- Linux-kselftest-mirror - lists.linaro.org

[PATCH v2 00/10] KVM: nVMX: Improve performance for unmanaged guest memory

by griffoul＠gmail.com

From: Fred Griffoul <fgriffo(a)amazon.co.uk> This patch series addresses both performance and correctness issues in nested VMX when handling guest memory. During nested VMX operations, L0 (KVM) accesses specific L1 guest pages to manage L2 execution. These pages fall into two categories: pages accessed only by L0 (such as the L1 MSR bitmap page or the eVMCS page), and pages passed to the L2 guest via vmcs02 (such as APIC access, virtual APIC, and posted interrupt descriptor pages). The current implementation uses kvm_vcpu_map/unmap, which causes two issues. First, the current approach is missing proper invalidation handling in critical scenarios. Enlightened VMCS (eVMCS) pages can become stale when memslots are modified, as there is no mechanism to invalidate the cached mappings. Similarly, APIC access and virtual APIC pages can be migrated by the host, but without proper notification through mmu_notifier callbacks, the mappings become invalid and can lead to incorrect behavior. Second, for unmanaged guest memory (memory not directly mapped by the kernel, such as memory passed with the mem= parameter or guest_memfd for non-CoCo VMs), this workflow invokes expensive memremap/memunmap operations on every L2 VM entry/exit cycle. This creates significant overhead that impacts nested virtualization performance. This series replaces kvm_host_map with gfn_to_pfn_cache in nested VMX. The pfncache infrastructure maintains persistent mappings as long as the page GPA does not change, eliminating the memremap/memunmap overhead on every VM entry/exit cycle. Additionally, pfncache provides proper invalidation handling via mmu_notifier callbacks and memslots generation check, ensuring that mappings are correctly updated during both memslot updates and page migration events. As an example, a microbenchmark using memslot_perf_test with 8192 memslots demonstrates huge improvements in nested VMX operations with unmanaged guest memory: Before After Improvement map: 26.12s 1.54s ~17x faster unmap: 40.00s 0.017s ~2353x faster unmap chunked: 10.07s 0.005s ~2014x faster The series is organized as follows: Patches 1-5 handle the L1 MSR bitmap page and system pages (APIC access, virtual APIC, and posted interrupt descriptor). Patch 1 converts the MSR bitmap to use gfn_to_pfn_cache. Patches 2-3 restore and complete "guest-uses-pfn" support in pfncache. Patch 4 converts the system pages to use gfn_to_pfn_cache. Patch 5 adds a selftest for cache invalidation and memslot updates. Patches 6-7 add enlightened VMCS support. Patch 6 avoids accessing eVMCS fields after they are copied into the cached vmcs12 structure. Patch 7 converts eVMCS page mapping to use gfn_to_pfn_cache. Patches 8-10 implement persistent nested context to handle L2 vCPU multiplexing and migration between L1 vCPUs. Patch 8 introduces the nested context management infrastructure. Patch 9 integrates pfncache with persistent nested context. Patch 10 adds a selftest for this L2 vCPU context switching. v2: - Extended series to support enlightened VMCS (eVMCS). - Added persistent nested context for improved L2 vCPU handling. - Added additional selftests. Suggested-by: dwmw(a)amazon.co.uk Fred Griffoul (10): KVM: nVMX: Implement cache for L1 MSR bitmap KVM: pfncache: Restore guest-uses-pfn support KVM: x86: Add nested state validation for pfncache support KVM: nVMX: Implement cache for L1 APIC pages KVM: selftests: Add nested VMX APIC cache invalidation test KVM: nVMX: Cache evmcs fields to ensure consistency during VM-entry KVM: nVMX: Replace evmcs kvm_host_map with pfncache KVM: x86: Add nested context management KVM: nVMX: Use nested context for pfncache persistence KVM: selftests: Add L2 vcpu context switch test arch/x86/include/asm/kvm_host.h | 32 ++ arch/x86/include/uapi/asm/kvm.h | 2 + arch/x86/kvm/Makefile | 2 +- arch/x86/kvm/nested.c | 199 ++++++++ arch/x86/kvm/vmx/hyperv.c | 5 +- arch/x86/kvm/vmx/hyperv.h | 33 +- arch/x86/kvm/vmx/nested.c | 463 ++++++++++++++---- arch/x86/kvm/vmx/vmx.c | 8 + arch/x86/kvm/vmx/vmx.h | 16 +- arch/x86/kvm/x86.c | 19 +- include/linux/kvm_host.h | 34 +- include/linux/kvm_types.h | 1 + tools/testing/selftests/kvm/Makefile.kvm | 2 + .../selftests/kvm/x86/vmx_apic_update_test.c | 302 ++++++++++++ .../selftests/kvm/x86/vmx_l2_switch_test.c | 416 ++++++++++++++++ virt/kvm/kvm_main.c | 3 +- virt/kvm/kvm_mm.h | 6 +- virt/kvm/pfncache.c | 43 +- 18 files changed, 1467 insertions(+), 119 deletions(-) create mode 100644 arch/x86/kvm/nested.c create mode 100644 tools/testing/selftests/kvm/x86/vmx_apic_update_test.c create mode 100644 tools/testing/selftests/kvm/x86/vmx_l2_switch_test.c -- 2.43.0

1 hour, 5 minutes

2
12
0 0

[PATCH v12] exec: Fix dead-lock in de_thread with ptrace_attach

by Bernd Edlinger

This introduces signal->exec_bprm, which is used to fix the case when at least one of the sibling threads is traced, and therefore the trace process may dead-lock in ptrace_attach, but de_thread will need to wait for the tracer to continue execution. The solution is to detect this situation and allow ptrace_attach to continue by temporarily releasing the cred_guard_mutex, while de_thread() is still waiting for traced zombies to be eventually released by the tracer. In the case of the thread group leader we only have to wait for the thread to become a zombie, which may also need co-operation from the tracer due to PTRACE_O_TRACEEXIT. When a tracer wants to ptrace_attach a task that already is in execve, we simply retry the ptrace_may_access check while temporarily installing the new credentials and dumpability which are about to be used after execve completes. If the ptrace_attach happens on a thread that is a sibling-thread of the thread doing execve, it is sufficient to check against the old credentials, as this thread will be waited for, before the new credentials are installed. Other threads die quickly since the cred_guard_mutex is released, but a deadly signal is already pending. In case the mutex_lock_killable misses the signal, the non-zero current->signal->exec_bprm makes sure they release the mutex immediately and return with -ERESTARTNOINTR. This means there is no API change, unlike the previous version of this patch which was discussed here: https://lore.kernel.org/lkml/b6537ae6-31b1-5c50-f32b-8b8332ace882@hotmail.d… See tools/testing/selftests/ptrace/vmaccess.c for a test case that gets fixed by this change. Note that since the test case was originally designed to test the ptrace_attach returning an error in this situation, the test expectation needed to be adjusted, to allow the API to succeed at the first attempt. Signed-off-by: Bernd Edlinger <bernd.edlinger(a)hotmail.de> --- fs/exec.c | 69 ++++++++++++++++------- fs/proc/base.c | 6 ++ include/linux/cred.h | 1 + include/linux/sched/signal.h | 18 ++++++ kernel/cred.c | 28 +++++++-- kernel/ptrace.c | 32 +++++++++++ kernel/seccomp.c | 12 +++- tools/testing/selftests/ptrace/vmaccess.c | 23 +++++--- 8 files changed, 155 insertions(+), 34 deletions(-) v10: Changes to previous version, make the PTRACE_ATTACH retun -EAGAIN, instead of execve return -ERESTARTSYS. Added some lessions learned to the description. v11: Check old and new credentials in PTRACE_ATTACH again without changing the API. Note: I got actually one response from an automatic checker to the v11 patch, https://lore.kernel.org/lkml/202107121344.wu68hEPF-lkp@intel.com/ which is complaining about: >> kernel/ptrace.c:425:26: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct cred const *old_cred @@ got struct cred const [noderef] __rcu *real_cred @@ 417 struct linux_binprm *bprm = task->signal->exec_bprm; 418 const struct cred *old_cred; 419 struct mm_struct *old_mm; 420 421 retval = down_write_killable(&task->signal->exec_update_lock); 422 if (retval) 423 goto unlock_creds; 424 task_lock(task); > 425 old_cred = task->real_cred; v12: Essentially identical to v11. - Fixed a minor merge conflict in linux v5.17, and fixed the above mentioned nit by adding __rcu to the declaration. - re-tested the patch with all linux versions from v5.11 to v6.6 v10 was an alternative approach which did imply an API change. But I would prefer to avoid such an API change. The difficult part is getting the right dumpability flags assigned before de_thread starts, hope you like this version. If not, the v10 is of course also acceptable. Thanks Bernd. diff --git a/fs/exec.c b/fs/exec.c index 2f2b0acec4f0..902d3b230485 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1041,11 +1041,13 @@ static int exec_mmap(struct mm_struct *mm) return 0; } -static int de_thread(struct task_struct *tsk) +static int de_thread(struct task_struct *tsk, struct linux_binprm *bprm) { struct signal_struct *sig = tsk->signal; struct sighand_struct *oldsighand = tsk->sighand; spinlock_t *lock = &oldsighand->siglock; + struct task_struct *t = tsk; + bool unsafe_execve_in_progress = false; if (thread_group_empty(tsk)) goto no_thread_group; @@ -1068,6 +1070,19 @@ static int de_thread(struct task_struct *tsk) if (!thread_group_leader(tsk)) sig->notify_count--; + while_each_thread(tsk, t) { + if (unlikely(t->ptrace) + && (t != tsk->group_leader || !t->exit_state)) + unsafe_execve_in_progress = true; + } + + if (unlikely(unsafe_execve_in_progress)) { + spin_unlock_irq(lock); + sig->exec_bprm = bprm; + mutex_unlock(&sig->cred_guard_mutex); + spin_lock_irq(lock); + } + while (sig->notify_count) { __set_current_state(TASK_KILLABLE); spin_unlock_irq(lock); @@ -1158,6 +1173,11 @@ static int de_thread(struct task_struct *tsk) release_task(leader); } + if (unlikely(unsafe_execve_in_progress)) { + mutex_lock(&sig->cred_guard_mutex); + sig->exec_bprm = NULL; + } + sig->group_exec_task = NULL; sig->notify_count = 0; @@ -1169,6 +1189,11 @@ static int de_thread(struct task_struct *tsk) return 0; killed: + if (unlikely(unsafe_execve_in_progress)) { + mutex_lock(&sig->cred_guard_mutex); + sig->exec_bprm = NULL; + } + /* protects against exit_notify() and __exit_signal() */ read_lock(&tasklist_lock); sig->group_exec_task = NULL; @@ -1253,6 +1278,24 @@ int begin_new_exec(struct linux_binprm * bprm) if (retval) return retval; + /* If the binary is not readable then enforce mm->dumpable=0 */ + would_dump(bprm, bprm->file); + if (bprm->have_execfd) + would_dump(bprm, bprm->executable); + + /* + * Figure out dumpability. Note that this checking only of current + * is wrong, but userspace depends on it. This should be testing + * bprm->secureexec instead. + */ + if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP || + is_dumpability_changed(current_cred(), bprm->cred) || + !(uid_eq(current_euid(), current_uid()) && + gid_eq(current_egid(), current_gid()))) + set_dumpable(bprm->mm, suid_dumpable); + else + set_dumpable(bprm->mm, SUID_DUMP_USER); + /* * Ensure all future errors are fatal. */ @@ -1261,7 +1304,7 @@ int begin_new_exec(struct linux_binprm * bprm) /* * Make this the only thread in the thread group. */ - retval = de_thread(me); + retval = de_thread(me, bprm); if (retval) goto out; @@ -1284,11 +1327,6 @@ int begin_new_exec(struct linux_binprm * bprm) if (retval) goto out; - /* If the binary is not readable then enforce mm->dumpable=0 */ - would_dump(bprm, bprm->file); - if (bprm->have_execfd) - would_dump(bprm, bprm->executable); - /* * Release all of the old mmap stuff */ @@ -1350,18 +1388,6 @@ int begin_new_exec(struct linux_binprm * bprm) me->sas_ss_sp = me->sas_ss_size = 0; - /* - * Figure out dumpability. Note that this checking only of current - * is wrong, but userspace depends on it. This should be testing - * bprm->secureexec instead. - */ - if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP || - !(uid_eq(current_euid(), current_uid()) && - gid_eq(current_egid(), current_gid()))) - set_dumpable(current->mm, suid_dumpable); - else - set_dumpable(current->mm, SUID_DUMP_USER); - perf_event_exec(); __set_task_comm(me, kbasename(bprm->filename), true); @@ -1480,6 +1506,11 @@ static int prepare_bprm_creds(struct linux_binprm *bprm) if (mutex_lock_interruptible(&current->signal->cred_guard_mutex)) return -ERESTARTNOINTR; + if (unlikely(current->signal->exec_bprm)) { + mutex_unlock(&current->signal->cred_guard_mutex); + return -ERESTARTNOINTR; + } + bprm->cred = prepare_exec_creds(); if (likely(bprm->cred)) return 0; diff --git a/fs/proc/base.c b/fs/proc/base.c index ffd54617c354..0da9adfadb48 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2788,6 +2788,12 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, if (rv < 0) goto out_free; + if (unlikely(current->signal->exec_bprm)) { + mutex_unlock(&current->signal->cred_guard_mutex); + rv = -ERESTARTNOINTR; + goto out_free; + } + rv = security_setprocattr(PROC_I(inode)->op.lsm, file->f_path.dentry->d_name.name, page, count); diff --git a/include/linux/cred.h b/include/linux/cred.h index f923528d5cc4..b01e309f5686 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -159,6 +159,7 @@ extern const struct cred *get_task_cred(struct task_struct *); extern struct cred *cred_alloc_blank(void); extern struct cred *prepare_creds(void); extern struct cred *prepare_exec_creds(void); +extern bool is_dumpability_changed(const struct cred *, const struct cred *); extern int commit_creds(struct cred *); extern void abort_creds(struct cred *); extern const struct cred *override_creds(const struct cred *); diff --git a/include/linux/sched/signal.h b/include/linux/sched/signal.h index 0014d3adaf84..14df7073a0a8 100644 --- a/include/linux/sched/signal.h +++ b/include/linux/sched/signal.h @@ -234,9 +234,27 @@ struct signal_struct { struct mm_struct *oom_mm; /* recorded mm when the thread group got * killed by the oom killer */ + struct linux_binprm *exec_bprm; /* Used to check ptrace_may_access + * against new credentials while + * de_thread is waiting for other + * traced threads to terminate. + * Set while de_thread is executing. + * The cred_guard_mutex is released + * after de_thread() has called + * zap_other_threads(), therefore + * a fatal signal is guaranteed to be + * already pending in the unlikely + * event, that + * current->signal->exec_bprm happens + * to be non-zero after the + * cred_guard_mutex was acquired. + */ + struct mutex cred_guard_mutex; /* guard against foreign influences on * credential calculations * (notably. ptrace) + * Held while execve runs, except when + * a sibling thread is being traced. * Deprecated do not use in new code. * Use exec_update_lock instead. */ diff --git a/kernel/cred.c b/kernel/cred.c index 98cb4eca23fb..586cb6c7cf6b 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -433,6 +433,28 @@ static bool cred_cap_issubset(const struct cred *set, const struct cred *subset) return false; } +/** + * is_dumpability_changed - Will changing creds from old to new + * affect the dumpability in commit_creds? + * + * Return: false - dumpability will not be changed in commit_creds. + * Return: true - dumpability will be changed to non-dumpable. + * + * @old: The old credentials + * @new: The new credentials + */ +bool is_dumpability_changed(const struct cred *old, const struct cred *new) +{ + if (!uid_eq(old->euid, new->euid) || + !gid_eq(old->egid, new->egid) || + !uid_eq(old->fsuid, new->fsuid) || + !gid_eq(old->fsgid, new->fsgid) || + !cred_cap_issubset(old, new)) + return true; + + return false; +} + /** * commit_creds - Install new credentials upon the current task * @new: The credentials to be assigned @@ -467,11 +489,7 @@ int commit_creds(struct cred *new) get_cred(new); /* we will require a ref for the subj creds too */ /* dumpability changes */ - if (!uid_eq(old->euid, new->euid) || - !gid_eq(old->egid, new->egid) || - !uid_eq(old->fsuid, new->fsuid) || - !gid_eq(old->fsgid, new->fsgid) || - !cred_cap_issubset(old, new)) { + if (is_dumpability_changed(old, new)) { if (task->mm) set_dumpable(task->mm, suid_dumpable); task->pdeath_signal = 0; diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 443057bee87c..eb1c450bb7d7 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c @@ -20,6 +20,7 @@ #include <linux/pagemap.h> #include <linux/ptrace.h> #include <linux/security.h> +#include <linux/binfmts.h> #include <linux/signal.h> #include <linux/uio.h> #include <linux/audit.h> @@ -435,6 +436,28 @@ static int ptrace_attach(struct task_struct *task, long request, if (retval) goto unlock_creds; + if (unlikely(task->in_execve)) { + struct linux_binprm *bprm = task->signal->exec_bprm; + const struct cred __rcu *old_cred; + struct mm_struct *old_mm; + + retval = down_write_killable(&task->signal->exec_update_lock); + if (retval) + goto unlock_creds; + task_lock(task); + old_cred = task->real_cred; + old_mm = task->mm; + rcu_assign_pointer(task->real_cred, bprm->cred); + task->mm = bprm->mm; + retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS); + rcu_assign_pointer(task->real_cred, old_cred); + task->mm = old_mm; + task_unlock(task); + up_write(&task->signal->exec_update_lock); + if (retval) + goto unlock_creds; + } + write_lock_irq(&tasklist_lock); retval = -EPERM; if (unlikely(task->exit_state)) @@ -508,6 +531,14 @@ static int ptrace_traceme(void) { int ret = -EPERM; + if (mutex_lock_interruptible(&current->signal->cred_guard_mutex)) + return -ERESTARTNOINTR; + + if (unlikely(current->signal->exec_bprm)) { + mutex_unlock(&current->signal->cred_guard_mutex); + return -ERESTARTNOINTR; + } + write_lock_irq(&tasklist_lock); /* Are we already being traced? */ if (!current->ptrace) { @@ -523,6 +554,7 @@ static int ptrace_traceme(void) } } write_unlock_irq(&tasklist_lock); + mutex_unlock(&current->signal->cred_guard_mutex); return ret; } diff --git a/kernel/seccomp.c b/kernel/seccomp.c index 255999ba9190..b29bbfa0b044 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c @@ -1955,9 +1955,15 @@ static long seccomp_set_mode_filter(unsigned int flags, * Make sure we cannot change seccomp or nnp state via TSYNC * while another thread is in the middle of calling exec. */ - if (flags & SECCOMP_FILTER_FLAG_TSYNC && - mutex_lock_killable(&current->signal->cred_guard_mutex)) - goto out_put_fd; + if (flags & SECCOMP_FILTER_FLAG_TSYNC) { + if (mutex_lock_killable(&current->signal->cred_guard_mutex)) + goto out_put_fd; + + if (unlikely(current->signal->exec_bprm)) { + mutex_unlock(&current->signal->cred_guard_mutex); + goto out_put_fd; + } + } spin_lock_irq(&current->sighand->siglock); diff --git a/tools/testing/selftests/ptrace/vmaccess.c b/tools/testing/selftests/ptrace/vmaccess.c index 4db327b44586..3b7d81fb99bb 100644 --- a/tools/testing/selftests/ptrace/vmaccess.c +++ b/tools/testing/selftests/ptrace/vmaccess.c @@ -39,8 +39,15 @@ TEST(vmaccess) f = open(mm, O_RDONLY); ASSERT_GE(f, 0); close(f); - f = kill(pid, SIGCONT); - ASSERT_EQ(f, 0); + f = waitpid(-1, NULL, 0); + ASSERT_NE(f, -1); + ASSERT_NE(f, 0); + ASSERT_NE(f, pid); + f = waitpid(-1, NULL, 0); + ASSERT_EQ(f, pid); + f = waitpid(-1, NULL, 0); + ASSERT_EQ(f, -1); + ASSERT_EQ(errno, ECHILD); } TEST(attach) @@ -57,22 +64,24 @@ TEST(attach) sleep(1); k = ptrace(PTRACE_ATTACH, pid, 0L, 0L); - ASSERT_EQ(errno, EAGAIN); - ASSERT_EQ(k, -1); + ASSERT_EQ(k, 0); k = waitpid(-1, &s, WNOHANG); ASSERT_NE(k, -1); ASSERT_NE(k, 0); ASSERT_NE(k, pid); ASSERT_EQ(WIFEXITED(s), 1); ASSERT_EQ(WEXITSTATUS(s), 0); - sleep(1); - k = ptrace(PTRACE_ATTACH, pid, 0L, 0L); + k = waitpid(-1, &s, 0); + ASSERT_EQ(k, pid); + ASSERT_EQ(WIFSTOPPED(s), 1); + ASSERT_EQ(WSTOPSIG(s), SIGTRAP); + k = ptrace(PTRACE_CONT, pid, 0L, 0L); ASSERT_EQ(k, 0); k = waitpid(-1, &s, 0); ASSERT_EQ(k, pid); ASSERT_EQ(WIFSTOPPED(s), 1); ASSERT_EQ(WSTOPSIG(s), SIGSTOP); - k = ptrace(PTRACE_DETACH, pid, 0L, 0L); + k = ptrace(PTRACE_CONT, pid, 0L, 0L); ASSERT_EQ(k, 0); k = waitpid(-1, &s, 0); ASSERT_EQ(k, pid); -- 2.39.2

1 hour, 43 minutes

11
45
0 0

Re: [PATCH] genpt: Make GENERIC_PT invisible

by Geert Uytterhoeven

Hi Jason, CC kunit On Thu, 20 Nov 2025 at 18:07, Jason Gunthorpe <jgg(a)ziepe.ca> wrote: > On Thu, Nov 20, 2025 at 12:49:33PM -0400, Jason Gunthorpe wrote: > > On Wed, Nov 12, 2025 at 03:08:05PM +0100, Geert Uytterhoeven wrote: > > > There is no point in asking the user about the Generic Radix Page > > > Table API: > > > - All IOMMU drivers that use this API already select GENERIC_PT when > > > needed, > > > - Most users probably do not know what to answer anyway. > > > > > > Fixes: 7c5b184db7145fd4 ("genpt: Generic Page Table base API") > > > Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> > > > --- > > > drivers/iommu/generic_pt/Kconfig | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> > > Actually, it doesn't work :\ > > $ tools/testing/kunit/kunit.py run --build_dir build_kunit_x86_64 --arch x86_64 --kunitconfig ./drivers/iommu/generic_pt/.kunitconfig > [13:01:26] Configuring KUnit Kernel ... > [13:01:26] Building KUnit Kernel ... > Populating config with: > $ make ARCH=x86_64 O=build_kunit_x86_64 olddefconfig > Building with: > $ make all compile_commands.json scripts_gdb ARCH=x86_64 O=build_kunit_x86_64 --jobs=20 > ERROR:root:Not all Kconfig options selected in kunitconfig were in the generated .config. > This is probably due to unsatisfied dependencies. > Missing: CONFIG_IOMMUFD_TEST=y, CONFIG_DEBUG_GENERIC_PT=y, CONFIG_IOMMU_PT_VTDSS=y, CONFIG_IOMMU_PT=y, CONFIG_IOMMU_PT_AMDV1=y, CONFIG_IOMMU_PT_X86_64=y, CONFIG_GENERIC_PT=y, CONFIG_IOMMU_PT_KUNIT_TEST=y > > Can you add this hunk and send a v2? > > --- a/drivers/iommu/generic_pt/.kunitconfig > +++ b/drivers/iommu/generic_pt/.kunitconfig > @@ -1,4 +1,5 @@ > CONFIG_KUNIT=y > +CONFIG_COMPILE_TEST=y > CONFIG_GENERIC_PT=y > CONFIG_DEBUG_GENERIC_PT=y > CONFIG_IOMMU_PT=y Do you really want to enable CONFIG_COMPILE_TEST in a .kunitconfig? Hm, that .kunitconfig already enables IOMMUFD_TEST, which is documented to be dangerous (why?), and already enabled by allyesconfig (except on GENERIC_ATOMIC64 architectures). IOMMUFD_TEST cannot select GENERIC_PT, as that would lead to a recursive dependency (and I am not a huge fan of test code auto-enabling extra attack surfaces^W^W functionality). Or perhaps: - bool "Generic Radix Page Table" + bool "Generic Radix Page Table" if COMPILE_TEST || KUNIT ? Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert(a)linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds

3 hours, 7 minutes

2
1
0 0

[RFC PATCH 0/3] Memory Controller eBPF support

by Hui Zhu

From: Hui Zhu <zhuhui(a)kylinos.cn> This series proposes adding eBPF support to the Linux memory controller, enabling dynamic and extensible memory management policies at runtime. Background The memory controller (memcg) currently provides fixed memory accounting and reclamation policies through static kernel code. This limits flexibility for specialized workloads and use cases that require custom memory management strategies. By enabling eBPF programs to hook into key memory control operations, administrators can implement custom policies without recompiling the kernel, while maintaining the safety guarantees provided by the BPF verifier. Use Cases 1. Custom memory reclamation strategies for specialized workloads 2. Dynamic memory pressure monitoring and telemetry 3. Memory accounting adjustments based on runtime conditions 4. Integration with container orchestration systems for intelligent resource management 5. Research and experimentation with novel memory management algorithms Design Overview This series introduces: 1. A new BPF struct ops type (`memcg_ops`) that allows eBPF programs to implement custom behavior for memory charging operations. 2. A hook point in the `try_charge_memcg()` fast path that invokes registered eBPF programs to determine if custom memory management should be applied. 3. The eBPF handler can inspect memory cgroup context and optionally modify certain parameters (e.g., `nr_pages` for reclamation size). 4. A reference counting mechanism using `percpu_ref` to safely manage the lifecycle of registered eBPF struct ops instances. 5. Configuration via `CONFIG_MEMCG_BPF` to allow disabling this feature at build time. Implementation Details - Uses BPF struct ops for a cleaner integration model - Leverages static branch keys for minimal overhead when feature is unused - RCU synchronization ensures safe replacement of handlers - Sample eBPF program demonstrates monitoring capabilities - Comprehensive selftest suite validates core functionality Performance Considerations - Zero overhead when feature is disabled or no eBPF program is loaded (static branch is disabled) - Minimal overhead when enabled: one indirect function call per charge attempt - eBPF programs run under the restrictions of the BPF verifier Patch Overview PATCH 1/3: Core kernel implementation - Adds eBPF struct ops support to memcg - Introduces CONFIG_MEMCG_BPF option - Implements safe registration/unregistration mechanism PATCH 2/3: Selftest suite - prog_tests/memcg_ops.c: Test entry points - progs/memcg_ops.bpf.c: Test eBPF program - Validates load, attach, and single-handler constraints PATCH 3/3: Sample userspace program - samples/bpf/memcg_printk.bpf.c: Monitoring eBPF program - samples/bpf/memcg_printk.c: Userspace loader - Demonstrates real-world usage and debugging capabilities Open Questions & Discussion Points 1. Should the eBPF handler have access to additional memory cgroup state? Current design exposes minimal context to reduce attack surface. 2. Are there other memory control operations that would benefit from eBPF extensibility (e.g., uncharge, reclaim)? 3. Should there be permission checks or restrictions on who can load memcg eBPF programs? Currently inherits BPF's CAP_PERFMON/CAP_SYS_ADMIN requirements. 4. How should we handle multiple eBPF programs trying to register? Current implementation allows only one active handler. 5. Is the current exposed context in `try_charge_memcg` struct sufficient, or should additional fields be added? Testing The selftests provide comprehensive coverage of the core functionality. The sample program can be used for manual testing and as a reference for implementing additional monitoring tools. Hui Zhu (3): memcg: add eBPF struct ops support for memory charging selftests/bpf: add memcg eBPF struct ops test samples/bpf: add example memcg eBPF program MAINTAINERS | 5 + init/Kconfig | 38 ++++ mm/Makefile | 1 + mm/memcontrol.c | 26 ++- mm/memcontrol_bpf.c | 200 ++++++++++++++++++ mm/memcontrol_bpf.h | 103 +++++++++ samples/bpf/Makefile | 2 + samples/bpf/memcg_printk.bpf.c | 30 +++ samples/bpf/memcg_printk.c | 82 +++++++ .../selftests/bpf/prog_tests/memcg_ops.c | 117 ++++++++++ tools/testing/selftests/bpf/progs/memcg_ops.c | 20 ++ 11 files changed, 617 insertions(+), 7 deletions(-) create mode 100644 mm/memcontrol_bpf.c create mode 100644 mm/memcontrol_bpf.h create mode 100644 samples/bpf/memcg_printk.bpf.c create mode 100644 samples/bpf/memcg_printk.c create mode 100644 tools/testing/selftests/bpf/prog_tests/memcg_ops.c create mode 100644 tools/testing/selftests/bpf/progs/memcg_ops.c -- 2.43.0

3 hours, 20 minutes

6
10
0 0

[PATCH v4 0/9] riscv: vector: misc ptrace fixes for debug use-cases

by Sergey Matyukevich

This patch series suggests fixes for several corner cases in the RISC-V vector ptrace implementation: - init vector context with proper vlenb, to avoid reading zero vlenb by an early attached debugger - follow gdbserver expectations and return ENODATA instead of EINVAL if vector extension is supported but not yet activated for the traced process - validate input vector csr registers in ptrace, to maintain an accurate view of the tracee's vector context across multiple halt/resume debug cycles For detailed description see the appropriate commit messages. A new test suite v_ptrace is added into the tools/testing/selftests/riscv/vector to verify some of the vector ptrace functionality and corner cases. Previous versions: - v3: https://lore.kernel.org/linux-riscv/20251025210655.43099-1-geomatsi@gmail.c… - v2: https://lore.kernel.org/linux-riscv/20250821173957.563472-1-geomatsi@gmail.… - v1: https://lore.kernel.org/linux-riscv/20251007115840.2320557-1-geomatsi@gmail… Changes in v4: The form 'vsetvli x0, x0, ...' can only be used if VLMAX remains unchanged, see spec 6.2. This condition was not met by the initial values in the selftests w.r.t. the initial zeroed context. QEMU accepted such values, but actual hardware (c908, BananaPi CanMV Zero board) did not, setting vill. So fix the selftests after testing on hardware: - replace 'vsetvli x0, x0, ...' by 'vsetvli rd, x0, ...' - fixed instruction returns VLMAX, so use it in checks as well - replace fixed vlenb == 16 in the syscall test Changes in v3: Address the review comments by Andy Chiu and rework the approach: - drop forced vector context save entirely - perform strict validation of vector csr regs in ptrace Changes in v2: - add thread_info flag to allow to force vector context save - force vector context save after vector ptrace to ensure valid vector context in the next ptrace operations - force vector context save on the first context switch after vector context init to get proper vlenb --- Ilya Mamay (1): riscv: ptrace: return ENODATA for inactive vector extension Sergey Matyukevich (8): selftests: riscv: test ptrace vector interface selftests: riscv: verify initial vector state with ptrace riscv: vector: init vector context with proper vlenb riscv: csr: define vtype registers elements riscv: ptrace: validate input vector csr registers selftests: riscv: verify ptrace rejects invalid vector csr inputs selftests: riscv: verify ptrace accepts valid vector csr values selftests: riscv: verify syscalls discard vector context arch/riscv/include/asm/csr.h | 11 + arch/riscv/kernel/ptrace.c | 72 +- arch/riscv/kernel/vector.c | 12 +- .../testing/selftests/riscv/vector/.gitignore | 1 + tools/testing/selftests/riscv/vector/Makefile | 5 +- .../testing/selftests/riscv/vector/v_ptrace.c | 754 ++++++++++++++++++ 6 files changed, 847 insertions(+), 8 deletions(-) create mode 100644 tools/testing/selftests/riscv/vector/v_ptrace.c base-commit: e811c33b1f137be26a20444b79db8cbc1fca1c89 -- 2.51.0

3 hours, 38 minutes

2
11
0 0

[PATCH net-next 12/12] selftests: net: selftest for ipvlan-macnat mode

by Dmitry Skorodumov

Implemented a self-test for ipvlan in l2macnat mode. The test verifies: 1) It's not possible to configure an ip in l2macnat mode on ipvtap 2) It creates several net namespaces - Default namespace emulates host, - ipvlan-tst-phy emulates some host in remote network - ipvlan-tst-0/1 emulate VMs on host. Test verifies, that MAC addresses are as expected in ARP/NEIGH tables: all MACs in 'tst-phy' points to "host" mac-address all MACs in Default and tst are real ones 3) The l2macnat mode has limited number of addresses remembered on port. Test verifies, that this limit really works. Signed-off-by: Dmitry Skorodumov <skorodumov.dmitry(a)huawei.com> --- tools/testing/selftests/net/Makefile | 2 + .../selftests/net/ipvtap_macnat_bridge.py | 168 +++++++++ .../selftests/net/ipvtap_macnat_test.sh | 333 ++++++++++++++++++ 3 files changed, 503 insertions(+) create mode 100755 tools/testing/selftests/net/ipvtap_macnat_bridge.py create mode 100755 tools/testing/selftests/net/ipvtap_macnat_test.sh diff --git a/tools/testing/selftests/net/Makefile b/tools/testing/selftests/net/Makefile index b5127e968108..050d864f0bd9 100644 --- a/tools/testing/selftests/net/Makefile +++ b/tools/testing/selftests/net/Makefile @@ -49,6 +49,7 @@ TEST_PROGS := \ ipv6_flowlabel.sh \ ipv6_force_forwarding.sh \ ipv6_route_update_soft_lockup.sh \ + ipvtap_macnat_test.sh \ l2_tos_ttl_inherit.sh \ l2tp.sh \ link_netns.py \ @@ -191,6 +192,7 @@ TEST_GEN_PROGS := \ TEST_FILES := \ fcnal-test.sh \ in_netns.sh \ + ipvtap_macnat_bridge.py \ lib.sh \ settings \ setup_loopback.sh \ diff --git a/tools/testing/selftests/net/ipvtap_macnat_bridge.py b/tools/testing/selftests/net/ipvtap_macnat_bridge.py new file mode 100755 index 000000000000..7dc4a626e5bb --- /dev/null +++ b/tools/testing/selftests/net/ipvtap_macnat_bridge.py @@ -0,0 +1,168 @@ +#!/usr/bin/env python3 +# SPDX-License-Identifier: GPL-2.0 + +""" +Script to bridge ipvtap and tap, +needed to simulate behaviour of virtual machine using ipvtap. + +ipvtap in macnat mode cannot have IP address. +Due to limitations of ipvtap, it also cannot be plugged +into bridge. +Use this script to connect ipvtap and tap and assing IP to tap. +""" + +import socket +import os +import select +import sys +import signal +import fcntl +import struct +import subprocess + +# Linux TUN/TAP constants +TUNSETIFF = 0x400454ca +IFF_TUN = 0x0001 +IFF_TAP = 0x0002 +IFF_NO_PI = 0x1000 + +ns_name = "non-initialized" + +class TapBridge: + """Simple class to bridge ipvtap and tap interfaces""" + def __init__(self, tap, ipvtap, buffer_size=65536): + self.tap_name = tap + self.ipvtap_name = ipvtap + self.buffer_size = buffer_size + self.running = False + + def open_ipvtap_sock(self, tap_name): + """Open a IPVTAP interface using raw socket""" + try: + sock = socket.socket(socket.AF_PACKET, + socket.SOCK_RAW, + socket.ntohs(0x0003)) + sock.bind((tap_name, 0)) + sock.setblocking(False) + print(f"Connected to IPVTAP interface: {tap_name}") + return sock + + except (OSError, IOError) as e: + print(f"Error opening IPVTAP interface {tap_name}: {e}") + return None + + def create_tap_interface(self, tap_name): + """Create and configure a TAP interface using /dev/net/tun""" + try: + # Open the tun device + tun_fd = os.open('/dev/net/tun', os.O_RDWR) + if tun_fd < 0: + raise OSError("Failed to open /dev/net/tun (err: {os.errno})") + + # Prepare the ifr structure + tap_name_bytes = tap_name.encode('utf-8') + ifr = struct.pack('16sH', tap_name_bytes, IFF_TAP | IFF_NO_PI) + + # Set the interface name and flags + result = fcntl.ioctl(tun_fd, TUNSETIFF, ifr) + + # Get the actual interface name that was set + unpacked = struct.unpack('16sH', result) + actual_name = unpacked[0].split(b'\x00')[0].decode() + print(f"Created TAP interface: {actual_name}") + + return tun_fd + + except (OSError, IOError) as e: + print(f"Error creating TAP interface {tap_name}: {e}") + return None + + def forward_data(self, from_fd, to_fd, description): + """Forward data from one file descriptor to another""" + try: + data = os.read(from_fd, self.buffer_size) + if data: + os.write(to_fd, data) + return True + return False + + except BlockingIOError: + return True + except (OSError, IOError) as e: + print(f"Error forwarding data {description}: {e}") + return False + + def run(self): + """Main bridge loop""" + # Create TAP interfaces + tap1_fd = self.create_tap_interface(self.tap_name) + + sock = self.open_ipvtap_sock(self.ipvtap_name) + tap2_fd = sock.fileno() + + if tap1_fd is None or tap2_fd is None: + print("Failed to create TAP interfaces") + return + + print("Press Ctrl+C to stop\n") + + self.running = True + stats = {'tap1_to_tap2': 0, 'tap2_to_tap1': 0} + while self.running: + try: + # Use select to monitor both file descriptors + readable, _, _ = select.select([tap1_fd, tap2_fd], [], [], 1.0) + + for fd in readable: + if fd == tap1_fd: + descr = f"from {self.tap_name} to {self.ipvtap_name}" + if self.forward_data(tap1_fd, tap2_fd, descr): + stats['tap1_to_tap2'] += 1 + else: + self.running = False + elif fd == tap2_fd: + descr = f"from {self.ipvtap_name} to {self.tap_name}" + if self.forward_data(tap2_fd, tap1_fd, descr): + stats['tap2_to_tap1'] += 1 + else: + self.running = False + + except KeyboardInterrupt: + print("\nShutting down...") + self.running = False + except (OSError, IOError) as e: + print(f"Error in main loop: {e}") + self.running = False + + # Cleanup + os.close(tap1_fd) + os.close(tap2_fd) + print(f"Bridge stopped in {ns_name}. Stats: {stats}") + + +def signal_handler(_sig, _frame): + """SIGINT handler for macnat bridge""" + print(f'\nReceived interrupt signal, shutting down bridge in {ns_name}') + sys.exit(0) + + +if __name__ == "__main__": + ns_name = subprocess.getoutput("ip netns identify") or "default" + + signal.signal(signal.SIGINT, signal_handler) + + # Check if running as root + if os.geteuid() != 0: + print("ERROR: This script must be run as root!") + sys.exit(1) + + if len(sys.argv) != 3: + print("Usage: tap_bridge.py tap_name ipvtap_name") + sys.exit(1) + + TAP = sys.argv[1] + IPVTAP = sys.argv[2] + + print(f"Starting TAP bridge between {TAP} and {IPVTAP} in {ns_name}") + bridge = TapBridge(TAP, IPVTAP) + bridge.run() diff --git a/tools/testing/selftests/net/ipvtap_macnat_test.sh b/tools/testing/selftests/net/ipvtap_macnat_test.sh new file mode 100755 index 000000000000..927d75af776b --- /dev/null +++ b/tools/testing/selftests/net/ipvtap_macnat_test.sh @@ -0,0 +1,333 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# Tests for ipvtap in macnat mode + +NS_TST0=ipvlan-tst-0 +NS_TST1=ipvlan-tst-1 +NS_PHY=ipvlan-tst-phy + +IP_HOST=172.25.0.1 +IP_PHY=172.25.0.2 +IP_TST0=172.25.0.10 +IP_TST1=172.25.0.30 + +IP_OK0=("172.25.0.10" "172.25.0.11" "172.25.0.12" "172.25.0.13") +IP6_OK0=("fc00::10" "fc00::11" "fc00::12" "fc00::13" ) + +IP_OVFL0="172.25.0.14" +IP6_OVFL0="fc00::14" + +IP6_HOST=fc00::1 +IP6_PHY=fc00::2 +IP6_TST0=fc00::10 +IP6_TST1=fc00::30 + +MAC_HOST="92:3a:00:00:00:01" +MAC_PHY="92:3a:00:00:00:02" +MAC_TST0="92:3a:00:00:00:10" +MAC_TST1="92:3a:00:00:00:30" + +VETH_HOST=vethtst +VETH_PHY=vethtst.p + +# +# The testing environment looks this way: +# +# |------HOST------| |------PHY-------| +# | veth<----------------->veth | +# |------|--|------| |----------------| +# | | +# | | |-----TST0-------| +# | |------------|----ipvtap | +# | |----------------| +# | +# | |-----TST1-------| +# |---------------|----ivtap | +# |----------------| +# +# The macnat mode is for virtual machines, so ipvtap-interface is supposed +# to be used only for traffic monitoring and doesn't have ip-address. +# +# To simulate a virtual machine on ipvtap, we create TAP-interfaces +# in TST environments and assing IP-addresses to them. +# TAP and IPVTAP are connected with simple python script. +# + +ns_run() { + ns=$1 + shift + if [[ "$ns" == "default" ]]; then + "$@" >/dev/null + else + ip netns exec "$ns" "$@" >/dev/null + fi +} + +configure_ns() { + local ns=$1 + local n=$2 + local ip=$3 + local ip6=$4 + local mac=$5 + + ns_run "$ns" ip link set lo up + + if ! ip link add netns "$ns" name "ipvtap0.$n" link $VETH_HOST \ + type ipvtap mode l2macnat bridge; then + exit_error "FAIL: Failed to configure ipvtap link." + fi + ns_run "$ns" ip link set "ipvtap0.$n" up + + ns_run "$ns" ip tuntap add mode tap "tap0.$n" + ns_run "$ns" ip link set dev "tap0.$n" address "$mac" + # disable dad + ns_run "$ns" sysctl -w "net/ipv6/conf/tap0.$n/accept_dad"=0 + ns_run "$ns" ip link set "tap0.$n" up + ns_run "$ns" ip a a "$ip/24" dev "tap0.$n" + ns_run "$ns" ip a a "$ip6/64" dev "tap0.$n" +} + +start_macnat_bridge() { + local ns=$1 + local n=$2 + ip netns exec "$ns" python3 ipvtap_macnat_bridge.py \ + "tap0.$n" "ipvtap0.$n" & +} + +configure_veth() { + local ns=$1 + local veth=$2 + local ip=$3 + local ip6=$4 + local mac=$5 + + ns_run "$ns" ip link set lo up + ns_run "$ns" ethtool -K "$veth" tx off rx off + ns_run "$ns" ip link set dev "$veth" address "$mac" + ns_run "$ns" ip link set "$veth" up + ns_run "$ns" ip a a "$ip/24" dev "$veth" + ns_run "$ns" ip a a "$ip6/64" dev "$veth" +} + +setup_env() { + ip netns add $NS_TST0 + ip netns add $NS_TST1 + ip netns add $NS_PHY + + # setup simulated other-host (phy) and host itself + ip link add $VETH_HOST type veth peer name $VETH_PHY \ + netns $NS_PHY >/dev/null + + # host config + configure_veth default $VETH_HOST $IP_HOST $IP6_HOST $MAC_HOST + configure_veth $NS_PHY $VETH_PHY $IP_PHY $IP6_PHY $MAC_PHY + + # TST namespaces config + configure_ns $NS_TST0 0 $IP_TST0 $IP6_TST0 $MAC_TST0 + configure_ns $NS_TST1 1 $IP_TST1 $IP6_TST1 $MAC_TST1 +} + +ping_all() { + # This will learn MAC/IP addresses on ipvtap + local ns=$1 + + ns_run "$ns" ping -c 1 $IP_TST0 + ns_run "$ns" ping -c 1 $IP6_TST0 + + ns_run "$ns" ping -c 1 $IP_TST1 + ns_run "$ns" ping -c 1 $IP6_TST1 + + ns_run "$ns" ping -c 1 $IP_HOST + ns_run "$ns" ping -c 1 $IP6_HOST + + ns_run "$ns" ping -c 1 $IP_PHY + ns_run "$ns" ping -c 1 $IP6_PHY +} + +check_mac_eq() { + # Ensure IP corresponds to MAC. + local ns=$1 + local ip=$2 + local mac=$3 + local dev=$4 + + if [[ "$ns" == "default" ]]; then + out=$( + ip neigh show "$ip" dev "$dev" \ + | grep "$ip" \ + | grep "$mac" + ) + else + out=$( + ip netns exec "$ns" \ + ip neigh show "$ip" dev "$dev" \ + | grep "$ip" \ + | grep "$mac" + ) + fi + + if [[ $out'X' == "X" ]]; then + exit_error "FAIL: '$ip' is not '$mac'" + fi +} + +cleanup_env() { + ip link del $VETH_HOST + ip netns del $NS_TST0 + ip netns del $NS_TST1 + ip netns del $NS_PHY +} + +exit_error() { + echo "$1" + exit 1 +} + +test_check_mac() { + # All IPs in NS_PHY should have MAC of the host + check_mac_eq $NS_PHY $IP_TST0 $MAC_HOST $VETH_PHY + check_mac_eq $NS_PHY $IP6_TST0 $MAC_HOST $VETH_PHY + check_mac_eq $NS_PHY $IP_TST1 $MAC_HOST $VETH_PHY + check_mac_eq $NS_PHY $IP6_TST1 $MAC_HOST $VETH_PHY + check_mac_eq $NS_PHY $IP_HOST $MAC_HOST $VETH_PHY + check_mac_eq $NS_PHY $IP6_HOST $MAC_HOST $VETH_PHY + + # All IPs in TST0 should have corresponding MAC + check_mac_eq $NS_TST0 $IP_HOST $MAC_HOST tap0.0 + check_mac_eq $NS_TST0 $IP6_HOST $MAC_HOST tap0.0 + check_mac_eq $NS_TST0 $IP_TST1 $MAC_TST1 tap0.0 + check_mac_eq $NS_TST0 $IP6_TST1 $MAC_TST1 tap0.0 + check_mac_eq $NS_TST0 $IP_PHY $MAC_PHY tap0.0 + check_mac_eq $NS_TST0 $IP6_PHY $MAC_PHY tap0.0 + + # All IPs in host should have corresponding MAC + check_mac_eq default $IP_TST0 $MAC_TST0 $VETH_HOST + check_mac_eq default $IP6_TST0 $MAC_TST0 $VETH_HOST + check_mac_eq default $IP_TST1 $MAC_TST1 $VETH_HOST + check_mac_eq default $IP6_TST1 $MAC_TST1 $VETH_HOST + check_mac_eq default $IP_PHY $MAC_PHY $VETH_HOST + check_mac_eq default $IP6_PHY $MAC_PHY $VETH_HOST +} + +test_ip_add() { + # adding IPs to ipvtap should be forbidden and should fail + if ns_run $NS_TST0 ip a a 172.26.0.1/24 dev ipvtap0.0; then + exit_error "FAIL: Module allowed to add ip to ipvtap." + fi + + if ns_run $NS_TST0 ip a a fc01::1/64 dev ipvtap0.0; then + exit_error "FAIL: Module allowed to add ip6 to ipvtap." + fi +} + +test_ip_overflow() { + # The ipvtap remembers limited number of addresses on interface. + # Let's overflow it and check that oldest one doesn't work. + + ns_run $NS_TST0 ip addr flush dev tap0.0 + + # Add exactly 4 ip addresses + for ip in "${IP_OK0[@]}"; do + ns_run $NS_TST0 ip a a "$ip/24" dev tap0.0 + ns_run $NS_TST0 ping -c 1 $IP_HOST -I "$ip" + done + + # Initial check that ping works + if ! ping -c 2 $IP_TST0; then + exit_error "FAIL: Failed to ping tst0" + fi + + # Add 1 more ip addresses + ns_run "$NS_TST0" ip a a $IP_OVFL0/24 dev tap0.0 + ns_run $NS_TST0 ping -c 1 $IP_HOST -I $IP_OVFL0 + # check that ping to oldest one from host fails. + echo "the next ping should fail:" + if ping -c 2 $IP_TST0; then + exit_error "FAIL: IP-0 still exists on interface" + fi + + # ping host using address-0 and force relearn of IP0. + # Host should be able ping after that + ns_run $NS_TST0 ping -c 1 $IP_HOST -I $IP_TST0 + + if ! ping -c 2 $IP_TST0; then + exit_error "FAIL: Failed to ping tst0 at stage 3" + fi +} + +test_ip6_overflow() { + # The ipvtap stores limited number of addresses on interface. + # Let's overflow it and check that oldest one doesn't work. + + ns_run $NS_TST0 ip addr flush dev tap0.0 + + # Add exactly 4 ip addresses + for ip6 in "${IP6_OK0[@]}"; do + ns_run $NS_TST0 ip a a "$ip6/64" dev tap0.0 + ns_run $NS_TST0 ping -c 1 $IP6_HOST -I "$ip6" + done + + # Initial check that ping6 works + if ! ping -c 2 $IP6_TST0; then + exit_error "FAIL: Failed to ping6 tst0" + fi + + # Add 1 more ip6 addresses + ns_run $NS_TST0 ip a a $IP6_OVFL0/64 dev tap0.0 + ns_run $NS_TST0 ping -c 1 $IP6_HOST -I $IP6_OVFL0 + # check that ping to oldest one from host fails. + echo "the next ping should fail:" + if ping -c 2 $IP6_TST0; then + exit_error "FAIL: IP6-0 still exists on interface" + fi + + # ping host using address-0 and force relearn of IP0. + # Host should be able ping after that + ns_run $NS_TST0 ping -c 1 $IP6_HOST -I $IP6_TST0 + if ! ping -c 2 $IP6_TST0; then + exit_error "FAIL: Failed to ping6 tst0 at stage 3" + fi +} + +exec_test() { + echo "TEST: $2" + $1 + echo "PASSED: $2" +} + +trap cleanup_env EXIT + +echo "ipvlan macnat tests" +echo "===================" + +modprobe -q tap +modprobe -q ipvlan +modprobe -q ipvtap + +setup_env + +exec_test test_ip_add "ip add not allowed" + +start_macnat_bridge $NS_TST0 0 +mb_pid1=$! +start_macnat_bridge $NS_TST1 1 +mb_pid2=$! + +echo "<<< Preparation: pinging all...." +ping_all default +ping_all $NS_TST0 +ping_all $NS_TST1 +ping_all $NS_PHY +echo "Finished preparational pinging all. >>>" + +exec_test test_check_mac "mac correctness" +exec_test test_ip_overflow "ip learn capacity overflow" +exec_test test_ip6_overflow "ip6 learn capacity overflow" + +kill -INT $mb_pid1 +kill -INT $mb_pid2 +wait $mb_pid1 +wait $mb_pid2 + +echo "All tests passed" -- 2.25.1

4 hours, 51 minutes

1
0
0 0

[PATCH v1] selftests: hid: tests: test_wacom_generic: add base test for display devices and opaque devices

by Alex Tran

Verify Wacom devices set INPUT_PROP_DIRECT appropriately on display devices and INPUT_PROP_POINTER appropriately on opaque devices. Tests are defined in the base class and disabled for inapplicable device types. Signed-off-by: Alex Tran <alex.t.tran(a)gmail.com> --- .../selftests/hid/tests/test_wacom_generic.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/hid/tests/test_wacom_generic.py b/tools/testing/selftests/hid/tests/test_wacom_generic.py index 2d6d04f0f..aa2a175f2 100644 --- a/tools/testing/selftests/hid/tests/test_wacom_generic.py +++ b/tools/testing/selftests/hid/tests/test_wacom_generic.py @@ -600,15 +600,17 @@ class BaseTest: def test_prop_direct(self): """ - Todo: Verify that INPUT_PROP_DIRECT is set on display devices. + Verify that INPUT_PROP_DIRECT is set on display devices. """ - pass + evdev = self.uhdev.get_evdev() + assert libevdev.INPUT_PROP_DIRECT in evdev.properties def test_prop_pointer(self): """ - Todo: Verify that INPUT_PROP_POINTER is set on opaque devices. + Verify that INPUT_PROP_POINTER is set on opaque devices. """ - pass + evdev = self.uhdev.get_evdev() + assert libevdev.INPUT_PROP_POINTER in evdev.properties class PenTabletTest(BaseTest.TestTablet): @@ -622,6 +624,8 @@ class TouchTabletTest(BaseTest.TestTablet): class TestOpaqueTablet(PenTabletTest): + test_prop_direct = None + def create_device(self): return OpaqueTablet() @@ -864,6 +868,7 @@ class TestPTHX60_Pen(TestOpaqueCTLTablet): class TestDTH2452Tablet(test_multitouch.BaseTest.TestMultitouch, TouchTabletTest): ContactIds = namedtuple("ContactIds", "contact_id, tracking_id, slot_num") + test_prop_pointer = None def create_device(self): return test_multitouch.Digitizer( -- 2.51.0

4 hours, 58 minutes

2
2
0 0

[PATCH 0/9] Initial DMABUF support for iommufd

by Jason Gunthorpe

This series is the start of adding full DMABUF support to iommufd. Currently it is limited to only work with VFIO's DMABUF exporter. It sits on top of Leon's series to add a DMABUF exporter to VFIO: https://lore.kernel.org/r/20251106-dmabuf-vfio-v7-0-2503bf390699@nvidia.com The existing IOMMU_IOAS_MAP_FILE is enhanced to detect DMABUF fd's, but otherwise works the same as it does today for a memfd. The user can select a slice of the FD to map into the ioas and if the underliyng alignment requirements are met it will be placed in the iommu_domain. Though limited, it is enough to allow a VMM like QEMU to connect MMIO BAR memory from VFIO to an iommu_domain controlled by iommufd. This is used for PCI Peer to Peer support in VMs, and is the last feature that the VFIO type 1 container has that iommufd couldn't do. The VFIO type1 version extracts raw PFNs from VMAs, which has no lifetime control and is a use-after-free security problem. Instead iommufd relies on revokable DMABUFs. Whenever VFIO thinks there should be no access to the MMIO it can shoot down the mapping in iommufd which will unmap it from the iommu_domain. There is no automatic remap, this is a safety protocol so the kernel doesn't get stuck. Userspace is expected to know it is doing something that will revoke the dmabuf and map/unmap it around the activity. Eg when QEMU goes to issue FLR it should do the map/unmap to iommufd. Since DMABUF is missing some key general features for this use case it relies on a "private interconnect" between VFIO and iommufd via the vfio_pci_dma_buf_iommufd_map() call. The call confirms the DMABUF has revoke semantics and delivers a phys_addr for the memory suitable for use with iommu_map(). Medium term there is a desire to expand the supported DMABUFs to include GPU drivers to support DPDK/SPDK type use cases so future series will work to add a general concept of revoke and a general negotiation of interconnect to remove vfio_pci_dma_buf_iommufd_map(). I also plan another series to modify iommufd's vfio_compat to transparently pull a dmabuf out of a VFIO VMA to emulate more of the uAPI of type1. The latest series for interconnect negotation to exchange a phys_addr is: https://lore.kernel.org/r/20251027044712.1676175-1-vivek.kasireddy@intel.com And the discussion for design of revoke is here: https://lore.kernel.org/dri-devel/20250114173103.GE5556@nvidia.com/ This is on github: https://github.com/jgunthorpe/linux/commits/iommufd_dmabuf v2: - Rebase on Leon's v7 - Fix mislocking in an iopt_fill_domain() error path v1: https://patch.msgid.link/r/0-v1-64bed2430cdb+31b-iommufd_dmabuf_jgg@nvidia.… Jason Gunthorpe (9): vfio/pci: Add vfio_pci_dma_buf_iommufd_map() iommufd: Add DMABUF to iopt_pages iommufd: Do not map/unmap revoked DMABUFs iommufd: Allow a DMABUF to be revoked iommufd: Allow MMIO pages in a batch iommufd: Have pfn_reader process DMABUF iopt_pages iommufd: Have iopt_map_file_pages convert the fd to a file iommufd: Accept a DMABUF through IOMMU_IOAS_MAP_FILE iommufd/selftest: Add some tests for the dmabuf flow drivers/iommu/iommufd/io_pagetable.c | 78 +++- drivers/iommu/iommufd/io_pagetable.h | 53 ++- drivers/iommu/iommufd/ioas.c | 8 +- drivers/iommu/iommufd/iommufd_private.h | 14 +- drivers/iommu/iommufd/iommufd_test.h | 10 + drivers/iommu/iommufd/main.c | 10 + drivers/iommu/iommufd/pages.c | 407 ++++++++++++++++-- drivers/iommu/iommufd/selftest.c | 142 ++++++ drivers/vfio/pci/vfio_pci_dmabuf.c | 34 ++ include/linux/vfio_pci_core.h | 4 + tools/testing/selftests/iommu/iommufd.c | 43 ++ tools/testing/selftests/iommu/iommufd_utils.h | 44 ++ 12 files changed, 781 insertions(+), 66 deletions(-) base-commit: bb04e92c86b44b3e36532099b68de1e889acfee7 -- 2.43.0

5 hours, 6 minutes

6
41
0 0

[PATCH] selftests: tracing: Add tprobe enable/disable testcase

by Masami Hiramatsu (Google)

From: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Commit 2867495dea86 ("tracing: tprobe-events: Register tracepoint when enable tprobe event") caused regression bug and tprobe did not work. To prevent similar problems, add a testcase which enables/disables a tprobe and check the results. Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> --- .../test.d/dynevent/enable_disable_tprobe.tc | 40 ++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 tools/testing/selftests/ftrace/test.d/dynevent/enable_disable_tprobe.tc diff --git a/tools/testing/selftests/ftrace/test.d/dynevent/enable_disable_tprobe.tc b/tools/testing/selftests/ftrace/test.d/dynevent/enable_disable_tprobe.tc new file mode 100644 index 000000000000..c1f1cafa30f3 --- /dev/null +++ b/tools/testing/selftests/ftrace/test.d/dynevent/enable_disable_tprobe.tc @@ -0,0 +1,40 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0 +# description: Generic dynamic event - enable/disable tracepoint probe events +# requires: dynamic_events "t[:[<group>/][<event>]] <tracepoint> [<args>]":README + +echo 0 > events/enable +echo > dynamic_events + +TRACEPOINT=sched_switch +ENABLEFILE=events/tracepoints/myprobe/enable + +:;: "Add tracepoint event on $TRACEPOINT" ;: + +echo "t:myprobe ${TRACEPOINT}" >> dynamic_events + +:;: "Check enable/disable to ensure it works" ;: + +echo 1 > $ENABLEFILE + +grep -q $TRACEPOINT trace + +echo 0 > $ENABLEFILE + +echo > trace + +! grep -q $TRACEPOINT trace + +:;: "Repeat enable/disable to ensure it works" ;: + +echo 1 > $ENABLEFILE + +grep -q $TRACEPOINT trace + +echo 0 > $ENABLEFILE + +echo > trace + +! grep -q $TRACEPOINT trace + +exit 0

6 hours

4
5
0 0

[RFC PATCH 00/13] Introduce per-vCPU vLPI injection control API

by Maximilian Dittgen

At the moment, the ability to direct-inject vLPIs is only enableable on an all-or-nothing per-VM basis, causing unnecessary I/O performance loss in cases where a VM's vCPU count exceeds available vPEs. This RFC introduces per-vCPU control over vLPI injection to realize potential I/O performance gain in such situations. Background ---------- The value of dynamically enabling the direct injection of vLPIs on a per-vCPU basis is the ability to run guest VMs with simultaneous hardware-forwarded and software-forwarded message-signaled interrupts. Currently, hardware-forwarded vLPI direct injection on a KVM guest requires GICv4 and is enabled on a per-VM, all-or-nothing basis. vLPI injection enablment happens in two stages: 1) At vGIC initialization, allocate direct injection structures for each vCPU (doorbell IRQ, vPE table entry, virtual pending table, vPEID). 2) When a PCI device is configured for passthrough, map its MSIs to vLPIs using the structures allocated in step 1. Step 1 is all-or-nothing; if any vCPU cannot be configured with the vPE structures necessary for direct injection, the vPEs of all vCPUs are torn down and direct injection is disabled VM-wide. This universality of direct vLPI injection enablement sparks several issues, with the most pressing being performance degradation on overcommitted hosts. VM-wide vLPI enablement creates resource inefficiency when guest VMs have more vCPUs than the host has available vPEIDs. The amount of vPEIDs (and consequently, vPEs) a host can allocate is constrained by hardware and defined by GICD_TYPER2.VID + 1 (ITS_MAX_VPEID). Since direct injection requires a vCPU to be assigned a vPEID, at most ITS_MAX_VPEID vCPUs can be configured for direct injection at a time. Because vLPI direct injection is all-or-nothing on a VM, if a new guest VM would exhaust remaining vPEIDs, all vCPUs on that VM would fall back to hypervisor-forwarded LPIs, causing considerable I/O performance degradation. Such performance degradation is exemplified on hosts with CPU overcommitment. Overcommitting an arbitrarily high number of vCPUs enables a VM's vCPU count to easily exceed the host's available vPEIDs. Even with marginally more vCPUs than vPEIDs, the current all-or-nothing vLPI paradigm disables direct injection entirely. This creates two problems: first, a single many-vCPU overcommitted VM loses all direct injection despite having vPEIDs available; second, on multi-tenant hosts, VMs booted first consume all vPEIDs, leaving later VMs without direct injection regardless of their I/O intensity. Per-vCPU control would allow userspace to allocate available vPEIDs across VMs based on I/O workload rather than boot order or per-VM vCPU count. This per-vCPU granularity recovers most of the direct injection performance benefit instead of losing it completely. To allow this per-vCPU granularity, this RFC introduces three new ioctls to the KVM API that enables userspace the ability to activate/deactivate direct vLPI injection capability and resources to vCPUs ad-hoc during VM runtime. This RFC proposes userspace control, rather than kernel control, over vPEID allocation for simplicity of implementation, ease of testability, and autonomy over resource usage. In the future, the vLPI enable/disable building blocks from this RFC may be used to implement a full vPE allocation policy in the kernel. The solution comes in several parts ----------------------------------- 1) [P 1] General declarations (ioctl definitions/stubs, kconfig option) 2) [P 2] Conditionally disable auto vLPI injection init routines To prevent vCPUs from exceeding vPEID allocation limits upon VM boot, disable automatic vPEID allocation in the GICv4 initialization routine when the per-vCPU kconfig is active. Likewise, disable automatic hardware forwarding for PCI device-backed MSIs upon device registration. 3) [P 3-6] Implement per-vCPU vLPI enablement routine, which: a) Creates per-vCPU doorbell IRQ on new vCPU-scoped, rather than VM-scoped, interrupt domain hierarchies. b) Allocates per-vCPU vPE table entries and virtual pending table, linking them to the vCPU's doorbell IRQ. c) Iterates through interrupt translation table to set hardware forwarding for all PCI device–backed interrupts targeting the specific vCPU. 3) [P 7-8] Implement per-vCPU vLPI disablement routine, which a) Iterates through interrupt translation table to unset hardware forwarding for all interrupts targeting the specific vCPU. b) Frees per-vCPU vPE table entries, virtual pending table, and doorbell IRQ, then removes vgic_dist's pointer to the vCPU's freed vPE. 4) [P 9] Couple vSGI enablement with per-vCPU vPE allocation Since vSGIs cannot be direct-injected without an allocated vPE on the receiving vCPU, couple vSGI enablement with vLPI enablement on GICv4.1. 5) [P 10-13] Write selftests for vLPI direct injection PCI devices cannot be passed through to selftest guests, so define an ioctl that mocks a hardware source for software-defined MSI interrupts and sets vLPI "hardware" forwarding for the MSIs. Use these vLPIs to selftest per-vCPU vLPI enablement/disablement ioctls. Testing ------- Testing has been carried out via selftests and QEMU-emulated guests. Selftests have covered diverse vLPI configurations and race conditions. These include: 1) Stress testing LPI injection across multiple vCPUs while concurrently and repeatedly toggling the vCPUs' vLPI injection capability. 2) Enabling/disabling vLPI direct injection while scheduling or unscheduling a vCPU. 3) Allocating and freeing a single vPEID to multiple vCPUs, ensuring reusability. 4) Attempting to allocate a vPEID when all are already allocated, validating an error is thrown. 5) Calling enable/disable vLPI ioctls when GIC is not initialized. 6) Idempotent ioctl calls. PCI device passthrough and interrupt injection to QEMU guest demonstrated: 1) Complete hypervisor circumvention when vLPI injection is enabled on a vCPU, hypervisor forwarding when vLPI injection is disabled. 2) Interrupts are not lost when received during per-vCPU vLPI state transitions. Caveats ------- 1) Pending interrupts are flushed when vLPI injection is disabled for a vCPU; hardware pending state is not transfered to software. This may cause pending interrupts to be lost upon vPE disablement. Unlike vSGIs, vLPIs do not expose their pending state through a GICD_ISPENDR register. Thus, we would need to read the pending state of the vLPI from the vPT. To read the pending status of the vLPI from vPT, we would need to invalidate any vPT cache associated with the vCPU's vPE. This requires unmapping the vPE and halting the vCPU, which would be incredibly expensive and unecessary given that MSIs are usually recoverable by the driver. 2) Direct-injected vSGIs (GICv4.1) require vCPUs to have associated vPEs. Since disabling vLPI injection on a vCPU frees its vPE, vSGI direct injection must simultaenously be disabled as well. At the moment, we use the per-vCPU vSGI toggle mechanism introduced in commit bacf2c6 to enable/disable vSGI injection alongside vLPI injection. Maximilian Dittgen (13): KVM: Introduce config option for per-vCPU vLPI enablement KVM: arm64: Disable auto vCPU vPE assignment with per-vCPU vLPI config KVM: arm64: Refactor out locked section of kvm_vgic_v4_set_forwarding() KVM: arm64: Implement vLPI QUERY ioctl for per-vCPU vLPI injection API KVM: arm64: Implement vLPI ENABLE ioctl for per-vCPU vLPI injection API KVM: arm64: Resolve race between vCPU scheduling and vLPI enablement KVM: arm64: Implement vLPI DISABLE ioctl for per-vCPU vLPI Injection API KVM: arm64: Make per-vCPU vLPI control ioctls atomic KVM: arm64: Couple vSGI enablement with per-vCPU vPE allocation KVM: selftests: fix MAPC RDbase target formatting in vgic_lpi_stress KVM: Ioctl to set up userspace-injected MSIs as software-bypassing vLPIs KVM: arm64: selftests: Add support for stress testing direct-injected vLPIs KVM: arm64: selftests: Add test for per-vCPU vLPI control API Documentation/virt/kvm/api.rst | 56 +++ arch/arm64/kvm/arm.c | 89 +++++ arch/arm64/kvm/vgic/vgic-its.c | 142 ++++++- arch/arm64/kvm/vgic/vgic-v3.c | 14 +- arch/arm64/kvm/vgic/vgic-v4.c | 370 +++++++++++++++++- arch/arm64/kvm/vgic/vgic.h | 10 + drivers/irqchip/Kconfig | 13 + drivers/irqchip/irq-gic-v3-its.c | 58 ++- drivers/irqchip/irq-gic-v4.c | 75 +++- include/kvm/arm_vgic.h | 8 + include/linux/irqchip/arm-gic-v3.h | 5 + include/linux/irqchip/arm-gic-v4.h | 10 +- include/linux/kvm_host.h | 11 + include/uapi/linux/kvm.h | 22 ++ tools/testing/selftests/kvm/Makefile.kvm | 1 + .../selftests/kvm/arm64/per_vcpu_vlpi.c | 274 +++++++++++++ .../selftests/kvm/arm64/vgic_lpi_stress.c | 181 ++++++++- .../selftests/kvm/lib/arm64/gic_v3_its.c | 9 +- 18 files changed, 1307 insertions(+), 41 deletions(-) create mode 100644 tools/testing/selftests/kvm/arm64/per_vcpu_vlpi.c -- 2.50.1 (Apple Git-155) Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger, Christof Hellmis Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

6 hours, 22 minutes

2
15
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror