- Linux-kselftest-mirror - lists.linaro.org

Re: [selftests] a37ddddd86: BUG:KASAN:use-after-free_in_firmware_upload_unregister

by Russ Weight

Oliver, On 7/29/22 00:08, kernel test robot wrote: > > Greeting, > > FYI, we noticed the following commit (built with gcc-11): > > commit: a37ddddd86037c896c702b4df416bc4e51b2a5a0 ("selftests: firmware: Add firmware upload selftests") > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master > > in testcase: kernel-selftests > version: kernel-selftests-x86_64-4cb0bec3-1_20220724 > with following parameters: > > group: firmware > ucode: 0xec > > test-description: The kernel contains a set of "self tests" under the tools/testing/selftests/ directory. These are intended to be small unit tests to exercise individual code paths in the kernel. > test-url: https://www.kernel.org/doc/Documentation/kselftest.txt > > > on test machine: 8 threads Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz with 28G memory > > caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): > > > > If you fix the issue, kindly add following tag > Reported-by: kernel test robot <oliver.sang(a)intel.com> > > > [ 103.520572][ T2443] BUG: KASAN: use-after-free in firmware_upload_unregister (drivers/base/firmware_loader/sysfs_upload.c:395) > [ 103.520579][ T2443] Read of size 8 at addr ffff8881e186c808 by task fw_upload.sh/2443 > [ 103.528481][ T395] > [ 103.534696][ T2443] > [ 103.534698][ T2443] CPU: 7 PID: 2443 Comm: fw_upload.sh Not tainted 5.18.0-rc2-00036-ga37ddddd8603 #1 > [ 103.534701][ T2443] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.2.8 01/26/2016 > [ 103.534703][ T2443] Call Trace: > [ 103.534705][ T2443] <TASK> > [ 103.534707][ T2443] ? firmware_upload_unregister (drivers/base/firmware_loader/sysfs_upload.c:395) I believe I understand the problem, but I have been unable to reproduce the error to verify the fix: 394 device_unregister(&fw_sysfs->dev); 395 module_put(fw_upload_priv->module); The device_unregister() call could result in the dev_release function freeing the fw_upload_priv structure before it is dereferenced on line 395. Copying fw_upload_priv->module to a local variable for use when calling device_unregister() should fix the problem. > [ 103.534713][ T2443] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4)) > [ 103.588011][ T2443] print_address_description+0x1f/0x200 > [ 103.594406][ T2443] ? firmware_upload_unregister (drivers/base/firmware_loader/sysfs_upload.c:395) > [ 103.600112][ T2443] print_report.cold (mm/kasan/report.c:430) > [ 103.604782][ T2443] ? do_raw_spin_lock (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:82 kernel/locking/spinlock_debug.c:115) > [ 103.609624][ T2443] kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493) > [ 103.613861][ T2443] ? firmware_upload_unregister (drivers/base/firmware_loader/sysfs_upload.c:395) > [ 103.619561][ T2443] firmware_upload_unregister (drivers/base/firmware_loader/sysfs_upload.c:395) > [ 103.625091][ T2443] upload_unregister_store (lib/test_firmware.c:1060 lib/test_firmware.c:1321) > [ 103.630377][ T2443] ? sysfs_file_ops (fs/sysfs/file.c:129) > [ 103.635046][ T2443] kernfs_fop_write_iter (fs/kernfs/file.c:294) > [ 103.640145][ T2443] new_sync_write (fs/read_write.c:505 (discriminator 1)) > [ 103.644642][ T2443] ? new_sync_read (fs/read_write.c:494) > [ 103.649225][ T2443] ? ksys_write (fs/read_write.c:644) > [ 103.653463][ T2443] ? rcu_read_unlock (include/linux/rcupdate.h:723 (discriminator 5)) > [ 103.658057][ T2443] ? lock_is_held_type (kernel/locking/lockdep.c:5382 kernel/locking/lockdep.c:5684) > [ 103.662909][ T2443] vfs_write (fs/read_write.c:591) > [ 103.666984][ T2443] ksys_write (fs/read_write.c:644) > [ 103.671057][ T2443] ? __ia32_sys_read (fs/read_write.c:634) > [ 103.675645][ T2443] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4501) > [ 103.682051][ T2443] ? syscall_enter_from_user_mode (arch/x86/include/asm/irqflags.h:45 arch/x86/include/asm/irqflags.h:80 kernel/entry/common.c:109) > [ 103.687756][ T2443] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) > [ 103.692010][ T2443] ? pick_file (fs/file.c:660) > [ 103.696165][ T2443] ? do_raw_spin_unlock (arch/x86/include/asm/atomic.h:29 include/linux/atomic/atomic-instrumented.h:28 include/asm-generic/qspinlock.h:28 kernel/locking/spinlock_debug.c:100 kernel/locking/spinlock_debug.c:140) > [ 103.701094][ T2443] ? syscall_exit_to_user_mode (kernel/entry/common.c:129 kernel/entry/common.c:296) > [ 103.706539][ T2443] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4501) > [ 103.712929][ T2443] ? do_syscall_64 (arch/x86/entry/common.c:87) > [ 103.717343][ T2443] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4501) > [ 103.723747][ T2443] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115) > [ 103.729451][ T2443] RIP: 0033:0x7f1020308f33 > [ 103.733709][ T2443] Code: 8b 15 61 ef 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 48 89 54 24 18 > All code > ======== > 0: 8b 15 61 ef 0c 00 mov 0xcef61(%rip),%edx # 0xcef67 > 6: f7 d8 neg %eax > 8: 64 89 02 mov %eax,%fs:(%rdx) > b: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax > 12: eb b7 jmp 0xffffffffffffffcb > 14: 0f 1f 00 nopl (%rax) > 17: 64 8b 04 25 18 00 00 mov %fs:0x18,%eax > 1e: 00 > 1f: 85 c0 test %eax,%eax > 21: 75 14 jne 0x37 > 23: b8 01 00 00 00 mov $0x1,%eax > 28: 0f 05 syscall > 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction > 30: 77 55 ja 0x87 > 32: c3 retq > 33: 0f 1f 40 00 nopl 0x0(%rax) > 37: 48 83 ec 28 sub $0x28,%rsp > 3b: 48 89 54 24 18 mov %rdx,0x18(%rsp) > > Code starting with the faulting instruction > =========================================== > 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax > 6: 77 55 ja 0x5d > 8: c3 retq > 9: 0f 1f 40 00 nopl 0x0(%rax) > d: 48 83 ec 28 sub $0x28,%rsp > 11: 48 89 54 24 18 mov %rdx,0x18(%rsp) > [ 103.753040][ T2443] RSP: 002b:00007fffe4075988 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 > [ 103.761244][ T2443] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1020308f33 > [ 103.769013][ T2443] RDX: 0000000000000003 RSI: 00005582df845b80 RDI: 0000000000000001 > [ 103.776791][ T2443] RBP: 00005582df845b80 R08: 00000000ffffffff R09: 0000000000000003 > [ 103.784561][ T2443] R10: 00005582df833c80 R11: 0000000000000246 R12: 0000000000000003 > [ 103.792328][ T2443] R13: 00007f10203d96a0 R14: 0000000000000003 R15: 00007f10203d98a0 > [ 103.800100][ T2443] </TASK> > [ 103.802957][ T2443] > [ 103.805125][ T2443] Allocated by task 2443: > [ 103.809276][ T2443] kasan_save_stack (mm/kasan/common.c:39) > [ 103.813781][ T2443] __kasan_kmalloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515 mm/kasan/common.c:524) > [ 103.818190][ T2443] firmware_upload_register (drivers/base/firmware_loader/sysfs_upload.c:160) > [ 103.824150][ T2443] upload_register_store (lib/test_firmware.c:1279) > [ 103.829250][ T2443] kernfs_fop_write_iter (fs/kernfs/file.c:294) > [ 103.834350][ T2443] new_sync_write (fs/read_write.c:505 (discriminator 1)) > [ 103.838846][ T2443] vfs_write (fs/read_write.c:591) > [ 103.842910][ T2443] ksys_write (fs/read_write.c:644) > [ 103.846975][ T2443] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) > [ 103.851217][ T2443] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115) > [ 103.856932][ T2443] > [ 103.859100][ T2443] Freed by task 2443: > [ 103.862907][ T2443] kasan_save_stack (mm/kasan/common.c:39) > [ 103.867415][ T2443] kasan_set_track (mm/kasan/common.c:45) > [ 103.871822][ T2443] kasan_set_free_info (mm/kasan/generic.c:372) > [ 103.876579][ T2443] __kasan_slab_free (mm/kasan/common.c:368 mm/kasan/common.c:328 mm/kasan/common.c:374) > [ 103.881331][ T2443] slab_free_freelist_hook (mm/slub.c:1754) > [ 103.886517][ T2443] kfree (mm/slub.c:3510 mm/slub.c:4552) > [ 103.890156][ T2443] fw_dev_release (drivers/base/firmware_loader/sysfs.c:102) > [ 103.894483][ T2443] device_release (drivers/base/core.c:2235) > [ 103.898902][ T2443] kobject_cleanup (lib/kobject.c:677) > [ 103.903492][ T2443] firmware_upload_unregister (drivers/base/firmware_loader/sysfs_upload.c:395) > [ 103.909034][ T2443] upload_unregister_store (lib/test_firmware.c:1060 lib/test_firmware.c:1321) > [ 103.914311][ T2443] kernfs_fop_write_iter (fs/kernfs/file.c:294) > [ 103.919429][ T2443] new_sync_write (fs/read_write.c:505 (discriminator 1)) > [ 103.923927][ T2443] vfs_write (fs/read_write.c:591) > [ 103.927990][ T2443] ksys_write (fs/read_write.c:644) > [ 103.932054][ T2443] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) > [ 103.936290][ T2443] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115) > [ 103.941992][ T2443] > [ 103.944159][ T2443] Last potentially related work creation: > [ 103.949704][ T2443] kasan_save_stack (mm/kasan/common.c:39) > [ 103.954216][ T2443] __kasan_record_aux_stack (mm/kasan/generic.c:348) > [ 103.959400][ T2443] insert_work (include/linux/instrumented.h:71 include/asm-generic/bitops/instrumented-non-atomic.h:134 kernel/workqueue.c:635 kernel/workqueue.c:642 kernel/workqueue.c:1361) > [ 103.963552][ T2443] __queue_work (kernel/workqueue.c:1520) > [ 103.967888][ T2443] queue_work_on (kernel/workqueue.c:1546) > [ 103.972141][ T2443] fw_upload_start (drivers/base/firmware_loader/sysfs_upload.c:263) > [ 103.976723][ T2443] firmware_loading_store (drivers/base/firmware_loader/sysfs.c:213) > [ 103.981910][ T2443] kernfs_fop_write_iter (fs/kernfs/file.c:294) > [ 103.987022][ T2443] new_sync_write (fs/read_write.c:505 (discriminator 1)) > [ 103.991537][ T2443] vfs_write (fs/read_write.c:591) > [ 103.995604][ T2443] ksys_write (fs/read_write.c:644) > [ 103.999673][ T2443] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) > [ 104.003930][ T2443] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115) > [ 104.009631][ T2443] > [ 104.011800][ T2443] Second to last potentially related work creation: > [ 104.018219][ T2443] kasan_save_stack (mm/kasan/common.c:39) > [ 104.022727][ T2443] __kasan_record_aux_stack (mm/kasan/generic.c:348) > [ 104.027938][ T2443] insert_work (include/linux/instrumented.h:71 include/asm-generic/bitops/instrumented-non-atomic.h:134 kernel/workqueue.c:635 kernel/workqueue.c:642 kernel/workqueue.c:1361) > [ 104.032101][ T2443] __queue_work (kernel/workqueue.c:1520) > [ 104.036423][ T2443] queue_work_on (kernel/workqueue.c:1546) > [ 104.040658][ T2443] fw_upload_start (drivers/base/firmware_loader/sysfs_upload.c:263) > [ 104.045240][ T2443] firmware_loading_store (drivers/base/firmware_loader/sysfs.c:213) > [ 104.050423][ T2443] kernfs_fop_write_iter (fs/kernfs/file.c:294) > [ 104.055522][ T2443] new_sync_write (fs/read_write.c:505 (discriminator 1)) > [ 104.060016][ T2443] vfs_write (fs/read_write.c:591) > [ 104.064081][ T2443] ksys_write (fs/read_write.c:644) > [ 104.068144][ T2443] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) > [ 104.072381][ T2443] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:115) > [ 104.078083][ T2443] > [ 104.080249][ T2443] The buggy address belongs to the object at ffff8881e186c800 > [ 104.080249][ T2443] which belongs to the cache kmalloc-512 of size 512 > [ 104.094049][ T2443] The buggy address is located 8 bytes inside of > [ 104.094049][ T2443] 512-byte region [ffff8881e186c800, ffff8881e186ca00) > [ 104.106914][ T2443] > [ 104.109084][ T2443] The buggy address belongs to the physical page: > [ 104.115315][ T2443] page:0000000037a5888d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e1868 > [ 104.125336][ T2443] head:0000000037a5888d order:3 compound_mapcount:0 compound_pincount:0 > [ 104.133454][ T2443] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) > [ 104.141498][ T2443] raw: 0017ffffc0010200 ffffea0005491e00 dead000000000002 ffff888100042c80 > [ 104.149885][ T2443] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 > [ 104.158274][ T2443] page dumped because: kasan: bad access detected > [ 104.164492][ T2443] > > > To reproduce: > > git clone https://github.com/intel/lkp-tests.git > cd lkp-tests > sudo bin/lkp install job.yaml # job file is attached in this email I have tried these steps on Fedora35 and on CentOS Stream. In both cases I have missing packages that I have not yet resolved: Error: Unable to find a match: arping lib32gcc-dev libc6-dev-i386 libc6-i386 libc6-x32 libhugetlbfs-dev libmnl-dev libmount-dev libpci3 libreadline-dev libx32asan5 libx32atomic1 libx32gcc1 libx32gcc-dev libx32gomp1 libx32itm1 libx32quadmath0 libx32ubsan1 linux-libc-dev-amd64-cross netcat-openbsd openvswitch-common openvswitch-switch sendip libpci-dev Simply running the fw_upload selftests in a loop is not sufficient to trigger the error. Can you provide additional instructions for running the lkp tests manually? Do I need a specific OS? How can I access the missing packages? Thanks, - Russ > bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run > sudo bin/lkp run generated-yaml-file > > # if come across any failure that blocks the test, > # please remove ~/.lkp and /lkp dir to run from a clean state. > > >

3 years, 1 month

1
0
0 0

[PATCH] kselftest/arm64: Fix validatation of EXTRA_CONTEXT signal data

by Mark Brown

When arm64 signal context data overflows the base struct sigcontext it gets placed in an extra buffer pointed to by a record of type EXTRA_CONTEXT in the base struct sigcontext which is required to be the last record in the base struct sigframe. The current validation code attempts to check this by using GET_RESV_NEXT_HEAD() to step forward from the current record to the next but that is a macro which assumes it is being provided with a struct _aarch64_ctx and uses the size there to skip forward to the next record. Instead validate_extra_context() passes it a struct extra_context which has a separate size field. This compiles but results in us trying to validate a terminator in completely the wrong place, at best failing validation and at worst just segfaulting. Fix this by passing the struct _aarch64_ctx we meant to into the macro. Signed-off-by: Mark Brown <broonie(a)kernel.org> --- tools/testing/selftests/arm64/signal/testcases/testcases.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/arm64/signal/testcases/testcases.c b/tools/testing/selftests/arm64/signal/testcases/testcases.c index 84c36bee4d82..d98828cb542b 100644 --- a/tools/testing/selftests/arm64/signal/testcases/testcases.c +++ b/tools/testing/selftests/arm64/signal/testcases/testcases.c @@ -33,7 +33,7 @@ bool validate_extra_context(struct extra_context *extra, char **err) return false; fprintf(stderr, "Validating EXTRA...\n"); - term = GET_RESV_NEXT_HEAD(extra); + term = GET_RESV_NEXT_HEAD(&extra->head); if (!term || term->magic || term->size) { *err = "Missing terminator after EXTRA context"; return false; -- 2.30.2

3 years, 1 month

1
0
0 0

[PATCH]Kselftests: Removing support of libhugetlbfs from kselftests

by Tarun Sahu

libhugetlbfs, the user side utitlity to work with hugepages, does not have any active support. There are only 2 selftests which are part of in vm/hmm_test.c that depends on libhugetlbfs. This patch modifes the tests so that they will not require libhugetlb library. Signed-off-by: Tarun Sahu <tsahu(a)linux.ibm.com> --- Instead of using general function from libhugetlbfs, this patch only uses the required part from it which are actually being used in these tests. Results: I tested it on Power9 with hash page translation(Hugepage size=16M) and Power10 with radix page translation(Hugepage size=2M). tools/testing/selftests/vm/Makefile | 17 ---- tools/testing/selftests/vm/check_config.sh | 31 ------ tools/testing/selftests/vm/hmm-tests.c | 108 ++++++++++++++------- 3 files changed, 73 insertions(+), 83 deletions(-) delete mode 100644 tools/testing/selftests/vm/check_config.sh diff --git a/tools/testing/selftests/vm/Makefile b/tools/testing/selftests/vm/Makefile index 44f25acfbeca..006b7747b7fd 100644 --- a/tools/testing/selftests/vm/Makefile +++ b/tools/testing/selftests/vm/Makefile @@ -152,23 +152,6 @@ endif $(OUTPUT)/mlock-random-test $(OUTPUT)/memfd_secret: LDLIBS += -lcap -# HMM_EXTRA_LIBS may get set in local_config.mk, or it may be left empty. -$(OUTPUT)/hmm-tests: LDLIBS += $(HMM_EXTRA_LIBS) - $(OUTPUT)/ksm_tests: LDLIBS += -lnuma $(OUTPUT)/migration: LDLIBS += -lnuma - -local_config.mk local_config.h: check_config.sh - /bin/sh ./check_config.sh $(CC) - -EXTRA_CLEAN += local_config.mk local_config.h - -ifeq ($(HMM_EXTRA_LIBS),) -all: warn_missing_hugelibs - -warn_missing_hugelibs: - @echo ; \ - echo "Warning: missing libhugetlbfs support. Some HMM tests will be skipped." ; \ - echo -endif diff --git a/tools/testing/selftests/vm/check_config.sh b/tools/testing/selftests/vm/check_config.sh deleted file mode 100644 index 079c8a40b85d..000000000000 --- a/tools/testing/selftests/vm/check_config.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -# SPDX-License-Identifier: GPL-2.0 -# -# Probe for libraries and create header files to record the results. Both C -# header files and Makefile include fragments are created. - -OUTPUT_H_FILE=local_config.h -OUTPUT_MKFILE=local_config.mk - -# libhugetlbfs -tmpname=$(mktemp) -tmpfile_c=${tmpname}.c -tmpfile_o=${tmpname}.o - -echo "#include <sys/types.h>" > $tmpfile_c -echo "#include <hugetlbfs.h>" >> $tmpfile_c -echo "int func(void) { return 0; }" >> $tmpfile_c - -CC=${1:?"Usage: $0 <compiler> # example compiler: gcc"} -$CC -c $tmpfile_c -o $tmpfile_o >/dev/null 2>&1 - -if [ -f $tmpfile_o ]; then - echo "#define LOCAL_CONFIG_HAVE_LIBHUGETLBFS 1" > $OUTPUT_H_FILE - echo "HMM_EXTRA_LIBS = -lhugetlbfs" > $OUTPUT_MKFILE -else - echo "// No libhugetlbfs support found" > $OUTPUT_H_FILE - echo "# No libhugetlbfs support found, so:" > $OUTPUT_MKFILE - echo "HMM_EXTRA_LIBS = " >> $OUTPUT_MKFILE -fi - -rm ${tmpname}.* diff --git a/tools/testing/selftests/vm/hmm-tests.c b/tools/testing/selftests/vm/hmm-tests.c index 203323967b50..bcb80f35b81b 100644 --- a/tools/testing/selftests/vm/hmm-tests.c +++ b/tools/testing/selftests/vm/hmm-tests.c @@ -26,10 +26,6 @@ #include <sys/mman.h> #include <sys/ioctl.h> -#include "./local_config.h" -#ifdef LOCAL_CONFIG_HAVE_LIBHUGETLBFS -#include <hugetlbfs.h> -#endif /* * This is a private UAPI to the kernel test module so it isn't exported @@ -666,7 +662,54 @@ TEST_F(hmm, anon_write_huge) hmm_buffer_free(buffer); } -#ifdef LOCAL_CONFIG_HAVE_LIBHUGETLBFS +/* + * Read numeric data from raw and tagged kernel status files. Used to read + * /proc and /sys data (without a tag) and from /proc/meminfo (with a tag). + */ +static long file_read_ulong(char *file, const char *tag) +{ + int fd; + char buf[2048]; + int len; + char *p, *q; + long val; + + fd = open(file, O_RDONLY); + if (fd < 0) { + /* Error opening the file */ + return -1; + } + + len = read(fd, buf, sizeof(buf)); + close(fd); + if (len < 0) { + /* Error in reading the file */ + return -1; + } + if (len == sizeof(buf)) { + /* Error file is too large */ + return -1; + } + buf[len] = '\0'; + + /* Search for a tag if provided */ + if (tag) { + p = strstr(buf, tag); + if (!p) + return -1; /* looks like the line we want isn't there */ + p += strlen(tag); + } else + p = buf; + + val = strtol(p, &q, 0); + if (*q != ' ') { + /* Error parsing the file */ + return -1; + } + + return val; +} + /* * Write huge TLBFS page. */ @@ -675,29 +718,27 @@ TEST_F(hmm, anon_write_hugetlbfs) struct hmm_buffer *buffer; unsigned long npages; unsigned long size; + unsigned long default_hsize; unsigned long i; int *ptr; int ret; - long pagesizes[4]; - int n, idx; - - /* Skip test if we can't allocate a hugetlbfs page. */ - n = gethugepagesizes(pagesizes, 4); - if (n <= 0) + default_hsize = file_read_ulong("/proc/meminfo", "Hugepagesize:"); + if (default_hsize < 0 || default_hsize*1024 < default_hsize) SKIP(return, "Huge page size could not be determined"); - for (idx = 0; --n > 0; ) { - if (pagesizes[n] < pagesizes[idx]) - idx = n; - } - size = ALIGN(TWOMEG, pagesizes[idx]); + default_hsize = default_hsize*1024; /* KB to B */ + + size = ALIGN(TWOMEG, default_hsize); npages = size >> self->page_shift; buffer = malloc(sizeof(*buffer)); ASSERT_NE(buffer, NULL); - buffer->ptr = get_hugepage_region(size, GHR_STRICT); - if (buffer->ptr == NULL) { + buffer->ptr = mmap(NULL, size, + PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS | MAP_HUGETLB, + -1, 0); + if (buffer->ptr == MAP_FAILED) { free(buffer); SKIP(return, "Huge page could not be allocated"); } @@ -721,11 +762,10 @@ TEST_F(hmm, anon_write_hugetlbfs) for (i = 0, ptr = buffer->ptr; i < size / sizeof(*ptr); ++i) ASSERT_EQ(ptr[i], i); - free_hugepage_region(buffer->ptr); + munmap(buffer->ptr, buffer->size); buffer->ptr = NULL; hmm_buffer_free(buffer); } -#endif /* LOCAL_CONFIG_HAVE_LIBHUGETLBFS */ /* * Read mmap'ed file memory. @@ -1384,7 +1424,6 @@ TEST_F(hmm2, snapshot) hmm_buffer_free(buffer); } -#ifdef LOCAL_CONFIG_HAVE_LIBHUGETLBFS /* * Test the hmm_range_fault() HMM_PFN_PMD flag for large pages that * should be mapped by a large page table entry. @@ -1394,30 +1433,30 @@ TEST_F(hmm, compound) struct hmm_buffer *buffer; unsigned long npages; unsigned long size; + unsigned long default_hsize; int *ptr; unsigned char *m; int ret; - long pagesizes[4]; - int n, idx; unsigned long i; /* Skip test if we can't allocate a hugetlbfs page. */ - n = gethugepagesizes(pagesizes, 4); - if (n <= 0) - return; - for (idx = 0; --n > 0; ) { - if (pagesizes[n] < pagesizes[idx]) - idx = n; - } - size = ALIGN(TWOMEG, pagesizes[idx]); + default_hsize = file_read_ulong("/proc/meminfo", "Hugepagesize:"); + if (default_hsize < 0 || default_hsize*1024 < default_hsize) + SKIP(return, "Huge page size could not be determined"); + default_hsize = default_hsize*1024; /* KB to B */ + + size = ALIGN(TWOMEG, default_hsize); npages = size >> self->page_shift; buffer = malloc(sizeof(*buffer)); ASSERT_NE(buffer, NULL); - buffer->ptr = get_hugepage_region(size, GHR_STRICT); - if (buffer->ptr == NULL) { + buffer->ptr = mmap(NULL, size, + PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS | MAP_HUGETLB, + -1, 0); + if (buffer->ptr == MAP_FAILED) { free(buffer); return; } @@ -1456,11 +1495,10 @@ TEST_F(hmm, compound) ASSERT_EQ(m[i], HMM_DMIRROR_PROT_READ | HMM_DMIRROR_PROT_PMD); - free_hugepage_region(buffer->ptr); + munmap(buffer->ptr, buffer->size); buffer->ptr = NULL; hmm_buffer_free(buffer); } -#endif /* LOCAL_CONFIG_HAVE_LIBHUGETLBFS */ /* * Test two devices reading the same memory (double mapped). -- 2.35.1

3 years, 1 month

1
0
0 0

[PATCH linux-next] selftests:bpf:use the !E in conditional statements

by cgel.zte＠gmail.com

From: ye xingchen <ye.xingchen(a)zte.com.cn> Use !E to replace the type of x == NULL. This change is just to simplify the code, no actual functional changes. Reported-by: Zeal Robot <zealci(a)zte.com.cn> Signed-off-by: ye xingchen <ye.xingchen(a)zte.com.cn> --- .../selftests/bpf/progs/profiler.inc.h | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/profiler.inc.h b/tools/testing/selftests/bpf/progs/profiler.inc.h index 92331053dba3..7d522e8968b5 100644 --- a/tools/testing/selftests/bpf/progs/profiler.inc.h +++ b/tools/testing/selftests/bpf/progs/profiler.inc.h @@ -189,7 +189,7 @@ static INLINE void populate_ancestors(struct task_struct* task, #endif for (num_ancestors = 0; num_ancestors < MAX_ANCESTORS; num_ancestors++) { parent = BPF_CORE_READ(parent, real_parent); - if (parent == NULL) + if (!parent) break; ppid = BPF_CORE_READ(parent, tgid); if (is_init_process(ppid)) @@ -361,7 +361,7 @@ get_var_kill_data(struct pt_regs* ctx, int spid, int tpid, int sig) int zero = 0; struct var_kill_data_t* kill_data = bpf_map_lookup_elem(&data_heap, &zero); - if (kill_data == NULL) + if (!kill_data) return NULL; struct task_struct* task = (struct task_struct*)bpf_get_current_task(); @@ -386,14 +386,14 @@ static INLINE int trace_var_sys_kill(void* ctx, int tpid, int sig) u32 spid = get_userspace_pid(); struct var_kill_data_arr_t* arr_struct = bpf_map_lookup_elem(&var_tpid_to_data, &tpid); - if (arr_struct == NULL) { + if (!arr_struct) { struct var_kill_data_t* kill_data = get_var_kill_data(ctx, spid, tpid, sig); int zero = 0; - if (kill_data == NULL) + if (!kill_data) return 0; arr_struct = bpf_map_lookup_elem(&data_heap, &zero); - if (arr_struct == NULL) + if (!arr_struct) return 0; bpf_probe_read(&arr_struct->array[0], sizeof(arr_struct->array[0]), kill_data); } else { @@ -402,7 +402,7 @@ static INLINE int trace_var_sys_kill(void* ctx, int tpid, int sig) if (index == -1) { struct var_kill_data_t* kill_data = get_var_kill_data(ctx, spid, tpid, sig); - if (kill_data == NULL) + if (!kill_data) return 0; #ifdef UNROLL #pragma unroll @@ -433,7 +433,7 @@ static INLINE int trace_var_sys_kill(void* ctx, int tpid, int sig) } else { struct var_kill_data_t* kill_data = get_var_kill_data(ctx, spid, tpid, sig); - if (kill_data == NULL) + if (!kill_data) return 0; bpf_probe_read(&arr_struct->array[index], sizeof(arr_struct->array[index]), @@ -534,14 +534,14 @@ static INLINE bool is_dentry_allowed_for_filemod(struct dentry* file_dentry, *device_id = dev_id; bool* allowed_device = bpf_map_lookup_elem(&allowed_devices, &dev_id); - if (allowed_device == NULL) + if (!allowed_device) return false; u64 ino = BPF_CORE_READ(file_dentry, d_inode, i_ino); *file_ino = ino; bool* allowed_file = bpf_map_lookup_elem(&allowed_file_inodes, &ino); - if (allowed_file == NULL) + if (!allowed_file) if (!is_ancestor_in_allowed_inodes(BPF_CORE_READ(file_dentry, d_parent))) return false; return true; @@ -625,7 +625,7 @@ int raw_tracepoint__sched_process_exit(void* ctx) struct var_kill_data_arr_t* arr_struct = bpf_map_lookup_elem(&var_tpid_to_data, &tpid); struct var_kill_data_t* kill_data = bpf_map_lookup_elem(&data_heap, &zero); - if (arr_struct == NULL || kill_data == NULL) + if (!arr_struct || !kill_data) goto out; struct task_struct* task = (struct task_struct*)bpf_get_current_task(); @@ -767,7 +767,7 @@ int kprobe_ret__do_filp_open(struct pt_regs* ctx) struct file* filp = (struct file*)PT_REGS_RC_CORE(ctx); - if (filp == NULL || IS_ERR(filp)) + if (!filp || IS_ERR(filp)) goto out; unsigned int flags = BPF_CORE_READ(filp, f_flags); if ((flags & (O_RDWR | O_WRONLY)) == 0) -- 2.25.1

3 years, 1 month

1
0
0 0

[PATCH 0/4] mm/memfd: MFD_NOEXEC for memfd_create

by Daniel Verkamp

The default file permissions on a memfd include execute bits, which means that such a memfd can be filled with a executable and passed to the exec() family of functions. This is undesirable on systems where all code is verified and all filesystems are intended to be mounted noexec, since an attacker may be able to use a memfd to load unverified code and execute it. Additionally, execution via memfd is a common way to avoid scrutiny for malicious code, since it allows execution of a program without a file ever appearing on disk. This attack vector is not totally mitigated with this new flag, since the default memfd file permissions must remain executable to avoid breaking existing legitimate uses, but it should be possible to use other security mechanisms to prevent memfd_create calls without MFD_NOEXEC on systems where it is known that executable memfds are not necessary. This patch series adds a new MFD_NOEXEC flag for memfd_create(), which allows creation of non-executable memfds, and as part of the implementation of this new flag, it also adds a new F_SEAL_EXEC seal, which will prevent modification of any of the execute bits of a sealed memfd. I am not sure if this is the best way to implement the desired behavior (for example, the F_SEAL_EXEC seal is really more of an implementation detail and feels a bit clunky to expose), so suggestions are welcome for alternate approaches. Daniel Verkamp (4): mm/memfd: add F_SEAL_EXEC mm/memfd: add MFD_NOEXEC flag to memfd_create selftests/memfd: add tests for F_SEAL_EXEC selftests/memfd: add tests for MFD_NOEXEC include/uapi/linux/fcntl.h | 1 + include/uapi/linux/memfd.h | 1 + mm/memfd.c | 12 ++- mm/shmem.c | 6 ++ tools/testing/selftests/memfd/memfd_test.c | 114 +++++++++++++++++++++ 5 files changed, 133 insertions(+), 1 deletion(-) -- 2.35.1.1094.g7c7d902a7c-goog

3 years, 1 month

3
10
0 0

[PATCH v2] drm/tests: Split up test cases in igt_check_drm_format_min_pitch

by Maíra Canal

The igt_check_drm_format_min_pitch() function had a lot of KUNIT_EXPECT_* calls, all of which ended up allocating and initializing various test assertion structures on the stack. This behavior was producing -Wframe-larger-than warnings on PowerPC, i386, and MIPS architectures, such as: drivers/gpu/drm/tests/drm_format_test.c: In function 'igt_check_drm_format_min_pitch': drivers/gpu/drm/tests/drm_format_test.c:271:1: error: the frame size of 3712 bytes is larger than 2048 bytes So, the igt_check_drm_format_min_pitch() test case was split into three smaller functions: one testing single plane formats, one testing multi-planar formats, and the other testing tiled formats. Fixes: 0421bb0baa84 ("drm: selftest: convert drm_format selftest to KUnit") Reported-by: kernel test robot <lkp(a)intel.com> Reported-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Maíra Canal <mairacanal(a)riseup.net> Tested-by: Guenter Roeck <linux(a)roeck-us.net> Reviewed-by: André Almeida <andrealmeid(a)igalia.com> --- v1 -> v2: - Add Guenter's Tested-by tag. - Add André's Reviewed-by tag. - Replace "multiple planes" for "multi-planar" (André Almeida). - Add Fixes tag (Melissa Wen). --- drivers/gpu/drm/tests/drm_format_test.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/tests/drm_format_test.c b/drivers/gpu/drm/tests/drm_format_test.c index 056cb8599d6d..afb4bca72187 100644 --- a/drivers/gpu/drm/tests/drm_format_test.c +++ b/drivers/gpu/drm/tests/drm_format_test.c @@ -91,7 +91,7 @@ static void igt_check_drm_format_block_height(struct kunit *test) KUNIT_EXPECT_FALSE(test, drm_format_info_block_height(info, -1)); } -static void igt_check_drm_format_min_pitch(struct kunit *test) +static void igt_check_drm_format_min_pitch_for_single_plane(struct kunit *test) { const struct drm_format_info *info = NULL; @@ -175,6 +175,11 @@ static void igt_check_drm_format_min_pitch(struct kunit *test) (uint64_t)UINT_MAX * 4); KUNIT_EXPECT_EQ(test, drm_format_info_min_pitch(info, 0, (UINT_MAX - 1)), (uint64_t)(UINT_MAX - 1) * 4); +} + +static void igt_check_drm_format_min_pitch_for_multi_planar(struct kunit *test) +{ + const struct drm_format_info *info = NULL; /* Test 2 planes format */ info = drm_format_info(DRM_FORMAT_NV12); @@ -249,6 +254,11 @@ static void igt_check_drm_format_min_pitch(struct kunit *test) (uint64_t)(UINT_MAX - 1) / 2); KUNIT_EXPECT_EQ(test, drm_format_info_min_pitch(info, 2, (UINT_MAX - 1) / 2), (uint64_t)(UINT_MAX - 1) / 2); +} + +static void igt_check_drm_format_min_pitch_for_tiled_format(struct kunit *test) +{ + const struct drm_format_info *info = NULL; /* Test tiled format */ info = drm_format_info(DRM_FORMAT_X0L2); @@ -273,7 +283,9 @@ static void igt_check_drm_format_min_pitch(struct kunit *test) static struct kunit_case drm_format_tests[] = { KUNIT_CASE(igt_check_drm_format_block_width), KUNIT_CASE(igt_check_drm_format_block_height), - KUNIT_CASE(igt_check_drm_format_min_pitch), + KUNIT_CASE(igt_check_drm_format_min_pitch_for_single_plane), + KUNIT_CASE(igt_check_drm_format_min_pitch_for_multi_planar), + KUNIT_CASE(igt_check_drm_format_min_pitch_for_tiled_format), { } }; -- 2.37.1

3 years, 1 month

2
1
0 0

[net-next v5 0/4] seg6: add support for SRv6 Headend Reduced

by Andrea Mayer

This patchset adds support for SRv6 Headend behavior with Reduced Encapsulation. It introduces the H.Encaps.Red and H.L2Encaps.Red versions of the SRv6 H.Encaps and H.L2Encaps behaviors, according to RFC 8986 [1]. In details, the patchset is made of: - patch 1/4: add support for SRv6 H.Encaps.Red behavior; - Patch 2/4: add support for SRv6 H.L2Encaps.Red behavior; - patch 2/4: add selftest for SRv6 H.Encaps.Red behavior; - patch 3/4: add selftest for SRv6 H.L2Encaps.Red behavior. The corresponding iproute2 patch for supporting SRv6 H.Encaps.Red and H.L2Encaps.Red behaviors is provided in a separated patchset. [1] - https://datatracker.ietf.org/doc/html/rfc8986 V4 -> v5: - Fix skb checksum for SRH Reduced encapsulation/insertion; - Improve selftests by: i) adding a random suffix to network namespaces; ii) creating net devices directly into network namespaces; iii) using trap EXIT command to properly clean up selftest networks. Thanks to Paolo Abeni. v3 -> v4: - Add selftests to the Makefile, thanks to Jakub Kicinski. v2 -> v3: - Keep SRH when HMAC TLV is present; - Split the support for H.Encaps.Red and H.L2Encaps.Red behaviors in two patches (respectively, patch 1/4 and patch 2/4); - Add selftests for SRv6 H.Encaps.Red and H.L2Encaps.Red. v1 -> v2: - Fixed sparse warnings; - memset now uses sizeof() instead of hardcoded value; - Removed EXPORT_SYMBOL_GPL. Andrea Mayer (4): seg6: add support for SRv6 H.Encaps.Red behavior seg6: add support for SRv6 H.L2Encaps.Red behavior selftests: seg6: add selftest for SRv6 H.Encaps.Red behavior selftests: seg6: add selftest for SRv6 H.L2Encaps.Red behavior include/uapi/linux/seg6_iptunnel.h | 2 + net/ipv6/seg6_iptunnel.c | 140 ++- tools/testing/selftests/net/Makefile | 2 + .../net/srv6_hencap_red_l3vpn_test.sh | 879 ++++++++++++++++++ .../net/srv6_hl2encap_red_l2vpn_test.sh | 821 ++++++++++++++++ 5 files changed, 1842 insertions(+), 2 deletions(-) create mode 100755 tools/testing/selftests/net/srv6_hencap_red_l3vpn_test.sh create mode 100755 tools/testing/selftests/net/srv6_hl2encap_red_l2vpn_test.sh -- 2.20.1

3 years, 1 month

2
5
0 0

[PATCH net-next v1] selftests: net: dsa: Add a Makefile which installs the selftests

by Martin Blumenstingl

Add a Makefile which takes care of installing the selftests in tools/testing/selftests/drivers/net/dsa. This can be used to install all DSA specific selftests and forwarding.config using the same approach as for the selftests in tools/testing/selftests/net/forwarding. Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> --- .../testing/selftests/drivers/net/dsa/Makefile | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 tools/testing/selftests/drivers/net/dsa/Makefile diff --git a/tools/testing/selftests/drivers/net/dsa/Makefile b/tools/testing/selftests/drivers/net/dsa/Makefile new file mode 100644 index 000000000000..2a731d5c6d85 --- /dev/null +++ b/tools/testing/selftests/drivers/net/dsa/Makefile @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: GPL-2.0+ OR MIT + +TEST_PROGS = bridge_locked_port.sh \ + bridge_mdb.sh \ + bridge_mld.sh \ + bridge_vlan_aware.sh \ + bridge_vlan_mcast.sh \ + bridge_vlan_unaware.sh \ + local_termination.sh \ + no_forwarding.sh \ + test_bridge_fdb_stress.sh + +TEST_PROGS_EXTENDED := lib.sh + +TEST_FILES := forwarding.config + +include ../../../lib.mk -- 2.37.1

3 years, 1 month

3
2
0 0

Re: [PATCH net-next v1 1/1] net: bridge: ensure that link-local traffic cannot unlock a locked port

by Ido Schimmel

On Thu, Jun 30, 2022 at 01:16:34PM +0200, Hans Schultz wrote: > This patch is related to the patch set > "Add support for locked bridge ports (for 802.1X)" > Link: https://lore.kernel.org/netdev/20220223101650.1212814-1-schultz.hans+netdev… > > This patch makes the locked port feature work with learning turned on, > which is enabled with the command: > > bridge link set dev DEV learning on > > Without this patch, link local traffic (01:80:c2) like EAPOL packets will > create a fdb entry when ingressing on a locked port with learning turned > on, thus unintentionally opening up the port for traffic for the said MAC. > > Some switchcore features like Mac-Auth and refreshing of FDB entries, > require learning enables on some switchcores, f.ex. the mv88e6xxx family. > Other features may apply too. > > Since many switchcores trap or mirror various multicast packets to the > CPU, link local traffic will unintentionally unlock the port for the > SA mac in question unless prevented by this patch. Why not just teach hostapd to do: echo 1 > /sys/class/net/br0/bridge/no_linklocal_learn ?

3 years, 1 month

3
21
0 0

[PATCH] drm/tests: Split up test cases in igt_check_drm_format_min_pitch

by Maíra Canal

The igt_check_drm_format_min_pitch() function had a lot of KUNIT_EXPECT_* calls, all of which ended up allocating and initializing various test assertion structures on the stack. This behavior was producing -Wframe-larger-than warnings on PowerPC, i386, and MIPS architectures, such as: drivers/gpu/drm/tests/drm_format_test.c: In function 'igt_check_drm_format_min_pitch': drivers/gpu/drm/tests/drm_format_test.c:271:1: error: the frame size of 3712 bytes is larger than 2048 bytes So, the igt_check_drm_format_min_pitch() test case was split into three smaller functions: one testing single plane formats, one testing multiple planes formats, and the other testing tiled formats. Reported-by: kernel test robot <lkp(a)intel.com> Reported-by: Guenter Roeck <linux(a)roeck-us.net> Signed-off-by: Maíra Canal <mairacanal(a)riseup.net> --- drivers/gpu/drm/tests/drm_format_test.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/tests/drm_format_test.c b/drivers/gpu/drm/tests/drm_format_test.c index 056cb8599d6d..28f2b8f88818 100644 --- a/drivers/gpu/drm/tests/drm_format_test.c +++ b/drivers/gpu/drm/tests/drm_format_test.c @@ -91,7 +91,7 @@ static void igt_check_drm_format_block_height(struct kunit *test) KUNIT_EXPECT_FALSE(test, drm_format_info_block_height(info, -1)); } -static void igt_check_drm_format_min_pitch(struct kunit *test) +static void igt_check_drm_format_min_pitch_for_single_plane(struct kunit *test) { const struct drm_format_info *info = NULL; @@ -175,6 +175,11 @@ static void igt_check_drm_format_min_pitch(struct kunit *test) (uint64_t)UINT_MAX * 4); KUNIT_EXPECT_EQ(test, drm_format_info_min_pitch(info, 0, (UINT_MAX - 1)), (uint64_t)(UINT_MAX - 1) * 4); +} + +static void igt_check_drm_format_min_pitch_for_multiple_planes(struct kunit *test) +{ + const struct drm_format_info *info = NULL; /* Test 2 planes format */ info = drm_format_info(DRM_FORMAT_NV12); @@ -249,6 +254,11 @@ static void igt_check_drm_format_min_pitch(struct kunit *test) (uint64_t)(UINT_MAX - 1) / 2); KUNIT_EXPECT_EQ(test, drm_format_info_min_pitch(info, 2, (UINT_MAX - 1) / 2), (uint64_t)(UINT_MAX - 1) / 2); +} + +static void igt_check_drm_format_min_pitch_for_tiled_format(struct kunit *test) +{ + const struct drm_format_info *info = NULL; /* Test tiled format */ info = drm_format_info(DRM_FORMAT_X0L2); @@ -273,7 +283,9 @@ static void igt_check_drm_format_min_pitch(struct kunit *test) static struct kunit_case drm_format_tests[] = { KUNIT_CASE(igt_check_drm_format_block_width), KUNIT_CASE(igt_check_drm_format_block_height), - KUNIT_CASE(igt_check_drm_format_min_pitch), + KUNIT_CASE(igt_check_drm_format_min_pitch_for_single_plane), + KUNIT_CASE(igt_check_drm_format_min_pitch_for_multiple_planes), + KUNIT_CASE(igt_check_drm_format_min_pitch_for_tiled_format), { } }; -- 2.36.1

3 years, 1 month

4
4
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror