December 2024 - Linux-kselftest-mirror

[PATCH 0/8] x86/module: rework ROX cache to avoid writable copy

by Mike Rapoport

From: "Mike Rapoport (Microsoft)" <rppt(a)kernel.org> Hi, Following Peter's comments [1] these patches rework handling of ROX caches for module text allocations. Instead of using a writable copy that really complicates alternatives patching, temporarily remap parts of a large ROX page as RW for the time of module formation and then restore it's ROX protections when the module is ready. To keep the ROX memory mapped with large pages, make set_memory code capable of restoring large pages (more details are in patch 3). The patches also available in git https://git.kernel.org/rppt/h/execmem/x86-rox/v8 [1] https://lore.kernel.org/all/20241209083818.GK8562@noisy.programming.kicks-a… Kirill A. Shutemov (1): x86/mm/pat: Restore large pages after fragmentation Mike Rapoport (Microsoft) (7): x86/mm/pat: cpa-test: fix length for CPA_ARRAY test x86/mm/pat: drop duplicate variable in cpa_flush() execmem: add API for temporal remapping as RW and restoring ROX afterwards module: introduce MODULE_STATE_GONE modules: switch to execmem API for remapping as RW and restoring ROX Revert "x86/module: prepare module loading for ROX allocations of text" module: drop unused module_writable_address() arch/um/kernel/um_arch.c | 11 +- arch/x86/entry/vdso/vma.c | 3 +- arch/x86/include/asm/alternative.h | 14 +- arch/x86/include/asm/pgtable_types.h | 2 + arch/x86/kernel/alternative.c | 181 ++++++--------- arch/x86/kernel/ftrace.c | 30 ++- arch/x86/kernel/module.c | 45 ++-- arch/x86/mm/pat/cpa-test.c | 2 +- arch/x86/mm/pat/set_memory.c | 216 +++++++++++++++++- include/linux/execmem.h | 31 +++ include/linux/module.h | 21 +- include/linux/moduleloader.h | 4 - include/linux/vm_event_item.h | 2 + kernel/module/kallsyms.c | 8 +- kernel/module/kdb.c | 2 +- kernel/module/main.c | 86 ++----- kernel/module/procfs.c | 2 +- kernel/module/strict_rwx.c | 9 +- kernel/tracepoint.c | 2 + lib/kunit/test.c | 2 + mm/execmem.c | 118 ++++++++-- mm/vmstat.c | 2 + samples/livepatch/livepatch-callbacks-demo.c | 1 + .../test_modules/test_klp_callbacks_demo.c | 1 + .../test_modules/test_klp_callbacks_demo2.c | 1 + .../livepatch/test_modules/test_klp_state.c | 1 + .../livepatch/test_modules/test_klp_state2.c | 1 + 27 files changed, 511 insertions(+), 287 deletions(-) -- 2.45.2

9 months

12
22
0 0

[PATCH v2 0/2] kunit: enable hardware virtualization

by Tamir Duberstein

This series implements feature detection of hardware virtualization on Linux and macOS; the latter being my primary use case. This yields approximately a 6x improvement using HVF on M3 Pro. Signed-off-by: Tamir Duberstein <tamird(a)gmail.com> --- Changes in v2: - Use QEMU accelerator fallback (Alyssa Ross, Thomas Weißschuh). - Link to v1: https://lore.kernel.org/r/20241025-kunit-qemu-accel-macos-v1-0-2f30c26192d4… --- Tamir Duberstein (2): kunit: add fallback for os.sched_getaffinity kunit: enable hardware acceleration when available tools/testing/kunit/kunit.py | 11 ++++++++++- tools/testing/kunit/kunit_kernel.py | 3 +++ tools/testing/kunit/qemu_configs/arm64.py | 2 +- 3 files changed, 14 insertions(+), 2 deletions(-) --- base-commit: 81983758430957d9a5cb3333fe324fd70cf63e7e change-id: 20241025-kunit-qemu-accel-macos-2840e4c2def5 Best regards, -- Tamir Duberstein <tamird(a)gmail.com>

9 months

3
9
0 0

[PATCH v4 0/8] Basic SEV-SNP Selftests

by Pratik R. Sampat

This patch series extends the sev_init2 and the sev_smoke test to exercise the SEV-SNP VM launch workflow. Primarily, it introduces the architectural defines, its support in the SEV library and extends the tests to interact with the SEV-SNP ioctl() wrappers. Patch 1 - Do not advertize SNP on incompatible firmware Patch 2 - SNP test for KVM_SEV_INIT2 Patch 3 - Add VMGEXIT helper Patch 4 - Introduce SEV+ VM type check Patch 5 - SNP iotcl() plumbing for the SEV library Patch 6 - Force set GUEST_MEMFD for SNP Patch 7 - Cleanups of smoke test - Decouple policy from type Patch 8 - SNP smoke test v4: 1. Remove SNP FW API version check in the test and ensure the KVM capability advertizes the presence of the feature. Retain the minimum version definitions to exercise these API versions in the smoke test. 2. Retained only the SNP smoke test and SNP_INIT2 test 3. The SNP architectural defined merged with SNP_INIT2 test patch 4. SNP shutdown merged with SNP smoke test patch 5. Add SEV VM type check to abstract comparisons and reduce clutter 6. Define a SNP default policy which sets bits based on the presence of SMT 7. Decouple privatization and encryption for it to be SNP agnostic 8. Assert for only positive tests using vm_ioctl() 9. Dropped tested-by tags In summary - based on comments from Sean, I have primarily reduced the scope of this patch series to focus on breaking down the SNP smoke test patch (v3 - patch2) to first introduce SEV-SNP support and use this interface to extend the sev_init2 and the sev_smoke test. The rest of the v3 patchset that introduces ioctl, pre fault, fallocate and negative tests, will be re-worked and re-introduced subsequently in future patch series post addressing the issues discussed. v3: https://lore.kernel.org/kvm/20240905124107.6954-1-pratikrajesh.sampat@amd.c… 1. Remove the assignments for the prefault and fallocate test type enums. 2. Fix error message for sev launch measure and finish. 3. Collect tested-by tags [Peter, Srikanth] Any feedback/review is highly appreciated! Pratik R. Sampat (8): KVM: SEV: Disable SEV-SNP on FW validation failure KVM: selftests: SEV-SNP test for KVM_SEV_INIT2 KVM: selftests: Add VMGEXIT helper KVM: selftests: Introduce SEV VM type check KVM: selftests: Add library support for interacting with SNP KVM: selftests: Force GUEST_MEMFD flag for SNP VM type KVM: selftests: Abstractions for SEV to decouple policy from type KVM: selftests: Add a basic SEV-SNP smoke test arch/x86/kvm/svm/sev.c | 4 +- drivers/crypto/ccp/sev-dev.c | 6 ++ include/linux/psp-sev.h | 3 + .../selftests/kvm/include/x86_64/processor.h | 1 + .../selftests/kvm/include/x86_64/sev.h | 55 ++++++++++- tools/testing/selftests/kvm/lib/kvm_util.c | 7 +- .../selftests/kvm/lib/x86_64/processor.c | 4 +- tools/testing/selftests/kvm/lib/x86_64/sev.c | 98 ++++++++++++++++++- .../selftests/kvm/x86_64/sev_init2_tests.c | 13 +++ .../selftests/kvm/x86_64/sev_smoke_test.c | 96 ++++++++++++++---- 10 files changed, 258 insertions(+), 29 deletions(-) -- 2.43.0

9 months

4
20
0 0

[PATCH] kunit: Introduce autorun option

by Stanislav Kinsburskii

The new option controls tests run on boot or module load. With the new debugfs "run" dentry allowing to run tests on demand, an ability to disable automatic tests run becomes a useful option in case of intrusive tests. The option is set to true by default to preserve the existent behavior. It can be overridden by either the corresponding module option or by the corresponding config build option. Signed-off-by: Stanislav Kinsburskii <skinsburskii(a)linux.microsoft.com> --- include/kunit/test.h | 4 +++- lib/kunit/Kconfig | 12 ++++++++++++ lib/kunit/debugfs.c | 2 +- lib/kunit/executor.c | 18 +++++++++++++++++- lib/kunit/test.c | 6 ++++-- 5 files changed, 37 insertions(+), 5 deletions(-) diff --git a/include/kunit/test.h b/include/kunit/test.h index 34b71e42fb10..58dbab60f853 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -312,6 +312,7 @@ static inline void kunit_set_failure(struct kunit *test) } bool kunit_enabled(void); +bool kunit_autorun(void); const char *kunit_action(void); const char *kunit_filter_glob(void); char *kunit_filter(void); @@ -334,7 +335,8 @@ kunit_filter_suites(const struct kunit_suite_set *suite_set, int *err); void kunit_free_suite_set(struct kunit_suite_set suite_set); -int __kunit_test_suites_init(struct kunit_suite * const * const suites, int num_suites); +int __kunit_test_suites_init(struct kunit_suite * const * const suites, int num_suites, + bool run_tests); void __kunit_test_suites_exit(struct kunit_suite **suites, int num_suites); diff --git a/lib/kunit/Kconfig b/lib/kunit/Kconfig index 34d7242d526d..a97897edd964 100644 --- a/lib/kunit/Kconfig +++ b/lib/kunit/Kconfig @@ -81,4 +81,16 @@ config KUNIT_DEFAULT_ENABLED In most cases this should be left as Y. Only if additional opt-in behavior is needed should this be set to N. +config KUNIT_AUTORUN_ENABLED + bool "Default value of kunit.autorun" + default y + help + Sets the default value of kunit.autorun. If set to N then KUnit + tests will not run after initialization unless kunit.autorun=1 is + passed to the kernel command line. The test can still be run manually + via debugfs interface. + + In most cases this should be left as Y. Only if additional opt-in + behavior is needed should this be set to N. + endif # KUNIT diff --git a/lib/kunit/debugfs.c b/lib/kunit/debugfs.c index d548750a325a..9df064f40d98 100644 --- a/lib/kunit/debugfs.c +++ b/lib/kunit/debugfs.c @@ -145,7 +145,7 @@ static ssize_t debugfs_run(struct file *file, struct inode *f_inode = file->f_inode; struct kunit_suite *suite = (struct kunit_suite *) f_inode->i_private; - __kunit_test_suites_init(&suite, 1); + __kunit_test_suites_init(&suite, 1, true); return count; } diff --git a/lib/kunit/executor.c b/lib/kunit/executor.c index 34b7b6833df3..340723571b0f 100644 --- a/lib/kunit/executor.c +++ b/lib/kunit/executor.c @@ -29,6 +29,22 @@ const char *kunit_action(void) return action_param; } +/* + * Run KUnit tests after initialization + */ +#ifdef CONFIG_KUNIT_AUTORUN_ENABLED +static bool autorun_param = true; +#else +static bool autorun_param; +#endif +module_param_named(autorun, autorun_param, bool, 0); +MODULE_PARM_DESC(autorun, "Run KUnit tests after initialization"); + +bool kunit_autorun(void) +{ + return autorun_param; +} + static char *filter_glob_param; static char *filter_param; static char *filter_action_param; @@ -266,7 +282,7 @@ void kunit_exec_run_tests(struct kunit_suite_set *suite_set, bool builtin) pr_info("1..%zu\n", num_suites); } - __kunit_test_suites_init(suite_set->start, num_suites); + __kunit_test_suites_init(suite_set->start, num_suites, kunit_autorun()); } void kunit_exec_list_tests(struct kunit_suite_set *suite_set, bool include_attr) diff --git a/lib/kunit/test.c b/lib/kunit/test.c index 089c832e3cdb..146d1b48a096 100644 --- a/lib/kunit/test.c +++ b/lib/kunit/test.c @@ -708,7 +708,8 @@ bool kunit_enabled(void) return enable_param; } -int __kunit_test_suites_init(struct kunit_suite * const * const suites, int num_suites) +int __kunit_test_suites_init(struct kunit_suite * const * const suites, int num_suites, + bool run_tests) { unsigned int i; @@ -731,7 +732,8 @@ int __kunit_test_suites_init(struct kunit_suite * const * const suites, int num_ for (i = 0; i < num_suites; i++) { kunit_init_suite(suites[i]); - kunit_run_tests(suites[i]); + if (run_tests) + kunit_run_tests(suites[i]); } static_branch_dec(&kunit_running);

9 months

2
3
0 0

selftests: core: unshare_test: WARNING: at mm/util.c:671 __kvmalloc_node_noprof

by Naresh Kamboju

The following kernel warning is noticed on all arch and all devices while running selftests: core: unshare_test on Linux next-20240823 and next-20240826. First seen on next-20240823. Good: next-20240822 BAD: next-20240823 and next-20240826 Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> Crash log: -------- # selftests: core: unshare_test <4>[ 61.084149] ------------[ cut here ]------------ <4>[ 61.085175] WARNING: CPU: 0 PID: 477 at mm/util.c:671 __kvmalloc_node_noprof (mm/util.c:671 (discriminator 1)) <4>[ 61.088958] Modules linked in: crct10dif_ce sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 drm fuse backlight dm_mod ip_tables x_tables <4>[ 61.093141] CPU: 0 UID: 0 PID: 477 Comm: unshare_test Not tainted 6.11.0-rc5-next-20240826 #1 <4>[ 61.094558] Hardware name: linux,dummy-virt (DT) <4>[ 61.096763] pstate: 23400009 (nzCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) <4>[ 61.097841] pc : __kvmalloc_node_noprof (mm/util.c:671 (discriminator 1)) <4>[ 61.099701] lr : __kvmalloc_node_noprof (mm/util.c:661) <4>[ 61.100448] sp : ffff800080abbce0 <4>[ 61.100819] x29: ffff800080abbcf0 x28: fff0000004549280 x27: 0000000000000000 <4>[ 61.101744] x26: 0000000000000000 x25: 0000000000000000 x24: fff0000003615e40 <4>[ 61.102512] x23: fff0000003615ec0 x22: bfafa45863b285c8 x21: 0000000200002000 <4>[ 61.103232] x20: 00000000ffffffff x19: 0000000000400cc0 x18: 0000000000000000 <4>[ 61.104053] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 <4>[ 61.104927] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 <4>[ 61.105752] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 <4>[ 61.106606] x8 : 0000000000000001 x7 : 0000000000000001 x6 : 0000000000000005 <4>[ 61.107377] x5 : 0000000000000000 x4 : fff0000004549280 x3 : 0000000000000000 <4>[ 61.108207] x2 : 0000000000000000 x1 : 000000007fffffff x0 : 0000000000000000 <4>[ 61.109262] Call trace: <4>[ 61.109619] __kvmalloc_node_noprof (mm/util.c:671 (discriminator 1)) <4>[ 61.110248] alloc_fdtable (fs/file.c:133) <4>[ 61.110751] expand_files (include/linux/atomic/atomic-arch-fallback.h:457 include/linux/atomic/atomic-instrumented.h:33 fs/file.c:177 fs/file.c:238) <4>[ 61.111171] ksys_dup3 (fs/file.c:1337) <4>[ 61.111596] __arm64_sys_dup3 (fs/file.c:1355) <4>[ 61.112006] invoke_syscall (arch/arm64/include/asm/current.h:19 arch/arm64/kernel/syscall.c:54) <4>[ 61.112480] el0_svc_common.constprop.0 (include/linux/thread_info.h:127 (discriminator 2) arch/arm64/kernel/syscall.c:140 (discriminator 2)) <4>[ 61.112955] do_el0_svc (arch/arm64/kernel/syscall.c:152) <4>[ 61.113384] el0_svc (arch/arm64/include/asm/irqflags.h:55 arch/arm64/include/asm/irqflags.h:76 arch/arm64/kernel/entry-common.c:165 arch/arm64/kernel/entry-common.c:178 arch/arm64/kernel/entry-common.c:713) <4>[ 61.113742] el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:731) <4>[ 61.115181] el0t_64_sync (arch/arm64/kernel/entry.S:598) <4>[ 61.115709] ---[ end trace 0000000000000000 ]--- Crash Log links, -------- - https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20240826/te… Crash failed comparison: ---------- - https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20240826/te… metadata: ---- git describe: next-20240823 and next-20240826 git repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next git sha: c79c85875f1af04040fe4492ed94ce37ad729c4d kernel config: https://storage.tuxsuite.com/public/linaro/lkft/builds/2l2pZRzhgRkPgXIKLJCI… artifact location: https://storage.tuxsuite.com/public/linaro/lkft/builds/2l2pZRzhgRkPgXIKLJCI… build url: https://storage.tuxsuite.com/public/linaro/lkft/builds/2l2pZRzhgRkPgXIKLJCI… toolchain: clang-18 and gcc-13 Steps to reproduce: --------- - https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2l2paZVYTl… - https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2l2paZVYTl… Please let me know if you need more information. -- Linaro LKFT https://lkft.linaro.org

9 months

2
2
0 0

[RFC PATCH v2 0/2] Add file seal to prevent future exec mappings

by Isaac J. Manjarres

Android uses the ashmem driver [1] for creating shared memory regions between processes. The ashmem driver exposes an ioctl command for processes to restrict the permissions an ashmem buffer can be mapped with. Buffers are created with the ability to be mapped as readable, writable, and executable. Processes remove the ability to map some ashmem buffers as executable to ensure that those buffers cannot be used to inject malicious code for another process to run. Other buffers retain their ability to be mapped as executable, as these buffers can be used for just-in-time (JIT) compilation. So there is a need to be able to remove the ability to map a buffer as executable on a per-buffer basis. Android is currently trying to migrate towards replacing its ashmem driver usage with memfd. Part of the transition involved introducing a library that serves to abstract away how shared memory regions are allocated (i.e. ashmem vs memfd). This allows clients to use a single interface for restricting how a buffer can be mapped without having to worry about how it is handled for ashmem (through the ioctl command mentioned earlier) or memfd (through file seals). While memfd has support for preventing buffers from being mapped as writable beyond a certain point in time (thanks to F_SEAL_FUTURE_WRITE), it does not have a similar interface to prevent buffers from being mapped as executable beyond a certain point. However, that could be implemented as a file seal (F_SEAL_FUTURE_EXEC) which works similarly to F_SEAL_FUTURE_WRITE. F_SEAL_FUTURE_WRITE was chosen as a template for how this new seal should behave, instead of F_SEAL_WRITE, for the following reasons: 1. Having the new seal behave like F_SEAL_FUTURE_WRITE matches the behavior that was present with ashmem. This aids in seamlessly transitioning clients away from ashmem to memfd. 2. Making the new seal behave like F_SEAL_WRITE would mean that no mappings that could become executable in the future (i.e. via mprotect()) can exist when the seal is applied. However, there are known cases (e.g. CursorWindow [2]) where restrictions are applied on how a buffer can be mapped after a mapping has already been made. That mapping may have VM_MAYEXEC set, which would not allow the seal to be applied successfully. Therefore, the F_SEAL_FUTURE_EXEC seal was designed to have the same semantics as F_SEAL_FUTURE_WRITE. Note: this series depends on Lorenzo's work [3], [4], [5] from Andrew Morton's mm-unstable branch [6], which reworks memfd's file seal checks, allowing for newer file seals to be implemented in a cleaner fashion. Changes from v1 ==> v2: - Changed the return code to be -EPERM instead of -EACCES when attempting to map an exec sealed file with PROT_EXEC to align to mmap()'s man page. Thank you Kalesh Singh for spotting this! - Rebased on top of Lorenzo's work to cleanup memfd file seal checks in mmap() ([3], [4], and [5]). Thank you for this Lorenzo! - Changed to deny PROT_EXEC mappings only if the mapping is shared, instead of for both shared and private mappings, after discussing this with Lorenzo. Opens: - Lorenzo brought up that this patch may negatively impact the usage of MFD_NOEXEC_SCOPE_NOEXEC_ENFORCED [7]. However, it is not clear to me why that is the case. At the moment, my intent is for the executable permissions of the file to be disjoint from the ability to create executable mappings. Links: [1] https://cs.android.com/android/kernel/superproject/+/common-android-mainlin… [2] https://developer.android.com/reference/android/database/CursorWindow [3] https://lore.kernel.org/all/cover.1732804776.git.lorenzo.stoakes@oracle.com/ [4] https://lkml.kernel.org/r/20241206212846.210835-1-lorenzo.stoakes@oracle.com [5] https://lkml.kernel.org/r/7dee6c5d-480b-4c24-b98e-6fa47dbd8a23@lucifer.local [6] https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/tree/?h=mm-unst… [7] https://lore.kernel.org/all/3a53b154-1e46-45fb-a559-65afa7a8a788@lucifer.lo… Links to previous versions: v1: https://lore.kernel.org/all/20241206010930.3871336-1-isaacmanjarres@google.… Isaac J. Manjarres (2): mm/memfd: Add support for F_SEAL_FUTURE_EXEC to memfd selftests/memfd: Add tests for F_SEAL_FUTURE_EXEC include/uapi/linux/fcntl.h | 1 + mm/memfd.c | 39 ++++++++++- tools/testing/selftests/memfd/memfd_test.c | 79 ++++++++++++++++++++++ 3 files changed, 118 insertions(+), 1 deletion(-) -- 2.47.1.613.gc27f4b7a9f-goog

9 months

2
3
0 0

[PATCH] landlock: ptrace_test: remove unused macros

by Ba Jing

After reviewing the code, it was found that these macros are never referenced in the code. Just remove them. Signed-off-by: Ba Jing <bajing(a)cmss.chinamobile.com> --- tools/testing/selftests/landlock/ptrace_test.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/tools/testing/selftests/landlock/ptrace_test.c b/tools/testing/selftests/landlock/ptrace_test.c index a19db4d0b3bd..8f31b673ff2d 100644 --- a/tools/testing/selftests/landlock/ptrace_test.c +++ b/tools/testing/selftests/landlock/ptrace_test.c @@ -22,8 +22,6 @@ /* Copied from security/yama/yama_lsm.c */ #define YAMA_SCOPE_DISABLED 0 #define YAMA_SCOPE_RELATIONAL 1 -#define YAMA_SCOPE_CAPABILITY 2 -#define YAMA_SCOPE_NO_ATTACH 3 static void create_domain(struct __test_metadata *const _metadata) { -- 2.33.0

9 months

2
1
0 0

[PATCH 0/2] selftest: fix riscv/vector tests

by Yong-Xuan Wang

Add test counts and pass message to remove warning of riscv/vector tests. Yong-Xuan Wang (2): tools: selftests: riscv: Add pass message for v_initval_nolibc tools: selftests: riscv: Add test count for vstate_prctl tools/testing/selftests/riscv/vector/v_initval_nolibc.c | 4 ++++ tools/testing/selftests/riscv/vector/vstate_prctl.c | 2 ++ 2 files changed, 6 insertions(+) -- 2.17.1

9 months

5
6
0 0

[PATCH bpf-next v6 0/5] Support eliding map lookup nullness

by Daniel Xu

This patch allows progs to elide a null check on statically known map lookup keys. In other words, if the verifier can statically prove that the lookup will be in-bounds, allow the prog to drop the null check. This is useful for two reasons: 1. Large numbers of nullness checks (especially when they cannot fail) unnecessarily pushes prog towards BPF_COMPLEXITY_LIMIT_JMP_SEQ. 2. It forms a tighter contract between programmer and verifier. For (1), bpftrace is starting to make heavier use of percpu scratch maps. As a result, for user scripts with large number of unrolled loops, we are starting to hit jump complexity verification errors. These percpu lookups cannot fail anyways, as we only use static key values. Eliding nullness probably results in less work for verifier as well. For (2), percpu scratch maps are often used as a larger stack, as the currrent stack is limited to 512 bytes. In these situations, it is desirable for the programmer to express: "this lookup should never fail, and if it does, it means I messed up the code". By omitting the null check, the programmer can "ask" the verifier to double check the logic. === Changelog === Changes in v6: * Use is_spilled_scalar_reg() helper and remove unnecessary comment * Add back deleted selftest with different helper to dirty dst buffer * Check size of spill is exactly key_size and update selftests * Read slot_type from correct offset into the spi * Rewrite selftests in C where possible * Mark constant map keys as precise Changes in v5: * Dropped all acks * Use s64 instead of long for const_map_key * Ensure stack slot contains spilled reg before accessing spilled_ptr * Ensure spilled reg is a scalar before accessing tnum const value * Fix verifier selftest for 32-bit write to write at 8 byte alignment to ensure spill is tracked * Introduce more precise tracking of helper stack accesses * Do constant map key extraction as part of helper argument processing and then remove duplicated stack checks * Use ret_flag instead of regs[BPF_REG_0].type * Handle STACK_ZERO * Fix bug in bpf_load_hdr_opt() arg annotation Changes in v4: * Only allow for CAP_BPF * Add test for stack growing upwards * Improve comment about stack growing upwards Changes in v3: * Check if stack is (erroneously) growing upwards * Mention in commit message why existing tests needed change Changes in v2: * Added a check for when R2 is not a ptr to stack * Added a check for when stack is uninitialized (no stack slot yet) * Updated existing tests to account for null elision * Added test case for when R2 can be both const and non-const Daniel Xu (5): bpf: verifier: Add missing newline on verbose() call bpf: tcp: Mark bpf_load_hdr_opt() arg2 as read-write bpf: verifier: Refactor helper access type tracking bpf: verifier: Support eliding map lookup nullness bpf: selftests: verifier: Add nullness elision tests kernel/bpf/verifier.c | 139 +++++++++++---- net/core/filter.c | 2 +- .../testing/selftests/bpf/progs/dynptr_fail.c | 6 +- tools/testing/selftests/bpf/progs/iters.c | 14 +- .../selftests/bpf/progs/map_kptr_fail.c | 2 +- .../selftests/bpf/progs/test_global_func10.c | 2 +- .../selftests/bpf/progs/uninit_stack.c | 5 +- .../bpf/progs/verifier_array_access.c | 168 ++++++++++++++++++ .../bpf/progs/verifier_basic_stack.c | 2 +- .../selftests/bpf/progs/verifier_const_or.c | 4 +- .../progs/verifier_helper_access_var_len.c | 12 +- .../selftests/bpf/progs/verifier_int_ptr.c | 2 +- .../selftests/bpf/progs/verifier_map_in_map.c | 2 +- .../selftests/bpf/progs/verifier_mtu.c | 2 +- .../selftests/bpf/progs/verifier_raw_stack.c | 4 +- .../selftests/bpf/progs/verifier_unpriv.c | 2 +- .../selftests/bpf/progs/verifier_var_off.c | 8 +- tools/testing/selftests/bpf/verifier/calls.c | 2 +- .../testing/selftests/bpf/verifier/map_kptr.c | 2 +- 19 files changed, 311 insertions(+), 69 deletions(-) -- 2.47.1

9 months

2
6
0 0

[PATCH v2 0/2] KVM: x86: read the PML log in the same order it was written

by Maxim Levitsky

Reverse the order in which the PML log is read to align more closely to the hardware. It should not affect regular users of the dirty logging but it fixes a unit test specific assumption in the dirty_log_test dirty-ring mode. Best regards, Maxim Levitsky Maxim Levitsky (2): KVM: VMX: refactor PML terminology KVM: VMX: read the PML log in the same order as it was written arch/x86/kvm/vmx/main.c | 2 +- arch/x86/kvm/vmx/nested.c | 2 +- arch/x86/kvm/vmx/vmx.c | 32 ++++++++++++++++++++------------ arch/x86/kvm/vmx/vmx.h | 5 ++++- 4 files changed, 26 insertions(+), 15 deletions(-) -- 2.26.3

9 months

2
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror December 2024