- Linux-kselftest-mirror - lists.linaro.org

[PATCH] selftests/net: give more time to udpgro nat tests

by Lucas Karpinski

In some conditions, background processes in udpgro don't have enough time to set up the sockets. When foreground processes start, this results in the bad GRO lookup test freezing or reporting that it received 0 gro segments. To fix this, increase the time given to background processes to complete the startup before foreground processes start. This is the same issue and the same fix as posted by Adrien Therry. Link: https://lore.kernel.org/all/20221101184809.50013-1-athierry@redhat.com/ Signed-off-by: Lucas Karpinski <lkarpins(a)redhat.com> --- tools/testing/selftests/net/udpgro.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/udpgro.sh b/tools/testing/selftests/net/udpgro.sh index 0c743752669a..4ccbcb2390ad 100755 --- a/tools/testing/selftests/net/udpgro.sh +++ b/tools/testing/selftests/net/udpgro.sh @@ -97,7 +97,8 @@ run_one_nat() { echo "ok" || \ echo "failed"& - sleep 0.1 + # Hack: let bg programs complete the startup + sleep 0.2 ./udpgso_bench_tx ${tx_args} ret=$? kill -INT $pid -- 2.41.0

2 years

2
1
0 0

[PATCH] selftests:net change ifconfig with ip command

by Swarup Laxman Kotiaklapudi

Change ifconfig with ip command, on a system where ifconfig is not used this script will not work correcly. Test result with this patchset: sudo make TARGETS="net" kselftest .... TAP version 13 1..1 timeout set to 1500 selftests: net: route_localnet.sh run arp_announce test net.ipv4.conf.veth0.route_localnet = 1 net.ipv4.conf.veth1.route_localnet = 1 net.ipv4.conf.veth0.arp_announce = 2 net.ipv4.conf.veth1.arp_announce = 2 PING 127.25.3.14 (127.25.3.14) from 127.25.3.4 veth0: 56(84) bytes of data. 64 bytes from 127.25.3.14: icmp_seq=1 ttl=64 time=0.038 ms 64 bytes from 127.25.3.14: icmp_seq=2 ttl=64 time=0.068 ms 64 bytes from 127.25.3.14: icmp_seq=3 ttl=64 time=0.068 ms 64 bytes from 127.25.3.14: icmp_seq=4 ttl=64 time=0.068 ms 64 bytes from 127.25.3.14: icmp_seq=5 ttl=64 time=0.068 ms --- 127.25.3.14 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4073ms rtt min/avg/max/mdev = 0.038/0.062/0.068/0.012 ms ok run arp_ignore test net.ipv4.conf.veth0.route_localnet = 1 net.ipv4.conf.veth1.route_localnet = 1 net.ipv4.conf.veth0.arp_ignore = 3 net.ipv4.conf.veth1.arp_ignore = 3 PING 127.25.3.14 (127.25.3.14) from 127.25.3.4 veth0: 56(84) bytes of data. 64 bytes from 127.25.3.14: icmp_seq=1 ttl=64 time=0.032 ms 64 bytes from 127.25.3.14: icmp_seq=2 ttl=64 time=0.065 ms 64 bytes from 127.25.3.14: icmp_seq=3 ttl=64 time=0.066 ms 64 bytes from 127.25.3.14: icmp_seq=4 ttl=64 time=0.065 ms 64 bytes from 127.25.3.14: icmp_seq=5 ttl=64 time=0.065 ms --- 127.25.3.14 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4092ms rtt min/avg/max/mdev = 0.032/0.058/0.066/0.013 ms ok ok 1 selftests: net: route_localnet.sh ... Signed-off-by: Swarup Laxman Kotiaklapudi <swarupkotikalapudi(a)gmail.com> --- tools/testing/selftests/net/route_localnet.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/net/route_localnet.sh b/tools/testing/selftests/net/route_localnet.sh index 116bfeab72fa..3ab9beb4462c 100755 --- a/tools/testing/selftests/net/route_localnet.sh +++ b/tools/testing/selftests/net/route_localnet.sh @@ -18,8 +18,10 @@ setup() { ip route del 127.0.0.0/8 dev lo table local ip netns exec "${PEER_NS}" ip route del 127.0.0.0/8 dev lo table local - ifconfig veth0 127.25.3.4/24 up - ip netns exec "${PEER_NS}" ifconfig veth1 127.25.3.14/24 up + ip a add 127.25.3.4/24 dev veth0 + ip link set dev veth0 up + ip netns exec "${PEER_NS}" ip a add 127.25.3.14/24 dev veth1 + ip netns exec "${PEER_NS}" ip link set dev veth1 up ip route flush cache ip netns exec "${PEER_NS}" ip route flush cache -- 2.34.1

2 years

4
6
0 0

Re: # Toplevel Makefile doesn't process module build correctly on recursive make calls

by Marcos Paulo de Souza

On Fri, Oct 20, 2023 at 06:21:40AM +0200, Nicolas Schier wrote: > On Thu, Oct 19, 2023 at 03:50:05PM -0300, Marcos Paulo de Souza wrote: > > On Sat, Oct 14, 2023 at 05:35:55PM +0900, Masahiro Yamada wrote: > > > On Tue, Oct 10, 2023 at 5:43 AM Marcos Paulo de Souza <mpdesouza(a)suse.de> wrote: > > > > > > > > Hi all, > > > > > > > > I found an issue while moving the livepatch kselftest modules to be built on the > > > > fly, instead of building them on kernel building. > > > > > > > > If, for some reason, there is a recursive make invocation that starts from the > > > > top level Makefile and in the leaf Makefile it tries to build a module (using M= > > > > in the make invocation), it doesn't produce the module. This happens because the > > > > toplevel Makefile checks for M= only once. This is controlled by the > > > > sub_make_done variable, which is exported after checking the command line > > > > options are passed to the top level Makefile. Once this variable is set it's > > > > the M= setting is never checked again on the recursive call. > > > > > > > > This can be observed when cleaning the bpf kselftest dir. When calling > > > > > > > > $ make TARGETS="bpf" SKIP_TARGETS="" kselftest-clean > > > > > > > > What happens: > > > > > > > > 1. It checks for some command line settings (like M=) was passed (it wasn't), > > > > set some definitions and exports sub_make_done. > > > > > > > > 2. Jump into tools/testing/selftests/bpf, and calls the clean target. > > > > > > > > 3. The clean target is overwritten to remove some files and then jump to > > > > bpf_testmod dir and call clean there > > > > > > > > 4. On bpf_testmod/Makefile, the clean target will execute > > > > $(Q)make -C $(KDIR) M=$(BPF_TESTMOD_DIR) clean > > > > > > > > 5. The KDIR is to toplevel dir. The top Makefile will check that sub_make_done was > > > > already set, ignoring the M= setting. > > > > > > > > 6. As M= wasn't checked, KBUILD_EXTMOD isn't set, and the clean target applies > > > > to the kernel as a whole, making it clean all generated code/objects and > > > > everything. > > > > > > > > One way to avoid it is to call "unexport sub_make_done" on > > > > tools/testing/selftests/bpf/bpf_testmod/Makefile before processing the all > > > > target, forcing the toplevel Makefile to process the M=, producing the module > > > > file correctly. > > > > > > > > If the M=dir points to /lib/modules/.../build, then it fails with "m2c: No such > > > > file", which I already reported here[1]. At the time this problem was treated > > > > like a problem with kselftest infrastructure. > > > > > > > > Important: The process works fine if the initial make invocation is targeted to a > > > > different directory (using -C), since it doesn't goes through the toplevel > > > > Makefile, and sub_make_done variable is not set. > > > > > > > > I attached a minimal reproducer, that can be used to better understand the > > > > problem. The "make testmod" and "make testmod-clean" have the same effect that > > > > can be seem with the bpf kselftests. There is a unexport call commented on > > > > test-mods/Makefile, and once that is called the process works as expected. > > > > > > > > Is there a better way to fix this? Is this really a problem, or am I missing > > > > something? > > > > > > > > > Or, using KBUILD_EXTMOD will work too. > > > > Yes, that works, only if set to /lib/modules: > > > > $ make kselftest TARGETS=bpf SKIP_TARGETS="" > > make[3]: Entering directory '/home/mpdesouza/git/linux/tools/testing/selftests/bpf' > > MOD bpf_testmod.ko > > warning: the compiler differs from the one used to build the kernel > > The kernel was built by: gcc (SUSE Linux) 13.2.1 20230803 [revision cc279d6c64562f05019e1d12d0d825f9391b5553] > > You are using: gcc (SUSE Linux) 13.2.1 20230912 [revision b96e66fd4ef3e36983969fb8cdd1956f551a074b] > > CC [M] /home/mpdesouza/git/linux/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.o > > MODPOST /home/mpdesouza/git/linux/tools/testing/selftests/bpf/bpf_testmod/Module.symvers > > CC [M] /home/mpdesouza/git/linux/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.mod.o > > LD [M] /home/mpdesouza/git/linux/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.ko > > BTF [M] /home/mpdesouza/git/linux/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.ko > > Skipping BTF generation for /home/mpdesouza/git/linux/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.ko due to unavailability of vmlinux > > BINARY xdp_synproxy > > ... > > > > But if we set the KBUILD_EXTMOD to toplevel Makefile, it fails with a different > > strange issue: > > > > $ make kselftest TARGETS=bpf SKIP_TARGETS="" > > BINARY urandom_read > > MOD bpf_testmod.ko > > m2c -o scripts/Makefile.build -e scripts/Makefile.build scripts/Makefile.build.mod > > make[6]: m2c: No such file or directory > > make[6]: *** [<builtin>: scripts/Makefile.build] Error 127 > > make[5]: *** [Makefile:1913: /home/mpdesouza/git/linux/tools/testing/selftests/bpf/bpf_testmod] Error 2 > > make[4]: *** [Makefile:19: all] Error 2 > > make[3]: *** [Makefile:229: /home/mpdesouza/git/linux/tools/testing/selftests/bpf/bpf_testmod.ko] Error 2 > > make[3]: Leaving directory '/home/mpdesouza/git/linux/tools/testing/selftests/bpf' > > make[2]: *** [Makefile:175: all] Error 2 > > make[1]: *** [/home/mpdesouza/git/linux/Makefile:1362: kselftest] Error 2 > > > > I attached a patch that can reproduce the case where it works, and the case > > where it doesn't by changing the value of KDIR. > > > > I understand that KBUILD_EXTMOD, as the name implies, was designed to build > > "external" modules, and not ones that live inside kernel, but how could this be > > solved? > > It seems to me as if there is some confusion about in-tree vs. > out-of-tree kmods. > > KBUILD_EXTMOD and M are almost the same and indicate that you want to > build _external_ (=out-of-tree) kernel modules. In-tree modules are > only those that stay in-tree _and_ are built along with the kernel. > Thus, 'make modules KBUILD_EXTMOD=fs/ext4' could be used to build ext4 > kmod as "out-of-tree" kernel module, that even taints the kernel if it > gets loaded. > > If you want bpf_testmod.ko to be an in-tree kmod, it has to be build > during the usual kernel build, not by running 'make kselftest'. > > If you use 'make -C $(KDIR)' for building out-of-tree kmods, KDIR has to > point to the kernel build directory. (Or it may point to the source > tree if you give O=$(BUILDDIR) as well). Thanks for the explanation Nicolas. In this, I believe that the BPF module should be moved into lib/, like lib/livepatch, when then be built along with other in-tree modules. Currently there is a bug when running the kselftests-clean target with bpf: make kselftest-clean TARGETS=bpf SKIP_TARGETS="" As the M= argument is ignore on the toplevel Makefile, this make invocation applies the clean to all built kernel objects/modules/everything, which is bug IMO. There is a statement in the BPF docs saying that the selftests should be run inside the tools/testing/selftests/bpf directory. At the same time, kselftests should comply with all the targets defined in the documention, like gen_tar, and run_tests. In this case should the build process be fixed, or just make kselftests less restrict? (CCing kselftests and bpf ML) > > HTH. > > Kind regards, > Nicolas > > > > For the sake of my initial about livepatch kselftests, KBUILD_EXTMOD > > will suffice, since we will target /lib/modules, but I would like to know what > > we can do in this case. Do you have other suggestions? > > > > Thanks in advance, > > Marcos > > > > > > > > > > > > > > > > > > > > -- > > > Best Regards > > > Masahiro Yamada > > > diff --git a/tools/testing/selftests/bpf/bpf_testmod/Makefile b/tools/testing/selftests/bpf/bpf_testmod/Makefile > > index 15cb36c4483a..1dce76f35405 100644 > > --- a/tools/testing/selftests/bpf/bpf_testmod/Makefile > > +++ b/tools/testing/selftests/bpf/bpf_testmod/Makefile > > @@ -1,5 +1,6 @@ > > BPF_TESTMOD_DIR := $(realpath $(dir $(abspath $(lastword $(MAKEFILE_LIST))))) > > -KDIR ?= $(abspath $(BPF_TESTMOD_DIR)/../../../../..) > > +#KDIR ?= $(abspath $(BPF_TESTMOD_DIR)/../../../../..) > > +KDIR ?= /lib/modules/$(shell uname -r)/build > > > > ifeq ($(V),1) > > Q = > > @@ -12,9 +13,10 @@ MODULES = bpf_testmod.ko > > obj-m += bpf_testmod.o > > CFLAGS_bpf_testmod.o = -I$(src) > > > > +export KBUILD_EXTMOD := $(BPF_TESTMOD_DIR) > > + > > all: > > - +$(Q)make -C $(KDIR) M=$(BPF_TESTMOD_DIR) modules > > + +$(Q)make -C $(KDIR) modules > > > > clean: > > - +$(Q)make -C $(KDIR) M=$(BPF_TESTMOD_DIR) clean > > - > > + +$(Q)make -C $(KDIR) clean >

2 years

1
0
0 0

[PATCH v2 1/4] selftests: capabilities: remove duplicate unneeded defines

by Muhammad Usama Anjum

These duplicate defines should automatically be picked up from kernel headers. Use KHDR_INCLUDES to add kernel header files. Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> --- tools/testing/selftests/capabilities/Makefile | 2 +- tools/testing/selftests/capabilities/test_execve.c | 8 -------- tools/testing/selftests/capabilities/validate_cap.c | 8 -------- 3 files changed, 1 insertion(+), 17 deletions(-) diff --git a/tools/testing/selftests/capabilities/Makefile b/tools/testing/selftests/capabilities/Makefile index 6e9d98d457d5b..411ac098308f1 100644 --- a/tools/testing/selftests/capabilities/Makefile +++ b/tools/testing/selftests/capabilities/Makefile @@ -2,7 +2,7 @@ TEST_GEN_FILES := validate_cap TEST_GEN_PROGS := test_execve -CFLAGS += -O2 -g -std=gnu99 -Wall +CFLAGS += -O2 -g -std=gnu99 -Wall $(KHDR_INCLUDES) LDLIBS += -lcap-ng -lrt -ldl include ../lib.mk diff --git a/tools/testing/selftests/capabilities/test_execve.c b/tools/testing/selftests/capabilities/test_execve.c index df0ef02b40367..e3a352b020a79 100644 --- a/tools/testing/selftests/capabilities/test_execve.c +++ b/tools/testing/selftests/capabilities/test_execve.c @@ -20,14 +20,6 @@ #include "../kselftest.h" -#ifndef PR_CAP_AMBIENT -#define PR_CAP_AMBIENT 47 -# define PR_CAP_AMBIENT_IS_SET 1 -# define PR_CAP_AMBIENT_RAISE 2 -# define PR_CAP_AMBIENT_LOWER 3 -# define PR_CAP_AMBIENT_CLEAR_ALL 4 -#endif - static int nerrs; static pid_t mpid; /* main() pid is used to avoid duplicate test counts */ diff --git a/tools/testing/selftests/capabilities/validate_cap.c b/tools/testing/selftests/capabilities/validate_cap.c index cdfc94268fe6e..60b4e7b716a75 100644 --- a/tools/testing/selftests/capabilities/validate_cap.c +++ b/tools/testing/selftests/capabilities/validate_cap.c @@ -9,14 +9,6 @@ #include "../kselftest.h" -#ifndef PR_CAP_AMBIENT -#define PR_CAP_AMBIENT 47 -# define PR_CAP_AMBIENT_IS_SET 1 -# define PR_CAP_AMBIENT_RAISE 2 -# define PR_CAP_AMBIENT_LOWER 3 -# define PR_CAP_AMBIENT_CLEAR_ALL 4 -#endif - #if __GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 19) # define HAVE_GETAUXVAL #endif -- 2.40.1

2 years

2
5
0 0

[PATCH v3 0/3] userfaultfd move option

by Suren Baghdasaryan

This patch series introduces UFFDIO_MOVE feature to userfaultfd, which has long been implemented and maintained by Andrea in his local tree [1], but was not upstreamed due to lack of use cases where this approach would be better than allocating a new page and copying the contents. Previous upstraming attempts could be found at [6] and [7]. UFFDIO_COPY performs ~20% better than UFFDIO_MOVE when the application needs pages to be allocated [2]. However, with UFFDIO_MOVE, if pages are available (in userspace) for recycling, as is usually the case in heap compaction algorithms, then we can avoid the page allocation and memcpy (done by UFFDIO_COPY). Also, since the pages are recycled in the userspace, we avoid the need to release (via madvise) the pages back to the kernel [3]. We see over 40% reduction (on a Google pixel 6 device) in the compacting thread’s completion time by using UFFDIO_MOVE vs. UFFDIO_COPY. This was measured using a benchmark that emulates a heap compaction implementation using userfaultfd (to allow concurrent accesses by application threads). More details of the usecase are explained in [3]. Furthermore, UFFDIO_MOVE enables moving swapped-out pages without touching them within the same vma. Today, it can only be done by mremap, however it forces splitting the vma. Main changes since Andrea's last version [1]: - Trivial translations from page to folio, mmap_sem to mmap_lock - Replace pmd_trans_unstable() with pte_offset_map_nolock() and handle its possible failure - Move pte mapping into remap_pages_pte to allow for retries when source page or anon_vma is contended. Since pte_offset_map_nolock() start RCU read section, we can't block anymore after mapping a pte, so have to unmap the ptesm do the locking and retry. - Add and use anon_vma_trylock_write() to avoid blocking while in RCU read section. - Accommodate changes in mmu_notifier_range_init() API, switch to mmu_notifier_invalidate_range_start_nonblock() to avoid blocking while in RCU read section. - Open-code now removed __swp_swapcount() - Replace pmd_read_atomic() with pmdp_get_lockless() - Add new selftest for UFFDIO_MOVE Changes since v1 [4]: - add mmget_not_zero in userfaultfd_remap, per Jann Horn - removed extern from function definitions, per Matthew Wilcox - converted to folios in remap_pages_huge_pmd, per Matthew Wilcox - use PageAnonExclusive in remap_pages_huge_pmd, per David Hildenbrand - handle pgtable transfers between MMs, per Jann Horn - ignore concurrent A/D pte bit changes, per Jann Horn - split functions into smaller units, per David Hildenbrand - test for folio_test_large in remap_anon_pte, per Matthew Wilcox - use pte_swp_exclusive for swapcount check, per David Hildenbrand - eliminated use of mmu_notifier_invalidate_range_start_nonblock, per Jann Horn - simplified THP alignment checks, per Jann Horn - refactored the loop inside remap_pages, per Jann Horn - additional clarifying comments, per Jann Horn Changes since v2 [5]: - renamed UFFDIO_REMAP to UFFDIO_MOVE, per David Hildenbrand - rebase over mm-unstable to use folio_move_anon_rmap(), per David Hildenbrand - added text for manpage explaining DONTFORK and KSM requirements for this feature, per David Hildenbrand - check for anon_vma changes in the fast path of folio_lock_anon_vma_read, per Peter Xu - updated the title and description of the first patch, per David Hildenbrand - updating comments in folio_lock_anon_vma_read() explaining the need for anon_vma checks, per David Hildenbrand - changed all mapcount checks to PageAnonExclusive, per Jann Horn and David Hildenbrand - changed counters in remap_swap_pte() from MM_ANONPAGES to MM_SWAPENTS, per Jann Horn - added a check for PTE change after folio is locked in remap_pages_pte(), per Jann Horn - added handling of PMD migration entries and bailout when pmd_devmap(), per Jann Horn - added checks to ensure both src and dst VMAs are writable, per Peter Xu - added UFFD_FEATURE_MOVE, per Peter Xu - removed obsolete comments, per Peter Xu - renamed remap_anon_pte to remap_present_pte, per Peter Xu - added a comment for folio_get_anon_vma() explaining the need for anon_vma checks, per Peter Xu - changed error handling in remap_pages() to make it more clear, per Peter Xu - changed EFAULT to EAGAIN to retry when a hugepage appears or disappears from under us, per Peter Xu - added links to previous upstreaming attempts, per David Hildenbrand [1] https://gitlab.com/aarcange/aa/-/commit/2aec7aea56b10438a3881a20a411aa4b1fc… [2] https://lore.kernel.org/all/1425575884-2574-1-git-send-email-aarcange@redha… [3] https://lore.kernel.org/linux-mm/CA+EESO4uO84SSnBhArH4HvLNhaUQ5nZKNKXqxRCyj… [4] https://lore.kernel.org/all/20230914152620.2743033-1-surenb@google.com/ [5] https://lore.kernel.org/all/20230923013148.1390521-1-surenb@google.com/ [6] https://lore.kernel.org/all/1425575884-2574-21-git-send-email-aarcange@redh… [7] https://lore.kernel.org/all/cover.1547251023.git.blake.caldwell@colorado.ed… The patchset applies over mm-unstable. Andrea Arcangeli (2): mm/rmap: support move to different root anon_vma in folio_move_anon_rmap() userfaultfd: UFFDIO_MOVE uABI Suren Baghdasaryan (1): selftests/mm: add UFFDIO_MOVE ioctl test Documentation/admin-guide/mm/userfaultfd.rst | 3 + fs/userfaultfd.c | 63 ++ include/linux/rmap.h | 5 + include/linux/userfaultfd_k.h | 12 + include/uapi/linux/userfaultfd.h | 29 +- mm/huge_memory.c | 138 +++++ mm/khugepaged.c | 3 + mm/rmap.c | 30 + mm/userfaultfd.c | 602 +++++++++++++++++++ tools/testing/selftests/mm/uffd-common.c | 41 +- tools/testing/selftests/mm/uffd-common.h | 1 + tools/testing/selftests/mm/uffd-unit-tests.c | 62 ++ 12 files changed, 986 insertions(+), 3 deletions(-) -- 2.42.0.609.gbb76f46606-goog

2 years

6
51
0 0

[RFC PATCH v1 0/8] Introduce mseal() syscall

by jeffxu＠chromium.org

From: Jeff Xu <jeffxu(a)google.com> This patchset proposes a new mseal() syscall for the Linux kernel. Modern CPUs support memory permissions such as RW and NX bits. Linux has supported NX since the release of kernel version 2.6.8 in August 2004 [1]. The memory permission feature improves security stance on memory corruption bugs, i.e. the attacker can’t just write to arbitrary memory and point the code to it, the memory has to be marked with X bit, or else an exception will happen. Memory sealing additionally protects the mapping itself against modifications. This is useful to mitigate memory corruption issues where a corrupted pointer is passed to a memory management syscall. For example, such an attacker primitive can break control-flow integrity guarantees since read-only memory that is supposed to be trusted can become writable or .text pages can get remapped. Memory sealing can automatically be applied by the runtime loader to seal .text and .rodata pages and applications can additionally seal security critical data at runtime. A similar feature already exists in the XNU kernel with the VM_FLAGS_PERMANENT [3] flag and on OpenBSD with the mimmutable syscall [4]. Also, Chrome wants to adopt this feature for their CFI work [2] and this patchset has been designed to be compatible with the Chrome use case. The new mseal() is an architecture independent syscall, and with following signature: mseal(void addr, size_t len, unsigned int types, unsigned int flags) addr/len: memory range. Must be continuous/allocated memory, or else mseal() will fail and no VMA is updated. For details on acceptable arguments, please refer to comments in mseal.c. Those are also fully covered by the selftest. types: bit mask to specify which syscall to seal, currently they are: MM_SEAL_MSEAL 0x1 MM_SEAL_MPROTECT 0x2 MM_SEAL_MUNMAP 0x4 MM_SEAL_MMAP 0x8 MM_SEAL_MREMAP 0x10 Each bit represents sealing for one specific syscall type, e.g. MM_SEAL_MPROTECT will deny mprotect syscall. The consideration of bitmask is that the API is extendable, i.e. when needed, the sealing can be extended to madvise, mlock, etc. Backward compatibility is also easy. The kernel will remember which seal types are applied, and the application doesn’t need to repeat all existing seal types in the next mseal(). Once a seal type is applied, it can’t be unsealed. Call mseal() on an existing seal type is a no-action, not a failure. MM_SEAL_MSEAL will deny mseal() calls that try to add a new seal type. Internally, vm_area_struct adds a new field vm_seals, to store the bit masks. For the affected syscalls, such as mprotect, a check(can_modify_mm) for sealing is added, this usually happens at the early point of the syscall, before any update is made to VMAs. The effect of that is: if any of the VMAs in the given address range fails the sealing check, none of the VMA will be updated. It might be worth noting that this is different from the rest of mprotect(), where some updates can happen even when mprotect returns fail. Consider can_modify_mm only checks vm_seals in vm_area_struct, and it is not going deeper in the page table or updating any HW, success or none behavior might fit better here. I would like to listen to the community's feedback on this. The idea that inspired this patch comes from Stephen Röttger’s work in V8 CFI [5], Chrome browser in ChromeOS will be the first user of this API. In addition, Stephen is working on glibc change to add sealing support into the dynamic linker to seal all non-writable segments at startup. When that work is completed, all applications can automatically benefit from these new protections. [1] https://kernelnewbies.org/Linux_2_6_8 [2] https://v8.dev/blog/control-flow-integrity [3] https://github.com/apple-oss-distributions/xnu/blob/1031c584a5e37aff177559b… [4] https://man.openbsd.org/mimmutable.2 [5] https://docs.google.com/document/d/1O2jwK4dxI3nRcOJuPYkonhTkNQfbmwdvxQMyXge… Jeff Xu (8): Add mseal syscall Wire up mseal syscall mseal: add can_modify_mm and can_modify_vma mseal: seal mprotect mseal munmap mseal mremap mseal mmap selftest mm/mseal mprotect/munmap/mremap/mmap arch/alpha/kernel/syscalls/syscall.tbl | 1 + arch/arm/tools/syscall.tbl | 1 + arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 2 + arch/ia64/kernel/syscalls/syscall.tbl | 1 + arch/m68k/kernel/syscalls/syscall.tbl | 1 + arch/microblaze/kernel/syscalls/syscall.tbl | 1 + arch/mips/kernel/syscalls/syscall_n32.tbl | 1 + arch/mips/kernel/syscalls/syscall_n64.tbl | 1 + arch/mips/kernel/syscalls/syscall_o32.tbl | 1 + arch/parisc/kernel/syscalls/syscall.tbl | 1 + arch/powerpc/kernel/syscalls/syscall.tbl | 1 + arch/s390/kernel/syscalls/syscall.tbl | 1 + arch/sh/kernel/syscalls/syscall.tbl | 1 + arch/sparc/kernel/syscalls/syscall.tbl | 1 + arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + arch/xtensa/kernel/syscalls/syscall.tbl | 1 + fs/aio.c | 5 +- include/linux/mm.h | 55 +- include/linux/mm_types.h | 7 + include/linux/syscalls.h | 2 + include/uapi/asm-generic/unistd.h | 5 +- include/uapi/linux/mman.h | 6 + ipc/shm.c | 3 +- kernel/sys_ni.c | 1 + mm/Kconfig | 8 + mm/Makefile | 1 + mm/internal.h | 4 +- mm/mmap.c | 49 +- mm/mprotect.c | 6 + mm/mremap.c | 19 +- mm/mseal.c | 328 +++++ mm/nommu.c | 6 +- mm/util.c | 8 +- tools/testing/selftests/mm/Makefile | 1 + tools/testing/selftests/mm/mseal_test.c | 1428 +++++++++++++++++++ 37 files changed, 1934 insertions(+), 28 deletions(-) create mode 100644 mm/mseal.c create mode 100644 tools/testing/selftests/mm/mseal_test.c -- 2.42.0.609.gbb76f46606-goog

2 years

10
42
0 0

Wycena paneli fotowoltaicznych

by Kamil Lasek

Dzień dobry, dostrzegam możliwość współpracy z Państwa firmą. Świadczymy kompleksową obsługę inwestycji w fotowoltaikę, która obniża koszty energii elektrycznej. Czy są Państwo zainteresowani weryfikacją wstępnych propozycji? Pozdrawiam, Kamil Lasek

2 years

1
0
0 0

[PATCH] selftests: bpf: add malloc failures checks in bpf_iter

by Yuran Pereira

Since some malloc calls in bpf_iter may at times fail, this patch adds the appropriate fail checks, and ensures that any previously allocated resource is appropriately destroyed before returning the function. Signed-off-by: Yuran Pereira <yuran.pereira(a)hotmail.com> --- tools/testing/selftests/bpf/prog_tests/bpf_iter.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_iter.c b/tools/testing/selftests/bpf/prog_tests/bpf_iter.c index 1f02168103dd..6d47ea9211a4 100644 --- a/tools/testing/selftests/bpf/prog_tests/bpf_iter.c +++ b/tools/testing/selftests/bpf/prog_tests/bpf_iter.c @@ -878,6 +878,11 @@ static void test_bpf_percpu_hash_map(void) skel->rodata->num_cpus = bpf_num_possible_cpus(); val = malloc(8 * bpf_num_possible_cpus()); + if (CHECK(!val, "malloc", "memory allocation failed: %s", + strerror(errno))) { + bpf_iter_bpf_percpu_hash_map__destroy(skel); + return; + } err = bpf_iter_bpf_percpu_hash_map__load(skel); if (!ASSERT_OK_PTR(skel, "bpf_iter_bpf_percpu_hash_map__load")) @@ -1057,6 +1062,11 @@ static void test_bpf_percpu_array_map(void) skel->rodata->num_cpus = bpf_num_possible_cpus(); val = malloc(8 * bpf_num_possible_cpus()); + if (CHECK(!val, "malloc", "memory allocation failed: %s", + strerror(errno))) { + bpf_iter_bpf_percpu_hash_map__destroy(skel); + return; + } err = bpf_iter_bpf_percpu_array_map__load(skel); if (!ASSERT_OK_PTR(skel, "bpf_iter_bpf_percpu_array_map__load")) -- 2.25.1

2 years

2
1
0 0

[PATCH] selftests: add a sanity check for zswap

by Nhat Pham

We recently encountered a bug that makes all zswap store attempt fail. Specifically, after: "141fdeececb3 mm/zswap: delay the initialization of zswap" if we build a kernel with zswap disabled by default, then enabled after the swapfile is set up, the zswap tree will not be initialized. As a result, all zswap store calls will be short-circuited. We have to perform another swapon to get zswap working properly again. Fortunately, this issue has since been fixed by the patch that kills frontswap: "42c06a0e8ebe mm: kill frontswap" which performs zswap_swapon() unconditionally, i.e always initializing the zswap tree. This test add a sanity check that ensure zswap storing works as intended. Signed-off-by: Nhat Pham <nphamcs(a)gmail.com> --- tools/testing/selftests/cgroup/test_zswap.c | 48 +++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/tools/testing/selftests/cgroup/test_zswap.c b/tools/testing/selftests/cgroup/test_zswap.c index 49def87a909b..c99d2adaca3f 100644 --- a/tools/testing/selftests/cgroup/test_zswap.c +++ b/tools/testing/selftests/cgroup/test_zswap.c @@ -55,6 +55,11 @@ static int get_zswap_written_back_pages(size_t *value) return read_int("/sys/kernel/debug/zswap/written_back_pages", value); } +static long get_zswpout(const char *cgroup) +{ + return cg_read_key_long(cgroup, "memory.stat", "zswpout "); +} + static int allocate_bytes(const char *cgroup, void *arg) { size_t size = (size_t)arg; @@ -68,6 +73,48 @@ static int allocate_bytes(const char *cgroup, void *arg) return 0; } +/* + * Sanity test to check that pages are written into zswap. + */ +static int test_zswap_usage(const char *root) +{ + long zswpout_before, zswpout_after; + int ret = KSFT_FAIL; + char *test_group; + + /* Set up */ + test_group = cg_name(root, "no_shrink_test"); + if (!test_group) + goto out; + if (cg_create(test_group)) + goto out; + if (cg_write(test_group, "memory.max", "1M")) + goto out; + + zswpout_before = get_zswpout(test_group); + if (zswpout_before < 0) { + ksft_print_msg("Failed to get zswpout\n"); + goto out; + } + + /* Allocate more than memory.max to push memory into zswap */ + if (cg_run(test_group, allocate_bytes, (void *)MB(4))) + goto out; + + /* Verify that pages come into zswap */ + zswpout_after = get_zswpout(test_group); + if (zswpout_after <= zswpout_before) { + ksft_print_msg("zswpout does not increase after test program\n"); + goto out; + } + ret = KSFT_PASS; + +out: + cg_destroy(test_group); + free(test_group); + return ret; +} + /* * When trying to store a memcg page in zswap, if the memcg hits its memory * limit in zswap, writeback should not be triggered. @@ -235,6 +282,7 @@ struct zswap_test { int (*fn)(const char *root); const char *name; } tests[] = { + T(test_zswap_usage), T(test_no_kmem_bypass), T(test_no_invasive_cgroup_shrink), }; -- 2.34.1

2 years

2
1
0 0

[PATCH v6 0/8] Add Intel VT-d nested translation (part 1/2)

by Yi Liu

This is the first part to add Intel VT-d nested translation based on IOMMUFD nesting infrastructure. As the iommufd nesting infrastructure series[1], iommu core supports new ops to allocate domains with user data. For nesting, the user data is vendor-specific, IOMMU_HWPT_DATA_VTD_S1 is defined for the Intel VT-d stage-1 page table, it will be used in the stage-1 domain allocation path. struct iommu_hwpt_vtd_s1 is defined to pass user_data for the Intel VT-d stage-1 domain allocation. This series does not have the cache invalidation path, it would be added in part 2/2. The first Intel platform supporting nested translation is Sapphire Rapids which, unfortunately, has a hardware errata [2] requiring special treatment. This errata happens when a stage-1 page table page (either level) is located in a stage-2 read-only region. In that case the IOMMU hardware may ignore the stage-2 RO permission and still set the A/D bit in stage-1 page table entries during page table walking. A flag IOMMU_HW_INFO_VTD_ERRATA_772415_SPR17 is introduced to report this errata to userspace. With that restriction the user should either disable nested translation to favor RO stage-2 mappings or ensure no RO stage-2 mapping to enable nested translation. Intel-iommu driver is armed with necessary checks to prevent such mix in patch8 of this series. Qemu currently does add RO mappings though. The vfio agent in Qemu simply maps all valid regions in the GPA address space which certainly includes RO regions e.g. vbios. In reality we don't know a usage relying on DMA reads from the BIOS region. Hence finding a way to skip RO regions (e.g. via a discard manager) in Qemu might be an acceptable tradeoff. The actual change needs more discussion in Qemu community. For now we just hacked Qemu to test. Complete code can be found in [3], corresponding QEMU could can be found in [4]. [1] https://lore.kernel.org/linux-iommu/20231020091946.12173-1-yi.l.liu@intel.c… [2] https://www.intel.com/content/www/us/en/content-details/772415/content-deta… [3] https://github.com/yiliu1765/iommufd/tree/iommufd_nesting [4] https://github.com/yiliu1765/qemu/tree/zhenzhong/wip/iommufd_nesting_rfcv1 Change log: v6: - Add Kevin's r-b for patch 1 and 8 - Drop Kevin's r-b for patch 7 - Address comments from Kevin - Split the VT-d nesting series into two parts 1/2 and 2/2 v5: https://lore.kernel.org/linux-iommu/20230921075431.125239-1-yi.l.liu@intel.… - Add Kevin's r-b for patch 2, 3 ,5 8, 10 - Drop enforce_cache_coherency callback from the nested type domain ops (Kevin) - Remove duplicate agaw check in patch 04 (Kevin) - Remove duplicate domain_update_iommu_cap() in patch 06 (Kevin) - Check parent's force_snooping to set pgsnp in the pasid entry (Kevin) - uapi data structure check (Kevin) - Simplify the errata handling as user can allocate nested parent domain v4: https://lore.kernel.org/linux-iommu/20230724111335.107427-1-yi.l.liu@intel.… - Remove ascii art tables (Jason) - Drop EMT (Tina, Jason) - Drop MTS and related definitions (Kevin) - Rename macro IOMMU_VTD_PGTBL_ to IOMMU_VTD_S1_ (Kevin) - Rename struct iommu_hwpt_intel_vtd_ to iommu_hwpt_vtd_ (Kevin) - Rename struct iommu_hwpt_intel_vtd to iommu_hwpt_vtd_s1 (Kevin) - Put the vendor specific hwpt alloc data structure before enuma iommu_hwpt_type (Kevin) - Do not trim the higher page levels of S2 domain in nested domain attachment as the S2 domain may have been used independently. (Kevin) - Remove the first-stage pgd check against the maximum address of s2_domain as hw can check it anyhow. It makes sense to check every pfns used in the stage-1 page table. But it cannot make it. So just leave it to hw. (Kevin) - Split the iotlb flush part into an order of uapi, helper and callback implementation (Kevin) - Change the policy of VT-d nesting errata, disallow RO mapping once a domain is used as parent domain of a nested domain. This removes the nested_users counting. (Kevin) - Minor fix for "make htmldocs" v3: https://lore.kernel.org/linux-iommu/20230511145110.27707-1-yi.l.liu@intel.c… - Further split the patches into an order of adding helpers for nested domain, iotlb flush, nested domain attachment and nested domain allocation callback, then report the hw_info to userspace. - Add batch support in cache invalidation from userspace - Disallow nested translation usage if RO mappings exists in stage-2 domain due to errata on readonly mappings on Sapphire Rapids platform. v2: https://lore.kernel.org/linux-iommu/20230309082207.612346-1-yi.l.liu@intel.… - The iommufd infrastructure is split to be separate series. v1: https://lore.kernel.org/linux-iommu/20230209043153.14964-1-yi.l.liu@intel.c… Regards, Yi Liu Lu Baolu (5): iommu/vt-d: Extend dmar_domain to support nested domain iommu/vt-d: Add helper for nested domain allocation iommu/vt-d: Add helper to setup pasid nested translation iommu/vt-d: Add nested domain allocation iommu/vt-d: Disallow read-only mappings to nest parent domain Yi Liu (3): iommufd: Add data structure for Intel VT-d stage-1 domain allocation iommu/vt-d: Make domain attach helpers to be extern iommu/vt-d: Set the nested domain to a device drivers/iommu/intel/Makefile | 2 +- drivers/iommu/intel/iommu.c | 63 +++++++++++++------- drivers/iommu/intel/iommu.h | 46 ++++++++++++-- drivers/iommu/intel/nested.c | 109 ++++++++++++++++++++++++++++++++++ drivers/iommu/intel/pasid.c | 112 +++++++++++++++++++++++++++++++++++ drivers/iommu/intel/pasid.h | 2 + include/uapi/linux/iommufd.h | 42 ++++++++++++- 7 files changed, 348 insertions(+), 28 deletions(-) create mode 100644 drivers/iommu/intel/nested.c -- 2.34.1

2 years

3
17
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror