- Linux-kselftest-mirror - lists.linaro.org

[PATCH AUTOSEL 5.9 11/33] kunit: fix display of failed expectations for strings

by Sasha Levin

From: Daniel Latypov <dlatypov(a)google.com> [ Upstream commit 3084db0e0d5076cd48408274ab0911cd3ccdae88 ] Currently the following expectation KUNIT_EXPECT_STREQ(test, "hi", "bye"); will produce: Expected "hi" == "bye", but "hi" == 1625079497 "bye" == 1625079500 After this patch: Expected "hi" == "bye", but "hi" == hi "bye" == bye KUNIT_INIT_BINARY_STR_ASSERT_STRUCT() was written but just mistakenly not actually used by KUNIT_EXPECT_STREQ() and friends. Signed-off-by: Daniel Latypov <dlatypov(a)google.com> Reviewed-by: Brendan Higgins <brendanhiggins(a)google.com> Tested-by: Brendan Higgins <brendanhiggins(a)google.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/kunit/test.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/kunit/test.h b/include/kunit/test.h index 59f3144f009a5..b68ba33c16937 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -1064,7 +1064,7 @@ do { \ KUNIT_ASSERTION(test, \ strcmp(__left, __right) op 0, \ kunit_binary_str_assert, \ - KUNIT_INIT_BINARY_ASSERT_STRUCT(test, \ + KUNIT_INIT_BINARY_STR_ASSERT_STRUCT(test, \ assert_type, \ #op, \ #left, \ -- 2.27.0

4 years, 7 months

1
0
0 0

[PATCHv2] selftests/powerpc/eeh: disable kselftest timeout setting for eeh-basic

by Po-Hsu Lin

The eeh-basic test got its own 60 seconds timeout (defined in commit 414f50434aa2 "selftests/eeh: Bump EEH wait time to 60s") per breakable device. And we have discovered that the number of breakable devices varies on different hardware. The device recovery time ranges from 0 to 35 seconds. In our test pool it will take about 30 seconds to run on a Power8 system that with 5 breakable devices, 60 seconds to run on a Power9 system that with 4 breakable devices. Extend the timeout setting in the kselftest framework to 5 minutes to give it a chance to finish. Signed-off-by: Po-Hsu Lin <po-hsu.lin(a)canonical.com> --- tools/testing/selftests/powerpc/eeh/Makefile | 2 +- tools/testing/selftests/powerpc/eeh/settings | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/powerpc/eeh/settings diff --git a/tools/testing/selftests/powerpc/eeh/Makefile b/tools/testing/selftests/powerpc/eeh/Makefile index b397bab..ae963eb 100644 --- a/tools/testing/selftests/powerpc/eeh/Makefile +++ b/tools/testing/selftests/powerpc/eeh/Makefile @@ -3,7 +3,7 @@ noarg: $(MAKE) -C ../ TEST_PROGS := eeh-basic.sh -TEST_FILES := eeh-functions.sh +TEST_FILES := eeh-functions.sh settings top_srcdir = ../../../../.. include ../../lib.mk diff --git a/tools/testing/selftests/powerpc/eeh/settings b/tools/testing/selftests/powerpc/eeh/settings new file mode 100644 index 0000000..694d707 --- /dev/null +++ b/tools/testing/selftests/powerpc/eeh/settings @@ -0,0 +1 @@ +timeout=300 -- 2.7.4

4 years, 7 months

2
2
0 0

[PATCH bpf-next v2 0/5] selftests/bpf: xsk selftests

by Weqaar Janjua

This patch set adds AF_XDP selftests based on veth to selftests/bpf. # Topology: # --------- # ----------- # _ | Process | _ # / ----------- \ # / | \ # / | \ # ----------- | ----------- # | Thread1 | | | Thread2 | # ----------- | ----------- # | | | # ----------- | ----------- # | xskX | | | xskY | # ----------- | ----------- # | | | # ----------- | ---------- # | vethX | --------- | vethY | # ----------- peer ---------- # | | | # namespaceX | namespaceY These selftests test AF_XDP SKB and Native/DRV modes using veth Virtual Ethernet interfaces. The test program contains two threads, each thread is single socket with a unique UMEM. It validates in-order packet delivery and packet content by sending packets to each other. Prerequisites setup by script test_xsk_prerequisites.sh: Set up veth interfaces as per the topology shown ^^: * setup two veth interfaces and one namespace ** veth<xxxx> in root namespace ** veth<yyyy> in af_xdp<xxxx> namespace ** namespace af_xdp<xxxx> * create a spec file veth.spec that includes this run-time configuration that is read by test scripts - filenames prefixed with test_xsk_ *** xxxx and yyyy are randomly generated 4 digit numbers used to avoid conflict with any existing interface The following tests are provided: 1. AF_XDP SKB mode Generic mode XDP is driver independent, used when the driver does not have support for XDP. Works on any netdevice using sockets and generic XDP path. XDP hook from netif_receive_skb(). a. nopoll - soft-irq processing b. poll - using poll() syscall c. Socket Teardown Create a Tx and a Rx socket, Tx from one socket, Rx on another. Destroy both sockets, then repeat multiple times. Only nopoll mode is used d. Bi-directional Sockets Configure sockets as bi-directional tx/rx sockets, sets up fill and completion rings on each socket, tx/rx in both directions. Only nopoll mode is used 2. AF_XDP DRV/Native mode Works on any netdevice with XDP_REDIRECT support, driver dependent. Processes packets before SKB allocation. Provides better performance than SKB. Driver hook available just after DMA of buffer descriptor. a. nopoll b. poll c. Socket Teardown d. Bi-directional Sockets * Only copy mode is supported because veth does not currently support zero-copy mode Total tests: 8 Flow: * Single process spawns two threads: Tx and Rx * Each of these two threads attach to a veth interface within their assigned namespaces * Each thread creates one AF_XDP socket connected to a unique umem for each veth interface * Tx thread transmits 10k packets from veth<xxxx> to veth<yyyy> * Rx thread verifies if all 10k packets were received and delivered in-order, and have the right content v2 changes: * Move selftests/xsk to selftests/bpf * Remove Makefiles under selftests/xsk, and utilize selftests/bpf/Makefile Structure of the patch set: Patch 1: This patch adds XSK Selftests framework under selftests/bpf Patch 2: Adds tests: SKB poll and nopoll mode, and mac-ip-udp debug Patch 3: Adds tests: DRV poll and nopoll mode Patch 4: Adds tests: SKB and DRV Socket Teardown Patch 5: Adds tests: SKB and DRV Bi-directional Sockets Thanks: Weqaar Weqaar Janjua (5): selftests/bpf: xsk selftests framework selftests/bpf: xsk selftests - SKB POLL, NOPOLL selftests/bpf: xsk selftests - DRV POLL, NOPOLL selftests/bpf: xsk selftests - Socket Teardown - SKB, DRV selftests/bpf: xsk selftests - Bi-directional Sockets - SKB, DRV tools/testing/selftests/bpf/Makefile | 15 +- .../bpf/test_xsk_drv_bidirectional.sh | 23 + .../selftests/bpf/test_xsk_drv_nopoll.sh | 20 + .../selftests/bpf/test_xsk_drv_poll.sh | 20 + .../selftests/bpf/test_xsk_drv_teardown.sh | 20 + .../selftests/bpf/test_xsk_prerequisites.sh | 127 ++ .../bpf/test_xsk_skb_bidirectional.sh | 20 + .../selftests/bpf/test_xsk_skb_nopoll.sh | 20 + .../selftests/bpf/test_xsk_skb_poll.sh | 20 + .../selftests/bpf/test_xsk_skb_teardown.sh | 20 + tools/testing/selftests/bpf/xdpxceiver.c | 1056 +++++++++++++++++ tools/testing/selftests/bpf/xdpxceiver.h | 158 +++ tools/testing/selftests/bpf/xsk_env.sh | 28 + tools/testing/selftests/bpf/xsk_prereqs.sh | 119 ++ 14 files changed, 1664 insertions(+), 2 deletions(-) create mode 100755 tools/testing/selftests/bpf/test_xsk_drv_bidirectional.sh create mode 100755 tools/testing/selftests/bpf/test_xsk_drv_nopoll.sh create mode 100755 tools/testing/selftests/bpf/test_xsk_drv_poll.sh create mode 100755 tools/testing/selftests/bpf/test_xsk_drv_teardown.sh create mode 100755 tools/testing/selftests/bpf/test_xsk_prerequisites.sh create mode 100755 tools/testing/selftests/bpf/test_xsk_skb_bidirectional.sh create mode 100755 tools/testing/selftests/bpf/test_xsk_skb_nopoll.sh create mode 100755 tools/testing/selftests/bpf/test_xsk_skb_poll.sh create mode 100755 tools/testing/selftests/bpf/test_xsk_skb_teardown.sh create mode 100644 tools/testing/selftests/bpf/xdpxceiver.c create mode 100644 tools/testing/selftests/bpf/xdpxceiver.h create mode 100755 tools/testing/selftests/bpf/xsk_env.sh create mode 100755 tools/testing/selftests/bpf/xsk_prereqs.sh -- 2.20.1

4 years, 7 months

3
15
0 0

[PATCH v11 0/9] mm: introduce memfd_secret system call to create "secret" memory areas

by Mike Rapoport

From: Mike Rapoport <rppt(a)linux.ibm.com> Hi, This is an implementation of "secret" mappings backed by a file descriptor. The file descriptor backing secret memory mappings is created using a dedicated memfd_secret system call The desired protection mode for the memory is configured using flags parameter of the system call. The mmap() of the file descriptor created with memfd_secret() will create a "secret" memory mapping. The pages in that mapping will be marked as not present in the direct map and will be present only in the page table of the owning mm. Although normally Linux userspace mappings are protected from other users, such secret mappings are useful for environments where a hostile tenant is trying to trick the kernel into giving them access to other tenants mappings. Additionally, in the future the secret mappings may be used as a mean to protect guest memory in a virtual machine host. For demonstration of secret memory usage we've created a userspace library https://git.kernel.org/pub/scm/linux/kernel/git/jejb/secret-memory-preloade… that does two things: the first is act as a preloader for openssl to redirect all the OPENSSL_malloc calls to secret memory meaning any secret keys get automatically protected this way and the other thing it does is expose the API to the user who needs it. We anticipate that a lot of the use cases would be like the openssl one: many toolkits that deal with secret keys already have special handling for the memory to try to give them greater protection, so this would simply be pluggable into the toolkits without any need for user application modification. Hiding secret memory mappings behind an anonymous file allows (ab)use of the page cache for tracking pages allocated for the "secret" mappings as well as using address_space_operations for e.g. page migration callbacks. The anonymous file may be also used implicitly, like hugetlb files, to implement mmap(MAP_SECRET) and use the secret memory areas with "native" mm ABIs in the future. To limit fragmentation of the direct map to splitting only PUD-size pages, I've added an amortizing cache of PMD-size pages to each file descriptor that is used as an allocation pool for the secret memory areas. As the memory allocated by secretmem becomes unmovable, we use CMA to back large page caches so that page allocator won't be surprised by failing attempt to migrate these pages. v11: * Drop support for uncached mappings v10: https://lore.kernel.org/lkml/20201123095432.5860-1-rppt@kernel.org * Drop changes to arm64 compatibility layer * Add Roman's Ack for memcg accounting v9: https://lore.kernel.org/lkml/20201117162932.13649-1-rppt@kernel.org * Fix build with and without CONFIG_MEMCG * Update memcg accounting to avoid copying memcg_data, per Roman comments * Fix issues in secretmem_fault(), thanks Matthew * Do not wire up syscall in arm64 compatibility layer v8: https://lore.kernel.org/lkml/20201110151444.20662-1-rppt@kernel.org * Use CMA for all secretmem allocations as David suggested * Update memcg accounting after transtion to CMA * Prevent hibernation when there are active secretmem users * Add zeroing of the memory before releasing it back to cma/page allocator * Rebase on v5.10-rc2-mmotm-2020-11-07-21-40 v7: https://lore.kernel.org/lkml/20201026083752.13267-1-rppt@kernel.org * Use set_direct_map() instead of __kernel_map_pages() to ensure error handling in case the direct map update fails * Add accounting of large pages used to reduce the direct map fragmentation * Teach get_user_pages() and frieds to refuse get/pin secretmem pages v6: https://lore.kernel.org/lkml/20200924132904.1391-1-rppt@kernel.org * Silence the warning about missing syscall, thanks to Qian Cai * Replace spaces with tabs in Kconfig additions, per Randy * Add a selftest. Older history: v5: https://lore.kernel.org/lkml/20200916073539.3552-1-rppt@kernel.org v4: https://lore.kernel.org/lkml/20200818141554.13945-1-rppt@kernel.org v3: https://lore.kernel.org/lkml/20200804095035.18778-1-rppt@kernel.org v2: https://lore.kernel.org/lkml/20200727162935.31714-1-rppt@kernel.org v1: https://lore.kernel.org/lkml/20200720092435.17469-1-rppt@kernel.org Mike Rapoport (9): mm: add definition of PMD_PAGE_ORDER mmap: make mlock_future_check() global set_memory: allow set_direct_map_*_noflush() for multiple pages mm: introduce memfd_secret system call to create "secret" memory areas secretmem: use PMD-size pages to amortize direct map fragmentation secretmem: add memcg accounting PM: hibernate: disable when there are active secretmem users arch, mm: wire up memfd_secret system call were relevant secretmem: test: add basic selftest for memfd_secret(2) arch/arm64/include/asm/cacheflush.h | 4 +- arch/arm64/include/uapi/asm/unistd.h | 1 + arch/arm64/mm/pageattr.c | 10 +- arch/riscv/include/asm/set_memory.h | 4 +- arch/riscv/include/asm/unistd.h | 1 + arch/riscv/mm/pageattr.c | 8 +- arch/x86/Kconfig | 2 +- arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + arch/x86/include/asm/set_memory.h | 4 +- arch/x86/mm/pat/set_memory.c | 8 +- fs/dax.c | 11 +- include/linux/pgtable.h | 3 + include/linux/secretmem.h | 30 ++ include/linux/set_memory.h | 4 +- include/linux/syscalls.h | 1 + include/uapi/asm-generic/unistd.h | 6 +- include/uapi/linux/magic.h | 1 + kernel/power/hibernate.c | 5 +- kernel/power/snapshot.c | 4 +- kernel/sys_ni.c | 2 + mm/Kconfig | 5 + mm/Makefile | 1 + mm/filemap.c | 3 +- mm/gup.c | 10 + mm/internal.h | 3 + mm/mmap.c | 5 +- mm/secretmem.c | 436 ++++++++++++++++++++++ mm/vmalloc.c | 5 +- scripts/checksyscalls.sh | 4 + tools/testing/selftests/vm/.gitignore | 1 + tools/testing/selftests/vm/Makefile | 3 +- tools/testing/selftests/vm/memfd_secret.c | 298 +++++++++++++++ tools/testing/selftests/vm/run_vmtests | 17 + 34 files changed, 863 insertions(+), 39 deletions(-) create mode 100644 include/linux/secretmem.h create mode 100644 mm/secretmem.c create mode 100644 tools/testing/selftests/vm/memfd_secret.c base-commit: 9f8ce377d420db12b19d6a4f636fecbd88a725a5 -- 2.28.0

4 years, 7 months

2
11
0 0

[PATCH v4 0/2] dma-mapping: provide a benchmark for streaming DMA mapping

by Barry Song

Nowadays, there are increasing requirements to benchmark the performance of dma_map and dma_unmap particually while the device is attached to an IOMMU. This patchset provides the benchmark infrastruture for streaming DMA mapping. The architecture of the code is pretty much similar with GUP benchmark: * mm/gup_benchmark.c provides kernel interface; * tools/testing/selftests/vm/gup_benchmark.c provides user program to call the interface provided by mm/gup_benchmark.c. In our case, kernel/dma/map_benchmark.c is like mm/gup_benchmark.c; tools/testing/selftests/dma/dma_map_benchmark.c is like tools/testing/ selftests/vm/gup_benchmark.c A major difference with GUP benchmark is DMA_MAP benchmark needs to run on a device. Considering one board with below devices and IOMMUs device A ------- IOMMU 1 device B ------- IOMMU 2 device C ------- non-IOMMU Different devices might attach to different IOMMU or non-IOMMU. To make benchmark run, we can either * create a virtual device and hack the kernel code to attach the virtual device to IOMMU1, IOMMU2 or non-IOMMU. * use the existing driver_override mechinism, unbind device A,B, OR c from their original driver and bind A to dma_map_benchmark platform driver or pci driver for benchmarking. In this patchset, I prefer to use the driver_override and avoid the ugly hack in kernel. We can dynamically switch device behind different IOMMUs to get the performance of IOMMU or non-IOMMU. -v4: * add dma direction support according to Christoph Hellwig's comment; * add dma mask bit set according to Christoph Hellwig's comment; * make the benchmark depend on DEBUG_FS according to John Garry's comment; * strictly check parameters in ioctl -v3: * fix build issues reported by 0day kernel test robot -v2: * add PCI support; v1 supported platform devices only * replace ssleep by msleep_interruptible() to permit users to exit benchmark before it is completed * many changes according to Robin's suggestions, thanks! Robin - add standard deviation output to reflect the worst case - check users' parameters strictly like the number of threads - make cache dirty before dma_map - fix unpaired dma_map_page and dma_unmap_single; - remove redundant "long long" before ktime_to_ns(); - use devm_add_action() Barry Song (2): dma-mapping: add benchmark support for streaming DMA APIs selftests/dma: add test application for DMA_MAP_BENCHMARK MAINTAINERS | 6 + kernel/dma/Kconfig | 9 + kernel/dma/Makefile | 1 + kernel/dma/map_benchmark.c | 361 ++++++++++++++++++ tools/testing/selftests/dma/Makefile | 6 + tools/testing/selftests/dma/config | 1 + .../testing/selftests/dma/dma_map_benchmark.c | 123 ++++++ 7 files changed, 507 insertions(+) create mode 100644 kernel/dma/map_benchmark.c create mode 100644 tools/testing/selftests/dma/Makefile create mode 100644 tools/testing/selftests/dma/config create mode 100644 tools/testing/selftests/dma/dma_map_benchmark.c -- 2.25.1

4 years, 7 months

2
3
0 0

[PATCH v10 0/9] mm: introduce memfd_secret system call to create "secret" memory areas

by Mike Rapoport

From: Mike Rapoport <rppt(a)linux.ibm.com> Hi, This is an implementation of "secret" mappings backed by a file descriptor. The file descriptor backing secret memory mappings is created using a dedicated memfd_secret system call The desired protection mode for the memory is configured using flags parameter of the system call. The mmap() of the file descriptor created with memfd_secret() will create a "secret" memory mapping. The pages in that mapping will be marked as not present in the direct map and will have desired protection bits set in the user page table. For instance, current implementation allows uncached mappings. Although normally Linux userspace mappings are protected from other users, such secret mappings are useful for environments where a hostile tenant is trying to trick the kernel into giving them access to other tenants mappings. Additionally, in the future the secret mappings may be used as a mean to protect guest memory in a virtual machine host. For demonstration of secret memory usage we've created a userspace library https://git.kernel.org/pub/scm/linux/kernel/git/jejb/secret-memory-preloade… that does two things: the first is act as a preloader for openssl to redirect all the OPENSSL_malloc calls to secret memory meaning any secret keys get automatically protected this way and the other thing it does is expose the API to the user who needs it. We anticipate that a lot of the use cases would be like the openssl one: many toolkits that deal with secret keys already have special handling for the memory to try to give them greater protection, so this would simply be pluggable into the toolkits without any need for user application modification. Hiding secret memory mappings behind an anonymous file allows (ab)use of the page cache for tracking pages allocated for the "secret" mappings as well as using address_space_operations for e.g. page migration callbacks. The anonymous file may be also used implicitly, like hugetlb files, to implement mmap(MAP_SECRET) and use the secret memory areas with "native" mm ABIs in the future. To limit fragmentation of the direct map to splitting only PUD-size pages, I've added an amortizing cache of PMD-size pages to each file descriptor that is used as an allocation pool for the secret memory areas. As the memory allocated by secretmem becomes unmovable, we use CMA to back large page caches so that page allocator won't be surprised by failing attempt to migrate these pages. v10: * Drop changes to arm64 compatibility layer * Add Roman's Ack for memcg accounting v9: https://lore.kernel.org/lkml/20201117162932.13649-1-rppt@kernel.org * Fix build with and without CONFIG_MEMCG * Update memcg accounting to avoid copying memcg_data, per Roman comments * Fix issues in secretmem_fault(), thanks Matthew * Do not wire up syscall in arm64 compatibility layer v8: https://lore.kernel.org/lkml/20201110151444.20662-1-rppt@kernel.org * Use CMA for all secretmem allocations as David suggested * Update memcg accounting after transtion to CMA * Prevent hibernation when there are active secretmem users * Add zeroing of the memory before releasing it back to cma/page allocator * Rebase on v5.10-rc2-mmotm-2020-11-07-21-40 v7: https://lore.kernel.org/lkml/20201026083752.13267-1-rppt@kernel.org * Use set_direct_map() instead of __kernel_map_pages() to ensure error handling in case the direct map update fails * Add accounting of large pages used to reduce the direct map fragmentation * Teach get_user_pages() and frieds to refuse get/pin secretmem pages v6: https://lore.kernel.org/lkml/20200924132904.1391-1-rppt@kernel.org * Silence the warning about missing syscall, thanks to Qian Cai * Replace spaces with tabs in Kconfig additions, per Randy * Add a selftest. Older history: v5: https://lore.kernel.org/lkml/20200916073539.3552-1-rppt@kernel.org v4: https://lore.kernel.org/lkml/20200818141554.13945-1-rppt@kernel.org v3: https://lore.kernel.org/lkml/20200804095035.18778-1-rppt@kernel.org v2: https://lore.kernel.org/lkml/20200727162935.31714-1-rppt@kernel.org v1: https://lore.kernel.org/lkml/20200720092435.17469-1-rppt@kernel.org Mike Rapoport (9): mm: add definition of PMD_PAGE_ORDER mmap: make mlock_future_check() global set_memory: allow set_direct_map_*_noflush() for multiple pages mm: introduce memfd_secret system call to create "secret" memory areas secretmem: use PMD-size pages to amortize direct map fragmentation secretmem: add memcg accounting PM: hibernate: disable when there are active secretmem users arch, mm: wire up memfd_secret system call were relevant secretmem: test: add basic selftest for memfd_secret(2) arch/Kconfig | 7 + arch/arm64/include/asm/cacheflush.h | 4 +- arch/arm64/include/uapi/asm/unistd.h | 1 + arch/arm64/mm/pageattr.c | 10 +- arch/riscv/include/asm/set_memory.h | 4 +- arch/riscv/include/asm/unistd.h | 1 + arch/riscv/mm/pageattr.c | 8 +- arch/x86/Kconfig | 1 + arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + arch/x86/include/asm/set_memory.h | 4 +- arch/x86/mm/pat/set_memory.c | 8 +- fs/dax.c | 11 +- include/linux/pgtable.h | 3 + include/linux/secretmem.h | 30 ++ include/linux/set_memory.h | 4 +- include/linux/syscalls.h | 1 + include/uapi/asm-generic/unistd.h | 6 +- include/uapi/linux/magic.h | 1 + include/uapi/linux/secretmem.h | 8 + kernel/power/hibernate.c | 5 +- kernel/power/snapshot.c | 4 +- kernel/sys_ni.c | 2 + mm/Kconfig | 5 + mm/Makefile | 1 + mm/filemap.c | 3 +- mm/gup.c | 10 + mm/internal.h | 3 + mm/mmap.c | 5 +- mm/secretmem.c | 446 ++++++++++++++++++++++ mm/vmalloc.c | 5 +- scripts/checksyscalls.sh | 4 + tools/testing/selftests/vm/.gitignore | 1 + tools/testing/selftests/vm/Makefile | 3 +- tools/testing/selftests/vm/memfd_secret.c | 298 +++++++++++++++ tools/testing/selftests/vm/run_vmtests | 17 + 36 files changed, 888 insertions(+), 38 deletions(-) create mode 100644 include/linux/secretmem.h create mode 100644 include/uapi/linux/secretmem.h create mode 100644 mm/secretmem.c create mode 100644 tools/testing/selftests/vm/memfd_secret.c base-commit: 9f8ce377d420db12b19d6a4f636fecbd88a725a5 -- 2.28.0

4 years, 7 months

3
12
0 0

[PATCH v24 00/12] Landlock LSM

by Mickaël Salaün

Hi, This patch series simplifies the code, makes stacked access-control more consistent (from the user point of view), properly handles memory allocation errors, and adds more tests (covering layered ruleset corner cases). Most of these changes were sent as a separate patch series: https://lore.kernel.org/lkml/20201111213442.434639-1-mic@digikod.net/ James and Jann, could you please take a look at the main changes (patches 2, 7 and 8)? The SLOC count is 1185 for security/landlock/ and 1767 for tools/testing/selftest/landlock/ . Test coverage for security/landlock/ is 94.8% of lines. The code not covered only deals with internal kernel errors (e.g. memory allocation) and race conditions. The compiled documentation is available here: https://landlock.io/linux-doc/landlock-v24/userspace-api/landlock.html This series can be applied on top of v5.10-rc3 . This can be tested with CONFIG_SECURITY_LANDLOCK, CONFIG_SAMPLE_LANDLOCK and by prepending "landlock," to CONFIG_LSM. This patch series can be found in a Git repository here: https://github.com/landlock-lsm/linux/commits/landlock-v24 I would really appreciate constructive comments on this patch series. # Landlock LSM The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM [1], it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user-space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves. Landlock is inspired by seccomp-bpf but instead of filtering syscalls and their raw arguments, a Landlock rule can restrict the use of kernel objects like file hierarchies, according to the kernel semantic. Landlock also takes inspiration from other OS sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD Pledge/Unveil. In this current form, Landlock misses some access-control features. This enables to minimize this patch series and ease review. This series still addresses multiple use cases, especially with the combined use of seccomp-bpf: applications with built-in sandboxing, init systems, security sandbox tools and security-oriented APIs [2]. Previous version: https://lore.kernel.org/lkml/20201103182109.1014179-1-mic@digikod.net/ [1] https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler… [2] https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.n… Casey Schaufler (1): LSM: Infrastructure management of the superblock Mickaël Salaün (11): landlock: Add object management landlock: Add ruleset and domain management landlock: Set up the security framework and manage credentials landlock: Add ptrace restrictions fs,security: Add sb_delete hook landlock: Support filesystem access-control landlock: Add syscall implementations arch: Wire up Landlock syscalls selftests/landlock: Add user space tests samples/landlock: Add a sandbox manager example landlock: Add user and kernel documentation Documentation/security/index.rst | 1 + Documentation/security/landlock.rst | 79 + Documentation/userspace-api/index.rst | 1 + Documentation/userspace-api/landlock.rst | 275 +++ MAINTAINERS | 13 + arch/Kconfig | 7 + arch/alpha/kernel/syscalls/syscall.tbl | 3 + arch/arm/tools/syscall.tbl | 3 + arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 6 + arch/ia64/kernel/syscalls/syscall.tbl | 3 + arch/m68k/kernel/syscalls/syscall.tbl | 3 + arch/microblaze/kernel/syscalls/syscall.tbl | 3 + arch/mips/kernel/syscalls/syscall_n32.tbl | 3 + arch/mips/kernel/syscalls/syscall_n64.tbl | 3 + arch/mips/kernel/syscalls/syscall_o32.tbl | 3 + arch/parisc/kernel/syscalls/syscall.tbl | 3 + arch/powerpc/kernel/syscalls/syscall.tbl | 3 + arch/s390/kernel/syscalls/syscall.tbl | 3 + arch/sh/kernel/syscalls/syscall.tbl | 3 + arch/sparc/kernel/syscalls/syscall.tbl | 3 + arch/um/Kconfig | 1 + arch/x86/entry/syscalls/syscall_32.tbl | 3 + arch/x86/entry/syscalls/syscall_64.tbl | 3 + arch/xtensa/kernel/syscalls/syscall.tbl | 3 + fs/super.c | 1 + include/linux/lsm_hook_defs.h | 1 + include/linux/lsm_hooks.h | 3 + include/linux/security.h | 4 + include/linux/syscalls.h | 7 + include/uapi/asm-generic/unistd.h | 8 +- include/uapi/linux/landlock.h | 128 ++ kernel/sys_ni.c | 5 + samples/Kconfig | 7 + samples/Makefile | 1 + samples/landlock/.gitignore | 1 + samples/landlock/Makefile | 15 + samples/landlock/sandboxer.c | 236 +++ security/Kconfig | 11 +- security/Makefile | 2 + security/landlock/Kconfig | 21 + security/landlock/Makefile | 4 + security/landlock/common.h | 20 + security/landlock/cred.c | 46 + security/landlock/cred.h | 58 + security/landlock/fs.c | 608 ++++++ security/landlock/fs.h | 60 + security/landlock/object.c | 67 + security/landlock/object.h | 91 + security/landlock/ptrace.c | 120 ++ security/landlock/ptrace.h | 14 + security/landlock/ruleset.c | 361 ++++ security/landlock/ruleset.h | 158 ++ security/landlock/setup.c | 40 + security/landlock/setup.h | 18 + security/landlock/syscall.c | 426 ++++ security/security.c | 51 +- security/selinux/hooks.c | 58 +- security/selinux/include/objsec.h | 6 + security/selinux/ss/services.c | 3 +- security/smack/smack.h | 6 + security/smack/smack_lsm.c | 35 +- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/landlock/.gitignore | 2 + tools/testing/selftests/landlock/Makefile | 24 + tools/testing/selftests/landlock/base_test.c | 117 ++ tools/testing/selftests/landlock/common.h | 113 + tools/testing/selftests/landlock/config | 5 + tools/testing/selftests/landlock/fs_test.c | 1824 +++++++++++++++++ .../testing/selftests/landlock/ptrace_test.c | 307 +++ tools/testing/selftests/landlock/true.c | 5 + 71 files changed, 5455 insertions(+), 77 deletions(-) create mode 100644 Documentation/security/landlock.rst create mode 100644 Documentation/userspace-api/landlock.rst create mode 100644 include/uapi/linux/landlock.h create mode 100644 samples/landlock/.gitignore create mode 100644 samples/landlock/Makefile create mode 100644 samples/landlock/sandboxer.c create mode 100644 security/landlock/Kconfig create mode 100644 security/landlock/Makefile create mode 100644 security/landlock/common.h create mode 100644 security/landlock/cred.c create mode 100644 security/landlock/cred.h create mode 100644 security/landlock/fs.c create mode 100644 security/landlock/fs.h create mode 100644 security/landlock/object.c create mode 100644 security/landlock/object.h create mode 100644 security/landlock/ptrace.c create mode 100644 security/landlock/ptrace.h create mode 100644 security/landlock/ruleset.c create mode 100644 security/landlock/ruleset.h create mode 100644 security/landlock/setup.c create mode 100644 security/landlock/setup.h create mode 100644 security/landlock/syscall.c create mode 100644 tools/testing/selftests/landlock/.gitignore create mode 100644 tools/testing/selftests/landlock/Makefile create mode 100644 tools/testing/selftests/landlock/base_test.c create mode 100644 tools/testing/selftests/landlock/common.h create mode 100644 tools/testing/selftests/landlock/config create mode 100644 tools/testing/selftests/landlock/fs_test.c create mode 100644 tools/testing/selftests/landlock/ptrace_test.c create mode 100644 tools/testing/selftests/landlock/true.c base-commit: f8394f232b1eab649ce2df5c5f15b0e528c92091 -- 2.29.2

4 years, 7 months

3
26
0 0

[PATCH] Documentation: kunit: provide guidance for testing many inputs

by Daniel Latypov

usage.rst goes into a detailed about faking out classes, but currently lacks wording about how one might idiomatically test a range of inputs. Give an example of how one might test a hash function via macros/helper funcs and a table-driven test and very briefly discuss pros and cons. Also highlight the KUNIT_EXPECT_*_MSG() variants (that aren't mentioned elsewhere [1]) which are particularly useful in these situations. It is also criminally underused at the moment, only appearing in 2 tests (both written by people involved in KUnit). [1] not even on https://www.kernel.org/doc/html/latest/dev-tools/kunit/api/test.html Signed-off-by: Daniel Latypov <dlatypov(a)google.com> --- Documentation/dev-tools/kunit/usage.rst | 66 +++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/Documentation/dev-tools/kunit/usage.rst b/Documentation/dev-tools/kunit/usage.rst index 62142a47488c..317390df2b96 100644 --- a/Documentation/dev-tools/kunit/usage.rst +++ b/Documentation/dev-tools/kunit/usage.rst @@ -451,6 +451,72 @@ We can now use it to test ``struct eeprom_buffer``: destroy_eeprom_buffer(ctx->eeprom_buffer); } +Testing various inputs +---------------------- + +Testing just a few inputs might not be enough to have confidence that the code +works correctly, e.g. for a hash function. + +In such cases, it can be helpful to have a helper macro or function, e.g. this +fictitious example for ``md5sum(1)`` + +.. code-block:: c + + /* Note: the cast is to satisfy overly strict type-checking. */ + #define TEST_MD5(in, want) \ + md5sum(in, out); \ + KUNIT_EXPECT_STREQ_MSG(test, (char *)out, want, "md5sum(%s)", in); + + char out[16]; + TEST_MD5("hello world", "5eb63bbbe01eeed093cb22bb8f5acdc3"); + TEST_MD5("hello world!", "fc3ff98e8c6a0d3087d515c0473f8677"); + +Note the use of ``KUNIT_EXPECT_STREQ_MSG`` to give more context when it fails +and make it easier to track down. (Yes, in this example, ``want`` is likely +going to be unique enough on its own). + +The ``_MSG`` variants are even more useful when the same expectation is called +multiple times (in a loop or helper function) and thus the line number isn't +enough to identify what failed, like below. + +In some cases, it can be helpful to write a *table-driven test* instead, e.g. + +.. code-block:: c + + int i; + char out[16]; + + struct md5_test_case { + const char *str; + const char *md5; + }; + + struct md5_test_case cases[] = { + { + .str = "hello world", + .md5 = "5eb63bbbe01eeed093cb22bb8f5acdc3", + }, + { + .str = "hello world!", + .md5 = "fc3ff98e8c6a0d3087d515c0473f8677", + }, + }; + for (i = 0; i < ARRAY_SIZE(cases); ++i) { + md5sum(cases[i].str, out); + KUNIT_EXPECT_STREQ_MSG(test, (char *)out, cases[i].md5, + "md5sum(%s)", cases[i].str); + } + + +There's more boilerplate involved, but it can: + +* be more readable when there are multiple inputs/outputs thanks to field names, + + * E.g. see ``fs/ext4/inode-test.c`` for an example of both. +* reduce duplication if test cases can be shared across multiple tests. + + * E.g. if we had a magical ``undo_md5sum`` function, we could reuse ``cases``. + .. _kunit-on-non-uml: KUnit on non-UML architectures base-commit: 77c8473edf7f7664137f555cfcdc8c460bbd947d -- 2.29.1.341.ge80a0c044ae-goog

4 years, 7 months

3
4
0 0

[PATCH v7 0/7] Syscall User Dispatch

by Gabriel Krisman Bertazi

Hi, This is the v7 of syscall user dispatch. This version is a bit different from v6 on the following points, after the modifications requested on that submission. * The interface no longer receives <start>,<end> end parameters, but <start>,<length> as suggested by PeterZ. * Syscall User Dispatch is now done before ptrace, and this means there is some SYSCALL_WORK_EXIT work that needs to be done. No challenges there, but I'd like to draw attention to that region of the code that is new in this submission. * The previous TIF_SYSCALL_USER_DISPATCH is now handled through SYSCALL_WORK flags. * Introduced a new test as patch 6, which benchmarks the fast submission path and test the return in blocked selector state. * Nothing is architecture dependent anymore. No config switches. It only depends on CONFIG_GENERIC_ENTRY. Other smaller changes are documented one each commit. This was tested using the kselftests tests in patch 5 and 6 and compiled tested with !CONFIG_GENERIC_ENTRY. This patchset is based on the core/entry branch of the TIP tree. A working tree with this patchset is available at: https://gitlab.collabora.com/krisman/linux -b syscall-user-dispatch-v7 Previous submissions are archived at: RFC/v1: https://lkml.org/lkml/2020/7/8/96 v2: https://lkml.org/lkml/2020/7/9/17 v3: https://lkml.org/lkml/2020/7/12/4 v4: https://www.spinics.net/lists/linux-kselftest/msg16377.html v5: https://lkml.org/lkml/2020/8/10/1320 v6: https://lkml.org/lkml/2020/9/4/1122 Gabriel Krisman Bertazi (7): x86: vdso: Expose sigreturn address on vdso to the kernel signal: Expose SYS_USER_DISPATCH si_code type kernel: Implement selective syscall userspace redirection entry: Support Syscall User Dispatch on common syscall entry selftests: Add kselftest for syscall user dispatch selftests: Add benchmark for syscall user dispatch docs: Document Syscall User Dispatch .../admin-guide/syscall-user-dispatch.rst | 87 +++++ arch/x86/entry/vdso/vdso2c.c | 2 + arch/x86/entry/vdso/vdso32/sigreturn.S | 2 + arch/x86/entry/vdso/vma.c | 15 + arch/x86/include/asm/elf.h | 2 + arch/x86/include/asm/vdso.h | 2 + arch/x86/kernel/signal_compat.c | 2 +- fs/exec.c | 3 + include/linux/entry-common.h | 2 + include/linux/sched.h | 2 + include/linux/syscall_user_dispatch.h | 40 +++ include/linux/thread_info.h | 2 + include/uapi/asm-generic/siginfo.h | 3 +- include/uapi/linux/prctl.h | 5 + kernel/entry/Makefile | 2 +- kernel/entry/common.c | 17 + kernel/entry/common.h | 16 + kernel/entry/syscall_user_dispatch.c | 102 ++++++ kernel/fork.c | 1 + kernel/sys.c | 5 + tools/testing/selftests/Makefile | 1 + .../syscall_user_dispatch/.gitignore | 3 + .../selftests/syscall_user_dispatch/Makefile | 9 + .../selftests/syscall_user_dispatch/config | 1 + .../syscall_user_dispatch/sud_benchmark.c | 200 +++++++++++ .../syscall_user_dispatch/sud_test.c | 310 ++++++++++++++++++ 26 files changed, 833 insertions(+), 3 deletions(-) create mode 100644 Documentation/admin-guide/syscall-user-dispatch.rst create mode 100644 include/linux/syscall_user_dispatch.h create mode 100644 kernel/entry/common.h create mode 100644 kernel/entry/syscall_user_dispatch.c create mode 100644 tools/testing/selftests/syscall_user_dispatch/.gitignore create mode 100644 tools/testing/selftests/syscall_user_dispatch/Makefile create mode 100644 tools/testing/selftests/syscall_user_dispatch/config create mode 100644 tools/testing/selftests/syscall_user_dispatch/sud_benchmark.c create mode 100644 tools/testing/selftests/syscall_user_dispatch/sud_test.c -- 2.29.2

4 years, 7 months

5
18
0 0

[PATCH] selftests/seccomp: sh: Fix register names

by Kees Cook

It looks like the seccomp selftests were never actually built for sh. This fixes it, though I don't have an environment to do a runtime test of it yet. Fixes: 0bb605c2c7f2b4b3 ("sh: Add SECCOMP_FILTER") Signed-off-by: Kees Cook <keescook(a)chromium.org> --- tools/testing/selftests/seccomp/seccomp_bpf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/seccomp/seccomp_bpf.c b/tools/testing/selftests/seccomp/seccomp_bpf.c index 7f7ecfcd66db..26c72f2b61b1 100644 --- a/tools/testing/selftests/seccomp/seccomp_bpf.c +++ b/tools/testing/selftests/seccomp/seccomp_bpf.c @@ -1804,8 +1804,8 @@ TEST_F(TRACE_poke, getpid_runs_normally) #define SYSCALL_RET(_regs) (_regs).a[(_regs).windowbase * 4 + 2] #elif defined(__sh__) # define ARCH_REGS struct pt_regs -# define SYSCALL_NUM(_regs) (_regs).gpr[3] -# define SYSCALL_RET(_regs) (_regs).gpr[0] +# define SYSCALL_NUM(_regs) (_regs).regs[3] +# define SYSCALL_RET(_regs) (_regs).regs[0] #else # error "Do not know how to find your architecture's registers and syscalls" #endif -- 2.25.1

4 years, 7 months

2
5
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror