- Linux-kselftest-mirror - lists.linaro.org

[PATCH] kunit: tool: Accept --raw_output=full as an alias of 'all'

by David Gow

I can never remember whether --raw_output takes 'all' or 'full'. No reason we can't support both. For the record, 'all' is the recommended, documented option. Signed-off-by: David Gow <davidgow(a)google.com> --- tools/testing/kunit/kunit.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/kunit/kunit.py b/tools/testing/kunit/kunit.py index 7f9ae55fd6d5..cd99c1956331 100755 --- a/tools/testing/kunit/kunit.py +++ b/tools/testing/kunit/kunit.py @@ -228,7 +228,7 @@ def parse_tests(request: KunitParseRequest, metadata: kunit_json.Metadata, input fake_test.counts.passed = 1 output: Iterable[str] = input_data - if request.raw_output == 'all': + if request.raw_output == 'all' or request.raw_output == 'full': pass elif request.raw_output == 'kunit': output = kunit_parser.extract_tap_lines(output) @@ -425,7 +425,7 @@ def add_parse_opts(parser: argparse.ArgumentParser) -> None: parser.add_argument('--raw_output', help='If set don\'t parse output from kernel. ' 'By default, filters to just KUnit output. Use ' '--raw_output=all to show everything', - type=str, nargs='?', const='all', default=None, choices=['all', 'kunit']) + type=str, nargs='?', const='all', default=None, choices=['all', 'full', 'kunit']) parser.add_argument('--json', nargs='?', help='Prints parsed test results as JSON to stdout or a file if ' -- 2.50.1.552.g942d659e1b-goog

3 months, 3 weeks

2
1
0 0

Re: [PATCH] selftests: timers: improve adjtick output readability

by Thomas Gleixner

Vishal! On Wed, Jul 30 2025 at 23:35, Vishal Parmar wrote: Please do not top-post and trim your replies. > The intent behind this change is to make output useful as is. > for example, to provide a performance report in case of regression. The point John was making: >> So it might be worth looking into getting the output to be happy with >> TAP while you're tweaking things here. The kernel selftests are converting over to standardized TAP output format, which is intended to aid automated testing. So if we change the outpot format of this test, then we switch it over to TAP format and do not invent yet another randomized output scheme. > CSV format is also a good alternative if the maintainer prefers that. The most important information is whether the test succeeded or not and CSV format is not helping either to conform with the test output standards. For the success case, the actual numbers are uninteresting. In the failure case it's sufficient to emit: ksft_test_result_fail("Req: NNNN, Exp: $MMMM, Res: $LLLL\n", ...); In case of regressions (fail), a report providing this output is good enough for the relevant maintainer/developer to start investigating. No? Thanks, tglx

3 months, 3 weeks

2
1
0 0

[PATCH] selftests: ALSA: fix memory leak in utimer test

by WangYuli

Free the malloc'd buffer in TEST_F(timer_f, utimer) to prevent memory leak. Reported-by: Jun Zhan <zhanjun(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- tools/testing/selftests/alsa/utimer-test.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/alsa/utimer-test.c b/tools/testing/selftests/alsa/utimer-test.c index 32ee3ce57721..37964f311a33 100644 --- a/tools/testing/selftests/alsa/utimer-test.c +++ b/tools/testing/selftests/alsa/utimer-test.c @@ -135,6 +135,7 @@ TEST_F(timer_f, utimer) { pthread_join(ticking_thread, NULL); ASSERT_EQ(total_ticks, TICKS_COUNT); pclose(rfp); + free(buf); } TEST(wrong_timers_test) { -- 2.50.1

3 months, 3 weeks

2
1
0 0

Crediting test authors

by Jakub Kicinski

Hi! Does anyone have ideas about crediting test authors or tests for bugs discovered? We increasingly see situations where someone adds a test then our subsystem CI uncovers a (1 in a 100 runs) bug using that test. Using reported-by doesn't feel right. But credit should go to the person who wrote the test. Is anyone else having this dilemma?

3 months, 3 weeks

5
9
0 0

[PATCH RFC v2 0/4] procfs: make reference pidns more user-visible

by Aleksa Sarai

Ever since the introduction of pid namespaces, procfs has had very implicit behaviour surrounding them (the pidns used by a procfs mount is auto-selected based on the mounting process's active pidns, and the pidns itself is basically hidden once the mount has been constructed). /* pidns mount option for procfs */ This implicit behaviour has historically meant that userspace was required to do some special dances in order to configure the pidns of a procfs mount as desired. Examples include: * In order to bypass the mnt_too_revealing() check, Kubernetes creates a procfs mount from an empty pidns so that user namespaced containers can be nested (without this, the nested containers would fail to mount procfs). But this requires forking off a helper process because you cannot just one-shot this using mount(2). * Container runtimes in general need to fork into a container before configuring its mounts, which can lead to security issues in the case of shared-pidns containers (a privileged process in the pidns can interact with your container runtime process). While SUID_DUMP_DISABLE and user namespaces make this less of an issue, the strict need for this due to a minor uAPI wart is kind of unfortunate. Things would be much easier if there was a way for userspace to just specify the pidns they want. Patch 1 implements a new "pidns" argument which can be set using fsconfig(2): fsconfig(procfd, FSCONFIG_SET_FD, "pidns", NULL, nsfd); fsconfig(procfd, FSCONFIG_SET_STRING, "pidns", "/proc/self/ns/pid", 0); or classic mount(2) / mount(8): // mount -t proc -o pidns=/proc/self/ns/pid proc /tmp/proc mount("proc", "/tmp/proc", "proc", MS_..., "pidns=/proc/self/ns/pid"); The initial security model I have in this RFC is to be as conservative as possible and just mirror the security model for setns(2) -- which means that you can only set pidns=... to pid namespaces that your current pid namespace is a direct ancestor of and you have CAP_SYS_ADMIN privileges over the pid namespace. This fulfils the requirements of container runtimes, but I suspect that this may be too strict for some usecases. The pidns argument is not displayed in mountinfo -- it's not clear to me what value it would make sense to show (maybe we could just use ns_dname to provide an identifier for the namespace, but this number would be fairly useless to userspace). I'm open to suggestions. Note that PROCFS_GET_PID_NAMESPACE (see below) does at least let userspace get information about this outside of mountinfo. /* ioctl(PROCFS_GET_PID_NAMESPACE) */ In addition, being able to figure out what pid namespace is being used by a procfs mount is quite useful when you have an administrative process (such as a container runtime) which wants to figure out the correct way of mapping PIDs between its own namespace and the namespace for procfs (using NS_GET_{PID,TGID}_{IN,FROM}_PIDNS). There are alternative ways to do this, but they all rely on ancillary information that third-party libraries and tools do not necessarily have access to. To make this easier, add a new ioctl (PROCFS_GET_PID_NAMESPACE) which can be used to get a reference to the pidns that a procfs is using. It's not quite clear what is the correct security model for this API, but the current approach I've taken is to: * Make the ioctl only valid on the root (meaning that a process without access to the procfs root -- such as only having an fd to a procfs file or some open_tree(2)-like subset -- cannot use this API). * Require that the process requesting either has access to /proc/1/ns/pid anyway (i.e. has ptrace-read access to the pidns pid1), has CAP_SYS_ADMIN access to the pidns (i.e. has administrative access to it and can join it if they had a handle), or is in a pidns that is a direct ancestor of the target pidns (i.e. all of the pids are already visible in the procfs for the current process's pidns). The security model for this is a little loose, as it seems to me that all of the cases mentioned are valid cases to allow access, but I'm open to suggestions for whether we need to make this stricter or looser. Signed-off-by: Aleksa Sarai <cyphar(a)cyphar.com> --- Changes in v2: - #ifdef CONFIG_PID_NS - Improve cover letter wording to make it clear we're talking about two separate features with different permission models. [Andy Lutomirski] - Fix build warnings in pidns_is_ancestor() patch. [kernel test robot] - v1: <https://lore.kernel.org/r/20250721-procfs-pidns-api-v1-0-5cd9007e512d@cypha…> --- Aleksa Sarai (4): pidns: move is-ancestor logic to helper procfs: add "pidns" mount option procfs: add PROCFS_GET_PID_NAMESPACE ioctl selftests/proc: add tests for new pidns APIs Documentation/filesystems/proc.rst | 10 ++ fs/proc/root.c | 144 ++++++++++++++- include/linux/pid_namespace.h | 9 + include/uapi/linux/fs.h | 3 + kernel/pid_namespace.c | 23 ++- tools/testing/selftests/proc/.gitignore | 1 + tools/testing/selftests/proc/Makefile | 1 + tools/testing/selftests/proc/proc-pidns.c | 286 ++++++++++++++++++++++++++++++ 8 files changed, 461 insertions(+), 16 deletions(-) --- base-commit: 4c838c7672c39ec6ec48456c6ce22d14a68f4cda change-id: 20250717-procfs-pidns-api-8ed1583431f0 Best regards, -- Aleksa Sarai <cyphar(a)cyphar.com>

3 months, 3 weeks

2
12
0 0

[PATCH v2] selftests/bpf: Add missing kfunc declarations to fix build errors

by Jiawei Zhao

A number of BPF selftests that utilize kernel functions (kfuncs) fail to build due to missing function prototypes. This results in compilation errors, as implicit function declarations are treated as errors: error: call to undeclared function 'bpf_copy_from_user_task_str'; ISO C99 and later do not support implicit function declarations Unlike BPF helpers, kfuncs are not automatically available to BPF programs and must be explicitly declared before use. To resolve this, centralize all the necessary kfunc declarations into the `bpf_kfuncs.h` header file. This header is then included in all the test programs that were previously missing these declarations. This approach also allows for the removal of redundant local `extern` declarations from individual source files (e.g., in `irq.c`), leading to cleaner and more maintainable code. Change since v1: - Add a kfunc declaration for __bpf_trap in bpf_kfuncs.h Signed-off-by: Jiawei Zhao <phoenix500526(a)163.com> --- tools/testing/selftests/bpf/bpf_kfuncs.h | 65 +++++++++++++++++++ .../selftests/bpf/progs/bpf_iter_tasks.c | 1 + .../bpf/progs/bpf_qdisc_fail__incompl_ops.c | 1 + .../selftests/bpf/progs/bpf_qdisc_fifo.c | 1 + .../selftests/bpf/progs/bpf_qdisc_fq.c | 1 + .../selftests/bpf/progs/cgroup_read_xattr.c | 1 + .../testing/selftests/bpf/progs/dmabuf_iter.c | 1 + .../selftests/bpf/progs/dynptr_success.c | 1 + tools/testing/selftests/bpf/progs/irq.c | 6 +- .../selftests/bpf/progs/linked_list_peek.c | 1 + .../selftests/bpf/progs/rbtree_search.c | 1 + .../selftests/bpf/progs/rcu_read_lock.c | 1 + .../selftests/bpf/progs/read_cgroupfs_xattr.c | 1 + .../selftests/bpf/progs/res_spin_lock.c | 1 + .../selftests/bpf/progs/res_spin_lock_fail.c | 1 + .../struct_ops_refcounted_fail__tail_call.c | 1 + .../selftests/bpf/progs/test_spin_lock_fail.c | 1 + .../selftests/bpf/progs/verifier_bpf_trap.c | 1 + 18 files changed, 82 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/bpf/bpf_kfuncs.h b/tools/testing/selftests/bpf/bpf_kfuncs.h index 8215c9b3115e..a08c865b737a 100644 --- a/tools/testing/selftests/bpf/bpf_kfuncs.h +++ b/tools/testing/selftests/bpf/bpf_kfuncs.h @@ -2,6 +2,7 @@ #define __BPF_KFUNCS__ struct bpf_sock_addr_kern; +struct bpf_res_spin_lock; /* Description * Initializes an skb-type dynptr @@ -42,6 +43,28 @@ extern bool bpf_dynptr_is_null(const struct bpf_dynptr *ptr) __ksym __weak; extern bool bpf_dynptr_is_rdonly(const struct bpf_dynptr *ptr) __ksym __weak; extern __u32 bpf_dynptr_size(const struct bpf_dynptr *ptr) __ksym __weak; extern int bpf_dynptr_clone(const struct bpf_dynptr *ptr, struct bpf_dynptr *clone__init) __ksym __weak; +extern int bpf_dynptr_copy(struct bpf_dynptr *dst_ptr, __u32 dst_off, struct bpf_dynptr *src_ptr, + __u32 src_off, __u32 size) __ksym __weak; +extern int bpf_probe_read_user_dynptr(struct bpf_dynptr *dptr, __u32 off, + __u32 size, const void *unsafe_ptr__ign) __ksym __weak; +extern int bpf_probe_read_kernel_dynptr(struct bpf_dynptr *dptr, __u32 off, + __u32 size, const void *unsafe_ptr__ign) __ksym __weak; +extern int bpf_probe_read_user_str_dynptr(struct bpf_dynptr *dptr, __u32 off, + __u32 size, const void *unsafe_ptr__ign) __ksym __weak; +extern int bpf_probe_read_kernel_str_dynptr(struct bpf_dynptr *dptr, __u32 off, + __u32 size, const void *unsafe_ptr__ign) __ksym __weak; +extern int bpf_copy_from_user_dynptr(struct bpf_dynptr *dptr, __u32 off, + __u32 size, const void *unsafe_ptr__ign) __ksym __weak; +extern int bpf_copy_from_user_str_dynptr(struct bpf_dynptr *dptr, __u32 off, + __u32 size, const void *unsafe_ptr__ign) __ksym __weak; +extern int bpf_copy_from_user_task_dynptr(struct bpf_dynptr *dptr, __u32 off, + __u32 size, const void *unsafe_ptr__ign, + struct task_struct *tsk) __ksym __weak; +extern int bpf_copy_from_user_task_str_dynptr(struct bpf_dynptr *dptr, __u32 off, + __u32 size, const void *unsafe_ptr__ign, + struct task_struct *tsk) __ksym __weak; +extern int bpf_copy_from_user_task_str(void *dst, __u32, const void *, + struct task_struct *, __u64) __ksym __weak; /* Description * Modify the address of a AF_UNIX sockaddr. @@ -92,4 +115,46 @@ extern int bpf_set_dentry_xattr(struct dentry *dentry, const char *name__str, const struct bpf_dynptr *value_p, int flags) __ksym __weak; extern int bpf_remove_dentry_xattr(struct dentry *dentry, const char *name__str) __ksym __weak; +extern void bpf_local_irq_save(unsigned long *) __ksym __weak; +extern void bpf_local_irq_restore(unsigned long *) __ksym __weak; +extern int bpf_copy_from_user_str(void *dst, __u32 dst__sz, + const void *unsafe_ptr__ign, __u64 flags) __ksym __weak; +extern int bpf_res_spin_lock_irqsave(struct bpf_res_spin_lock *lock, + unsigned long *flags__irq_flag) __ksym __weak; +extern void bpf_res_spin_unlock_irqrestore(struct bpf_res_spin_lock *lock, + unsigned long *flags__irq_flag) __ksym __weak; +extern int bpf_res_spin_lock(struct bpf_res_spin_lock *lock) __ksym __weak; +extern void bpf_res_spin_unlock(struct bpf_res_spin_lock *lock) __ksym __weak; + +extern struct bpf_list_node *bpf_list_front(struct bpf_list_head *head) __ksym __weak; +extern struct bpf_list_node *bpf_list_back(struct bpf_list_head *head) __ksym __weak; + +struct bpf_sk_buff_ptr; +struct sk_buff; +struct Qdisc; + +extern void bpf_qdisc_skb_drop(struct sk_buff *skb, + struct bpf_sk_buff_ptr *to_free_list) __ksym __weak; +extern void bpf_qdisc_bstats_update(struct Qdisc *sch, const struct sk_buff *skb) __ksym __weak; +extern void bpf_kfree_skb(struct sk_buff *skb) __ksym __weak; +extern __u32 bpf_skb_get_hash(struct sk_buff *) __ksym __weak; +extern void bpf_qdisc_watchdog_schedule(struct Qdisc *sch, __u64 expire, + __u64 delta_ns) __ksym __weak; + +extern struct cgroup *bpf_cgroup_from_id(__u64 cgid) __ksym __weak; +extern void bpf_cgroup_release(struct cgroup *cgrp) __ksym __weak; +extern void bpf_rcu_read_lock(void) __ksym __weak; +extern void bpf_rcu_read_unlock(void) __ksym __weak; +extern struct cgroup *bpf_cgroup_ancestor(struct cgroup *cgrp, int level) __ksym __weak; + + +extern struct bpf_rb_node *bpf_rbtree_root(struct bpf_rb_root *root) __ksym __weak; +extern struct bpf_rb_node *bpf_rbtree_left(struct bpf_rb_root *root, + struct bpf_rb_node *node) __ksym __weak; +extern struct bpf_rb_node *bpf_rbtree_right(struct bpf_rb_root *root, + struct bpf_rb_node *node) __ksym __weak; + +extern void bpf_task_release(struct task_struct *p) __ksym __weak; +extern void __bpf_trap(void) __ksym __weak; + #endif diff --git a/tools/testing/selftests/bpf/progs/bpf_iter_tasks.c b/tools/testing/selftests/bpf/progs/bpf_iter_tasks.c index 966ee5a7b066..63daf05366df 100644 --- a/tools/testing/selftests/bpf/progs/bpf_iter_tasks.c +++ b/tools/testing/selftests/bpf/progs/bpf_iter_tasks.c @@ -3,6 +3,7 @@ #include <vmlinux.h> #include <bpf/bpf_helpers.h> #include <bpf/bpf_tracing.h> +#include "bpf_kfuncs.h" char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/bpf_qdisc_fail__incompl_ops.c b/tools/testing/selftests/bpf/progs/bpf_qdisc_fail__incompl_ops.c index f188062ed730..7f1a5a1b5dac 100644 --- a/tools/testing/selftests/bpf/progs/bpf_qdisc_fail__incompl_ops.c +++ b/tools/testing/selftests/bpf/progs/bpf_qdisc_fail__incompl_ops.c @@ -3,6 +3,7 @@ #include <vmlinux.h> #include "bpf_experimental.h" #include "bpf_qdisc_common.h" +#include "bpf_kfuncs.h" char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/bpf_qdisc_fifo.c b/tools/testing/selftests/bpf/progs/bpf_qdisc_fifo.c index 1de2be3e370b..9ae41518d578 100644 --- a/tools/testing/selftests/bpf/progs/bpf_qdisc_fifo.c +++ b/tools/testing/selftests/bpf/progs/bpf_qdisc_fifo.c @@ -3,6 +3,7 @@ #include <vmlinux.h> #include "bpf_experimental.h" #include "bpf_qdisc_common.h" +#include "bpf_kfuncs.h" char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/bpf_qdisc_fq.c b/tools/testing/selftests/bpf/progs/bpf_qdisc_fq.c index 1a3233a275c7..f86981bc2a09 100644 --- a/tools/testing/selftests/bpf/progs/bpf_qdisc_fq.c +++ b/tools/testing/selftests/bpf/progs/bpf_qdisc_fq.c @@ -37,6 +37,7 @@ #include <bpf/bpf_helpers.h> #include "bpf_experimental.h" #include "bpf_qdisc_common.h" +#include "bpf_kfuncs.h" char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/cgroup_read_xattr.c b/tools/testing/selftests/bpf/progs/cgroup_read_xattr.c index 092db1d0435e..50162ca905cc 100644 --- a/tools/testing/selftests/bpf/progs/cgroup_read_xattr.c +++ b/tools/testing/selftests/bpf/progs/cgroup_read_xattr.c @@ -7,6 +7,7 @@ #include <bpf/bpf_core_read.h> #include "bpf_experimental.h" #include "bpf_misc.h" +#include "bpf_kfuncs.h" char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/dmabuf_iter.c b/tools/testing/selftests/bpf/progs/dmabuf_iter.c index 13cdb11fdeb2..df0021dc54da 100644 --- a/tools/testing/selftests/bpf/progs/dmabuf_iter.c +++ b/tools/testing/selftests/bpf/progs/dmabuf_iter.c @@ -3,6 +3,7 @@ #include <vmlinux.h> #include <bpf/bpf_core_read.h> #include <bpf/bpf_helpers.h> +#include "bpf_experimental.h" /* From uapi/linux/dma-buf.h */ #define DMA_BUF_NAME_LEN 32 diff --git a/tools/testing/selftests/bpf/progs/dynptr_success.c b/tools/testing/selftests/bpf/progs/dynptr_success.c index a0391f9da2d4..95bcdf465c4b 100644 --- a/tools/testing/selftests/bpf/progs/dynptr_success.c +++ b/tools/testing/selftests/bpf/progs/dynptr_success.c @@ -8,6 +8,7 @@ #include <bpf/bpf_tracing.h> #include "bpf_misc.h" #include "errno.h" +#include "bpf_kfuncs.h" char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/irq.c b/tools/testing/selftests/bpf/progs/irq.c index 74d912b22de9..ce3b2509e6f1 100644 --- a/tools/testing/selftests/bpf/progs/irq.c +++ b/tools/testing/selftests/bpf/progs/irq.c @@ -4,13 +4,9 @@ #include <bpf/bpf_helpers.h> #include "bpf_misc.h" #include "bpf_experimental.h" +#include "bpf_kfuncs.h" unsigned long global_flags; - -extern void bpf_local_irq_save(unsigned long *) __weak __ksym; -extern void bpf_local_irq_restore(unsigned long *) __weak __ksym; -extern int bpf_copy_from_user_str(void *dst, u32 dst__sz, const void *unsafe_ptr__ign, u64 flags) __weak __ksym; - struct bpf_res_spin_lock lockA __hidden SEC(".data.A"); struct bpf_res_spin_lock lockB __hidden SEC(".data.B"); diff --git a/tools/testing/selftests/bpf/progs/linked_list_peek.c b/tools/testing/selftests/bpf/progs/linked_list_peek.c index 264e81bfb287..00d5299eeb0a 100644 --- a/tools/testing/selftests/bpf/progs/linked_list_peek.c +++ b/tools/testing/selftests/bpf/progs/linked_list_peek.c @@ -5,6 +5,7 @@ #include <bpf/bpf_helpers.h> #include "bpf_misc.h" #include "bpf_experimental.h" +#include "bpf_kfuncs.h" struct node_data { struct bpf_list_node l; diff --git a/tools/testing/selftests/bpf/progs/rbtree_search.c b/tools/testing/selftests/bpf/progs/rbtree_search.c index 098ef970fac1..681ea24d6877 100644 --- a/tools/testing/selftests/bpf/progs/rbtree_search.c +++ b/tools/testing/selftests/bpf/progs/rbtree_search.c @@ -5,6 +5,7 @@ #include <bpf/bpf_helpers.h> #include "bpf_misc.h" #include "bpf_experimental.h" +#include "bpf_kfuncs.h" struct node_data { struct bpf_refcount ref; diff --git a/tools/testing/selftests/bpf/progs/rcu_read_lock.c b/tools/testing/selftests/bpf/progs/rcu_read_lock.c index 43637ee2cdcd..386559f026dd 100644 --- a/tools/testing/selftests/bpf/progs/rcu_read_lock.c +++ b/tools/testing/selftests/bpf/progs/rcu_read_lock.c @@ -6,6 +6,7 @@ #include <bpf/bpf_tracing.h> #include "bpf_tracing_net.h" #include "bpf_misc.h" +#include "bpf_kfuncs.h" char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/read_cgroupfs_xattr.c b/tools/testing/selftests/bpf/progs/read_cgroupfs_xattr.c index 855f85fc5522..0575e08ae108 100644 --- a/tools/testing/selftests/bpf/progs/read_cgroupfs_xattr.c +++ b/tools/testing/selftests/bpf/progs/read_cgroupfs_xattr.c @@ -6,6 +6,7 @@ #include <bpf/bpf_helpers.h> #include <bpf/bpf_core_read.h> #include "bpf_experimental.h" +#include "bpf_kfuncs.h" char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/res_spin_lock.c b/tools/testing/selftests/bpf/progs/res_spin_lock.c index 22c4fb8b9266..8d21b7ae0a18 100644 --- a/tools/testing/selftests/bpf/progs/res_spin_lock.c +++ b/tools/testing/selftests/bpf/progs/res_spin_lock.c @@ -4,6 +4,7 @@ #include <bpf/bpf_tracing.h> #include <bpf/bpf_helpers.h> #include "bpf_misc.h" +#include "bpf_kfuncs.h" #define EDEADLK 35 #define ETIMEDOUT 110 diff --git a/tools/testing/selftests/bpf/progs/res_spin_lock_fail.c b/tools/testing/selftests/bpf/progs/res_spin_lock_fail.c index 330682a88c16..d643ff783798 100644 --- a/tools/testing/selftests/bpf/progs/res_spin_lock_fail.c +++ b/tools/testing/selftests/bpf/progs/res_spin_lock_fail.c @@ -6,6 +6,7 @@ #include <bpf/bpf_core_read.h> #include "bpf_misc.h" #include "bpf_experimental.h" +#include "bpf_kfuncs.h" struct arr_elem { struct bpf_res_spin_lock lock; diff --git a/tools/testing/selftests/bpf/progs/struct_ops_refcounted_fail__tail_call.c b/tools/testing/selftests/bpf/progs/struct_ops_refcounted_fail__tail_call.c index 3b125025a1f2..7661658848f4 100644 --- a/tools/testing/selftests/bpf/progs/struct_ops_refcounted_fail__tail_call.c +++ b/tools/testing/selftests/bpf/progs/struct_ops_refcounted_fail__tail_call.c @@ -4,6 +4,7 @@ #include <bpf/bpf_tracing.h> #include "../test_kmods/bpf_testmod.h" #include "bpf_misc.h" +#include "bpf_kfuncs.h" char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/test_spin_lock_fail.c b/tools/testing/selftests/bpf/progs/test_spin_lock_fail.c index f678ee6bd7ea..aee2791ad863 100644 --- a/tools/testing/selftests/bpf/progs/test_spin_lock_fail.c +++ b/tools/testing/selftests/bpf/progs/test_spin_lock_fail.c @@ -3,6 +3,7 @@ #include <bpf/bpf_tracing.h> #include <bpf/bpf_helpers.h> #include "bpf_experimental.h" +#include "bpf_kfuncs.h" struct foo { struct bpf_spin_lock lock; diff --git a/tools/testing/selftests/bpf/progs/verifier_bpf_trap.c b/tools/testing/selftests/bpf/progs/verifier_bpf_trap.c index 35e2cdc00a01..9d89ab6f5c58 100644 --- a/tools/testing/selftests/bpf/progs/verifier_bpf_trap.c +++ b/tools/testing/selftests/bpf/progs/verifier_bpf_trap.c @@ -3,6 +3,7 @@ #include <vmlinux.h> #include <bpf/bpf_helpers.h> #include "bpf_misc.h" +#include "bpf_kfuncs.h" #if __clang_major__ >= 21 && 0 SEC("socket") -- 2.43.0

3 months, 3 weeks

1
0
0 0

[PATCH] tools/nolibc: fix error return value of clock_nanosleep()

by Thomas Weißschuh

clock_nanosleep() returns a positive error value. Unlike other libc functions it *does not* return -1 nor set errno. Fix the return value and also adapt nanosleep(). Fixes: 7c02bc4088af ("tools/nolibc: add support for clock_nanosleep() and nanosleep()") Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> --- tools/include/nolibc/time.h | 5 +++-- tools/testing/selftests/nolibc/nolibc-test.c | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tools/include/nolibc/time.h b/tools/include/nolibc/time.h index d02bc44d2643a5e39afa808841f7175bfab5ff7e..e9c1b976791a65c0d73268bebbcfd4f2a57a47ee 100644 --- a/tools/include/nolibc/time.h +++ b/tools/include/nolibc/time.h @@ -133,7 +133,8 @@ static __attribute__((unused)) int clock_nanosleep(clockid_t clockid, int flags, const struct timespec *rqtp, struct timespec *rmtp) { - return __sysret(sys_clock_nanosleep(clockid, flags, rqtp, rmtp)); + /* Directly return a positive error number */ + return -sys_clock_nanosleep(clockid, flags, rqtp, rmtp); } static __inline__ @@ -145,7 +146,7 @@ double difftime(time_t time1, time_t time2) static __inline__ int nanosleep(const struct timespec *rqtp, struct timespec *rmtp) { - return clock_nanosleep(CLOCK_REALTIME, 0, rqtp, rmtp); + return __sysret(sys_clock_nanosleep(CLOCK_REALTIME, 0, rqtp, rmtp)); } diff --git a/tools/testing/selftests/nolibc/nolibc-test.c b/tools/testing/selftests/nolibc/nolibc-test.c index a297ee0d6d0754dfcd9f9e5609d42c7442dabc4e..cc4d730ac4656fb5944d50be9477a3dfefb00aa0 100644 --- a/tools/testing/selftests/nolibc/nolibc-test.c +++ b/tools/testing/selftests/nolibc/nolibc-test.c @@ -1334,6 +1334,7 @@ int run_syscall(int min, int max) CASE_TEST(chroot_root); EXPECT_SYSZR(euid0, chroot("/")); break; CASE_TEST(chroot_blah); EXPECT_SYSER(1, chroot("/proc/self/blah"), -1, ENOENT); break; CASE_TEST(chroot_exe); EXPECT_SYSER(1, chroot(argv0), -1, ENOTDIR); break; + CASE_TEST(clock_nanosleep); ts.tv_nsec = -1; EXPECT_EQ(1, EINVAL, clock_nanosleep(CLOCK_REALTIME, 0, &ts, NULL)); break; CASE_TEST(close_m1); EXPECT_SYSER(1, close(-1), -1, EBADF); break; CASE_TEST(close_dup); EXPECT_SYSZR(1, close(dup(0))); break; CASE_TEST(dup_0); tmp = dup(0); EXPECT_SYSNE(1, tmp, -1); close(tmp); break; --- base-commit: 260f6f4fda93c8485c8037865c941b42b9cba5d2 change-id: 20250731-nolibc-clock_nanosleep-ret-b03a299c083f Best regards, -- Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>

3 months, 3 weeks

2
1
0 0

[PATCH v2] selftests/tty: add TIOCSTI test suite

by Abhinav Saxena via B4 Relay

From: Abhinav Saxena <xandfury(a)gmail.com> TIOCSTI is a TTY ioctl command that allows inserting characters into the terminal input queue, making it appear as if the user typed those characters. Add a test suite with four tests to verify TIOCSTI behaviour in different scenarios when dev.tty.legacy_tiocsti is both enabled and disabled: - Test TIOCSTI functionality when legacy support is enabled - Test TIOCSTI rejection when legacy support is disabled - Test capability requirements for TIOCSTI usage - Test TIOCSTI security with file descriptor passing The tests validate proper enforcement of the legacy_tiocsti sysctl introduced in commit 83efeeeb3d04 ("tty: Allow TIOCSTI to be disabled"). See tty_ioctl(4) for details on TIOCSTI behavior and security requirements. Signed-off-by: Abhinav Saxena <xandfury(a)gmail.com> --- This patch adds comprehensive selftests for the TIOCSTI ioctl to validate proper behaviour under different system configurations. =============== The TIOCSTI ioctl allows inserting characters into the terminal input queue, making it appear as if the user typed those characters. This functionality has security implications and behaviour that varies based on system configuration. Background ========== CONFIG_LEGACY_TIOCSTI controls the default value for the dev.tty.legacy_tiocsti sysctl, which remains runtime-configurable. The dev.tty.legacy_tiocsti sysctl was introduced in commit 83efeeeb3d04 ("tty: Allow TIOCSTI to be disabled") to provide administrators control over TIOCSTI usage. When legacy_tiocsti is disabled, TIOCSTI requires CAP_SYS_ADMIN capability. However, the current implementation only checks the current process's credentials via capable(CAP_SYS_ADMIN), which doesn't validate against the file opener's credentials stored in file->f_cred. This creates a potential security scenario where an unprivileged process can open a TTY fd and pass it to a privileged process via SCM_RIGHTS. Testing ======= The test suite includes four comprehensive tests: - Test TIOCSTI functionality when legacy support is enabled - Test TIOCSTI rejection when legacy support is disabled - Test capability requirements for TIOCSTI usage - Test TIOCSTI security with file descriptor passing All patches have been validated using: - scripts/checkpatch.pl --strict (0 errors, 0 warnings) - Functional testing on kernel v6.16-rc2 - File descriptor passing security test scenarios The fd_passing_security test demonstrates the security concern. To verify, disable legacy TIOCSTI and run the test: $ echo "0" | sudo tee /proc/sys/dev/tty/legacy_tiocsti $ sudo ./tools/testing/selftests/tty/tty_tiocsti_test -t fd_passing_security Patch Overview ============== PATCH 1/1: selftests/tty: add TIOCSTI test suite Comprehensive test suite demonstrating the issue and fix validation References ========== - tty_ioctl(4) - documents TIOCSTI ioctl and capability requirements - commit 83efeeeb3d04 ("tty: Allow TIOCSTI to be disabled") - Documentation/security/credentials.rst - https://github.com/KSPP/linux/issues/156 - https://lore.kernel.org/linux-hardening/Y0m9l52AKmw6Yxi1@hostpad/ - drivers/tty/Kconfig Configuration References: [1] - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/dri… [2] - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/dri… [3] - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/dri… Signed-off-by: Abhinav Saxena <xandfury(a)gmail.com> Changes in v2: - Focused series on selftests only - Removed SELinux capability checking patch for separate submission - Link to v1: https://lore.kernel.org/r/20250622-toicsti-bug-v1-0-f374373b04b2@gmail.com --- tools/testing/selftests/tty/Makefile | 6 +- tools/testing/selftests/tty/config | 1 + tools/testing/selftests/tty/tty_tiocsti_test.c | 421 +++++++++++++++++++++++++ 3 files changed, 427 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/tty/Makefile b/tools/testing/selftests/tty/Makefile index 50d7027b2ae3..7f6fbe5a0cd5 100644 --- a/tools/testing/selftests/tty/Makefile +++ b/tools/testing/selftests/tty/Makefile @@ -1,5 +1,9 @@ # SPDX-License-Identifier: GPL-2.0 CFLAGS = -O2 -Wall -TEST_GEN_PROGS := tty_tstamp_update +TEST_GEN_PROGS := tty_tstamp_update tty_tiocsti_test +LDLIBS += -lcap include ../lib.mk + +# Add libcap for TIOCSTI test +$(OUTPUT)/tty_tiocsti_test: LDLIBS += -lcap diff --git a/tools/testing/selftests/tty/config b/tools/testing/selftests/tty/config new file mode 100644 index 000000000000..c6373aba6636 --- /dev/null +++ b/tools/testing/selftests/tty/config @@ -0,0 +1 @@ +CONFIG_LEGACY_TIOCSTI=y diff --git a/tools/testing/selftests/tty/tty_tiocsti_test.c b/tools/testing/selftests/tty/tty_tiocsti_test.c new file mode 100644 index 000000000000..6a4b497078b0 --- /dev/null +++ b/tools/testing/selftests/tty/tty_tiocsti_test.c @@ -0,0 +1,421 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * TTY Tests - TIOCSTI + * + * Copyright © 2025 Abhinav Saxena <xandfury(a)gmail.com> + */ + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <fcntl.h> +#include <sys/ioctl.h> +#include <errno.h> +#include <stdbool.h> +#include <string.h> +#include <sys/socket.h> +#include <sys/wait.h> +#include <pwd.h> +#include <termios.h> +#include <grp.h> +#include <sys/capability.h> +#include <sys/prctl.h> + +#include "../kselftest_harness.h" + +/* Helper function to send FD via SCM_RIGHTS */ +static int send_fd_via_socket(int socket_fd, int fd_to_send) +{ + struct msghdr msg = { 0 }; + struct cmsghdr *cmsg; + char cmsg_buf[CMSG_SPACE(sizeof(int))]; + char dummy_data = 'F'; + struct iovec iov = { .iov_base = &dummy_data, .iov_len = 1 }; + + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_control = cmsg_buf; + msg.msg_controllen = sizeof(cmsg_buf); + + cmsg = CMSG_FIRSTHDR(&msg); + cmsg->cmsg_level = SOL_SOCKET; + cmsg->cmsg_type = SCM_RIGHTS; + cmsg->cmsg_len = CMSG_LEN(sizeof(int)); + + memcpy(CMSG_DATA(cmsg), &fd_to_send, sizeof(int)); + + return sendmsg(socket_fd, &msg, 0) < 0 ? -1 : 0; +} + +/* Helper function to receive FD via SCM_RIGHTS */ +static int recv_fd_via_socket(int socket_fd) +{ + struct msghdr msg = { 0 }; + struct cmsghdr *cmsg; + char cmsg_buf[CMSG_SPACE(sizeof(int))]; + char dummy_data; + struct iovec iov = { .iov_base = &dummy_data, .iov_len = 1 }; + int received_fd = -1; + + msg.msg_iov = &iov; + msg.msg_iovlen = 1; + msg.msg_control = cmsg_buf; + msg.msg_controllen = sizeof(cmsg_buf); + + if (recvmsg(socket_fd, &msg, 0) < 0) + return -1; + + for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) { + if (cmsg->cmsg_level == SOL_SOCKET && + cmsg->cmsg_type == SCM_RIGHTS) { + memcpy(&received_fd, CMSG_DATA(cmsg), sizeof(int)); + break; + } + } + + return received_fd; +} + +static inline bool has_cap_sys_admin(void) +{ + cap_t caps = cap_get_proc(); + + if (!caps) + return false; + + cap_flag_value_t cap_val; + bool has_cap = (cap_get_flag(caps, CAP_SYS_ADMIN, CAP_EFFECTIVE, + &cap_val) == 0) && + (cap_val == CAP_SET); + + cap_free(caps); + return has_cap; +} + +/* + * Simple privilege drop that just changes uid/gid in current process + * and also capabilities like CAP_SYS_ADMIN + */ +static inline bool drop_to_nobody(void) +{ + /* Drop supplementary groups */ + if (setgroups(0, NULL) != 0) { + printf("setgroups failed: %s", strerror(errno)); + return false; + } + + /* Change group to nobody */ + if (setgid(65534) != 0) { + printf("setgid failed: %s", strerror(errno)); + return false; + } + + /* Change user to nobody (this drops capabilities) */ + if (setuid(65534) != 0) { + printf("setuid failed: %s", strerror(errno)); + return false; + } + + /* Verify we no longer have CAP_SYS_ADMIN */ + if (has_cap_sys_admin()) { + printf("ERROR: Still have CAP_SYS_ADMIN after changing to nobody"); + return false; + } + + printf("Successfully changed to nobody (uid:%d gid:%d)\n", getuid(), + getgid()); + return true; +} + +static inline int get_legacy_tiocsti_setting(void) +{ + FILE *fp; + int value = -1; + + fp = fopen("/proc/sys/dev/tty/legacy_tiocsti", "r"); + if (!fp) { + if (errno == ENOENT) { + printf("legacy_tiocsti sysctl not available (kernel < 6.2)\n"); + } else { + printf("Cannot read legacy_tiocsti: %s\n", + strerror(errno)); + } + return -1; + } + + if (fscanf(fp, "%d", &value) == 1) { + printf("legacy_tiocsti setting=%d\n", value); + + if (value < 0 || value > 1) { + printf("legacy_tiocsti unexpected value %d\n", value); + value = -1; + } else { + printf("legacy_tiocsti=%d (%s mode)\n", value, + value == 0 ? "restricted" : "permissive"); + } + } else { + printf("Failed to parse legacy_tiocsti value"); + value = -1; + } + + fclose(fp); + return value; +} + +static inline int test_tiocsti_injection(int fd) +{ + int ret; + char test_char = 'X'; + + ret = ioctl(fd, TIOCSTI, &test_char); + if (ret == 0) { + /* Clear the injected character */ + printf("TIOCSTI injection succeeded\n"); + } else { + printf("TIOCSTI injection failed: %s (errno=%d)\n", + strerror(errno), errno); + } + return ret == 0 ? 0 : -1; +} + +FIXTURE(tty_tiocsti) +{ + int tty_fd; + char *tty_name; + bool has_tty; + bool initial_cap_sys_admin; + int legacy_tiocsti_setting; +}; + +FIXTURE_SETUP(tty_tiocsti) +{ + TH_LOG("Running as UID: %d with effective UID: %d", getuid(), + geteuid()); + + self->tty_fd = open("/dev/tty", O_RDWR); + self->has_tty = (self->tty_fd >= 0); + + if (self->tty_fd < 0) + TH_LOG("Cannot open /dev/tty: %s", strerror(errno)); + + self->tty_name = ttyname(STDIN_FILENO); + TH_LOG("Current TTY: %s", self->tty_name ? self->tty_name : "none"); + + self->initial_cap_sys_admin = has_cap_sys_admin(); + TH_LOG("Initial CAP_SYS_ADMIN: %s", + self->initial_cap_sys_admin ? "yes" : "no"); + + self->legacy_tiocsti_setting = get_legacy_tiocsti_setting(); +} + +FIXTURE_TEARDOWN(tty_tiocsti) +{ + if (self->has_tty && self->tty_fd >= 0) + close(self->tty_fd); +} + +/* Test case 1: legacy_tiocsti != 0 (permissive mode) */ +TEST_F(tty_tiocsti, permissive_mode) +{ + // clang-format off + if (self->legacy_tiocsti_setting < 0) + SKIP(return, + "legacy_tiocsti sysctl not available (kernel < 6.2)"); + + if (self->legacy_tiocsti_setting == 0) + SKIP(return, + "Test requires permissive mode (legacy_tiocsti=1)"); + // clang-format on + + ASSERT_TRUE(self->has_tty); + + if (self->initial_cap_sys_admin) { + ASSERT_TRUE(drop_to_nobody()); + ASSERT_FALSE(has_cap_sys_admin()); + } + + /* In permissive mode, TIOCSTI should work without CAP_SYS_ADMIN */ + EXPECT_EQ(test_tiocsti_injection(self->tty_fd), 0) + { + TH_LOG("TIOCSTI should succeed in permissive mode without CAP_SYS_ADMIN"); + } +} + +/* Test case 2: legacy_tiocsti == 0, without CAP_SYS_ADMIN (should fail) */ +TEST_F(tty_tiocsti, restricted_mode_nopriv) +{ + // clang-format off + if (self->legacy_tiocsti_setting < 0) + SKIP(return, + "legacy_tiocsti sysctl not available (kernel < 6.2)"); + + if (self->legacy_tiocsti_setting != 0) + SKIP(return, + "Test requires restricted mode (legacy_tiocsti=0)"); + // clang-format on + + ASSERT_TRUE(self->has_tty); + + if (self->initial_cap_sys_admin) { + ASSERT_TRUE(drop_to_nobody()); + ASSERT_FALSE(has_cap_sys_admin()); + } + /* In restricted mode, TIOCSTI should fail without CAP_SYS_ADMIN */ + EXPECT_EQ(test_tiocsti_injection(self->tty_fd), -1); + + /* + * it might fail with either EPERM or EIO + * EXPECT_TRUE(errno == EPERM || errno == EIO) + * { + * TH_LOG("Expected EPERM, got: %s", strerror(errno)); + * } + */ +} + +/* Test case 3: legacy_tiocsti == 0, with CAP_SYS_ADMIN (should succeed) */ +TEST_F(tty_tiocsti, restricted_mode_priv) +{ + // clang-format off + if (self->legacy_tiocsti_setting < 0) + SKIP(return, + "legacy_tiocsti sysctl not available (kernel < 6.2)"); + + if (self->legacy_tiocsti_setting != 0) + SKIP(return, + "Test requires restricted mode (legacy_tiocsti=0)"); + // clang-format on + + /* Must have CAP_SYS_ADMIN for this test */ + if (!self->initial_cap_sys_admin) + SKIP(return, "Test requires CAP_SYS_ADMIN"); + + ASSERT_TRUE(self->has_tty); + ASSERT_TRUE(has_cap_sys_admin()); + + /* In restricted mode, TIOCSTI should succeed with CAP_SYS_ADMIN */ + EXPECT_EQ(test_tiocsti_injection(self->tty_fd), 0) + { + TH_LOG("TIOCSTI should succeed in restricted mode with CAP_SYS_ADMIN"); + } +} + +/* Test TIOCSTI security with file descriptor passing */ +TEST_F(tty_tiocsti, fd_passing_security) +{ + // clang-format off + if (self->legacy_tiocsti_setting < 0) + SKIP(return, + "legacy_tiocsti sysctl not available (kernel < 6.2)"); + + if (self->legacy_tiocsti_setting != 0) + SKIP(return, + "Test requires restricted mode (legacy_tiocsti=0)"); + // clang-format on + + /* Must start with CAP_SYS_ADMIN */ + if (!self->initial_cap_sys_admin) + SKIP(return, "Test requires initial CAP_SYS_ADMIN"); + + int sockpair[2]; + pid_t child_pid; + + ASSERT_EQ(socketpair(AF_UNIX, SOCK_STREAM, 0, sockpair), 0); + + child_pid = fork(); + ASSERT_GE(child_pid, 0) + TH_LOG("Fork failed: %s", strerror(errno)); + + if (child_pid == 0) { + /* Child process - become unprivileged, open TTY, send FD to parent */ + close(sockpair[0]); + + TH_LOG("Child: Dropping privileges..."); + + /* Drop to nobody user (loses all capabilities) */ + drop_to_nobody(); + + /* Verify we no longer have CAP_SYS_ADMIN */ + if (has_cap_sys_admin()) { + TH_LOG("Child: Failed to drop CAP_SYS_ADMIN"); + _exit(1); + } + + TH_LOG("Child: Opening TTY as unprivileged user..."); + + int unprivileged_tty_fd = open("/dev/tty", O_RDWR); + + if (unprivileged_tty_fd < 0) { + TH_LOG("Child: Cannot open TTY: %s", strerror(errno)); + _exit(1); + } + + /* Test that we can't use TIOCSTI directly (should fail) */ + + char test_char = 'X'; + + if (ioctl(unprivileged_tty_fd, TIOCSTI, &test_char) == 0) { + TH_LOG("Child: ERROR - Direct TIOCSTI succeeded unexpectedly!"); + close(unprivileged_tty_fd); + _exit(1); + } + TH_LOG("Child: Good - Direct TIOCSTI failed as expected: %s", + strerror(errno)); + + /* Send the TTY FD to privileged parent via SCM_RIGHTS */ + TH_LOG("Child: Sending TTY FD to privileged parent..."); + if (send_fd_via_socket(sockpair[1], unprivileged_tty_fd) != 0) { + TH_LOG("Child: Failed to send FD"); + close(unprivileged_tty_fd); + _exit(1); + } + + close(unprivileged_tty_fd); + close(sockpair[1]); + _exit(0); /* Child success */ + + } else { + /* Parent process - keep CAP_SYS_ADMIN, receive FD, test TIOCSTI */ + close(sockpair[1]); + + TH_LOG("Parent: Waiting for TTY FD from unprivileged child..."); + + /* Verify we still have CAP_SYS_ADMIN */ + ASSERT_TRUE(has_cap_sys_admin()); + + /* Receive the TTY FD from unprivileged child */ + int received_fd = recv_fd_via_socket(sockpair[0]); + + ASSERT_GE(received_fd, 0) + TH_LOG("Parent: Received FD %d (opened by unprivileged process)", + received_fd); + + /* + * VULNERABILITY TEST: Try TIOCSTI with FD opened by unprivileged process + * This should FAIL even though parent has CAP_SYS_ADMIN + * because the FD was opened by unprivileged process + */ + char attack_char = 'V'; /* V for Vulnerability */ + int ret = ioctl(received_fd, TIOCSTI, &attack_char); + + TH_LOG("Parent: Testing TIOCSTI on FD from unprivileged process..."); + if (ret == 0) { + TH_LOG("*** VULNERABILITY DETECTED ***"); + TH_LOG("Privileged process can use TIOCSTI on unprivileged FD"); + } else { + TH_LOG("TIOCSTI failed on unprivileged FD: %s", + strerror(errno)); + EXPECT_EQ(errno, EPERM); + } + close(received_fd); + close(sockpair[0]); + + /* Wait for child */ + int status; + + ASSERT_EQ(waitpid(child_pid, &status, 0), child_pid); + EXPECT_EQ(WEXITSTATUS(status), 0); + ASSERT_NE(ret, 0); + } +} + +TEST_HARNESS_MAIN --- base-commit: 40f92e79b0aabbf3575e371f9054657a421a3e79 change-id: 20250618-toicsti-bug-7822b8e94a32 Best regards, -- Abhinav Saxena <xandfury(a)gmail.com>

3 months, 3 weeks

3
2
0 0

[RFC PATCH 1/2] kunit: tool: Move qemu architecture dependency checks into a function

by David Gow

Currently the RISC-V qemu architecture config has some code to check for the presence of the BIOS files before loading, printing a message and quitting if it's not present. However, this prevents us from loading the architecture file even just to inspect it if the dependencies are not present. Instead, have kunit.py look for a check_dependencies function, and call it if present only when the architecture config is being used. This is necessary for future changes which enumerate or automatically select an architecture. Signed-off-by: David Gow <davidgow(a)google.com> --- tools/testing/kunit/kunit_kernel.py | 5 +++++ tools/testing/kunit/qemu_configs/riscv.py | 10 ++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/tools/testing/kunit/kunit_kernel.py b/tools/testing/kunit/kunit_kernel.py index 260d8d9aa1db..c3201a76da24 100644 --- a/tools/testing/kunit/kunit_kernel.py +++ b/tools/testing/kunit/kunit_kernel.py @@ -230,6 +230,11 @@ def _get_qemu_ops(config_path: str, assert isinstance(spec.loader, importlib.abc.Loader) spec.loader.exec_module(config) + # Check for any per-architecture dependencies + if hasattr(config, 'check_dependencies'): + if not config.check_dependencies(): + raise ValueError('Missing dependencies for ' + config_path) + if not hasattr(config, 'QEMU_ARCH'): raise ValueError('qemu_config module missing "QEMU_ARCH": ' + config_path) params: qemu_config.QemuArchParams = config.QEMU_ARCH diff --git a/tools/testing/kunit/qemu_configs/riscv.py b/tools/testing/kunit/qemu_configs/riscv.py index c87758030ff7..3c271d1005d9 100644 --- a/tools/testing/kunit/qemu_configs/riscv.py +++ b/tools/testing/kunit/qemu_configs/riscv.py @@ -6,10 +6,12 @@ import sys OPENSBI_FILE = 'opensbi-riscv64-generic-fw_dynamic.bin' OPENSBI_PATH = '/usr/share/qemu/' + OPENSBI_FILE -if not os.path.isfile(OPENSBI_PATH): - print('\n\nOpenSBI bios was not found in "' + OPENSBI_PATH + '".\n' - 'Please ensure that qemu-system-riscv is installed, or edit the path in "qemu_configs/riscv.py"\n') - sys.exit() +def check_dependencies() -> bool: + if not os.path.isfile(OPENSBI_PATH): + print('\n\nOpenSBI bios was not found in "' + OPENSBI_PATH + '".\n' + 'Please ensure that qemu-system-riscv is installed, or edit the path in "qemu_configs/riscv.py"\n') + return False + return True QEMU_ARCH = QemuArchParams(linux_arch='riscv', kconfig=''' -- 2.50.1.552.g942d659e1b-goog

3 months, 3 weeks

1
1
0 0

[PATCH v2] Subject: [PATCH] selftests: panic: Add test module to trigger kernel panic

by Vishal Parmar

This patch adds a new test module under tools/testing/selftests/panic that intentionally triggers a kernel panic for test and diagnostic purposes. The goal is to provide a reproducible and isolated kernel panic event for testing crash dump mechanisms or validating kernel panic handling behavior. The test includes: - A kernel module that calls panic() in init. - A Makefile to build the kernel module. - A run.sh script to load the module and capture panic logs. Changes in v2: - Added run.sh - Added reference output log of run.sh Signed-off-by: Vishal Parmar <vishistriker(a)gmail.com> --- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/panic/Makefile | 13 +++++++++ .../selftests/panic/panic_trigger_test.c | 26 +++++++++++++++++ .../selftests/panic/reference_output_log.txt | 29 +++++++++++++++++++ tools/testing/selftests/panic/run.sh | 17 +++++++++++ 5 files changed, 86 insertions(+) create mode 100644 tools/testing/selftests/panic/Makefile create mode 100644 tools/testing/selftests/panic/panic_trigger_test.c create mode 100644 tools/testing/selftests/panic/reference_output_log.txt create mode 100755 tools/testing/selftests/panic/run.sh diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile index 339b31e6a6b5..7b824470a9b3 100644 --- a/tools/testing/selftests/Makefile +++ b/tools/testing/selftests/Makefile @@ -78,6 +78,7 @@ TARGETS += net/packetdrill TARGETS += net/rds TARGETS += net/tcp_ao TARGETS += nsfs +TARGETS += panic TARGETS += pci_endpoint TARGETS += pcie_bwctrl TARGETS += perf_events diff --git a/tools/testing/selftests/panic/Makefile b/tools/testing/selftests/panic/Makefile new file mode 100644 index 000000000000..e4a1b88a63b2 --- /dev/null +++ b/tools/testing/selftests/panic/Makefile @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: GPL-2.0 + +obj-m := panic_trigger_test.o + +KDIR := $(abspath ../../../../) +PWD := $(shell pwd) + +all: + $(MAKE) -C $(KDIR) M=$(PWD) modules + +clean: + $(MAKE) -C $(KDIR) M=$(PWD) clean + rm -f *.mod.c *.o *.ko *.order *.symvers diff --git a/tools/testing/selftests/panic/panic_trigger_test.c b/tools/testing/selftests/panic/panic_trigger_test.c new file mode 100644 index 000000000000..4e2e043fe3ad --- /dev/null +++ b/tools/testing/selftests/panic/panic_trigger_test.c @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * panic_test.c - Module to test kernel panic + */ + +#include <linux/module.h> +#include <linux/init.h> + +static int __init panic_test_init(void) +{ + pr_info("Triggering a deliberate kernel panic now.\n"); + panic("Triggered by panic_test module."); + return 0; +} + +static void __exit panic_test_exit(void) +{ + pr_info("This should not be printed, as system panics on init.\n"); +} + +module_init(panic_test_init); +module_exit(panic_test_exit); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Vishal Parmar"); +MODULE_DESCRIPTION("Module to trigger kernel panic for testing"); diff --git a/tools/testing/selftests/panic/reference_output_log.txt b/tools/testing/selftests/panic/reference_output_log.txt new file mode 100644 index 000000000000..2c8143bf6c4a --- /dev/null +++ b/tools/testing/selftests/panic/reference_output_log.txt @@ -0,0 +1,29 @@ +[*] Inserting module: panic_trigger_test.ko +[ 30.377307] panic_trigger_test: loading out-of-tree module taints kernel. +[ 30.380328] Triggering a deliberate kernel panic now. +[ 30.382369] Kernel panic - not syncing: Triggered by panic_test module. +[ 30.383349] CPU: 1 UID: 0 PID: 99 Comm: insmod Tainted: G O 6.16.0-rc7-00140-gec2df4364666 #1 PREEMPT(voluntary) +[ 30.383349] Tainted: [O]=OOT_MODULE +[ 30.383349] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 +[ 30.383349] Call Trace: +[ 30.383349] <TASK> +[ 30.383349] panic+0x325/0x380 +[ 30.383349] ? __pfx_panic_test_init+0x10/0x10 [panic_trigger_test] +[ 30.383349] panic_test_init+0x1c/0xff0 [panic_trigger_test] +[ 30.383349] do_one_initcall+0x55/0x220 +[ 30.383349] do_init_module+0x5b/0x230 +[ 30.383349] __do_sys_init_module+0x150/0x180 +[ 30.383349] do_syscall_64+0xa4/0x260 +[ 30.383349] entry_SYSCALL_64_after_hwframe+0x77/0x7f +[ 30.383349] RIP: 0033:0x7f88f09177d9 +[ 30.383349] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d f7 05 8 +[ 30.383349] RSP: 002b:00007ffc16317848 EFLAGS: 00000206 ORIG_RAX: 00000000000000af +[ 30.383349] RAX: ffffffffffffffda RBX: 000055a4a84b0eae RCX: 00007f88f09177d9 +[ 30.383349] RDX: 000055a4a84b0eae RSI: 00000000000019e8 RDI: 000055a4c9b4b370 +[ 30.383349] RBP: 00007ffc16317bd0 R08: 000055a4c9b4b310 R09: 00000000000019e8 +[ 30.383349] R10: 0000000000000007 R11: 0000000000000206 R12: 00007ffc16317bd8 +[ 30.383349] R13: 00007ffc16317be0 R14: 000055a4a84b0eae R15: 00007f88f0b25020 +[ 30.383349] </TASK> +[ 30.383349] Kernel Offset: 0x10000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) +[ 30.383349] ---[ end Kernel panic - not syncing: Triggered by panic_test module. ]--- + diff --git a/tools/testing/selftests/panic/run.sh b/tools/testing/selftests/panic/run.sh new file mode 100755 index 000000000000..ffa20dc22708 --- /dev/null +++ b/tools/testing/selftests/panic/run.sh @@ -0,0 +1,17 @@ +# tools/testing/selftests/panic/run.sh + +#!/bin/sh +set -e + +MOD_NAME="panic_trigger_test.ko" +LOG_FILE="panic_log.txt" + +echo "[*] Clearing dmesg..." +dmesg -c + +echo "[*] Inserting module: $MOD_NAME" +insmod ./$MOD_NAME + +echo "[*] Capturing dmesg..." +dmesg > "$LOG_FILE" + -- 2.39.5

3 months, 3 weeks

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror