Hi Linus,
Please pull the following Kselftest fixes update for Linux 6.6-rc4.
This kselftest fixes update for Linux 6.6-rc4 consists of one
single fix to unmount tracefs when test created mount.
diff is attached.
thanks.
-- Shuah
----------------------------------------------------------------
The following changes since commit ce9ecca0238b140b88f43859b211c9fdfd8e5b70:
Linux 6.6-rc2 (2023-09-17 14:40:24 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest tags/linux-kselftest-fixes-6.6-rc4
for you to fetch changes up to 8ed99af4a266a3492d773b5d85c3f8e9f81254b6:
selftests/user_events: Fix to unmount tracefs when test created mount (2023-09-18 11:04:52 -0600)
----------------------------------------------------------------
linux-kselftest-fixes-6.6-rc4
This kselftest fixes update for Linux 6.6-rc4 consists of one
single fix to unmount tracefs when test created mount.
----------------------------------------------------------------
Beau Belgrave (1):
selftests/user_events: Fix to unmount tracefs when test created mount
tools/testing/selftests/user_events/abi_test.c | 4 +++-
tools/testing/selftests/user_events/dyn_test.c | 5 ++++-
tools/testing/selftests/user_events/ftrace_test.c | 5 ++++-
tools/testing/selftests/user_events/perf_test.c | 5 ++++-
.../selftests/user_events/user_events_selftests.h | 24 +++++++++++++++++-----
5 files changed, 34 insertions(+), 9 deletions(-)
----------------------------------------------------------------
The point in iterating variant->mock_domains is to test the idev_ids[0]
and idev_ids[1]. So use it instead of keeping testing idev_ids[0] only.
Signed-off-by: Nicolin Chen <nicolinc(a)nvidia.com>
---
Jason/Kevin, I formated the patch with "-U4" so it shows the "for" line.
I didn't send it as a bug fix since it doesn't feel so critical that it
should bother stable trees -- yet if there's a need, I'd resend. Thanks!
tools/testing/selftests/iommu/iommufd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/iommu/iommufd.c b/tools/testing/selftests/iommu/iommufd.c
index 33d08600be13..9f705c1ea30f 100644
--- a/tools/testing/selftests/iommu/iommufd.c
+++ b/tools/testing/selftests/iommu/iommufd.c
@@ -1406,9 +1406,9 @@ TEST_F(iommufd_mock_domain, alloc_hwpt)
for (i = 0; i != variant->mock_domains; i++) {
uint32_t stddev_id;
uint32_t hwpt_id;
- test_cmd_hwpt_alloc(self->idev_ids[0], self->ioas_id, &hwpt_id);
+ test_cmd_hwpt_alloc(self->idev_ids[i], self->ioas_id, &hwpt_id);
test_cmd_mock_domain(hwpt_id, &stddev_id, NULL, NULL);
test_ioctl_destroy(stddev_id);
test_ioctl_destroy(hwpt_id);
}
--
2.42.0
Current test_verifier provides little feedback or argument validation,
instead silently falling back to running all tests in case of user error
or even expected use cases. Trying to do manual exploratory testing,
switching between kernel versions (e.g. with varying tests), or working
around problematic tests (e.g. kernel hangs/crashes) can be a frustrating
experience.
Rework argument parsing to be more robust and strict, and provide basic
help on errors. Clamp test ranges to valid values and add an option to
list available built-in tests ("-l"). Default "test_verifier" behaviour
(run all tests) is unchanged and backwards-compatible. Updated examples:
$ test_verifier die die die # previously ran all tests
Usage: test_verifier -l | [-v|-vv] [<tst_lo> [<tst_hi>]]
$ test_verifier 700 9999 # runs test subset from 700 to end
Signed-off-by: Tony Ambardar <Tony.Ambardar(a)gmail.com>
---
tools/testing/selftests/bpf/test_verifier.c | 54 ++++++++++++---------
1 file changed, 30 insertions(+), 24 deletions(-)
diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
index 98107e0452d3..3712b5363f60 100644
--- a/tools/testing/selftests/bpf/test_verifier.c
+++ b/tools/testing/selftests/bpf/test_verifier.c
@@ -10,9 +10,11 @@
#include <endian.h>
#include <asm/types.h>
#include <linux/types.h>
+#include <linux/minmax.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
+#include <ctype.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
@@ -1848,36 +1850,40 @@ int main(int argc, char **argv)
{
unsigned int from = 0, to = ARRAY_SIZE(tests);
bool unpriv = !is_admin();
- int arg = 1;
-
- if (argc > 1 && strcmp(argv[1], "-v") == 0) {
+ int i, arg = 1;
+
+ while (argc > 1 && *argv[arg] == '-') {
+ if (strcmp(argv[arg], "-l") == 0) {
+ for (i = from; i < to; i++)
+ printf("#%d %s\n", i, tests[i].descr);
+ return EXIT_SUCCESS;
+ } else if (strcmp(argv[arg], "-v") == 0) {
+ verbose = true;
+ verif_log_level = 1;
+ } else if (strcmp(argv[arg], "-vv") == 0) {
+ verbose = true;
+ verif_log_level = 2;
+ } else
+ goto out_help;
arg++;
- verbose = true;
- verif_log_level = 1;
argc--;
}
- if (argc > 1 && strcmp(argv[1], "-vv") == 0) {
- arg++;
- verbose = true;
- verif_log_level = 2;
- argc--;
- }
-
- if (argc == 3) {
- unsigned int l = atoi(argv[arg]);
- unsigned int u = atoi(argv[arg + 1]);
- if (l < to && u < to) {
- from = l;
- to = u + 1;
- }
- } else if (argc == 2) {
- unsigned int t = atoi(argv[arg]);
+ for (i = 1; i <= 2 && argc > 1; i++, arg++, argc--) {
+ unsigned int t = min(atoi(argv[arg]), ARRAY_SIZE(tests) - 1);
- if (t < to) {
+ if (!isdigit(*argv[arg]))
+ goto out_help;
+ if (i == 1)
from = t;
- to = t + 1;
- }
+ to = t + 1;
+ }
+
+ if (argc > 1) {
+out_help:
+ printf("Usage: %s -l | [-v|-vv] [<tst_lo> [<tst_hi>]]\n",
+ argv[0]);
+ return EXIT_FAILURE;
}
unpriv_disabled = get_unpriv_disabled();
--
2.34.1
Introduce a limit on the amount of learned FDB entries on a bridge,
configured by netlink with a build time default on bridge creation in
the kernel config.
For backwards compatibility the kernel config default is disabling the
limit (0).
Without any limit a malicious actor may OOM a kernel by spamming packets
with changing MAC addresses on their bridge port, so allow the bridge
creator to limit the number of entries.
Currently the manual entries are identified by the bridge flags
BR_FDB_LOCAL or BR_FDB_ADDED_BY_USER, atomically bundled under the new
flag BR_FDB_DYNAMIC_LEARNED. This means the limit also applies to
entries created with BR_FDB_ADDED_BY_EXT_LEARN but none of BR_FDB_LOCAL
or BR_FDB_ADDED_BY_USER, e.g. ones added by SWITCHDEV_FDB_ADD_TO_BRIDGE.
Link to the corresponding iproute2 changes: https://lore.kernel.org/netdev/20230919-fdb_limit-v4-1-b4d2dc4df30f@avm.de/
Signed-off-by: Johannes Nixdorf <jnixdorf-oss(a)avm.de>
---
Changes in v4:
- Added the new test to the Makefile. (from review)
- Removed _entries from the names. (from iproute2 review, in some places
only for consistency)
- Wrapped the lines at 80 chars, except when longer lines are consistent
with neighbouring code. (from review)
- Fixed a race in fdb_delete. (from review)
- Link to v3: https://lore.kernel.org/r/20230905-fdb_limit-v3-0-7597cd500a82@avm.de
Changes in v3:
- Fixed the flags for fdb_create in fdb_add_entry to use
BIT(...). Previously we passed garbage. (from review)
- Set strict_start_type for br_policy. (from review)
- Split out the combined accounting and limit patch, and the netlink
patch from the combined patch in v2. (from review)
- Count atomically, remove the newly introduced lock. (from review)
- Added the new attributes to br_policy. (from review)
- Added a selftest for the new feature. (from review)
- Link to v2: https://lore.kernel.org/netdev/20230619071444.14625-1-jnixdorf-oss@avm.de/
Changes in v2:
- Added BR_FDB_ADDED_BY_USER earlier in fdb_add_entry to ensure the
limit is not applied.
- Do not initialize fdb_*_entries to 0. (from review)
- Do not skip decrementing on 0. (from review)
- Moved the counters to a conditional hole in struct net_bridge to
avoid growing the struct. (from review, it still grows the struct as
there are 2 32-bit values)
- Add IFLA_BR_FDB_CUR_LEARNED_ENTRIES (from review)
- Fix br_get_size() with the added attributes.
- Only limit learned entries, rename to
*_(CUR|MAX)_LEARNED_ENTRIES. (from review)
- Added a default limit in Kconfig. (deemed acceptable in review
comments, helps with embedded use-cases where a special purpose kernel
is built anyways)
- Added an iproute2 patch for easier testing.
- Link to v1: https://lore.kernel.org/netdev/20230515085046.4457-1-jnixdorf-oss@avm.de/
Obsolete v1 review comments:
- Return better errors to users: Due to limiting the limit to
automatically created entries, netlink fdb add requests and changing
bridge ports are never rejected, so they do not yet need a more
friendly error returned.
---
Johannes Nixdorf (6):
net: bridge: Set BR_FDB_ADDED_BY_USER early in fdb_add_entry
net: bridge: Set strict_start_type for br_policy
net: bridge: Track and limit dynamically learned FDB entries
net: bridge: Add netlink knobs for number / max learned FDB entries
net: bridge: Add a configurable default FDB learning limit
selftests: forwarding: bridge_fdb_learning_limit: Add a new selftest
include/uapi/linux/if_link.h | 2 +
net/bridge/Kconfig | 13 +
net/bridge/br_device.c | 2 +
net/bridge/br_fdb.c | 42 ++-
net/bridge/br_netlink.c | 17 +-
net/bridge/br_private.h | 4 +
tools/testing/selftests/net/forwarding/Makefile | 3 +-
.../net/forwarding/bridge_fdb_learning_limit.sh | 283 +++++++++++++++++++++
8 files changed, 359 insertions(+), 7 deletions(-)
---
base-commit: ce9ecca0238b140b88f43859b211c9fdfd8e5b70
change-id: 20230904-fdb_limit-fae5bbf16c88
Best regards,
--
Johannes Nixdorf <jnixdorf-oss(a)avm.de>
IOMMU hardwares that support nested translation would have two stages
address translation (normally mentioned as stage-1 and stage-2). The page
table formats of the stage-1 and stage-2 can be different. e.g., VT-d has
different page table formats for stage-1 and stage-2.
Nested parent domain is the iommu domain used to represent the stage-2
translation. In IOMMUFD, both stage-1 and stage-2 translation are tracked
as HWPT (a.k.a. iommu domain). Stage-2 HWPT is parent of stage-1 HWPT as
stage-1 cannot work alone in nested translation. In the cases of stage-1 and
stage-2 page table format are different, the parent HWPT should use exactly
the stage-2 page table format. However, the existing kernel hides the format
selection in iommu drivers, so the domain allocated via IOMMU_HWPT_ALLOC can
use either stage-1 page table format or stage-2 page table format, there is
no guarantees for it.
To enforce the page table format of the nested parent domain, this series
introduces a new iommu op (domain_alloc_user) which can accept user flags
to allocate domain as userspace requires. It also converts IOMMUFD to use
the new domain_alloc_user op for domain allocation if supported, then extends
the IOMMU_HWPT_ALLOC ioctl to pass down a NEST_PARENT flag to allocate a HWPT
which can be used as parent. This series implements the new op in Intel iommu
driver to have a complete picture. It is a preparation for adding nesting
support in IOMMUFD/IOMMU.
Complete code can be found:
https://github.com/yiliu1765/iommufd/tree/iommufd_alloc_user_v1
Regards,
Yi Liu
Yi Liu (6):
iommu: Add new iommu op to create domains owned by userspace
iommufd/hw_pagetable: Use domain_alloc_user op for domain allocation
iommufd/hw_pagetable: Accepts user flags for domain allocation
iommufd/hw_pagetable: Support allocating nested parent domain
iommufd/selftest: Add domain_alloc_user() support in iommu mock
iommu/vt-d: Add domain_alloc_user op
drivers/iommu/intel/iommu.c | 20 ++++++++++++
drivers/iommu/iommufd/device.c | 2 +-
drivers/iommu/iommufd/hw_pagetable.c | 31 ++++++++++++++-----
drivers/iommu/iommufd/iommufd_private.h | 3 +-
drivers/iommu/iommufd/selftest.c | 16 ++++++++++
include/linux/iommu.h | 8 +++++
include/uapi/linux/iommufd.h | 12 ++++++-
tools/testing/selftests/iommu/iommufd.c | 24 +++++++++++---
.../selftests/iommu/iommufd_fail_nth.c | 2 +-
tools/testing/selftests/iommu/iommufd_utils.h | 11 +++++--
10 files changed, 111 insertions(+), 18 deletions(-)
--
2.34.1
Most of the tests in kselftest rely on external tools and libraries
to run, which means that in order to run the tests effectively we need
to have all the dependencies installed first.
But unfortunately, there is currently no way to know in advance what
tools and libraries the tests in kselftest depend on, and can only be
known when a test run fails.
For example after running the alsa subsystem test I realized I needed
to install the libasound-dev package.
This is inefficient for the test of subsystems that require a long
time to run.
For example, the net subsystem test, which takes more than an hour to
run a complete test.
I can only know that I need to install numactl, libnuma-dev, ethtool,
mausezahn, netsniff-ng, ndisc6, netperf, and other tools after carefully
reviewing the results of the tests.
I think we should add dependencies information to the Makefile for
each subsystem test, either as a comment or as an output target of
the Makefile, it would save a lot of time for the people running
the tests.
I can do this part of the work.
Welcome to discuss!
Juntong Deng