August 2025 - Linux-kselftest-mirror

[PATCH v12] exec: Fix dead-lock in de_thread with ptrace_attach

by Bernd Edlinger

This introduces signal->exec_bprm, which is used to fix the case when at least one of the sibling threads is traced, and therefore the trace process may dead-lock in ptrace_attach, but de_thread will need to wait for the tracer to continue execution. The solution is to detect this situation and allow ptrace_attach to continue by temporarily releasing the cred_guard_mutex, while de_thread() is still waiting for traced zombies to be eventually released by the tracer. In the case of the thread group leader we only have to wait for the thread to become a zombie, which may also need co-operation from the tracer due to PTRACE_O_TRACEEXIT. When a tracer wants to ptrace_attach a task that already is in execve, we simply retry the ptrace_may_access check while temporarily installing the new credentials and dumpability which are about to be used after execve completes. If the ptrace_attach happens on a thread that is a sibling-thread of the thread doing execve, it is sufficient to check against the old credentials, as this thread will be waited for, before the new credentials are installed. Other threads die quickly since the cred_guard_mutex is released, but a deadly signal is already pending. In case the mutex_lock_killable misses the signal, the non-zero current->signal->exec_bprm makes sure they release the mutex immediately and return with -ERESTARTNOINTR. This means there is no API change, unlike the previous version of this patch which was discussed here: https://lore.kernel.org/lkml/b6537ae6-31b1-5c50-f32b-8b8332ace882@hotmail.d… See tools/testing/selftests/ptrace/vmaccess.c for a test case that gets fixed by this change. Note that since the test case was originally designed to test the ptrace_attach returning an error in this situation, the test expectation needed to be adjusted, to allow the API to succeed at the first attempt. Signed-off-by: Bernd Edlinger <bernd.edlinger(a)hotmail.de> --- fs/exec.c | 69 ++++++++++++++++------- fs/proc/base.c | 6 ++ include/linux/cred.h | 1 + include/linux/sched/signal.h | 18 ++++++ kernel/cred.c | 28 +++++++-- kernel/ptrace.c | 32 +++++++++++ kernel/seccomp.c | 12 +++- tools/testing/selftests/ptrace/vmaccess.c | 23 +++++--- 8 files changed, 155 insertions(+), 34 deletions(-) v10: Changes to previous version, make the PTRACE_ATTACH retun -EAGAIN, instead of execve return -ERESTARTSYS. Added some lessions learned to the description. v11: Check old and new credentials in PTRACE_ATTACH again without changing the API. Note: I got actually one response from an automatic checker to the v11 patch, https://lore.kernel.org/lkml/202107121344.wu68hEPF-lkp@intel.com/ which is complaining about: >> kernel/ptrace.c:425:26: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct cred const *old_cred @@ got struct cred const [noderef] __rcu *real_cred @@ 417 struct linux_binprm *bprm = task->signal->exec_bprm; 418 const struct cred *old_cred; 419 struct mm_struct *old_mm; 420 421 retval = down_write_killable(&task->signal->exec_update_lock); 422 if (retval) 423 goto unlock_creds; 424 task_lock(task); > 425 old_cred = task->real_cred; v12: Essentially identical to v11. - Fixed a minor merge conflict in linux v5.17, and fixed the above mentioned nit by adding __rcu to the declaration. - re-tested the patch with all linux versions from v5.11 to v6.6 v10 was an alternative approach which did imply an API change. But I would prefer to avoid such an API change. The difficult part is getting the right dumpability flags assigned before de_thread starts, hope you like this version. If not, the v10 is of course also acceptable. Thanks Bernd. diff --git a/fs/exec.c b/fs/exec.c index 2f2b0acec4f0..902d3b230485 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1041,11 +1041,13 @@ static int exec_mmap(struct mm_struct *mm) return 0; } -static int de_thread(struct task_struct *tsk) +static int de_thread(struct task_struct *tsk, struct linux_binprm *bprm) { struct signal_struct *sig = tsk->signal; struct sighand_struct *oldsighand = tsk->sighand; spinlock_t *lock = &oldsighand->siglock; + struct task_struct *t = tsk; + bool unsafe_execve_in_progress = false; if (thread_group_empty(tsk)) goto no_thread_group; @@ -1068,6 +1070,19 @@ static int de_thread(struct task_struct *tsk) if (!thread_group_leader(tsk)) sig->notify_count--; + while_each_thread(tsk, t) { + if (unlikely(t->ptrace) + && (t != tsk->group_leader || !t->exit_state)) + unsafe_execve_in_progress = true; + } + + if (unlikely(unsafe_execve_in_progress)) { + spin_unlock_irq(lock); + sig->exec_bprm = bprm; + mutex_unlock(&sig->cred_guard_mutex); + spin_lock_irq(lock); + } + while (sig->notify_count) { __set_current_state(TASK_KILLABLE); spin_unlock_irq(lock); @@ -1158,6 +1173,11 @@ static int de_thread(struct task_struct *tsk) release_task(leader); } + if (unlikely(unsafe_execve_in_progress)) { + mutex_lock(&sig->cred_guard_mutex); + sig->exec_bprm = NULL; + } + sig->group_exec_task = NULL; sig->notify_count = 0; @@ -1169,6 +1189,11 @@ static int de_thread(struct task_struct *tsk) return 0; killed: + if (unlikely(unsafe_execve_in_progress)) { + mutex_lock(&sig->cred_guard_mutex); + sig->exec_bprm = NULL; + } + /* protects against exit_notify() and __exit_signal() */ read_lock(&tasklist_lock); sig->group_exec_task = NULL; @@ -1253,6 +1278,24 @@ int begin_new_exec(struct linux_binprm * bprm) if (retval) return retval; + /* If the binary is not readable then enforce mm->dumpable=0 */ + would_dump(bprm, bprm->file); + if (bprm->have_execfd) + would_dump(bprm, bprm->executable); + + /* + * Figure out dumpability. Note that this checking only of current + * is wrong, but userspace depends on it. This should be testing + * bprm->secureexec instead. + */ + if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP || + is_dumpability_changed(current_cred(), bprm->cred) || + !(uid_eq(current_euid(), current_uid()) && + gid_eq(current_egid(), current_gid()))) + set_dumpable(bprm->mm, suid_dumpable); + else + set_dumpable(bprm->mm, SUID_DUMP_USER); + /* * Ensure all future errors are fatal. */ @@ -1261,7 +1304,7 @@ int begin_new_exec(struct linux_binprm * bprm) /* * Make this the only thread in the thread group. */ - retval = de_thread(me); + retval = de_thread(me, bprm); if (retval) goto out; @@ -1284,11 +1327,6 @@ int begin_new_exec(struct linux_binprm * bprm) if (retval) goto out; - /* If the binary is not readable then enforce mm->dumpable=0 */ - would_dump(bprm, bprm->file); - if (bprm->have_execfd) - would_dump(bprm, bprm->executable); - /* * Release all of the old mmap stuff */ @@ -1350,18 +1388,6 @@ int begin_new_exec(struct linux_binprm * bprm) me->sas_ss_sp = me->sas_ss_size = 0; - /* - * Figure out dumpability. Note that this checking only of current - * is wrong, but userspace depends on it. This should be testing - * bprm->secureexec instead. - */ - if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP || - !(uid_eq(current_euid(), current_uid()) && - gid_eq(current_egid(), current_gid()))) - set_dumpable(current->mm, suid_dumpable); - else - set_dumpable(current->mm, SUID_DUMP_USER); - perf_event_exec(); __set_task_comm(me, kbasename(bprm->filename), true); @@ -1480,6 +1506,11 @@ static int prepare_bprm_creds(struct linux_binprm *bprm) if (mutex_lock_interruptible(&current->signal->cred_guard_mutex)) return -ERESTARTNOINTR; + if (unlikely(current->signal->exec_bprm)) { + mutex_unlock(&current->signal->cred_guard_mutex); + return -ERESTARTNOINTR; + } + bprm->cred = prepare_exec_creds(); if (likely(bprm->cred)) return 0; diff --git a/fs/proc/base.c b/fs/proc/base.c index ffd54617c354..0da9adfadb48 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2788,6 +2788,12 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, if (rv < 0) goto out_free; + if (unlikely(current->signal->exec_bprm)) { + mutex_unlock(&current->signal->cred_guard_mutex); + rv = -ERESTARTNOINTR; + goto out_free; + } + rv = security_setprocattr(PROC_I(inode)->op.lsm, file->f_path.dentry->d_name.name, page, count); diff --git a/include/linux/cred.h b/include/linux/cred.h index f923528d5cc4..b01e309f5686 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -159,6 +159,7 @@ extern const struct cred *get_task_cred(struct task_struct *); extern struct cred *cred_alloc_blank(void); extern struct cred *prepare_creds(void); extern struct cred *prepare_exec_creds(void); +extern bool is_dumpability_changed(const struct cred *, const struct cred *); extern int commit_creds(struct cred *); extern void abort_creds(struct cred *); extern const struct cred *override_creds(const struct cred *); diff --git a/include/linux/sched/signal.h b/include/linux/sched/signal.h index 0014d3adaf84..14df7073a0a8 100644 --- a/include/linux/sched/signal.h +++ b/include/linux/sched/signal.h @@ -234,9 +234,27 @@ struct signal_struct { struct mm_struct *oom_mm; /* recorded mm when the thread group got * killed by the oom killer */ + struct linux_binprm *exec_bprm; /* Used to check ptrace_may_access + * against new credentials while + * de_thread is waiting for other + * traced threads to terminate. + * Set while de_thread is executing. + * The cred_guard_mutex is released + * after de_thread() has called + * zap_other_threads(), therefore + * a fatal signal is guaranteed to be + * already pending in the unlikely + * event, that + * current->signal->exec_bprm happens + * to be non-zero after the + * cred_guard_mutex was acquired. + */ + struct mutex cred_guard_mutex; /* guard against foreign influences on * credential calculations * (notably. ptrace) + * Held while execve runs, except when + * a sibling thread is being traced. * Deprecated do not use in new code. * Use exec_update_lock instead. */ diff --git a/kernel/cred.c b/kernel/cred.c index 98cb4eca23fb..586cb6c7cf6b 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -433,6 +433,28 @@ static bool cred_cap_issubset(const struct cred *set, const struct cred *subset) return false; } +/** + * is_dumpability_changed - Will changing creds from old to new + * affect the dumpability in commit_creds? + * + * Return: false - dumpability will not be changed in commit_creds. + * Return: true - dumpability will be changed to non-dumpable. + * + * @old: The old credentials + * @new: The new credentials + */ +bool is_dumpability_changed(const struct cred *old, const struct cred *new) +{ + if (!uid_eq(old->euid, new->euid) || + !gid_eq(old->egid, new->egid) || + !uid_eq(old->fsuid, new->fsuid) || + !gid_eq(old->fsgid, new->fsgid) || + !cred_cap_issubset(old, new)) + return true; + + return false; +} + /** * commit_creds - Install new credentials upon the current task * @new: The credentials to be assigned @@ -467,11 +489,7 @@ int commit_creds(struct cred *new) get_cred(new); /* we will require a ref for the subj creds too */ /* dumpability changes */ - if (!uid_eq(old->euid, new->euid) || - !gid_eq(old->egid, new->egid) || - !uid_eq(old->fsuid, new->fsuid) || - !gid_eq(old->fsgid, new->fsgid) || - !cred_cap_issubset(old, new)) { + if (is_dumpability_changed(old, new)) { if (task->mm) set_dumpable(task->mm, suid_dumpable); task->pdeath_signal = 0; diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 443057bee87c..eb1c450bb7d7 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c @@ -20,6 +20,7 @@ #include <linux/pagemap.h> #include <linux/ptrace.h> #include <linux/security.h> +#include <linux/binfmts.h> #include <linux/signal.h> #include <linux/uio.h> #include <linux/audit.h> @@ -435,6 +436,28 @@ static int ptrace_attach(struct task_struct *task, long request, if (retval) goto unlock_creds; + if (unlikely(task->in_execve)) { + struct linux_binprm *bprm = task->signal->exec_bprm; + const struct cred __rcu *old_cred; + struct mm_struct *old_mm; + + retval = down_write_killable(&task->signal->exec_update_lock); + if (retval) + goto unlock_creds; + task_lock(task); + old_cred = task->real_cred; + old_mm = task->mm; + rcu_assign_pointer(task->real_cred, bprm->cred); + task->mm = bprm->mm; + retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS); + rcu_assign_pointer(task->real_cred, old_cred); + task->mm = old_mm; + task_unlock(task); + up_write(&task->signal->exec_update_lock); + if (retval) + goto unlock_creds; + } + write_lock_irq(&tasklist_lock); retval = -EPERM; if (unlikely(task->exit_state)) @@ -508,6 +531,14 @@ static int ptrace_traceme(void) { int ret = -EPERM; + if (mutex_lock_interruptible(&current->signal->cred_guard_mutex)) + return -ERESTARTNOINTR; + + if (unlikely(current->signal->exec_bprm)) { + mutex_unlock(&current->signal->cred_guard_mutex); + return -ERESTARTNOINTR; + } + write_lock_irq(&tasklist_lock); /* Are we already being traced? */ if (!current->ptrace) { @@ -523,6 +554,7 @@ static int ptrace_traceme(void) } } write_unlock_irq(&tasklist_lock); + mutex_unlock(&current->signal->cred_guard_mutex); return ret; } diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 255999ba9190..b29bbfa0b044 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -1955,9 +1955,15 @@ static long seccomp_set_mode_filter(unsigned int flags, * Make sure we cannot change seccomp or nnp state via TSYNC * while another thread is in the middle of calling exec. */ - if (flags & SECCOMP_FILTER_FLAG_TSYNC && - mutex_lock_killable(&current->signal->cred_guard_mutex)) - goto out_put_fd; + if (flags & SECCOMP_FILTER_FLAG_TSYNC) { + if (mutex_lock_killable(&current->signal->cred_guard_mutex)) + goto out_put_fd; + + if (unlikely(current->signal->exec_bprm)) { + mutex_unlock(&current->signal->cred_guard_mutex); + goto out_put_fd; + } + } spin_lock_irq(&current->sighand->siglock); diff --git a/tools/testing/selftests/ptrace/vmaccess.c b/tools/testing/selftests/ptrace/vmaccess.c index 4db327b44586..3b7d81fb99bb 100644 --- a/tools/testing/selftests/ptrace/vmaccess.c +++ b/tools/testing/selftests/ptrace/vmaccess.c @@ -39,8 +39,15 @@ TEST(vmaccess) f = open(mm, O_RDONLY); ASSERT_GE(f, 0); close(f); - f = kill(pid, SIGCONT); - ASSERT_EQ(f, 0); + f = waitpid(-1, NULL, 0); + ASSERT_NE(f, -1); + ASSERT_NE(f, 0); + ASSERT_NE(f, pid); + f = waitpid(-1, NULL, 0); + ASSERT_EQ(f, pid); + f = waitpid(-1, NULL, 0); + ASSERT_EQ(f, -1); + ASSERT_EQ(errno, ECHILD); } TEST(attach) @@ -57,22 +64,24 @@ TEST(attach) sleep(1); k = ptrace(PTRACE_ATTACH, pid, 0L, 0L); - ASSERT_EQ(errno, EAGAIN); - ASSERT_EQ(k, -1); + ASSERT_EQ(k, 0); k = waitpid(-1, &s, WNOHANG); ASSERT_NE(k, -1); ASSERT_NE(k, 0); ASSERT_NE(k, pid); ASSERT_EQ(WIFEXITED(s), 1); ASSERT_EQ(WEXITSTATUS(s), 0); - sleep(1); - k = ptrace(PTRACE_ATTACH, pid, 0L, 0L); + k = waitpid(-1, &s, 0); + ASSERT_EQ(k, pid); + ASSERT_EQ(WIFSTOPPED(s), 1); + ASSERT_EQ(WSTOPSIG(s), SIGTRAP); + k = ptrace(PTRACE_CONT, pid, 0L, 0L); ASSERT_EQ(k, 0); k = waitpid(-1, &s, 0); ASSERT_EQ(k, pid); ASSERT_EQ(WIFSTOPPED(s), 1); ASSERT_EQ(WSTOPSIG(s), SIGSTOP); - k = ptrace(PTRACE_DETACH, pid, 0L, 0L); + k = ptrace(PTRACE_CONT, pid, 0L, 0L); ASSERT_EQ(k, 0); k = waitpid(-1, &s, 0); ASSERT_EQ(k, pid); -- 2.39.2

1 week, 6 days

7
19
0 0

[PATCH 0/2] kselftest/arm64/gcs: Cleanups for basic-gcs.c

by Thomas Weißschuh

Two small cleanups. Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- Thomas Weißschuh (2): kselftest/arm64/gcs: Correctly check return value when disabling GCS kselftest/arm64/gcs: Use nolibc's getauxval() tools/testing/selftests/arm64/gcs/basic-gcs.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) --- base-commit: 8f5ae30d69d7543eee0d70083daf4de8fe15d585 change-id: 20250821-nolibc-gcs-fixes-11cf7585bb74 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

1 week, 6 days

2
4
0 0

[PATCH net 1/2] tls: fix handling of zero-length records on the rx_list

by Jakub Kicinski

Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type than what has already been processed we break out of the main processing loop. If the record has already been decrypted (which may be the case for TLS 1.3 where we don't know type until decryption) we queue the pending record to the rx_list. Next recvmsg() will pick it up from there. Queuing the skb to rx_list after zero-copy decrypt is not possible, since in that case we decrypted directly to the user space buffer, and we don't have an skb to queue (darg.skb points to the ciphertext skb for access to metadata like length). Only data records are allowed zero-copy, and we break the processing loop after each non-data record. So we should never zero-copy and then find out that the record type has changed. The corner case we missed is when the initial record comes from rx_list, and it's zero length. Reported-by: Muhammad Alifa Ramdhan <ramdhan(a)starlabs.sg> Reported-by: Billy Jheng Bing-Jhong <billy(a)starlabs.sg> Fixes: 84c61fe1a75b ("tls: rx: do not use the standard strparser") Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> --- net/tls/tls_sw.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 51c98a007dda..bac65d0d4e3e 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -1808,6 +1808,9 @@ int decrypt_skb(struct sock *sk, struct scatterlist *sgout) return tls_decrypt_sg(sk, NULL, sgout, &darg); } +/* All records returned from a recvmsg() call must have the same type. + * 0 is not a valid content type. Use it as "no type reported, yet". + */ static int tls_record_content_type(struct msghdr *msg, struct tls_msg *tlm, u8 *control) { @@ -2051,8 +2054,10 @@ int tls_sw_recvmsg(struct sock *sk, if (err < 0) goto end; + /* process_rx_list() will set @control if it processed any records */ copied = err; - if (len <= copied || (copied && control != TLS_RECORD_TYPE_DATA) || rx_more) + if (len <= copied || rx_more || + (control && control != TLS_RECORD_TYPE_DATA)) goto end; target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); -- 2.50.1

1 week, 6 days

3
3
0 0

[PATCH] selftests/hid: update vmtest.sh for virtme-ng

by Benjamin Tissoires

This commit is a rewrite almost from scratch of vmtest.sh. By relying on virtme-ng, we get rid of boot2container, reducing the total bootup time (and network requirements). That means that we are relying on the programs being installed on the host, but that shouldn't be an issue. The generation of the kconfig is also now handled by virtme-ng, so that's one less thing to worry. I used tools/testing/selftests/vsock/vmtest.sh as a base and modified it to look mostly like my previous script: - removed the custom ssh handling - make use of vng for compiling, which allows to bring remote compilation (and potentially remote compilation on a remote container) - change the verbosity logic by having 2 levels: - first one shows the tests outputs - second level also shows the VM logs - instead of only running the compiled kernel when it is built, if we are in the kernel tree, use the kernel artifacts there (and complain if they are not built) - adapted the tests list to match the HID subsystem tests Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> --- I have switched my workflow to make use of virtme-ng for a few months. Now it's time to automate the manual commands I've been running in vmtest.sh. --- tools/testing/selftests/hid/vmtest.sh | 668 +++++++++++++++++++++------------- 1 file changed, 423 insertions(+), 245 deletions(-) diff --git a/tools/testing/selftests/hid/vmtest.sh b/tools/testing/selftests/hid/vmtest.sh index db534e9099a8a4684346eed0067d397ffa6f80cf..ecbd57f775a044b4d076b4800ca0068f9533056c 100755 --- a/tools/testing/selftests/hid/vmtest.sh +++ b/tools/testing/selftests/hid/vmtest.sh @@ -1,296 +1,474 @@ #!/bin/bash # SPDX-License-Identifier: GPL-2.0 +# +# Copyright (c) 2025 Red Hat +# Copyright (c) 2025 Meta Platforms, Inc. and affiliates +# +# Dependencies: +# * virtme-ng +# * busybox-static (used by virtme-ng) +# * qemu (used by virtme-ng) + +readonly SCRIPT_DIR="$(cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P)" +readonly KERNEL_CHECKOUT=$(realpath "${SCRIPT_DIR}"/../../../../) + +source "${SCRIPT_DIR}"/../kselftest/ktap_helpers.sh + +readonly HID_BPF_TEST="${SCRIPT_DIR}"/hid_bpf +readonly HIDRAW_TEST="${SCRIPT_DIR}"/hidraw +readonly HID_BPF_PROGS="${KERNEL_CHECKOUT}/drivers/hid/bpf/progs" +readonly SSH_GUEST_PORT=22 +readonly WAIT_PERIOD=3 +readonly WAIT_PERIOD_MAX=60 +readonly WAIT_TOTAL=$(( WAIT_PERIOD * WAIT_PERIOD_MAX )) +readonly QEMU_PIDFILE=$(mktemp /tmp/qemu_hid_vmtest_XXXX.pid) + +readonly QEMU_OPTS="\ + --pidfile ${QEMU_PIDFILE} \ +" +readonly KERNEL_CMDLINE="" +readonly LOG=$(mktemp /tmp/hid_vmtest_XXXX.log) +readonly TEST_NAMES=(vm_hid_bpf vm_hidraw vm_pytest) +readonly TEST_DESCS=( + "Run hid_bpf tests in the VM." + "Run hidraw tests in the VM." + "Run the hid-tools test-suite in the VM." +) + +VERBOSE=0 +SHELL_MODE=0 +BUILD_HOST="" +BUILD_HOST_PODMAN_CONTAINER_NAME="" + +usage() { + local name + local desc + local i + + echo + echo "$0 [OPTIONS] [TEST]... [-- tests-args]" + echo "If no TEST argument is given, all tests will be run." + echo + echo "Options" + echo " -b: build the kernel from the current source tree and use it for guest VMs" + echo " -H: hostname for remote build host (used with -b)" + echo " -p: podman container name for remote build host (used with -b)" + echo " Example: -H beefyserver -p vng" + echo " -q: set the path to or name of qemu binary" + echo " -s: start a shell in the VM instead of running tests" + echo " -v: more verbose output (can be repeated multiple times)" + echo + echo "Available tests" + + for ((i = 0; i < ${#TEST_NAMES[@]}; i++)); do + name=${TEST_NAMES[${i}]} + desc=${TEST_DESCS[${i}]} + printf "\t%-35s%-35s\n" "${name}" "${desc}" + done + echo -set -u -set -e - -# This script currently only works for x86_64 -ARCH="$(uname -m)" -case "${ARCH}" in -x86_64) - QEMU_BINARY=qemu-system-x86_64 - BZIMAGE="arch/x86/boot/bzImage" - ;; -*) - echo "Unsupported architecture" exit 1 - ;; -esac -SCRIPT_DIR="$(dirname $(realpath $0))" -OUTPUT_DIR="$SCRIPT_DIR/results" -KCONFIG_REL_PATHS=("${SCRIPT_DIR}/config" "${SCRIPT_DIR}/config.common" "${SCRIPT_DIR}/config.${ARCH}") -B2C_URL="https://gitlab.freedesktop.org/gfx-ci/boot2container/-/raw/main/vm2c.py" -NUM_COMPILE_JOBS="$(nproc)" -LOG_FILE_BASE="$(date +"hid_selftests.%Y-%m-%d_%H-%M-%S")" -LOG_FILE="${LOG_FILE_BASE}.log" -EXIT_STATUS_FILE="${LOG_FILE_BASE}.exit_status" -CONTAINER_IMAGE="registry.freedesktop.org/bentiss/hid/fedora/39:2023-11-22.1" - -TARGETS="${TARGETS:=$(basename ${SCRIPT_DIR})}" -DEFAULT_COMMAND="pip3 install hid-tools; make -C tools/testing/selftests TARGETS=${TARGETS} run_tests" - -usage() -{ - cat <<EOF -Usage: $0 [-j N] [-s] [-b] [-d <output_dir>] -- [<command>] - -<command> is the command you would normally run when you are in -the source kernel direcory. e.g: - - $0 -- ./tools/testing/selftests/hid/hid_bpf - -If no command is specified and a debug shell (-s) is not requested, -"${DEFAULT_COMMAND}" will be run by default. - -If you build your kernel using KBUILD_OUTPUT= or O= options, these -can be passed as environment variables to the script: - - O=<kernel_build_path> $0 -- ./tools/testing/selftests/hid/hid_bpf - -or - - KBUILD_OUTPUT=<kernel_build_path> $0 -- ./tools/testing/selftests/hid/hid_bpf - -Options: - - -u) Update the boot2container script to a newer version. - -d) Update the output directory (default: ${OUTPUT_DIR}) - -b) Run only the build steps for the kernel and the selftests - -j) Number of jobs for compilation, similar to -j in make - (default: ${NUM_COMPILE_JOBS}) - -s) Instead of powering off the VM, start an interactive - shell. If <command> is specified, the shell runs after - the command finishes executing -EOF } -download() -{ - local file="$1" +die() { + echo "$*" >&2 + exit "${KSFT_FAIL}" +} - echo "Downloading $file..." >&2 - curl -Lsf "$file" -o "${@:2}" +vm_ssh() { + # vng --ssh-client keeps shouting "Warning: Permanently added 'virtme-ng%22' + # (ED25519) to the list of known hosts.", + # So replace the command with what's actually called and add the "-q" option + stdbuf -oL ssh -q \ + -F ${HOME}/.cache/virtme-ng/.ssh/virtme-ng-ssh.conf \ + -l root virtme-ng%${SSH_GUEST_PORT} \ + "$@" + return $? } -recompile_kernel() -{ - local kernel_checkout="$1" - local make_command="$2" +cleanup() { + if [[ -s "${QEMU_PIDFILE}" ]]; then + pkill -SIGTERM -F "${QEMU_PIDFILE}" > /dev/null 2>&1 + fi - cd "${kernel_checkout}" + # If failure occurred during or before qemu start up, then we need + # to clean this up ourselves. + if [[ -e "${QEMU_PIDFILE}" ]]; then + rm "${QEMU_PIDFILE}" + fi +} + +check_args() { + local found - ${make_command} olddefconfig - ${make_command} headers - ${make_command} + for arg in "$@"; do + found=0 + for name in "${TEST_NAMES[@]}"; do + if [[ "${name}" = "${arg}" ]]; then + found=1 + break + fi + done + + if [[ "${found}" -eq 0 ]]; then + echo "${arg} is not an available test" >&2 + usage + fi + done + + for arg in "$@"; do + if ! command -v > /dev/null "test_${arg}"; then + echo "Test ${arg} not found" >&2 + usage + fi + done +} + +check_deps() { + for dep in vng ${QEMU} busybox pkill ssh pytest; do + if [[ ! -x $(command -v "${dep}") ]]; then + echo -e "skip: dependency ${dep} not found!\n" + exit "${KSFT_SKIP}" + fi + done + + if [[ ! -x $(command -v "${HID_BPF_TEST}") ]]; then + printf "skip: %s not found!" "${HID_BPF_TEST}" + printf " Please build the kselftest hid_bpf target.\n" + exit "${KSFT_SKIP}" + fi + + if [[ ! -x $(command -v "${HIDRAW_TEST}") ]]; then + printf "skip: %s not found!" "${HIDRAW_TEST}" + printf " Please build the kselftest hidraw target.\n" + exit "${KSFT_SKIP}" + fi } -update_selftests() -{ - local kernel_checkout="$1" - local selftests_dir="${kernel_checkout}/tools/testing/selftests/hid" +check_vng() { + local tested_versions + local version + local ok - cd "${selftests_dir}" - ${make_command} + tested_versions=("1.36" "1.37") + version="$(vng --version)" + + ok=0 + for tv in "${tested_versions[@]}"; do + if [[ "${version}" == *"${tv}"* ]]; then + ok=1 + break + fi + done + + if [[ ! "${ok}" -eq 1 ]]; then + printf "warning: vng version '%s' has not been tested and may " "${version}" >&2 + printf "not function properly.\n\tThe following versions have been tested: " >&2 + echo "${tested_versions[@]}" >&2 + fi } -run_vm() -{ - local run_dir="$1" - local b2c="$2" - local kernel_bzimage="$3" - local command="$4" - local post_command="" - - cd "${run_dir}" - - if ! which "${QEMU_BINARY}" &> /dev/null; then - cat <<EOF -Could not find ${QEMU_BINARY} -Please install qemu or set the QEMU_BINARY environment variable. -EOF +handle_build() { + if [[ ! "${BUILD}" -eq 1 ]]; then + return + fi + + if [[ ! -d "${KERNEL_CHECKOUT}" ]]; then + echo "-b requires vmtest.sh called from the kernel source tree" >&2 exit 1 fi - # alpine (used in post-container requires the PATH to have /bin - export PATH=$PATH:/bin + pushd "${KERNEL_CHECKOUT}" &>/dev/null - if [[ "${debug_shell}" != "yes" ]] - then - touch ${OUTPUT_DIR}/${LOG_FILE} - command="mount bpffs -t bpf /sys/fs/bpf/; set -o pipefail ; ${command} 2>&1 | tee ${OUTPUT_DIR}/${LOG_FILE}" - post_command="cat ${OUTPUT_DIR}/${LOG_FILE}" - else - command="mount bpffs -t bpf /sys/fs/bpf/; ${command}" + if ! vng --kconfig --config "${SCRIPT_DIR}"/config; then + die "failed to generate .config for kernel source tree (${KERNEL_CHECKOUT})" fi - set +e - $b2c --command "${command}" \ - --kernel ${kernel_bzimage} \ - --workdir ${OUTPUT_DIR} \ - --image ${CONTAINER_IMAGE} + local vng_args=("-v" "--config" "${SCRIPT_DIR}/config" "--build") - echo $? > ${OUTPUT_DIR}/${EXIT_STATUS_FILE} + if [[ -n "${BUILD_HOST}" ]]; then + vng_args+=("--build-host" "${BUILD_HOST}") + fi - set -e + if [[ -n "${BUILD_HOST_PODMAN_CONTAINER_NAME}" ]]; then + vng_args+=("--build-host-exec-prefix" \ + "podman exec -ti ${BUILD_HOST_PODMAN_CONTAINER_NAME}") + fi - ${post_command} -} + if ! vng "${vng_args[@]}"; then + die "failed to build kernel from source tree (${KERNEL_CHECKOUT})" + fi -is_rel_path() -{ - local path="$1" + if ! make -j$(nproc) -C "${HID_BPF_PROGS}"; then + die "failed to build HID bpf objects from source tree (${HID_BPF_PROGS})" + fi - [[ ${path:0:1} != "/" ]] + if ! make -j$(nproc) -C "${SCRIPT_DIR}"; then + die "failed to build HID selftests from source tree (${SCRIPT_DIR})" + fi + + popd &>/dev/null } -do_update_kconfig() -{ - local kernel_checkout="$1" - local kconfig_file="$2" +vm_start() { + local logfile=/dev/null + local verbose_opt="" + local kernel_opt="" + local qemu - rm -f "$kconfig_file" 2> /dev/null + qemu=$(command -v "${QEMU}") - for config in "${KCONFIG_REL_PATHS[@]}"; do - local kconfig_src="${config}" - cat "$kconfig_src" >> "$kconfig_file" - done -} + if [[ "${VERBOSE}" -eq 2 ]]; then + verbose_opt="--verbose" + logfile=/dev/stdout + fi -update_kconfig() -{ - local kernel_checkout="$1" - local kconfig_file="$2" - - if [[ -f "${kconfig_file}" ]]; then - local local_modified="$(stat -c %Y "${kconfig_file}")" - - for config in "${KCONFIG_REL_PATHS[@]}"; do - local kconfig_src="${config}" - local src_modified="$(stat -c %Y "${kconfig_src}")" - # Only update the config if it has been updated after the - # previously cached config was created. This avoids - # unnecessarily compiling the kernel and selftests. - if [[ "${src_modified}" -gt "${local_modified}" ]]; then - do_update_kconfig "$kernel_checkout" "$kconfig_file" - # Once we have found one outdated configuration - # there is no need to check other ones. - break - fi - done - else - do_update_kconfig "$kernel_checkout" "$kconfig_file" + # If we are running from within the kernel source tree, use the kernel source tree + # as the kernel to boot, otherwise use the currently running kernel. + if [[ "$(realpath "$(pwd)")" == "${KERNEL_CHECKOUT}"* ]]; then + kernel_opt="${KERNEL_CHECKOUT}" fi -} -main() -{ - local script_dir="$(cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P)" - local kernel_checkout=$(realpath "${script_dir}"/../../../../) - # By default the script searches for the kernel in the checkout directory but - # it also obeys environment variables O= and KBUILD_OUTPUT= - local kernel_bzimage="${kernel_checkout}/${BZIMAGE}" - local command="${DEFAULT_COMMAND}" - local update_b2c="no" - local debug_shell="no" - local build_only="no" - - while getopts ':hsud:j:b' opt; do - case ${opt} in - u) - update_b2c="yes" - ;; - d) - OUTPUT_DIR="$OPTARG" - ;; - j) - NUM_COMPILE_JOBS="$OPTARG" - ;; - s) - command="/bin/sh" - debug_shell="yes" - ;; - b) - build_only="yes" - ;; - h) - usage - exit 0 - ;; - \? ) - echo "Invalid Option: -$OPTARG" - usage - exit 1 - ;; - : ) - echo "Invalid Option: -$OPTARG requires an argument" - usage - exit 1 - ;; - esac - done - shift $((OPTIND -1)) - - # trap 'catch "$?"' EXIT - if [[ "${build_only}" == "no" && "${debug_shell}" == "no" ]]; then - if [[ $# -eq 0 ]]; then - echo "No command specified, will run ${DEFAULT_COMMAND} in the vm" - else - command="$@" - - if [[ "${command}" == "/bin/bash" || "${command}" == "bash" ]] - then - debug_shell="yes" - fi + vng \ + --run \ + ${kernel_opt} \ + ${verbose_opt} \ + --qemu-opts="${QEMU_OPTS}" \ + --qemu="${qemu}" \ + --user root \ + --append "${KERNEL_CMDLINE}" \ + --ssh "${SSH_GUEST_PORT}" \ + --rw &> ${logfile} & + + local vng_pid=$! + local elapsed=0 + + while [[ ! -s "${QEMU_PIDFILE}" ]]; do + if ! kill -0 "${vng_pid}" 2>/dev/null; then + echo "vng process (PID ${vng_pid}) exited early, check logs for details" >&2 + die "failed to boot VM" fi - fi - local kconfig_file="${OUTPUT_DIR}/latest.config" - local make_command="make -j ${NUM_COMPILE_JOBS} KCONFIG_CONFIG=${kconfig_file}" + if [[ ${elapsed} -ge ${WAIT_TOTAL} ]]; then + echo "Timed out after ${WAIT_TOTAL} seconds waiting for VM to boot" >&2 + die "failed to boot VM" + fi - # Figure out where the kernel is being built. - # O takes precedence over KBUILD_OUTPUT. - if [[ "${O:=""}" != "" ]]; then - if is_rel_path "${O}"; then - O="$(realpath "${PWD}/${O}")" + sleep 1 + elapsed=$((elapsed + 1)) + done +} + +vm_wait_for_ssh() { + local i + + i=0 + while true; do + if [[ ${i} -gt ${WAIT_PERIOD_MAX} ]]; then + die "Timed out waiting for guest ssh" fi - kernel_bzimage="${O}/${BZIMAGE}" - make_command="${make_command} O=${O}" - elif [[ "${KBUILD_OUTPUT:=""}" != "" ]]; then - if is_rel_path "${KBUILD_OUTPUT}"; then - KBUILD_OUTPUT="$(realpath "${PWD}/${KBUILD_OUTPUT}")" + if vm_ssh -- true; then + break fi - kernel_bzimage="${KBUILD_OUTPUT}/${BZIMAGE}" - make_command="${make_command} KBUILD_OUTPUT=${KBUILD_OUTPUT}" + i=$(( i + 1 )) + sleep ${WAIT_PERIOD} + done +} + +vm_mount_bpffs() { + vm_ssh -- mount bpffs -t bpf /sys/fs/bpf +} + +__log_stdin() { + stdbuf -oL awk '{ printf "%s:\t%s\n","'"${prefix}"'", $0; fflush() }' +} + +__log_args() { + echo "$*" | awk '{ printf "%s:\t%s\n","'"${prefix}"'", $0 }' +} + +log() { + local verbose="$1" + shift + + local prefix="$1" + + shift + local redirect= + if [[ ${verbose} -le 0 ]]; then + redirect=/dev/null + else + redirect=/dev/stdout + fi + + if [[ "$#" -eq 0 ]]; then + __log_stdin | tee -a "${LOG}" > ${redirect} + else + __log_args "$@" | tee -a "${LOG}" > ${redirect} fi +} - local b2c="${OUTPUT_DIR}/vm2c.py" +log_setup() { + log $((VERBOSE-1)) "setup" "$@" +} - echo "Output directory: ${OUTPUT_DIR}" +log_host() { + local testname=$1 - mkdir -p "${OUTPUT_DIR}" - update_kconfig "${kernel_checkout}" "${kconfig_file}" + shift + log $((VERBOSE-1)) "test:${testname}:host" "$@" +} - recompile_kernel "${kernel_checkout}" "${make_command}" - update_selftests "${kernel_checkout}" "${make_command}" +log_guest() { + local testname=$1 - if [[ "${build_only}" == "no" ]]; then - if [[ "${update_b2c}" == "no" && ! -f "${b2c}" ]]; then - echo "vm2c script not found in ${b2c}" - update_b2c="yes" - fi + shift + log ${VERBOSE} "# test:${testname}" "$@" +} - if [[ "${update_b2c}" == "yes" ]]; then - download $B2C_URL $b2c - chmod +x $b2c - fi +test_vm_hid_bpf() { + local testname="${FUNCNAME[0]#test_}" - run_vm "${kernel_checkout}" $b2c "${kernel_bzimage}" "${command}" - if [[ "${debug_shell}" != "yes" ]]; then - echo "Logs saved in ${OUTPUT_DIR}/${LOG_FILE}" - fi + vm_ssh -- "${HID_BPF_TEST}" \ + 2>&1 | log_guest "${testname}" + + return ${PIPESTATUS[0]} +} + +test_vm_hidraw() { + local testname="${FUNCNAME[0]#test_}" + + vm_ssh -- "${HIDRAW_TEST}" \ + 2>&1 | log_guest "${testname}" + + return ${PIPESTATUS[0]} +} + +test_vm_pytest() { + local testname="${FUNCNAME[0]#test_}" - exit $(cat ${OUTPUT_DIR}/${EXIT_STATUS_FILE}) + shift + + vm_ssh -- pytest ${SCRIPT_DIR}/tests --color=yes "$@" \ + 2>&1 | log_guest "${testname}" + + return ${PIPESTATUS[0]} +} + +run_test() { + local vm_oops_cnt_before + local vm_warn_cnt_before + local vm_oops_cnt_after + local vm_warn_cnt_after + local name + local rc + + vm_oops_cnt_before=$(vm_ssh -- dmesg | grep -c -i 'Oops') + vm_error_cnt_before=$(vm_ssh -- dmesg --level=err | wc -l) + + name=$(echo "${1}" | awk '{ print $1 }') + eval test_"${name}" "$@" + rc=$? + + vm_oops_cnt_after=$(vm_ssh -- dmesg | grep -i 'Oops' | wc -l) + if [[ ${vm_oops_cnt_after} -gt ${vm_oops_cnt_before} ]]; then + echo "FAIL: kernel oops detected on vm" | log_host "${name}" + rc=$KSFT_FAIL + fi + + vm_error_cnt_after=$(vm_ssh -- dmesg --level=err | wc -l) + if [[ ${vm_error_cnt_after} -gt ${vm_error_cnt_before} ]]; then + echo "FAIL: kernel error detected on vm" | log_host "${name}" + vm_ssh -- dmesg --level=err | log_host "${name}" + rc=$KSFT_FAIL fi + + return "${rc}" } -main "$@" +QEMU="qemu-system-$(uname -m)" + +while getopts :hvsbq:H:p: o +do + case $o in + v) VERBOSE=$((VERBOSE+1));; + s) SHELL_MODE=1;; + b) BUILD=1;; + q) QEMU=$OPTARG;; + H) BUILD_HOST=$OPTARG;; + p) BUILD_HOST_PODMAN_CONTAINER_NAME=$OPTARG;; + h|*) usage;; + esac +done +shift $((OPTIND-1)) + +trap cleanup EXIT + +PARAMS="" + +if [[ ${#} -eq 0 ]]; then + ARGS=("${TEST_NAMES[@]}") +else + ARGS=() + COUNT=0 + for arg in $@; do + COUNT=$((COUNT+1)) + if [[ x"$arg" == x"--" ]]; then + break + fi + ARGS+=($arg) + done + shift $COUNT + PARAMS="$@" +fi + +if [[ "${SHELL_MODE}" -eq 0 ]]; then + check_args "${ARGS[@]}" + echo "1..${#ARGS[@]}" +fi +check_deps +check_vng +handle_build + +log_setup "Booting up VM" +vm_start +vm_wait_for_ssh +vm_mount_bpffs +log_setup "VM booted up" + +if [[ "${SHELL_MODE}" -eq 1 ]]; then + log_setup "Starting interactive shell in VM" + echo "Starting shell in VM. Use 'exit' to quit and shutdown the VM." + CURRENT_DIR="$(pwd)" + vm_ssh -t -- "cd '${CURRENT_DIR}' && exec bash -l" + exit "$KSFT_PASS" +fi + +cnt_pass=0 +cnt_fail=0 +cnt_skip=0 +cnt_total=0 +for arg in "${ARGS[@]}"; do + run_test "${arg}" "${PARAMS}" + rc=$? + if [[ ${rc} -eq $KSFT_PASS ]]; then + cnt_pass=$(( cnt_pass + 1 )) + echo "ok ${cnt_total} ${arg}" + elif [[ ${rc} -eq $KSFT_SKIP ]]; then + cnt_skip=$(( cnt_skip + 1 )) + echo "ok ${cnt_total} ${arg} # SKIP" + elif [[ ${rc} -eq $KSFT_FAIL ]]; then + cnt_fail=$(( cnt_fail + 1 )) + echo "not ok ${cnt_total} ${arg} # exit=$rc" + fi + cnt_total=$(( cnt_total + 1 )) +done + +echo "SUMMARY: PASS=${cnt_pass} SKIP=${cnt_skip} FAIL=${cnt_fail}" +echo "Log: ${LOG}" + +if [ $((cnt_pass + cnt_skip)) -eq ${cnt_total} ]; then + exit "$KSFT_PASS" +else + exit "$KSFT_FAIL" +fi --- base-commit: b80a75cf6999fb79971b41eaec7af2bb4b514714 change-id: 20250818-virtme-ng-f73db7e61235 Best regards, -- Benjamin Tissoires <bentiss(a)kernel.org>

1 week, 6 days

1
0
0 0

[PATCH bpf-next v12 0/2] libbpf: fix USDT SIB argument handling causing unrecognized register error

by Jiawei Zhao

When using GCC on x86-64 to compile an usdt prog with -O1 or higher optimization, the compiler will generate SIB addressing mode for global array and PC-relative addressing mode for global variable, e.g. "1@-96(%rbp,%rax,8)" and "-1@4+t1(%rip)". The current USDT implementation in libbpf cannot parse these two formats, causing `bpf_program__attach_usdt()` to fail with -ENOENT (unrecognized register). This patch series adds support for SIB addressing mode in USDT probes. The main changes include: - add correct handling logic for SIB-addressed arguments in `parse_usdt_arg`. - add an usdt_o2 test case to cover SIB addressing mode. Testing shows that the SIB probe correctly generates 8@(%rcx,%rax,8) argument spec and passes all validation checks. The modification history of this patch series: Change since v1: - refactor the code to make it more readable - modify the commit message to explain why and how Change since v2: - fix the `scale` uninitialized error Change since v3: - force -O2 optimization for usdt.test.o to generate SIB addressing usdt and pass all test cases. Change since v4: - split the patch into two parts, one for the fix and the other for the test Change since v5: - Only enable optimization for x86 architecture to generate SIB addressing usdt argument spec. Change since v6: - Add an usdt_o2 test case to cover SIB addressing mode. - Reinstate the usdt.c test case. Change since v7: - Refactor modifications to __bpf_usdt_arg_spec to avoid increasing its size, achieving better compatibility - Fix some minor code style issues - Refactor the usdt_o2 test case, removing semaphore and adding GCC attribute to force -O2 optimization Change since v8: - Refactor the usdt_o2 test case, using assembly to force SIB addressing mode. Change since v9: - Only enable the usdt_o2 test case on x86_64 and i386 architectures since the SIB addressing mode is only supported on x86_64 and i386. Change since v10: - Replace `__attribute__((optimize("O2")))` with `#pragma GCC optimize("O1")` to fix the issue where the optimized compilation condition works improperly. - Renamed test case usdt_o2 and relevant files name to usdt_o1 in that O1 level optimization is enough to generate SIB addressing usdt argument spec. Change since v11: - Replace `STAP_PROBE1` with `STAP_PROBE_ASM` - Use bit fields instead of bit shifting operations - Merge the usdt_o1 test case into the usdt test case Jiawei Zhao (2): libbpf: fix USDT SIB argument handling causing unrecognized register error selftests/bpf: Enrich subtest_basic_usdt case in selftests to cover SIB handling logic tools/lib/bpf/usdt.bpf.h | 47 ++++++++++++++- tools/lib/bpf/usdt.c | 58 +++++++++++++++++-- tools/testing/selftests/bpf/prog_tests/usdt.c | 30 ++++++++++ tools/testing/selftests/bpf/progs/test_usdt.c | 28 +++++++++ 4 files changed, 156 insertions(+), 7 deletions(-) -- 2.43.0

1 week, 6 days

1
2
0 0

[PATCH 0/5] RISC-V: Add Zilsd/Zclsd support in hwprobe and KVM

by Pincheng Wang

Hi all, This patch series adds support for the recently ratified Zilsd (Load/Store pair instructions) and Zclsd (Compressed Load/Store pair instructions) extensions to the RISC-V Linux kernel. It covers device tree binding,ISA string parsing, hwprobe exposure, KVM guest handling and selftests. Zilsd and Zclsd allow more efficient memory access sequences on RV32. My goal is to enable glibc and other user-space libraries to detect these extensions via hwprobe and make use of them for optimized implementations of common routines. To achieve this, the Linux kernel needs to recognize and expose the availability of these extensions through the device tree bindings, ISA string parsing and hwprobe interfaces. KVM support is also required to correctly virtualize these features for guest environments. The series is structured as follows: - Patch 1: Add device tree bindings documentation for Zilsd and Zclsd - Patch 2: Extend RISC-V ISA extension string parsing to recognize them. - Patch 3: Export Zilsd and Zclsd via riscv_hwprobe - Patch 4: Allow KVM guests to use them. - Patch 5: Add KVM selftests. This series of patches is a preparatory step toward enabling user-space optimizations in glibc that leverage Zilsd and Zclsd, by providing the necessary kernel-side support. Please review, and let me know if any adjustments are needed. Thanks, Pincheng Wang Pincheng Wang (5): dt-bidings: riscv: add Zilsd and Zclsd extension descriptions riscv: add ISA extension parsing for Zilsd and Zclsd riscv: hwprobe: export Zilsd and Zclsd ISA extensions riscv: KVM: allow Zilsd and Zclsd extensions for Guest/VM KVM: riscv: selftests: add Zilsd and Zclsd extension to get-reg-list test Documentation/arch/riscv/hwprobe.rst | 8 ++++ .../devicetree/bindings/riscv/extensions.yaml | 39 +++++++++++++++++++ arch/riscv/include/asm/hwcap.h | 2 + arch/riscv/include/uapi/asm/hwprobe.h | 2 + arch/riscv/include/uapi/asm/kvm.h | 2 + arch/riscv/kernel/cpufeature.c | 24 ++++++++++++ arch/riscv/kernel/sys_hwprobe.c | 2 + arch/riscv/kvm/vcpu_onereg.c | 2 + .../selftests/kvm/riscv/get-reg-list.c | 6 +++ 9 files changed, 87 insertions(+) -- 2.39.5

1 week, 6 days

1
5
0 0

[PATCH v13 00/21] Enable CET Virtualization

by Chao Gao

The FPU support for CET virtualization has already been merged into 6.17-rc1. Building on that, this series introduces Intel CET virtualization support for KVM. Changes in v13 1. Add "arch" and "size" fields to the register ID used in KVM_GET/SET_ONE_REG ioctls 2. Add a kselftest for KVM_GET/SET_ONE_REG ioctls 3. Advertise KVM_CAP_ONE_REG 4. Document how the emulation of SSP MSRs is flawed for 32-bit guests 5. Don't pass-thru MSR_IA32_INT_SSP_TAB and report it as unsupported for 32-bit guests 6. Refine changelog to clarify why CET MSRs are pass-thru'd. 7. Limit SHSTK to 64-bit kernels 8. Retain CET state if L1 doesn't set VM_EXIT_LOAD_CET_STATE 9. Rename a new functions for clarity --- Control-flow Enforcement Technology (CET) is a kind of CPU feature used to prevent Return/CALL/Jump-Oriented Programming (ROP/COP/JOP) attacks. It provides two sub-features(SHSTK,IBT) to defend against ROP/COP/JOP style control-flow subversion attacks. Shadow Stack (SHSTK): A shadow stack is a second stack used exclusively for control transfer operations. The shadow stack is separate from the data/normal stack and can be enabled individually in user and kernel mode. When shadow stack is enabled, CALL pushes the return address on both the data and shadow stack. RET pops the return address from both stacks and compares them. If the return addresses from the two stacks do not match, the processor generates a #CP. Indirect Branch Tracking (IBT): IBT introduces new instruction(ENDBRANCH)to mark valid target addresses of indirect branches (CALL, JMP etc...). If an indirect branch is executed and the next instruction is _not_ an ENDBRANCH, the processor generates a #CP. These instruction behaves as a NOP on platforms that doesn't support CET. CET states management ===================== KVM cooperates with host kernel FPU framework to manage guest CET registers. With CET supervisor mode state support in this series, KVM can save/restore full guest CET xsave-managed states. CET user mode and supervisor mode xstates, i.e., MSR_IA32_{U_CET,PL3_SSP} and MSR_IA32_PL{0,1,2}, depend on host FPU framework to swap guest and host xstates. On VM-Exit, guest CET xstates are saved to guest fpu area and host CET xstates are loaded from task/thread context before vCPU returns to userspace, vice-versa on VM-Entry. See details in kvm_{load,put}_guest_fpu(). CET supervisor mode states are grouped into two categories : XSAVE-managed and non-XSAVE-managed, the former includes MSR_IA32_PL{0,1,2}_SSP and are controlled by CET supervisor mode bit(S_CET bit) in XSS, the later consists of MSR_IA32_S_CET and MSR_IA32_INTR_SSP_TBL. VMX introduces new VMCS fields, {GUEST|HOST}_{S_CET,SSP,INTR_SSP_TABL}, to facilitate guest/host non-XSAVES-managed states. When VMX CET entry/exit load bits are set, guest/host MSR_IA32_{S_CET,INTR_SSP_TBL,SSP} are loaded from equivalent fields at VM-Exit/Entry. With these new fields, such supervisor states require no addtional KVM save/reload actions. Tests ====== This series has successfully passed the basic CET user shadow stack test and kernel IBT test in both L1 and L2 guests. The newly added KVM-unit-tests [2] also passed, and its v11 has been tested with the AMD CET series by John [3]. For your convenience, you can use my WIP QEMU [1] for testing. [1]: https://github.com/gaochaointel/qemu-dev qemu-cet [2]: https://lore.kernel.org/kvm/20250626073459.12990-1-minipli@grsecurity.net/ [3]: https://lore.kernel.org/kvm/aH6CH+x5mCDrvtoz@AUSJOHALLEN.amd.com/ Chao Gao (4): KVM: nVMX: Add consistency checks for CR0.WP and CR4.CET KVM: nVMX: Add consistency checks for CET states KVM: nVMX: Advertise new VM-Entry/Exit control bits for CET state KVM: selftest: Add tests for KVM_{GET,SET}_ONE_REG Sean Christopherson (2): KVM: x86: Report XSS as to-be-saved if there are supported features KVM: x86: Load guest FPU state when access XSAVE-managed MSRs Yang Weijiang (15): KVM: x86: Introduce KVM_{G,S}ET_ONE_REG uAPIs support KVM: x86: Refresh CPUID on write to guest MSR_IA32_XSS KVM: x86: Initialize kvm_caps.supported_xss KVM: x86: Add fault checks for guest CR4.CET setting KVM: x86: Report KVM supported CET MSRs as to-be-saved KVM: VMX: Introduce CET VMCS fields and control bits KVM: x86: Enable guest SSP read/write interface with new uAPIs KVM: VMX: Emulate read and write to CET MSRs KVM: x86: Save and reload SSP to/from SMRAM KVM: VMX: Set up interception for CET MSRs KVM: VMX: Set host constant supervisor states to VMCS fields KVM: x86: Don't emulate instructions guarded by CET KVM: x86: Enable CET virtualization for VMX and advertise to userspace KVM: nVMX: Virtualize NO_HW_ERROR_CODE_CC for L1 event injection to L2 KVM: nVMX: Prepare for enabling CET support for nested guest arch/x86/include/asm/kvm_host.h | 5 +- arch/x86/include/asm/vmx.h | 9 + arch/x86/include/uapi/asm/kvm.h | 24 ++ arch/x86/kvm/cpuid.c | 17 +- arch/x86/kvm/emulate.c | 46 ++- arch/x86/kvm/smm.c | 8 + arch/x86/kvm/smm.h | 2 +- arch/x86/kvm/svm/svm.c | 4 + arch/x86/kvm/vmx/capabilities.h | 9 + arch/x86/kvm/vmx/nested.c | 163 ++++++++++- arch/x86/kvm/vmx/nested.h | 5 + arch/x86/kvm/vmx/vmcs12.c | 6 + arch/x86/kvm/vmx/vmcs12.h | 14 +- arch/x86/kvm/vmx/vmx.c | 84 +++++- arch/x86/kvm/vmx/vmx.h | 9 +- arch/x86/kvm/x86.c | 267 +++++++++++++++++- arch/x86/kvm/x86.h | 61 ++++ tools/arch/x86/include/uapi/asm/kvm.h | 24 ++ tools/testing/selftests/kvm/Makefile.kvm | 1 + .../selftests/kvm/x86/get_set_one_reg.c | 35 +++ 20 files changed, 752 insertions(+), 41 deletions(-) create mode 100644 tools/testing/selftests/kvm/x86/get_set_one_reg.c -- 2.47.3

2 weeks

1
2
0 0

[PATCH] selftests: proc: mark vsyscall strings maybe-unused

by Bala-Vignesh-Reddy

The str_vsyscall_* constants in proc-pid-vm.c triggers -Wunused-const-variable warnings with gcc-13.32 and clang 18.1. Define and apply __maybe_unused locally to suppress the warnings. No functional change Fixes compiler warning: warning: ‘str_vsyscall_*’ defined but not used[-Wunused-const-variable] Signed-off-by: Bala-Vignesh-Reddy <reddybalavignesh9979(a)gmail.com> --- tools/testing/selftests/proc/proc-pid-vm.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/proc/proc-pid-vm.c b/tools/testing/selftests/proc/proc-pid-vm.c index d04685771952..978cbcb3eb11 100644 --- a/tools/testing/selftests/proc/proc-pid-vm.c +++ b/tools/testing/selftests/proc/proc-pid-vm.c @@ -47,6 +47,10 @@ #include <sys/resource.h> #include <linux/fs.h> +#ifndef __maybe_unused +#define __maybe_unused __attribute__((__unused__)) +#endif + #include "../kselftest.h" static inline long sys_execveat(int dirfd, const char *pathname, char **argv, char **envp, int flags) @@ -218,12 +222,12 @@ static int make_exe(const uint8_t *payload, size_t len) * 2: vsyscall VMA is r-xp vsyscall=emulate */ static volatile int g_vsyscall; -static const char *str_vsyscall; +static const char *str_vsyscall __maybe_unused; -static const char str_vsyscall_0[] = ""; -static const char str_vsyscall_1[] = +static const char str_vsyscall_0[] __maybe_unused = ""; +static const char str_vsyscall_1[] __maybe_unused = "ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0 [vsyscall]\n"; -static const char str_vsyscall_2[] = +static const char str_vsyscall_2[] __maybe_unused = "ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]\n"; #ifdef __x86_64__ -- 2.43.0

2 weeks

2
2
0 0

[PATCH v6 24/24] tracing: selftests: Add pKVM trace remote tests

by Vincent Donnefort

Run the trace remote selftests with the pKVM trace remote "hypervisor". Cc: Shuah Khan <skhan(a)linuxfoundation.org> Cc: linux-kselftest(a)vger.kernel.org Signed-off-by: Vincent Donnefort <vdonnefort(a)google.com> diff --git a/tools/testing/selftests/ftrace/test.d/remotes/pkvm/buffer_size.tc b/tools/testing/selftests/ftrace/test.d/remotes/pkvm/buffer_size.tc new file mode 100644 index 000000000000..383ef7a84274 --- /dev/null +++ b/tools/testing/selftests/ftrace/test.d/remotes/pkvm/buffer_size.tc @@ -0,0 +1,10 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0 +# description: Test pkvm hypervisor tracing buffer size + +SOURCE_REMOTE_TEST=1 +. $TEST_DIR/remotes/buffer_size.tc + +set -e +setup_remote "hypervisor" +test_buffer_size diff --git a/tools/testing/selftests/ftrace/test.d/remotes/pkvm/reset.tc b/tools/testing/selftests/ftrace/test.d/remotes/pkvm/reset.tc new file mode 100644 index 000000000000..679e31257d0b --- /dev/null +++ b/tools/testing/selftests/ftrace/test.d/remotes/pkvm/reset.tc @@ -0,0 +1,10 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0 +# description: Test pkvm hypervisor tracing reset + +SOURCE_REMOTE_TEST=1 +. $TEST_DIR/remotes/reset.tc + +set -e +setup_remote "hypervisor" +test_reset diff --git a/tools/testing/selftests/ftrace/test.d/remotes/pkvm/trace_pipe.tc b/tools/testing/selftests/ftrace/test.d/remotes/pkvm/trace_pipe.tc new file mode 100644 index 000000000000..4c77431e884f --- /dev/null +++ b/tools/testing/selftests/ftrace/test.d/remotes/pkvm/trace_pipe.tc @@ -0,0 +1,10 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0 +# description: Test pkvm hypervisor tracing pipe + +SOURCE_REMOTE_TEST=1 +. $TEST_DIR/remotes/trace_pipe.tc + +set -e +setup_remote "hypervisor" +test_trace_pipe diff --git a/tools/testing/selftests/ftrace/test.d/remotes/pkvm/unloading.tc b/tools/testing/selftests/ftrace/test.d/remotes/pkvm/unloading.tc new file mode 100644 index 000000000000..059c7ad1c008 --- /dev/null +++ b/tools/testing/selftests/ftrace/test.d/remotes/pkvm/unloading.tc @@ -0,0 +1,10 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0 +# description: Test pkvm hypervisor tracing buffer unloading + +SOURCE_REMOTE_TEST=1 +. $TEST_DIR/remotes/unloading.tc + +set -e +setup_remote "hypervisor" +test_unloading -- 2.51.0.rc2.233.g662b1ed5c5-goog

2 weeks

1
0
0 0

[PATCHv3 net 0/3] bonding: fix negotiation flapping in 802.3ad passive mode

by Hangbin Liu

This patch fixes unstable LACP negotiation when bonding is configured in passive mode (`lacp_active=off`). Previously, the actor would stop sending LACPDUs after initial negotiation succeeded, leading to the partner timing out and restarting the negotiation cycle. This resulted in continuous LACP state flapping. The fix ensures the passive actor starts sending periodic LACPDUs after receiving the first LACPDU from the partner, in accordance with IEEE 802.1AX-2020 section 6.4.1. v3: a) const bond_params for ad_initialize_port (Paolo Abeni) b) add comment about why we need to sleep in test script (Paolo Abeni) v2: a) Split the patch in to 2 parts. One for lacp_active setting. One for passive mode negotiation flapping issue. (Nikolay Aleksandrov) b) Update fixes tags and some comments (Nikolay Aleksandrov) c) Update selftest to pass on normal kernel (Jakub Kicinski) Hangbin Liu (3): bonding: update LACP activity flag after setting lacp_active bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU selftests: bonding: add test for passive LACP mode drivers/net/bonding/bond_3ad.c | 67 ++++++++--- drivers/net/bonding/bond_options.c | 1 + include/net/bond_3ad.h | 1 + .../selftests/drivers/net/bonding/Makefile | 3 +- .../drivers/net/bonding/bond_passive_lacp.sh | 105 ++++++++++++++++++ .../selftests/drivers/net/bonding/config | 1 + 6 files changed, 159 insertions(+), 19 deletions(-) create mode 100755 tools/testing/selftests/drivers/net/bonding/bond_passive_lacp.sh -- 2.50.1

2 weeks

2
4
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror August 2025