- Linux-kselftest-mirror - lists.linaro.org

[PATCH bpf-next v3 4/4] selftests: bpf: test RENAME_EXCHANGE and RENAME_NOREPLACE on bpffs

by Lorenz Bauer

Add tests to exercise the behaviour of RENAME_EXCHANGE and RENAME_NOREPLACE on bpffs. The former checks that after an exchange the inode of two directories has changed. The latter checks that the source still exists after a failed rename. Signed-off-by: Lorenz Bauer <lmb(a)cloudflare.com> --- .../selftests/bpf/prog_tests/test_bpffs.c | 65 ++++++++++++++++++- 1 file changed, 64 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/prog_tests/test_bpffs.c b/tools/testing/selftests/bpf/prog_tests/test_bpffs.c index 533e3f3a459a..d29ebfeef9c5 100644 --- a/tools/testing/selftests/bpf/prog_tests/test_bpffs.c +++ b/tools/testing/selftests/bpf/prog_tests/test_bpffs.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 /* Copyright (c) 2020 Facebook */ #define _GNU_SOURCE +#include <stdio.h> #include <sched.h> #include <sys/mount.h> #include <sys/stat.h> @@ -29,7 +30,8 @@ static int read_iter(char *file) static int fn(void) { - int err; + struct stat a, b, c; + int err, map; err = unshare(CLONE_NEWNS); if (!ASSERT_OK(err, "unshare")) @@ -67,6 +69,67 @@ static int fn(void) err = read_iter(TDIR "/fs2/progs.debug"); if (!ASSERT_OK(err, "reading " TDIR "/fs2/progs.debug")) goto out; + + err = mkdir(TDIR "/fs1/a", 0777); + if (!ASSERT_OK(err, "creating " TDIR "/fs1/a")) + goto out; + err = mkdir(TDIR "/fs1/a/1", 0777); + if (!ASSERT_OK(err, "creating " TDIR "/fs1/a/1")) + goto out; + err = mkdir(TDIR "/fs1/b", 0777); + if (!ASSERT_OK(err, "creating " TDIR "/fs1/b")) + goto out; + + map = bpf_create_map(BPF_MAP_TYPE_ARRAY, 4, 4, 1, 0); + if (!ASSERT_GT(map, 0, "create_map(ARRAY)")) + goto out; + err = bpf_obj_pin(map, TDIR "/fs1/c"); + if (!ASSERT_OK(err, "pin map")) + goto out; + close(map); + + /* Check that RENAME_EXCHANGE works for directories. */ + err = stat(TDIR "/fs1/a", &a); + if (!ASSERT_OK(err, "stat(" TDIR "/fs1/a)")) + goto out; + err = renameat2(0, TDIR "/fs1/a", 0, TDIR "/fs1/b", RENAME_EXCHANGE); + if (!ASSERT_OK(err, "renameat2(/fs1/a, /fs1/b, RENAME_EXCHANGE)")) + goto out; + err = stat(TDIR "/fs1/b", &b); + if (!ASSERT_OK(err, "stat(" TDIR "/fs1/b)")) + goto out; + if (!ASSERT_EQ(a.st_ino, b.st_ino, "b should have a's inode")) + goto out; + err = access(TDIR "/fs1/b/1", F_OK); + if (!ASSERT_OK(err, "access(" TDIR "/fs1/b/1)")) + goto out; + + /* Check that RENAME_EXCHANGE works for mixed file types. */ + err = stat(TDIR "/fs1/c", &c); + if (!ASSERT_OK(err, "stat(" TDIR "/fs1/map)")) + goto out; + err = renameat2(0, TDIR "/fs1/c", 0, TDIR "/fs1/b", RENAME_EXCHANGE); + if (!ASSERT_OK(err, "renameat2(/fs1/c, /fs1/b, RENAME_EXCHANGE)")) + goto out; + err = stat(TDIR "/fs1/b", &b); + if (!ASSERT_OK(err, "stat(" TDIR "/fs1/b)")) + goto out; + if (!ASSERT_EQ(c.st_ino, b.st_ino, "b should have c's inode")) + goto out; + err = access(TDIR "/fs1/c/1", F_OK); + if (!ASSERT_OK(err, "access(" TDIR "/fs1/c/1)")) + goto out; + + /* Check that RENAME_NOREPLACE works. */ + err = renameat2(0, TDIR "/fs1/b", 0, TDIR "/fs1/a", RENAME_NOREPLACE); + if (!ASSERT_ERR(err, "renameat2(RENAME_NOREPLACE)")) { + err = -EINVAL; + goto out; + } + err = access(TDIR "/fs1/b", F_OK); + if (!ASSERT_OK(err, "access(" TDIR "/fs1/b)")) + goto out; + out: umount(TDIR "/fs1"); umount(TDIR "/fs2"); -- 2.32.0

3 years, 10 months

1
0
0 0

[PATCH bpf-next v3 3/4] selftests: bpf: convert test_bpffs to ASSERT macros

by Lorenz Bauer

Remove usage of deprecated CHECK macros. Signed-off-by: Lorenz Bauer <lmb(a)cloudflare.com> --- .../selftests/bpf/prog_tests/test_bpffs.c | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/test_bpffs.c b/tools/testing/selftests/bpf/prog_tests/test_bpffs.c index 172c999e523c..533e3f3a459a 100644 --- a/tools/testing/selftests/bpf/prog_tests/test_bpffs.c +++ b/tools/testing/selftests/bpf/prog_tests/test_bpffs.c @@ -29,43 +29,43 @@ static int read_iter(char *file) static int fn(void) { - int err, duration = 0; + int err; err = unshare(CLONE_NEWNS); - if (CHECK(err, "unshare", "failed: %d\n", errno)) + if (!ASSERT_OK(err, "unshare")) goto out; err = mount("", "/", "", MS_REC | MS_PRIVATE, NULL); - if (CHECK(err, "mount /", "failed: %d\n", errno)) + if (!ASSERT_OK(err, "mount /")) goto out; err = umount(TDIR); - if (CHECK(err, "umount " TDIR, "failed: %d\n", errno)) + if (!ASSERT_OK(err, "umount " TDIR)) goto out; err = mount("none", TDIR, "tmpfs", 0, NULL); - if (CHECK(err, "mount", "mount root failed: %d\n", errno)) + if (!ASSERT_OK(err, "mount tmpfs")) goto out; err = mkdir(TDIR "/fs1", 0777); - if (CHECK(err, "mkdir "TDIR"/fs1", "failed: %d\n", errno)) + if (!ASSERT_OK(err, "mkdir " TDIR "/fs1")) goto out; err = mkdir(TDIR "/fs2", 0777); - if (CHECK(err, "mkdir "TDIR"/fs2", "failed: %d\n", errno)) + if (!ASSERT_OK(err, "mkdir " TDIR "/fs2")) goto out; err = mount("bpf", TDIR "/fs1", "bpf", 0, NULL); - if (CHECK(err, "mount bpffs "TDIR"/fs1", "failed: %d\n", errno)) + if (!ASSERT_OK(err, "mount bpffs " TDIR "/fs1")) goto out; err = mount("bpf", TDIR "/fs2", "bpf", 0, NULL); - if (CHECK(err, "mount bpffs " TDIR "/fs2", "failed: %d\n", errno)) + if (!ASSERT_OK(err, "mount bpffs " TDIR "/fs2")) goto out; err = read_iter(TDIR "/fs1/maps.debug"); - if (CHECK(err, "reading " TDIR "/fs1/maps.debug", "failed\n")) + if (!ASSERT_OK(err, "reading " TDIR "/fs1/maps.debug")) goto out; err = read_iter(TDIR "/fs2/progs.debug"); - if (CHECK(err, "reading " TDIR "/fs2/progs.debug", "failed\n")) + if (!ASSERT_OK(err, "reading " TDIR "/fs2/progs.debug")) goto out; out: umount(TDIR "/fs1"); -- 2.32.0

3 years, 10 months

1
0
0 0

[PATCH v3 00/13] integrity: Introduce DIGLIM

by Roberto Sassu

Status ====== This version of the patch set implements the suggestions received for version 2. Apart from one patch added for the IMA API and few fixes, there are no substantial changes. It has been tested on: x86_64, UML (x86_64), s390x (big endian). The long term goal is to boot a system with appraisal enabled and with DIGLIM as repository for reference values, taken from the RPM database. Changes required: - new execution policies in IMA (https://lore.kernel.org/linux-integrity/20210409114313.4073-1-roberto.sassu…) - support for the euid policy keyword for critical data (https://lore.kernel.org/linux-integrity/20210705115650.3373599-1-roberto.sa…) - basic DIGLIM (this patch set) - additional DIGLIM features (loader, LSM, user space utilities) - support for DIGLIM in IMA - support for PGP keys and signatures (from David Howells) - support for PGP appended signatures in IMA Introduction ============ Digest Lists Integrity Module (DIGLIM) is a component of the integrity subsystem in the kernel, primarily aiming to aid Integrity Measurement Architecture (IMA) in the process of checking the integrity of file content and metadata. It accomplishes this task by storing reference values coming from software vendors and by reporting whether or not the digest of file content or metadata calculated by IMA (or EVM) is found among those values. In this way, IMA can decide, depending on the result of a query, if a measurement should be taken or access to the file should be granted. The Security Assumptions section explains more in detail why this component has been placed in the kernel. The main benefits of using IMA in conjunction with DIGLIM are the ability to implement advanced remote attestation schemes based on the usage of a TPM key for establishing a TLS secure channel[1][2], and to reduce the burden on Linux distribution vendors to extend secure boot at OS level to applications. DIGLIM does not have the complexity of feature-rich databases. In fact, its main functionality comes from the hash table primitives already in the kernel. It does not have an ad-hoc storage module, it just indexes data in a fixed format (digest lists, a set of concatenated digests preceded by a header), copied to kernel memory as they are. Lastly, it does not support database-oriented languages such as SQL, but only accepts a digest and its algorithm as a query. The only digest list format supported by DIGLIM is called compact. However, Linux distribution vendors don't have to generate new digest lists in this format for the packages they release, as already available information, such as RPM headers and DEB package metadata, can be used as a source for reference values (they include file digests), with a user space parser taking care of the conversion to the compact format. Although one might perceive that storing file or metadata digests for a Linux distribution would significantly increase the memory usage, this does not seem to be the case. As an anticipation of the evaluation done in the Preliminary Performance Evaluation section, protecting binaries and shared libraries of a minimal Fedora 33 installation requires 208K of memory for the digest lists plus 556K for indexing. In exchange for a slightly increased memory usage, DIGLIM improves the performance of the integrity subsystem. In the considered scenario, IMA measurement and appraisal of 5896 files with digest lists requires respectively less than one quarter and less than half the time, compared to the current solution. DIGLIM also keeps track of whether digest lists have been processed in some way (e.g. measured or appraised by IMA). This is important for example for remote attestation, so that remote verifiers understand what has been uploaded to the kernel. Operations in DIGLIM are atomic: if an error occurs during the addition of a digest list, DIGLIM rolls back the entire insert operation; deletions instead always succeed. This capability has been tested with an ad-hoc fault injection mechanism capable of simulating failures during the operations. Finally, DIGLIM exposes to user space, through securityfs, the digest lists currently loaded, the number of digests added, a query interface and an interface to set digest list labels. Binary Integrity Integrity is a fundamental security property in information systems. Integrity could be described as the condition in which a generic component is just after it has been released by the entity that created it. One way to check whether a component is in this condition (called binary integrity) is to calculate its digest and to compare it with a reference value (i.e. the digest calculated in controlled conditions, when the component is released). IMA, a software part of the integrity subsystem, can perform such evaluation and execute different actions: - store the digest in an integrity-protected measurement list, so that it can be sent to a remote verifier for analysis; - compare the calculated digest with a reference value (usually protected with a signature) and deny operations if the file is found corrupted; - store the digest in the system log. Benefits DIGLIM further enhances the capabilities offered by IMA-based solutions and, at the same time, makes them more practical to adopt by reusing existing sources as reference values for integrity decisions. Possible sources for digest lists are: - RPM headers; - Debian repository metadata. Benefits for IMA Measurement One of the issues that arises when files are measured by the OS is that, due to parallel execution, the order in which file accesses happen cannot be predicted. Since the TPM Platform Configuration Register (PCR) extend operation, executed after each file measurement, cryptographically binds the current measurement to the previous ones, the PCR value at the end of a workload cannot be predicted too. Thus, even if the usage of a TPM key, bound to a PCR value, should be allowed when only good files were accessed, the TPM could unexpectedly deny an operation on that key if files accesses did not happen as stated by the key policy (which allows only one of the possible sequences). DIGLIM solves this issue by making the PCR value stable over the time and not dependent on file accesses. The following figure depicts the current and the new approaches: IMA measurement list (current) entry# 1st boot 2nd boot 3rd boot +----+---------------+ +----+---------------+ +----+---------------+ 1: | 10 | file1 measur. | | 10 | file3 measur. | | 10 | file2 measur. | +----+---------------+ +----+---------------+ +----+---------------+ 2: | 10 | file2 measur. | | 10 | file2 measur. | | 10 | file3 measur. | +----+---------------+ +----+---------------+ +----+---------------+ 3: | 10 | file3 measur. | | 10 | file1 measur. | | 10 | file4 measur. | +----+---------------+ +----+---------------+ +----+---------------+ PCR: Extend != Extend != Extend file1, file2, file3 file3, file2, file1 file2, file3, file4 PCR Extend definition: PCR(new value) = Hash(Hash(meas. entry), PCR(previous value)) A new entry in the measurement list is created by IMA for each file access. Assuming that file1, file2 and file3 are files provided by the software vendor, file4 is an unknown file, the first two PCR values above represent a good system state, the third a bad system state. The PCR values are the result of the PCR extend operation performed for each measurement entry with the digest of the measurement entry as an input. IMA measurement list (with DIGLIM) dlist +--------------+ | header | +--------------+ | file1 digest | | file2 digest | | file3 digest | +--------------+ dlist is a digest list containing the digest of file1, file2 and file3. In the intended scenario, it is generated by a software vendor at the end of the building process, and retrieved by the administrator of the system where the digest list is loaded. entry# 1st boot 2nd boot 3rd boot +----+---------------+ +----+---------------+ +----+---------------+ 0: | 11 | dlist measur. | | 11 | dlist measur. | | 11 | dlist measur. | +----+---------------+ +----+---------------+ +----+---------------+ 1: < file1 measur. skip > < file3 measur. skip > < file2 measur. skip > 2: < file2 measur. skip > < file2 measur. skip > < file3 measur. skip > +----+---------------+ 3: < file3 measur. skip > < file1 measur. skip > | 11 | file4 measur. | +----+---------------+ PCR: Extend = Extend != Extend dlist dlist dlist, file4 The first entry in the measurement list contains the digest of the digest list uploaded to the kernel at kernel initialization time. When a file is accessed, IMA queries DIGLIM with the calculated file digest and, if it is found, IMA skips the measurement. Thus, the only information sent to remote verifiers are: the list of files that could possibly be accessed (from the digest list), but not if they were accessed and when; the measurement of unknown files. Despite providing less information, this solution has the advantage that the good system state (i.e. when only file1, file2 and file3 are accessed) now can be represented with a deterministic PCR value (the PCR is extended only with the measurement of the digest list). Also, the bad system state can still be distinguished from the good state (the PCR is extended also with the measurement of file4). If a TPM key is bound to the good PCR value, the TPM would allow the key to be used if file1, file2 or file3 are accessed, regardless of the sequence in which they are accessed (the PCR value does not change), and would revoke the permission when the unknown file4 is accessed (the PCR value changes). If a system is able to establish a TLS connection with a peer, this implicitly means that the system was in a good state (i.e. file4 was not accessed, otherwise the TPM would have denied the usage of the TPM key due to the key policy). Benefits for IMA Appraisal Extending secure boot to applications means being able to verify the provenance of files accessed. IMA does it by verifying file signatures with a key that it trusts, which requires Linux distribution vendors to additionally include in the package header a signature for each file that must be verified (there is the dedicated RPMTAG_FILESIGNATURES section in the RPM header). The proposed approach would be instead to verify data provenance from already available metadata (file digests) in existing packages. IMA would verify the signature of package metadata and search file digests extracted from package metadata and added to the hash table in the kernel. For RPMs, file digests can be found in the RPMTAG_FILEDIGESTS section of RPMTAG_IMMUTABLE, whose signature is in RPMTAG_RSAHEADER. For DEBs, file digests (unsafe to use due to a weak digest algorithm) can be found in the md5sum file, which can be indirectly verified from Release.gpg. The following figure highlights the differences between the current and the proposed approach. IMA appraisal (current solution, with file signatures): appraise +-----------+ V | +-------------------------+-----+ +-------+-----+ | | RPM header | | ima rpm | file1 | sig | | | ... | | plugin +-------+-----+ +-----+ | file1 sig [to be added] | sig |--------> ... | IMA | | ... | | +-------+-----+ +-----+ | fileN sig [to be added] | | | fileN | sig | +-------------------------+-----+ +-------+-----+ In this case, file signatures must be added to the RPM header, so that the ima rpm plugin can extract them together with the file content. The RPM header signature is not used. IMA appraisal (with DIGLIM): kernel hash table with RPM header content +---+ +--------------+ | |--->| file1 digest | +---+ +--------------+ ... +---+ appraise (file1) | | <--------------+ +----------------+-----+ +---+ | | RPM header | | ^ | | ... | | digest_list | | | file1 digest | sig | rpm plugin | +-------+ +-----+ | ... | |-------------+--->| file1 | | IMA | | fileN digest | | +-------+ +-----+ +----------------+-----+ | ^ | +------------------------------------+ appraise (RPM header) In this case, the RPM header is used as it is, and its signature is used for IMA appraisal. Then, the digest_list rpm plugin executes the user space parser to parse the RPM header and add the extracted digests to an hash table in the kernel. IMA appraisal of the files in the RPM package consists in searching their digest in the hash table. Other than reusing available information as digest list, another advantage is the lower computational overhead compared to the solution with file signatures (only one signature verification for many files and digest lookup, instead of per file signature verification, see Preliminary Performance Evaluation for more details). Lifecycle The lifecycle of DIGLIM is represented in the following figure: Vendor premises (release process with modifications): +------------+ +-----------------------+ +------------------------+ | 1. build a | | 2. generate and sign | | 3. publish the package | | package |-->| a digest list from |-->| and digest list in | | | | packaged files | | a repository | +------------+ +-----------------------+ +------------------------+ | | User premises: | V +---------------------+ +------------------------+ +-----------------+ | 6. use digest lists | | 5. download the digest | | 4. download and | | for measurement |<--| list and upload to |<--| install the | | and/or appraisal | | the kernel | | package | +---------------------+ +------------------------+ +-----------------+ The figure above represents all the steps when a digest list is generated separately. However, as mentioned in Benefits, in most cases existing packages can be already used as a source for digest lists, limiting the effort for software vendors. If, for example, RPMs are used as a source for digest lists, the figure above becomes: Vendor premises (release process without modifications): +------------+ +------------------------+ | 1. build a | | 2. publish the package | | package |-->| in a repository |---------------------+ | | | | | +------------+ +------------------------+ | | | User premises: | V +---------------------+ +------------------------+ +-----------------+ | 5. use digest lists | | 4. extract digest list | | 3. download and | | for measurement |<--| from the package |<--| install the | | and/or appraisal | | and upload to the | | package | | | | kernel | | | +---------------------+ +------------------------+ +-----------------+ Step 4 can be performed with the digest_list rpm plugin and the user space parser, without changes to rpm itself. Security Assumptions As mentioned in the Introduction, DIGLIM will be primarily used in conjunction with IMA to enforce a mandatory policy on all user space processes, including those owned by root. Even root, in a system with a locked-down kernel, cannot affect the enforcement of the mandatory policy or, if changes are permitted, it cannot do so without being detected. Given that the target of the enforcement are user space processes, DIGLIM cannot be placed in the target, as a Mandatory Access Control (MAC) design is required to have the components responsible to enforce the mandatory policy separated from the target. While locking-down a system and limiting actions with a mandatory policy is generally perceived by users as an obstacle, it has noteworthy benefits for the users themselves. First, it would timely block attempts by malicious software to steal or misuse user assets. Although users could query the package managers to detect them, detection would happen after the fact, or it wouldn't happen at all if the malicious software tampered with package managers. With a mandatory policy enforced by the kernel, users would still be able to decide which software they want to be executed except that, unlike package managers, the kernel is not affected by user space processes or root. Second, it might make systems more easily verifiable from outside, due to the limited actions the system allows. When users connect to a server, not only they would be able to verify the server identity, which is already possible with communication protocols like TLS, but also if the software running on that server can be trusted to handle their sensitive data. Adoption A former version of DIGLIM is used in the following OSes: - openEuler 20.09 https://github.com/openeuler-mirror/kernel/tree/openEuler-20.09 - openEuler 21.03 https://github.com/openeuler-mirror/kernel/tree/openEuler-21.03 Originally, DIGLIM was part of IMA (known as IMA Digest Lists). In this version, it has been redesigned as a standalone module with an API that makes its functionality accessible by IMA and, eventually, other subsystems. User Space Support Digest lists can be generated and managed with digest-list-tools: https://github.com/openeuler-mirror/digest-list-tools It includes two main applications: - gen_digest_lists: generates digest lists from files in the filesystem or from the RPM database (more digest list sources can be supported); - manage_digest_lists: converts and uploads digest lists to the kernel. Integration with rpm is done with the digest_list plugin: https://gitee.com/src-openeuler/rpm/blob/master/Add-digest-list-plugin.patch This plugin writes the RPM header and its signature to a file, so that the file is ready to be appraised by IMA, and calls the user space parser to convert and upload the digest list to the kernel. Simple Usage Example (Tested with Fedora 33) 1. Digest list generation (RPM headers and their signature are copied to the specified directory): # mkdir /etc/digest_lists # gen_digest_lists -t file -f rpm+db -d /etc/digest_lists -o add 2. Digest list upload with the user space parser: # manage_digest_lists -p add-digest -d /etc/digest_lists 3. First digest list query: # echo sha256-$(sha256sum /bin/cat) > /sys/kernel/security/integrity/diglim/digest_query # cat /sys/kernel/security/integrity/diglim/digest_query sha256-[...]-0-file_list-rpm-coreutils-8.32-18.fc33.x86_64 (actions: 0): version: 1, algo: sha256, type: 2, modifiers: 1, count: 106, datalen: 3392 4. Second digest list query: # echo sha256-$(sha256sum /bin/zip) > /sys/kernel/security/integrity/diglim/digest_query # cat /sys/kernel/security/integrity/diglim/digest_query sha256-[...]-0-file_list-rpm-zip-3.0-27.fc33.x86_64 (actions: 0): version: 1, algo: sha256, type: 2, modifiers: 1, count: 4, datalen: 128 Preliminary Performance Evaluation This section provides an initial estimation of the overhead introduced by DIGLIM. The estimation has been performed on a Fedora 33 virtual machine with 1447 packages installed. The virtual machine has 16 vCPU (host CPU: AMD Ryzen Threadripper PRO 3955WX 16-Cores) and 2G of RAM (host memory: 64G). The virtual machine also has a vTPM with libtpms and swtpm as backend. After writing the RPM headers to files, the size of the directory containing them is 36M. After converting the RPM headers to the compact digest list, the size of the data being uploaded to the kernel is 3.6M. The time to load the entire RPM database is 0.628s. After loading the digest lists to the kernel, the slab usage due to indexing is (obtained with slab_nomerge in the kernel command line): OBJS ACTIVE USE OBJ SIZE SLABS OBJ/SLAB CACHE SIZE NAME 118144 118144 100% 0,03K 923 128 3692K digest_list_item_ref_cache 102400 102400 100% 0,03K 800 128 3200K digest_item_cache 2646 2646 100% 0,09K 63 42 252K digest_list_item_cache The stats, obtained from the digests_count interface, introduced later, are: Parser digests: 0 File digests: 99100 Metadata digests: 0 Digest list digests: 1423 On this installation, this would be the worst case in which all files are measured and/or appraised, which is currently not recommended without enforcing an integrity policy protecting mutable files. Infoflow LSM is a component to accomplish this task: https://patchwork.kernel.org/project/linux-integrity/cover/20190818235745.1… The first manageable goal of IMA with DIGLIM is to use an execution policy, with measurement and/or appraisal of files executed or mapped in memory as executable (in addition to kernel modules and firmware). In this case, the digest list contains the digest only for those files. The numbers above change as follows. After converting the RPM headers to the compact digest list, the size of the data being uploaded to the kernel is 208K. The time to load the digest of binaries and shared libraries is 0.062s. After loading the digest lists to the kernel, the slab usage due to indexing is: OBJS ACTIVE USE OBJ SIZE SLABS OBJ/SLAB CACHE SIZE NAME 7168 7168 100% 0,03K 56 128 224K digest_list_item_ref_cache 7168 7168 100% 0,03K 56 128 224K digest_item_cache 1134 1134 100% 0,09K 27 42 108K digest_list_item_cache The stats, obtained from the digests_count interface, are: Parser digests: 0 File digests: 5986 Metadata digests: 0 Digest list digests: 1104 Comparison with IMA This section compares the performance between the current solution for IMA measurement and appraisal, and IMA with DIGLIM. Workload A (without DIGLIM): 1. cat file[0-5985] > /dev/null Workload B (with DIGLIM): 1. echo $PWD/0-file_list-compact-file[0-1103] > <securityfs>/integrity/diglim/digest_list_add 2. cat file[0-5985] > /dev/null Workload A execution time without IMA policy: real 0m0,155s user 0m0,008s sys 0m0,066s Measurement IMA policy: measure fowner=2000 func=FILE_CHECK mask=MAY_READ use_diglim=allow pcr=11 ima_template=ima-sig use_diglim is a policy keyword not yet supported by IMA. Workload A execution time with IMA and 5986 files with signature measured: real 0m8,273s user 0m0,008s sys 0m2,537s Workload B execution time with IMA, 1104 digest lists with signature measured and uploaded to the kernel, and 5986 files with signature accessed but not measured (due to the file digest being found in the hash table): real 0m1,837s user 0m0,036s sys 0m0,583s Appraisal IMA policy: appraise fowner=2000 func=FILE_CHECK mask=MAY_READ use_diglim=allow use_diglim is a policy keyword not yet supported by IMA. Workload A execution time with IMA and 5986 files with file signature appraised: real 0m2,197s user 0m0,011s sys 0m2,022s Workload B execution time with IMA, 1104 digest lists with signature appraised and uploaded to the kernel, and with 5986 files with signature not verified (due to the file digest being found in the hash table): real 0m0,982s user 0m0,020s sys 0m0,865s [1] LSS EU 2019 slides and video [2] FutureTPM EU project, final review meeting demo slides and video v2: - fix documentation content and style issues (suggested by Mauro) - fix basic definitions description and ensure that the _reserved field of compact list headers is zero (suggested by Greg KH) - document the static inline functions to access compact list data (suggested by Mauro) - rename htable global variable to diglim_htable (suggested by Mauro) - add IMA API to retrieve integrity information about a file or buffer - display the digest list in the original format (same endianness as when it was uploaded) - support digest lists with appended signature (for IMA appraisal) - fix bugs in the tests - allocate the digest list label in digest_list_add() - rename digest_label interface to digest_list_label - check input for digest_query and digest_list_label interfaces - don't remove entries in digest_lists_loaded if the same digest list is uploaded again to the kernel - deny write access to the digest lists while IMA actions are retrieved - add new test digest_list_add_del_test_file_upload_measured_chown - remove unused COMPACT_KEY type v1: - remove 'ima: Add digest, algo, measured parameters to ima_measure_critical_data()', replaced by: https://lore.kernel.org/linux-integrity/20210705090922.3321178-1-roberto.sa… - add 'Lifecycle' subsection to better clarify how digest lists are generated and used (suggested by Greg KH) - remove 'Possible Usages' subsection and add 'Benefits for IMA Measurement' and 'Benefits for IMA Appraisal' subsubsections - add 'Preliminary Performance Evaluation' subsection - declare digest_offset and hdr_offset in the digest_list_item_ref structure as u32 (sufficient for digest lists of 4G) to make room for a list_head structure (digest_list_item_ref size: 32) - implement digest list reference management with a linked list instead of an array - reorder structure members for better alignment (suggested by Mauro) - rename digest_lookup() to __digest_lookup() (suggested by Mauro) - introduce an object cache for each defined structure - replace atomic_long_t with unsigned long in h_table structure definition (suggested by Greg KH) - remove GPL2 license text and file names (suggested by Greg KH) - ensure that the _reserved field of compact_list_hdr is equal to zero (suggested by Greg KH) - dynamically allocate the buffer in digest_lists_show_htable_len() to avoid frame size warning (reported by kernel test robot, dynamic allocation suggested by Mauro) - split documentation in multiple files and reference the source code (suggested by Mauro) - use #ifdef in include/linux/diglim.h - improve generation of event name for IMA measurements - add new patch to introduce the 'Remote Attestation' section in the documentation - fix assignment of actions variable in digest_list_read() and digest_list_write() - always release dentry reference when digest_list_get_secfs_files() is called - rewrite add/del and query interfaces to take advantage of m->private - prevent deletion of a digest list only if there are actions done at addition time that are not currently being performed - fix doc warnings (replace Returns with Return:) - perform queries of digest list digests in the existing tests - add new tests: digest_list_add_del_test_file_upload_measured, digest_list_check_measurement_list_test_file_upload and digest_list_check_measurement_list_test_buffer_upload - don't return a value from digest_del(), digest_list_ref_del, and digest_list_del() - improve Makefile for tests Roberto Sassu (13): diglim: Overview diglim: Basic definitions diglim: Objects diglim: Methods diglim: Parser diglim: IMA info diglim: Interfaces - digest_list_add, digest_list_del diglim: Interfaces - digest_lists_loaded diglim: Interfaces - digest_list_label diglim: Interfaces - digest_query diglim: Interfaces - digests_count diglim: Remote Attestation diglim: Tests .../security/diglim/architecture.rst | 46 + .../security/diglim/implementation.rst | 228 +++ Documentation/security/diglim/index.rst | 14 + .../security/diglim/introduction.rst | 599 +++++++ .../security/diglim/remote_attestation.rst | 87 + Documentation/security/diglim/tests.rst | 70 + Documentation/security/index.rst | 1 + MAINTAINERS | 20 + include/linux/diglim.h | 28 + include/linux/kernel_read_file.h | 1 + include/uapi/linux/diglim.h | 51 + security/integrity/Kconfig | 1 + security/integrity/Makefile | 1 + security/integrity/diglim/Kconfig | 11 + security/integrity/diglim/Makefile | 8 + security/integrity/diglim/diglim.h | 232 +++ security/integrity/diglim/fs.c | 865 ++++++++++ security/integrity/diglim/ima.c | 122 ++ security/integrity/diglim/methods.c | 513 ++++++ security/integrity/diglim/parser.c | 274 ++++ security/integrity/integrity.h | 4 + tools/testing/selftests/Makefile | 1 + tools/testing/selftests/diglim/Makefile | 19 + tools/testing/selftests/diglim/common.c | 135 ++ tools/testing/selftests/diglim/common.h | 32 + tools/testing/selftests/diglim/config | 3 + tools/testing/selftests/diglim/selftest.c | 1442 +++++++++++++++++ 27 files changed, 4808 insertions(+) create mode 100644 Documentation/security/diglim/architecture.rst create mode 100644 Documentation/security/diglim/implementation.rst create mode 100644 Documentation/security/diglim/index.rst create mode 100644 Documentation/security/diglim/introduction.rst create mode 100644 Documentation/security/diglim/remote_attestation.rst create mode 100644 Documentation/security/diglim/tests.rst create mode 100644 include/linux/diglim.h create mode 100644 include/uapi/linux/diglim.h create mode 100644 security/integrity/diglim/Kconfig create mode 100644 security/integrity/diglim/Makefile create mode 100644 security/integrity/diglim/diglim.h create mode 100644 security/integrity/diglim/fs.c create mode 100644 security/integrity/diglim/ima.c create mode 100644 security/integrity/diglim/methods.c create mode 100644 security/integrity/diglim/parser.c create mode 100644 tools/testing/selftests/diglim/Makefile create mode 100644 tools/testing/selftests/diglim/common.c create mode 100644 tools/testing/selftests/diglim/common.h create mode 100644 tools/testing/selftests/diglim/config create mode 100644 tools/testing/selftests/diglim/selftest.c -- 2.25.1

3 years, 10 months

2
16
0 0

[RFC v5 net-next 0/5] Add RTNL interface for SyncE

by Maciej Machnikowski

Synchronous Ethernet networks use a physical layer clock to syntonize the frequency across different network elements. Basic SyncE node defined in the ITU-T G.8264 consist of an Ethernet Equipment Clock (EEC) and have the ability to recover synchronization from the synchronization inputs - either traffic interfaces or external frequency sources. The EEC can synchronize its frequency (syntonize) to any of those sources. It is also able to select synchronization source through priority tables and synchronization status messaging. It also provides neccessary filtering and holdover capabilities This patch series introduces basic interface for reading the Ethernet Equipment Clock (EEC) state on a SyncE capable device. This state gives information about the source of the syntonization signal (ether my port, or any external one) and the state of EEC. This interface is required\ to implement Synchronization Status Messaging on upper layers. v2: - removed whitespace changes - fix issues reported by test robot v3: - Changed naming from SyncE to EEC - Clarify cover letter and commit message for patch 1 v4: - Removed sync_source and pin_idx info - Changed one structure to attributes - Added EEC_SRC_PORT flag to indicate that the EEC is synchronized to the recovered clock of a port that returns the state v5: - add EEC source as an optiona attribute - implement support for recovered clocks - align states returned by EEC to ITU-T G.781 Maciej Machnikowski (5): ice: add support detecting features based on netlist rtnetlink: Add new RTM_GETEECSTATE message to get SyncE status ice: add support for reading SyncE DPLL state rtnetlink: Add support for SyncE recovered clock configuration ice: add support for SyncE recovered clocks drivers/net/ethernet/intel/ice/ice.h | 7 + .../net/ethernet/intel/ice/ice_adminq_cmd.h | 94 ++++++- drivers/net/ethernet/intel/ice/ice_common.c | 175 ++++++++++++ drivers/net/ethernet/intel/ice/ice_common.h | 17 +- drivers/net/ethernet/intel/ice/ice_devids.h | 3 + drivers/net/ethernet/intel/ice/ice_lib.c | 6 +- drivers/net/ethernet/intel/ice/ice_main.c | 138 ++++++++++ drivers/net/ethernet/intel/ice/ice_ptp.c | 34 +++ drivers/net/ethernet/intel/ice/ice_ptp_hw.c | 94 +++++++ drivers/net/ethernet/intel/ice/ice_ptp_hw.h | 25 ++ drivers/net/ethernet/intel/ice/ice_type.h | 1 + include/linux/netdevice.h | 18 ++ include/uapi/linux/if_link.h | 53 ++++ include/uapi/linux/rtnetlink.h | 10 + net/core/rtnetlink.c | 253 ++++++++++++++++++ security/selinux/nlmsgtab.c | 6 +- 16 files changed, 930 insertions(+), 4 deletions(-) -- 2.26.3

3 years, 10 months

4
16
0 0

[PATCH] selftest/sgx: use swap() to make code cleaner

by Yang Guang

Using swap() make it more readable. Reported-by: Zeal Robot <zealci(a)zte.com.cn> Signed-off-by: Yang Guang <yang.guang5(a)zte.com.cn> --- tools/testing/selftests/sgx/sigstruct.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c index 92bbc5a15c39..47eb0749dba4 100644 --- a/tools/testing/selftests/sgx/sigstruct.c +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -59,13 +59,10 @@ static void reverse_bytes(void *data, int length) { int i = 0; int j = length - 1; - uint8_t temp; uint8_t *ptr = data; while (i < j) { - temp = ptr[i]; - ptr[i] = ptr[j]; - ptr[j] = temp; + swap(ptr[i], ptr[j]); i++; j--; } -- 2.30.2

3 years, 10 months

1
0
0 0

[PATCH v2 1/4] kunit: tool: Do not error on tests without test plans

by David Gow

The (K)TAP spec encourages test output to begin with a 'test plan': a count of the number of tests being run of the form: 1..n However, some test suites might not know the number of subtests in advance (for example, KUnit's parameterised tests use a generator function). In this case, it's not possible to print the test plan in advance. kunit_tool already parses test output which doesn't contain a plan, but reports an error. Since we want to use nested subtests with KUnit paramterised tests, remove this error. Signed-off-by: David Gow <davidgow(a)google.com> --- tools/testing/kunit/kunit_parser.py | 5 ++--- tools/testing/kunit/kunit_tool_test.py | 5 ++++- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/tools/testing/kunit/kunit_parser.py b/tools/testing/kunit/kunit_parser.py index 3355196d0515..50ded55c168c 100644 --- a/tools/testing/kunit/kunit_parser.py +++ b/tools/testing/kunit/kunit_parser.py @@ -340,8 +340,8 @@ def parse_test_plan(lines: LineStream, test: Test) -> bool: """ Parses test plan line and stores the expected number of subtests in test object. Reports an error if expected count is 0. - Returns False and reports missing test plan error if fails to parse - test plan. + Returns False and sets expected_count to None if there is no valid test + plan. Accepted format: - '1..[number of subtests]' @@ -356,7 +356,6 @@ def parse_test_plan(lines: LineStream, test: Test) -> bool: match = TEST_PLAN.match(lines.peek()) if not match: test.expected_count = None - test.add_error('missing plan line!') return False test.log.append(lines.pop()) expected_count = int(match.group(1)) diff --git a/tools/testing/kunit/kunit_tool_test.py b/tools/testing/kunit/kunit_tool_test.py index 9c4126731457..bc8793145713 100755 --- a/tools/testing/kunit/kunit_tool_test.py +++ b/tools/testing/kunit/kunit_tool_test.py @@ -191,7 +191,10 @@ class KUnitParserTest(unittest.TestCase): result = kunit_parser.parse_run_tests( kunit_parser.extract_tap_lines( file.readlines())) - self.assertEqual(2, result.test.counts.errors) + # A missing test plan is not an error. + self.assertEqual(0, result.test.counts.errors) + # All tests should be accounted for. + self.assertEqual(10, result.test.counts.total()) self.assertEqual( kunit_parser.TestStatus.SUCCESS, result.status) -- 2.33.0.1079.g6e70778dc9-goog

3 years, 10 months

2
6
0 0

[PATCH v2 0/3] Small userfaultfd selftest fixups

by Axel Rasmussen

Changes from v1 -> v2: - Substantially rewrote "fix feature support detection"; previously, it tried to do some larger refactor wherein the global test_uffdio_* variables were removed. This was controversial, so it now simply queries features in set_test_type, and leaves the rest of the program structure largely the same. - The "fix calculation of expected ioctls" patch is conceptually the same as v1, but changed slightly to fit with the modified feature support detection in v2. - Moved patch 3/3 to 1/3, since it is uncontroversial and could be merged on its own. I don't want the other two to cause merge conflicts for it in future versions. - Picked up a R-B. Axel Rasmussen (3): userfaultfd/selftests: don't rely on GNU extensions for random numbers userfaultfd/selftests: fix feature support detection userfaultfd/selftests: fix calculation of expected ioctls tools/testing/selftests/vm/userfaultfd.c | 157 +++++++++++------------ 1 file changed, 73 insertions(+), 84 deletions(-) -- 2.33.0.800.g4c38ced690-goog

3 years, 10 months

2
6
0 0

[PATCH v5 00/38] arm64/sme: Initial support for the Scalable Matrix Extension

by Mark Brown

This series provides initial support for the ARMv9 Scalable Matrix Extension (SME). SME takes the approach used for vectors in SVE and extends this to provide architectural support for matrix operations. A more detailed overview can be found in [1]. For the kernel SME can be thought of as a series of features which are intended to be used together by applications but operate mostly orthogonally: - The ZA matrix register. - Streaming mode, in which ZA can be accessed and a subset of SVE features are available. - A second vector length, used for streaming mode SVE and ZA and controlled using a similar interface to that for SVE. - TPIDR2, a new userspace controllable system register intended for use by the C library for storing context related to the ZA ABI. A substantial part of the series is dedicated to refactoring the existing SVE support so that we don't need to duplicate code for handling vector lengths and the SVE registers, this involves creating an array of vector types and making the users take the vector type as a parameter. I'm not 100% happy with this but wasn't able to come up with anything better, duplicating code definitely felt like a bad idea so this felt like the least bad thing. If this approach makes sense to people it might make sense to split this off into a separate series and/or merge it while the rest is pending review to try to make things a little more digestable, the series is very large so it'd probably make things easier to digest if some of the preparatory refactoring could be merged before the rest is ready. One feature of the architecture of particular note is that switching to and from streaming mode may change the size of and invalidate the contents of the SVE registers, and when in streaming mode the FFR is not accessible. This complicates aspects of the ABI like signal handling and ptrace. This initial implementation is mainly intended to get the ABI in place, there are several areas which will be worked on going forwards - some of these will be blockers, others could be handled in followup serieses: - KVM is not currently supported and we depend on !KVM, this is obviously not good - in hopefully the next version I will add support for coexisting with KVM and then in a subsequent series implement support for use of SME by KVM guests. - It is likely some build configurations have issues, I've not fully checked this yet. In general testing is still ongoing, I anticipate finding and fixing some issues in the implementation. - No support is currently provided for scheduler control of SME or SME applications, given the size of the SME register state the context switch overhead may be noticable so this may be needed especially for real time applications. Similar concerns already exist for larger SVE vector lengths but are amplified for SME, particularly as the vector length increases. - There has been no work on optimising the performance of anything the kernel does. It is not expected that any systems will be encountered that support SME but not SVE, SME is an ARMv9 feature and SVE is mandatory for ARMv9. The code attempts to handle any such systems that are encountered but this hasn't been tested extensively. Due to dependencies on changes already upstreamed this series is based on a merge of for-next/kselftest and for-next/sve in the arm64 tree. v5: - Rebase onto currently merged SVE and kselftest patches. - Add support for the FA64 option, introduced in the recently published EAC1 update to the specification. - Pull in test program for the syscall ABI previously sent separately with some revisions and add coverage for the SME ABI. - Fix checking for options with 1 bit fields in ID_AA64SMFR0_EL1. - Minor fixes and clarifications to the ABI documentation. v4: - Rebase onto merged patches. - Remove an uneeded NULL check in vec_proc_do_default_vl(). - Include patch to factor out utility routines in kselftests written in assembler. - Specify -ffreestanding when building TPIDR2 test. v3: - Skip FFR rather than predicate registers in sve_flush_live(). - Don't assume a bool is all zeros in sve_flush_live() as per AAPCS. - Don't redundantly specify a zero index when clearing FFR. v2: - Fix several issues with !SME and !SVE configurations. - Preserve TPIDR2 when creating a new thread/process unless CLONE_SETTLS is set. - Report traps due to using features in an invalid mode as SIGILL. - Spell out streaming mode behaviour in SVE ABI documentation more directly. - Document TPIDR2 in the ABI document. - Use SMSTART and SMSTOP rather than read/modify/write sequences. - Rework logic for exiting streaming mode on syscall. - Don't needlessly initialise SVCR on access trap. - Always restore SME VL for userspace if SME traps are disabled. - Only yield to encourage preemption every 128 iterations in za-test, otherwise do a getpid(), and validate SVCR after syscall. - Leave streaming mode disabled except when reading the vector length in za-test, and disable ZA after detecting a mismatch. - Add SME support to vlset. - Clarifications and typo fixes in comments. - Move sme_alloc() forward declaration back a patch. [1] https://community.arm.com/developer/ip-products/processors/b/processors-ip-… Mark Brown (38): arm64/sve: Make sysctl interface for SVE reusable by SME arm64/sve: Generalise vector length configuration prctl() for SME arm64/sve: Minor clarification of ABI documentation kselftest/arm64: Parameterise ptrace vector length information kselftest/arm64: Allow signal tests to trigger from a function kselftest/arm64: Add a test program to exercise the syscall ABI tools/nolibc: Implement gettid() arm64: Document boot requirements for FEAT_SME_FA64 arm64: cpufeature: Add has_feature_flag() match function arm64/sme: Provide ABI documentation for SME arm64/sme: System register and exception syndrome definitions arm64/sme: Define macros for manually encoding SME instructions arm64/sme: Early CPU setup for SME arm64/sme: Basic enumeration support arm64/sme: Identify supported SME vector lengths at boot arm64/sme: Implement sysctl to set the default vector length arm64/sme: Implement vector length configuration prctl()s arm64/sme: Implement support for TPIDR2 arm64/sme: Implement SVCR context switching arm64/sme: Implement streaming SVE context switching arm64/sme: Implement ZA context switching arm64/sme: Implement traps and syscall handling for SME arm64/sme: Implement streaming SVE signal handling arm64/sme: Implement ZA signal handling arm64/sme: Implement ptrace support for streaming mode SVE registers arm64/sme: Add ptrace support for ZA arm64/sme: Disable streaming mode and ZA when flushing CPU state arm64/sme: Save and restore streaming mode over EFI runtime calls arm64/sme: Provide Kconfig for SME kselftest/arm64: sme: Add streaming SME support to vlset kselftest/arm64: Add tests for TPIDR2 kselftest/arm64: Extend vector configuration API tests to cover SME kselftest/arm64: sme: Provide streaming mode SVE stress test kselftest/arm64: Add stress test for SME ZA context switching kselftest/arm64: signal: Add SME signal handling tests kselftest/arm64: Add streaming SVE to SVE ptrace tests kselftest/arm64: Add coverage for the ZA ptrace interface kselftest/arm64: Add SME support to syscall ABI test Documentation/arm64/booting.rst | 10 + Documentation/arm64/elf_hwcaps.rst | 33 + Documentation/arm64/index.rst | 1 + Documentation/arm64/sme.rst | 430 ++++++++++++ Documentation/arm64/sve.rst | 72 +- arch/arm64/Kconfig | 11 + arch/arm64/include/asm/cpu.h | 4 + arch/arm64/include/asm/cpufeature.h | 24 + arch/arm64/include/asm/el2_setup.h | 45 ++ arch/arm64/include/asm/esr.h | 13 +- arch/arm64/include/asm/exception.h | 1 + arch/arm64/include/asm/fpsimd.h | 112 ++- arch/arm64/include/asm/fpsimdmacros.h | 77 +++ arch/arm64/include/asm/hwcap.h | 8 + arch/arm64/include/asm/kvm_arm.h | 1 + arch/arm64/include/asm/processor.h | 18 +- arch/arm64/include/asm/sysreg.h | 58 ++ arch/arm64/include/asm/thread_info.h | 2 + arch/arm64/include/uapi/asm/hwcap.h | 8 + arch/arm64/include/uapi/asm/ptrace.h | 69 +- arch/arm64/include/uapi/asm/sigcontext.h | 55 +- arch/arm64/kernel/cpufeature.c | 130 ++++ arch/arm64/kernel/cpuinfo.c | 13 + arch/arm64/kernel/entry-common.c | 10 + arch/arm64/kernel/entry-fpsimd.S | 31 + arch/arm64/kernel/fpsimd.c | 641 ++++++++++++++++-- arch/arm64/kernel/process.c | 28 +- arch/arm64/kernel/ptrace.c | 358 ++++++++-- arch/arm64/kernel/signal.c | 187 ++++- arch/arm64/kernel/syscall.c | 43 +- arch/arm64/kernel/traps.c | 1 + arch/arm64/kvm/fpsimd.c | 3 +- arch/arm64/kvm/reset.c | 8 +- arch/arm64/tools/cpucaps | 2 + include/uapi/linux/elf.h | 2 + include/uapi/linux/prctl.h | 9 + kernel/sys.c | 12 + tools/include/nolibc/nolibc.h | 18 + tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/abi/.gitignore | 2 + tools/testing/selftests/arm64/abi/Makefile | 15 + .../selftests/arm64/abi/syscall-abi-asm.S | 307 +++++++++ .../testing/selftests/arm64/abi/syscall-abi.c | 485 +++++++++++++ tools/testing/selftests/arm64/abi/tpidr2.c | 298 ++++++++ tools/testing/selftests/arm64/fp/.gitignore | 4 + tools/testing/selftests/arm64/fp/Makefile | 12 +- tools/testing/selftests/arm64/fp/rdvl-sme.c | 14 + tools/testing/selftests/arm64/fp/rdvl.S | 16 + tools/testing/selftests/arm64/fp/rdvl.h | 1 + tools/testing/selftests/arm64/fp/ssve-stress | 59 ++ tools/testing/selftests/arm64/fp/sve-ptrace.c | 230 ++++--- tools/testing/selftests/arm64/fp/sve-test.S | 30 + tools/testing/selftests/arm64/fp/vec-syscfg.c | 10 + tools/testing/selftests/arm64/fp/vlset.c | 10 +- tools/testing/selftests/arm64/fp/za-ptrace.c | 353 ++++++++++ tools/testing/selftests/arm64/fp/za-stress | 59 ++ tools/testing/selftests/arm64/fp/za-test.S | 431 ++++++++++++ .../testing/selftests/arm64/signal/.gitignore | 2 + .../selftests/arm64/signal/test_signals.h | 2 + .../arm64/signal/test_signals_utils.c | 5 +- .../testcases/fake_sigreturn_sme_change_vl.c | 92 +++ .../arm64/signal/testcases/sme_trap_za.c | 36 + .../selftests/arm64/signal/testcases/sme_vl.c | 70 ++ .../arm64/signal/testcases/ssve_regs.c | 129 ++++ 64 files changed, 4974 insertions(+), 248 deletions(-) create mode 100644 Documentation/arm64/sme.rst create mode 100644 tools/testing/selftests/arm64/abi/.gitignore create mode 100644 tools/testing/selftests/arm64/abi/Makefile create mode 100644 tools/testing/selftests/arm64/abi/syscall-abi-asm.S create mode 100644 tools/testing/selftests/arm64/abi/syscall-abi.c create mode 100644 tools/testing/selftests/arm64/abi/tpidr2.c create mode 100644 tools/testing/selftests/arm64/fp/rdvl-sme.c create mode 100644 tools/testing/selftests/arm64/fp/ssve-stress create mode 100644 tools/testing/selftests/arm64/fp/za-ptrace.c create mode 100644 tools/testing/selftests/arm64/fp/za-stress create mode 100644 tools/testing/selftests/arm64/fp/za-test.S create mode 100644 tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sme_change_vl.c create mode 100644 tools/testing/selftests/arm64/signal/testcases/sme_trap_za.c create mode 100644 tools/testing/selftests/arm64/signal/testcases/sme_vl.c create mode 100644 tools/testing/selftests/arm64/signal/testcases/ssve_regs.c base-commit: be4221f75622617bc17e085d8ff109225e24a31b -- 2.30.2

3 years, 10 months

1
38
0 0

[PATCH] kselftest/arm64: Add a test program to exercise the syscall ABI

by Mark Brown

Currently we don't have any coverage of the syscall ABI so let's add a very dumb test program which sets up register patterns, does a sysscall and then checks that the register state after the syscall matches what we expect. The program is written in an extremely simplistic fashion with the goal of making it easy to verify that it's doing what it thinks it's doing, it is not a model of how one should write actual code. Currently we validate the general purpose, FPSIMD and SVE registers. There are other thing things that could be covered like FPCR and flags registers, these can be covered incrementally - my main focus at the minute is covering the ABI for the SVE registers. The program repeats the tests for all possible SVE vector lengths in case some vector length specific optimisation causes issues, as well as testing FPSIMD only. It tries two syscalls, getpid() and sched_yield(), in an effort to cover both immediate return to userspace and scheduling another task though there are no guarantees which cases will be hit. A new test directory "abi" is added to hold the test, it doesn't seem to fit well into any of the existing directories. Signed-off-by: Mark Brown <broonie(a)kernel.org> --- tools/testing/selftests/arm64/Makefile | 2 +- tools/testing/selftests/arm64/abi/.gitignore | 1 + tools/testing/selftests/arm64/abi/Makefile | 8 + .../selftests/arm64/abi/syscall-abi-asm.S | 240 +++++++++++++ .../testing/selftests/arm64/abi/syscall-abi.c | 328 ++++++++++++++++++ 5 files changed, 578 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/arm64/abi/.gitignore create mode 100644 tools/testing/selftests/arm64/abi/Makefile create mode 100644 tools/testing/selftests/arm64/abi/syscall-abi-asm.S create mode 100644 tools/testing/selftests/arm64/abi/syscall-abi.c diff --git a/tools/testing/selftests/arm64/Makefile b/tools/testing/selftests/arm64/Makefile index ced910fb4019..1e8d9a8f59df 100644 --- a/tools/testing/selftests/arm64/Makefile +++ b/tools/testing/selftests/arm64/Makefile @@ -4,7 +4,7 @@ ARCH ?= $(shell uname -m 2>/dev/null || echo not) ifneq (,$(filter $(ARCH),aarch64 arm64)) -ARM64_SUBTARGETS ?= tags signal pauth fp mte bti +ARM64_SUBTARGETS ?= tags signal pauth fp mte bti abi else ARM64_SUBTARGETS := endif diff --git a/tools/testing/selftests/arm64/abi/.gitignore b/tools/testing/selftests/arm64/abi/.gitignore new file mode 100644 index 000000000000..b79cf5814c23 --- /dev/null +++ b/tools/testing/selftests/arm64/abi/.gitignore @@ -0,0 +1 @@ +syscall-abi diff --git a/tools/testing/selftests/arm64/abi/Makefile b/tools/testing/selftests/arm64/abi/Makefile new file mode 100644 index 000000000000..96eba974ac8d --- /dev/null +++ b/tools/testing/selftests/arm64/abi/Makefile @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0 +# Copyright (C) 2021 ARM Limited + +TEST_GEN_PROGS := syscall-abi + +include ../../lib.mk + +$(OUTPUT)/syscall-abi: syscall-abi.c syscall-abi-asm.S diff --git a/tools/testing/selftests/arm64/abi/syscall-abi-asm.S b/tools/testing/selftests/arm64/abi/syscall-abi-asm.S new file mode 100644 index 000000000000..40b6aaf258fb --- /dev/null +++ b/tools/testing/selftests/arm64/abi/syscall-abi-asm.S @@ -0,0 +1,240 @@ +// SPDX-License-Identifier: GPL-2.0-only +// Copyright (C) 2021 ARM Limited. +// +// Assembly portion of the syscall ABI test + +// +// Load values from memory into registers, invoke a syscall and save the +// register values back to memory for later checking. The syscall to be +// invoked is configured in x8 of the input GPR data. +// +// x0: SVE VL, 0 for FP only +// +// GPRs: gpr_in, gpr_out +// FPRs: fpr_in, fpr_out +// Zn: z_in, z_out +// Pn: p_in, p_out +// FFR: ffr_in, ffr_out + +.arch_extension sve + +.globl do_syscall +do_syscall: + // Store callee saved registers x19-x29 (80 bytes) plus x0 and x1 + stp x29, x30, [sp, #-112]! + mov x29, sp + stp x0, x1, [sp, #16] + stp x19, x20, [sp, #32] + stp x21, x22, [sp, #48] + stp x23, x24, [sp, #64] + stp x25, x26, [sp, #80] + stp x27, x28, [sp, #96] + + // Load GPRs x8-x28, and save our SP/FP for later comparison + ldr x2, =gpr_in + add x2, x2, #64 + ldp x8, x9, [x2], #16 + ldp x10, x11, [x2], #16 + ldp x12, x13, [x2], #16 + ldp x14, x15, [x2], #16 + ldp x16, x17, [x2], #16 + ldp x18, x19, [x2], #16 + ldp x20, x21, [x2], #16 + ldp x22, x23, [x2], #16 + ldp x24, x25, [x2], #16 + ldp x26, x27, [x2], #16 + ldr x28, [x2], #8 + str x29, [x2], #8 // FP + str x30, [x2], #8 // LR + + // Load FPRs if we're not doing SVE and FPSR/FPCR always + cbnz x0, 1f + ldr x2, =fpr_in + ldp q0, q1, [x2] + ldp q2, q3, [x2, #16 * 2] + ldp q4, q5, [x2, #16 * 4] + ldp q6, q7, [x2, #16 * 6] + ldp q8, q9, [x2, #16 * 8] + ldp q10, q11, [x2, #16 * 10] + ldp q12, q13, [x2, #16 * 12] + ldp q14, q15, [x2, #16 * 14] + ldp q16, q17, [x2, #16 * 16] + ldp q18, q19, [x2, #16 * 18] + ldp q20, q21, [x2, #16 * 20] + ldp q22, q23, [x2, #16 * 22] + ldp q24, q25, [x2, #16 * 24] + ldp q26, q27, [x2, #16 * 26] + ldp q28, q29, [x2, #16 * 28] + ldp q30, q31, [x2, #16 * 30] +1: + + // Load the SVE registers if we're doing SVE + cbz x0, 1f + + ldr x2, =z_in + ldr z0, [x2, #0, MUL VL] + ldr z1, [x2, #1, MUL VL] + ldr z2, [x2, #2, MUL VL] + ldr z3, [x2, #3, MUL VL] + ldr z4, [x2, #4, MUL VL] + ldr z5, [x2, #5, MUL VL] + ldr z6, [x2, #6, MUL VL] + ldr z7, [x2, #7, MUL VL] + ldr z8, [x2, #8, MUL VL] + ldr z9, [x2, #9, MUL VL] + ldr z10, [x2, #10, MUL VL] + ldr z11, [x2, #11, MUL VL] + ldr z12, [x2, #12, MUL VL] + ldr z13, [x2, #13, MUL VL] + ldr z14, [x2, #14, MUL VL] + ldr z15, [x2, #15, MUL VL] + ldr z16, [x2, #16, MUL VL] + ldr z17, [x2, #17, MUL VL] + ldr z18, [x2, #18, MUL VL] + ldr z19, [x2, #19, MUL VL] + ldr z20, [x2, #20, MUL VL] + ldr z21, [x2, #21, MUL VL] + ldr z22, [x2, #22, MUL VL] + ldr z23, [x2, #23, MUL VL] + ldr z24, [x2, #24, MUL VL] + ldr z25, [x2, #25, MUL VL] + ldr z26, [x2, #26, MUL VL] + ldr z27, [x2, #27, MUL VL] + ldr z28, [x2, #28, MUL VL] + ldr z29, [x2, #29, MUL VL] + ldr z30, [x2, #30, MUL VL] + ldr z31, [x2, #31, MUL VL] + + ldr x2, =ffr_in + ldr p0, [x2, #0] + wrffr p0.b + + ldr x2, =p_in + ldr p0, [x2, #0, MUL VL] + ldr p1, [x2, #1, MUL VL] + ldr p2, [x2, #2, MUL VL] + ldr p3, [x2, #3, MUL VL] + ldr p4, [x2, #4, MUL VL] + ldr p5, [x2, #5, MUL VL] + ldr p6, [x2, #6, MUL VL] + ldr p7, [x2, #7, MUL VL] + ldr p8, [x2, #8, MUL VL] + ldr p9, [x2, #9, MUL VL] + ldr p10, [x2, #10, MUL VL] + ldr p11, [x2, #11, MUL VL] + ldr p12, [x2, #12, MUL VL] + ldr p13, [x2, #13, MUL VL] + ldr p14, [x2, #14, MUL VL] + ldr p15, [x2, #15, MUL VL] +1: + + // Do the syscall + svc #0 + + // Save GPRs x8-x30 + ldr x2, =gpr_out + add x2, x2, #64 + stp x8, x9, [x2], #16 + stp x10, x11, [x2], #16 + stp x12, x13, [x2], #16 + stp x14, x15, [x2], #16 + stp x16, x17, [x2], #16 + stp x18, x19, [x2], #16 + stp x20, x21, [x2], #16 + stp x22, x23, [x2], #16 + stp x24, x25, [x2], #16 + stp x26, x27, [x2], #16 + stp x28, x29, [x2], #16 + str x30, [x2] + + // Restore x0 and x1 for feature checks + ldp x0, x1, [sp, #16] + + // Save FPSIMD state + ldr x2, =fpr_out + stp q0, q1, [x2] + stp q2, q3, [x2, #16 * 2] + stp q4, q5, [x2, #16 * 4] + stp q6, q7, [x2, #16 * 6] + stp q8, q9, [x2, #16 * 8] + stp q10, q11, [x2, #16 * 10] + stp q12, q13, [x2, #16 * 12] + stp q14, q15, [x2, #16 * 14] + stp q16, q17, [x2, #16 * 16] + stp q18, q19, [x2, #16 * 18] + stp q20, q21, [x2, #16 * 20] + stp q22, q23, [x2, #16 * 22] + stp q24, q25, [x2, #16 * 24] + stp q26, q27, [x2, #16 * 26] + stp q28, q29, [x2, #16 * 28] + stp q30, q31, [x2, #16 * 30] + + // Save the SVE state if we have some + cbz x0, 1f + + ldr x2, =z_out + str z0, [x2, #0, MUL VL] + str z1, [x2, #1, MUL VL] + str z2, [x2, #2, MUL VL] + str z3, [x2, #3, MUL VL] + str z4, [x2, #4, MUL VL] + str z5, [x2, #5, MUL VL] + str z6, [x2, #6, MUL VL] + str z7, [x2, #7, MUL VL] + str z8, [x2, #8, MUL VL] + str z9, [x2, #9, MUL VL] + str z10, [x2, #10, MUL VL] + str z11, [x2, #11, MUL VL] + str z12, [x2, #12, MUL VL] + str z13, [x2, #13, MUL VL] + str z14, [x2, #14, MUL VL] + str z15, [x2, #15, MUL VL] + str z16, [x2, #16, MUL VL] + str z17, [x2, #17, MUL VL] + str z18, [x2, #18, MUL VL] + str z19, [x2, #19, MUL VL] + str z20, [x2, #20, MUL VL] + str z21, [x2, #21, MUL VL] + str z22, [x2, #22, MUL VL] + str z23, [x2, #23, MUL VL] + str z24, [x2, #24, MUL VL] + str z25, [x2, #25, MUL VL] + str z26, [x2, #26, MUL VL] + str z27, [x2, #27, MUL VL] + str z28, [x2, #28, MUL VL] + str z29, [x2, #29, MUL VL] + str z30, [x2, #30, MUL VL] + str z31, [x2, #31, MUL VL] + + ldr x2, =p_out + str p0, [x2, #0, MUL VL] + str p1, [x2, #1, MUL VL] + str p2, [x2, #2, MUL VL] + str p3, [x2, #3, MUL VL] + str p4, [x2, #4, MUL VL] + str p5, [x2, #5, MUL VL] + str p6, [x2, #6, MUL VL] + str p7, [x2, #7, MUL VL] + str p8, [x2, #8, MUL VL] + str p9, [x2, #9, MUL VL] + str p10, [x2, #10, MUL VL] + str p11, [x2, #11, MUL VL] + str p12, [x2, #12, MUL VL] + str p13, [x2, #13, MUL VL] + str p14, [x2, #14, MUL VL] + str p15, [x2, #15, MUL VL] + + ldr x2, =ffr_out + rdffr p0.b + str p0, [x2, #0] +1: + + // Restore callee saved registers x19-x30 + ldp x19, x20, [sp, #32] + ldp x21, x22, [sp, #48] + ldp x23, x24, [sp, #64] + ldp x25, x26, [sp, #80] + ldp x27, x28, [sp, #96] + ldp x29, x30, [sp], #112 + + ret diff --git a/tools/testing/selftests/arm64/abi/syscall-abi.c b/tools/testing/selftests/arm64/abi/syscall-abi.c new file mode 100644 index 000000000000..0c284b1812aa --- /dev/null +++ b/tools/testing/selftests/arm64/abi/syscall-abi.c @@ -0,0 +1,328 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (C) 2021 ARM Limited. + */ + +#include <errno.h> +#include <stdbool.h> +#include <stddef.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/auxv.h> +#include <sys/prctl.h> +#include <asm/sigcontext.h> +#include <asm/unistd.h> + +#include "../../kselftest.h" + +#define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0])) +#define NUM_VL ((SVE_VQ_MAX - SVE_VQ_MIN) + 1) + +extern void do_syscall(int sve_vl); + +static void fill_random(void *buf, size_t size) +{ + int i; + uint32_t *lbuf = buf; + + /* random() returns a 32 bit number regardless of the size of long */ + for (i = 0; i < size / sizeof(uint32_t); i++) + lbuf[i] = random(); +} + +/* + * We also repeat the test for several syscalls to try to expose different + * behaviour. + */ +static struct syscall_cfg { + int syscall_nr; + const char *name; +} syscalls[] = { + { __NR_getpid, "getpid()" }, + { __NR_sched_yield, "sched_yield()" }, +}; + +#define NUM_GPR 31 +uint64_t gpr_in[NUM_GPR]; +uint64_t gpr_out[NUM_GPR]; + +static void setup_gpr(struct syscall_cfg *cfg, int sve_vl) +{ + fill_random(gpr_in, sizeof(gpr_in)); + gpr_in[8] = cfg->syscall_nr; +} + +static int check_gpr(struct syscall_cfg *cfg, int sve_vl) +{ + int errors = 0; + int i; + + /* + * GPR x0-x7 may be clobbered, and all others should be preserved. + */ + for (i = 9; i < ARRAY_SIZE(gpr_in); i++) { + if (gpr_in[i] != gpr_out[i]) { + ksft_print_msg("%s SVE VL %d mismatch in GPR %d: %llx != %llx\n", + cfg->name, sve_vl, i, + gpr_in[i], gpr_out[i]); + errors++; + } + } + + return errors; +} + +#define NUM_FPR 32 +uint64_t fpr_in[NUM_FPR * 2]; +uint64_t fpr_out[NUM_FPR * 2]; + +static void setup_fpr(struct syscall_cfg *cfg, int sve_vl) +{ + fill_random(fpr_in, sizeof(fpr_in)); +} + +static int check_fpr(struct syscall_cfg *cfg, int sve_vl) +{ + int errors = 0; + int i; + + if (!sve_vl) { + for (i = 0; i < ARRAY_SIZE(fpr_in); i++) { + if (fpr_in[i] != fpr_out[i]) { + ksft_print_msg("%s Q%d/%d mismatch %llx != %llx\n", + cfg->name, + i / 2, i % 2, + fpr_in[i], fpr_out[i]); + errors++; + } + } + } + + return errors; +} + +static uint8_t z_zero[__SVE_ZREG_SIZE(SVE_VQ_MAX)]; +uint8_t z_in[SVE_NUM_PREGS * __SVE_ZREG_SIZE(SVE_VQ_MAX)]; +uint8_t z_out[SVE_NUM_PREGS * __SVE_ZREG_SIZE(SVE_VQ_MAX)]; + +static void setup_z(struct syscall_cfg *cfg, int sve_vl) +{ + fill_random(z_in, sizeof(z_in)); +} + +static int check_z(struct syscall_cfg *cfg, int sve_vl) +{ + size_t reg_size = sve_vl; + int errors = 0; + int i; + + if (!sve_vl) + return 0; + + /* + * After a syscall the low 128 bits of the Z registers should + * be preserved and the rest be zeroed. + */ + for (i = 0; i < SVE_NUM_ZREGS; i++) { + void *in = &z_in[reg_size * i]; + void *out = &z_out[reg_size * i]; + + if (memcmp(in, out, SVE_VQ_BYTES) != 0) { + ksft_print_msg("%s SVE VL %d Z%d low 128 bits changed\n", + cfg->name, sve_vl, i); + errors++; + } + + memset(out, 0, SVE_VQ_BYTES); + if (memcmp(out, z_zero, reg_size) != 0) { + ksft_print_msg("%s SVE VL %d Z%d high bits set\n", + cfg->name, sve_vl, i); + errors++; + } + } + + return errors; +} + +uint8_t p_in[SVE_NUM_PREGS * __SVE_PREG_SIZE(SVE_VQ_MAX)]; +uint8_t p_out[SVE_NUM_PREGS * __SVE_PREG_SIZE(SVE_VQ_MAX)]; + +static void setup_p(struct syscall_cfg *cfg, int sve_vl) +{ + fill_random(p_in, sizeof(p_in)); + fill_random(p_out, sizeof(p_out)); +} + +static int check_p(struct syscall_cfg *cfg, int sve_vl) +{ + size_t reg_size = sve_vq_from_vl(sve_vl) * 2; /* 1 bit per VL byte */ + int errors = 0; + int i; + + if (!sve_vl) + return 0; + + /* After a syscall the P registers should be zeroed */ + for (i = 0; i < SVE_NUM_PREGS * reg_size; i++) + if (p_out[i]) + errors++; + if (errors) + ksft_print_msg("%s SVE VL %d predicate registers non-zero\n", + cfg->name, sve_vl); + + return errors; +} + +uint8_t ffr_in[__SVE_PREG_SIZE(SVE_VQ_MAX)]; +uint8_t ffr_out[__SVE_PREG_SIZE(SVE_VQ_MAX)]; + +static void setup_ffr(struct syscall_cfg *cfg, int sve_vl) +{ + /* + * It is only valid to set a contiguous set of bits starting + * at 0. For now since we're expecting this to be cleared by + * a syscall just set all bits. + */ + memset(ffr_in, 0xff, sizeof(ffr_in)); + fill_random(ffr_out, sizeof(ffr_out)); +} + +static int check_ffr(struct syscall_cfg *cfg, int sve_vl) +{ + size_t reg_size = sve_vq_from_vl(sve_vl) * 2; /* 1 bit per VL byte */ + int errors = 0; + int i; + + if (!sve_vl) + return 0; + + /* After a syscall the P registers should be zeroed */ + for (i = 0; i < reg_size; i++) + if (ffr_out[i]) + errors++; + if (errors) + ksft_print_msg("%s SVE VL %d FFR non-zero\n", + cfg->name, sve_vl); + + return errors; +} + +typedef void (*setup_fn)(struct syscall_cfg *cfg, int sve_vl); +typedef int (*check_fn)(struct syscall_cfg *cfg, int sve_vl); + +/* + * Each set of registers has a setup function which is called before + * the syscall to fill values in a global variable for loading by the + * test code and a check function which validates that the results are + * as expected. Vector lengths are passed everywhere, a vector length + * of 0 should be treated as do not test. + */ +static struct { + setup_fn setup; + check_fn check; +} regset[] = { + { setup_gpr, check_gpr }, + { setup_fpr, check_fpr }, + { setup_z, check_z }, + { setup_p, check_p }, + { setup_ffr, check_ffr }, +}; + +static bool do_test(struct syscall_cfg *cfg, int sve_vl) +{ + int errors = 0; + int i; + + for (i = 0; i < ARRAY_SIZE(regset); i++) + regset[i].setup(cfg, sve_vl); + + do_syscall(sve_vl); + + for (i = 0; i < ARRAY_SIZE(regset); i++) + errors += regset[i].check(cfg, sve_vl); + + return errors == 0; +} + +static void test_one_syscall(struct syscall_cfg *cfg) +{ + int vq, ret; + + /* FPSIMD only case */ + ksft_test_result(do_test(cfg, 0), + "%s SVE VL %d\n", cfg->name, 0); + + if (!(getauxval(AT_HWCAP) & HWCAP_SVE)) + return; + + for (vq = 1; vq < NUM_VL + 1; vq++) { + bool skip = false; + int vl = 0; + + if (vq) { + vl = sve_vl_from_vq(vq); + + ret = prctl(PR_SVE_SET_VL, vl); + if (ret < 0) { + ksft_test_result_error("Failed to set VL %d\n", + vl); + continue; + } + + if ((ret & PR_SVE_VL_LEN_MASK) != vl) + skip = true; + } + + if (!skip) + ksft_test_result(do_test(cfg, vl), + "%s SVE VL %d\n", cfg->name, vl); + } +} + +int sve_count_vls(void) +{ + unsigned int vq; + int vl_count = 0; + int vl; + + if (!(getauxval(AT_HWCAP) & HWCAP_SVE)) + return 0; + + /* + * Enumerate up to SVE_VQ_MAX vector lengths + */ + for (vq = SVE_VQ_MAX; vq > 0; --vq) { + vl = prctl(PR_SVE_SET_VL, vq * 16); + if (vl == -1) + ksft_exit_fail_msg("PR_SVE_SET_VL failed: %s (%d)\n", + strerror(errno), errno); + + vl &= PR_SVE_VL_LEN_MASK; + + if (vq != sve_vq_from_vl(vl)) + vq = sve_vq_from_vl(vl); + + vl_count++; + } + + return vl_count; +} + +int main(void) +{ + int i; + + srandom(getpid()); + + ksft_print_header(); + ksft_set_plan(ARRAY_SIZE(syscalls) * (sve_count_vls() + 1)); + + for (i = 0; i < ARRAY_SIZE(syscalls); i++) + test_one_syscall(&syscalls[i]); + + ksft_print_cnts(); + + return 0; +} -- 2.30.2

3 years, 10 months

1
1
0 0

[PATCH v4 0/8] tracing: Extend histogram triggers expression parsing

by Kalesh Singh

Hi all, The v4 of the extending histogram exprssions series. The previous versions were posted at: v3: https://lore.kernel.org/r/20211025192330.2992076-1-kaleshsingh@google.com/ v2: https://lore.kernel.org/r/20211020013153.4106001-1-kaleshsingh@google.com/ v1: https://lore.kernel.org/r/20210915195306.612966-1-kaleshsingh@google.com/ Patches 4 through 6 are new and adds some optimizations/improvements suggested by Steven Rostedt. Removes the Change-Id tags that were inadvertently added in v3. The cover letter is copied below for convenience. Thanks, Kalesh --- The frequency of the rss_stat trace event is known to be of the same magnitude as that of the sched_switch event on Android devices. This can cause flooding of the trace buffer with rss_stat traces leading to a decreased trace buffer capacity and loss of data. If it is not necessary to monitor very small changes in rss (as is the case in Android) then the rss_stat tracepoint can be throttled to only emit the event once there is a large enough change in the rss size. The original patch that introduced the rss_stat tracepoint also proposed a fixed throttling mechanism that only emits the rss_stat event when the rss size crosses a 512KB boundary. It was concluded that more generic support for this type of filtering/throttling was need, so that it can be applied to any trace event. [1] >From the discussion in [1], histogram triggers seemed the most likely candidate to support this type of throttling. For instance to achieve the same throttling as was proposed in [1]: (1) Create a histogram variable to save the 512KB bucket of the rss size (2) Use the onchange handler to generate a synthetic event when the rss size bucket changes. The only missing pieces to support such a hist trigger are: (1) Support for setting a hist variable to a specific value -- to set the bucket size / granularity. (2) Support for division arithmetic operation -- to determine the corresponding bucket for an rss size. This series extends histogram trigger expressions to: (1) Allow assigning numeric literals to hist variable (eg. x=1234) and using literals directly in expressions (eg. x=size/1234) (2) Support division and multiplication in hist expressions. (eg. a=$x/$y*z); and (3) Fixes expression parsing for non-associative operators: subtraction and division. (eg. 8-4-2 should be 2 not 6) The rss_stat event can then be throttled using histogram triggers as below: # Create a synthetic event to monitor instead of the high frequency # rss_stat event echo 'rss_stat_throttled unsigned int mm_id; unsigned int curr; int member; long size' >> tracing/synthetic_events # Create a hist trigger that emits the synthetic rss_stat_throttled # event only when the rss size crosses a 512KB boundary. echo 'hist:keys=mm_id,member:bucket=size/0x80000:onchange($bucket) .rss_stat_throttled(mm_id,curr,member,size)' >> events/kmem/rss_stat/trigger ------ Test Results ------ Histograms can also be used to evaluate the effectiveness of this throttling by noting the Total Hits on each trigger: echo 'hist:keys=common_pid' >> events/sched/sched_switch/trigger echo 'hist:keys=common_pid' >> events/kmem/rss_stat/trigger echo 'hist:keys=common_pid' >> events/synthetic/rss_stat_throttled/trigger Allowing the above example (512KB granularity) run for 5 minutes on an arm64 device with 5.10 kernel: sched_switch : total hits = 147153 rss_stat : total hits = 38863 rss_stat_throttled: total hits = 2409 The synthetic rss_stat_throttled event is ~16x less frequent than the rss_stat event when using a 512KB granularity. The results are more pronounced when rss size is changing at a higher rate in small increments. For instance the following results were obtained by recording the hits on the above events for a run of Android's lmkd_unit_test [2], which continually forks processes that map anonymous memory until there is an oom kill: sched_switch : total hits = 148832 rss_stat : total hits = 4754802 rss_stat_throttled: total hits = 96214 In this stress test, the synthetic rss_stat_throttled event is ~50x less frequent than the rss_stat event when using a 512KB granularity. [1] https://lore.kernel.org/lkml/20190903200905.198642-1-joel@joelfernandes.org/ [2] https://cs.android.com/android/platform/superproject/+/master:system/memory… Kalesh Singh (8): tracing: Add support for creating hist trigger variables from literal tracing: Add division and multiplication support for hist triggers tracing: Fix operator precedence for hist triggers expression tracing/histogram: Simplify handling of .sym-offset in expressions tracing/histogram: Covert expr to const if both operands are constants tracing/histogram: Optimize division by a power of 2 tracing/selftests: Add tests for hist trigger expression parsing tracing/histogram: Document expression arithmetic and constants Documentation/trace/histogram.rst | 14 + kernel/trace/trace_events_hist.c | 400 ++++++++++++++---- .../testing/selftests/ftrace/test.d/functions | 4 +- .../trigger/trigger-hist-expressions.tc | 72 ++++ 4 files changed, 412 insertions(+), 78 deletions(-) create mode 100644 tools/testing/selftests/ftrace/test.d/trigger/trigger-hist-expressions.tc base-commit: ac8a6eba2a117e0fdc04da62ab568d1b7ca4c8f6 -- 2.33.0.1079.g6e70778dc9-goog

3 years, 10 months

3
28
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror