- Linux-kselftest-mirror - lists.linaro.org

[PATCH v4 0/3] Support comma-separated symbols and :entry/:exit

by Seokwoo Chung (Ryan)

Extend fprobe to support list-style filters and explicit entry/exit suffixes. Currentyl, fprobe only supports a single symbol (or wildcard) per event. This patch allows users to specify a comma-separated list of symbols. New Syntax: - f:[GRP/][EVENT] func1,func2,func3:entry - f:[GRP/][EVENT] func1,func2,func3:exit Logic changes: - Refactor parsing logic into 'parse_fprobe_spec' - Support '!' prefix for exclusion - Disable BTF lookup ('ctx->funcname = NULL') when a list or wildcard is used, as a single function signature cannot apply to multiple functions. - Reject legacy '%return' suffix when used with lists or wildcards - Update tracefs/README Testing: Verified on x86_64 via QEMU. Checked registration of lists, exclusions, and explicit suffixes. Verified rejection of invalid syntax including trailing commas and mixed legacy/new syntax. Seokwoo Chung (Ryan) (3): docs: tracing/fprobe: Document list filters and :entry/:exit tracing/fprobe: Support comma-separated symbols and :entry/:exit selftests/ftrace: Add accept cases for fprobe list syntax Changes in v4: - Added validation to reject trailing commas (empty tokens) in symbol lists - Added vaildation to reject mixed of list syntax with %return suffix - Refactored parse_fprobe_spec to user __free(kfree) for automatic memory cleanup - Removed the now-unused parse_symbol_and_return function to avoid compiler warnings. - Tigtened %return detection to ensure it only matches as a strict suffix, not a substring - Link to v3: https://lore.kernel.org/lkml/20250904103219.f4937968362bfff1ecd3f004@kernel… Documentation/trace/fprobetrace.rst | 17 +- kernel/trace/trace.c | 3 +- kernel/trace/trace_fprobe.c | 209 ++++++++++++++---- .../ftrace/test.d/dynevent/fprobe_list.tc | 92 ++++++++ 4 files changed, 269 insertions(+), 52 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/dynevent/fprobe_list.tc -- 2.43.0

2 days, 13 hours

3
8
0 0

[RFC net-next 00/13] ovpn: new features + kselftests

by Antonio Quartulli

Dear all, This patchset is just a respin of my latest PR to net-next, including all modifications requested by Jakub and Sabrina. However, this time I am also adding patches targeting selftest/net/ovpn, as they come in handy for testing the new features (originally I wanted them to be a separate PR, but it doesn't indeed make a lot of sense). This said, since these kselftest patches are quite invasive, I didn't feel confident with sending them in a PR right away, but I rather wanted some feedback from Sabrina and Shuah first, if possible. So here we go. Once I get some approval on this batch, I'll send then send them all to net-next again as PRv2. Thanks a lot! Regards, Antonio Quartulli (1): selftests: ovpn: allow compiling ovpn-cli.c with mbedtls3 Qingfang Deng (1): ovpn: pktid: use bitops.h API Ralf Lici (10): selftests: ovpn: add notification parsing and matching ovpn: notify userspace on client float event ovpn: add support for asymmetric peer IDs selftests: ovpn: check asymmetric peer-id selftests: ovpn: add test for the FW mark feature ovpn: consolidate crypto allocations in one chunk ovpn: use bound device in UDP when available selftests: ovpn: add test for bound device ovpn: use bound address in UDP when available selftests: ovpn: add test for bound address Sabrina Dubroca (1): ovpn: use correct array size to parse nested attributes in ovpn_nl_key_swap_doit Documentation/netlink/specs/ovpn.yaml | 23 +- drivers/net/ovpn/crypto_aead.c | 162 +++++++--- drivers/net/ovpn/io.c | 8 +- drivers/net/ovpn/netlink-gen.c | 13 +- drivers/net/ovpn/netlink-gen.h | 6 +- drivers/net/ovpn/netlink.c | 98 +++++- drivers/net/ovpn/netlink.h | 2 + drivers/net/ovpn/peer.c | 6 + drivers/net/ovpn/peer.h | 4 +- drivers/net/ovpn/pktid.c | 11 +- drivers/net/ovpn/pktid.h | 2 +- drivers/net/ovpn/skb.h | 13 +- drivers/net/ovpn/udp.c | 10 +- include/uapi/linux/ovpn.h | 2 + tools/testing/selftests/net/ovpn/Makefile | 17 +- .../selftests/net/ovpn/check_requirements.py | 37 +++ tools/testing/selftests/net/ovpn/common.sh | 60 +++- tools/testing/selftests/net/ovpn/data64.key | 6 +- .../selftests/net/ovpn/json/peer0-float.json | 9 + .../selftests/net/ovpn/json/peer0.json | 6 + .../selftests/net/ovpn/json/peer1-float.json | 1 + .../selftests/net/ovpn/json/peer1.json | 1 + .../selftests/net/ovpn/json/peer2-float.json | 1 + .../selftests/net/ovpn/json/peer2.json | 1 + .../selftests/net/ovpn/json/peer3-float.json | 1 + .../selftests/net/ovpn/json/peer3.json | 1 + .../selftests/net/ovpn/json/peer4-float.json | 1 + .../selftests/net/ovpn/json/peer4.json | 1 + .../selftests/net/ovpn/json/peer5-float.json | 1 + .../selftests/net/ovpn/json/peer5.json | 1 + .../selftests/net/ovpn/json/peer6-float.json | 1 + .../selftests/net/ovpn/json/peer6.json | 1 + tools/testing/selftests/net/ovpn/ovpn-cli.c | 281 +++++++++++------- .../selftests/net/ovpn/requirements.txt | 1 + .../testing/selftests/net/ovpn/tcp_peers.txt | 11 +- .../selftests/net/ovpn/test-bind-addr.sh | 10 + tools/testing/selftests/net/ovpn/test-bind.sh | 117 ++++++++ .../selftests/net/ovpn/test-close-socket.sh | 2 +- tools/testing/selftests/net/ovpn/test-mark.sh | 81 +++++ tools/testing/selftests/net/ovpn/test.sh | 57 +++- .../testing/selftests/net/ovpn/udp_peers.txt | 12 +- 41 files changed, 855 insertions(+), 224 deletions(-) create mode 100755 tools/testing/selftests/net/ovpn/check_requirements.py create mode 100644 tools/testing/selftests/net/ovpn/json/peer0-float.json create mode 100644 tools/testing/selftests/net/ovpn/json/peer0.json create mode 120000 tools/testing/selftests/net/ovpn/json/peer1-float.json create mode 100644 tools/testing/selftests/net/ovpn/json/peer1.json create mode 120000 tools/testing/selftests/net/ovpn/json/peer2-float.json create mode 100644 tools/testing/selftests/net/ovpn/json/peer2.json create mode 120000 tools/testing/selftests/net/ovpn/json/peer3-float.json create mode 100644 tools/testing/selftests/net/ovpn/json/peer3.json create mode 120000 tools/testing/selftests/net/ovpn/json/peer4-float.json create mode 100644 tools/testing/selftests/net/ovpn/json/peer4.json create mode 120000 tools/testing/selftests/net/ovpn/json/peer5-float.json create mode 100644 tools/testing/selftests/net/ovpn/json/peer5.json create mode 120000 tools/testing/selftests/net/ovpn/json/peer6-float.json create mode 100644 tools/testing/selftests/net/ovpn/json/peer6.json create mode 120000 tools/testing/selftests/net/ovpn/requirements.txt create mode 100755 tools/testing/selftests/net/ovpn/test-bind-addr.sh create mode 100755 tools/testing/selftests/net/ovpn/test-bind.sh create mode 100755 tools/testing/selftests/net/ovpn/test-mark.sh -- 2.51.2

2 days, 13 hours

3
20
0 0

[PATCH nf-next] selftests: netfilter: nft_flowtable.sh: Add the capability to send IPv6 TCP traffic

by Lorenzo Bianconi

Introduce the capability to send TCP traffic over IPv6 to nft_flowtable netfilter selftest. Signed-off-by: Lorenzo Bianconi <lorenzo(a)kernel.org> --- .../selftests/net/netfilter/nft_flowtable.sh | 47 +++++++++++++++------- 1 file changed, 33 insertions(+), 14 deletions(-) diff --git a/tools/testing/selftests/net/netfilter/nft_flowtable.sh b/tools/testing/selftests/net/netfilter/nft_flowtable.sh index 1fbfc8ad8dcdc5db2ab1a1ea9310f655d09eee83..24b4e60b91451e7ea7f6a041b0335233047c6242 100755 --- a/tools/testing/selftests/net/netfilter/nft_flowtable.sh +++ b/tools/testing/selftests/net/netfilter/nft_flowtable.sh @@ -127,6 +127,8 @@ ip -net "$nsr1" addr add fee1:2::1/64 dev veth1 nodad ip -net "$nsr2" addr add 192.168.10.2/24 dev veth0 ip -net "$nsr2" addr add fee1:2::2/64 dev veth0 nodad +ip netns exec "$nsr1" sysctl net.ipv6.conf.all.forwarding=1 > /dev/null +ip netns exec "$nsr2" sysctl net.ipv6.conf.all.forwarding=1 > /dev/null for i in 0 1; do ip netns exec "$nsr1" sysctl net.ipv4.conf.veth$i.forwarding=1 > /dev/null ip netns exec "$nsr2" sysctl net.ipv4.conf.veth$i.forwarding=1 > /dev/null @@ -153,7 +155,9 @@ ip -net "$ns1" route add default via dead:1::1 ip -net "$ns2" route add default via dead:2::1 ip -net "$nsr1" route add default via 192.168.10.2 +ip -6 -net "$nsr1" route add default via fee1:2::2 ip -net "$nsr2" route add default via 192.168.10.1 +ip -6 -net "$nsr2" route add default via fee1:2::1 ip netns exec "$nsr1" nft -f - <<EOF table inet filter { @@ -352,8 +356,9 @@ test_tcp_forwarding_ip() local nsa=$1 local nsb=$2 local pmtu=$3 - local dstip=$4 - local dstport=$5 + local proto=$4 + local dstip=$5 + local dstport=$6 local lret=0 local socatc local socatl @@ -363,12 +368,12 @@ test_tcp_forwarding_ip() infile="$nsin_small" fi - timeout "$SOCAT_TIMEOUT" ip netns exec "$nsb" socat -4 TCP-LISTEN:12345,reuseaddr STDIO < "$infile" > "$ns2out" & + timeout "$SOCAT_TIMEOUT" ip netns exec "$nsb" socat -${proto} TCP${proto}-LISTEN:12345,reuseaddr STDIO < "$infile" > "$ns2out" & lpid=$! busywait 1000 listener_ready - timeout "$SOCAT_TIMEOUT" ip netns exec "$nsa" socat -4 TCP:"$dstip":"$dstport" STDIO < "$infile" > "$ns1out" + timeout "$SOCAT_TIMEOUT" ip netns exec "$nsa" socat -${proto} TCP${proto}:"$dstip":"$dstport" STDIO < "$infile" > "$ns1out" socatc=$? wait $lpid @@ -394,8 +399,11 @@ test_tcp_forwarding_ip() test_tcp_forwarding() { local pmtu="$3" + local proto="$4" + local dstip="$5" + local dstport="$6" - test_tcp_forwarding_ip "$1" "$2" "$pmtu" 10.0.2.99 12345 + test_tcp_forwarding_ip "$1" "$2" "$pmtu" "$proto" "$dstip" "$dstport" return $? } @@ -403,6 +411,9 @@ test_tcp_forwarding() test_tcp_forwarding_set_dscp() { local pmtu="$3" + local proto="$4" + local dstip="$5" + local dstport="$6" ip netns exec "$nsr1" nft -f - <<EOF table netdev dscpmangle { @@ -413,7 +424,7 @@ table netdev dscpmangle { } EOF if [ $? -eq 0 ]; then - test_tcp_forwarding_ip "$1" "$2" "$3" 10.0.2.99 12345 + test_tcp_forwarding_ip "$1" "$2" "$pmtu" "$proto" "$dstip" "$dstport" check_dscp "dscp_ingress" "$pmtu" ip netns exec "$nsr1" nft delete table netdev dscpmangle @@ -430,7 +441,7 @@ table netdev dscpmangle { } EOF if [ $? -eq 0 ]; then - test_tcp_forwarding_ip "$1" "$2" "$pmtu" 10.0.2.99 12345 + test_tcp_forwarding_ip "$1" "$2" "$pmtu" "$proto" "$dstip" "$dstport" check_dscp "dscp_egress" "$pmtu" ip netns exec "$nsr1" nft delete table netdev dscpmangle @@ -441,7 +452,7 @@ fi # partial. If flowtable really works, then both dscp-is-0 and dscp-is-cs3 # counters should have seen packets (before and after ft offload kicks in). ip netns exec "$nsr1" nft -a insert rule inet filter forward ip dscp set cs3 - test_tcp_forwarding_ip "$1" "$2" "$pmtu" 10.0.2.99 12345 + test_tcp_forwarding_ip "$1" "$2" "$pmtu" "$proto" "$dstip" "$dstport" check_dscp "dscp_fwd" "$pmtu" } @@ -455,7 +466,7 @@ test_tcp_forwarding_nat() [ "$pmtu" -eq 0 ] && what="$what (pmtu disabled)" - test_tcp_forwarding_ip "$nsa" "$nsb" "$pmtu" 10.0.2.99 12345 + test_tcp_forwarding_ip "$nsa" "$nsb" "$pmtu" 4 10.0.2.99 12345 lret=$? if [ "$lret" -eq 0 ] ; then @@ -465,7 +476,7 @@ test_tcp_forwarding_nat() echo "PASS: flow offload for ns1/ns2 with masquerade $what" fi - test_tcp_forwarding_ip "$1" "$2" "$pmtu" 10.6.6.6 1666 + test_tcp_forwarding_ip "$1" "$2" "$pmtu" 4 10.6.6.6 1666 lret=$? if [ "$pmtu" -eq 1 ] ;then check_counters "flow offload for ns1/ns2 with dnat $what" @@ -487,7 +498,7 @@ make_file "$nsin_small" "$filesize_small" # Due to MTU mismatch in both directions, all packets (except small packets like pure # acks) have to be handled by normal forwarding path. Therefore, packet counters # are not checked. -if test_tcp_forwarding "$ns1" "$ns2" 0; then +if test_tcp_forwarding "$ns1" "$ns2" 0 4 10.0.2.99 12345; then echo "PASS: flow offloaded for ns1/ns2" else echo "FAIL: flow offload for ns1/ns2:" 1>&2 @@ -495,6 +506,14 @@ else ret=1 fi +if test_tcp_forwarding "$ns1" "$ns2" 0 6 "[dead:2::99]" 12345; then + echo "PASS: IPv6 flow offloaded for ns1/ns2" +else + echo "FAIL: IPv6 flow offload for ns1/ns2:" 1>&2 + ip netns exec "$nsr1" nft list ruleset + ret=1 +fi + # delete default route, i.e. ns2 won't be able to reach ns1 and # will depend on ns1 being masqueraded in nsr1. # expect ns1 has nsr1 address. @@ -520,7 +539,7 @@ table ip nat { EOF check_dscp "dscp_none" "0" -if ! test_tcp_forwarding_set_dscp "$ns1" "$ns2" 0 ""; then +if ! test_tcp_forwarding_set_dscp "$ns1" "$ns2" 0 4 10.0.2.99 12345; then echo "FAIL: flow offload for ns1/ns2 with dscp update and no pmtu discovery" 1>&2 exit 0 fi @@ -546,7 +565,7 @@ ip netns exec "$ns2" sysctl net.ipv4.ip_no_pmtu_disc=0 > /dev/null ip netns exec "$nsr1" nft reset counters table inet filter >/dev/null ip netns exec "$ns2" nft reset counters table inet filter >/dev/null -if ! test_tcp_forwarding_set_dscp "$ns1" "$ns2" 1 ""; then +if ! test_tcp_forwarding_set_dscp "$ns1" "$ns2" 1 4 10.0.2.99 12345; then echo "FAIL: flow offload for ns1/ns2 with dscp update and pmtu discovery" 1>&2 exit 0 fi @@ -752,7 +771,7 @@ ip -net "$ns2" route del 192.168.10.1 via 10.0.2.1 ip -net "$ns2" route add default via 10.0.2.1 ip -net "$ns2" route add default via dead:2::1 -if test_tcp_forwarding "$ns1" "$ns2" 1; then +if test_tcp_forwarding "$ns1" "$ns2" 1 4 10.0.2.99 12345; then check_counters "ipsec tunnel mode for ns1/ns2" else echo "FAIL: ipsec tunnel mode for ns1/ns2" --- base-commit: aa7ece8adbea8cca27594a0f80c68f6cb708326d change-id: 20251122-nft_flowtable-sh-ipv6-tcp-76f3d28169d1 Best regards, -- Lorenzo Bianconi <lorenzo(a)kernel.org>

2 days, 16 hours

2
3
0 0

[PATCH net-next] selftests: af_unix: remove unused stdlib.h include

by Sunday Adelodun

The unix_connreset.c test included <stdlib.h>, but no symbol from that header is used. This causes a fatal build error under certain linux-next configurations where stdlib.h is not available. Remove the unused include to fix the build. Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/r/202511221800.hcgCKvVa-lkp@intel.com/ Signed-off-by: Sunday Adelodun <adelodunolaoluwa(a)yahoo.com> --- tools/testing/selftests/net/af_unix/unix_connreset.c | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/testing/selftests/net/af_unix/unix_connreset.c b/tools/testing/selftests/net/af_unix/unix_connreset.c index bffef2b54bfd..9844e829aed5 100644 --- a/tools/testing/selftests/net/af_unix/unix_connreset.c +++ b/tools/testing/selftests/net/af_unix/unix_connreset.c @@ -14,7 +14,6 @@ */ #define _GNU_SOURCE -#include <stdlib.h> #include <string.h> #include <fcntl.h> #include <unistd.h> -- 2.43.0

2 days, 16 hours

2
1
0 0

[PATCH v4 0/3] selftests: cgroup: Enhance robustness with polling helpers

by Guopeng Zhang

Hi all, This patch series introduces improvements to the cgroup selftests by adding helper functions to better handle asynchronous updates in cgroup statistics. These changes are especially useful for managing cgroup stats like memory.stat and cgroup.stat, which can be affected by delays (e.g., RCPU callbacks and asynchronous rstat flushing). v4: - Patch 1/3: Adds the `cg_read_key_long_poll()` helper to poll cgroup keys with retries and configurable intervals. - Patch 2/3: Updates `test_memcg_sock()` to use `cg_read_key_long_poll()` for handling delayed "sock" counter updates in memory.stat. - Patch 3/3: Replaces `sleep` and retry logic in `test_kmem_dead_cgroups()` with `cg_read_key_long_poll()` for waiting on `nr_dying_descendants`. v3: - Move `MEMCG_SOCKSTAT_WAIT_*` defines after the `#include` block as suggested. v2: - Clarify the rationale for the 3s timeout and mention the periodic rstat flush interval (FLUSH_TIME = 2*HZ) in the comment. - Replace hardcoded retry count and wait interval with macros to avoid magic numbers and make the timeout calculation explicit. Thanks to Michal Koutný for the suggestion to introduce the polling helper, and to Lance Yang for the review. Guopeng Zhang (3): selftests: cgroup: Add cg_read_key_long_poll() to poll a cgroup key with retries selftests: cgroup: make test_memcg_sock robust against delayed sock stats selftests: cgroup: Replace sleep with cg_read_key_long_poll() for waiting on nr_dying_descendants .../selftests/cgroup/lib/cgroup_util.c | 21 +++++++++++++ .../cgroup/lib/include/cgroup_util.h | 5 +++ tools/testing/selftests/cgroup/test_kmem.c | 31 ++++++++----------- .../selftests/cgroup/test_memcontrol.c | 20 +++++++++++- 4 files changed, 58 insertions(+), 19 deletions(-) -- 2.25.1

2 days, 16 hours

2
6
0 0

[PATCH] selftests: gpio: correctly check the type of /dev/gpiochipX

by Guixin Liu

/dev/gpiochipX is a character device, not a directory, so we should use "test -c" instead of "test -d" to check for its existence; otherwise, the current check will not work correctly when /dev/gpiochipX is left over (e.g., as a stale device node). Signed-off-by: Guixin Liu <kanie(a)linux.alibaba.com> --- tools/testing/selftests/gpio/gpio-aggregator.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/gpio/gpio-aggregator.sh b/tools/testing/selftests/gpio/gpio-aggregator.sh index 9b6f80ad9f8a..13d8e1607571 100755 --- a/tools/testing/selftests/gpio/gpio-aggregator.sh +++ b/tools/testing/selftests/gpio/gpio-aggregator.sh @@ -351,7 +351,7 @@ test "$(agg_get_chip_num_lines _sysfs.0)" = "1" || fail "number of lines is not test "$(agg_get_line_name _sysfs.0 0)" = "" || fail "line name is unset" echo "$(agg_configfs_dev_name _sysfs.0)" > "$SYSFS_AGG_DIR/delete_device" test -d $CONFIGFS_AGG_DIR/_sysfs.0 && fail "_sysfs.0 unexpectedly remains" -test -d /dev/${CHIPNAME} && fail "/dev/${CHIPNAME} unexpectedly remains" +test -c /dev/${CHIPNAME} && fail "/dev/${CHIPNAME} unexpectedly remains" echo "1.2.2. Complex creation/deletion" echo "chip0bank0_0 chip1_bank1 10-11" > "$SYSFS_AGG_DIR/new_device" @@ -365,7 +365,7 @@ test "$(agg_get_line_name _sysfs.0 1)" = "" || fail "line name is unset" test "$(agg_get_line_name _sysfs.0 2)" = "" || fail "line name is unset" echo "$(agg_configfs_dev_name _sysfs.0)" > "$SYSFS_AGG_DIR/delete_device" test -d $CONFIGFS_AGG_DIR/_sysfs.0 && fail "_sysfs.0 unexpectedly remains" -test -d /dev/${CHIPNAME} && fail "/dev/${CHIPNAME} unexpectedly remains" +test -c /dev/${CHIPNAME} && fail "/dev/${CHIPNAME} unexpectedly remains" echo "1.2.3. Asynchronous creation with deferred probe" sim_disable_chip chip0 @@ -382,7 +382,7 @@ test "$(agg_get_chip_num_lines _sysfs.0)" = "1" || fail "number of lines is not test "$(agg_get_line_name _sysfs.0 0)" = "" || fail "line name unexpectedly set" echo "$(agg_configfs_dev_name _sysfs.0)" > "$SYSFS_AGG_DIR/delete_device" test -d $CONFIGFS_AGG_DIR/_sysfs.0 && fail "_sysfs.0 unexpectedly remains" -test -d /dev/${CHIPNAME} && fail "/dev/${CHIPNAME} unexpectedly remains" +test -c /dev/${CHIPNAME} && fail "/dev/${CHIPNAME} unexpectedly remains" echo "1.2.4. Can't instantiate a chip with invalid configuration" echo "xyz 0" > "$SYSFS_AGG_DIR/new_device" -- 2.43.0

2 days, 19 hours

1
0
0 0

[RFC PATCH 0/3] Memory Controller eBPF support

by Hui Zhu

From: Hui Zhu <zhuhui(a)kylinos.cn> This series proposes adding eBPF support to the Linux memory controller, enabling dynamic and extensible memory management policies at runtime. Background The memory controller (memcg) currently provides fixed memory accounting and reclamation policies through static kernel code. This limits flexibility for specialized workloads and use cases that require custom memory management strategies. By enabling eBPF programs to hook into key memory control operations, administrators can implement custom policies without recompiling the kernel, while maintaining the safety guarantees provided by the BPF verifier. Use Cases 1. Custom memory reclamation strategies for specialized workloads 2. Dynamic memory pressure monitoring and telemetry 3. Memory accounting adjustments based on runtime conditions 4. Integration with container orchestration systems for intelligent resource management 5. Research and experimentation with novel memory management algorithms Design Overview This series introduces: 1. A new BPF struct ops type (`memcg_ops`) that allows eBPF programs to implement custom behavior for memory charging operations. 2. A hook point in the `try_charge_memcg()` fast path that invokes registered eBPF programs to determine if custom memory management should be applied. 3. The eBPF handler can inspect memory cgroup context and optionally modify certain parameters (e.g., `nr_pages` for reclamation size). 4. A reference counting mechanism using `percpu_ref` to safely manage the lifecycle of registered eBPF struct ops instances. 5. Configuration via `CONFIG_MEMCG_BPF` to allow disabling this feature at build time. Implementation Details - Uses BPF struct ops for a cleaner integration model - Leverages static branch keys for minimal overhead when feature is unused - RCU synchronization ensures safe replacement of handlers - Sample eBPF program demonstrates monitoring capabilities - Comprehensive selftest suite validates core functionality Performance Considerations - Zero overhead when feature is disabled or no eBPF program is loaded (static branch is disabled) - Minimal overhead when enabled: one indirect function call per charge attempt - eBPF programs run under the restrictions of the BPF verifier Patch Overview PATCH 1/3: Core kernel implementation - Adds eBPF struct ops support to memcg - Introduces CONFIG_MEMCG_BPF option - Implements safe registration/unregistration mechanism PATCH 2/3: Selftest suite - prog_tests/memcg_ops.c: Test entry points - progs/memcg_ops.bpf.c: Test eBPF program - Validates load, attach, and single-handler constraints PATCH 3/3: Sample userspace program - samples/bpf/memcg_printk.bpf.c: Monitoring eBPF program - samples/bpf/memcg_printk.c: Userspace loader - Demonstrates real-world usage and debugging capabilities Open Questions & Discussion Points 1. Should the eBPF handler have access to additional memory cgroup state? Current design exposes minimal context to reduce attack surface. 2. Are there other memory control operations that would benefit from eBPF extensibility (e.g., uncharge, reclaim)? 3. Should there be permission checks or restrictions on who can load memcg eBPF programs? Currently inherits BPF's CAP_PERFMON/CAP_SYS_ADMIN requirements. 4. How should we handle multiple eBPF programs trying to register? Current implementation allows only one active handler. 5. Is the current exposed context in `try_charge_memcg` struct sufficient, or should additional fields be added? Testing The selftests provide comprehensive coverage of the core functionality. The sample program can be used for manual testing and as a reference for implementing additional monitoring tools. Hui Zhu (3): memcg: add eBPF struct ops support for memory charging selftests/bpf: add memcg eBPF struct ops test samples/bpf: add example memcg eBPF program MAINTAINERS | 5 + init/Kconfig | 38 ++++ mm/Makefile | 1 + mm/memcontrol.c | 26 ++- mm/memcontrol_bpf.c | 200 ++++++++++++++++++ mm/memcontrol_bpf.h | 103 +++++++++ samples/bpf/Makefile | 2 + samples/bpf/memcg_printk.bpf.c | 30 +++ samples/bpf/memcg_printk.c | 82 +++++++ .../selftests/bpf/prog_tests/memcg_ops.c | 117 ++++++++++ tools/testing/selftests/bpf/progs/memcg_ops.c | 20 ++ 11 files changed, 617 insertions(+), 7 deletions(-) create mode 100644 mm/memcontrol_bpf.c create mode 100644 mm/memcontrol_bpf.h create mode 100644 samples/bpf/memcg_printk.bpf.c create mode 100644 samples/bpf/memcg_printk.c create mode 100644 tools/testing/selftests/bpf/prog_tests/memcg_ops.c create mode 100644 tools/testing/selftests/bpf/progs/memcg_ops.c -- 2.43.0

2 days, 19 hours

6
17
0 0

[PATCH] selftests/mm/uffd: initialize char variable to Null

by Ankit Khushwaha

In "uffd-stress.c" & "uffd-unit-tests.c". address of char variable having garbage value (uninitialized) is passed to 'write' syscall triggers warning. uffd-stress.c:246:39: warning: variable 'c' is uninitialized when passed as a const pointer argument here [-Wuninitialized-const-pointer] uffd-unit-tests.c:581:31: warning: variable 'c' is uninitialized when passed as a const pointer argument here [-Wuninitialized-const-pointer] so the fix is to assign char variable to '\0' to prevent writing of garbage value. Signed-off-by: Ankit Khushwaha <ankitkhushwaha.linux(a)gmail.com> --- this warning is raised with clang version 21.1.5 (Fedora 21.1.5-1.fc43). --- tools/testing/selftests/mm/uffd-stress.c | 2 +- tools/testing/selftests/mm/uffd-unit-tests.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/mm/uffd-stress.c b/tools/testing/selftests/mm/uffd-stress.c index b51c89e1cd1a..700fbaa18d44 100644 --- a/tools/testing/selftests/mm/uffd-stress.c +++ b/tools/testing/selftests/mm/uffd-stress.c @@ -241,7 +241,7 @@ static int stress(struct uffd_args *args) return 1; for (cpu = 0; cpu < gopts->nr_parallel; cpu++) { - char c; + char c = '\0'; if (bounces & BOUNCE_POLL) { if (write(gopts->pipefd[cpu*2+1], &c, 1) != 1) err("pipefd write error"); diff --git a/tools/testing/selftests/mm/uffd-unit-tests.c b/tools/testing/selftests/mm/uffd-unit-tests.c index f917b4c4c943..f4807242c5b2 100644 --- a/tools/testing/selftests/mm/uffd-unit-tests.c +++ b/tools/testing/selftests/mm/uffd-unit-tests.c @@ -543,7 +543,7 @@ static void uffd_minor_test_common(uffd_global_test_opts_t *gopts, bool test_col { unsigned long p; pthread_t uffd_mon; - char c; + char c = '\0'; struct uffd_args args = { 0 }; args.gopts = gopts; @@ -759,7 +759,7 @@ static void uffd_sigbus_test_common(uffd_global_test_opts_t *gopts, bool wp) pthread_t uffd_mon; pid_t pid; int err; - char c; + char c = '\0'; struct uffd_args args = { 0 }; args.gopts = gopts; @@ -819,7 +819,7 @@ static void uffd_events_test_common(uffd_global_test_opts_t *gopts, bool wp) pthread_t uffd_mon; pid_t pid; int err; - char c; + char c = '\0'; struct uffd_args args = { 0 }; args.gopts = gopts; @@ -1125,7 +1125,7 @@ uffd_move_test_common(uffd_global_test_opts_t *gopts, { unsigned long nr; pthread_t uffd_mon; - char c; + char c = '\0'; unsigned long long count; struct uffd_args args = { 0 }; char *orig_area_src = NULL, *orig_area_dst = NULL; -- 2.52.0

2 days, 23 hours

2
1
0 0

[PATCH] [PATCH v4] selftests/seccomp: Fix indentation and rebase error logging patch

by Sameeksha Sankpal

v4: - Resending v3 after reviewer feedback (Shuah Khan). - No code changes. - Fixes email formatting and broken threading in earlier versions. v3: - Rebased against upstream seccomp tree. - Fixed indentation to use tabs instead of spaces. - Used scripts/checkpatch.pl to fix warnings. - Removed blank line before Signed-off-by. v2: - Used TH_LOG instead of printf for error logging. - Moved variable declaration to the top of the function. - Applied review suggestions from Kees Cook. v1: - Initial patch to improve error logging in get_proc_stat(). Suggested-by: Kees Cook <kees(a)kernel.org> Signed-off-by: Sameeksha Sankpal <sameekshasankpal(a)gmail.com> --- tools/testing/selftests/seccomp/seccomp_bpf.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 61acbd45ffaa..dbd7e705a2af 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -4508,9 +4508,14 @@ static char get_proc_stat(struct __test_metadata *_metadata, pid_t pid) char proc_path[100] = {0}; char status; char *line; + int rc; snprintf(proc_path, sizeof(proc_path), "/proc/%d/stat", pid); ASSERT_EQ(get_nth(_metadata, proc_path, 3, &line), 1); + rc = get_nth(_metadata, proc_path, 3, &line); + ASSERT_EQ(rc, 1) { + TH_LOG("user_notification_fifo: failed to read stat for PID %d (rc=%d)", pid, rc); + } status = *line; free(line); -- 2.43.0

3 days

1
0
0 0

[PATCH v3 0/1] cpuset: relax the overlap check for cgroup-v2

by Sun Shaojie

In cgroup v2, a mutual overlap check is required when at least one of two cpusets is exclusive. However, this check should be relaxed and limited to cases where both cpusets are exclusive. This patch ensures that for sibling cpusets A1 (exclusive) and B1 (non-exclusive), change B1 cannot affect A1's exclusivity. for example. Assume a machine has 4 CPUs (0-3). root cgroup / \ A1 B1 Case 1: Table 1.1: Before applying the patch Step | A1's prstate | B1'sprstate | #1> echo "0-1" > A1/cpuset.cpus | member | member | #2> echo "root" > A1/cpuset.cpus.partition | root | member | #3> echo "0" > B1/cpuset.cpus | root invalid | member | After step #3, A1 changes from "root" to "root invalid" because its CPUs (0-1) overlap with those requested by B1 (0-3). However, B1 can actually use CPUs 2-3(from B1's parent), so it would be more reasonable for A1 to remain as "root." Table 1.2: After applying the patch Step | A1's prstate | B1'sprstate | #1> echo "0-1" > A1/cpuset.cpus | member | member | #2> echo "root" > A1/cpuset.cpus.partition | root | member | #3> echo "0" > B1/cpuset.cpus | root | member | Case 2: (This situation remains unchanged from before) Table 2.1: Before applying the patch Step | A1's prstate | B1'sprstate | #1> echo "0-1" > A1/cpuset.cpus | member | member | #3> echo "1-2" > B1/cpuset.cpus | member | member | #2> echo "root" > A1/cpuset.cpus.partition | root invalid | member | Table 2.2: After applying the patch Step | A1's prstate | B1'sprstate | #1> echo "0-1" > A1/cpuset.cpus | member | member | #3> echo "1-2" > B1/cpuset.cpus | member | member | #2> echo "root" > A1/cpuset.cpus.partition | root invalid | member | All other cases remain unaffected. For example, cgroup-v1, both A1 and B1 are exclusive or non-exlusive. --- v3 -> v4: - Adjust the test_cpuset_prt.sh test file to align with the current behavior. v2 -> v3: - Ensure compliance with constraints such as cpuset.cpus.exclusive. - Link: https://lore.kernel.org/cgroups/20251113131434.606961-1-sunshaojie@kylinos.… v1 -> v2: - Keeps the current cgroup v1 behavior unchanged - Link: https://lore.kernel.org/cgroups/c8e234f4-2c27-4753-8f39-8ae83197efd3@redhat… --- kernel/cgroup/cpuset-internal.h | 3 ++ kernel/cgroup/cpuset-v1.c | 20 +++++++++ kernel/cgroup/cpuset.c | 43 ++++++++++++++----- .../selftests/cgroup/test_cpuset_prs.sh | 5 ++- 4 files changed, 58 insertions(+), 13 deletions(-) -- 2.25.1

3 days, 2 hours

4
35
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror