On 12/1/22 12:11, Maxime Ripard wrote:
> Now that we have VC4-specific tests in place, let's document them
> properly.
>
> Signed-off-by: Maxime Ripard <maxime(a)cerno.tech>
Reviewed-by: Maíra Canal <mcanal(a)igalia.com>
Just a small nit below.
> ---
> Documentation/gpu/vc4.rst | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/Documentation/gpu/vc4.rst b/Documentation/gpu/vc4.rst
> index 5df1d98b9544..a2375f1584e6 100644
> --- a/Documentation/gpu/vc4.rst
> +++ b/Documentation/gpu/vc4.rst
> @@ -54,6 +54,22 @@ VEC (Composite TV out) encoder
> .. kernel-doc:: drivers/gpu/drm/vc4/vc4_vec.c
> :doc: VC4 SDTV module
>
> +KUnit Tests
> +===========
> +
> +The VC4 Driver uses KUnit to perform driver-specific unit and
> +integration tests.
> +
> +These tests are using a mock driver and can be ran using the
> +command::
> + ./tools/testing/kunit/kunit.py run \
> + --kunitconfig=drivers/gpu/drm/vc4/tests/.kunitconfig \
> + --cross_compile aarch64-linux-gnu- --arch arm64
I believe you could use a code block here, like:
.. code-block:: bash
$ ./tools/testing/kunit/kunit.py run \
--kunitconfig=drivers/gpu/drm/vc4/tests/.kunitconfig \
--cross_compile aarch64-linux-gnu- --arch arm64
You could also mention that you can run the tests with --arch arm.
Best Regards,
- Maíra Canal
> +
> +Parts of the driver that are currently covered by tests are:
> + * The HVS to PixelValve dynamic FIFO assignment, for the BCM2835-7
> + and BCM2711.
> +
> Memory Management and 3D Command Submission
> ===========================================
>
>
Currently the KTAP specification says that a test result line is
<result> <number> [<description>][ # [<directive>] [<diagnostic data>]]
and the description of a test can be "any sequence of words
(can't include #)" which specifies that there may be more than
one word but does not specify anything other than those words
which might be used to separate the words which probably isn't
what we want. Given that practically we have tests using a range
of separators for words including combinations of spaces and
combinations of other symbols like underscores or punctuation
let's just clarify that the description can contain any character
other than # (marking the start of the directive/diagnostic) or
newline (marking the end of this test result).
Signed-off-by: Mark Brown <broonie(a)kernel.org>
Reviewed-by: Kees Cook <keescook(a)chromium.org>
Reviewed-by: David Gow <davidgow(a)google.com>
---
Documentation/dev-tools/ktap.rst | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/dev-tools/ktap.rst b/Documentation/dev-tools/ktap.rst
index d0a9565b0f44..414c105b10a9 100644
--- a/Documentation/dev-tools/ktap.rst
+++ b/Documentation/dev-tools/ktap.rst
@@ -80,8 +80,8 @@ have the number 1 and the number then must increase by 1 for each additional
subtest within the same test at the same nesting level.
The description is a description of the test, generally the name of
-the test, and can be any string of words (can't include #). The
-description is optional, but recommended.
+the test, and can be any string of characters other than # or a
+newline. The description is optional, but recommended.
The directive and any diagnostic data is optional. If either are present, they
must follow a hash sign, "#".
--
2.30.2
There are spelling mistakes in messages in the prctl tests. Fix these.
Note: One can use "all right", or "alright", I'm fixing this to use
the slightly more informal and more modern form of the spelling for
the fix.
Signed-off-by: Colin Ian King <colin.i.king(a)gmail.com>
---
tools/testing/selftests/prctl/disable-tsc-ctxt-sw-stress-test.c | 2 +-
tools/testing/selftests/prctl/disable-tsc-on-off-stress-test.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/prctl/disable-tsc-ctxt-sw-stress-test.c b/tools/testing/selftests/prctl/disable-tsc-ctxt-sw-stress-test.c
index 62a93cc61b7c..868f37fd1d5e 100644
--- a/tools/testing/selftests/prctl/disable-tsc-ctxt-sw-stress-test.c
+++ b/tools/testing/selftests/prctl/disable-tsc-ctxt-sw-stress-test.c
@@ -79,7 +79,7 @@ int main(void)
{
int n_tasks = 100, i;
- fprintf(stderr, "[No further output means we're allright]\n");
+ fprintf(stderr, "[No further output means we're alright]\n");
for (i=0; i<n_tasks; i++)
if (fork() == 0)
diff --git a/tools/testing/selftests/prctl/disable-tsc-on-off-stress-test.c b/tools/testing/selftests/prctl/disable-tsc-on-off-stress-test.c
index 79950f9a26fd..3822532fc0c6 100644
--- a/tools/testing/selftests/prctl/disable-tsc-on-off-stress-test.c
+++ b/tools/testing/selftests/prctl/disable-tsc-on-off-stress-test.c
@@ -83,7 +83,7 @@ int main(void)
{
int n_tasks = 100, i;
- fprintf(stderr, "[No further output means we're allright]\n");
+ fprintf(stderr, "[No further output means we're alright]\n");
for (i=0; i<n_tasks; i++)
if (fork() == 0)
--
2.38.1
The "How Do I Use This" section of index.rst and "Next Steps" section of
start.rst were just copies of the table of contents, and therefore
weren't really useful either when looking a sphinx generated output
(which already had the TOC visible) or when reading the source (where
it's just a list of files that ls could give you).
Instead, provide a small number of concrete next steps, and a bit more
description about what the pages contain.
This also removes the broken reference to 'tips.rst', which was
previously removed.
Fixes: 4399c737a97d ("Documentation: kunit: Remove redundant 'tips.rst' page")
Signed-off-by: David Gow <davidgow(a)google.com>
---
Thanks everyone for reviewing v1. Since this is pretty much a complete
rewrite, I've left Reviewed-by tags off, as I don't feel the previous
reviews totally apply. Feel free to review again if you have any
comments.
Cheers,
-- David
Changes since v1:
https://lore.kernel.org/linux-kselftest/20221129094732.306449-1-davidgow@go…
- Totally rewrite both sections to only include (and provide more
context for) the most concrete next steps.
- Thanks Bagas for pointing out that this basically duplicates the TOC
as-is.
---
Documentation/dev-tools/kunit/index.rst | 19 ++++++++-----------
Documentation/dev-tools/kunit/start.rst | 19 +++++++++----------
2 files changed, 17 insertions(+), 21 deletions(-)
diff --git a/Documentation/dev-tools/kunit/index.rst b/Documentation/dev-tools/kunit/index.rst
index d5629817cd72..b3593ae29ace 100644
--- a/Documentation/dev-tools/kunit/index.rst
+++ b/Documentation/dev-tools/kunit/index.rst
@@ -99,14 +99,11 @@ Read also :ref:`kinds-of-tests`.
How do I use it?
================
-* Documentation/dev-tools/kunit/start.rst - for KUnit new users.
-* Documentation/dev-tools/kunit/architecture.rst - KUnit architecture.
-* Documentation/dev-tools/kunit/run_wrapper.rst - run kunit_tool.
-* Documentation/dev-tools/kunit/run_manual.rst - run tests without kunit_tool.
-* Documentation/dev-tools/kunit/usage.rst - write tests.
-* Documentation/dev-tools/kunit/tips.rst - best practices with
- examples.
-* Documentation/dev-tools/kunit/api/index.rst - KUnit APIs
- used for testing.
-* Documentation/dev-tools/kunit/faq.rst - KUnit common questions and
- answers.
+You can find a step-by-step guide to writing and running KUnit tests in
+Documentation/dev-tools/kunit/start.rst
+
+Alternatively, feel free to look through the rest of the KUnit documentation,
+or to experiment with tools/testing/kunit/kunit.py and the example test under
+lib/kunit/kunit-example-test.c
+
+Happy testing!
diff --git a/Documentation/dev-tools/kunit/start.rst b/Documentation/dev-tools/kunit/start.rst
index f4f504f1fb15..224387a43543 100644
--- a/Documentation/dev-tools/kunit/start.rst
+++ b/Documentation/dev-tools/kunit/start.rst
@@ -294,13 +294,12 @@ Congrats! You just wrote your first KUnit test.
Next Steps
==========
-* Documentation/dev-tools/kunit/architecture.rst - KUnit architecture.
-* Documentation/dev-tools/kunit/run_wrapper.rst - run kunit_tool.
-* Documentation/dev-tools/kunit/run_manual.rst - run tests without kunit_tool.
-* Documentation/dev-tools/kunit/usage.rst - write tests.
-* Documentation/dev-tools/kunit/tips.rst - best practices with
- examples.
-* Documentation/dev-tools/kunit/api/index.rst - KUnit APIs
- used for testing.
-* Documentation/dev-tools/kunit/faq.rst - KUnit common questions and
- answers.
+If you're interested in using some of the more advanced features of kunit.py,
+take a look at Documentation/dev-tools/kunit/run_wrapper.rst
+
+If you'd like to run tests without using kunit.py, check out
+Documentation/dev-tools/kunit/run_manual.rst
+
+For more information on writing KUnit tests (including some common techniques
+for testing different things), see Documentation/dev-tools/kunit/usage.rst
+
--
2.39.0.rc0.267.gcb52ba06e7-goog
1. Patch1 is dependent patch to fix zext extension error in 32-bit ARM.
2. Patch2 supports bpf fkunc in 32-bit ARM for EABI.
3. Patch3 is used to add test cases to cover some parameter scenarios
states by AAPCS.
4. Patch4 fix a comment error.
The following is the test_progs result in the 32-bit ARM environment:
# uname -m
armv7l
# echo 1 > /proc/sys/net/core/bpf_jit_enable
# ./test_progs -t kfunc_call
#1/1 kfunc_call/kfunc_syscall_test_fail:OK
#1/2 kfunc_call/kfunc_syscall_test_null_fail:OK
#1/3 kfunc_call/kfunc_call_test_get_mem_fail_rdonly:OK
#1/4 kfunc_call/kfunc_call_test_get_mem_fail_use_after_free:OK
#1/5 kfunc_call/kfunc_call_test_get_mem_fail_oob:OK
#1/6 kfunc_call/kfunc_call_test_get_mem_fail_not_const:OK
#1/7 kfunc_call/kfunc_call_test_mem_acquire_fail:OK
#1/8 kfunc_call/kfunc_call_test1:OK
#1/9 kfunc_call/kfunc_call_test2:OK
#1/10 kfunc_call/kfunc_call_test4:OK
#1/11 kfunc_call/kfunc_call_test5:OK
#1/12 kfunc_call/kfunc_call_test6:OK
#1/13 kfunc_call/kfunc_call_test_ref_btf_id:OK
#1/14 kfunc_call/kfunc_call_test_get_mem:OK
#1/15 kfunc_call/kfunc_syscall_test:OK
#1/16 kfunc_call/kfunc_syscall_test_null:OK
#1/19 kfunc_call/destructive:OK
---
Changes since v2:
- Remove patches to adjust sk size check for CO_RE in 32-bit arch.
- Add check of kfunc's return value in insn_def_regno.
- Adjust is_reg64 for insn_def_regno.
- The check of CONFIG_AEABI is moved from emit_kfunc_call to
bpf_jit_supports_kfunc_call.
- Fix a comment error in fixup_kfunc_call.
Yang Jihong (4):
bpf: Adapt 32-bit return value kfunc for 32-bit ARM when zext
extension
bpf: Add kernel function call support in 32-bit ARM for EABI
bpf:selftests: Add kfunc_call test for mixing 32-bit and 64-bit
parameters
bpf: Fix comment error in fixup_kfunc_call function
arch/arm/net/bpf_jit_32.c | 137 ++++++++++++++++++
kernel/bpf/verifier.c | 46 +++++-
net/bpf/test_run.c | 18 +++
.../selftests/bpf/prog_tests/kfunc_call.c | 3 +
.../selftests/bpf/progs/kfunc_call_test.c | 52 +++++++
5 files changed, 252 insertions(+), 4 deletions(-)
--
2.30.GIT
Today's -next fails to build the KVM selftests on at least arm64 due to
commit
9fda6753c9dd ("KVM: selftests: Rename perf_test_util.[ch] to memstress.[ch]")
interacting poorly with commit
a93871d0ea9f ("KVM: selftests: Add a userfaultfd library")
which adds a new user of perf_test_util.h. Do the rename in the new
user.
Fixes: 9fda6753c9dd ("KVM: selftests: Rename perf_test_util.[ch] to memstress.[ch]")
Fixes: a93871d0ea9f ("KVM: selftests: Add a userfaultfd library")
Signed-off-by: Mark Brown <broonie(a)kernel.org>
Cc: Ricardo Koller <ricarkol(a)google.com>
Cc: Marc Zyngier <maz(a)kernel.org>
Cc: David Matlack <dmatlack(a)google.com>
Cc: Sean Christopherson <seanjc(a)google.com>
Cc: Paolo Bonzini <pbonzini(a)redhat.com>
Cc: Stephen Rothwell <sfr(a)canb.auug.org.au>
---
tools/testing/selftests/kvm/lib/userfaultfd_util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/kvm/lib/userfaultfd_util.c b/tools/testing/selftests/kvm/lib/userfaultfd_util.c
index 3b44846fc277..92cef20902f1 100644
--- a/tools/testing/selftests/kvm/lib/userfaultfd_util.c
+++ b/tools/testing/selftests/kvm/lib/userfaultfd_util.c
@@ -20,7 +20,7 @@
#include "kvm_util.h"
#include "test_util.h"
-#include "perf_test_util.h"
+#include "memstress.h"
#include "userfaultfd_util.h"
#ifdef __NR_userfaultfd
--
2.30.2
Currently in order to test a static function, tests must be included in the
same translation unit as the function. However, this can cause issues with
including implementation and test code in the same file. As an alternative,
the first patch in this series creates a macro that will set a function to
be static or not depending on whether CONFIG_KUNIT is enabled. This allows
the function to be visible during testing and static otherwise.
As an example, the current status quo to test static functions is:
=== test.c ===
static void test_case(struct kunit *test)
{
KUNIT_EXPECT_EQ(test, my_func_to_test(), 2);
}
Then the tests are included in the implementation file as a workaround to
the issue of testing static functions:
=== implementation.c ===
static int my_func_to_test() {...}
...
#include "test.c"
Instead, the function could be defined with this new macro:
=== implementation.c ===
VISIBLE_IF_KUNIT int my_func_to_test() {...}
The first patch also creates a macro that will export a symbol into a kunit
testing namespace only if CONFIG_KUNIT is enabled. This follows the logic
above and allows symbols to be conditionally exported based on the testing
status.
The second patch in the series updates the policy_unpack test in AppArmor
to show an example of how to use both of these macros in order to address
the issue of testing static functions. Additionally, the patch allows the
policy_unpack test to be built as a module.
Changes since v2:
- Add mention of namespacing symbols to the commit message of the
second patch.
- Change module name in the second patch from policy_unpack_test to
apparmor_policy_unpack_test.
Changes since v1:
- Changed the namespace of exported symbols for the apparmor
policy_unpack_test by adding the aa_ prefix.
- Separated the documentation comments for macros in
include/kunit/visibility.h.
- Changed copyright date and author for include/kunit/visibility.h.
Rae Moar (2):
kunit: add macro to allow conditionally exposing static symbols to
tests
apparmor: test: make static symbols visible during kunit testing
include/kunit/visibility.h | 33 +++
security/apparmor/Kconfig | 4 +-
security/apparmor/Makefile | 3 +
security/apparmor/include/policy_unpack.h | 50 +++++
security/apparmor/policy_unpack.c | 238 ++++++++++------------
security/apparmor/policy_unpack_test.c | 69 ++++---
6 files changed, 229 insertions(+), 168 deletions(-)
create mode 100644 include/kunit/visibility.h
base-commit: 0f08f3e2a0186dfb8e33cb46105228eb18448a0e
--
2.39.0.rc0.267.gcb52ba06e7-goog
From: Jeff Xu <jeffxu(a)chromium.org>
Since Linux introduced the memfd feature, memfd have always had their execute bit set, and the memfd_create() syscall doesn't allow setting it differently.
However, in a secure by default system, such as ChromeOS, (where all executables should come from the rootfs, which is protected by Verified boot), this executable nature of memfd opens a door for NoExec bypass and enables “confused deputy attack”. E.g, in VRP bug [1]: cros_vm process created a memfd to share the content with an external process, however the memfd is overwritten and used for executing arbitrary code and root escalation. [2] lists more VRP in this kind.
On the other hand, executable memfd has its legit use, runc uses memfd’s seal and executable feature to copy the contents of the binary then execute them, for such system, we need a solution to differentiate runc's use of executable memfds and an attacker's [3].
To address those above, this set of patches add following:
1> Let memfd_create() set X bit at creation time.
2> Let memfd to be sealed for modifying X bit.
3> A new pid namespace sysctl: vm.memfd_noexec to control behavior of X bit. For example, if a container has vm.memfd_noexec=2, then memfd_create() without MFD_NOEXEC_SEAL will be rejected.
4> A new security hook in memfd_create(). This make it possible to a new LSM, which rejects or allows executable memfd based on its security policy.
This is V4 version of patch: see [4] [5] [6] for previous versions.
[1] https://crbug.com/1305411
[2] https://bugs.chromium.org/p/chromium/issues/list?q=type%3Dbug-security%20me…
[3] https://lwn.net/Articles/781013/
[4] https://lwn.net/Articles/890096/
[5] https://lore.kernel.org/lkml/20220805222126.142525-1-jeffxu@chromium.org/
[6] https://lore.kernel.org/lkml/20221202013404.163143-1-jeffxu@chromium.org/
Daniel Verkamp (2):
mm/memfd: add F_SEAL_EXEC
selftests/memfd: add tests for F_SEAL_EXEC
Jeff Xu (4):
mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC
mm/memfd: Add write seals when apply SEAL_EXEC to executable memfd
selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC
mm/memfd: security hook for memfd_create
include/linux/lsm_hook_defs.h | 1 +
include/linux/lsm_hooks.h | 4 +
include/linux/pid_namespace.h | 19 ++
include/linux/security.h | 6 +
include/uapi/linux/fcntl.h | 1 +
include/uapi/linux/memfd.h | 4 +
kernel/pid_namespace.c | 48 ++++
mm/memfd.c | 61 ++++-
mm/shmem.c | 6 +
security/security.c | 13 +
tools/testing/selftests/memfd/fuse_test.c | 1 +
tools/testing/selftests/memfd/memfd_test.c | 304 ++++++++++++++++++++-
12 files changed, 465 insertions(+), 3 deletions(-)
base-commit: eb7081409f94a9a8608593d0fb63a1aa3d6f95d8
--
2.39.0.rc0.267.gcb52ba06e7-goog
Today's -next fails to build on arm64 due to:
In file included from include/kvm_util.h:11,
from aarch64/page_fault_test.c:15:
include/ucall_common.h:36:47: note: expected ‘vm_paddr_t’ {aka ‘long unsigned int’} but argument is of type ‘void *’
36 | void ucall_init(struct kvm_vm *vm, vm_paddr_t mmio_gpa);
| ~~~~~~~~~~~^~~~~~~~
aarch64/page_fault_test.c:725:2: warning: implicit declaration of function ‘ucall_uninit’; did you mean ‘ucall_init’? [-Wimplicit-function-declaration]
725 | ucall_uninit(vm);
| ^~~~~~~~~~~~
| ucall_init
which is caused by commit
interacting poorly with commit
28a65567acb5 ("KVM: selftests: Drop now-unnecessary ucall_uninit()")
As is done for other ucall_uninit() users remove the call in the newly added
page_fault_test.c.
Fixes: 28a65567acb5 ("KVM: selftests: Drop now-unnecessary ucall_uninit()")
Fixes: 35c581015712 ("KVM: selftests: aarch64: Add aarch64/page_fault_test")
Signed-off-by: Mark Brown <broonie(a)kernel.org>
Cc: Sean Christopherson <seanjc(a)google.com>
Cc: Ricardo Koller <ricarkol(a)google.com>
Cc: Marc Zyngier <maz(a)kernel.org>
---
tools/testing/selftests/kvm/aarch64/page_fault_test.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/tools/testing/selftests/kvm/aarch64/page_fault_test.c b/tools/testing/selftests/kvm/aarch64/page_fault_test.c
index 05bb6a6369c2..4ef89c57a937 100644
--- a/tools/testing/selftests/kvm/aarch64/page_fault_test.c
+++ b/tools/testing/selftests/kvm/aarch64/page_fault_test.c
@@ -722,7 +722,6 @@ static void run_test(enum vm_guest_mode mode, void *arg)
vcpu_run_loop(vm, vcpu, test);
- ucall_uninit(vm);
kvm_vm_free(vm);
free_uffd(test, pt_uffd, data_uffd);
--
2.30.2