon's architecture. This patch series addresses three distinct issues: 1. Missing CPU vendor detection, causing the test to fail with "# Can not get vendor info..." on Hygon CPUs. 2. A division-by-zero crash in SNC detection on Hygon CPUs. 3. Incorrect handling of non-contiguous CBM support on Hygon CPUs. These changes enable resctrl selftest to run successfully on Hygon CPUs that support Platform QoS features. Changelog: v2: - Patch 1: switch all of the vendor id bitmasks to use BIT() (Reinette) - Patch 2: add Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> - Patch 3: add Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> add a maintainer note to highlight it is not a candidate for backport (Reinette) Xiaochen Shen (3): selftests/resctrl: Add CPU vendor detection for Hygon selftests/resctrl: Fix a division by zero error on Hygon selftests/resctrl: Fix non-contiguous CBM check for Hygon tools/testing/selftests/resctrl/cat_test.c | 4 ++-- tools/testing/selftests/resctrl/resctrl.h | 6 ++++-- tools/testing/selftests/resctrl/resctrl_tests.c | 2 ++ tools/testing/selftests/resctrl/resctrlfs.c | 10 ++++++++++ 4 files changed, 18 insertions(+), 4 deletions(-) -- 2.47.3

13 hours

3
13
0 0

[PATCH v2 00/13] selftests: Fix build warnings and errors

by Guenter Roeck

This series fixes build warnings and errors observed when trying to build selftests. v2: Emphasize that the patch series fixes build warnings and errors which are seen even if -Werror is not provided. Fix usage of cc-option. For "ignoring return value" warnings, use perror() to display an error message if the affected function returns an error. ---------------------------------------------------------------- Guenter Roeck (13): clone3: clone3_cap_checkpoint_restore: Fix build warnings selftests: ntsync: Fix build warnings selftests/filesystems: fclog: Fix build warnings and errors selftests/filesystems: file_stressor: Fix build warning selftests/filesystems: anon_inode_test: Fix build warning selftest: af_unix: Support compilers without flex-array-member-not-at-end support selftest/futex: Comment out test_futex_mpol selftests: net: netlink-dumps: Avoid uninitialized variable warning selftests/seccomp: Fix build warning selftests: net: Fix build warnings selftests/fs/mount-notify: Fix build warning selftests/fs/mount-notify-ns: Fix build warning selftests: net: tfo: Fix build warning tools/testing/selftests/clone3/clone3_cap_checkpoint_restore.c | 4 ---- tools/testing/selftests/drivers/ntsync/ntsync.c | 4 ++-- tools/testing/selftests/filesystems/anon_inode_test.c | 1 + tools/testing/selftests/filesystems/fclog.c | 1 + tools/testing/selftests/filesystems/file_stressor.c | 2 -- .../testing/selftests/filesystems/mount-notify/mount-notify_test.c | 3 ++- .../selftests/filesystems/mount-notify/mount-notify_test_ns.c | 3 ++- tools/testing/selftests/futex/functional/futex_numa_mpol.c | 2 ++ tools/testing/selftests/net/af_unix/Makefile | 7 ++++++- tools/testing/selftests/net/lib/ksft.h | 6 ++++-- tools/testing/selftests/net/netlink-dumps.c | 2 +- tools/testing/selftests/net/tfo.c | 3 ++- tools/testing/selftests/seccomp/seccomp_bpf.c | 3 ++- 13 files changed, 25 insertions(+), 16 deletions(-)

23 hours, 43 minutes

4
17
0 0

[PATCH v5 0/3] selftests: cgroup: Enhance robustness with polling helpers

by Guopeng Zhang

Hi all, This patch series introduces improvements to the cgroup selftests by adding a helper function to better handle asynchronous updates in cgroup statistics. These changes are especially useful for managing cgroup stats like memory.stat and cgroup.stat, which can be affected by delays (e.g., RCU callbacks and asynchronous rstat flushing). Patch 1/3 adds cg_read_key_long_poll(), a generic helper to poll a numeric key in a cgroup file until it reaches an expected value or a retry limit is hit. Patches 2/3 and 3/3 convert existing tests to use this helper, making them more robust on busy systems. v5: - Drop the "/* 3s total */" comment from MEMCG_SOCKSTAT_WAIT_RETRIES as suggested by Shakeel, so it does not become stale if the wait interval changes. - Elaborate in the commit message of patch 3/3 on the rationale behind the 8s timeout in test_kmem_dead_cgroups(), and add a comment next to KMEM_DEAD_WAIT_RETRIES explaining that it is a generous upper bound derived from stress testing and not tied to a specific kernel constant. - Add Reviewed-by: Shakeel Butt <shakeel.butt(a)linux.dev> to this series. - Link to v4: https://lore.kernel.org/all/20251124123816.486164-1-zhangguopeng@kylinos.cn/ v4: - Patch 1/3: Add the cg_read_key_long_poll() helper to poll cgroup keys with retries and configurable intervals. - Patch 2/3: Update test_memcg_sock() to use cg_read_key_long_poll() for handling delayed "sock " counter updates in memory.stat. - Patch 3/3: Replace the sleep-and-retry logic in test_kmem_dead_cgroups() with cg_read_key_long_poll() for waiting on nr_dying_descendants. - Link to v3: https://lore.kernel.org/all/p655qedqjaakrnqpytc6dltejfluxo6jrffcltfz2ivonmk… v3: - Move MEMCG_SOCKSTAT_WAIT_* defines after the #include block as suggested. - Link to v2: https://lore.kernel.org/all/5ad2b75f-748a-4e93-8d11-63295bda0cbf@linux.dev/ v2: - Clarify the rationale for the 3s timeout and mention the periodic rstat flush interval (FLUSH_TIME = 2 * HZ) in the comment. - Replace hardcoded retry count and wait interval with macros to avoid magic numbers and make the timeout calculation explicit. - Link to v1: https://lore.kernel.org/all/20251119122758.85610-1-ioworker0@gmail.com/ Thanks to Michal Koutný for the suggestion, and to Lance Yang and Shakeel Butt for their reviews and feedback. Guopeng Zhang (3): selftests: cgroup: Add cg_read_key_long_poll() to poll a cgroup key with retries selftests: cgroup: make test_memcg_sock robust against delayed sock stats selftests: cgroup: Replace sleep with cg_read_key_long_poll() for waiting on nr_dying_descendants .../selftests/cgroup/lib/cgroup_util.c | 21 ++++++++++++ .../cgroup/lib/include/cgroup_util.h | 5 +++ tools/testing/selftests/cgroup/test_kmem.c | 33 +++++++++---------- .../selftests/cgroup/test_memcontrol.c | 20 ++++++++++- 4 files changed, 60 insertions(+), 19 deletions(-) -- 2.25.1

1 day

3
7
0 0

[PATCH v3 0/1] cpuset: relax the overlap check for cgroup-v2

by Sun Shaojie

In cgroup v2, a mutual overlap check is required when at least one of two cpusets is exclusive. However, this check should be relaxed and limited to cases where both cpusets are exclusive. This patch ensures that for sibling cpusets A1 (exclusive) and B1 (non-exclusive), change B1 cannot affect A1's exclusivity. for example. Assume a machine has 4 CPUs (0-3). root cgroup / \ A1 B1 Case 1: Table 1.1: Before applying the patch Step | A1's prstate | B1'sprstate | #1> echo "0-1" > A1/cpuset.cpus | member | member | #2> echo "root" > A1/cpuset.cpus.partition | root | member | #3> echo "0" > B1/cpuset.cpus | root invalid | member | After step #3, A1 changes from "root" to "root invalid" because its CPUs (0-1) overlap with those requested by B1 (0-3). However, B1 can actually use CPUs 2-3(from B1's parent), so it would be more reasonable for A1 to remain as "root." Table 1.2: After applying the patch Step | A1's prstate | B1'sprstate | #1> echo "0-1" > A1/cpuset.cpus | member | member | #2> echo "root" > A1/cpuset.cpus.partition | root | member | #3> echo "0" > B1/cpuset.cpus | root | member | Case 2: (This situation remains unchanged from before) Table 2.1: Before applying the patch Step | A1's prstate | B1'sprstate | #1> echo "0-1" > A1/cpuset.cpus | member | member | #3> echo "1-2" > B1/cpuset.cpus | member | member | #2> echo "root" > A1/cpuset.cpus.partition | root invalid | member | Table 2.2: After applying the patch Step | A1's prstate | B1'sprstate | #1> echo "0-1" > A1/cpuset.cpus | member | member | #3> echo "1-2" > B1/cpuset.cpus | member | member | #2> echo "root" > A1/cpuset.cpus.partition | root invalid | member | All other cases remain unaffected. For example, cgroup-v1, both A1 and B1 are exclusive or non-exlusive. --- v3 -> v4: - Adjust the test_cpuset_prt.sh test file to align with the current behavior. v2 -> v3: - Ensure compliance with constraints such as cpuset.cpus.exclusive. - Link: https://lore.kernel.org/cgroups/20251113131434.606961-1-sunshaojie@kylinos.… v1 -> v2: - Keeps the current cgroup v1 behavior unchanged - Link: https://lore.kernel.org/cgroups/c8e234f4-2c27-4753-8f39-8ae83197efd3@redhat… --- kernel/cgroup/cpuset-internal.h | 3 ++ kernel/cgroup/cpuset-v1.c | 20 +++++++++ kernel/cgroup/cpuset.c | 43 ++++++++++++++----- .../selftests/cgroup/test_cpuset_prs.sh | 5 ++- 4 files changed, 58 insertions(+), 13 deletions(-) -- 2.25.1

1 day, 4 hours

4
40
0 0

[PATCH bpf-next v2 0/2] bpf: cpumap: improve error propagation in cpu_map_update_elem()

by Kohei Enju

This series improves error propagation in cpumap and adds selftests that cover the failure cases. Currently, failures returned from __cpu_map_entry_alloc() are ignored and always converted to -ENOMEM by cpu_map_update_elem(). This series ensures the correct error propagation and adds selftests. Changes: v2: - send to bpf-next, not to bpf - drop Fixes: tag v1: https://lore.kernel.org/bpf/20251128160504.57844-1-enjuk@amazon.com/ Kohei Enju (2): bpf: cpumap: propagate underlying error in cpu_map_update_elem() selftests/bpf: add tests for attaching invalid fd kernel/bpf/cpumap.c | 21 ++++++++++++------- .../bpf/prog_tests/xdp_cpumap_attach.c | 19 +++++++++++++++-- 2 files changed, 30 insertions(+), 10 deletions(-) -- 2.51.0

1 day, 4 hours

2
4
0 0

[PATCH v8 00/13] Direct Map Removal Support for guest_memfd

by Kalyazin, Nikita

[ based on kvm/next ] Unmapping virtual machine guest memory from the host kernel's direct map is a successful mitigation against Spectre-style transient execution issues: if the kernel page tables do not contain entries pointing to guest memory, then any attempted speculative read through the direct map will necessarily be blocked by the MMU before any observable microarchitectural side-effects happen. This means that Spectre-gadgets and similar cannot be used to target virtual machine memory. Roughly 60% of speculative execution issues fall into this category [1, Table 1]. This patch series extends guest_memfd with the ability to remove its memory from the host kernel's direct map, to be able to attain the above protection for KVM guests running inside guest_memfd. Additionally, a Firecracker branch with support for these VMs can be found on GitHub [2]. For more details, please refer to the v5 cover letter. No substantial changes in design have taken place since. See also related write() syscall support in guest_memfd [3] where the interoperation between the two features is described. Changes since v7: - David: separate patches for adding x86 and ARM support - Dave/Will: drop support for disabling TLB flushes v7: https://lore.kernel.org/kvm/20250924151101.2225820-1-patrick.roy@campus.lmu… v6: https://lore.kernel.org/kvm/20250912091708.17502-1-roypat@amazon.co.uk v5: https://lore.kernel.org/kvm/20250828093902.2719-1-roypat@amazon.co.uk v4: https://lore.kernel.org/kvm/20250221160728.1584559-1-roypat@amazon.co.uk RFCv3: https://lore.kernel.org/kvm/20241030134912.515725-1-roypat@amazon.co.uk RFCv2: https://lore.kernel.org/kvm/20240910163038.1298452-1-roypat@amazon.co.uk RFCv1: https://lore.kernel.org/kvm/20240709132041.3625501-1-roypat@amazon.co.uk [1] https://download.vusec.net/papers/quarantine_raid23.pdf [2] https://github.com/firecracker-microvm/firecracker/tree/feature/secret-hidi… [3] https://lore.kernel.org/kvm/20251114151828.98165-1-kalyazin@amazon.com Patrick Roy (13): x86: export set_direct_map_valid_noflush to KVM module x86/tlb: export flush_tlb_kernel_range to KVM module mm: introduce AS_NO_DIRECT_MAP KVM: guest_memfd: Add stub for kvm_arch_gmem_invalidate KVM: guest_memfd: Add flag to remove from direct map KVM: x86: define kvm_arch_gmem_supports_no_direct_map() KVM: arm64: define kvm_arch_gmem_supports_no_direct_map() KVM: selftests: load elf via bounce buffer KVM: selftests: set KVM_MEM_GUEST_MEMFD in vm_mem_add() if guest_memfd != -1 KVM: selftests: Add guest_memfd based vm_mem_backing_src_types KVM: selftests: cover GUEST_MEMFD_FLAG_NO_DIRECT_MAP in existing selftests KVM: selftests: stuff vm_mem_backing_src_type into vm_shape KVM: selftests: Test guest execution from direct map removed gmem Documentation/virt/kvm/api.rst | 22 ++++--- arch/arm64/include/asm/kvm_host.h | 13 ++++ arch/x86/include/asm/kvm_host.h | 9 +++ arch/x86/include/asm/tlbflush.h | 3 +- arch/x86/mm/pat/set_memory.c | 1 + arch/x86/mm/tlb.c | 1 + include/linux/kvm_host.h | 14 ++++ include/linux/pagemap.h | 16 +++++ include/linux/secretmem.h | 18 ------ include/uapi/linux/kvm.h | 1 + lib/buildid.c | 4 +- mm/gup.c | 19 ++---- mm/mlock.c | 2 +- mm/secretmem.c | 8 +-- .../testing/selftests/kvm/guest_memfd_test.c | 17 ++++- .../testing/selftests/kvm/include/kvm_util.h | 37 ++++++++--- .../testing/selftests/kvm/include/test_util.h | 8 +++ tools/testing/selftests/kvm/lib/elf.c | 8 +-- tools/testing/selftests/kvm/lib/io.c | 23 +++++++ tools/testing/selftests/kvm/lib/kvm_util.c | 59 +++++++++-------- tools/testing/selftests/kvm/lib/test_util.c | 8 +++ tools/testing/selftests/kvm/lib/x86/sev.c | 1 + .../selftests/kvm/pre_fault_memory_test.c | 1 + .../selftests/kvm/set_memory_region_test.c | 52 +++++++++++++-- .../kvm/x86/private_mem_conversions_test.c | 7 +- virt/kvm/guest_memfd.c | 64 +++++++++++++++++-- 26 files changed, 314 insertions(+), 102 deletions(-) base-commit: e0c26d47def7382d7dbd9cad58bc653aed75737a -- 2.50.1

1 day, 10 hours

5
21
0 0

[PATCH bpf-next v3 0/6] Add cryptographic hash and signature verification kfuncs to BPF

by Daniel Hodges

This series extends BPF's cryptographic capabilities by adding kfuncs for SHA hashing and ECDSA signature verification. These functions enable BPF programs to perform cryptographic operations for use cases such as content verification, integrity checking, and data authentication. BPF programs increasingly need to verify data integrity and authenticity in networking, security, and observability contexts. While BPF already supports symmetric encryption/decryption, it lacks support for: 1. Cryptographic hashing - needed for content verification, fingerprinting, and preparing message digests for signature operations 2. Asymmetric signature verification - needed to verify signed data without requiring the signing key in the datapath These capabilities enable use cases such as: - Verifying signed network packets or application data in XDP/TC programs - Implementing integrity checks in tracing and security monitoring - Building zero-trust security models where BPF programs verify credentials - Content-addressed storage and deduplication in BPF-based filesystems Implementation: The implementation follows BPF's existing crypto patterns: 1. Uses bpf_dynptr for safe memory access without page fault risks 2. Leverages the kernel's existing crypto library (lib/crypto/sha256.c and crypto/ecdsa.c) rather than reimplementing algorithms 3. Provides context-based API for ECDSA to enable key reuse and support multiple program types (syscall, XDP, TC) 4. Includes comprehensive selftests with NIST test vectors Patch 1: bpf: Extend bpf_crypto_type with hash operations - Adds hash operation callbacks to bpf_crypto_type structure - Adds hash() and digestsize() function pointers - Must come before crypto module to maintain bisectability Patch 2: crypto: Add BPF hash algorithm type registration module - Adds bpf_crypto_shash module in crypto/ subsystem - Registers hash type with BPF crypto infrastructure - Enables hash algorithm access through unified bpf_crypto_type interface - Implements callbacks: alloc_tfm, free_tfm, hash, digestsize, get_flags - Manages shash_desc lifecycle internally Patch 3: bpf: Add SHA hash kfunc for cryptographic hashing - Adds bpf_crypto_hash() kfunc for SHA-256/384/512 - Updates bpf_crypto_ctx_create() to support keyless operations - Protected by CONFIG_CRYPTO_HASH2 guards - Uses kernel's crypto library implementations - Fixed u64 types for dynptr sizes to prevent truncation Patch 4: selftests/bpf: Add tests for bpf_crypto_hash kfunc - Tests basic functionality with NIST "abc" test vectors - Validates error handling for invalid parameters (zero-length input) - Ensures correct hash output for SHA-256, SHA-384, and SHA-512 - Adds CONFIG_CRYPTO_HASH2 and CONFIG_CRYPTO_SHA512 to selftest config - Refactored test setup code to reduce duplication Patch 5: bpf: Add ECDSA signature verification kfuncs - Context-based API: bpf_ecdsa_ctx_create/acquire/release pattern - Supports NIST curves (P-256, P-384, P-521) - Adds bpf_ecdsa_verify() for signature verification - Includes size query functions: keysize, digestsize, maxsize - Enables use in non-sleepable contexts via pre-allocated contexts - Uses crypto_sig API with p1363 format (r || s signatures) Patch 6: selftests/bpf: Add tests for ECDSA signature verification - Tests valid signature acceptance with RFC 6979 test vectors for P-256 - Tests invalid signature rejection - Tests size query functions (keysize, digestsize, maxsize) - Uses well-known NIST test vectors with "sample" message - Adds CONFIG_CRYPTO_ECDSA to selftest config v2: - Fixed redundant __bpf_dynptr_is_rdonly() checks (Vadim) - Added BPF hash algorithm type registration module in crypto/ subsystem - Added CONFIG_CRYPTO_HASH2 guards around bpf_crypto_hash() kfunc and its BTF registration, matching the pattern used for CONFIG_CRYPTO_ECDSA - Added mandatory digestsize validation for hash operations v3: - Fixed patch ordering - header changes now in separate first commit before crypto module to ensure bisectability (bot+bpf-ci) - Fixed type mismatch - changed u32 to u64 for dynptr sizes in bpf_crypto_hash() to match __bpf_dynptr_size() return type (Mykyta) - Added CONFIG_CRYPTO_ECDSA to selftest config (Song) - Refactored test code duplication with setup_skel() helper (Song) - Added copyright notices to all new files Daniel Hodges (6): bpf: Extend bpf_crypto_type with hash operations crypto: Add BPF hash algorithm type registration module bpf: Add SHA hash kfunc for cryptographic hashing selftests/bpf: Add tests for bpf_crypto_hash kfunc bpf: Add ECDSA signature verification kfuncs selftests/bpf: Add tests for ECDSA signature verification kfuncs crypto/Makefile | 3 + crypto/bpf_crypto_shash.c | 95 ++++++ include/linux/bpf_crypto.h | 2 + kernel/bpf/crypto.c | 306 +++++++++++++++++- tools/testing/selftests/bpf/config | 3 + .../selftests/bpf/prog_tests/crypto_hash.c | 147 +++++++++ .../selftests/bpf/prog_tests/ecdsa_verify.c | 75 +++++ .../testing/selftests/bpf/progs/crypto_hash.c | 142 ++++++++ .../selftests/bpf/progs/ecdsa_verify.c | 160 +++++++++ 9 files changed, 925 insertions(+), 8 deletions(-) create mode 100644 crypto/bpf_crypto_shash.c create mode 100644 tools/testing/selftests/bpf/prog_tests/crypto_hash.c create mode 100644 tools/testing/selftests/bpf/prog_tests/ecdsa_verify.c create mode 100644 tools/testing/selftests/bpf/progs/crypto_hash.c create mode 100644 tools/testing/selftests/bpf/progs/ecdsa_verify.c -- 2.51.0

1 day, 15 hours

2
7
0 0

[PATCH bpf-next v2 0/5] Add cryptographic hash and signature verification kfuncs to BPF

by Daniel Hodges

This series extends BPF's cryptographic capabilities by adding kfuncs for SHA hashing and ECDSA signature verification. These functions enable BPF programs to perform cryptographic operations for use cases such as content verification, integrity checking, and data authentication. BPF programs increasingly need to verify data integrity and authenticity in networking, security, and observability contexts. While BPF already supports symmetric encryption/decryption, it lacks support for: 1. Cryptographic hashing - needed for content verification, fingerprinting, and preparing message digests for signature operations 2. Asymmetric signature verification - needed to verify signed data without requiring the signing key in the datapath These capabilities enable use cases such as: - Verifying signed network packets or application data in XDP/TC programs - Implementing integrity checks in tracing and security monitoring - Building zero-trust security models where BPF programs verify credentials - Content-addressed storage and deduplication in BPF-based filesystems Implementation: The implementation follows BPF's existing crypto patterns: 1. Uses bpf_dynptr for safe memory access without page fault risks 2. Leverages the kernel's existing crypto library (lib/crypto/sha256.c and crypto/ecdsa.c) rather than reimplementing algorithms 3. Provides context-based API for ECDSA to enable key reuse and support multiple program types (syscall, XDP, TC) 4. Includes comprehensive selftests with NIST test vectors Patch 1: crypto: Add BPF hash algorithm type registration module - Adds bpf_crypto_shash module in crypto/ subsystem - Registers hash type with BPF crypto infrastructure - Enables hash algorithm access through unified bpf_crypto_type interface - Implements callbacks: alloc_tfm, free_tfm, hash, digestsize, get_flags - Manages shash_desc lifecycle internally Patch 2: bpf: Add SHA hash kfunc for cryptographic hashing - Adds bpf_crypto_hash() kfunc for SHA-256/384/512 - Extends bpf_crypto_type structure with hash operations - Updates bpf_crypto_ctx_create() to support keyless operations - Protected by CONFIG_CRYPTO_HASH2 guards - Uses kernel's crypto library implementations Patch 3: selftests/bpf: Add tests for bpf_crypto_hash kfunc - Tests basic functionality with NIST "abc" test vectors - Validates error handling for invalid parameters (zero-length input) - Ensures correct hash output for SHA-256, SHA-384, and SHA-512 - Adds CONFIG_CRYPTO_HASH2 and CONFIG_CRYPTO_SHA512 to selftest config Patch 4: bpf: Add ECDSA signature verification kfuncs - Context-based API: bpf_ecdsa_ctx_create/acquire/release pattern - Supports NIST curves (P-256, P-384, P-521) - Adds bpf_ecdsa_verify() for signature verification - Includes size query functions: keysize, digestsize, maxsize - Enables use in non-sleepable contexts via pre-allocated contexts - Uses crypto_sig API with p1363 format (r || s signatures) Patch 5: selftests/bpf: Add tests for ECDSA signature verification - Tests valid signature acceptance with RFC 6979 test vectors for P-256 - Tests invalid signature rejection - Tests size query functions (keysize, digestsize, maxsize) - Uses well-known NIST test vectors with "sample" message v2: - Fixed redundant __bpf_dynptr_is_rdonly() checks (Vadim) - Added BPF hash algorithm type registration module in crypto/ subsystem - Added CONFIG_CRYPTO_HASH2 guards around bpf_crypto_hash() kfunc and its BTF registration, matching the pattern used for CONFIG_CRYPTO_ECDSA - Added mandatory digestsize validation for hash operations Test Results ============ All tests pass on x86_64 for both crypto_hash and ecdsa_verify test suites. Daniel Hodges (5): crypto: Add BPF hash algorithm type registration module bpf: Add SHA hash kfunc for cryptographic hashing selftests/bpf: Add tests for bpf_crypto_hash kfunc bpf: Add ECDSA signature verification kfuncs selftests/bpf: Add tests for ECDSA signature verification kfuncs crypto/Makefile | 3 + crypto/bpf_crypto_shash.c | 94 ++++++ include/linux/bpf_crypto.h | 2 + kernel/bpf/crypto.c | 306 ++++++++++++++++++++- tools/testing/selftests/bpf/config | 2 + .../testing/selftests/bpf/prog_tests/crypto_hash.c | 158 +++++++++++ .../selftests/bpf/prog_tests/ecdsa_verify.c | 74 +++++ tools/testing/selftests/bpf/progs/crypto_hash.c | 141 ++++++++++ tools/testing/selftests/bpf/progs/ecdsa_verify.c | 159 +++++++++++ 9 files changed, 931 insertions(+), 8 deletions(-) create mode 100644 crypto/bpf_crypto_shash.c create mode 100644 tools/testing/selftests/bpf/prog_tests/crypto_hash.c create mode 100644 tools/testing/selftests/bpf/prog_tests/ecdsa_verify.c create mode 100644 tools/testing/selftests/bpf/progs/crypto_hash.c create mode 100644 tools/testing/selftests/bpf/progs/ecdsa_verify.c -- 2.51.0

1 day, 17 hours

5
12
0 0

[PATCH nf-next 0/5] Add IP6IP6 flowtable SW acceleration

by Lorenzo Bianconi

Introduce SW acceleration for IP6IP6 tunnels in the netfilter flowtable infrastructure. --- Lorenzo Bianconi (5): netfilter: Introduce tunnel metadata info in nf_flowtable_ctx struct netfilter: Modify nf_flow_skb_encap_protocol() to return int intead of bool netfilter: flowtable: Add IP6IP6 rx sw acceleration netfilter: flowtable: Add IP6IP6 tx sw acceleration selftests: netfilter: nft_flowtable.sh: Add IP6IP6 flowtable selftest net/ipv6/ip6_tunnel.c | 27 ++ net/netfilter/nf_flow_table_ip.c | 271 +++++++++++++++++---- .../selftests/net/netfilter/nft_flowtable.sh | 62 ++++- 3 files changed, 306 insertions(+), 54 deletions(-) --- base-commit: f8156ef0fd8232055396ebf1e044fa06fb8bc388 change-id: 20251207-b4-flowtable-offload-ip6ip6-8e9a2c6f3a77 Best regards, -- Lorenzo Bianconi <lorenzo(a)kernel.org>

1 day, 19 hours

3
9
0 0

[PATCH] kunit: make FAULT_TEST default to n when PANIC_ON_OOPS

by Brendan Jackman

As describe in the help string, the user might want to disable these tests if they don't like to see stacktraces/BUG etc in their kernel log. However, if they enable PANIC_ON_OOPS, these tests also crash the machine, which it's safe to assume _almost_ nobody wants. One might argue that _absolutely_ nobody ever wants their kernel to crash so this should just be a hard dependency instead of a default. However, since this is rather special code that's anyway concerned with deliberately doing "bad" things, the normal rules don't seem to apply, hence prefer flexibility and allow users to set up a crashing Kconfig if they so choose. Signed-off-by: Brendan Jackman <jackmanb(a)google.com> --- lib/kunit/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kunit/Kconfig b/lib/kunit/Kconfig index 50ecf55d2b9c8a82f2aff7a0b4156bd6179b0a2f..498cc51e493dc9a819e012b8082fb765f25512b9 100644 --- a/lib/kunit/Kconfig +++ b/lib/kunit/Kconfig @@ -28,7 +28,7 @@ config KUNIT_FAULT_TEST bool "Enable KUnit tests which print BUG stacktraces" depends on KUNIT_TEST depends on !UML - default y + default !PANIC_ON_OOPS help Enables fault handling tests for the KUnit framework. These tests may trigger a kernel BUG(), and the associated stack trace, even when they --- base-commit: 7bc16e72ddb993d706f698c2f6cee694e485f557 change-id: 20251207-kunit-fault-no-panic-e9bdce848031 Best regards, -- Brendan Jackman <jackmanb(a)google.com>

2 days, 16 hours

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror