- Linux-kselftest-mirror - lists.linaro.org

[GIT PULL] kunit next update for Linux 6.18-rc1

by Shuah Khan

Hi Linus, Please pull the following kunit next update for Linux 6.18-rc1. A seven patch series adds a new parameterized test features KUnit parameterized tests currently support two primary methods for getting parameters: 1. Defining custom logic within a generate_params() function. 2. Using the KUNIT_ARRAY_PARAM() and KUNIT_ARRAY_PARAM_DESC() macros with a pre-defined static array and passing the created *_gen_params() to KUNIT_CASE_PARAM(). These methods present limitations when dealing with dynamically generated parameter arrays, or in scenarios where populating parameters sequentially via generate_params() is inefficient or overly complex. These limitations are fixed with a parameterized test method. - Fixes issues in kunit build artifacts cleanup, - Fixes parsing skipped test problem in kselftest framework, - Enables PCI on UML without triggering WARN() - a few other fixes and adds support for new configs such as MIPS diff is attached. thanks, -- Shuah ---------------------------------------------------------------- The following changes since commit 8f5ae30d69d7543eee0d70083daf4de8fe15d585: Linux 6.17-rc1 (2025-08-10 19:41:16 +0300) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux_kselftest-kunit-6.18-rc1 for you to fetch changes up to 285cae57a51664cc94e85de0ff994f9965b3aca8: kunit: Extend kconfig help text for KUNIT_UML_PCI (2025-09-16 08:27:09 -0600) ---------------------------------------------------------------- linux_kselftest-kunit-6.18-rc1 - A seven patch series adds a new parameterized test features KUnit parameterized tests currently support two primary methods for getting parameters: 1. Defining custom logic within a generate_params() function. 2. Using the KUNIT_ARRAY_PARAM() and KUNIT_ARRAY_PARAM_DESC() macros with a pre-defined static array and passing the created *_gen_params() to KUNIT_CASE_PARAM(). These methods present limitations when dealing with dynamically generated parameter arrays, or in scenarios where populating parameters sequentially via generate_params() is inefficient or overly complex. These limitations are fixed with a parameterized test method. - Fixes issues in kunit build artifacts cleanup, - Fixes parsing skipped test problem in kselftest framework, - Enables PCI on UML without triggering WARN() - a few other fixes and adds support for new configs such as MIPS ---------------------------------------------------------------- David Gow (1): kunit: tool: Accept --raw_output=full as an alias of 'all' Kaibo Ma (1): rust: kunit: allow `cfg` on `test`s Marie Zhussupova (7): kunit: Add parent kunit for parameterized test context kunit: Introduce param_init/exit for parameterized test context management kunit: Pass parameterized test context to generate_params() kunit: Enable direct registration of parameter arrays to a KUnit test kunit: Add example parameterized test with shared resource management using the Resource API kunit: Add example parameterized test with direct dynamic parameter array setup Documentation: kunit: Document new parameterized test features Thomas Weißschuh (5): kunit: Always descend into kunit directory during build kunit: tool: Parse skipped tests from kselftest.h kunit: Enable PCI on UML without triggering WARN() kunit: qemu_configs: Add MIPS configurations kunit: Extend kconfig help text for KUNIT_UML_PCI Documentation/dev-tools/kunit/usage.rst | 342 ++++++++++++++++++++- drivers/gpu/drm/xe/tests/xe_pci.c | 14 +- drivers/gpu/drm/xe/tests/xe_pci_test.h | 9 +- include/kunit/test.h | 95 +++++- kernel/kcsan/kcsan_test.c | 2 +- lib/Makefile | 4 - lib/kunit/Kconfig | 11 + lib/kunit/Makefile | 2 +- lib/kunit/kunit-example-test.c | 217 +++++++++++++ lib/kunit/test.c | 94 +++++- rust/kernel/kunit.rs | 11 + rust/macros/kunit.rs | 48 ++- tools/testing/kunit/configs/arch_uml.config | 5 +- tools/testing/kunit/kunit.py | 4 +- tools/testing/kunit/kunit_parser.py | 8 +- tools/testing/kunit/qemu_configs/mips.py | 18 ++ tools/testing/kunit/qemu_configs/mips64.py | 19 ++ tools/testing/kunit/qemu_configs/mips64el.py | 19 ++ tools/testing/kunit/qemu_configs/mipsel.py | 18 ++ .../test_data/test_is_test_passed-kselftest.log | 3 +- 20 files changed, 880 insertions(+), 63 deletions(-) create mode 100644 tools/testing/kunit/qemu_configs/mips.py create mode 100644 tools/testing/kunit/qemu_configs/mips64.py create mode 100644 tools/testing/kunit/qemu_configs/mips64el.py create mode 100644 tools/testing/kunit/qemu_configs/mipsel.py ----------------------------------------------------------------

1 month

2
1
0 0

[PATCHv3 net 1/2] bonding: fix xfrm offload feature setup on active-backup mode

by Hangbin Liu

The active-backup bonding mode supports XFRM ESP offload. However, when a bond is added using command like `ip link add bond0 type bond mode 1 miimon 100`, the `ethtool -k` command shows that the XFRM ESP offload is disabled. This occurs because, in bond_newlink(), we change bond link first and register bond device later. So the XFRM feature update in bond_option_mode_set() is not called as the bond device is not yet registered, leading to the offload feature not being set successfully. To resolve this issue, we can modify the code order in bond_newlink() to ensure that the bond device is registered first before changing the bond link parameters. This change will allow the XFRM ESP offload feature to be correctly enabled. Fixes: 007ab5345545 ("bonding: fix feature flag setting at init time") Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com> --- v3: rebase to latest net, no code update v2: rebase to latest net, no code update --- drivers/net/bonding/bond_main.c | 2 +- drivers/net/bonding/bond_netlink.c | 16 +++++++++------- include/net/bonding.h | 1 + 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c index 57be04f6cb11..f4f0feddd9fa 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -4411,7 +4411,7 @@ void bond_work_init_all(struct bonding *bond) INIT_DELAYED_WORK(&bond->slave_arr_work, bond_slave_arr_handler); } -static void bond_work_cancel_all(struct bonding *bond) +void bond_work_cancel_all(struct bonding *bond) { cancel_delayed_work_sync(&bond->mii_work); cancel_delayed_work_sync(&bond->arp_work); diff --git a/drivers/net/bonding/bond_netlink.c b/drivers/net/bonding/bond_netlink.c index 57fff2421f1b..7a9d73ec8e91 100644 --- a/drivers/net/bonding/bond_netlink.c +++ b/drivers/net/bonding/bond_netlink.c @@ -579,20 +579,22 @@ static int bond_newlink(struct net_device *bond_dev, struct rtnl_newlink_params *params, struct netlink_ext_ack *extack) { + struct bonding *bond = netdev_priv(bond_dev); struct nlattr **data = params->data; struct nlattr **tb = params->tb; int err; - err = bond_changelink(bond_dev, tb, data, extack); - if (err < 0) + err = register_netdevice(bond_dev); + if (err) return err; - err = register_netdevice(bond_dev); - if (!err) { - struct bonding *bond = netdev_priv(bond_dev); + netif_carrier_off(bond_dev); + bond_work_init_all(bond); - netif_carrier_off(bond_dev); - bond_work_init_all(bond); + err = bond_changelink(bond_dev, tb, data, extack); + if (err) { + bond_work_cancel_all(bond); + unregister_netdevice(bond_dev); } return err; diff --git a/include/net/bonding.h b/include/net/bonding.h index e06f0d63b2c1..bd56ad976cfb 100644 --- a/include/net/bonding.h +++ b/include/net/bonding.h @@ -711,6 +711,7 @@ struct bond_vlan_tag *bond_verify_device_path(struct net_device *start_dev, int bond_update_slave_arr(struct bonding *bond, struct slave *skipslave); void bond_slave_arr_work_rearm(struct bonding *bond, unsigned long delay); void bond_work_init_all(struct bonding *bond); +void bond_work_cancel_all(struct bonding *bond); #ifdef CONFIG_PROC_FS void bond_create_proc_entry(struct bonding *bond); -- 2.50.1

1 month

3
4
0 0

[PATCH 1/1] selftest/sched: skip the test if smt is not enabled

by Yifei Liu

The core scheduling is for smt enabled cpus. It is not returns failure and gives plenty of error messages and not clearly points to the smt issue if the smt is disabled. It just mention "not a core sched system" and many other messages. For example: Not a core sched system tid=210574, / tgid=210574 / pgid=210574: ffffffffffffffff Not a core sched system tid=210575, / tgid=210575 / pgid=210574: ffffffffffffffff Not a core sched system tid=210577, / tgid=210575 / pgid=210574: ffffffffffffffff (similar things many other times) In this patch, the test will first read /sys/devices/system/cpu/smt/active, if the file cannot be opened or its value is 0, the test is skipped with an explanatory message. This helps developers understand why it is skipped and avoids unnecessary attention when running the full selftest suite. Signed-off-by: Yifei Liu <yifei.l.liu(a)oracle.com> --- tools/testing/selftests/sched/cs_prctl_test.c | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/sched/cs_prctl_test.c b/tools/testing/selftests/sched/cs_prctl_test.c index 52d97fae4dbd..7ce8088cde6a 100644 --- a/tools/testing/selftests/sched/cs_prctl_test.c +++ b/tools/testing/selftests/sched/cs_prctl_test.c @@ -32,6 +32,8 @@ #include <stdlib.h> #include <string.h> +#include "../kselftest.h" + #if __GLIBC_PREREQ(2, 30) == 0 #include <sys/syscall.h> static pid_t gettid(void) @@ -109,6 +111,22 @@ static void handle_usage(int rc, char *msg) exit(rc); } +int check_smt(void) +{ + int c = 0; + FILE *file; + + file = fopen("/sys/devices/system/cpu/smt/active", "r"); + if (!file) + return 0; + c = fgetc(file) - 0x30; + fclose(file); + if (c == 0 || c == 1) + return c; + //if fgetc returns EOF or -1 for correupted files, return 0. + return 0; +} + static unsigned long get_cs_cookie(int pid) { unsigned long long cookie; @@ -271,7 +289,10 @@ int main(int argc, char *argv[]) delay = -1; srand(time(NULL)); - + if (!check_smt()) { + ksft_test_result_skip("smt not enabled\n"); + return 1; + } /* put into separate process group */ if (setpgid(0, 0) != 0) handle_error("process group"); -- 2.50.1

1 month

1
0
0 0

[PATCH net v3] selftest:net: Fix uninit return values

by Sidharth Seela

Fix functions that return undefined values. These issues were caught by running clang using LLVM=1 option; and are as follows: -- ovpn-cli.c:1587:6: warning: variable 'ret' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized] 1587 | if (!sock) { | ^~~~~ ovpn-cli.c:1635:9: note: uninitialized use occurs here 1635 | return ret; | ^~~ ovpn-cli.c:1587:2: note: remove the 'if' if its condition is always false 1587 | if (!sock) { | ^~~~~~~~~~~~ 1588 | fprintf(stderr, "cannot allocate netlink socket\n"); | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1589 | goto err_free; | ~~~~~~~~~~~~~~ 1590 | } | ~ ovpn-cli.c:1584:15: note: initialize the variable 'ret' to silence this warning 1584 | int mcid, ret; | ^ | = 0 ovpn-cli.c:2107:7: warning: variable 'ret' is used uninitialized whenever switch case is taken [-Wsometimes-uninitialized] 2107 | case CMD_INVALID: | ^~~~~~~~~~~ ovpn-cli.c:2111:9: note: uninitialized use occurs here 2111 | return ret; | ^~~ ovpn-cli.c:1939:12: note: initialize the variable 'ret' to silence this warning 1939 | int n, ret; | ^ | -- Fixes: 959bc330a439 ("testing/selftests: add test tool and scripts for ovpn module") ovpn module") v3: - Use prefix net. - Remove so_txtime fix as default case calls error(). - Changelog before sign-off. - Three dashes after sign-off v2: - Use subsystem name "net". - Add fixes tags. - Remove txtimestamp fix as default case calls error. - Assign constant error string instead of NULL. Signed-off-by: Sidharth Seela <sidharthseela(a)gmail.com> --- diff --git a/tools/testing/selftests/net/ovpn/ovpn-cli.c b/tools/testing/selftests/net/ovpn/ovpn-cli.c index 9201f2905f2c..20d00378f34a 100644 --- a/tools/testing/selftests/net/ovpn/ovpn-cli.c +++ b/tools/testing/selftests/net/ovpn/ovpn-cli.c @@ -1581,7 +1581,7 @@ static int ovpn_listen_mcast(void) { struct nl_sock *sock; struct nl_cb *cb; - int mcid, ret; + int mcid, ret = -1; sock = nl_socket_alloc(); if (!sock) { @@ -1936,7 +1936,7 @@ static int ovpn_run_cmd(struct ovpn_ctx *ovpn) { char peer_id[10], vpnip[INET6_ADDRSTRLEN], laddr[128], lport[10]; char raddr[128], rport[10]; - int n, ret; + int n, ret = -1; FILE *fp; switch (ovpn->cmd) { -- 2.47.3

1 month

2
3
0 0

[PATCH v4 0/7] platform/chrome: Fix a possible UAF via revocable

by Tzung-Bi Shih

This is a follow-up series of [1]. It tries to fix a possible UAF in the fops of cros_ec_chardev after the underlying protocol device has gone by using revocable. The 1st patch introduces the revocable which is an implementation of ideas from the talk [2]. The 2nd and 3rd patches add test cases for revocable in Kunit and selftest. The 4th patch converts existing protocol devices to resource providers of cros_ec_device. The 5th - 7th are PoC patches for moving most revocable code to subsystem level. Miscdevice is used as it would be simpler for PoC. Note that the device driver (e.g., cros_ec_chardev) still needs to be revocable-aware. The driver needs to specify where to save the pointer and thus the resource is available in fops. - The 5th patch adds a helper for using revocable API with fops. - The 6th patch leverages the helper in miscdevice. - The 7th patch converts cros_ec_chardev to a resource consumer of cros_ec_device to fix the UAF. [1] https://lore.kernel.org/chrome-platform/20250721044456.2736300-6-tzungbi@ke… [2] https://lpc.events/event/17/contributions/1627/ v4: - Rebase onto next-20250922. - Remove the 5th patch from v3. - Add fops replacement PoC in 5th - 7th patches. v3: https://lore.kernel.org/chrome-platform/20250912081718.3827390-1-tzungbi@ke… - Rebase onto https://lore.kernel.org/chrome-platform/20250828083601.856083-1-tzungbi@ker… and next-20250912. - The 4th patch changed accordingly. v2: https://lore.kernel.org/chrome-platform/20250820081645.847919-1-tzungbi@ker… - Rename "ref_proxy" -> "revocable". - Add test cases in Kunit and selftest. v1: https://lore.kernel.org/chrome-platform/20250814091020.1302888-1-tzungbi@ke… Tzung-Bi Shih (7): revocable: Revocable resource management revocable: Add Kunit test cases selftests: revocable: Add kselftest cases platform/chrome: Protect cros_ec_device lifecycle with revocable revocable: Add fops replacement char: misc: Leverage revocable fops replacement platform/chrome: cros_ec_chardev: Secure cros_ec_device via revocable .../driver-api/driver-model/index.rst | 1 + .../driver-api/driver-model/revocable.rst | 87 ++++ MAINTAINERS | 9 + drivers/base/Kconfig | 8 + drivers/base/Makefile | 5 +- drivers/base/revocable.c | 374 ++++++++++++++++++ drivers/base/revocable_test.c | 110 ++++++ drivers/char/misc.c | 7 + drivers/platform/chrome/cros_ec.c | 5 + drivers/platform/chrome/cros_ec_chardev.c | 15 +- include/linux/miscdevice.h | 3 + include/linux/platform_data/cros_ec_proto.h | 4 + include/linux/revocable.h | 60 +++ tools/testing/selftests/Makefile | 1 + .../selftests/drivers/base/revocable/Makefile | 7 + .../drivers/base/revocable/revocable_test.c | 116 ++++++ .../drivers/base/revocable/test-revocable.sh | 39 ++ .../base/revocable/test_modules/Makefile | 10 + .../revocable/test_modules/revocable_test.c | 188 +++++++++ 19 files changed, 1047 insertions(+), 2 deletions(-) create mode 100644 Documentation/driver-api/driver-model/revocable.rst create mode 100644 drivers/base/revocable.c create mode 100644 drivers/base/revocable_test.c create mode 100644 include/linux/revocable.h create mode 100644 tools/testing/selftests/drivers/base/revocable/Makefile create mode 100644 tools/testing/selftests/drivers/base/revocable/revocable_test.c create mode 100755 tools/testing/selftests/drivers/base/revocable/test-revocable.sh create mode 100644 tools/testing/selftests/drivers/base/revocable/test_modules/Makefile create mode 100644 tools/testing/selftests/drivers/base/revocable/test_modules/revocable_test.c -- 2.51.0.534.gc79095c0ca-goog

1 month

2
10
0 0

[PATCH net-next 0/8] mptcp: receive path improvement

by Matthieu Baerts (NGI0)

This series includes several changes to the MPTCP RX path. The main goals are improving the RX performances, and increase the long term maintainability. Some changes reflects recent(ish) improvements introduced in the TCP stack: patch 1, 2 and 3 are the MPTCP counter part of SKB deferral free and auto-tuning improvements. Note that patch 3 could possibly fix additional issues, and overall such patch should protect from similar issues to arise in the future. Patches 4-7 are aimed at introducing the socket backlog usage which will be done in a later series to process the packets received by the different subflows while the msk socket is owned. Patch 8 is not related to the RX path, but it contains additional tests for new features recently introduced in net-next. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Notes: - Sorry for sending this series that late, we had quite a few patches to upstream during this cycle. This is the last batch, and it has been heavily tested the last 2 weeks. - If there are some issues with some patches, but not with 1-3, it would be nice, if possible, if these 3 first patches can be accepted, to reduce the recently introduced gap with TCP. - Patches can be grouped like this if needed: 1-3, 4-5, 6-7, 8. 6-7 are preparing the ground for future on-going work, they can be dropped if there are issues with them. --- Matthieu Baerts (NGI0) (1): selftests: mptcp: join: validate new laminar endp Paolo Abeni (7): mptcp: leverage skb deferral free tcp: make tcp_rcvbuf_grow() accessible to mptcp code mptcp: rcvbuf auto-tuning improvement mptcp: introduce the mptcp_init_skb helper mptcp: remove unneeded mptcp_move_skb() mptcp: factor out a basic skb coalesce helper mptcp: minor move_skbs_to_msk() cleanup include/net/tcp.h | 1 + net/ipv4/tcp_input.c | 2 +- net/mptcp/protocol.c | 187 ++++++++++++------------ net/mptcp/protocol.h | 4 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 69 +++++++++ tools/testing/selftests/net/mptcp/pm_nl_ctl.c | 9 ++ 6 files changed, 177 insertions(+), 95 deletions(-) --- base-commit: 1493c18fe8696bfc758a97130a485fc4e08387f5 change-id: 20250927-net-next-mptcp-rcv-path-imp-192d8c24c9c7 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 month

4
11
0 0

[PATCH] KVM: selftests: fix irqfd_test on arm64

by Sebastian Ott

irqfd_test on arm triggers the following assertion: ==== Test Assertion Failure ==== include/kvm_util.h:527: !ret pid=3643 tid=3643 errno=11 - Resource temporarily unavailable 1 0x00000000004026d7: kvm_irqfd at kvm_util.h:527 2 0x0000000000402083: main at irqfd_test.c:100 3 0x0000ffffa5aab587: ?? ??:0 4 0x0000ffffa5aab65f: ?? ??:0 5 0x000000000040236f: _start at ??:? KVM_IRQFD failed, rc: -1 errno: 11 (Resource temporarily unavailable) Fix this by setting up a vgic for the vm. Signed-off-by: Sebastian Ott <sebott(a)redhat.com> --- tools/testing/selftests/kvm/irqfd_test.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/kvm/irqfd_test.c b/tools/testing/selftests/kvm/irqfd_test.c index 7c301b4c7005..f7b8766e9d42 100644 --- a/tools/testing/selftests/kvm/irqfd_test.c +++ b/tools/testing/selftests/kvm/irqfd_test.c @@ -8,7 +8,11 @@ #include <stdint.h> #include <sys/sysinfo.h> +#include "processor.h" #include "kvm_util.h" +#ifdef __aarch64__ +#include "vgic.h" +#endif static struct kvm_vm *vm1; static struct kvm_vm *vm2; @@ -86,14 +90,30 @@ static void juggle_eventfd_primary(struct kvm_vm *vm, int eventfd) kvm_irqfd(vm, GSI_BASE_PRIMARY + 1, eventfd, KVM_IRQFD_FLAG_DEASSIGN); } +static struct kvm_vm *test_vm_create(void) +{ +#ifdef __aarch64__ + struct kvm_vm *vm; + struct kvm_vcpu *vcpu; + int gic_fd; + + vm = vm_create_with_one_vcpu(&vcpu, NULL); + gic_fd = vgic_v3_setup(vm, 1, 64); + __TEST_REQUIRE(gic_fd >= 0, "Failed to create vgic-v3"); + + return vm; +#endif + return vm_create(1); +} + int main(int argc, char *argv[]) { pthread_t racing_thread; int r, i; /* Create "full" VMs, as KVM_IRQFD requires an in-kernel IRQ chip. */ - vm1 = vm_create(1); - vm2 = vm_create(1); + vm1 = test_vm_create(); + vm2 = test_vm_create(); WRITE_ONCE(__eventfd, kvm_new_eventfd()); -- 2.51.0

1 month

4
10
0 0

[PATCH net-next] selftests/net: add tcp_port_share to .gitignore

by Gopi Krishna Menon

Add the tcp_port_share test binary to .gitignore to avoid accidentally staging the build artifact. Fixes: 8a8241cdaa34 ("selftests/net: Test tcp port reuse after unbinding a socket") Signed-off-by: Gopi Krishna Menon <krishnagopi487(a)gmail.com> --- tools/testing/selftests/net/.gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/net/.gitignore b/tools/testing/selftests/net/.gitignore index 3d4b4a53dfda..439101b518ee 100644 --- a/tools/testing/selftests/net/.gitignore +++ b/tools/testing/selftests/net/.gitignore @@ -52,6 +52,7 @@ tap tcp_fastopen_backup_key tcp_inq tcp_mmap +tcp_port_share tfo timestamping tls -- 2.43.0

1 month

4
5
0 0

selftests: kvm: irqfd_test: KVM_IRQFD failed, rc: -1 errno: 11 (Resource temporarily unavailable)

by Naresh Kamboju

The selftests: kvm: irqfd_test consistently fails across all test platforms since its introduction in Linux next-20250625. The failure occurs due to a KVM_IRQFD ioctl returning errno 11 (Resource temporarily unavailable). This has been observed from day one and is reproducible on all test runs. Reproducibility: 100% failure on all test platforms since next-20250625..next-20250929 Test fails on the below list * graviton4 * rk3399-rock-pi-4b ## Initial Observations: The test is attempting to register an IRQFD but fails with EAGAIN (errno 11). This likely indicates resource exhaustion or unsupported behavior on affected ARM-based platforms. Could you please advise on the way forward for this test? Should we treat this as an unsupported case on ARM platforms, or is there a missing implementation/configuration that needs to be addressed? ## Test log selftests: kvm: irqfd_test Random seed: 0x6b8b4567 ==== Test Assertion Failure ==== include/kvm_util.h:527: !ret pid=721 tid=721 errno=11 - Resource temporarily unavailable 1 0x000000000040250f: kvm_irqfd at kvm_util.h:527 2 0x000000000040222f: main at irqfd_test.c:100 3 0x0000ffffbd43229b: ?? ??:0 4 0x0000ffffbd43237b: ?? ??:0 addr2line: 5 0x000000000040206f: DWARF error: mangled line number section (bad file number) addr2line: DWARF error: mangled line number section (bad file number) _start at ??:? KVM_IRQFD failed, rc: -1 errno: 11 (Resource temporarily unavailable) not ok 4 selftests: kvm: irqfd_test exit=254 ## Links * https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20250929/te… * https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20250929/te…

1 month

2
1
0 0

[PATCH v2 1/2] selftests/net: add netdevsim.c

by Maksimilijan Marosevic

Tests an edge case in the nsim module where gw_family == AF_UNSPEC. Works by creating a new nsim device and then sending a multipath path message to it and loopback. In unpatched kernels, this triggers a WARN_ON_ONCE in netdevsim/fib.c. Reported-by: syzbot+a259a17220263c2d73fc(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=a259a17220263c2d73fc Fixes: e6f497955fb6 ("ipv6: Check GATEWAY in rtm_to_fib6_multipath_config().") Signed-off-by: Maksimilijan Marosevic <maksimilijan.marosevic(a)proton.me> --- tools/testing/selftests/net/netdevsim.c | 391 ++++++++++++++++++++++++ 1 file changed, 391 insertions(+) create mode 100644 tools/testing/selftests/net/netdevsim.c diff --git a/tools/testing/selftests/net/netdevsim.c b/tools/testing/selftests/net/netdevsim.c new file mode 100644 index 000000000000..cdc8ebef4dac --- /dev/null +++ b/tools/testing/selftests/net/netdevsim.c @@ -0,0 +1,391 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * This test creates a new netdevsim device and then sends + * an IPv6 multipath netlink message to it and the loopback + * interface. + * + * This triggers an edge case where the routing table is + * constructed with an entry where gw_family = AF_UNSPEC. + * If not caught, this causes an unexpected nsiblings count + * in netdevsim/fib.c: nsim_fib6_event_init(), raising a + * warning. + * + * NOTE: The warning in question is raised by WARN_ON_ONCE. + * Therefore, this test reports a false negative if the + * warning has already been triggered. + * + */ + +#include <arpa/inet.h> +#include <bits/types/struct_iovec.h> +#include <linux/netlink.h> +#include <linux/rtnetlink.h> +#include <netinet/in.h> +#include <stdio.h> +#include <fcntl.h> +#include <stdlib.h> +#include <string.h> +#include <sys/socket.h> +#include <unistd.h> +#include <dirent.h> +#include <stdbool.h> +#include <net/if.h> + +#define RTF_UP 0x0001 // route usable +#define RTF_HOST 0x0004 // host entry (net otherwise) + +#define NSIM_PORTS 1 +#define NETDEVSIM_DEV_DIR "/sys/bus/netdevsim/devices" +#define NSIM_DEV_DIR_BUFFER_SIZE 128 +#define LO_DEV "lo" + +#define BUFSIZE 4096 +#define DST_PREFIX "2001:db8::" +#define GW1 "fe80::1" +#define GW2 "::1" + +#define PID_LEN 16 + +int get_free_idx(void) +{ + int idx = 0; + int tmp = 0; + DIR *nsim_dir = opendir(NETDEVSIM_DEV_DIR); + struct dirent *entry = NULL; + + if (nsim_dir == NULL) { + fprintf(stderr, "Unable to open nsim directory\n"); + return -1; + } + + do { + entry = readdir(nsim_dir); + if (entry != NULL && + sscanf(entry->d_name, "netdevsim%d", &tmp) > 0) { + if (tmp >= idx) + idx = tmp + 1; + } + } while (entry != NULL); + + closedir(nsim_dir); + return idx; +} + +int create_netdevsim_device(int id, int num_ports) +{ + const char *path = "/sys/bus/netdevsim/new_device"; + char buffer[64]; + int fd; + + fd = open(path, O_WRONLY); + if (fd < 0) { + fprintf(stderr, "Failed to open new_device\n"); + return -1; + } + + snprintf(buffer, sizeof(buffer), "%d %d", id, num_ports); + if (write(fd, buffer, strlen(buffer)) < 0) { + fprintf(stderr, "Failed to write to new_device\n"); + close(fd); + return -1; + } + + close(fd); + return 0; +} + +int ensure_nsim_dev_exists(void) +{ + int ret; + int nsim_idx; + + nsim_idx = get_free_idx(); + ret = create_netdevsim_device(nsim_idx, NSIM_PORTS); + if (ret != 0) { + fprintf(stderr, "Failed to create nsim device\n"); + return -1; + } + + return nsim_idx; +} + +char *get_nsim_dev_link(int nsim_idx) +{ + char nsim_dev_dir_buffer[NSIM_DEV_DIR_BUFFER_SIZE]; + DIR *nsim_dev_dir; + struct dirent *entry; + + sprintf(nsim_dev_dir_buffer, "%s/netdevsim%d/%s", NETDEVSIM_DEV_DIR, + nsim_idx, "net"); + + nsim_dev_dir = opendir(nsim_dev_dir_buffer); + + if (nsim_dev_dir == NULL) { + fprintf(stderr, "Unable to open %s\n", nsim_dev_dir_buffer); + return NULL; + } + + do { + entry = readdir(nsim_dev_dir); + if (entry != NULL && entry->d_name[0] != '.') + break; + + } while (entry != NULL); + + if (entry == NULL || entry->d_name[0] == '.') { + fprintf(stderr, "Device has no ports\n"); + return NULL; + } + + closedir(nsim_dev_dir); + + return entry->d_name; +} + +int get_nsim_dev(char **nsim_link) +{ + int nsim_idx; + char *nsim_dev_link; + + nsim_idx = ensure_nsim_dev_exists(); + if (nsim_idx < 0) + return -1; + + nsim_dev_link = get_nsim_dev_link(nsim_idx); + if (nsim_dev_link == NULL) + return -1; + + *nsim_link = nsim_dev_link; + return 0; +} + +int prepare_socket(void) +{ + struct sockaddr_nl sa; + int fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + + if (fd < 0) { + fprintf(stderr, "Failed to open socket\n"); + return -1; + } + + sa.nl_family = AF_NETLINK; + + if (bind(fd, (struct sockaddr *)&sa, sizeof(sa)) < 0) + fprintf(stderr, "Failed to bind socket\n"); + + return fd; +} + +struct nlmsghdr *construct_header(char **pos) +{ + struct nlmsghdr *nlh = (struct nlmsghdr *)(*pos); + + nlh->nlmsg_type = RTM_NEWROUTE; + nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_CREATE; + + *pos += NLMSG_HDRLEN; + + return nlh; +} + +void construct_rtmsg(char **pos) +{ + struct rtmsg *rtm = (struct rtmsg *)(*pos); + + rtm->rtm_family = AF_INET6; + rtm->rtm_table = RT_TABLE_MAIN; + rtm->rtm_protocol = RTPROT_STATIC; + rtm->rtm_type = RTN_UNICAST; + rtm->rtm_scope = RT_SCOPE_UNIVERSE; + rtm->rtm_dst_len = 128; + rtm->rtm_flags |= RTF_HOST | RTF_UP; + + *pos += NLMSG_ALIGN(sizeof(struct rtmsg)); +} + +void construct_dest(char **pos) +{ + struct rtattr *rta_dest = (struct rtattr *)(*pos); + struct in6_addr dst6; + + rta_dest->rta_type = RTA_DST; + rta_dest->rta_len = RTA_LENGTH(sizeof(struct in6_addr)); + inet_pton(AF_INET6, DST_PREFIX, &dst6); + memcpy(RTA_DATA(rta_dest), &dst6, sizeof(dst6)); + *pos += RTA_ALIGN(rta_dest->rta_len); +} + +struct rtattr *construct_multipath_hdr(char **pos) +{ + struct rtattr *rta_mp = (struct rtattr *)(*pos); + + rta_mp->rta_type = RTA_MULTIPATH; + *pos += sizeof(struct rtattr); + + return rta_mp; +} + +void add_nexthop(char **pos, int ifindex, char *gw_addr) +{ + struct rtnexthop *rtnh = (struct rtnexthop *)(*pos); + + rtnh->rtnh_hops = 0; + rtnh->rtnh_ifindex = ifindex; + char *rtnh_pos = (char *)rtnh + RTNH_ALIGN(sizeof(struct rtnexthop)); + + struct rtattr *attr = (struct rtattr *)rtnh_pos; + + attr->rta_type = RTA_GATEWAY; + attr->rta_len = RTA_LENGTH(sizeof(struct in6_addr)); + + struct in6_addr gw; + + inet_pton(AF_INET6, gw_addr, &gw); + memcpy(RTA_DATA(attr), &gw, sizeof(gw)); + + rtnh_pos += RTA_ALIGN(attr->rta_len); + rtnh->rtnh_len = rtnh_pos - (char *)rtnh; + + *pos = rtnh_pos; +} + +struct nlmsghdr *construct_message(char *buf, int nsim_ifindex, int lo_ifindex) +{ + char *pos = buf; + struct nlmsghdr *nlh = construct_header(&pos); + + construct_rtmsg(&pos); + construct_dest(&pos); + + struct rtattr *rta_mp = construct_multipath_hdr(&pos); + + add_nexthop(&pos, nsim_ifindex, GW1); + add_nexthop(&pos, lo_ifindex, GW2); + + rta_mp->rta_len = pos - (char *)rta_mp; + nlh->nlmsg_len = pos - buf; + + return nlh; +} + +int send_nl_msg(struct nlmsghdr *nlh, int socket) +{ + struct iovec iov = { .iov_base = nlh, .iov_len = nlh->nlmsg_len }; + struct msghdr msg = { + .msg_iov = &iov, + .msg_iovlen = 1, + }; + + if (sendmsg(socket, (struct msghdr *)&msg, 0) < 0) { + fprintf(stderr, "Failed to send message\n"); + return 1; + } + + return 0; +} + +int open_kmsg(void) +{ + int fd = open("/dev/kmsg", O_RDONLY | O_NONBLOCK); + + if (fd < 0) { + fprintf(stderr, "Failed to open kmsg\n"); + return -1; + } + + return fd; +} + +int move_cursor_to_end(int fd) +{ + if (lseek(fd, 0, SEEK_END) == -1) { + fprintf(stderr, "Failed to lseek kmsg\n"); + return -1; + } + + return 0; +} + +int look_for_warn(int kmsg_fd) +{ + char buffer[1024]; + int bytes_read; + int pid = getpid(); + char pid_str[PID_LEN]; + + snprintf(pid_str, PID_LEN, "%d", pid); + + while ((bytes_read = read(kmsg_fd, buffer, sizeof(buffer) - 1)) > 0) { + buffer[bytes_read] = '\0'; + if (strstr(buffer, "WARNING") && strstr(buffer, pid_str)) { + printf("Kernel warning detected\n"); + return 1; + } + } + + return 0; +} + +int main(void) +{ + char *nsim_dev; + int if_lo, if_nsim; + int fd; + int kmsg_fd; + struct nlmsghdr *nlh; + char buf[BUFSIZE]; + + if (get_nsim_dev(&nsim_dev) != 0) + return EXIT_FAILURE; + + sleep(1); // Doesn't work without a delay + + if_lo = if_nametoindex(LO_DEV); + if_nsim = if_nametoindex(nsim_dev); + + if (!if_lo || !if_nsim) { + fprintf(stderr, "Failed to get interface index\n"); + return EXIT_FAILURE; + } + + memset(buf, 0, sizeof(buf)); + nlh = construct_message(buf, if_nsim, if_lo); + + fd = prepare_socket(); + if (fd < 0) { + fprintf(stderr, "Failed to open socket\n"); + close(fd); + return EXIT_FAILURE; + } + + kmsg_fd = open_kmsg(); + if (kmsg_fd < 0) { + fprintf(stderr, "Failed to open kmsg\n"); + close(fd); + return EXIT_FAILURE; + } + + if (move_cursor_to_end(kmsg_fd) < 0) { + fprintf(stderr, "Failed to open kmsg\n"); + close(fd); + close(kmsg_fd); + return EXIT_FAILURE; + } + + if (send_nl_msg(nlh, fd) != 0) { + close(fd); + close(kmsg_fd); + return EXIT_FAILURE; + } + + if (look_for_warn(kmsg_fd) != 0) { + close(fd); + close(kmsg_fd); + return EXIT_FAILURE; + } + + close(kmsg_fd); + close(fd); + return EXIT_SUCCESS; +} -- 2.43.0

1 month, 1 week

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror