- Linux-kselftest-mirror - lists.linaro.org

[PATCH v3 0/5] Rework KUnit test execution in modules

by David Gow

This patch series makes two changes to how KUnit test suites are stored and executed: - The .kunit_test_suites section is now used for tests in modules (in lieu of a module_init funciton), as well as for built-in tests. The module loader will now trigger test execution. This frees up the module_init function for other uses. - Instead of storing an array of arrays of suites, have the kunit_test_suite() and kunit_test_suites() macros append to one global (or per-module) list of test suites. This removes a needless layer of indirection, and removes the need to NULL-terminate suite_sets. The upshot of this is that it should now be possible to use the kunit_test_suite() and kunit_test_suites() macros to register test suites even from within modules which otherwise had module_init functions. This was proving to be quite a common issue, resulting in several modules calling into KUnit's private suite execution functions to run their tests (often introducing incompatibilities with the KUnit tooling). This series also fixes the thunderbolt, nitro_enclaves, and sdhci-of-aspeed tests to use kunit_test_suite() now that it works. This is required, as otherwise the first two patches may break these tests entirely. Huge thanks to Jeremy Kerr, who designed and implemented the module loader changes, and to Daniel Latypov for pushing the simplification of the nested arrays in .kunit_test_suites. I've tested this series both with builtin tests on a number of architectures, and with modules on x86_64, and it seems good-to-go to me. More testing (particularly of modules) with more interesting setups never hurts, though! Cheers, -- David Changes since v2: https://lore.kernel.org/linux-kselftest/20220621085345.603820-1-davidgow@go… - Add various Reviewed-by and Acked-by tags. - Fix the Kconfig for thunderbolt to not allow USB4=y and KUNIT=m with tests enabled. - Clean up the sdhci-of-aspeed init a bit more (Thanks Daniel) Changes since v1: https://lore.kernel.org/linux-kselftest/20220618090310.1174932-1-davidgow@g… - Fix a compile issue when CONFIG_KUNIT=m (Thanks Christophe) - No longer NULL-terminate suite_sets. - Move the thunderbird Kconfig to the correct patch (Thanks Andra) - Add all the Tested-by and Acked-by tags. --- Daniel Latypov (1): Daniel Latypov (1): kunit: flatten kunit_suite*** to kunit_suite** in .kunit_test_suites David Gow (3): thunderbolt: test: Use kunit_test_suite() macro nitro_enclaves: test: Use kunit_test_suite() macro mmc: sdhci-of-aspeed: test: Use kunit_test_suite() macro Jeremy Kerr (1): kunit: unify module and builtin suite definitions drivers/mmc/host/Kconfig | 5 +- drivers/mmc/host/sdhci-of-aspeed-test.c | 8 +- drivers/mmc/host/sdhci-of-aspeed.c | 34 +---- drivers/thunderbolt/Kconfig | 6 +- drivers/thunderbolt/domain.c | 3 - drivers/thunderbolt/tb.h | 8 - drivers/thunderbolt/test.c | 12 +- drivers/virt/nitro_enclaves/Kconfig | 5 +- drivers/virt/nitro_enclaves/ne_misc_dev.c | 27 ---- .../virt/nitro_enclaves/ne_misc_dev_test.c | 5 +- include/kunit/test.h | 60 ++------ include/linux/module.h | 5 + kernel/module/main.c | 6 + lib/kunit/executor.c | 115 ++++---------- lib/kunit/executor_test.c | 144 +++++------------- lib/kunit/test.c | 54 ++++++- 16 files changed, 154 insertions(+), 343 deletions(-) -- 2.37.0.rc0.161.g10f37bed90-goog

3 years, 5 months

3
12
0 0

<> Rank pharma or adult sites with blackhat SEO <>

by Julianne

Special Blackhat plans for special website needs https://blackhatseoservices.tk/ Unsubscribe: https://mgdots.co/unsubscribe/

3 years, 5 months

1
0
0 0

kselftest/next kselftest-seccomp: 4 runs, 1 regressions (v5.19-rc4-9-gdbeb23272687)

by kernelci.org bot

kselftest/next kselftest-seccomp: 4 runs, 1 regressions (v5.19-rc4-9-gdbeb23272687) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+--------------+----------+---------------------+------------ meson-gxl-s905x-libretech-cc | arm64 | lab-baylibre | gcc-10 | defconfig+kselftest | 1 Details: https://kernelci.org/test/job/kselftest/branch/next/kernel/v5.19-rc4-9-gdbe… Test: kselftest-seccomp Tree: kselftest Branch: next Describe: v5.19-rc4-9-gdbeb23272687 URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git SHA: dbeb232726871352fc3e688ff5b02897f8cb0dc7 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions -----------------------------+-------+--------------+----------+---------------------+------------ meson-gxl-s905x-libretech-cc | arm64 | lab-baylibre | gcc-10 | defconfig+kselftest | 1 Details: https://kernelci.org/test/plan/id/62c8be7aee6aa7d244a39bcf Results: 0 PASS, 1 FAIL, 0 SKIP Full config: defconfig+kselftest Compiler: gcc-10 (aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//kselftest/next/v5.19-rc4-9-gdbeb23272687/arm6… HTML log: https://storage.kernelci.org//kselftest/next/v5.19-rc4-9-gdbeb23272687/arm6… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bullseye-kselftest/2022062… * kselftest-seccomp.login: https://kernelci.org/test/case/id/62c8be7aee6aa7d244a39bd0 failing since 10 days (last pass: v5.19-rc1, first fail: v5.19-rc4-4-g43fe0cc46b62)

3 years, 5 months

1
0
0 0

kselftest/next build: 8 builds: 0 failed, 8 passed (v5.19-rc4-9-gdbeb23272687)

by kernelci.org bot

kselftest/next build: 8 builds: 0 failed, 8 passed (v5.19-rc4-9-gdbeb23272687) Full Build Summary: https://kernelci.org/build/kselftest/branch/next/kernel/v5.19-rc4-9-gdbeb23… Tree: kselftest Branch: next Git Describe: v5.19-rc4-9-gdbeb23272687 Git Commit: dbeb232726871352fc3e688ff5b02897f8cb0dc7 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git Built: 4 unique architectures ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- defconfig+kselftest (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest (arm64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig+kselftest (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v7_defconfig+kselftest (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, clang-14) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

3 years, 5 months

1
0
0 0

[PATCH bpf] selftests/bpf: Fix xdp_synproxy build failure if CONFIG_NF_CONNTRACK=m/n

by Maxim Mikityanskiy

When CONFIG_NF_CONNTRACK=m, struct bpf_ct_opts and enum member BPF_F_CURRENT_NETNS are not exposed. This commit allows building the xdp_synproxy selftest in such cases. Note that nf_conntrack must be loaded before running the test if it's compiled as a module. This commit also allows this selftest to be successfully compiled when CONFIG_NF_CONNTRACK is disabled. One unused local variable of type struct bpf_ct_opts is also removed. Reported-by: Yauheni Kaliuta <ykaliuta(a)redhat.com> Signed-off-by: Maxim Mikityanskiy <maximmi(a)nvidia.com> Fixes: fb5cd0ce70d4 ("selftests/bpf: Add selftests for raw syncookie helpers") --- .../selftests/bpf/progs/xdp_synproxy_kern.c | 24 +++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c b/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c index 9fd62e94b5e6..736686e903f6 100644 --- a/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c +++ b/tools/testing/selftests/bpf/progs/xdp_synproxy_kern.c @@ -77,16 +77,30 @@ struct { __uint(max_entries, MAX_ALLOWED_PORTS); } allowed_ports SEC(".maps"); +/* Some symbols defined in net/netfilter/nf_conntrack_bpf.c are unavailable in + * vmlinux.h if CONFIG_NF_CONNTRACK=m, so they are redefined locally. + */ + +struct bpf_ct_opts___local { + s32 netns_id; + s32 error; + u8 l4proto; + u8 dir; + u8 reserved[2]; +} __attribute__((preserve_access_index)); + +#define BPF_F_CURRENT_NETNS (-1) + extern struct nf_conn *bpf_xdp_ct_lookup(struct xdp_md *xdp_ctx, struct bpf_sock_tuple *bpf_tuple, __u32 len_tuple, - struct bpf_ct_opts *opts, + struct bpf_ct_opts___local *opts, __u32 len_opts) __ksym; extern struct nf_conn *bpf_skb_ct_lookup(struct __sk_buff *skb_ctx, struct bpf_sock_tuple *bpf_tuple, u32 len_tuple, - struct bpf_ct_opts *opts, + struct bpf_ct_opts___local *opts, u32 len_opts) __ksym; extern void bpf_ct_release(struct nf_conn *ct) __ksym; @@ -393,7 +407,7 @@ static __always_inline int tcp_dissect(void *data, void *data_end, static __always_inline int tcp_lookup(void *ctx, struct header_pointers *hdr, bool xdp) { - struct bpf_ct_opts ct_lookup_opts = { + struct bpf_ct_opts___local ct_lookup_opts = { .netns_id = BPF_F_CURRENT_NETNS, .l4proto = IPPROTO_TCP, }; @@ -714,10 +728,6 @@ static __always_inline int syncookie_handle_ack(struct header_pointers *hdr) static __always_inline int syncookie_part1(void *ctx, void *data, void *data_end, struct header_pointers *hdr, bool xdp) { - struct bpf_ct_opts ct_lookup_opts = { - .netns_id = BPF_F_CURRENT_NETNS, - .l4proto = IPPROTO_TCP, - }; int ret; ret = tcp_dissect(data, data_end, hdr); -- 2.30.2

3 years, 5 months

4
3
0 0

[PATCH net-next 0/5] tls: rx: nopad and backlog flushing

by Jakub Kicinski

This small series contains the two changes I've been working towards in the previous ~50 patches a couple of months ago. The first major change is the optional "nopad" optimization. Currently TLS 1.3 Rx performs quite poorly because it does not support the "zero-copy" or rather direct decrypt to a user space buffer. Because of TLS 1.3 record padding we don't know if a record contains data or a control message until we decrypt it. Most records will contain data, tho, so the optimization is to try the decryption hoping its data and retry if it wasn't. The performance gain from doing that is significant (~40%) but if I'm completely honest the major reason is that we call skb_cow_data() on the non-"zc" path. The next series will remove the CoW, dropping the gain to only ~10%. The second change is to flush the backlog every 128kB. Jakub Kicinski (5): tls: rx: don't include tail size in data_len tls: rx: support optimistic decrypt to user buffer with TLS 1.3 tls: rx: add sockopt for enabling optimistic decrypt with TLS 1.3 selftests: tls: add selftest variant for pad tls: rx: periodically flush socket backlog Documentation/networking/tls.rst | 18 +++++++ include/linux/sockptr.h | 8 +++ include/net/tls.h | 3 ++ include/uapi/linux/snmp.h | 1 + include/uapi/linux/tls.h | 2 + net/core/sock.c | 1 + net/tls/tls_main.c | 75 +++++++++++++++++++++++++++ net/tls/tls_proc.c | 1 + net/tls/tls_sw.c | 84 ++++++++++++++++++++++++------- tools/testing/selftests/net/tls.c | 15 ++++++ 10 files changed, 191 insertions(+), 17 deletions(-) -- 2.36.1

3 years, 5 months

3
8
0 0

[PATCH 00/12] Fix several documentation build warnings with Sphinx 2.4.4

by Mauro Carvalho Chehab

This series is against next-20220701. It fixes several warnings that are currently produced while building html docs. Each patch in this series is independent from the others, as each one touches a different file. Mauro Carvalho Chehab (12): docs: ext4: blockmap.rst: fix a broken table docs: tegra194-hte.rst: don't include gpiolib.c twice docs: device-mapper: add a blank line at writecache.rst docs: PCI: pci-vntb-function.rst: Properly include ascii artwork docs: PCI: pci-vntb-howto.rst: fix a title markup docs: virt: kvm: fix a title markup at api.rst docs: ABI: sysfs-bus-nvdimm kunit: test.h: fix a kernel-doc markup net: mac80211: fix a kernel-doc markup docs: alsa: alsa-driver-api.rst: remove a kernel-doc file docs: arm: index.rst: add google/chromebook-boot-flow docs: leds: index.rst: add leds-qcom-lpg to it Documentation/ABI/testing/sysfs-bus-nvdimm | 2 ++ Documentation/PCI/endpoint/pci-vntb-function.rst | 2 +- Documentation/PCI/endpoint/pci-vntb-howto.rst | 2 +- Documentation/admin-guide/device-mapper/writecache.rst | 1 + Documentation/arm/index.rst | 2 ++ Documentation/driver-api/hte/tegra194-hte.rst | 3 +-- Documentation/filesystems/ext4/blockmap.rst | 2 +- Documentation/leds/index.rst | 1 + Documentation/sound/kernel-api/alsa-driver-api.rst | 1 - Documentation/virt/kvm/api.rst | 6 +++--- include/kunit/test.h | 2 +- include/net/mac80211.h | 2 +- 12 files changed, 15 insertions(+), 11 deletions(-) -- 2.36.1

3 years, 5 months

4
4
0 0

[PATCH v13 0/4] trace: Introduce objtrace trigger to trace the kernel object

by Jeff Xie

Introduce a method based on function tracer to trace any object and get the value of the object dynamically. the object can be obtained from the dynamic event (kprobe_event/uprobe_event) or the static event(tracepoint). Usage: When using the kprobe event, only need to set the objtrace(a new trigger), we can get the value of the object. The object is from the setting of the kprobe event. For example: For the function bio_add_page(): int bio_add_page(struct bio *bio, struct page *page, unsigned int len, unsigned int offset) Firstly, we can set the base of the object, thus the first string "arg1" stands for the value of the first parameter of this function bio_add_gage(), # echo 'p bio_add_page arg1=$arg1' > ./kprobe_events Secondly, we can get the value dynamically based on above object. find the offset of the bi_size in struct bio: $ gdb vmlinux (gdb) p &(((struct bio *)0)->bi_iter.bi_size) $1 = (unsigned int *) 0x28 # echo 'objtrace:add:arg1,0x28:u32:1 if comm == "cat"' > ./events/kprobes/ \ p_bio_add_page_0/trigger # cd /sys/kernel/debug/tracing/ # echo 'p bio_add_page arg1=$arg1' > ./kprobe_events # echo 'objtrace:add:arg1,0x28:u32:1 if comm == "cat"' > ./events/kprobes/p_bio_add_page_0/trigger # du -sh /test.txt 12.0K /test.txt # cat /test.txt > /dev/null # cat ./trace # tracer: nop # # entries-in-buffer/entries-written: 128/128 #P:4 # # _-----=> irqs-off/BH-disabled # / _----=> need-resched # | / _---=> hardirq/softirq # || / _--=> preempt-depth # ||| / _-=> migrate-disable # |||| / delay # TASK-PID CPU# ||||| TIMESTAMP FUNCTION # | | | ||||| | | cat-117 [002] ...1. 1.602243: __bio_try_merge_page <-bio_add_page object:0xffff88811bee4000 value:0x0 cat-117 [002] ...1. 1.602244: __bio_add_page <-bio_add_page object:0xffff88811bee4000 value:0x0 cat-117 [002] ...2. 1.602244: bio_add_page <-ext4_mpage_readpages object:0xffff88811bee4000 value:0x1000 cat-117 [002] ...1. 1.602245: __bio_try_merge_page <-bio_add_page object:0xffff88811bee4000 value:0x1000 cat-117 [002] ...1. 1.602245: __bio_add_page <-bio_add_page object:0xffff88811bee4000 value:0x1000 cat-117 [002] ...2. 1.602245: bio_add_page <-ext4_mpage_readpages object:0xffff88811bee4000 value:0x2000 cat-117 [002] ...1. 1.602245: __bio_try_merge_page <-bio_add_page object:0xffff88811bee4000 value:0x2000 cat-117 [002] ...1. 1.602245: __bio_add_page <-bio_add_page object:0xffff88811bee4000 value:0x2000 cat-117 [002] ...1. 1.602245: submit_bio <-ext4_mpage_readpages object:0xffff88811bee4000 value:0x3000 cat-117 [002] ...1. 1.602245: submit_bio_noacct <-ext4_mpage_readpages object:0xffff88811bee4000 value:0x3000 cat-117 [002] ...1. 1.602246: __submit_bio <-submit_bio_noacct object:0xffff88811bee4000 value:0x3000 cat-117 [002] ...1. 1.602246: submit_bio_checks <-__submit_bio object:0xffff88811bee4000 value:0x3000 cat-117 [002] ...1. 1.602246: __cond_resched <-submit_bio_checks object:0xffff88811bee4000 value:0x3000 cat-117 [002] ...1. 1.602246: should_fail_bio <-submit_bio_checks object:0xffff88811bee4000 value:0x3000 cat-117 [002] ...1. 1.602246: blk_mq_submit_bio <-submit_bio_noacct object:0xffff88811bee4000 value:0x3000 cat-117 [002] ...1. 1.602246: blk_attempt_plug_merge <-blk_mq_submit_bio object:0xffff88811bee4000 value:0x3000 cat-117 [002] ...1. 1.602246: blk_mq_sched_bio_merge <-blk_mq_submit_bio object:0xffff88811bee4000 value:0x3000 cat-117 [002] ...1. 1.602247: __rcu_read_lock <-blk_mq_submit_bio object:0xffff88811bee4000 value:0x3000 cat-117 [002] ...1. 1.602247: __rcu_read_unlock <-blk_mq_submit_bio object:0xffff88811bee4000 value:0x3000 cat-117 [002] ...1. 1.602247: __blk_mq_alloc_requests <-blk_mq_submit_bio object:0xffff88811bee4000 value:0x3000 <idle>-0 [002] d..3. 1.602298: bio_endio <-blk_update_request object:0xffff88811bee4000 value:0x0 <idle>-0 [002] d..3. 1.602298: mpage_end_io <-blk_update_request object:0xffff88811bee4000 value:0x0 <idle>-0 [002] d..3. 1.602298: __read_end_io <-blk_update_request object:0xffff88811bee4000 value:0x0 <idle>-0 [002] d..3. 1.602300: bio_put <-blk_update_request object:0xffff88811bee4000 value:0x0 <idle>-0 [002] d..3. 1.602300: bio_free <-blk_update_request object:0xffff88811bee4000 value:0x0 <idle>-0 [002] d..3. 1.602300: mempool_free <-blk_update_request object:0xffff88811bee4000 value:0x0 <idle>-0 [002] d..3. 1.602300: mempool_free_slab <-blk_update_request object:0xffff88811bee4000 value:0x0 <idle>-0 [002] d..3. 1.602300: kmem_cache_free <-blk_update_request object:0xffff88811bee4000 value:0x0 ... Almost all changelogs were suggested by Masami(mhiramat(a)kernel.org) and steve(rostedt(a)goodmis.org), thank you all so much. v13: - remove the 's' type, since the objtrace event doesn't show the value with sign - change the [3/4] tag with 'selftests/ftrace' instead of 'trace/objtrace' - add 'Documentation:' tag for [4/4] v12: - use the %zu to print the sizeof Reported-by: kernel test robot <lkp(a)intel.com> Suggested-by: Nathan Chancellor <nathan(a)kernel.org> v11: - remove useless atomic counting methods for num_traced_obj - make array objtrace_fetch_types null terminated - add raw_spin_lock_init for obj_data_lock v10: - support ftrace instances - use trace_buffer_lock_reserve instead of trace_event_buffer_lock_reserve - a lot of cleanup work has been done mainly for event_object_trigger_parse v9: - fix objtrace trigger output was incomplete - fix the objtrace trigger was removed when using the existed parameter on event. - add testcase for the second fix above. v8: - revert to use per-cpu recursion for the function trace_object_events_call - recover the filter when getting the value of the object - simplify the implementation for the function get_object_value - fix the build error v7: - use fixed-size array for object pool instead of list structure - use ftrace_test_recursion_trylock for function trace hook function - fix trace_object_ref reference count in the init_trace_object - invoke exit_trace_object no matter whether data->ops->free is null in the unregister_object_trigger - release private_data of event_trigger_data in the trace_object_trigger_free - remove [RFC] tag v6: - change the objtrace trigger syntax. - add patchset description - add <tracefs>/README v5: - add testcasts - add check the field->size - add lockless to search object - describe the object trace more clearly in Kconfig v4: - please ignore the v4 which is the same as v3 v3: - change the objfilter to objtrace - add a command to the objfilter syntax - change to get the value of the object - use trace_find_event_field to find the field instead of using argN - get data from @rec in the event trigger callback funciton v2: - adding a "objfilter" trigger to update object Jeff Xie (4): trace: Add trace any kernel object trace/objtrace: Get the value of the object selftests/ftrace: Add testcases for objtrace Documentation: trace/objtrace: Add documentation for objtrace Documentation/trace/events.rst | 83 +++ include/linux/trace_events.h | 1 + kernel/trace/Kconfig | 10 + kernel/trace/Makefile | 1 + kernel/trace/trace.c | 11 + kernel/trace/trace.h | 21 + kernel/trace/trace_entries.h | 18 + kernel/trace/trace_events_trigger.c | 5 +- kernel/trace/trace_object.c | 611 ++++++++++++++++++ kernel/trace/trace_output.c | 40 ++ .../ftrace/test.d/trigger/trigger-objtrace.tc | 41 ++ 11 files changed, 840 insertions(+), 2 deletions(-) create mode 100644 kernel/trace/trace_object.c create mode 100644 tools/testing/selftests/ftrace/test.d/trigger/trigger-objtrace.tc base-commit: 408d26e261b089596c0837e71d2fb4a80ea04ef3 -- 2.25.1

3 years, 5 months

4
11
0 0

[PATCH v4 0/9] drm: selftest: Convert to KUnit

by Maíra Canal

Hi everyone, Here is the v4 of the conversion of selftests to KUnit. Since the v3, there have been minor fixes, asked by Javier. Basically, fixes on the SoB chain and addition of Copywrites. Thanks for your attention and any feedback is welcomed! Best Regards, - Maíra Canal v1 -> v2: https://lore.kernel.org/dri-devel/20220615135824.15522-1-maira.canal@usp.br… - The suites not longer end in _tests (David Gow). - Remove the TODO entry involving the conversion of selftests to KUnit (Javier Martinez Canillas). - Change the filenames to match the documentation: use *_test.c (Javier Martinez Canillas). - Add MODULE_LICENSE to all tests (kernel test robot). - Make use of a generic symbol to group all tests - DRM_KUNIT_TEST (Javier Martinez Canillas). - Add .kunitconfig on the first patch (it was on the second patch of the series). - Straightforward conversion of the drm_cmdline_parser tests without functional changes (Shuah Khan) - Add David's Tested-by tags. v2 -> v3: https://lore.kernel.org/dri-devel/20220621200926.257002-1-maira.canal@usp.b… - Rebase it on top of the drm-misc-next with drm_format_helper KUnit tests. - Change KUNIT_EXPECT_FALSE to KUNIT_EXPECT_EQ on drm_format_test (Daniel Latypov). - Add Daniel's Acked-by tag. v3 -> v4: https://lore.kernel.org/dri-devel/9185aadb-e459-00fe-70be-3675f6f3ef4c@redh… - Add blank line after #include <kunit/test.h> (Javier Martinez Canillas). - Make the order of the tags chronological (Javier Martinez Canillas). - Add Copywrite to the tests (Javier Martinez Canillas). - Add Javier Martinez Canillas's Reviewed-by tag. Arthur Grillo (1): drm: selftest: convert drm_mm selftest to KUnit Maíra Canal (8): drm: selftest: convert drm_damage_helper selftest to KUnit drm: selftest: convert drm_cmdline_parser selftest to KUnit drm: selftest: convert drm_rect selftest to KUnit drm: selftest: convert drm_format selftest to KUnit drm: selftest: convert drm_plane_helper selftest to KUnit drm: selftest: convert drm_dp_mst_helper selftest to KUnit drm: selftest: convert drm_framebuffer selftest to KUnit drm: selftest: convert drm_buddy selftest to KUnit Documentation/gpu/todo.rst | 11 - drivers/gpu/drm/Kconfig | 20 +- drivers/gpu/drm/Makefile | 1 - drivers/gpu/drm/selftests/Makefile | 8 - .../gpu/drm/selftests/drm_buddy_selftests.h | 15 - .../gpu/drm/selftests/drm_cmdline_selftests.h | 68 - drivers/gpu/drm/selftests/drm_mm_selftests.h | 28 - .../gpu/drm/selftests/drm_modeset_selftests.h | 40 - drivers/gpu/drm/selftests/drm_selftest.c | 109 -- drivers/gpu/drm/selftests/drm_selftest.h | 41 - drivers/gpu/drm/selftests/test-drm_buddy.c | 994 -------------- .../drm/selftests/test-drm_cmdline_parser.c | 1141 ----------------- .../drm/selftests/test-drm_damage_helper.c | 668 ---------- drivers/gpu/drm/selftests/test-drm_format.c | 280 ---- .../drm/selftests/test-drm_modeset_common.c | 32 - .../drm/selftests/test-drm_modeset_common.h | 52 - drivers/gpu/drm/tests/Makefile | 4 +- drivers/gpu/drm/tests/drm_buddy_test.c | 750 +++++++++++ .../gpu/drm/tests/drm_cmdline_parser_test.c | 1080 ++++++++++++++++ .../gpu/drm/tests/drm_damage_helper_test.c | 637 +++++++++ .../drm_dp_mst_helper_test.c} | 87 +- drivers/gpu/drm/tests/drm_format_test.c | 287 +++++ .../drm_framebuffer_test.c} | 26 +- .../test-drm_mm.c => tests/drm_mm_test.c} | 1136 +++++++--------- .../drm_plane_helper_test.c} | 104 +- .../test-drm_rect.c => tests/drm_rect_test.c} | 125 +- 26 files changed, 3406 insertions(+), 4338 deletions(-) delete mode 100644 drivers/gpu/drm/selftests/Makefile delete mode 100644 drivers/gpu/drm/selftests/drm_buddy_selftests.h delete mode 100644 drivers/gpu/drm/selftests/drm_cmdline_selftests.h delete mode 100644 drivers/gpu/drm/selftests/drm_mm_selftests.h delete mode 100644 drivers/gpu/drm/selftests/drm_modeset_selftests.h delete mode 100644 drivers/gpu/drm/selftests/drm_selftest.c delete mode 100644 drivers/gpu/drm/selftests/drm_selftest.h delete mode 100644 drivers/gpu/drm/selftests/test-drm_buddy.c delete mode 100644 drivers/gpu/drm/selftests/test-drm_cmdline_parser.c delete mode 100644 drivers/gpu/drm/selftests/test-drm_damage_helper.c delete mode 100644 drivers/gpu/drm/selftests/test-drm_format.c delete mode 100644 drivers/gpu/drm/selftests/test-drm_modeset_common.c delete mode 100644 drivers/gpu/drm/selftests/test-drm_modeset_common.h create mode 100644 drivers/gpu/drm/tests/drm_buddy_test.c create mode 100644 drivers/gpu/drm/tests/drm_cmdline_parser_test.c create mode 100644 drivers/gpu/drm/tests/drm_damage_helper_test.c rename drivers/gpu/drm/{selftests/test-drm_dp_mst_helper.c => tests/drm_dp_mst_helper_test.c} (72%) create mode 100644 drivers/gpu/drm/tests/drm_format_test.c rename drivers/gpu/drm/{selftests/test-drm_framebuffer.c => tests/drm_framebuffer_test.c} (96%) rename drivers/gpu/drm/{selftests/test-drm_mm.c => tests/drm_mm_test.c} (58%) rename drivers/gpu/drm/{selftests/test-drm_plane_helper.c => tests/drm_plane_helper_test.c} (62%) rename drivers/gpu/drm/{selftests/test-drm_rect.c => tests/drm_rect_test.c} (53%) -- 2.36.1

3 years, 5 months

3
12
0 0

[PATCH v6 0/5] bpf: Add bpf_verify_pkcs7_signature() helper

by Roberto Sassu

One of the desirable features in security is the ability to restrict import of data to a given system based on data authenticity. If data import can be restricted, it would be possible to enforce a system-wide policy based on the signing keys the system owner trusts. This feature is widely used in the kernel. For example, if the restriction is enabled, kernel modules can be plugged in only if they are signed with a key whose public part is in the primary or secondary keyring. For eBPF, it can be useful as well. For example, it might be useful to authenticate data an eBPF program makes security decisions on. After a discussion in the eBPF mailing list, it was decided that the stated goal should be accomplished by introducing a new helper: bpf_verify_pkcs7_signature(), dedicated to verify PKCS#7 signatures. More helpers will be introduced later, as necessary. The job of bpf_verify_pkcs7_signature() is to retrieve the trusted keyring from function parameters, and to perform signature verification by calling verify_pkcs7_signature(). Data and signature can be provided to the new helper with two dynamic pointers, to reduce the number of parameters. The keyring can be provided by its serial, or by its special ID defined in verification.h, if the serial is zero (not a valid value). bpf_verify_pkcs7_signature() also accepts key lookup-specific flags, passed to lookup_user_key() when the helper searches the keyring by its serial. While passing the keyring serial to bpf_verify_pkcs7_signature() provides great flexibility, it seems suboptimal in terms of security guarantees, as even if the eBPF program is assumed to be trusted, that serial might come from untrusted user space not choosing one that the system administrator approves to enforce a mandatory policy. The same goal could be instead more easily achieved by setting a hardcoded keyring ID in the signed eBPF program, to be passed to bpf_verify_pkcs7_signature(). bpf_verify_pkcs7_signature() can be called only from sleepable programs, because of memory allocation (with lookup flag KEY_LOOKUP_CREATE) and crypto operations. For example, the lsm.s/bpf attach point is suitable, fexit/array_map_update_elem is not. A test was added to check the ability of bpf_verify_pkcs7_signature() to verify PKCS#7 signatures from the session keyring, a newly-created keyring, and from the primary and secondary keyring (taking the tcp_bic.ko kernel module for the verification). The test does not fail if that kernel module is not found (needs support from the CI). A consideration was made on whether bpf_verify_pkcs7_signature() should be a simple wrapper, doing as little as possible, or whether it could have more complex logic. Having a simple and flexible wrapper requires two additional helpers, bpf_lookup_user_key() and bpf_key_put(), to search and acquire a key reference, pass that key to the wrapper, and release the reference. More care is also required on the eBPF verifier side, to ensure that an eBPF program always releases an acquired reference. While that gives eBPF developers the greatest flexibility to use the helpers as necessary, it does not match the security of the solution of retrieving the key and using it within the same function, as for example in security/keys/keyctl.c. The risk is that an eBPF program requests a key for a purpose, and then uses the key in a different way with one of the available key-related helpers (to be added in the future). struct key is not like a file descriptor, carrying permissions requested during an open, that can be revalidated at the time a read or write is performed. It is more close to a struct inode, the function using the key cannot know reliably which permission was requested at lookup time. For that reason, the key lookup and usage cannot be separated, as the kernel will guarantee (also to other MAC mechanisms) that once a key has been requested with a specific purpose, it will be used accordingly, beyond the control of eBFP programs. The patch set is organized as follows. Patch 1 exports bpf_dynptr_get_size(), to obtain the real size of data carried by a dynamic pointer. Patch 2 makes available for new eBPF helpers some key-related definitions. Patch 3 fixes the helper prototype regular expression to accept unsigned as type prefix. Patch 4 introduces the bpf_verify_pkcs7_signature() helper and patch 5 adds the corresponding test. Changelog v5: - Move KEY_LOOKUP_ to include/linux/key.h for validation of bpf_verify_pkcs7_signature() parameter - Remove bpf_lookup_user_key() and bpf_key_put() helpers, and the corresponding tests - Replace struct key parameter of bpf_verify_pkcs7_signature() with the keyring serial and lookup flags - Call lookup_user_key() and key_put() in bpf_verify_pkcs7_signature() code, to ensure that the retrieved key is used according to the permission requested at lookup time - Clarified keyring precedence in the description of bpf_verify_pkcs7_signature() (suggested by John) - Remove newline in the second argument of ASSERT_ - Fix helper prototype regular expression in bpf_doc.py v4: - Remove bpf_request_key_by_id(), don't return an invalid pointer that other helpers can use - Pass the keyring ID (without ULONG_MAX, suggested by Alexei) to bpf_verify_pkcs7_signature() - Introduce bpf_lookup_user_key() and bpf_key_put() helpers (suggested by Alexei) - Add lookup_key_norelease test, to ensure that the verifier blocks eBPF programs which don't decrement the key reference count - Parse raw PKCS#7 signature instead of module-style signature in the verify_pkcs7_signature test (suggested by Alexei) - Parse kernel module in user space and pass raw PKCS#7 signature to the eBPF program for signature verification v3: - Rename bpf_verify_signature() back to bpf_verify_pkcs7_signature() to avoid managing different parameters for each signature verification function in one helper (suggested by Daniel) - Use dynamic pointers and export bpf_dynptr_get_size() (suggested by Alexei) - Introduce bpf_request_key_by_id() to give more flexibility to the caller of bpf_verify_pkcs7_signature() to retrieve the appropriate keyring (suggested by Alexei) - Fix test by reordering the gcc command line, always compile sign-file - Improve helper support check mechanism in the test v2: - Rename bpf_verify_pkcs7_signature() to a more generic bpf_verify_signature() and pass the signature type (suggested by KP) - Move the helper and prototype declaration under #ifdef so that user space can probe for support for the helper (suggested by Daniel) - Describe better the keyring types (suggested by Daniel) - Include linux/bpf.h instead of vmlinux.h to avoid implicit or redeclaration - Make the test selfcontained (suggested by Alexei) v1: - Don't define new map flag but introduce simple wrapper of verify_pkcs7_signature() (suggested by Alexei and KP) Roberto Sassu (5): bpf: Export bpf_dynptr_get_size() KEYS: Move KEY_LOOKUP_ to include/linux/key.h scripts: Handle unsigned type prefix in bpf_doc.py bpf: Add bpf_verify_pkcs7_signature() helper selftests/bpf: Add test for bpf_verify_pkcs7_signature() helper include/linux/bpf.h | 1 + include/linux/key.h | 3 + include/uapi/linux/bpf.h | 24 ++ kernel/bpf/bpf_lsm.c | 63 +++ kernel/bpf/helpers.c | 2 +- scripts/bpf_doc.py | 2 +- security/keys/internal.h | 2 - tools/include/uapi/linux/bpf.h | 24 ++ tools/testing/selftests/bpf/Makefile | 14 +- tools/testing/selftests/bpf/config | 2 + .../bpf/prog_tests/verify_pkcs7_sig.c | 359 ++++++++++++++++++ .../bpf/progs/test_verify_pkcs7_sig.c | 79 ++++ .../testing/selftests/bpf/verify_sig_setup.sh | 104 +++++ 13 files changed, 672 insertions(+), 7 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c create mode 100644 tools/testing/selftests/bpf/progs/test_verify_pkcs7_sig.c create mode 100755 tools/testing/selftests/bpf/verify_sig_setup.sh -- 2.25.1

3 years, 5 months

3
10
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror