- Linux-kselftest-mirror - lists.linaro.org

[PATCH v23 0/8] fork: Support shadow stacks in clone3()

by Mark Brown

At this point I think everyone in the on the kernel side is happy with this but there were some questions from the glibc side about the value of controlling the shadow stack placement and size, especially with the current inability to reuse the shadow stack for an exited thread. With support for reuse it would be possible to have a cache of shadow stacks as is currently supported for the normal stack. Since the discussion petered out I'm resending this in order to give people something work with while prototyping. It should be possible to prototype any potential kernel features to help build out shadow stack support in userspace by enabling shadow stack writes, as suggested by Rick Edgecombe this may end up being required anyway for supporting more exotic scenarios. On all current architectures with the feature writes to shadow stack require specific instructions so there are still security benefits even with writes enabled. I did send a change implementing a feature writing a token on thread exit to allow reuse: https://lore.kernel.org/r/20250921-arm64-gcs-exit-token-v1-0-45cf64e648d5@k… but wasn't planning to refresh it without some indication from the userspace side that that'd be useful. Non-process cover letter: The kernel has added support for shadow stacks, currently x86 only using their CET feature but both arm64 and RISC-V have equivalent features (GCS and Zicfiss respectively), I am actively working on GCS[1]. With shadow stacks the hardware maintains an additional stack containing only the return addresses for branch instructions which is not generally writeable by userspace and ensures that any returns are to the recorded addresses. This provides some protection against ROP attacks and making it easier to collect call stacks. These shadow stacks are allocated in the address space of the userspace process. Our API for shadow stacks does not currently offer userspace any flexiblity for managing the allocation of shadow stacks for newly created threads, instead the kernel allocates a new shadow stack with the same size as the normal stack whenever a thread is created with the feature enabled. The stacks allocated in this way are freed by the kernel when the thread exits or shadow stacks are disabled for the thread. This lack of flexibility and control isn't ideal, in the vast majority of cases the shadow stack will be over allocated and the implicit allocation and deallocation is not consistent with other interfaces. As far as I can tell the interface is done in this manner mainly because the shadow stack patches were in development since before clone3() was implemented. Since clone3() is readily extensible let's add support for specifying a shadow stack when creating a new thread or process, keeping the current implicit allocation behaviour if one is not specified either with clone3() or through the use of clone(). The user must provide a shadow stack pointer, this must point to memory mapped for use as a shadow stackby map_shadow_stack() with an architecture specified shadow stack token at the top of the stack. Yuri Khrustalev has raised questions from the libc side regarding discoverability of extended clone3() structure sizes[2], this seems like a general issue with clone3(). There was a suggestion to add a hwcap on arm64 which isn't ideal but is doable there, though architecture specific mechanisms would also be needed for x86 (and RISC-V if it's support gets merged before this does). The idea has, however, had strong pushback from the architecture maintainers and it is possible to detect support for this in clone3() by attempting a call with a misaligned shadow stack pointer specified so no hwcap has been added. [1] https://lore.kernel.org/linux-arm-kernel/20241001-arm64-gcs-v13-0-222b78d87… [2] https://lore.kernel.org/r/aCs65ccRQtJBnZ_5@arm.com Signed-off-by: Mark Brown <broonie(a)kernel.org> --- Changes in v23: - Rebase onto v6.19-rc1. - Link to v22: https://lore.kernel.org/r/20251015-clone3-shadow-stack-v22-0-a8c8da011427@k… Changes in v22: - Rebase onto v6.18-rc1. - Cover letter updates. - Link to v21: https://lore.kernel.org/r/20250916-clone3-shadow-stack-v21-0-910493527013@k… Changes in v21: - Rebase onto https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git kernel-6.18.clone3 - Rename shadow_stack_token to shstk_token, since it's a simple rename I've kept the acks and reviews but I dropped the tested-bys just to be safe. - Link to v20: https://lore.kernel.org/r/20250902-clone3-shadow-stack-v20-0-4d9fff1c53e7@k… Changes in v20: - Comment fixes and clarifications in x86 arch_shstk_validate_clone() from Rick Edgecombe. - Spelling fix in documentation. - Link to v19: https://lore.kernel.org/r/20250819-clone3-shadow-stack-v19-0-bc957075479b@k… Changes in v19: - Rebase onto v6.17-rc1. - Link to v18: https://lore.kernel.org/r/20250702-clone3-shadow-stack-v18-0-7965d2b694db@k… Changes in v18: - Rebase onto v6.16-rc3. - Thanks to pointers from Yuri Khrustalev this version has been tested on x86 so I have removed the RFT tag. - Clarify clone3_shadow_stack_valid() comment about the Kconfig check. - Remove redundant GCSB DSYNCs in arm64 code. - Fix token validation on x86. - Link to v17: https://lore.kernel.org/r/20250609-clone3-shadow-stack-v17-0-8840ed97ff6f@k… Changes in v17: - Rebase onto v6.16-rc1. - Link to v16: https://lore.kernel.org/r/20250416-clone3-shadow-stack-v16-0-2ffc9ca3917b@k… Changes in v16: - Rebase onto v6.15-rc2. - Roll in fixes from x86 testing from Rick Edgecombe. - Rework so that the argument is shadow_stack_token. - Link to v15: https://lore.kernel.org/r/20250408-clone3-shadow-stack-v15-0-3fa245c6e3be@k… Changes in v15: - Rebase onto v6.15-rc1. - Link to v14: https://lore.kernel.org/r/20250206-clone3-shadow-stack-v14-0-805b53af73b9@k… Changes in v14: - Rebase onto v6.14-rc1. - Link to v13: https://lore.kernel.org/r/20241203-clone3-shadow-stack-v13-0-93b89a81a5ed@k… Changes in v13: - Rebase onto v6.13-rc1. - Link to v12: https://lore.kernel.org/r/20241031-clone3-shadow-stack-v12-0-7183eb8bee17@k… Changes in v12: - Add the regular prctl() to the userspace API document since arm64 support is queued in -next. - Link to v11: https://lore.kernel.org/r/20241005-clone3-shadow-stack-v11-0-2a6a2bd6d651@k… Changes in v11: - Rebase onto arm64 for-next/gcs, which is based on v6.12-rc1, and integrate arm64 support. - Rework the interface to specify a shadow stack pointer rather than a base and size like we do for the regular stack. - Link to v10: https://lore.kernel.org/r/20240821-clone3-shadow-stack-v10-0-06e8797b9445@k… Changes in v10: - Integrate fixes & improvements for the x86 implementation from Rick Edgecombe. - Require that the shadow stack be VM_WRITE. - Require that the shadow stack base and size be sizeof(void *) aligned. - Clean up trailing newline. - Link to v9: https://lore.kernel.org/r/20240819-clone3-shadow-stack-v9-0-962d74f99464@ke… Changes in v9: - Pull token validation earlier and report problems with an error return to parent rather than signal delivery to the child. - Verify that the top of the supplied shadow stack is VM_SHADOW_STACK. - Rework token validation to only do the page mapping once. - Drop no longer needed support for testing for signals in selftest. - Fix typo in comments. - Link to v8: https://lore.kernel.org/r/20240808-clone3-shadow-stack-v8-0-0acf37caf14c@ke… Changes in v8: - Fix token verification with user specified shadow stack. - Don't track user managed shadow stacks for child processes. - Link to v7: https://lore.kernel.org/r/20240731-clone3-shadow-stack-v7-0-a9532eebfb1d@ke… Changes in v7: - Rebase onto v6.11-rc1. - Typo fixes. - Link to v6: https://lore.kernel.org/r/20240623-clone3-shadow-stack-v6-0-9ee7783b1fb9@ke… Changes in v6: - Rebase onto v6.10-rc3. - Ensure we don't try to free the parent shadow stack in error paths of x86 arch code. - Spelling fixes in userspace API document. - Additional cleanups and improvements to the clone3() tests to support the shadow stack tests. - Link to v5: https://lore.kernel.org/r/20240203-clone3-shadow-stack-v5-0-322c69598e4b@ke… Changes in v5: - Rebase onto v6.8-rc2. - Rework ABI to have the user allocate the shadow stack memory with map_shadow_stack() and a token. - Force inlining of the x86 shadow stack enablement. - Move shadow stack enablement out into a shared header for reuse by other tests. - Link to v4: https://lore.kernel.org/r/20231128-clone3-shadow-stack-v4-0-8b28ffe4f676@ke… Changes in v4: - Formatting changes. - Use a define for minimum shadow stack size and move some basic validation to fork.c. - Link to v3: https://lore.kernel.org/r/20231120-clone3-shadow-stack-v3-0-a7b8ed3e2acc@ke… Changes in v3: - Rebase onto v6.7-rc2. - Remove stale shadow_stack in internal kargs. - If a shadow stack is specified unconditionally use it regardless of CLONE_ parameters. - Force enable shadow stacks in the selftest. - Update changelogs for RISC-V feature rename. - Link to v2: https://lore.kernel.org/r/20231114-clone3-shadow-stack-v2-0-b613f8681155@ke… Changes in v2: - Rebase onto v6.7-rc1. - Remove ability to provide preallocated shadow stack, just specify the desired size. - Link to v1: https://lore.kernel.org/r/20231023-clone3-shadow-stack-v1-0-d867d0b5d4d0@ke… --- Mark Brown (8): arm64/gcs: Return a success value from gcs_alloc_thread_stack() Documentation: userspace-api: Add shadow stack API documentation selftests: Provide helper header for shadow stack testing fork: Add shadow stack support to clone3() selftests/clone3: Remove redundant flushes of output streams selftests/clone3: Factor more of main loop into test_clone3() selftests/clone3: Allow tests to flag if -E2BIG is a valid error code selftests/clone3: Test shadow stack support Documentation/userspace-api/index.rst | 1 + Documentation/userspace-api/shadow_stack.rst | 44 +++++ arch/arm64/include/asm/gcs.h | 8 +- arch/arm64/kernel/process.c | 8 +- arch/arm64/mm/gcs.c | 55 +++++- arch/x86/include/asm/shstk.h | 11 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/shstk.c | 53 ++++- include/asm-generic/cacheflush.h | 11 ++ include/linux/sched/task.h | 17 ++ include/uapi/linux/sched.h | 9 +- kernel/fork.c | 93 +++++++-- tools/testing/selftests/clone3/clone3.c | 226 ++++++++++++++++++---- tools/testing/selftests/clone3/clone3_selftests.h | 65 ++++++- tools/testing/selftests/ksft_shstk.h | 98 ++++++++++ 15 files changed, 620 insertions(+), 81 deletions(-) --- base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8 change-id: 20231019-clone3-shadow-stack-15d40d2bf536 Best regards, -- Mark Brown <broonie(a)kernel.org>

2 hours, 50 minutes

2
2
0 0

[PATCH 00/20] ublk: add support for integrity data

by Caleb Sander Mateos

Much work has recently gone into supporting block device integrity data (sometimes called "metadata") in Linux. Many NVMe devices these days support metadata transfers and/or automatic protection information generation and verification. However, ublk devices can't yet advertise integrity data capabilities. This patch series wires up support for integrity data in ublk. The ublk feature is referred to as "integrity" rather than "metadata" to match the block layer's name for it and to avoid confusion with the existing and unrelated UBLK_IO_F_META. To advertise support for integrity data, a ublk server fills out the struct ublk_params's integrity field and sets UBLK_PARAM_TYPE_INTEGRITY. The struct ublk_param_integrity flags and csum_type fields use the existing LBMD_PI_* constants from the linux/fs.h UAPI header. The ublk driver fills out a corresponding struct blk_integrity. When a request with integrity data is issued to the ublk device, the ublk driver sets UBLK_IO_F_INTEGRITY in struct ublksrv_io_desc's op_flags field. This is necessary for a ublk server for which bi_offload_capable() returns true to distinguish requests with integrity data from those without. Integrity data transfers can currently only be performed via the ublk user copy mechanism. The overhead of zero-copy buffer registration makes it less appealing for the small transfers typical of integrity data. Additionally, neither io_uring NVMe passthru nor IORING_RW_ATTR_FLAG_PI currently allow an io_uring registered buffer for the integrity data. The ki_pos field of the struct kiocb passed to the user copy ->{read,write}_iter() callback gains a bit UBLKSRV_IO_INTEGRITY_FLAG for a ublk server to indicate whether to access the request's data or integrity data. Not yet supported is an analogue for the IO_INTEGRITY_CHK_*/BIP_CHECK_* flags to ask the ublk server to verify the guard, reftag, and/or apptag of a request's protection information. The user copy mechanism currently forbids a ublk server from reading the data/integrity buffer of a read-direction request. We could potentially relax this restriction for integrity data on reads. Alternatively, the ublk driver could verify the requested fields as part of the user copy operation. The first 2 commits harden blk_validate_integrity_limits() to reject nonsensical pi_offset and interval_exp integrity limits. Caleb Sander Mateos (17): block: validate pi_offset integrity limit block: validate interval_exp integrity limit blk-integrity: take const pointer in blk_integrity_rq() ublk: move ublk flag check functions earlier ublk: set UBLK_IO_F_INTEGRITY in ublksrv_io_desc ublk: add ublk_copy_user_bvec() helper ublk: split out ublk_user_copy() helper ublk: inline ublk_check_and_get_req() into ublk_user_copy() ublk: move offset check out of __ublk_check_and_get_req() ublk: optimize ublk_user_copy() on daemon task selftests: ublk: add utility to get block device metadata size selftests: ublk: add kublk support for integrity params selftests: ublk: implement integrity user copy in kublk selftests: ublk: support non-O_DIRECT backing files selftests: ublk: add integrity data support to loop target selftests: ublk: add integrity params test selftests: ublk: add end-to-end integrity test Stanley Zhang (3): ublk: add integrity UAPI ublk: support UBLK_PARAM_TYPE_INTEGRITY in device creation ublk: implement integrity user copy block/blk-settings.c | 14 +- drivers/block/ublk_drv.c | 336 +++++++++++++------ include/linux/blk-integrity.h | 6 +- include/uapi/linux/ublk_cmd.h | 20 +- tools/testing/selftests/ublk/Makefile | 6 +- tools/testing/selftests/ublk/common.c | 4 +- tools/testing/selftests/ublk/fault_inject.c | 1 + tools/testing/selftests/ublk/file_backed.c | 61 +++- tools/testing/selftests/ublk/kublk.c | 85 ++++- tools/testing/selftests/ublk/kublk.h | 37 +- tools/testing/selftests/ublk/metadata_size.c | 37 ++ tools/testing/selftests/ublk/null.c | 1 + tools/testing/selftests/ublk/stripe.c | 6 +- tools/testing/selftests/ublk/test_common.sh | 10 + tools/testing/selftests/ublk/test_loop_08.sh | 111 ++++++ tools/testing/selftests/ublk/test_null_04.sh | 166 +++++++++ 16 files changed, 765 insertions(+), 136 deletions(-) create mode 100644 tools/testing/selftests/ublk/metadata_size.c create mode 100755 tools/testing/selftests/ublk/test_loop_08.sh create mode 100755 tools/testing/selftests/ublk/test_null_04.sh -- 2.45.2

4 hours, 51 minutes

3
23
0 0

[PATCH] selftests: net: fib-onlink-tests: Set high metric for default IPv6 route

by Ricardo B. Marlière

Currently, the test breaks if the SUT already has a default route configured for IPv6. Fix by adding "metric 9999" to the `ip -6 ro add` command, so that multiple default routes can coexist. Fixes: 4ed591c8ab44 ("net/ipv6: Allow onlink routes to have a device mismatch if it is the default route") Signed-off-by: Ricardo B. Marlière <rbm(a)suse.com> --- tools/testing/selftests/net/fib-onlink-tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/fib-onlink-tests.sh b/tools/testing/selftests/net/fib-onlink-tests.sh index ec2d6ceb1f08..acf6b0617373 100755 --- a/tools/testing/selftests/net/fib-onlink-tests.sh +++ b/tools/testing/selftests/net/fib-onlink-tests.sh @@ -207,7 +207,7 @@ setup() ip -netns ${PEER_NS} addr add ${V6ADDRS[p${n}]}/64 dev ${NETIFS[p${n}]} nodad done - ip -6 ro add default via ${V6ADDRS[p3]/::[0-9]/::64} + ip -6 ro add default via ${V6ADDRS[p3]/::[0-9]/::64} metric 9999 ip -6 ro add table ${VRF_TABLE} default via ${V6ADDRS[p7]/::[0-9]/::64} set +e --- base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8 change-id: 20251218-rbm-selftests-net-fib-onlink-873ad01e6884 Best regards, -- Ricardo B. Marlière <rbm(a)suse.com>

5 hours, 45 minutes

2
1
0 0

[PATCH v2] selftests/filesystems: Assume that TIOCGPTPEER is defined

by Mark Brown

The devpts_pts selftest has an ifdef in case an architecture does not define TIOCGPTPEER, but the handling for this is broken since we need errno to be set to EINVAL in order to skip the test as we should. Given that this ioctl() has been defined since v4.15 we may as well just assume it's there rather than write handling code which will probably never get used. Signed-off-by: Mark Brown <broonie(a)kernel.org> --- Changes in v2: - Rebase onto v6.19-rc1. - Link to v1: https://patch.msgid.link/20251126-selftests-filesystems-devpts-tiocgptpeer-… --- tools/testing/selftests/filesystems/devpts_pts.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tools/testing/selftests/filesystems/devpts_pts.c b/tools/testing/selftests/filesystems/devpts_pts.c index 54fea349204e..950e8b7f675b 100644 --- a/tools/testing/selftests/filesystems/devpts_pts.c +++ b/tools/testing/selftests/filesystems/devpts_pts.c @@ -100,7 +100,7 @@ static int resolve_procfd_symlink(int fd, char *buf, size_t buflen) static int do_tiocgptpeer(char *ptmx, char *expected_procfd_contents) { int ret; - int master = -1, slave = -1, fret = -1; + int master = -1, slave, fret = -1; master = open(ptmx, O_RDWR | O_NOCTTY | O_CLOEXEC); if (master < 0) { @@ -119,9 +119,7 @@ static int do_tiocgptpeer(char *ptmx, char *expected_procfd_contents) goto do_cleanup; } -#ifdef TIOCGPTPEER slave = ioctl(master, TIOCGPTPEER, O_RDWR | O_NOCTTY | O_CLOEXEC); -#endif if (slave < 0) { if (errno == EINVAL) { fprintf(stderr, "TIOCGPTPEER is not supported. " --- base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8 change-id: 20251126-selftests-filesystems-devpts-tiocgptpeer-fbd30e579859 Best regards, -- Mark Brown <broonie(a)kernel.org>

6 hours, 12 minutes

1
0
0 0

[PATCH 0/4] Various mm kselftests improvements/fixes

by Kevin Brodsky

A few improvements/fixes for the mm kselftests: - Patch 1-2 extend support for more build configurations: out-of-tree $KDIR, cross-compilation, etc. - Patch 3-4 fix issues in the pagemap_ioctl tests, most importantly that it does not report failures: ./run_kselftests.sh would report OK even if some pagemap_ioctl tests fail. That's probably why the issue in patch 3 went unnoticed. --- Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: David Hildenbrand <david(a)kernel.org> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Mark Brown <broonie(a)kernel.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Shuah Khan <shuah(a)kernel.org> --- Kevin Brodsky (4): selftests/mm: remove flaky header check selftests/mm: pass down full CC and CFLAGS to check_config.sh selftests/mm: fix faulting-in code in pagemap_ioctl test selftests/mm: fix exit code in pagemap_ioctl tools/testing/selftests/mm/Makefile | 6 +----- tools/testing/selftests/mm/check_config.sh | 3 +-- tools/testing/selftests/mm/pagemap_ioctl.c | 12 ++++++------ 3 files changed, 8 insertions(+), 13 deletions(-) base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8 -- 2.51.2

7 hours, 21 minutes

5
19
0 0

[PATCH v2 0/9] KVM: x86: Improve the handling of debug exceptions during instruction emulation

by Hou Wenlong

During my testing, I found that guest debugging with 'DR6.BD' does not work in instruction emulation, as the current code only considers the guest's DR7. Upon reviewing the code, I also observed that the checks for the userspace guest debugging feature and the guest's own debugging feature are repeated in different places during instruction emulation, but the overall logic is the same. If guest debug is enabled, it needs to exit to userspace; otherwise, a #DB exception needs to be injected into the guest. Therefore, as suggested by Jiangshan Lai, some cleanup has been done for #DB handling in instruction emulation in this patchset. A new function named 'kvm_inject_emulated_db()' is introduced to consolidate all the checking logic. Moreover, I hope we can make the #DB interception path use the same function as well. Additionally, when I looked into the single-step #DB handling in instruction emulation, I noticed that the interrupt shadow is toggled, but it is not considered in the single-step #DB injection. This oversight causes VM entry to fail on VMX (due to pending debug exceptions state checking). As pointed out by Sean, fault-like code #DBs can be coincident with trap-like single-step #DBs at the instruction boundary on the hardware. However it is difficult to emulate this in the emulator, as kvm_vcpu_check_code_breakpoint() is called at the start of the next instruction while the single-step #DB for the previous instruction has already been injected. v1->v2: - cleanup in inject_emulated_exception(). - rename 'set_pending_dbg' callback as 'refresh_pending_dbg_exceptions'. - fold refresh_pending_dbg_exceptions() call into kvm_vcpu_do_singlestep(). - Split the change to move up kvm_set_rflags() into a single patch. - Move the #DB and IRQ handler registration after guest debug testcases. Hou Wenlong (9): KVM: x86: Capture "struct x86_exception" in inject_emulated_exception() KVM: x86: Set guest DR6 by kvm_queue_exception_p() in instruction emulation KVM: x86: Check guest debug in DR access instruction emulation KVM: x86: Only check effective code breakpoint in emulation KVM: x86: Consolidate KVM_GUESTDBG_SINGLESTEP check into the kvm_inject_emulated_db() KVM: x86: Move kvm_set_rflags() up before kvm_vcpu_do_singlestep() KVM: VMX: Refresh 'PENDING_DBG_EXCEPTIONS.BS' bit during instruction emulation KVM: selftests: Verify guest debug DR7.GD checking during instruction emulation KVM: selftests: Verify 'BS' bit checking in pending debug exception during VM entry arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/emulate.c | 14 +-- arch/x86/kvm/kvm_emulate.h | 7 +- arch/x86/kvm/vmx/main.c | 9 ++ arch/x86/kvm/vmx/vmx.c | 15 ++- arch/x86/kvm/vmx/x86_ops.h | 1 + arch/x86/kvm/x86.c | 116 ++++++++++-------- arch/x86/kvm/x86.h | 7 ++ .../selftests/kvm/include/x86/processor.h | 3 +- tools/testing/selftests/kvm/x86/debug_regs.c | 72 ++++++++++- 11 files changed, 178 insertions(+), 68 deletions(-) base-commit: 5d3e2d9ba9ed68576c70c127e4f7446d896f2af2 -- 2.31.1

7 hours, 45 minutes

1
1
0 0

[PATCH v2 8/9] KVM: selftests: Verify guest debug DR7.GD checking during instruction emulation

by Hou Wenlong

Similar to the global disable test case in x86's debug_regs test, use 'KVM_FEP' to trigger instruction emulation in order to verify the guest debug DR7.GD checking during instruction emulation. Signed-off-by: Hou Wenlong <houwenlong.hwl(a)antgroup.com> --- tools/testing/selftests/kvm/x86/debug_regs.c | 23 +++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/x86/debug_regs.c b/tools/testing/selftests/kvm/x86/debug_regs.c index 2d814c1d1dc4..bd34cf2a96b7 100644 --- a/tools/testing/selftests/kvm/x86/debug_regs.c +++ b/tools/testing/selftests/kvm/x86/debug_regs.c @@ -19,6 +19,7 @@ uint32_t guest_value; extern unsigned char sw_bp, hw_bp, write_data, ss_start, bd_start; +extern unsigned char fep_bd_start; static void guest_code(void) { @@ -64,6 +65,10 @@ static void guest_code(void) /* DR6.BD test */ asm volatile("bd_start: mov %%dr0, %%rax" : : : "rax"); + + if (is_forced_emulation_enabled) + asm volatile(KVM_FEP "fep_bd_start: mov %%dr0, %%rax" : : : "rax"); + GUEST_DONE(); } @@ -185,7 +190,7 @@ int main(void) target_dr6); } - /* Finally test global disable */ + /* test global disable */ memset(&debug, 0, sizeof(debug)); debug.control = KVM_GUESTDBG_ENABLE | KVM_GUESTDBG_USE_HW_BP; debug.arch.debugreg[7] = 0x400 | DR7_GD; @@ -202,6 +207,22 @@ int main(void) run->debug.arch.pc, target_rip, run->debug.arch.dr6, target_dr6); + /* test global disable in emulation */ + if (is_forced_emulation_enabled) { + /* Skip the 3-bytes "mov dr0" */ + vcpu_skip_insn(vcpu, 3); + vcpu_run(vcpu); + TEST_ASSERT(run->exit_reason == KVM_EXIT_DEBUG && + run->debug.arch.exception == DB_VECTOR && + run->debug.arch.pc == CAST_TO_RIP(fep_bd_start) && + run->debug.arch.dr6 == target_dr6, + "DR7.GD: exit %d exception %d rip 0x%llx " + "(should be 0x%llx) dr6 0x%llx (should be 0x%llx)", + run->exit_reason, run->debug.arch.exception, + run->debug.arch.pc, target_rip, run->debug.arch.dr6, + target_dr6); + } + /* Disable all debug controls, run to the end */ memset(&debug, 0, sizeof(debug)); vcpu_guest_debug_set(vcpu, &debug); -- 2.31.1

7 hours, 45 minutes

1
0
0 0

[PATCH 0/7] KVM: x86: Improve the handling of debug exceptions during instruction emulation

by Hou Wenlong

During my testing, I found that guest debugging with 'DR6.BD' does not work in instruction emulation, as the current code only considers the guest's DR7. Upon reviewing the code, I also observed that the checks for the userspace guest debugging feature and the guest's own debugging feature are repeated in different places during instruction emulation, but the overall logic is the same. If guest debugging is enabled, it needs to exit to userspace; otherwise, a #DB exception needs to be injected into the guest. Therefore, as suggested by Jiangshan Lai, some cleanup has been done for #DB handling in instruction emulation in this patchset. A new function named 'kvm_inject_emulated_db()' is introduced to consolidate all the checking logic. Moreover, I hope we can make the #DB interception path use the same function as well. Additionally, when I looked into the single-step #DB handling in instruction emulation, I noticed that the interrupt shadow is toggled, but it is not considered in the single-step #DB injection. This oversight causes VM entry to fail on VMX (due to pending debug exceptions checking) or breaks the 'MOV SS' suppressed #DB. For the latter, I have kept the behavior for now in my patchset, as I need some suggestions. Hou Wenlong (7): KVM: x86: Set guest DR6 by kvm_queue_exception_p() in instruction emulation KVM: x86: Check guest debug in DR access instruction emulation KVM: x86: Only check effective code breakpoint in emulation KVM: x86: Consolidate KVM_GUESTDBG_SINGLESTEP check into the kvm_inject_emulated_db() KVM: VMX: Set 'BS' bit in pending debug exceptions during instruction emulation KVM: selftests: Verify guest debug DR7.GD checking during instruction emulation KVM: selftests: Verify 'BS' bit checking in pending debug exception during VM entry arch/x86/include/asm/kvm-x86-ops.h | 1 + arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/emulate.c | 14 +-- arch/x86/kvm/kvm_emulate.h | 7 +- arch/x86/kvm/vmx/main.c | 9 ++ arch/x86/kvm/vmx/vmx.c | 14 ++- arch/x86/kvm/vmx/x86_ops.h | 1 + arch/x86/kvm/x86.c | 109 +++++++++++------- arch/x86/kvm/x86.h | 7 ++ .../selftests/kvm/include/x86/processor.h | 3 +- tools/testing/selftests/kvm/x86/debug_regs.c | 64 +++++++++- 11 files changed, 167 insertions(+), 63 deletions(-) base-commit: ecbcc2461839e848970468b44db32282e5059925 -- 2.31.1

8 hours, 5 minutes

2
6
0 0

[PATCH v3 0/3] selftests/filelock: Make output more kselftestish

by Mark Brown

This series makes the output from the ofdlocks test a bit easier for tooling to work with, and also ignores the generated file while we're here. Signed-off-by: Mark Brown <broonie(a)kernel.org> --- Changes in v3: - Rebase onto v6.19-rc1. - Link to v2: https://lore.kernel.org/r/20251015-selftest-filelock-ktap-v2-0-f5fd21b75c3a… Changes in v2: - Rebase onto v6.18-rc1. - Link to v1: https://lore.kernel.org/r/20250818-selftest-filelock-ktap-v1-0-d41af77f1396… --- Mark Brown (3): kselftest/filelock: Use ksft_perror() kselftest/filelock: Report each test in oftlocks separately kselftest/filelock: Add a .gitignore file tools/testing/selftests/filelock/.gitignore | 1 + tools/testing/selftests/filelock/ofdlocks.c | 94 +++++++++++++---------------- 2 files changed, 42 insertions(+), 53 deletions(-) --- base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8 change-id: 20250604-selftest-filelock-ktap-f2ae998a0de0 Best regards, -- Mark Brown <broonie(a)kernel.org>

10 hours, 28 minutes

1
2
0 0

[PATCH v3 2/3] kselftest/filelock: Report each test in oftlocks separately

by Mark Brown

The filelock test checks four different things but only reports an overall status, convert to use ksft_test_result() for these individual tests. Each test depends on the previous ones so we still bail out if any of them fail but we get a bit more information from UIs parsing the results. Signed-off-by: Mark Brown <broonie(a)kernel.org> --- tools/testing/selftests/filelock/ofdlocks.c | 90 +++++++++++++---------------- 1 file changed, 39 insertions(+), 51 deletions(-) diff --git a/tools/testing/selftests/filelock/ofdlocks.c b/tools/testing/selftests/filelock/ofdlocks.c index 2d3b06ce5e5e..68bac28b234b 100644 --- a/tools/testing/selftests/filelock/ofdlocks.c +++ b/tools/testing/selftests/filelock/ofdlocks.c @@ -39,94 +39,82 @@ int main(void) int fd = open("/tmp/aa", O_RDWR | O_CREAT | O_EXCL, 0600); int fd2 = open("/tmp/aa", O_RDONLY); + ksft_print_header(); + ksft_set_plan(4); + unlink("/tmp/aa"); assert(fd != -1); assert(fd2 != -1); - ksft_print_msg("[INFO] opened fds %i %i\n", fd, fd2); + ksft_print_msg("opened fds %i %i\n", fd, fd2); /* Set some read lock */ fl.l_type = F_RDLCK; fl.l_start = 5; fl.l_len = 3; rc = lock_set(fd, &fl); - if (rc == 0) { - ksft_print_msg - ("[SUCCESS] set OFD read lock on first fd\n"); - } else { - ksft_print_msg("[FAIL] to set OFD read lock on first fd\n"); - return -1; - } + ksft_test_result(rc == 0, "set OFD read lock on first fd\n"); + if (rc != 0) + ksft_finished(); + /* Make sure read locks do not conflict on different fds. */ fl.l_type = F_RDLCK; fl.l_start = 5; fl.l_len = 1; rc = lock_get(fd2, &fl); if (rc != 0) - return -1; - if (fl.l_type != F_UNLCK) { - ksft_print_msg("[FAIL] read locks conflicted\n"); - return -1; - } + ksft_finished(); + if (fl.l_type != F_UNLCK) + ksft_exit_fail_msg("read locks conflicted\n"); + /* Make sure read/write locks do conflict on different fds. */ fl.l_type = F_WRLCK; fl.l_start = 5; fl.l_len = 1; rc = lock_get(fd2, &fl); if (rc != 0) - return -1; - if (fl.l_type != F_UNLCK) { - ksft_print_msg - ("[SUCCESS] read and write locks conflicted\n"); - } else { - ksft_print_msg - ("[SUCCESS] read and write locks not conflicted\n"); - return -1; - } + ksft_finished(); + ksft_test_result(fl.l_type != F_UNLCK, + "read and write locks conflicted\n"); + if (fl.l_type == F_UNLCK) + ksft_finished(); + /* Get info about the lock on first fd. */ fl.l_type = F_UNLCK; fl.l_start = 5; fl.l_len = 1; rc = lock_get(fd, &fl); - if (rc != 0) { - ksft_print_msg - ("[FAIL] F_OFD_GETLK with F_UNLCK not supported\n"); - return -1; - } - if (fl.l_type != F_UNLCK) { - ksft_print_msg - ("[SUCCESS] F_UNLCK test returns: locked, type %i pid %i len %zi\n", - fl.l_type, fl.l_pid, fl.l_len); - } else { - ksft_print_msg - ("[FAIL] F_OFD_GETLK with F_UNLCK did not return lock info\n"); - return -1; - } + if (rc != 0) + ksft_exit_fail_msg("F_OFD_GETLK with F_UNLCK not supported\n"); + ksft_test_result(fl.l_type != F_UNLCK, + "F_OFD_GETLK with F_UNLCK returned lock info\n"); + if (fl.l_type == F_UNLCK) + ksft_exit_fail(); + ksft_print_msg("F_UNLCK test returns: locked, type %i pid %i len %zi\n", + fl.l_type, fl.l_pid, fl.l_len); + /* Try the same but by locking everything by len==0. */ fl2.l_type = F_UNLCK; fl2.l_start = 0; fl2.l_len = 0; rc = lock_get(fd, &fl2); - if (rc != 0) { - ksft_print_msg - ("[FAIL] F_OFD_GETLK with F_UNLCK not supported\n"); - return -1; - } + if (rc != 0) + ksft_exit_fail_msg + ("F_OFD_GETLK with F_UNLCK not supported\n"); + ksft_test_result(memcmp(&fl, &fl2, sizeof(fl)) == 0, + "F_UNLCK with len==0 returned the same\n"); if (memcmp(&fl, &fl2, sizeof(fl))) { - ksft_print_msg - ("[FAIL] F_UNLCK test returns: locked, type %i pid %i len %zi\n", + ksft_exit_fail_msg + ("F_UNLCK test returns: locked, type %i pid %i len %zi\n", fl.l_type, fl.l_pid, fl.l_len); - return -1; } - ksft_print_msg("[SUCCESS] F_UNLCK with len==0 returned the same\n"); + /* Get info about the lock on second fd - no locks on it. */ fl.l_type = F_UNLCK; fl.l_start = 0; fl.l_len = 0; lock_get(fd2, &fl); - if (fl.l_type != F_UNLCK) { - ksft_print_msg - ("[FAIL] F_OFD_GETLK with F_UNLCK return lock info from another fd\n"); - return -1; - } - return 0; + ksft_test_result(fl.l_type == F_UNLCK, + "F_OFD_GETLK with F_UNLCK return lock info from another fd\n"); + + ksft_finished(); } -- 2.47.3

10 hours, 28 minutes

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror