- Linux-kselftest-mirror - lists.linaro.org

[REGRESSION] lkft kselftest for next-20220721

by lkft＠linaro.org

## Build * kernel: 5.19.0-rc7 * git: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next * git branch: master * git commit: a3fd3ca134d9485a0f9a7bdcffd7f8bae27f79d3 * git describe: next-20220721 * test details: https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20220721 ## Test Regressions (compared to v5.19-rc6-12429-g4ee7eaa411ee) * qemu_arm, kselftest-rtc - rtc.rtctest - rtc.rtctest.rtc.date_read_loop ## Metric Regressions (compared to v5.19-rc6-12429-g4ee7eaa411ee) No metric regressions found. Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> ## Test Fixes (compared to v5.19-rc6-12429-g4ee7eaa411ee) * qemu_arm, kselftest-seccomp - seccomp.seccomp_benchmark ## Metric Fixes (compared to v5.19-rc6-12429-g4ee7eaa411ee) No metric fixes found. ## Test result summary total: 345, pass: 167, fail: 44, skip: 134, xfail: 0 ## Build Summary ## Test suites summary * kselftest-android * kselftest-breakpoints * kselftest-capabilities * kselftest-cgroup * kselftest-clone3 * kselftest-core * kselftest-cpu-hotplug * kselftest-cpufreq * kselftest-drivers-dma-buf * kselftest-efivarfs * kselftest-filesystems * kselftest-filesystems-binderfs * kselftest-firmware * kselftest-fpu * kselftest-gpio * kselftest-ipc * kselftest-ir * kselftest-kcmp * kselftest-lib * kselftest-membarrier * kselftest-netfilter * kselftest-nsfs * kselftest-openat2 * kselftest-pid_namespace * kselftest-pidfd * kselftest-proc * kselftest-pstore * kselftest-rseq * kselftest-rtc * kselftest-seccomp * kselftest-sigaltstack * kselftest-size * kselftest-splice * kselftest-static_keys * kselftest-sync * kselftest-sysctl * kselftest-tc-testing * kselftest-timens * kselftest-timers * kselftest-tmpfs * kselftest-tpm2 * kselftest-user * kselftest-vm -- Linaro LKFT https://lkft.linaro.org

2 years, 3 months

1
0
0 0

[PATCH][next] KVM: selftests: Fix spelling mistake "mismtach" -> "mismatch"

by Colin Ian King

There is a spelling mistake in an assert message. Fix it. Signed-off-by: Colin Ian King <colin.i.king(a)gmail.com> --- tools/testing/selftests/kvm/x86_64/cpuid_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/x86_64/cpuid_test.c b/tools/testing/selftests/kvm/x86_64/cpuid_test.c index a6aeee2e62e4..c85113d1aeb2 100644 --- a/tools/testing/selftests/kvm/x86_64/cpuid_test.c +++ b/tools/testing/selftests/kvm/x86_64/cpuid_test.c @@ -93,7 +93,7 @@ static void compare_cpuids(const struct kvm_cpuid2 *cpuid1, TEST_ASSERT(e1->function == e2->function && e1->index == e2->index && e1->flags == e2->flags, - "CPUID entries[%d] mismtach: 0x%x.%d.%x vs. 0x%x.%d.%x\n", + "CPUID entries[%d] mismatch: 0x%x.%d.%x vs. 0x%x.%d.%x\n", i, e1->function, e1->index, e1->flags, e2->function, e2->index, e2->flags); -- 2.35.3

2 years, 3 months

1
0
0 0

Re: [PATCH net] ip_tunnel: allow to inherit from VLAN encapsulated IP frames

by Nicolas Dichtel

+ linux-kselftest(a)vger.kernel.org Le 20/07/2022 à 17:24, Matthias May a écrit : > Hi > > I finally got around to do the previously mentioned selftest for gretap, vxlan > and geneve. > See the bash-script below. > > Many of the vxlan/geneve tests are currently failing, with gretap working on > net-next > because of the fixes i sent. > What is the policy on sending selftests that are failing? > Are fixes for the failures required in advance? I don't know, I've added linux-kselftest(a)vger.kernel.org to the thread. Regards, Nicolas > > I'm not sure i can fix them. > Geneve seems to ignore the 3 upper bits of the DSCP completely.

2 years, 3 months

1
0
0 0

相互理解

by DR JOSEPH ANYA

-- 亲爱的朋友, 我是约瑟夫*安雅先生，在亚行银行在西非。我正在联系你与我合作只检索总额(3 950万美元)。押金是由我们已故的客户乔治。小。我在成功收到资金后向您提出总额的40％，我向您保证，这笔交易是100％无风险和合法的。我寻求你的合伙要求这些资金，以避免被银行没收。联系我了解更多细节。我期待你的紧急答复致以最良好的问候。约瑟夫*安雅博士。

2 years, 3 months

1
0
0 0

[PATCH v2 0/4] Introduce security_create_user_ns()

by Frederick Lawler

While creating a LSM BPF MAC policy to block user namespace creation, we used the LSM cred_prepare hook because that is the closest hook to prevent a call to create_user_ns(). The calls look something like this: cred = prepare_creds() security_prepare_creds() call_int_hook(cred_prepare, ... if (cred) create_user_ns(cred) We noticed that error codes were not propagated from this hook and introduced a patch [1] to propagate those errors. The discussion notes that security_prepare_creds() is not appropriate for MAC policies, and instead the hook is meant for LSM authors to prepare credentials for mutation. [2] Ultimately, we concluded that a better course of action is to introduce a new security hook for LSM authors. [3] This patch set first introduces a new security_create_user_ns() function and create_user_ns LSM hook, then marks the hook as sleepable in BPF. Links: 1. https://lore.kernel.org/all/20220608150942.776446-1-fred@cloudflare.com/ 2. https://lore.kernel.org/all/87y1xzyhub.fsf@email.froward.int.ebiederm.org/ 3. https://lore.kernel.org/all/9fe9cd9f-1ded-a179-8ded-5fde8960a586@cloudflare… Changes since v1: - Add selftests/bpf: Add tests verifying bpf lsm create_user_ns hook patch - Add selinux: Implement create_user_ns hook patch - Change function signature of security_create_user_ns() to only take struct cred - Move security_create_user_ns() call after id mapping check in create_user_ns() - Update documentation to reflect changes Frederick Lawler (4): security, lsm: Introduce security_create_user_ns() bpf-lsm: Make bpf_lsm_create_user_ns() sleepable selftests/bpf: Add tests verifying bpf lsm create_user_ns hook selinux: Implement create_user_ns hook include/linux/lsm_hook_defs.h | 1 + include/linux/lsm_hooks.h | 4 + include/linux/security.h | 6 ++ kernel/bpf/bpf_lsm.c | 1 + kernel/user_namespace.c | 5 ++ security/security.c | 5 ++ security/selinux/hooks.c | 9 ++ security/selinux/include/classmap.h | 2 + .../selftests/bpf/prog_tests/deny_namespace.c | 88 +++++++++++++++++++ .../selftests/bpf/progs/test_deny_namespace.c | 39 ++++++++ 10 files changed, 160 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/deny_namespace.c create mode 100644 tools/testing/selftests/bpf/progs/test_deny_namespace.c -- 2.30.2

2 years, 3 months

6
15
0 0

[PATCH v3] apparmor: test: Remove some casts which are no-longer required

by David Gow

With some of the stricter type checking in KUnit's EXPECT macros removed, several casts in policy_unpack_test are no longer required. Remove the unnecessary casts, making the conditions clearer. Reviewed-by: Brendan Higgins <brendanhiggins(a)google.com> Acked-by: John Johansen <john.johansen(a)canonical.com> Signed-off-by: David Gow <davidgow(a)google.com> --- This is a rebase and resend of [1], which had been accepted into the AppArmor tree, but eventually conflicted with [2]. Let's push it via the KUnit tree to avoid any further conflicts, as discussed in [3]. Cheers, -- David [1]: https://lore.kernel.org/linux-kselftest/20210513193204.816681-9-davidgow@go… [2]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [3]: https://lore.kernel.org/all/20220405125540.2135d81d@canb.auug.org.au/ --- security/apparmor/policy_unpack_test.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/security/apparmor/policy_unpack_test.c b/security/apparmor/policy_unpack_test.c index 5c18d2f19862..7954cb23d5f2 100644 --- a/security/apparmor/policy_unpack_test.c +++ b/security/apparmor/policy_unpack_test.c @@ -177,7 +177,7 @@ static void policy_unpack_test_unpack_array_out_of_bounds(struct kunit *test) array_size = unpack_array(puf->e, name); - KUNIT_EXPECT_EQ(test, array_size, (u16)0); + KUNIT_EXPECT_EQ(test, array_size, 0); KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->start + TEST_NAMED_ARRAY_BUF_OFFSET); } @@ -391,10 +391,10 @@ static void policy_unpack_test_unpack_u16_chunk_basic(struct kunit *test) size = unpack_u16_chunk(puf->e, &chunk); - KUNIT_EXPECT_PTR_EQ(test, (void *)chunk, + KUNIT_EXPECT_PTR_EQ(test, chunk, puf->e->start + TEST_U16_OFFSET + 2); - KUNIT_EXPECT_EQ(test, size, (size_t)TEST_U16_DATA); - KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, (void *)(chunk + TEST_U16_DATA)); + KUNIT_EXPECT_EQ(test, size, TEST_U16_DATA); + KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, (chunk + TEST_U16_DATA)); } static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_1( @@ -408,7 +408,7 @@ static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_1( size = unpack_u16_chunk(puf->e, &chunk); - KUNIT_EXPECT_EQ(test, size, (size_t)0); + KUNIT_EXPECT_EQ(test, size, 0); KUNIT_EXPECT_NULL(test, chunk); KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->end - 1); } @@ -430,7 +430,7 @@ static void policy_unpack_test_unpack_u16_chunk_out_of_bounds_2( size = unpack_u16_chunk(puf->e, &chunk); - KUNIT_EXPECT_EQ(test, size, (size_t)0); + KUNIT_EXPECT_EQ(test, size, 0); KUNIT_EXPECT_NULL(test, chunk); KUNIT_EXPECT_PTR_EQ(test, puf->e->pos, puf->e->start + TEST_U16_OFFSET); } -- 2.37.0.rc0.161.g10f37bed90-goog

2 years, 3 months

2
1
0 0

[PATCH] kselftest/arm64: Correct buffer allocation for SVE Z registers

by Mark Brown

The buffer used for verifying SVE Z registers allocated enough space for 16 maximally sized registers rather than 32 due to using the macro for the number of P registers. In practice this didn't matter since for historical reasons the maximum VQ defined in the ABI is greater the architectural maximum so we will always allocate more space than is needed even with emulated platforms implementing the architectural maximum. Still, we should use the right define. Signed-off-by: Mark Brown <broonie(a)kernel.org> --- tools/testing/selftests/arm64/abi/syscall-abi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/arm64/abi/syscall-abi.c b/tools/testing/selftests/arm64/abi/syscall-abi.c index b632bfe9e022..95229fa73232 100644 --- a/tools/testing/selftests/arm64/abi/syscall-abi.c +++ b/tools/testing/selftests/arm64/abi/syscall-abi.c @@ -113,8 +113,8 @@ static int check_fpr(struct syscall_cfg *cfg, int sve_vl, int sme_vl, } static uint8_t z_zero[__SVE_ZREG_SIZE(SVE_VQ_MAX)]; -uint8_t z_in[SVE_NUM_PREGS * __SVE_ZREG_SIZE(SVE_VQ_MAX)]; -uint8_t z_out[SVE_NUM_PREGS * __SVE_ZREG_SIZE(SVE_VQ_MAX)]; +uint8_t z_in[SVE_NUM_ZREGS * __SVE_ZREG_SIZE(SVE_VQ_MAX)]; +uint8_t z_out[SVE_NUM_ZREGS * __SVE_ZREG_SIZE(SVE_VQ_MAX)]; static void setup_z(struct syscall_cfg *cfg, int sve_vl, int sme_vl, uint64_t svcr) -- 2.30.2

2 years, 3 months

1
0
0 0

[PATCH] selftests: memcg: uninitialized variable in test_memcg_reclaim()

by Dan Carpenter

The "fd" is used on the clean up path without ever being initialized. Fixes: eae3cb2e87ff ("selftests: cgroup: add a selftest for memory.reclaim") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> --- I kind of went over kill on fixing this as if it were real code which matters. :P .../selftests/cgroup/test_memcontrol.c | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/tools/testing/selftests/cgroup/test_memcontrol.c b/tools/testing/selftests/cgroup/test_memcontrol.c index 8833359556f3..08681699c2f9 100644 --- a/tools/testing/selftests/cgroup/test_memcontrol.c +++ b/tools/testing/selftests/cgroup/test_memcontrol.c @@ -658,18 +658,18 @@ static int test_memcg_reclaim(const char *root) memcg = cg_name(root, "memcg_test"); if (!memcg) - goto cleanup; + return KSFT_FAIL; if (cg_create(memcg)) - goto cleanup; + goto free_memcg; current = cg_read_long(memcg, "memory.current"); if (current != 0) - goto cleanup; + goto destroy_memcg; fd = get_temp_fd(); if (fd < 0) - goto cleanup; + goto destroy_memcg; cg_run_nowait(memcg, alloc_pagecache_50M_noexit, (void *)(long)fd); @@ -697,7 +697,7 @@ static int test_memcg_reclaim(const char *root) fprintf(stderr, "failed to allocate %ld for memcg reclaim test\n", expected_usage); - goto cleanup; + goto close; } } @@ -717,7 +717,7 @@ static int test_memcg_reclaim(const char *root) * not reclaim the full amount. */ if (to_reclaim <= 0) - goto cleanup; + goto close; snprintf(buf, sizeof(buf), "%ld", to_reclaim); @@ -729,7 +729,7 @@ static int test_memcg_reclaim(const char *root) */ current = cg_read_long(memcg, "memory.current"); if (!values_close(current, MB(30), 3) && current > MB(30)) - goto cleanup; + goto close; break; } @@ -738,14 +738,17 @@ static int test_memcg_reclaim(const char *root) continue; /* We got an unexpected error or ran out of retries. */ - goto cleanup; + goto close; } ret = KSFT_PASS; -cleanup: + +close: + close(fd); +destroy_memcg: cg_destroy(memcg); +free_memcg: free(memcg); - close(fd); return ret; } -- 2.35.1

2 years, 3 months

2
3
0 0

[PATCH 00/17] nolibc: add preliminary self tests

by Willy Tarreau

Hi Paul, as previously promised, here comes the nolibc update which introduces the minimal self-test infrastructure that aims at being reasonably easy to expand further. It's based on your branch "dev.2022.06.30b" that contains the previous minor fixes that aimed at addressing Linus' concerns about the build process inconsistencies. The way it works tries to mimmick as much as possible the regular build process, so that it reuses the same ARCH, CC, CROSS_COMPILE to build the test program, that will be embedded into an initramfs and the kernel is (re)built with that initramfs. Then you can decide to run that kernel under QEMU for the supported archs, and the output of the tests appears in an output text file in a format that's easily greppable and diffable. A single target "run" does everything. By default it will reuse your existing .config (so that developers continue to use their regular config handling), though it can also create a known-to-work defconfig for each arch. The reason behind this is that it took me a moment to figure certain defconfig + machine name combinations and I found it better to put them there once for all. I've successfully tested it on arm, arm64, i386, x86_64. riscv64 works except two syscalls which return unexpected errors, and mips segfaults in sbrk(). I don't know why yet, but this proves that it's worth having such a test. There are not that many tests yet (71), those that have to run can be filtered either from the program's command line or from a NOLIBC_TEST environment variable so that it's possible to skip broken ones or to focus on a few ranges only. Tests are numerically numbered, and are conveniently handled in a switch/case statement so that a relative line number assigns the number to the test. That's convenient because the vast majority of syscall tests are one-liners. This sometimes slightly upsets check-patch when lines get moderately long but that significantly improves legibility. There are expectation for both successes and failures (e.g. -1 ENOTDIR). I'm sure this can be improved later (and that's the goal). Right now it covers two test families: - syscalls - stdlib (str* functions mostly) I suspect that over time we might want to split syscalls into different parts (e.g. core, fs, etc maybe) but I could be wrong. The program can automatically modulate QEMU's return value on x86 when QEMU is run with the appropriate options, but for now I'm not using it as I felt like it didn't bring much value, and the output is more useful. That's debatable, and maybe some might want to use it in bisect scripts for example. It's too early to say IMHO. Oh, I also arranged the code so that the test also builds with glibc. I noticed that when adding a new test that fails, sometimes it's convenient to see if it's the nolibc part that's broken or the test. I don't find this critical but the required includes and ifdefs are there so that it should be easy to maintain over time as well. I'm obviously interested in comments, but really, I don't want to overdesign something for a first step, it remains a very modest test program and I'd like that it remains easy to hack on it and to contribute new tests that are deemed useful. I'm CCing the few who already contributed some patches and/or expressed interest, as well as Linus who had a first bad experience when trying to test it, hoping this one will be better. I'm pasting below [1] a copy of a test on x86_64 below, that's summed up as "71 test(s) passed" at the end of the "run" target. If there's no objection, it would be nice to have this with your current series, as it definitely helps spot and fix the bugs. In parallel I'll see if I can figure the problems with the two tests that fail each on a specific arch and I might possibly have a few extra fixes for the current nolibc. Thank you! Willy [1] example output ----8<---- Running test 'syscall' 0 getpid = 1 [OK] 1 getppid = 0 [OK] 5 getpgid_self = 0 [OK] 6 getpgid_bad = -1 ESRCH [OK] 7 kill_0 = 0 [OK] 8 kill_CONT = 0 [OK] 9 kill_BADPID = -1 ESRCH [OK] 10 sbrk = 0 [OK] 11 brk = 0 [OK] 12 chdir_root = 0 [OK] 13 chdir_dot = 0 [OK] 14 chdir_blah = -1 ENOENT [OK] 15 chmod_net = 0 [OK] 16 chmod_self = -1 EPERM [OK] 17 chown_self = -1 EPERM [OK] 18 chroot_root = 0 [OK] 19 chroot_blah = -1 ENOENT [OK] 20 chroot_exe = -1 ENOTDIR [OK] 21 close_m1 = -1 EBADF [OK] 22 close_dup = 0 [OK] 23 dup_0 = 3 [OK] 24 dup_m1 = -1 EBADF [OK] 25 dup2_0 = 100 [OK] 26 dup2_m1 = -1 EBADF [OK] 27 dup3_0 = 100 [OK] 28 dup3_m1 = -1 EBADF [OK] 29 execve_root = -1 EACCES [OK] 30 getdents64_root = 120 [OK] 31 getdents64_null = -1 ENOTDIR [OK] 32 gettimeofday_null = 0 [OK] 38 ioctl_tiocinq = 0 [OK] 39 ioctl_tiocinq = 0 [OK] 40 link_root1 = -1 EEXIST [OK] 41 link_blah = -1 ENOENT [OK] 42 link_dir = -1 EPERM [OK] 43 link_cross = -1 EXDEV [OK] 44 lseek_m1 = -1 EBADF [OK] 45 lseek_0 = -1 ESPIPE [OK] 46 mkdir_root = -1 EEXIST [OK] 47 open_tty = 3 [OK] 48 open_blah = -1 ENOENT [OK] 49 poll_null = 0 [OK] 50 poll_stdout = 1 [OK] 51 poll_fault = -1 EFAULT [OK] 52 read_badf = -1 EBADF [OK] 53 sched_yield = 0 [OK] 54 select_null = 0 [OK] 55 select_stdout = 1 [OK] 56 select_fault = -1 EFAULT [OK] 57 stat_blah = -1 ENOENT [OK] 58 stat_fault = -1 EFAULT [OK] 59 symlink_root = -1 EEXIST [OK] 60 unlink_root = -1 EISDIR [OK] 61 unlink_blah = -1 ENOENT [OK] 62 wait_child = -1 ECHILD [OK] 63 waitpid_min = -1 ESRCH [OK] 64 waitpid_child = -1 ECHILD [OK] 65 write_badf = -1 EBADF [OK] 66 write_zero = 0 [OK] Errors during this test: 0 Running test 'stdlib' 0 getenv_TERM = <linux> [OK] 1 getenv_blah = <(null)> [OK] 2 setcmp_blah_blah = 0 [OK] 3 setcmp_blah_blah2 = -50 [OK] 4 setncmp_blah_blah = 0 [OK] 5 setncmp_blah_blah4 = 0 [OK] 6 setncmp_blah_blah5 = -53 [OK] 7 setncmp_blah_blah6 = -54 [OK] 8 strchr_foobar_o = <oobar> [OK] 9 strchr_foobar_z = <(null)> [OK] 10 strrchr_foobar_o = <obar> [OK] 11 strrchr_foobar_z = <(null)> [OK] Errors during this test: 0 Total number of errors: 0 ---->8---- -- Willy Tarreau (17): tools/nolibc: make argc 32-bit in riscv startup code tools/nolibc: fix build warning in sys_mmap() when my_syscall6 is not defined tools/nolibc: make sys_mmap() automatically use the right __NR_mmap definition selftests/nolibc: add basic infrastructure to ease creation of nolibc tests selftests/nolibc: support a test definition format selftests/nolibc: implement a few tests for various syscalls selftests/nolibc: add a few tests for some stdlib functions selftests/nolibc: exit with poweroff on success when getpid() == 1 selftests/nolibc: on x86, support exiting with isa-debug-exit selftests/nolibc: recreate and populate /dev and /proc if missing selftests/nolibc: condition some tests on /proc existence selftests/nolibc: support glibc as well selftests/nolibc: add a "kernel" target to build the kernel with the initramfs selftests/nolibc: add a "defconfig" target selftests/nolibc: add a "run" target to start the kernel in QEMU selftests/nolibc: "sysroot" target installs a local copy of the sysroot selftests/nolibc: add a "help" target MAINTAINERS | 1 + tools/include/nolibc/arch-riscv.h | 2 +- tools/include/nolibc/sys.h | 4 +- tools/testing/selftests/nolibc/Makefile | 135 ++++ tools/testing/selftests/nolibc/nolibc-test.c | 757 +++++++++++++++++++ 5 files changed, 896 insertions(+), 3 deletions(-) create mode 100644 tools/testing/selftests/nolibc/Makefile create mode 100644 tools/testing/selftests/nolibc/nolibc-test.c -- 2.17.5

2 years, 3 months

3
24
0 0

Re: [PATCH v2 4/4] selinux: Implement create_user_ns hook

by Paul Moore

On Tue, Jul 19, 2022 at 10:42 PM Karl MacMillan <karl(a)bigbadwolfsecurity.com> wrote: > On Thu, Jul 7, 2022 at 6:34 PM Frederick Lawler <fred(a)cloudflare.com> wrote: >> >> Unprivileged user namespace creation is an intended feature to enable >> sandboxing, however this feature is often used to as an initial step to >> perform a privilege escalation attack. >> >> This patch implements a new namespace { userns_create } access control >> permission to restrict which domains allow or deny user namespace >> creation. This is necessary for system administrators to quickly protect >> their systems while waiting for vulnerability patches to be applied. >> >> This permission can be used in the following way: >> >> allow domA_t domB_t : namespace { userns_create }; > > > Isn’t this actually domA_t domA_t : namespace . . . > > I got confused reading this initially trying to figure out what the second domain type would be, but looking at the code cleared that up. Ah, good catch, thanks Karl! -- paul-moore.com

2 years, 3 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror