- Linux-kselftest-mirror - lists.linaro.org

[RESEND][PATCH v4 0/4] bpf: Add bpf_verify_pkcs7_signature() helper

by Roberto Sassu

Resending with a fix of mktemp argument in verify_sig_setup.sh One of the desirable features in security is the ability to restrict import of data to a given system based on data authenticity. If data import can be restricted, it would be possible to enforce a system-wide policy based on the signing keys the system owner trusts. This feature is widely used in the kernel. For example, if the restriction is enabled, kernel modules can be plugged in only if they are signed with a key whose public part is in the primary or secondary keyring. For eBPF, it can be useful as well. For example, it might be useful to authenticate data an eBPF program makes security decisions on. After a discussion in the eBPF mailing list, it was decided that the stated goal should be accomplished by introducing a new helper: bpf_verify_pkcs7_signature(), dedicated to verify PKCS#7 signatures. More helpers will be introduced later, as necessary. The job of bpf_verify_pkcs7_signature() is simply to call the corresponding signature verification function verify_pkcs7_signature(). Data and signature can be provided to the new helper with two dynamic pointers, to reduce the number of parameters. The keyring containing the signature verification key can be obtained with a new helper called bpf_request_key_by_id(). For now, keyrings can be obtained with an identifier defined in verification.h (except for the special value ULONG_MAX, used for testing). In the future, keyring can be searched also by their description. This functionality has not been included here in this patch set, as would require additional care for decrementing the reference count of the keyring. It could be added later. While bpf_request_key_by_id() can be called from any program, bpf_verify_pkcs7_signature(), instead, must be called by a sleepable program, as it is doing crypto operations. For the latter, for example, lsm.s/bpf is suitable, fexit/array_map_update_elem is not. The added test, which invokes both helpers, checks the ability of an eBPF program to verify module-style appended signatures, as produced by the kernel tool sign-file, currently used to sign kernel modules. The patch set is organized as follows. Patch 1 exports bpf_dynptr_get_size(), to obtain the real size of data carried by a dynamic pointer. Patch 2 introduces the bpf_request_key_by_id() helper. Patch 3 introduces the bpf_verify_pkcs7_signature() helper. Finally, patch 4 adds a test for both helpers. Changelog v3: - Rename bpf_verify_signature() back to bpf_verify_pkcs7_signature() to avoid managing different parameters for each signature verification function in one helper (suggested by Daniel) - Use dynamic pointers and export bpf_dynptr_get_size() (suggested by Alexei) - Introduce bpf_request_key_by_id() to give more flexibility to the caller of bpf_verify_pkcs7_signature() to retrieve the appropriate keyring (suggested by Alexei) - Fix test by reordering the gcc command line, always compile sign-file - Improve helper support check mechanism in the test v2: - Rename bpf_verify_pkcs7_signature() to a more generic bpf_verify_signature() and pass the signature type (suggested by KP) - Move the helper and prototype declaration under #ifdef so that user space can probe for support for the helper (suggested by Daniel) - Describe better the keyring types (suggested by Daniel) - Include linux/bpf.h instead of vmlinux.h to avoid implicit or redeclaration - Make the test selfcontained (suggested by Alexei) v1: - Don't define new map flag but introduce simple wrapper of verify_pkcs7_signature() (suggested by Alexei and KP) Roberto Sassu (4): bpf: Export bpf_dynptr_get_size() bpf: Add bpf_request_key_by_id() helper bpf: Add bpf_verify_pkcs7_signature() helper selftests/bpf: Add test for bpf_verify_pkcs7_signature() helper include/linux/bpf.h | 1 + include/uapi/linux/bpf.h | 25 ++ kernel/bpf/bpf_lsm.c | 60 +++++ kernel/bpf/helpers.c | 2 +- scripts/bpf_doc.py | 2 + tools/include/uapi/linux/bpf.h | 25 ++ tools/testing/selftests/bpf/Makefile | 14 +- tools/testing/selftests/bpf/config | 2 + .../bpf/prog_tests/verify_pkcs7_sig.c | 217 ++++++++++++++++++ .../bpf/progs/test_verify_pkcs7_sig.c | 168 ++++++++++++++ .../testing/selftests/bpf/verify_sig_setup.sh | 100 ++++++++ 11 files changed, 612 insertions(+), 4 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c create mode 100644 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c create mode 100755 tools/testing/selftests/bpf/verify_sig_setup.sh -- 2.25.1

2 years, 7 months

2
8
0 0

THIS IS VERY CONFIDENTIAL

by Steve Dibenedetto

-- Hello, My name is Steve Dibenedetto.I apologize to have contacted you this way without a direct relationship. There is an opportunity to collaborate with me in the sourcing of some materials needed by our company for production of the different medicines we are researching. I'm aware that this might be totally outside your professional specialization, but it will be a great source for generating extra revenue. I discovered a manufacturer who can supply us at a lower rate than our company's previous purchases. I will give you more specific details when/if I receive feedback from you showing interest. Warm Regards Steve Dibenedetto Production & Control Manager, Green Field Laboratories Gothic House, Barker Gate, Nottingham, NG1 1JU, United Kingdom.

2 years, 7 months

1
0
0 0

[PATCH V2] selftests/vm: Add protection_keys tests to run_vmtests

by Kalpana Shetty

Adding "protected_keys" tests to "run_vmtests.sh" would help out to run all VM related tests from a single shell script. Signed-off-by: Kalpana Shetty <kalpana.shetty(a)amd.com> --- Changes in V2: * Added patch description. tools/testing/selftests/vm/run_vmtests.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tools/testing/selftests/vm/run_vmtests.sh b/tools/testing/selftests/vm/run_vmtests.sh index 41fce8bea929..54a0c28f810c 100755 --- a/tools/testing/selftests/vm/run_vmtests.sh +++ b/tools/testing/selftests/vm/run_vmtests.sh @@ -179,4 +179,11 @@ run_test ./ksm_tests -N -m 1 # KSM test with 2 NUMA nodes and merge_across_nodes = 0 run_test ./ksm_tests -N -m 0 +# protection_keys tests +if [ $VADDR64 -eq 0 ]; then + run_test ./protection_keys_32 +else + run_test ./protection_keys_64 +fi + exit $exitcode -- 2.25.1

2 years, 7 months

3
6
0 0

[PATCH] selftests: KVM: Handle compiler optimizations in ucall

by Raghavendra Rao Ananta

The selftests, when built with newer versions of clang, is found to have over optimized guests' ucall() function, and eliminating the stores for uc.cmd (perhaps due to no immediate readers). This resulted in the userspace side always reading a value of '0', and causing multiple test failures. As a result, prevent the compiler from optimizing the stores in ucall() with WRITE_ONCE(). Suggested-by: Ricardo Koller <ricarkol(a)google.com> Suggested-by: Reiji Watanabe <reijiw(a)google.com> Signed-off-by: Raghavendra Rao Ananta <rananta(a)google.com> --- tools/testing/selftests/kvm/lib/aarch64/ucall.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/kvm/lib/aarch64/ucall.c b/tools/testing/selftests/kvm/lib/aarch64/ucall.c index e0b0164e9af8..be1d9728c4ce 100644 --- a/tools/testing/selftests/kvm/lib/aarch64/ucall.c +++ b/tools/testing/selftests/kvm/lib/aarch64/ucall.c @@ -73,20 +73,19 @@ void ucall_uninit(struct kvm_vm *vm) void ucall(uint64_t cmd, int nargs, ...) { - struct ucall uc = { - .cmd = cmd, - }; + struct ucall uc = {}; va_list va; int i; + WRITE_ONCE(uc.cmd, cmd); nargs = nargs <= UCALL_MAX_ARGS ? nargs : UCALL_MAX_ARGS; va_start(va, nargs); for (i = 0; i < nargs; ++i) - uc.args[i] = va_arg(va, uint64_t); + WRITE_ONCE(uc.args[i], va_arg(va, uint64_t)); va_end(va); - *ucall_exit_mmio_addr = (vm_vaddr_t)&uc; + WRITE_ONCE(*ucall_exit_mmio_addr, (vm_vaddr_t)&uc); } uint64_t get_ucall(struct kvm_vm *vm, uint32_t vcpu_id, struct ucall *uc) -- 2.36.1.476.g0c4daa206d-goog

2 years, 7 months

5
9
0 0

[PATCH v9 0/2] Introduce XSAVE feature self-test

by Pengfei Xu

The XSAVE feature set supports the saving and restoring of xstate components. XSAVE feature has been used for process context switching. XSAVE components include x87 state for FP execution environment, SSE state, AVX state and so on. In order to ensure that XSAVE works correctly, add XSAVE most basic test for XSAVE architecture functionality. This patch tests "FP, SSE(XMM), AVX2(YMM), AVX512_OPMASK/AVX512_ZMM_Hi256/ AVX512_Hi16_ZMM and PKRU parts" xstates with following cases: 1. The contents of these xstates in the process should not change after the signal handling. 2. The contents of these xstates in the child process should be the same as the contents of the xstate in the parent process after the fork syscall. 3. The contents of xstates in the parent process should not change after the context switch. Because xstate like XMM will not be preserved across function calls, fork() and raise() are implemented and inlined. To prevent GCC from generating any FP/SSE(XMM)/AVX/PKRU code, add "-mno-sse -mno-mmx -mno-sse2 -mno-avx -mno-pku" compiler arguments. stdlib.h can not be used because of the "-mno-sse" option. Thanks Dave, Hansen for the above suggestion! Thanks Chen Yu; Shuah Khan; Chatre Reinette and Tony Luck's comments! Thanks to Bae, Chang Seok for a bunch of comments! ======== - Change from v8 to v9 - Use function pointers to make it more structured. (Hansen, Dave) - Improve the function name: xstate_tested -> xstate_in_test. (Chang S. Bae) - Break this test up into two pieces: keep the xstate key test steps with "-mno-sse" and no stdlib.h, keep others in xstate.c file. (Hansen, Dave) - Use kselftest infrastructure for xstate.c file. (Hansen, Dave) - Use instruction back to populate fp xstate buffer. (Hansen, Dave) - Will skip the test if cpu could not support xsave. (Chang S. Bae) - Use __cpuid_count() helper in kselftest.h. (Reinette, Chatre) - Change from v7 to v8 Many thanks to Bae, Chang Seok for a bunch of comments as follow: - Use the filling buffer way to prepare the xstate buffer, and use xrstor instruction way to load the tested xstates. - Remove useless dump_buffer, compare_buffer functions. - Improve the struct of xstate_info. - Added AVX512_ZMM_Hi256 and AVX512_Hi16_ZMM components in xstate test. - Remove redundant xstate_info.xstate_mask, xstate_flag[], and xfeature_test_mask, use xstate_info.mask instead. - Check if xfeature is supported outside of fill_xstate_buf() , this change is easier to read and understand. - Remove useless wrpkru, only use filling all tested xstate buffer in fill_xstates_buf(). - Improve a bunch of function names and variable names. - Improve test steps flow for readability. - Change from v6 to v7: - Added the error number and error description of the reason for the failure, thanks Shuah Khan's suggestion. - Added a description of what these tests are doing in the head comments. - Added changes update in the head comments. - Added description of the purpose of the function. thanks Shuah Khan. - Change from v5 to v6: - In order to prevent GCC from generating any FP code by mistake, "-mno-sse -mno-mmx -mno-sse2 -mno-avx -mno-pku" compiler parameter was added, it's referred to the parameters for compiling the x86 kernel. Thanks Dave Hansen's suggestion. - Removed the use of "kselftest.h", because kselftest.h included <stdlib.h>, and "stdlib.h" would use sse instructions in it's libc, and this *XSAVE* test needed to be compiled without libc sse instructions(-mno-sse). - Improved the description in commit header, thanks Chen Yu's suggestion. - Becasue test code could not use buildin xsave64 in libc without sse, added xsave function by instruction way. - Every key test action would not use libc(like printf) except syscall until it's failed or done. If it's failed, then it would print the failed reason. - Used __cpuid_count() instead of native_cpuid(), becasue __cpuid_count() was a macro definition function with one instruction in libc and did not change xstate. Thanks Chatre Reinette, Shuah Khan. https://lore.kernel.org/linux-sgx/8b7c98f4-f050-bc1c-5699-fa598ecc66a2@linu… - Change from v4 to v5: - Moved code files into tools/testing/selftests/x86. - Delete xsave instruction test, becaue it's not related to kernel. - Improved case description. - Added AVX512 opmask change and related XSAVE content verification. - Added PKRU part xstate test into instruction and signal handling test. - Added XSAVE process swich test for FPU, AVX2, AVX512 opmask and PKRU part. - Change from v3 to v4: - Improve the comment in patch 1. - Change from v2 to v3: - Improve the description of patch 2 git log. - Change from v1 to v2: - Improve the cover-letter. Thanks Dave Hansen's suggestion. Pengfei Xu (2): selftests/x86/xstate: Add xstate signal handling test for XSAVE feature selftests/x86/xstate: Add xstate fork test for XSAVE feature tools/testing/selftests/x86/.gitignore | 1 + tools/testing/selftests/x86/Makefile | 11 +- tools/testing/selftests/x86/xstate.c | 235 ++++++++++++++++ tools/testing/selftests/x86/xstate.h | 267 +++++++++++++++++++ tools/testing/selftests/x86/xstate_helpers.c | 211 +++++++++++++++ tools/testing/selftests/x86/xstate_helpers.h | 10 + 6 files changed, 733 insertions(+), 2 deletions(-) create mode 100644 tools/testing/selftests/x86/xstate.c create mode 100644 tools/testing/selftests/x86/xstate.h create mode 100644 tools/testing/selftests/x86/xstate_helpers.c create mode 100644 tools/testing/selftests/x86/xstate_helpers.h -- 2.31.1

2 years, 7 months

2
4
0 0

kselftest/fixes kselftest-cpufreq: 2 runs, 1 regressions (v5.19-rc1-4-g9b4d5c01eb234)

by kernelci.org bot

kselftest/fixes kselftest-cpufreq: 2 runs, 1 regressions (v5.19-rc1-4-g9b4d5c01eb234) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+--------------+----------+---------------------+------------ meson-gxl-s905x-libretech-cc | arm64 | lab-baylibre | gcc-10 | defconfig+kselftest | 1 Details: https://kernelci.org/test/job/kselftest/branch/fixes/kernel/v5.19-rc1-4-g9b… Test: kselftest-cpufreq Tree: kselftest Branch: fixes Describe: v5.19-rc1-4-g9b4d5c01eb234 URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git SHA: 9b4d5c01eb234f66a15a746b1c73e10209edb199 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+--------------+----------+---------------------+------------ meson-gxl-s905x-libretech-cc | arm64 | lab-baylibre | gcc-10 | defconfig+kselftest | 1 Details: https://kernelci.org/test/plan/id/62abdaae5c31e13acda39bd2 Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+kselftest Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//kselftest/fixes/v5.19-rc1-4-g9b4d5c01eb234/ar… HTML log: https://storage.kernelci.org//kselftest/fixes/v5.19-rc1-4-g9b4d5c01eb234/ar… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bullseye-kselftest/2022061… * kselftest-cpufreq.login: https://kernelci.org/test/case/id/62abdaae5c31e13acda39bd3 new failure (last pass: v5.19-rc1)

2 years, 7 months

1
0
0 0

kselftest/fixes build: 5 builds: 0 failed, 5 passed (v5.19-rc1-4-g9b4d5c01eb234)

by kernelci.org bot

kselftest/fixes build: 5 builds: 0 failed, 5 passed (v5.19-rc1-4-g9b4d5c01eb234) Full Build Summary: https://kernelci.org/build/kselftest/branch/fixes/kernel/v5.19-rc1-4-g9b4d5… Tree: kselftest Branch: fixes Git Describe: v5.19-rc1-4-g9b4d5c01eb234 Git Commit: 9b4d5c01eb234f66a15a746b1c73e10209edb199 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git Built: 3 unique architectures ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- defconfig+kselftest (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v7_defconfig+kselftest (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

2 years, 7 months

1
0
0 0

[PATCH] selftests: make use of GUP_TEST_FILE macro

by Joel Savitz

Commit 17de1e559cf1 ("selftests: clarify common error when running gup_test") had most of its hunks dropped due to a conflict with another patch accepted into Linux around the same time that implemented the same behavior as a subset of other changes. However, the remaining hunk defines the GUP_TEST_FILE macro without making use of it. This patch makes use of the macro in the two relevant places. Furthermore, the above mentioned commit's log message erroneously describes the changes that were dropped from the patch. This patch corrects the record. Fixes: 17de1e559cf1 ("selftests: clarify common error when running gup_test") Signed-off-by: Joel Savitz <jsavitz(a)redhat.com> --- tools/testing/selftests/vm/gup_test.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/vm/gup_test.c b/tools/testing/selftests/vm/gup_test.c index 6bb36ca71cb5..a309876d832f 100644 --- a/tools/testing/selftests/vm/gup_test.c +++ b/tools/testing/selftests/vm/gup_test.c @@ -209,7 +209,7 @@ int main(int argc, char **argv) if (write) gup.gup_flags |= FOLL_WRITE; - gup_fd = open("/sys/kernel/debug/gup_test", O_RDWR); + gup_fd = open(GUP_TEST_FILE, O_RDWR); if (gup_fd == -1) { switch (errno) { case EACCES: @@ -224,7 +224,7 @@ int main(int argc, char **argv) printf("check if CONFIG_GUP_TEST is enabled in kernel config\n"); break; default: - perror("failed to open /sys/kernel/debug/gup_test"); + perror("failed to open " GUP_TEST_FILE); break; } exit(KSFT_SKIP); -- 2.31.1

2 years, 7 months

3
3
0 0

[RFC PATCH 0/6] User pkey minor bug fixes

by ira.weiny＠intel.com

From: Ira Weiny <ira.weiny(a)intel.com> While evaluating the possibility of defining a new type for pkeys within the kernel I found a couple of minor bugs. Because these patches clean up the return codes from system calls I'm sending this out RFC hoping that users will speak up if anything breaks. I'm not too concerned about pkey_free() because it is unlikely that anyone is checking the return code. Interestingly enough, glibc recommends not calling pkey_free() because it does not change the access rights to the key and may be subsequently allocated again.[1][2] The pkey_alloc() is more concerning. However, I checked the Chrome source and it does not differentiate among the return codes and maps all errors into kNoMemoryProtectionKey. glibc says it returns ENOSYS if the system does not support pkeys but I don't see where ENOSYS is returned? AFAICS it just returns what the kernel returns. So it is probably up to user of glibc. In addition I've enhanced the pkey tests to verify and test the changes. Thanks to Rick Edgecombe and Sohil Mehta for internal review. [1] Quote from manual/memory.texi: Calling this function does not change the access rights of the freed protection key. The calling thread and other threads may retain access to it, even if it is subsequently allocated again. For this reason, it is not recommended to call the @code{pkey_free} function. [2] PKS had a similar issue and went to statically allocated keys instead. Ira Weiny (6): testing/pkeys: Add command line options testing/pkeys: Don't use uninitialized variable testing/pkeys: Add additional test for pkey_alloc() pkeys: Lift pkey hardware check for pkey_alloc() pkeys: Up level pkey_free() checks pkeys: Change mm_pkey_free() to void arch/powerpc/include/asm/pkeys.h | 18 ++--- arch/x86/include/asm/pkeys.h | 7 +- include/linux/pkeys.h | 5 +- mm/mprotect.c | 13 +++- tools/testing/selftests/vm/pkey-helpers.h | 7 +- tools/testing/selftests/vm/protection_keys.c | 75 +++++++++++++++++--- 6 files changed, 86 insertions(+), 39 deletions(-) base-commit: 874c8ca1e60b2c564a48f7e7acc40d328d5c8733 -- 2.35.1

2 years, 7 months

5
17
0 0

[PATCH] selftests: vm: Fix resource leak when return error

by Ding Xiang

When return on an error path, file handle need to be closed to prevent resource leak Signed-off-by: Ding Xiang <dingxiang(a)cmss.chinamobile.com> --- tools/testing/selftests/vm/ksm_tests.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/testing/selftests/vm/ksm_tests.c b/tools/testing/selftests/vm/ksm_tests.c index 2fcf24312da8..f5e4e0bbd081 100644 --- a/tools/testing/selftests/vm/ksm_tests.c +++ b/tools/testing/selftests/vm/ksm_tests.c @@ -54,6 +54,7 @@ static int ksm_write_sysfs(const char *file_path, unsigned long val) } if (fprintf(f, "%lu", val) < 0) { perror("fprintf"); + fclose(f); return 1; } fclose(f); @@ -72,6 +73,7 @@ static int ksm_read_sysfs(const char *file_path, unsigned long *val) } if (fscanf(f, "%lu", val) != 1) { perror("fscanf"); + fclose(f); return 1; } fclose(f); -- 2.31.1

2 years, 7 months

2
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror