- Linux-kselftest-mirror - lists.linaro.org

[PATCH] Documentation: dev-tools: Add Testing Overview

by David Gow

The kernel now has a number of testing and debugging tools, and we've seen a bit of confusion about what the differences between them are. Add a basic documentation outlining the testing tools, when to use each, and how they interact. This is a pretty quick overview rather than the idealised "kernel testing guide" that'd probably be optimal, but given the number of times questions like "When do you use KUnit and when do you use Kselftest?" are being asked, it seemed worth at least having something. Hopefully this can form the basis for more detailed documentation later. Signed-off-by: David Gow <davidgow(a)google.com> --- Documentation/dev-tools/index.rst | 3 + Documentation/dev-tools/testing-overview.rst | 102 +++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 Documentation/dev-tools/testing-overview.rst diff --git a/Documentation/dev-tools/index.rst b/Documentation/dev-tools/index.rst index 1b1cf4f5c9d9..f590e5860794 100644 --- a/Documentation/dev-tools/index.rst +++ b/Documentation/dev-tools/index.rst @@ -7,6 +7,8 @@ be used to work on the kernel. For now, the documents have been pulled together without any significant effort to integrate them into a coherent whole; patches welcome! +A brief overview of testing-specific tools can be found in :doc:`testing-overview`. + .. class:: toc-title Table of contents @@ -14,6 +16,7 @@ whole; patches welcome! .. toctree:: :maxdepth: 2 + testing-overview coccinelle sparse kcov diff --git a/Documentation/dev-tools/testing-overview.rst b/Documentation/dev-tools/testing-overview.rst new file mode 100644 index 000000000000..8452adcb8608 --- /dev/null +++ b/Documentation/dev-tools/testing-overview.rst @@ -0,0 +1,102 @@ +.. SPDX-License-Identifier: GPL-2.0 + +==================== +Kernel Testing Guide +==================== + + +There are a number of different tools for testing the Linux kernel, so knowing +when to use each of them can be a challenge. This document provides a rough +overview of their differences, and how they fit together. + + +Writing and Running Tests +========================= + +The bulk of kernel tests are written using either the :doc:`kselftest +<kselftest>` or :doc:`KUnit <kunit/index>` frameworks. These both provide +infrastructure to help make running tests and groups of tests easier, as well +as providing helpers to aid in writing new tests. + +If you're looking to verify the behaviour of the Kernel — particularly specific +parts of the kernel — then you'll want to use `KUnit` or `kselftest`. + + +The Difference Between KUnit and kselftest +------------------------------------------ + +:doc:`KUnit <kunit/index>` is an entirely in-kernel system for "white box" +testing: because test code is part of the kernel, it can access internal +structures and functions which aren't exposed to userspace. + +`KUnit` tests therefore are best written against small, self-contained parts +of the kernel, which can be tested in isolation. This aligns well with the +concept of Unit testing. + +For example, a KUnit test might test an individual kernel function (or even a +single codepath through a function, such as an error handling case), rather +than a feature as a whole. + +There is a KUnit test style guide which may give further pointers + + +:doc:`kselftest <kselftest>`, on the other hand, is largely implemented in +userspace, and tests are normal userspace scripts or programs. + +This makes it easier to write more complicated tests, or tests which need to +manipulate the overall system state more (e.g., spawning processes, etc.). +However, it's not possible to call kernel functions directly unless they're +exposed to userspace (by a syscall, device, filesystem, etc.) Some tests to +also provide a kernel module which is loaded by the test, though for tests +which run mostly or entirely within the kernel, `KUnit` may be the better tool. + +`kselftest` is therefore suited well to tests of whole features, as these will +expose an interface to userspace, which can be tested, but not implementation +details. This aligns well with 'system' or 'end-to-end' testing. + + +Code Coverage Tools +=================== + +The Linux Kernel supports two different code coverage mesurement tools. These +can be used to verify that a test is executing particular functions or lines +of code. This is useful for determining how much of the kernel is being tested, +and for finding corner-cases which are not covered by the appropriate test. + +:doc:`kcov` is a feature which can be built in to the kernel to allow +capturing coverage on a per-task level. It's therefore useful for fuzzing and +other situations where information about code executed during, for example, a +single syscall is useful. + +:doc:`gcov` is GCC's coverage testing tool, which can be used with the kernel +to get global or per-module coverage. Unlike KCOV, it does not record per-task +coverage. Coverage data can be read from debugfs, and interpreted using the +usual gcov tooling. + + +Sanitizers +========== + +The kernel also supports a number of sanitizers, which attempt to detect +classes of issues when the occur in a running kernel. These typically +look for undefined behaviour of some kind, such as invalid memory accesses, +concurrency issues such as data races, or other undefined behaviour like +integer overflows. + +* :doc:`kmemleak` (Kmemleak) detects possible memory leaks. +* :doc:`kasan` detects invalid memory accesses such as out-of-bounds and + use-after-free errors. +* :doc:`ubsan` detects behaviour that is undefined by the C standard, like + integer overflows. +* :doc:`kcsan` detects data races. +* :doc:`kfence` is a low-overhead detector of memory issues, which is much + faster than KASAN and can be used in production. + +These tools tend to test the kernel as a whole, and do not "pass" like +kselftest or KUnit tests. They can be combined with KUnit or kselftest by +running tests on a kernel with a sanitizer enabled: you can then be sure +that none of these errors are occurring during the test. + +Some of these sanitizers integrate with KUnit or kselftest and will +automatically fail tests if an issue is detected by a sanitizer. + -- 2.31.1.295.g9ea45b61b8-goog

3 years, 9 months

5
5
0 0

[PATCH] powerpc: alignment: Remove unneeded variables

by Wan Jiabing

Fix coccicheck warning: ./tools/testing/selftests/powerpc/alignment/alignment_handler.c:539:5-7: Unneeded variable: "rc". Return "0" on line 562 ./tools/testing/selftests/powerpc/alignment/alignment_handler.c:567:5-7: Unneeded variable: "rc". Return "0" on line 580 ./tools/testing/selftests/powerpc/alignment/alignment_handler.c:585:5-7: Unneeded variable: "rc". Return "0" on line 594 ./tools/testing/selftests/powerpc/alignment/alignment_handler.c:600:5-7: Unneeded variable: "rc". Return "0" on line 611 ./tools/testing/selftests/powerpc/alignment/alignment_handler.c:416:5-7: Unneeded variable: "rc". Return "0" on line 470 ./tools/testing/selftests/powerpc/alignment/alignment_handler.c:475:5-7: Unneeded variable: "rc". Return "0" on line 485 ./tools/testing/selftests/powerpc/alignment/alignment_handler.c:490:5-7: Unneeded variable: "rc". Return "0" on line 506 ./tools/testing/selftests/powerpc/alignment/alignment_handler.c:511:5-7: Unneeded variable: "rc". Return "0" on line 534 ./tools/testing/selftests/powerpc/alignment/alignment_handler.c:331:5-7: Unneeded variable: "rc". Return "0" on line 344 ./tools/testing/selftests/powerpc/alignment/alignment_handler.c:349:5-7: Unneeded variable: "rc". Return "0" on line 360 ./tools/testing/selftests/powerpc/alignment/alignment_handler.c:365:5-7: Unneeded variable: "rc". Return "0" on line 392 ./tools/testing/selftests/powerpc/alignment/alignment_handler.c:397:5-7: Unneeded variable: "rc". Return "0" on line 411 Signed-off-by: Wan Jiabing <wanjiabing(a)vivo.com> --- .../powerpc/alignment/alignment_handler.c | 48 +++++-------------- 1 file changed, 12 insertions(+), 36 deletions(-) diff --git a/tools/testing/selftests/powerpc/alignment/alignment_handler.c b/tools/testing/selftests/powerpc/alignment/alignment_handler.c index c25cf7cd45e9..48bfb7b36d84 100644 --- a/tools/testing/selftests/powerpc/alignment/alignment_handler.c +++ b/tools/testing/selftests/powerpc/alignment/alignment_handler.c @@ -328,8 +328,6 @@ static bool can_open_cifile(void) int test_alignment_handler_vsx_206(void) { - int rc = 0; - SKIP_IF(!can_open_cifile()); SKIP_IF(!have_hwcap(PPC_FEATURE_ARCH_2_06)); @@ -341,13 +339,11 @@ int test_alignment_handler_vsx_206(void) STORE_VSX_XFORM_TEST(stxvd2x); STORE_VSX_XFORM_TEST(stxvw4x); STORE_VSX_XFORM_TEST(stxsdx); - return rc; + return 0; } int test_alignment_handler_vsx_207(void) { - int rc = 0; - SKIP_IF(!can_open_cifile()); SKIP_IF(!have_hwcap2(PPC_FEATURE2_ARCH_2_07)); @@ -357,13 +353,11 @@ int test_alignment_handler_vsx_207(void) LOAD_VSX_XFORM_TEST(lxsiwzx); STORE_VSX_XFORM_TEST(stxsspx); STORE_VSX_XFORM_TEST(stxsiwx); - return rc; + return 0; } int test_alignment_handler_vsx_300(void) { - int rc = 0; - SKIP_IF(!can_open_cifile()); SKIP_IF(!have_hwcap2(PPC_FEATURE2_ARCH_3_00)); @@ -389,13 +383,11 @@ int test_alignment_handler_vsx_300(void) STORE_VSX_XFORM_TEST(stxvx); STORE_VSX_XFORM_TEST(stxvl); STORE_VSX_XFORM_TEST(stxvll); - return rc; + return 0; } int test_alignment_handler_vsx_prefix(void) { - int rc = 0; - SKIP_IF(!can_open_cifile()); SKIP_IF(!have_hwcap2(PPC_FEATURE2_ARCH_3_1)); @@ -408,13 +400,11 @@ int test_alignment_handler_vsx_prefix(void) STORE_VSX_8LS_PREFIX_TEST(PSTXSSP, 0); STORE_VSX_8LS_PREFIX_TEST(PSTXV0, 0); STORE_VSX_8LS_PREFIX_TEST(PSTXV1, 1); - return rc; + return 0; } int test_alignment_handler_integer(void) { - int rc = 0; - SKIP_IF(!can_open_cifile()); printf("Integer\n"); @@ -467,13 +457,11 @@ int test_alignment_handler_integer(void) STORE_DFORM_TEST(stmw); #endif - return rc; + return 0; } int test_alignment_handler_integer_206(void) { - int rc = 0; - SKIP_IF(!can_open_cifile()); SKIP_IF(!have_hwcap(PPC_FEATURE_ARCH_2_06)); @@ -482,13 +470,11 @@ int test_alignment_handler_integer_206(void) LOAD_XFORM_TEST(ldbrx); STORE_XFORM_TEST(stdbrx); - return rc; + return 0; } int test_alignment_handler_integer_prefix(void) { - int rc = 0; - SKIP_IF(!can_open_cifile()); SKIP_IF(!have_hwcap2(PPC_FEATURE2_ARCH_3_1)); @@ -503,13 +489,11 @@ int test_alignment_handler_integer_prefix(void) STORE_MLS_PREFIX_TEST(PSTH); STORE_MLS_PREFIX_TEST(PSTW); STORE_8LS_PREFIX_TEST(PSTD); - return rc; + return 0; } int test_alignment_handler_vmx(void) { - int rc = 0; - SKIP_IF(!can_open_cifile()); SKIP_IF(!have_hwcap(PPC_FEATURE_HAS_ALTIVEC)); @@ -531,13 +515,11 @@ int test_alignment_handler_vmx(void) STORE_VMX_XFORM_TEST(stvehx); STORE_VMX_XFORM_TEST(stvewx); STORE_VMX_XFORM_TEST(stvxl); - return rc; + return 0; } int test_alignment_handler_fp(void) { - int rc = 0; - SKIP_IF(!can_open_cifile()); printf("Floating point\n"); @@ -559,13 +541,11 @@ int test_alignment_handler_fp(void) STORE_FLOAT_XFORM_TEST(stfsux); STORE_FLOAT_XFORM_TEST(stfiwx); - return rc; + return 0; } int test_alignment_handler_fp_205(void) { - int rc = 0; - SKIP_IF(!can_open_cifile()); SKIP_IF(!have_hwcap(PPC_FEATURE_ARCH_2_05)); @@ -577,13 +557,11 @@ int test_alignment_handler_fp_205(void) STORE_FLOAT_DFORM_TEST(stfdp); STORE_FLOAT_XFORM_TEST(stfdpx); - return rc; + return 0; } int test_alignment_handler_fp_206(void) { - int rc = 0; - SKIP_IF(!can_open_cifile()); SKIP_IF(!have_hwcap(PPC_FEATURE_ARCH_2_06)); @@ -591,14 +569,12 @@ int test_alignment_handler_fp_206(void) LOAD_FLOAT_XFORM_TEST(lfiwzx); - return rc; + return 0; } int test_alignment_handler_fp_prefix(void) { - int rc = 0; - SKIP_IF(!can_open_cifile()); SKIP_IF(!have_hwcap2(PPC_FEATURE2_ARCH_3_1)); @@ -608,7 +584,7 @@ int test_alignment_handler_fp_prefix(void) LOAD_FLOAT_MLS_PREFIX_TEST(PLFD); STORE_FLOAT_MLS_PREFIX_TEST(PSTFS); STORE_FLOAT_MLS_PREFIX_TEST(PSTFD); - return rc; + return 0; } void usage(char *prog) -- 2.30.2

3 years, 9 months

2
1
0 0

[PATCH v2 0/4] powerpc/selftests: Add Power10 2nd DAWR selftests

by Ravi Bangoria

Add selftests for 2nd DAWR supported by Power10. v1: https://lore.kernel.org/r/20200723102058.312282-1-ravi.bangoria@linux.ibm.c… v1->v2: - Kvm patches are already upstream - Rebased selftests to powerpc/next Ravi Bangoria (4): powerpc/selftests/ptrace-hwbreak: Add testcases for 2nd DAWR powerpc/selftests/perf-hwbreak: Coalesce event creation code powerpc/selftests/perf-hwbreak: Add testcases for 2nd DAWR powerpc/selftests: Add selftest to test concurrent perf/ptrace events .../selftests/powerpc/ptrace/.gitignore | 1 + .../testing/selftests/powerpc/ptrace/Makefile | 2 +- .../selftests/powerpc/ptrace/perf-hwbreak.c | 646 +++++++++++++++-- .../selftests/powerpc/ptrace/ptrace-hwbreak.c | 79 +++ .../powerpc/ptrace/ptrace-perf-hwbreak.c | 659 ++++++++++++++++++ 5 files changed, 1345 insertions(+), 42 deletions(-) create mode 100644 tools/testing/selftests/powerpc/ptrace/ptrace-perf-hwbreak.c -- 2.27.0

3 years, 9 months

2
8
0 0

[PATCH v4] lib: add basic KUnit test for lib/math

by Daniel Latypov

Add basic test coverage for files that don't require any config options: * gcd.c * lcm.c * int_sqrt.c * reciprocal_div.c (Ignored int_pow.c since it's a simple textbook algorithm.) These tests aren't particularly interesting, but they * provide short and simple examples of parameterized tests * provide a place to add tests for any new files in this dir * are written so adding new test cases to cover edge cases should be easy Signed-off-by: Daniel Latypov <dlatypov(a)google.com> --- Changes since v3: * fix `checkpatch.pl --strict` warnings * add test cases for gcd(0,0) and lcm(0,0) * minor: don't test both gcd(a,b) and gcd(b,a) when a == b Changes since v2: mv math_test.c => math_kunit.c Changes since v1: * Rebase and rewrite to use the new parameterized testing support. * misc: fix overflow in literal and inline int_sqrt format string. * related: commit 1f0e943df68a ("Documentation: kunit: provide guidance for testing many inputs") was merged explaining the patterns shown here. * there's an in-flight patch to update it for parameterized testing. v1: https://lore.kernel.org/lkml/20201019224556.3536790-1-dlatypov@google.com/ --- lib/math/Kconfig | 5 + lib/math/Makefile | 2 + lib/math/math_kunit.c | 214 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 221 insertions(+) create mode 100644 lib/math/math_kunit.c diff --git a/lib/math/Kconfig b/lib/math/Kconfig index f19bc9734fa7..6ba8680439c1 100644 --- a/lib/math/Kconfig +++ b/lib/math/Kconfig @@ -15,3 +15,8 @@ config PRIME_NUMBERS config RATIONAL bool + +config MATH_KUNIT_TEST + tristate "KUnit test for lib/math" if !KUNIT_ALL_TESTS + default KUNIT_ALL_TESTS + depends on KUNIT diff --git a/lib/math/Makefile b/lib/math/Makefile index be6909e943bd..30abb7a8d564 100644 --- a/lib/math/Makefile +++ b/lib/math/Makefile @@ -4,3 +4,5 @@ obj-y += div64.o gcd.o lcm.o int_pow.o int_sqrt.o reciprocal_div.o obj-$(CONFIG_CORDIC) += cordic.o obj-$(CONFIG_PRIME_NUMBERS) += prime_numbers.o obj-$(CONFIG_RATIONAL) += rational.o + +obj-$(CONFIG_MATH_KUNIT_TEST) += math_kunit.o diff --git a/lib/math/math_kunit.c b/lib/math/math_kunit.c new file mode 100644 index 000000000000..fed15ade8fb2 --- /dev/null +++ b/lib/math/math_kunit.c @@ -0,0 +1,214 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Simple KUnit suite for math helper funcs that are always enabled. + * + * Copyright (C) 2020, Google LLC. + * Author: Daniel Latypov <dlatypov(a)google.com> + */ + +#include <kunit/test.h> +#include <linux/gcd.h> +#include <linux/kernel.h> +#include <linux/lcm.h> +#include <linux/reciprocal_div.h> + +/* Generic test case for unsigned long inputs. */ +struct test_case { + unsigned long a, b; + unsigned long result; +}; + +static struct test_case gcd_cases[] = { + { + .a = 0, .b = 0, + .result = 0, + }, + { + .a = 0, .b = 1, + .result = 1, + }, + { + .a = 2, .b = 2, + .result = 2, + }, + { + .a = 2, .b = 4, + .result = 2, + }, + { + .a = 3, .b = 5, + .result = 1, + }, + { + .a = 3 * 9, .b = 3 * 5, + .result = 3, + }, + { + .a = 3 * 5 * 7, .b = 3 * 5 * 11, + .result = 15, + }, + { + .a = 1 << 21, + .b = (1 << 21) - 1, + .result = 1, + }, +}; + +KUNIT_ARRAY_PARAM(gcd, gcd_cases, NULL); + +static void gcd_test(struct kunit *test) +{ + const char *message_fmt = "gcd(%lu, %lu)"; + const struct test_case *test_param = test->param_value; + + KUNIT_EXPECT_EQ_MSG(test, test_param->result, + gcd(test_param->a, test_param->b), + message_fmt, test_param->a, + test_param->b); + + if (test_param->a == test_param->b) + return; + + /* gcd(a,b) == gcd(b,a) */ + KUNIT_EXPECT_EQ_MSG(test, test_param->result, + gcd(test_param->b, test_param->a), + message_fmt, test_param->b, + test_param->a); +} + +static struct test_case lcm_cases[] = { + { + .a = 0, .b = 0, + .result = 0, + }, + { + .a = 0, .b = 1, + .result = 0, + }, + { + .a = 1, .b = 2, + .result = 2, + }, + { + .a = 2, .b = 2, + .result = 2, + }, + { + .a = 3 * 5, .b = 3 * 7, + .result = 3 * 5 * 7, + }, +}; + +KUNIT_ARRAY_PARAM(lcm, lcm_cases, NULL); + +static void lcm_test(struct kunit *test) +{ + const char *message_fmt = "lcm(%lu, %lu)"; + const struct test_case *test_param = test->param_value; + + KUNIT_EXPECT_EQ_MSG(test, test_param->result, + lcm(test_param->a, test_param->b), + message_fmt, test_param->a, + test_param->b); + + if (test_param->a == test_param->b) + return; + + /* lcm(a,b) == lcm(b,a) */ + KUNIT_EXPECT_EQ_MSG(test, test_param->result, + lcm(test_param->b, test_param->a), + message_fmt, test_param->b, + test_param->a); +} + +static struct test_case int_sqrt_cases[] = { + { + .a = 0, + .result = 0, + }, + { + .a = 1, + .result = 1, + }, + { + .a = 4, + .result = 2, + }, + { + .a = 5, + .result = 2, + }, + { + .a = 8, + .result = 2, + }, + { + .a = 1UL << 30, + .result = 1UL << 15, + }, +}; + +KUNIT_ARRAY_PARAM(int_sqrt, int_sqrt_cases, NULL); + +static void int_sqrt_test(struct kunit *test) +{ + const struct test_case *test_param = test->param_value; + + KUNIT_EXPECT_EQ_MSG(test, int_sqrt(test_param->a), + test_param->result, "sqrt(%lu)", + test_param->a); +} + +struct reciprocal_test_case { + u32 a, b; + u32 result; +}; + +static struct reciprocal_test_case reciprocal_div_cases[] = { + { + .a = 0, .b = 1, + .result = 0, + }, + { + .a = 42, .b = 20, + .result = 2, + }, + { + .a = 42, .b = 9999, + .result = 0, + }, + { + .a = (1 << 16), .b = (1 << 14), + .result = 1 << 2, + }, +}; + +KUNIT_ARRAY_PARAM(reciprocal_div, reciprocal_div_cases, NULL); + +static void reciprocal_div_test(struct kunit *test) +{ + const struct reciprocal_test_case *test_param = test->param_value; + struct reciprocal_value rv = reciprocal_value(test_param->b); + + KUNIT_EXPECT_EQ_MSG(test, test_param->result, + reciprocal_divide(test_param->a, rv), + "reciprocal_divide(%u, %u)", + test_param->a, test_param->b); +} + +static struct kunit_case math_test_cases[] = { + KUNIT_CASE_PARAM(gcd_test, gcd_gen_params), + KUNIT_CASE_PARAM(lcm_test, lcm_gen_params), + KUNIT_CASE_PARAM(int_sqrt_test, int_sqrt_gen_params), + KUNIT_CASE_PARAM(reciprocal_div_test, reciprocal_div_gen_params), + {} +}; + +static struct kunit_suite math_test_suite = { + .name = "lib-math", + .test_cases = math_test_cases, +}; + +kunit_test_suites(&math_test_suite); + +MODULE_LICENSE("GPL v2"); base-commit: 4fa56ad0d12e24df768c98bffe9039f915d1bc02 -- 2.31.1.295.g9ea45b61b8-goog

3 years, 9 months

2
2
0 0

[PATCH v33 00/12] Landlock LSM

by Mickaël Salaün

Hi, This updated patch series relaxes landlock_add_rule(2) to accept file descriptors opened without O_PATH. Using O_PATH is encouraged (as well as O_CLOEXEC) but it should not be mandatory. Indeed, using already opened FDs can be handy. FYI, the COND_SYSCALL() fix is now in -next: https://git.kernel.org/next/linux-next/c/7dfe553affd0d003c7535b7ba60d091934… James, could you please update the -next tree? The SLOC count is 1326 for security/landlock/ and 2589 for tools/testing/selftest/landlock/ . Test coverage for security/landlock/ is 93.6% of lines: https://landlock.io/linux-lcov/landlock-v33/security/landlock/index.html The code not covered only deals with internal kernel errors (e.g. memory allocation), race conditions and safety checks that should not be triggered. This series is being fuzzed by syzkaller (covering internal kernel errors) that now supports Landlock: https://github.com/google/syzkaller/pull/2380 syzkaller coverage is about 72% (ci-upstream-linux-next-kasan-gce-root): https://syzkaller.appspot.com/upstream The HTML documentation is available here: https://landlock.io/linux-doc/landlock-v33/userspace-api/landlock.html This series can be applied on top of v5.12-rc3 . This can be tested with CONFIG_SECURITY_LANDLOCK, CONFIG_SAMPLE_LANDLOCK and by prepending "landlock," to CONFIG_LSM. This patch series can be found in a Git repository here: https://github.com/landlock-lsm/linux/commits/landlock-v33 This patch series seems ready for upstream and I would really appreciate final reviews. Landlock LSM ============ The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM [1], it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user-space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves. Landlock is inspired by seccomp-bpf but instead of filtering syscalls and their raw arguments, a Landlock rule can restrict the use of kernel objects like file hierarchies, according to the kernel semantic. Landlock also takes inspiration from other OS sandbox mechanisms: XNU Sandbox, FreeBSD Capsicum or OpenBSD Pledge/Unveil. In this current form, Landlock misses some access-control features. This enables to minimize this patch series and ease review. This series still addresses multiple use cases, especially with the combined use of seccomp-bpf: applications with built-in sandboxing, init systems, security sandbox tools and security-oriented APIs [2]. [1] https://lore.kernel.org/lkml/50db058a-7dde-441b-a7f9-f6837fe8b69f@schaufler… [2] https://lore.kernel.org/lkml/f646e1c7-33cf-333f-070c-0a40ad0468cd@digikod.n… Previous versions: v32: https://lore.kernel.org/lkml/20210401205208.2756565-1-mic@digikod.net/ v31: https://lore.kernel.org/lkml/20210324191520.125779-1-mic@digikod.net/ v30: https://lore.kernel.org/lkml/20210316204252.427806-1-mic@digikod.net/ v29: https://lore.kernel.org/lkml/20210225190614.2181147-1-mic@digikod.net/ v28: https://lore.kernel.org/lkml/20210202162710.657398-1-mic@digikod.net/ v27: https://lore.kernel.org/lkml/20210121205119.793296-1-mic@digikod.net/ v26: https://lore.kernel.org/lkml/20201209192839.1396820-1-mic@digikod.net/ v25: https://lore.kernel.org/lkml/20201201192322.213239-1-mic@digikod.net/ v24: https://lore.kernel.org/lkml/20201112205141.775752-1-mic@digikod.net/ v23: https://lore.kernel.org/lkml/20201103182109.1014179-1-mic@digikod.net/ v22: https://lore.kernel.org/lkml/20201027200358.557003-1-mic@digikod.net/ v21: https://lore.kernel.org/lkml/20201008153103.1155388-1-mic@digikod.net/ v20: https://lore.kernel.org/lkml/20200802215903.91936-1-mic@digikod.net/ v19: https://lore.kernel.org/lkml/20200707180955.53024-1-mic@digikod.net/ v18: https://lore.kernel.org/lkml/20200526205322.23465-1-mic@digikod.net/ v17: https://lore.kernel.org/lkml/20200511192156.1618284-1-mic@digikod.net/ v16: https://lore.kernel.org/lkml/20200416103955.145757-1-mic@digikod.net/ v15: https://lore.kernel.org/lkml/20200326202731.693608-1-mic@digikod.net/ v14: https://lore.kernel.org/lkml/20200224160215.4136-1-mic@digikod.net/ v13: https://lore.kernel.org/lkml/20191104172146.30797-1-mic@digikod.net/ v12: https://lore.kernel.org/lkml/20191031164445.29426-1-mic@digikod.net/ v11: https://lore.kernel.org/lkml/20191029171505.6650-1-mic@digikod.net/ v10: https://lore.kernel.org/lkml/20190721213116.23476-1-mic@digikod.net/ v9: https://lore.kernel.org/lkml/20190625215239.11136-1-mic@digikod.net/ v8: https://lore.kernel.org/lkml/20180227004121.3633-1-mic@digikod.net/ v7: https://lore.kernel.org/lkml/20170821000933.13024-1-mic@digikod.net/ v6: https://lore.kernel.org/lkml/20170328234650.19695-1-mic@digikod.net/ v5: https://lore.kernel.org/lkml/20170222012632.4196-1-mic@digikod.net/ v4: https://lore.kernel.org/lkml/20161026065654.19166-1-mic@digikod.net/ v3: https://lore.kernel.org/lkml/20160914072415.26021-1-mic@digikod.net/ v2: https://lore.kernel.org/lkml/1472121165-29071-1-git-send-email-mic@digikod.… v1: https://lore.kernel.org/kernel-hardening/1458784008-16277-1-git-send-email-… Casey Schaufler (1): LSM: Infrastructure management of the superblock Mickaël Salaün (11): landlock: Add object management landlock: Add ruleset and domain management landlock: Set up the security framework and manage credentials landlock: Add ptrace restrictions fs,security: Add sb_delete hook landlock: Support filesystem access-control landlock: Add syscall implementations arch: Wire up Landlock syscalls selftests/landlock: Add user space tests samples/landlock: Add a sandbox manager example landlock: Add user and kernel documentation Documentation/security/index.rst | 1 + Documentation/security/landlock.rst | 85 + Documentation/userspace-api/index.rst | 1 + Documentation/userspace-api/landlock.rst | 311 ++ MAINTAINERS | 15 + arch/Kconfig | 7 + arch/alpha/kernel/syscalls/syscall.tbl | 3 + arch/arm/tools/syscall.tbl | 3 + arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 6 + arch/ia64/kernel/syscalls/syscall.tbl | 3 + arch/m68k/kernel/syscalls/syscall.tbl | 3 + arch/microblaze/kernel/syscalls/syscall.tbl | 3 + arch/mips/kernel/syscalls/syscall_n32.tbl | 3 + arch/mips/kernel/syscalls/syscall_n64.tbl | 3 + arch/mips/kernel/syscalls/syscall_o32.tbl | 3 + arch/parisc/kernel/syscalls/syscall.tbl | 3 + arch/powerpc/kernel/syscalls/syscall.tbl | 3 + arch/s390/kernel/syscalls/syscall.tbl | 3 + arch/sh/kernel/syscalls/syscall.tbl | 3 + arch/sparc/kernel/syscalls/syscall.tbl | 3 + arch/um/Kconfig | 1 + arch/x86/entry/syscalls/syscall_32.tbl | 3 + arch/x86/entry/syscalls/syscall_64.tbl | 3 + arch/xtensa/kernel/syscalls/syscall.tbl | 3 + fs/super.c | 1 + include/linux/lsm_hook_defs.h | 1 + include/linux/lsm_hooks.h | 4 + include/linux/security.h | 4 + include/linux/syscalls.h | 7 + include/uapi/asm-generic/unistd.h | 8 +- include/uapi/linux/landlock.h | 129 + kernel/sys_ni.c | 5 + samples/Kconfig | 7 + samples/Makefile | 1 + samples/landlock/.gitignore | 1 + samples/landlock/Makefile | 13 + samples/landlock/sandboxer.c | 238 ++ security/Kconfig | 11 +- security/Makefile | 2 + security/landlock/Kconfig | 21 + security/landlock/Makefile | 4 + security/landlock/common.h | 20 + security/landlock/cred.c | 46 + security/landlock/cred.h | 58 + security/landlock/fs.c | 692 ++++ security/landlock/fs.h | 70 + security/landlock/limits.h | 21 + security/landlock/object.c | 67 + security/landlock/object.h | 91 + security/landlock/ptrace.c | 120 + security/landlock/ptrace.h | 14 + security/landlock/ruleset.c | 473 +++ security/landlock/ruleset.h | 165 + security/landlock/setup.c | 40 + security/landlock/setup.h | 18 + security/landlock/syscalls.c | 442 +++ security/security.c | 51 +- security/selinux/hooks.c | 58 +- security/selinux/include/objsec.h | 6 + security/selinux/ss/services.c | 3 +- security/smack/smack.h | 6 + security/smack/smack_lsm.c | 35 +- tools/testing/selftests/Makefile | 1 + tools/testing/selftests/landlock/.gitignore | 2 + tools/testing/selftests/landlock/Makefile | 24 + tools/testing/selftests/landlock/base_test.c | 219 ++ tools/testing/selftests/landlock/common.h | 183 ++ tools/testing/selftests/landlock/config | 7 + tools/testing/selftests/landlock/fs_test.c | 2791 +++++++++++++++++ .../testing/selftests/landlock/ptrace_test.c | 337 ++ tools/testing/selftests/landlock/true.c | 5 + 72 files changed, 6922 insertions(+), 77 deletions(-) create mode 100644 Documentation/security/landlock.rst create mode 100644 Documentation/userspace-api/landlock.rst create mode 100644 include/uapi/linux/landlock.h create mode 100644 samples/landlock/.gitignore create mode 100644 samples/landlock/Makefile create mode 100644 samples/landlock/sandboxer.c create mode 100644 security/landlock/Kconfig create mode 100644 security/landlock/Makefile create mode 100644 security/landlock/common.h create mode 100644 security/landlock/cred.c create mode 100644 security/landlock/cred.h create mode 100644 security/landlock/fs.c create mode 100644 security/landlock/fs.h create mode 100644 security/landlock/limits.h create mode 100644 security/landlock/object.c create mode 100644 security/landlock/object.h create mode 100644 security/landlock/ptrace.c create mode 100644 security/landlock/ptrace.h create mode 100644 security/landlock/ruleset.c create mode 100644 security/landlock/ruleset.h create mode 100644 security/landlock/setup.c create mode 100644 security/landlock/setup.h create mode 100644 security/landlock/syscalls.c create mode 100644 tools/testing/selftests/landlock/.gitignore create mode 100644 tools/testing/selftests/landlock/Makefile create mode 100644 tools/testing/selftests/landlock/base_test.c create mode 100644 tools/testing/selftests/landlock/common.h create mode 100644 tools/testing/selftests/landlock/config create mode 100644 tools/testing/selftests/landlock/fs_test.c create mode 100644 tools/testing/selftests/landlock/ptrace_test.c create mode 100644 tools/testing/selftests/landlock/true.c base-commit: 1e28eed17697bcf343c6743f0028cc3b5dd88bf0 -- 2.30.2

3 years, 9 months

3
14
0 0

[RFC v3 0/2] CPU-Idle latency selftest framework

by Pratik Rajesh Sampat

Changelog RFC v2-->v3 Based on comments by Doug Smythies, 1. Changed commit log to reflect the test must be run as super user. 2. Added a comment specifying a method to run the test bash script without recompiling. 3. Enable all the idle states after the experiments are completed so that the system is in a coherent state after the tests have run 4. Correct the return status of a CPU that cannot be off-lined. RFC v2: https://lkml.org/lkml/2021/4/1/615 --- A kernel module + userspace driver to estimate the wakeup latency caused by going into stop states. The motivation behind this program is to find significant deviations behind advertised latency and residency values. The patchset measures latencies for two kinds of events. IPIs and Timers As this is a software-only mechanism, there will additional latencies of the kernel-firmware-hardware interactions. To account for that, the program also measures a baseline latency on a 100 percent loaded CPU and the latencies achieved must be in view relative to that. To achieve this, we introduce a kernel module and expose its control knobs through the debugfs interface that the selftests can engage with. The kernel module provides the following interfaces within /sys/kernel/debug/latency_test/ for, IPI test: ipi_cpu_dest = Destination CPU for the IPI ipi_cpu_src = Origin of the IPI ipi_latency_ns = Measured latency time in ns Timeout test: timeout_cpu_src = CPU on which the timer to be queued timeout_expected_ns = Timer duration timeout_diff_ns = Difference of actual duration vs expected timer Sample output on a POWER9 system is as follows: # --IPI Latency Test--- # Baseline Average IPI latency(ns): 3114 # Observed Average IPI latency(ns) - State0: 3265 # Observed Average IPI latency(ns) - State1: 3507 # Observed Average IPI latency(ns) - State2: 3739 # Observed Average IPI latency(ns) - State3: 3807 # Observed Average IPI latency(ns) - State4: 17070 # Observed Average IPI latency(ns) - State5: 1038174 # Observed Average IPI latency(ns) - State6: 1068784 # # --Timeout Latency Test-- # Baseline Average timeout diff(ns): 1420 # Observed Average timeout diff(ns) - State0: 1640 # Observed Average timeout diff(ns) - State1: 1764 # Observed Average timeout diff(ns) - State2: 1715 # Observed Average timeout diff(ns) - State3: 1845 # Observed Average timeout diff(ns) - State4: 16581 # Observed Average timeout diff(ns) - State5: 939977 # Observed Average timeout diff(ns) - State6: 1073024 Things to keep in mind: 1. This kernel module + bash driver does not guarantee idleness on a core when the IPI and the Timer is armed. It only invokes sleep and hopes that the core is idle once the IPI/Timer is invoked onto it. Hence this program must be run on a completely idle system for best results 2. Even on a completely idle system, there maybe book-keeping tasks or jitter tasks that can run on the core we want idle. This can create outliers in the latency measurement. Thankfully, these outliers should be large enough to easily weed them out. 3. A userspace only selftest variant was also sent out as RFC based on suggestions over the previous patchset to simply the kernel complexeity. However, a userspace only approach had more noise in the latency measurement due to userspace-kernel interactions which led to run to run variance and a lesser accurate test. Another downside of the nature of a userspace program is that it takes orders of magnitude longer to complete a full system test compared to the kernel framework. RFC patch: https://lkml.org/lkml/2020/9/2/356 4. For Intel Systems, the Timer based latencies don't exactly give out the measure of idle latencies. This is because of a hardware optimization mechanism that pre-arms a CPU when a timer is set to wakeup. That doesn't make this metric useless for Intel systems, it just means that is measuring IPI/Timer responding latency rather than idle wakeup latencies. (Source: https://lkml.org/lkml/2020/9/2/610) For solution to this problem, a hardware based latency analyzer is devised by Artem Bityutskiy from Intel. https://youtu.be/Opk92aQyvt0?t=8266 https://intel.github.io/wult/ Pratik Rajesh Sampat (2): cpuidle: Extract IPI based and timer based wakeup latency from idle states selftest/cpuidle: Add support for cpuidle latency measurement drivers/cpuidle/Makefile | 1 + drivers/cpuidle/test-cpuidle_latency.c | 157 ++++++++++ lib/Kconfig.debug | 10 + tools/testing/selftests/Makefile | 1 + tools/testing/selftests/cpuidle/Makefile | 6 + tools/testing/selftests/cpuidle/cpuidle.sh | 326 +++++++++++++++++++++ tools/testing/selftests/cpuidle/settings | 2 + 7 files changed, 503 insertions(+) create mode 100644 drivers/cpuidle/test-cpuidle_latency.c create mode 100644 tools/testing/selftests/cpuidle/Makefile create mode 100755 tools/testing/selftests/cpuidle/cpuidle.sh create mode 100644 tools/testing/selftests/cpuidle/settings -- 2.17.1

3 years, 9 months

3
5
0 0

[PATCH v5 0/4] KVM: cpuid: fix KVM_GET_EMULATED_CPUID implementation

by Emanuele Giuseppe Esposito

This series aims to clarify the behavior of the KVM_GET_EMULATED_CPUID ioctl, and fix a corner case where -E2BIG is returned when the nent field of struct kvm_cpuid2 is matching the amount of emulated entries that kvm returns. Patch 1 proposes the nent field fix to cpuid.c, patch 2 updates the ioctl documentation accordingly and patches 3 and 4 extend the x86_64/get_cpuid_test.c selftest to check the intended behavior of KVM_GET_EMULATED_CPUID. Signed-off-by: Emanuele Giuseppe Esposito <eesposit(a)redhat.com> --- v5: - Better comment in cpuid.c (patch 1) Emanuele Giuseppe Esposito (4): KVM: x86: Fix a spurious -E2BIG in KVM_GET_EMULATED_CPUID Documentation: KVM: update KVM_GET_EMULATED_CPUID ioctl description selftests: add kvm_get_emulated_cpuid to processor.h selftests: KVM: extend get_cpuid_test to include KVM_GET_EMULATED_CPUID Documentation/virt/kvm/api.rst | 10 +-- arch/x86/kvm/cpuid.c | 33 ++++--- .../selftests/kvm/include/x86_64/processor.h | 1 + .../selftests/kvm/lib/x86_64/processor.c | 33 +++++++ .../selftests/kvm/x86_64/get_cpuid_test.c | 90 ++++++++++++++++++- 5 files changed, 142 insertions(+), 25 deletions(-) -- 2.30.2

3 years, 9 months

2
5
0 0

[PATCH v4 0/4] KVM: cpuid: fix KVM_GET_EMULATED_CPUID implementation

by Emanuele Giuseppe Esposito

This series aims to clarify the behavior of the KVM_GET_EMULATED_CPUID ioctl, and fix a corner case where -E2BIG is returned when the nent field of struct kvm_cpuid2 is matching the amount of emulated entries that kvm returns. Patch 1 proposes the nent field fix to cpuid.c, patch 2 updates the ioctl documentation accordingly and patches 3 and 4 extend the x86_64/get_cpuid_test.c selftest to check the intended behavior of KVM_GET_EMULATED_CPUID. Signed-off-by: Emanuele Giuseppe Esposito <eesposit(a)redhat.com> --- v4: - Address nitpicks given in the mailing list Emanuele Giuseppe Esposito (4): KVM: x86: Fix a spurious -E2BIG in KVM_GET_EMULATED_CPUID Documentation: KVM: update KVM_GET_EMULATED_CPUID ioctl description selftests: add kvm_get_emulated_cpuid to processor.h selftests: KVM: extend get_cpuid_test to include KVM_GET_EMULATED_CPUID Documentation/virt/kvm/api.rst | 10 +-- arch/x86/kvm/cpuid.c | 33 ++++--- .../selftests/kvm/include/x86_64/processor.h | 1 + .../selftests/kvm/lib/x86_64/processor.c | 33 +++++++ .../selftests/kvm/x86_64/get_cpuid_test.c | 90 ++++++++++++++++++- 5 files changed, 142 insertions(+), 25 deletions(-) -- 2.30.2

3 years, 9 months

2
6
0 0

[PATCH v5] userfaultfd/shmem: fix MCOPY_ATOMIC_CONTINUE behavior

by Axel Rasmussen

Previously, the continue implementation in shmem_mcopy_atomic_pte was incorrect for two main reasons: - It didn't correctly skip some sections of code which make sense for newly allocated pages, but absolutely don't make sense for pre-existing page cache pages. - Because shmem_mcopy_continue_pte is called only if VM_SHARED is detected in mm/userfaultd.c, we were incorrectly not supporting the case where a tmpfs file had been mmap()-ed with MAP_PRIVATE. So, this patch does the following: In mm/userfaultfd.c, break the logic to install PTEs out of mcopy_atomic_pte, into a separate helper function. In mfill_atomic_pte, for the MCOPY_ATOMIC_CONTINUE case, simply look up the existing page in the page cache, and then use the PTE installation helper to setup the mapping. This addresses the two issues noted above. The previous code's bugs manifested clearly in the error handling path. So, to detect this kind of issue in the future, modify the selftest to exercise the error handling path as well. Note that this patch is based on linux-next/akpm; the "fixes" line refers to a SHA1 in that branch. Changes since v4: - Added back the userfaultfd.c selftest changes from v3; this file was mistakenly reverted in v4. Changes since v3: - Significantly refactored the patch. Continue handling now happens in mm/userfaultfd.c, via a PTE installation helper. Most of the mm/shmem.c changes from the patch being fixed [1] are reverted. Changes since v2: - Drop the ClearPageDirty() entirely, instead of trying to remember the old value. - Modify both pgoff / max_off checks to use pgoff. It's equivalent to offset, but offset wasn't initialized until the first check (which we're skipping). - Keep the second pgoff / max_off check in the continue case. Changes since v1: - Refactor to skip ahead with goto, instead of adding several more "if (!is_continue)". - Fix unconditional ClearPageDirty(). - Don't pte_mkwrite() when is_continue && !VM_SHARED. [1] https://lore.kernel.org/patchwork/patch/1392464/ Fixes: 00da60b9d0a0 ("userfaultfd: support minor fault handling for shmem") Signed-off-by: Axel Rasmussen <axelrasmussen(a)google.com> --- mm/shmem.c | 56 +++---- mm/userfaultfd.c | 183 ++++++++++++++++------- tools/testing/selftests/vm/userfaultfd.c | 12 ++ 3 files changed, 168 insertions(+), 83 deletions(-) diff --git a/mm/shmem.c b/mm/shmem.c index 5cfd2fb6e52b..9d9a9f254f33 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2366,7 +2366,6 @@ int shmem_mcopy_atomic_pte(struct mm_struct *dst_mm, pmd_t *dst_pmd, unsigned long dst_addr, unsigned long src_addr, enum mcopy_atomic_mode mode, struct page **pagep) { - bool is_continue = (mode == MCOPY_ATOMIC_CONTINUE); struct inode *inode = file_inode(dst_vma->vm_file); struct shmem_inode_info *info = SHMEM_I(inode); struct address_space *mapping = inode->i_mapping; @@ -2377,18 +2376,17 @@ int shmem_mcopy_atomic_pte(struct mm_struct *dst_mm, pmd_t *dst_pmd, struct page *page; pte_t _dst_pte, *dst_pte; int ret; - pgoff_t offset, max_off; + pgoff_t max_off; + + /* Handled by mcontinue_atomic_pte instead. */ + if (WARN_ON_ONCE(mode == MCOPY_ATOMIC_CONTINUE)) + return -EINVAL; ret = -ENOMEM; if (!shmem_inode_acct_block(inode, 1)) goto out; - if (is_continue) { - ret = -EFAULT; - page = find_lock_page(mapping, pgoff); - if (!page) - goto out_unacct_blocks; - } else if (!*pagep) { + if (!*pagep) { page = shmem_alloc_page(gfp, info, pgoff); if (!page) goto out_unacct_blocks; @@ -2415,27 +2413,21 @@ int shmem_mcopy_atomic_pte(struct mm_struct *dst_mm, pmd_t *dst_pmd, *pagep = NULL; } - if (!is_continue) { - VM_BUG_ON(PageSwapBacked(page)); - VM_BUG_ON(PageLocked(page)); - __SetPageLocked(page); - __SetPageSwapBacked(page); - __SetPageUptodate(page); - } + VM_BUG_ON(PageSwapBacked(page)); + VM_BUG_ON(PageLocked(page)); + __SetPageLocked(page); + __SetPageSwapBacked(page); + __SetPageUptodate(page); ret = -EFAULT; - offset = linear_page_index(dst_vma, dst_addr); max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE); - if (unlikely(offset >= max_off)) + if (unlikely(pgoff >= max_off)) goto out_release; - /* If page wasn't already in the page cache, add it. */ - if (!is_continue) { - ret = shmem_add_to_page_cache(page, mapping, pgoff, NULL, - gfp & GFP_RECLAIM_MASK, dst_mm); - if (ret) - goto out_release; - } + ret = shmem_add_to_page_cache(page, mapping, pgoff, NULL, + gfp & GFP_RECLAIM_MASK, dst_mm); + if (ret) + goto out_release; _dst_pte = mk_pte(page, dst_vma->vm_page_prot); if (dst_vma->vm_flags & VM_WRITE) @@ -2455,22 +2447,20 @@ int shmem_mcopy_atomic_pte(struct mm_struct *dst_mm, pmd_t *dst_pmd, ret = -EFAULT; max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE); - if (unlikely(offset >= max_off)) + if (unlikely(pgoff >= max_off)) goto out_release_unlock; ret = -EEXIST; if (!pte_none(*dst_pte)) goto out_release_unlock; - if (!is_continue) { - lru_cache_add(page); + lru_cache_add(page); - spin_lock_irq(&info->lock); - info->alloced++; - inode->i_blocks += BLOCKS_PER_PAGE; - shmem_recalc_inode(inode); - spin_unlock_irq(&info->lock); - } + spin_lock_irq(&info->lock); + info->alloced++; + inode->i_blocks += BLOCKS_PER_PAGE; + shmem_recalc_inode(inode); + spin_unlock_irq(&info->lock); inc_mm_counter(dst_mm, mm_counter_file(page)); page_add_file_rmap(page, false); diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c index cbb7c8d79a4d..286d0657fbe2 100644 --- a/mm/userfaultfd.c +++ b/mm/userfaultfd.c @@ -48,21 +48,103 @@ struct vm_area_struct *find_dst_vma(struct mm_struct *dst_mm, return dst_vma; } +/* + * Install PTEs, to map dst_addr (within dst_vma) to page. + * + * This function handles MCOPY_ATOMIC_CONTINUE (which is always file-backed), + * whether or not dst_vma is VM_SHARED. It also handles the more general + * MCOPY_ATOMIC_NORMAL case, when dst_vma is *not* VM_SHARED (it may be file + * backed, or not). + * + * Note that MCOPY_ATOMIC_NORMAL for a VM_SHARED dst_vma is handled by + * shmem_mcopy_atomic_pte instead. + */ +static int mcopy_atomic_install_ptes(struct mm_struct *dst_mm, pmd_t *dst_pmd, + struct vm_area_struct *dst_vma, + unsigned long dst_addr, struct page *page, + enum mcopy_atomic_mode mode, bool wp_copy) +{ + int ret; + pte_t _dst_pte, *dst_pte; + bool is_continue = mode == MCOPY_ATOMIC_CONTINUE; + int writable; + bool vm_shared = dst_vma->vm_flags & VM_SHARED; + bool is_file_backed = dst_vma->vm_file; + spinlock_t *ptl; + struct inode *inode; + pgoff_t offset, max_off; + + _dst_pte = mk_pte(page, dst_vma->vm_page_prot); + writable = dst_vma->vm_flags & VM_WRITE; + /* For CONTINUE on a non-shared VMA, don't pte_mkwrite for CoW. */ + if (is_continue && !vm_shared) + writable = 0; + + if (writable) { + _dst_pte = pte_mkdirty(_dst_pte); + if (wp_copy) + _dst_pte = pte_mkuffd_wp(_dst_pte); + else + _dst_pte = pte_mkwrite(_dst_pte); + } else if (vm_shared) { + /* + * Since we didn't pte_mkdirty(), mark the page dirty or it + * could be freed from under us. We could do this + * unconditionally, but doing it only if !writable is faster. + */ + set_page_dirty(page); + } + + dst_pte = pte_offset_map_lock(dst_mm, dst_pmd, dst_addr, &ptl); + + if (is_file_backed) { + /* The shmem MAP_PRIVATE case requires checking the i_size */ + inode = dst_vma->vm_file->f_inode; + offset = linear_page_index(dst_vma, dst_addr); + max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE); + ret = -EFAULT; + if (unlikely(offset >= max_off)) + goto out_unlock; + } + + ret = -EEXIST; + if (!pte_none(*dst_pte)) + goto out_unlock; + + inc_mm_counter(dst_mm, mm_counter(page)); + if (is_file_backed) + page_add_file_rmap(page, false); + else + page_add_new_anon_rmap(page, dst_vma, dst_addr, false); + + if (!is_continue) + lru_cache_add_inactive_or_unevictable(page, dst_vma); + + set_pte_at(dst_mm, dst_addr, dst_pte, _dst_pte); + + /* No need to invalidate - it was non-present before */ + update_mmu_cache(dst_vma, dst_addr, dst_pte); + pte_unmap_unlock(dst_pte, ptl); + ret = 0; +out: + return ret; +out_unlock: + pte_unmap_unlock(dst_pte, ptl); + goto out; +} + static int mcopy_atomic_pte(struct mm_struct *dst_mm, pmd_t *dst_pmd, struct vm_area_struct *dst_vma, unsigned long dst_addr, unsigned long src_addr, struct page **pagep, + enum mcopy_atomic_mode mode, bool wp_copy) { - pte_t _dst_pte, *dst_pte; - spinlock_t *ptl; void *page_kaddr; int ret; struct page *page; - pgoff_t offset, max_off; - struct inode *inode; if (!*pagep) { ret = -ENOMEM; @@ -99,43 +181,12 @@ static int mcopy_atomic_pte(struct mm_struct *dst_mm, if (mem_cgroup_charge(page, dst_mm, GFP_KERNEL)) goto out_release; - _dst_pte = pte_mkdirty(mk_pte(page, dst_vma->vm_page_prot)); - if (dst_vma->vm_flags & VM_WRITE) { - if (wp_copy) - _dst_pte = pte_mkuffd_wp(_dst_pte); - else - _dst_pte = pte_mkwrite(_dst_pte); - } - - dst_pte = pte_offset_map_lock(dst_mm, dst_pmd, dst_addr, &ptl); - if (dst_vma->vm_file) { - /* the shmem MAP_PRIVATE case requires checking the i_size */ - inode = dst_vma->vm_file->f_inode; - offset = linear_page_index(dst_vma, dst_addr); - max_off = DIV_ROUND_UP(i_size_read(inode), PAGE_SIZE); - ret = -EFAULT; - if (unlikely(offset >= max_off)) - goto out_release_uncharge_unlock; - } - ret = -EEXIST; - if (!pte_none(*dst_pte)) - goto out_release_uncharge_unlock; - - inc_mm_counter(dst_mm, MM_ANONPAGES); - page_add_new_anon_rmap(page, dst_vma, dst_addr, false); - lru_cache_add_inactive_or_unevictable(page, dst_vma); - - set_pte_at(dst_mm, dst_addr, dst_pte, _dst_pte); - - /* No need to invalidate - it was non-present before */ - update_mmu_cache(dst_vma, dst_addr, dst_pte); - - pte_unmap_unlock(dst_pte, ptl); - ret = 0; + ret = mcopy_atomic_install_ptes(dst_mm, dst_pmd, dst_vma, dst_addr, + page, mode, wp_copy); + if (ret) + goto out_release; out: return ret; -out_release_uncharge_unlock: - pte_unmap_unlock(dst_pte, ptl); out_release: put_page(page); goto out; @@ -176,6 +227,38 @@ static int mfill_zeropage_pte(struct mm_struct *dst_mm, return ret; } +static int mcontinue_atomic_pte(struct mm_struct *dst_mm, + pmd_t *dst_pmd, + struct vm_area_struct *dst_vma, + unsigned long dst_addr, + bool wp_copy) +{ + struct inode *inode = file_inode(dst_vma->vm_file); + struct address_space *mapping = inode->i_mapping; + pgoff_t pgoff = linear_page_index(dst_vma, dst_addr); + struct page *page; + int ret; + + ret = -EFAULT; + page = find_lock_page(mapping, pgoff); + if (!page) + goto out; + + ret = mcopy_atomic_install_ptes(dst_mm, dst_pmd, dst_vma, dst_addr, + page, MCOPY_ATOMIC_CONTINUE, wp_copy); + if (ret) + goto out_release; + + unlock_page(page); + ret = 0; +out: + return ret; +out_release: + unlock_page(page); + put_page(page); + goto out; +} + static pmd_t *mm_alloc_pmd(struct mm_struct *mm, unsigned long address) { pgd_t *pgd; @@ -418,7 +501,13 @@ static __always_inline ssize_t mfill_atomic_pte(struct mm_struct *dst_mm, enum mcopy_atomic_mode mode, bool wp_copy) { - ssize_t err; + ssize_t err = 0; + + if (mode == MCOPY_ATOMIC_CONTINUE) { + err = mcontinue_atomic_pte(dst_mm, dst_pmd, dst_vma, dst_addr, + wp_copy); + goto out; + } /* * The normal page fault path for a shmem will invoke the @@ -431,26 +520,20 @@ static __always_inline ssize_t mfill_atomic_pte(struct mm_struct *dst_mm, * and not in the radix tree. */ if (!(dst_vma->vm_flags & VM_SHARED)) { - switch (mode) { - case MCOPY_ATOMIC_NORMAL: + if (mode == MCOPY_ATOMIC_NORMAL) err = mcopy_atomic_pte(dst_mm, dst_pmd, dst_vma, dst_addr, src_addr, page, - wp_copy); - break; - case MCOPY_ATOMIC_ZEROPAGE: + mode, wp_copy); + else if (mode == MCOPY_ATOMIC_ZEROPAGE) err = mfill_zeropage_pte(dst_mm, dst_pmd, dst_vma, dst_addr); - break; - case MCOPY_ATOMIC_CONTINUE: - err = -EINVAL; - break; - } } else { VM_WARN_ON_ONCE(wp_copy); err = shmem_mcopy_atomic_pte(dst_mm, dst_pmd, dst_vma, dst_addr, src_addr, mode, page); } +out: return err; } diff --git a/tools/testing/selftests/vm/userfaultfd.c b/tools/testing/selftests/vm/userfaultfd.c index f6c86b036d0f..d8541a59dae5 100644 --- a/tools/testing/selftests/vm/userfaultfd.c +++ b/tools/testing/selftests/vm/userfaultfd.c @@ -485,6 +485,7 @@ static void wp_range(int ufd, __u64 start, __u64 len, bool wp) static void continue_range(int ufd, __u64 start, __u64 len) { struct uffdio_continue req; + int ret; req.range.start = start; req.range.len = len; @@ -493,6 +494,17 @@ static void continue_range(int ufd, __u64 start, __u64 len) if (ioctl(ufd, UFFDIO_CONTINUE, &req)) err("UFFDIO_CONTINUE failed for address 0x%" PRIx64, (uint64_t)start); + + /* + * Error handling within the kernel for continue is subtly different + * from copy or zeropage, so it may be a source of bugs. Trigger an + * error (-EEXIST) on purpose, to verify doing so doesn't cause a BUG. + */ + req.mapped = 0; + ret = ioctl(ufd, UFFDIO_CONTINUE, &req); + if (ret >= 0 || req.mapped != -EEXIST) + err("failed to exercise UFFDIO_CONTINUE error handling, ret=%d, mapped=%" PRId64, + ret, req.mapped); } static void *locking_thread(void *arg) -- 2.31.0.208.g409f899ff0-goog

3 years, 9 months

3
3
0 0

[next] [arm64] [gpio] BUG: key has not been registered! DEBUG_LOCKS_WARN_ON:

by Naresh Kamboju

While running kselftest recently added gpio gpio-sim.sh test case the following warning was triggered on Linux next tag 20210330 tag running on arm64 juno and hikey devices. GOOD: next-20210326 BAD: next-20210330 This is still happening today on Linux next tag 20210407. # selftests: gpio: gpio-sim.sh # 1. chip_name and dev_name attributes # 1.1. Chip name is communicated to user [ 143.081193] BUG: key ffff000800eba398 has not been registered! [ 143.087326] ------------[ cut here ]------------ [ 143.091987] DEBUG_LOCKS_WARN_ON(1) [ 143.092005] WARNING: CPU: 1 PID: 1821 at /usr/src/kernel/kernel/locking/lockdep.c:4688 lockdep_init_map_type+0xf0/0x298 [ 143.106223] Modules linked in: gpio_sim rfkill tda998x cec drm_kms_helper drm crct10dif_ce fuse [last unloaded: gpio_mockup] [ 143.117495] CPU: 1 PID: 1821 Comm: mv Not tainted 5.12.0-rc5-next-20210330 #1 [ 143.124645] Hardware name: ARM Juno development board (r2) (DT) [ 143.130572] pstate: 40000005 (nZcv daif -PAN -UAO -TCO BTYPE=--) [ 143.136589] pc : lockdep_init_map_type+0xf0/0x298 [ 143.141302] lr : lockdep_init_map_type+0xf0/0x298 [ 143.146014] sp : ffff800013fb3560 [ 143.149330] x29: ffff800013fb3560 x28: 00000000ffffee4b [ 143.154655] x27: 00000000000011b4 x26: 0000000000001000 [ 143.159979] x25: ffff000800eba380 x24: 0000000000000000 [ 143.165303] x23: 0000000000000000 x22: 0000000000000000 [ 143.170626] x21: ffff80001382b000 x20: ffff000800eba398 [ 143.175949] x19: ffff000827ac32a8 x18: ffffffffffffffff [ 143.181273] x17: 0000000000000000 x16: 0000000000000000 [ 143.186595] x15: ffff800012900a88 x14: ffff800093fb3167 [ 143.191918] x13: ffff800013fb3175 x12: 000000000000a0ec [ 143.197241] x11: 0000000005f5e0ff x10: ffff800013fb30c0 [ 143.202565] x9 : ffff800013fb3560 x8 : 4e5241575f534b43 [ 143.207888] x7 : ffff800012989ad8 x6 : ffff800013fb3180 [ 143.213211] x5 : 0000000000000001 x4 : 0000000000000001 [ 143.218534] x3 : ffff800012901000 x2 : 0000000000000000 [ 143.223856] x1 : b4b7acac5f71bc00 x0 : 0000000000000000 [ 143.229180] Call trace: [ 143.231625] lockdep_init_map_type+0xf0/0x298 [ 143.235989] __kernfs_create_file+0xa8/0x1d0 [ 143.240268] sysfs_add_file_mode_ns+0xa8/0x1f8 [ 143.244718] internal_create_group+0x118/0x420 [ 143.249169] sysfs_create_group+0x2c/0x38 [ 143.253185] gpio_sim_probe+0x358/0x3c0 [gpio_sim] [ 143.257995] platform_probe+0x6c/0xd8 [ 143.261663] really_probe+0x16c/0x508 [ 143.265332] driver_probe_device+0x104/0x178 [ 143.269610] __device_attach_driver+0xa4/0x130 [ 143.274062] bus_for_each_drv+0x78/0xd8 [ 143.277903] __device_attach+0xf0/0x178 [ 143.281745] device_initial_probe+0x24/0x30 [ 143.285935] bus_probe_device+0xa0/0xa8 [ 143.289776] device_add+0x424/0x810 [ 143.293270] platform_device_add+0x12c/0x2c0 [ 143.297545] platform_device_register_full+0x124/0x150 [ 143.302692] gpio_sim_config_commit_item+0x160/0x1e0 [gpio_sim] [ 143.308628] configfs_rename+0x1dc/0x220 [ 143.312557] vfs_rename+0x394/0x960 [ 143.316051] do_renameat2+0x408/0x4c0 [ 143.319718] __arm64_sys_renameat+0x5c/0x70 [ 143.323908] el0_svc_common+0x7c/0x158 [ 143.327665] do_el0_svc+0x38/0x90 [ 143.330985] el0_svc+0x20/0x30 [ 143.334045] el0_sync_handler+0x8c/0xb0 [ 143.337886] el0_sync+0x13c/0x140 [ 143.341204] irq event stamp: 5607 [ 143.344520] hardirqs last enabled at (5607): [<ffff800011462dd8>] _raw_spin_unlock_irq+0x48/0x90 [ 143.353410] hardirqs last disabled at (5606): [<ffff8000114586c4>] __schedule+0x364/0x950 [ 143.361605] softirqs last enabled at (5602): [<ffff800010010958>] __do_softirq+0x510/0x63c [ 143.369971] softirqs last disabled at (5577): [<ffff8000100a7474>] irq_exit+0x1b4/0x1c0 [ 143.377992] ---[ end trace bc3c86ef609281aa ]--- # 1.2. chip_name returns 'none' if the chip is still pending Reported-by: Naresh Kamboju <naresh.kamboju(a)linaro.org> metadata: git branch: master git repo: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git git describe: next-20210330 kernel-config: http://snapshots.linaro.org/openembedded/lkft/lkft/sumo/juno/lkft/linux-nex… https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20210407/te… Full test log link, https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20210330/te… git log --oneline next-20210326..next-20210330 -- tools/testing/selftests/gpio/ 9d940ab72645 selftests: gpio: add test cases for gpio-sim 8a4cb2823240 selftests: gpio: add a helper for reading GPIO line names ab1dbed6f4e8 selftests: gpio: provide a helper for reading chip info -- Linaro LKFT https://lkft.linaro.org

3 years, 9 months

2
5
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror