Hi Andrew,
On 12/15/23 12:40 AM, Andrew Morton wrote:
> On Thu, 14 Dec 2023 15:19:30 +0500 Muhammad Usama Anjum
> wrote:
>
>> The "locked-in-memory size" limit per process can be non-multiple of
>> page_size. The mmap() fails if we try to allocate locked-in-memory
>> with same size as the allow
From: Maxime Ripard
Kunit recently gained helpers to create test managed devices. This means
that we no longer have to roll our own helpers in KMS and we can reuse
them.
Signed-off-by: Maxime Ripard
Tested-by: David Gow
Signed-off-by: David Gow
---
drivers/gpu/drm/tests/drm_kunit_helpers.c |
Using struct root_device to create fake devices for tests is something
of a hack. The new struct kunit_device is meant for this purpose, so use
it instead.
Acked-by: Mark Brown
Signed-off-by: David Gow
---
sound/soc/soc-topology-test.c | 10 ++
1 file changed, 2 insertions(+), 8 deletio
Using struct root_device to create fake devices for tests is something
of a hack. The new struct kunit_device is meant for this purpose, so use
it instead.
Reviewed-by: Matti Vaittinen
Acked-by: Kees Cook
Signed-off-by: David Gow
---
lib/overflow_kunit.c | 5 ++---
1 file changed, 2 insertions
Using struct root_device to create fake devices for tests is something
of a hack. The new struct kunit_device is meant for this purpose, so use
it instead.
Reviewed-by: Matti Vaittinen
Acked-by: Kees Cook
Signed-off-by: David Gow
---
lib/fortify_kunit.c | 5 +++--
1 file changed, 3 insertions(
Tests for drivers often require a struct device to pass to other
functions. While it's possible to create these with
root_device_register(), or to use something like a platform device, this
is both a misuse of those APIs, and can be difficult to clean up after,
for example, a failed assertion.
Add
which
use this to go via the various subsystem trees in case there are merge
conflicts.
Cheers,
-- David
Signed-off-by: David Gow
---
Changes in v4:
- Update tags, fix a missing Signed-off-by.
- Link to v3:
https://lore.kernel.org/r/20231214-kunit_bus-v3-0-7e9a287d3...@google.com
Changes in v3
On 2023/12/15 2:40, Stephen Hemminger wrote:
On Thu, 14 Dec 2023 14:51:12 +0900
Akihiko Odaki wrote:
On 2023/12/13 19:22, Benjamin Tissoires wrote:
On Tue, Dec 12, 2023 at 1:41 PM Akihiko Odaki wrote:
On 2023/12/12 19:39, Benjamin Tissoires wrote:
Hi,
On Tue, Dec 12, 2023 at 9:11 AM Akih
On 2023/12/15 11:32, Nicolin Chen wrote:
On Fri, Dec 15, 2023 at 03:04:44AM +, Tian, Kevin wrote:
From: Nicolin Chen
Sent: Friday, December 15, 2023 10:28 AM
On Fri, Dec 15, 2023 at 01:50:07AM +, Tian, Kevin wrote:
From: Liu, Yi L
Sent: Thursday, December 14, 2023 7:27 PM
On 2023/11/
On Fri, Dec 15, 2023 at 03:04:44AM +, Tian, Kevin wrote:
> > From: Nicolin Chen
> > Sent: Friday, December 15, 2023 10:28 AM
> > On Fri, Dec 15, 2023 at 01:50:07AM +, Tian, Kevin wrote:
> > > > From: Liu, Yi L
> > > > Sent: Thursday, December 14, 2023 7:27 PM
> > > >
> > > > On 2023/11/17
Hello:
This series was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov :
On Thu, 14 Dec 2023 15:56:24 -0700 you wrote:
> Two small improves to BPF exceptions in this patchset:
>
> 1. Allow throwing exceptions in XDP progs
> 2. Add some macros to help release references before throwing
On Thu, Dec 14, 2023 at 6:46 PM Alexei Starovoitov
wrote:
>
> On Thu, Dec 14, 2023 at 2:56 PM Daniel Xu wrote:
> >
> > These macros are a temporary stop-gap until bpf exceptions support
> > unwinding acquired entities. Basically these macros act as if they take
> > a callback which only get execu
> From: Nicolin Chen
> Sent: Friday, December 15, 2023 10:28 AM
>
> On Fri, Dec 15, 2023 at 01:50:07AM +, Tian, Kevin wrote:
> > > From: Liu, Yi L
> > > Sent: Thursday, December 14, 2023 7:27 PM
> > >
> > > On 2023/11/17 21:18, Yi Liu wrote:> This adds the data structure for
> > > flushing i
Mark Brown writes:
> + /* Same thing via process_vm_readv() */
> + local_iov.iov_base = &rval;
> + local_iov.iov_len = sizeof(rval);
> + remote_iov.iov_base = (void *)gcspr;
> + remote_iov.iov_len = sizeof(rval);
> + ret = process_vm_writev(child, &local_iov, 1, &remote_
On Thu, Dec 14, 2023 at 2:56 PM Daniel Xu wrote:
>
> These macros are a temporary stop-gap until bpf exceptions support
> unwinding acquired entities. Basically these macros act as if they take
> a callback which only get executed if the assertion fails.
>
> Signed-off-by: Daniel Xu
> ---
> .../
Hello:
This series was applied to netdev/net-next.git (main)
by Jakub Kicinski :
On Wed, 13 Dec 2023 14:08:43 +0800 you wrote:
> Here is the 3rd part of converting net selftests to run in unique namespace.
> This part converts all srv6 and fib tests.
>
> Note that patch 06 is a fix for testing f
Check multiple keys on a socket:
- rotation on closed socket
- current/rnext operations shouldn't be possible on listen sockets
- current/rnext key set should be the one, that's used on connect()
- key rotations with pseudo-random generated keys
- copying matching keys on connect() and on accept()
Check that a rare functionality of TCP named self-connect works with
TCP-AO. This "under the cover" also checks TCP simultaneous connect
(TCP_SYN_RECV socket state), which would be harder to check other ways.
In order to verify that it's indeed TCP simultaneous connect, check
the counters TCPChall
Check that both active and passive reset works and correctly sign
segments with TCP-AO or don't send RSTs if not possible to sign.
A listening socket with backlog = 0 gets one connection in accept
queue, another in syn queue. Once the server/listener socket is
forcibly closed, client sockets aren't
Check that on SEQ number wraparound there is no disruption or TCPAOBad
segments produced.
Sample of expected output:
> # ./seq-ext_ipv4
> 1..7
> # 1436[lib/setup.c:254] rand seed 1686611079
> TAP version 13
> ok 1 server alive
> ok 2 post-migrate connection alive
> ok 3 TCPAOGood counter increased
The test plan is:
1. check that TCP-AO connection may be restored on another socket
2. check restore with wrong send/recv ISN (checking that they are
part of MAC generation)
3. check restore with wrong SEQ number extension (checking that
high bytes of it taken into MAC generation)
Sample out
Sample output:
> 1..36
> # 1106[lib/setup.c:207] rand seed 1660754406
> TAP version 13
> ok 1 Worst case connect 512 keys: min=0ms max=1ms mean=0.583329ms
> stddev=0.076376
> ok 2 Connect random-search 512 keys: min=0ms max=1ms mean=0.53412ms
> stddev=0.0516779
> ok 3Worst case d
The test plan was (most of tests have all 3 client types):
1. TCP-AO listen (INADDR_ANY)
2. TCP-MD5 listen (INADDR_ANY)
3. non-signed listen (INADDR_ANY)
4. TCP-AO + TCP-MD5 listen (prefix)
5. TCP-AO subprefix add failure [checked in setsockopt-closed.c]
6. TCP-AO out of prefix connect [checked in
Verify corner-cases for UAPI.
Sample output:
> # ./setsockopt-closed_ipv4
> 1..120
> # 1657[lib/setup.c:254] rand seed 1681938184
> TAP version 13
> ok 1 AO add: minimum size
> ok 2 AO add: extended size
> ok 3 AO add: null optval
> ok 4 AO del: minimum size
> ok 5 AO del: extended size
> ok 6 AO d
Add TCP-AO tests on connect()/accept() pair.
SNMP counters exposed by kernel are very useful here to verify the
expected behavior of TCP-AO.
Expected output for ipv4 version:
> # ./connect-deny_ipv4
> 1..19
> # 1702[lib/setup.c:254] rand seed 1680553689
> TAP version 13
> ok 1 Non-AO server + AO c
Hand-crafted ICMP packets are sent to the server, the server checks for
hard/soft errors and fails if any.
Expected output for ipv4 version:
> # ./icmps-discard_ipv4
> 1..3
> # 3164[lib/setup.c:166] rand seed 1642623745
> TAP version 13
> # 3164[lib/proc.c:207]Snmp6 Ip6InReceives:
Reverse to icmps-discard test: the server accepts ICMPs, using
TCP_AO_CMDF_ACCEPT_ICMP and it is expected to fail under ICMP
flood from client. Test that the default pre-TCP-AO behaviour functions
when TCP_AO_CMDF_ACCEPT_ICMP is set.
Expected output for ipv4 version (in case it receives ICMP_PROT_
Provide functions to create selftests dedicated to TCP-AO.
They can run in parallel, as they use temporary net namespaces.
They can be very specific to the feature being tested.
This will allow to create a lot of TCP-AO tests, without complicating
one binary with many --options and to create scenar
Hi,
An essential part of any big kernel submissions is selftests.
At the beginning of TCP-AO project, I made patches to fcnal-test.sh
and nettest.c to have the benefits of easy refactoring, early noticing
breakages, putting a moat around the code, documenting
and designing uAPI.
While tests based
On Fri, Dec 15, 2023 at 01:50:07AM +, Tian, Kevin wrote:
> > From: Liu, Yi L
> > Sent: Thursday, December 14, 2023 7:27 PM
> >
> > On 2023/11/17 21:18, Yi Liu wrote:> This adds the data structure for
> > flushing iotlb for the nested domain
> >
> > +struct iommu_hwpt_vtd_s1_invalidate {
> > +
> From: Liu, Yi L
> Sent: Thursday, December 14, 2023 7:27 PM
>
> On 2023/11/17 21:18, Yi Liu wrote:> This adds the data structure for
> flushing iotlb for the nested domain
>
> +struct iommu_hwpt_vtd_s1_invalidate {
> + __aligned_u64 addr;
> + __aligned_u64 npages;
> + __u32 flags;
Hello:
This series was applied to bpf/bpf-next.git (master)
by Alexei Starovoitov :
On Thu, 14 Dec 2023 15:49:01 -0700 you wrote:
> This patchset adds two kfunc helpers, bpf_xdp_get_xfrm_state() and
> bpf_xdp_xfrm_state_release() that wrap xfrm_state_lookup() and
> xfrm_state_put(). The intent is
On 12/14/2023 9:33 PM, Baolu Lu wrote:
On 2023/12/14 10:55, Yang, Weijiang wrote:
On 11/27/2023 2:34 PM, Yi Liu wrote:
From: Lu Baolu
This allows the upper layers to set a nested type domain to a PASID of a
device if the PASID feature is supported by the IOMMU hardware.
The set_dev_pasid cal
On Thu, Dec 14, 2023 at 12:14 PM Linus Torvalds
wrote:
>
> On Thu, 14 Dec 2023 at 10:07, Stephen Röttger wrote:
> >
> > AIUI, the madvise(DONTNEED) should effectively only change the content of
> > anonymous pages, i.e. it's similar to a memset(0) in that case. That's why
> > we
> > added this s
These macros are a temporary stop-gap until bpf exceptions support
unwinding acquired entities. Basically these macros act as if they take
a callback which only get executed if the assertion fails.
Signed-off-by: Daniel Xu
---
.../testing/selftests/bpf/bpf_experimental.h | 22 ++
Add some positive and negative test cases that exercise the "callback"
semantics.
Signed-off-by: Daniel Xu
---
.../selftests/bpf/prog_tests/exceptions.c | 5 ++
.../testing/selftests/bpf/progs/exceptions.c | 61 +++
2 files changed, 66 insertions(+)
diff --git a/tools/test
Two small improves to BPF exceptions in this patchset:
1. Allow throwing exceptions in XDP progs
2. Add some macros to help release references before throwing exceptions
Note the macros are intended to be temporary, at least until BPF
exception infra is able to automatically release acquired reso
This commit extends test_tunnel selftest to test the new XDP xfrm state
lookup kfunc.
Co-developed-by: Antony Antony
Signed-off-by: Antony Antony
Signed-off-by: Daniel Xu
---
.../selftests/bpf/prog_tests/test_tunnel.c| 16 +-
.../selftests/bpf/progs/test_tunnel_kern.c| 51 +
test_progs is better than a shell script b/c C is a bit easier to
maintain than shell. Also it's easier to use new infra like memory
mapped global variables from C via bpf skeleton.
Co-developed-by: Antony Antony
Signed-off-by: Antony Antony
Signed-off-by: Daniel Xu
---
.../selftests/bpf/prog_
vmlinux.h declarations are more ergnomic, especially when working with
kfuncs. The uapi headers are often incomplete for kfunc definitions.
This commit also switches bitfield accesses to use CO-RE helpers.
Switching to vmlinux.h definitions makes the verifier very
unhappy with raw bitfield accesse
This helps with determinism b/c individual setup/teardown prevents
leaking state between different subtests.
Signed-off-by: Daniel Xu
---
tools/testing/selftests/bpf/prog_tests/test_tunnel.c | 7 ++-
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/tools/testing/selftests/bpf/pr
This patchset adds two kfunc helpers, bpf_xdp_get_xfrm_state() and
bpf_xdp_xfrm_state_release() that wrap xfrm_state_lookup() and
xfrm_state_put(). The intent is to support software RSS (via XDP) for
the ongoing/upcoming ipsec pcpu work [0]. Recent experiments performed
on (hopefully) reproducible
On Thu, Dec 14, 2023 at 12:24 PM Daniel Xu wrote:
>
>
> Looks like only x86 supports exceptions (looking at
> bpf_jit_supports_exceptions()).
>
> This causes selftests in this patchset to fail on !x86, which is
> unfortunate. We probably want to be running these tests on all the major
> archs, so
On Thu, Dec 14, 2023 at 11:23:02AM -0700, Daniel Xu wrote:
> On Thu, Dec 14, 2023 at 05:16:08PM +0100, Kumar Kartikeya Dwivedi wrote:
> > On Thu, 14 Dec 2023 at 17:08, Kumar Kartikeya Dwivedi
> > wrote:
> > >
> > > On Thu, 14 Dec 2023 at 00:49, Eyal Birger wrote:
> > > >
> > > > On Wed, Dec 13,
On Thu, 14 Dec 2023 at 10:07, Stephen Röttger wrote:
>
> AIUI, the madvise(DONTNEED) should effectively only change the content of
> anonymous pages, i.e. it's similar to a memset(0) in that case. That's why we
> added this special case: if you want to madvise(DONTNEED) an anonymous page,
> you sh
On Thu, Dec 14, 2023 at 6:07 PM Stephen Röttger wrote:
>
> On Thu, Dec 14, 2023 at 2:31 AM Linus Torvalds
> wrote:
> >
> > On Wed, 13 Dec 2023 at 16:36, Jeff Xu wrote:
> > >
> > >
> > > > IOW, when would you *ever* say "seal this area, but MADV_DONTNEED is
> > > > ok"?
> > > >
> > > The MADV_DO
On Mon, Dec 11, 2023 at 12:37 PM Pavel Begunkov wrote:
...
> >> If you remove the branch, let it fall into ->release and rely
> >> on refcounting there, then the callback could also fix up
> >> release_cnt or ask pp to do it, like in the patch I linked above
> >>
> >
> > Sadly I don't think this i
On Thu, 14 Dec 2023 15:19:30 +0500 Muhammad Usama Anjum
wrote:
> The "locked-in-memory size" limit per process can be non-multiple of
> page_size. The mmap() fails if we try to allocate locked-in-memory
> with same size as the allowed limit if it isn't multiple of the
> page_size because mmap()
Hi Shaoqin,
On 12/14/23 14:45, Eric Auger wrote:
> Hi Shaoqin,
>
> On 11/29/23 08:27, Shaoqin Huang wrote:
>> Introduce pmu_event_filter_test for arm64 platforms. The test configures
>> PMUv3 for a vCPU, and sets different pmu event filters for the vCPU, and
>> check if the guest can use those ev
On Thu, Dec 14, 2023 at 05:16:08PM +0100, Kumar Kartikeya Dwivedi wrote:
> On Thu, 14 Dec 2023 at 17:08, Kumar Kartikeya Dwivedi
> wrote:
> >
> > On Thu, 14 Dec 2023 at 00:49, Eyal Birger wrote:
> > >
> > > On Wed, Dec 13, 2023 at 3:15 PM Daniel Xu wrote:
> > > > > > [...]
> > > > > >
> > > > >
Hi Ilpo,
On 12/14/2023 2:12 AM, Ilpo Järvinen wrote:
> On Wed, 13 Dec 2023, Reinette Chatre wrote:
>
>> Hi Ilpo,
>>
>> On 12/11/2023 4:17 AM, Ilpo Järvinen wrote:
>>> The resctrl selftest code contains a number of perror() calls. Some of
>>> them come with hash character and some don't. The kself
On Thu, Dec 14, 2023 at 2:31 AM Linus Torvalds
wrote:
>
> On Wed, 13 Dec 2023 at 16:36, Jeff Xu wrote:
> >
> >
> > > IOW, when would you *ever* say "seal this area, but MADV_DONTNEED is ok"?
> > >
> > The MADV_DONTNEED is OK for file-backed mapping.
>
> Right. It makes no semantic difference. So
On Thu, 14 Dec 2023 14:51:12 +0900
Akihiko Odaki wrote:
> On 2023/12/13 19:22, Benjamin Tissoires wrote:
> > On Tue, Dec 12, 2023 at 1:41 PM Akihiko Odaki
> > wrote:
> >>
> >> On 2023/12/12 19:39, Benjamin Tissoires wrote:
> >>> Hi,
> >>>
> >>> On Tue, Dec 12, 2023 at 9:11 AM Akihiko Odaki
From: Roberto Sassu
Since now IMA and EVM use their own integrity metadata, it is safe to
remove the 'integrity' LSM, with its management of integrity metadata.
Keep the iint.c file only for loading IMA and EVM keys at boot, and for
creating the integrity directory in securityfs (we need to keep
From: Roberto Sassu
Make the 'ima' LSM independent from the 'integrity' LSM by introducing IMA
own integrity metadata (ima_iint_cache structure, with IMA-specific fields
from the integrity_iint_cache structure), and by managing it directly from
the 'ima' LSM.
Move the remaining IMA-specific flag
From: Roberto Sassu
Define a new structure for EVM-specific metadata, called evm_iint_cache,
and embed it in the inode security blob. Introduce evm_iint_inode() to
retrieve metadata, and register evm_inode_alloc_security() for the
inode_alloc_security LSM hook, to initialize the structure (before
From: Roberto Sassu
As for IMA, move hardcoded EVM function calls from various places in the
kernel to the LSM infrastructure, by introducing a new LSM named 'evm'
(last and always enabled like 'ima'). The order in the Makefile ensures
that 'evm' hooks are executed after 'ima' ones.
Make EVM fun
From: Roberto Sassu
Do the registration of IMA-Appraisal only functions separately from the
rest of IMA functions, as appraisal is a separate feature not necessarily
enabled in the kernel configuration.
Reuse the same approach as for other IMA functions, move hardcoded calls
from various places
From: Roberto Sassu
Move hardcoded IMA function calls (not appraisal-specific functions) from
various places in the kernel to the LSM infrastructure, by introducing a
new LSM named 'ima' (at the end of the LSM list and always enabled like
'integrity').
Having IMA before EVM in the Makefile is su
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the key_post_create_or_update hook.
Depending on policy, IMA measures the key content after creation or update,
so that remote verifiers are aware of the operation.
Other LSMs could similarly take som
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_remove_acl hook.
At inode_remove_acl hook, EVM verifies the file's existing HMAC value. At
inode_post_remove_acl, EVM re-calculates the file's HMAC with the passed
POSIX ACL removed and
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_set_acl hook.
At inode_set_acl hook, EVM verifies the file's existing HMAC value. At
inode_post_set_acl, EVM re-calculates the file's HMAC based on the modified
POSIX ACL and other file
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_create_tmpfile hook.
As temp files can be made persistent, treat new temp files like other new
files, so that the file hash is calculated and stored in the security
xattr.
LSMs could al
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the path_post_mknod hook.
IMA-appraisal requires all existing files in policy to have a file
hash/signature stored in security.ima. An exception is made for empty files
created by mknod, by tagging the
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the file_release hook.
IMA calculates at file close the new digest of the file content and writes
it to security.ima, so that appraisal at next file access succeeds.
LSMs could also take some action b
From: Roberto Sassu
In preparation to move IMA and EVM to the LSM infrastructure, introduce the
file_post_open hook. Also, export security_file_post_open() for NFS.
Based on policy, IMA calculates the digest of the file content and
extends the TPM with the digest, verifies the file's integrity b
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_removexattr hook.
At inode_removexattr hook, EVM verifies the file's existing HMAC value. At
inode_post_removexattr, EVM re-calculates the file's HMAC with the passed
xattr removed and o
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_setattr hook.
At inode_setattr hook, EVM verifies the file's existing HMAC value. At
inode_post_setattr, EVM re-calculates the file's HMAC based on the modified
file attributes and other
From: Roberto Sassu
Add the idmap parameter to the definition, so that evm_inode_setattr() can
be registered as this hook implementation.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Acked-by: Casey Schaufler
Reviewed-by: Mimi Zohar
---
include/linux/lsm_hook_defs.h | 3 ++-
secu
From: Roberto Sassu
Change evm_inode_post_setxattr() definition, so that it can be registered
as implementation of the inode_post_setxattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Mimi Zohar
Reviewed-by: Casey Schaufler
---
include/linux/evm.h
From: Roberto Sassu
Change evm_inode_setxattr() definition, so that it can be registered as
implementation of the inode_setxattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Mimi Zohar
Reviewed-by: Casey Schaufler
---
include/linux/evm.h | 4 ++--
From: Roberto Sassu
Change evm_inode_post_setattr() definition, so that it can be registered as
implementation of the inode_post_setattr hook (to be introduced).
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Casey Schaufler
Reviewed-by: Mimi Zohar
---
fs/attr.c
From: Roberto Sassu
Change ima_post_read_file() definition, by making "void *buf" a
"char *buf", so that it can be registered as implementation of the
post_read_file hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Mimi Zohar
Reviewed-by: Casey Schaufler
---
includ
From: Roberto Sassu
Change ima_inode_removexattr() definition, so that it can be registered as
implementation of the inode_removexattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Casey Schaufler
Reviewed-by: Mimi Zohar
---
include/linux/ima.h
From: Roberto Sassu
Change ima_inode_setxattr() definition, so that it can be registered as
implementation of the inode_setxattr hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Mimi Zohar
Reviewed-by: Casey Schaufler
---
include/linux/ima.h | 11
From: Roberto Sassu
Change ima_file_mprotect() definition, so that it can be registered
as implementation of the file_mprotect hook.
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Casey Schaufler
Reviewed-by: Mimi Zohar
---
include/linux/ima.h | 5 +++--
From: Roberto Sassu
Change ima_inode_post_setattr() definition, so that it can be registered as
implementation of the inode_post_setattr hook (to be introduced).
Signed-off-by: Roberto Sassu
Reviewed-by: Stefan Berger
Reviewed-by: Casey Schaufler
Reviewed-by: Mimi Zohar
---
fs/attr.c
From: Roberto Sassu
IMA and EVM are not effectively LSMs, especially due to the fact that in
the past they could not provide a security blob while there is another LSM
active.
That changed in the recent years, the LSM stacking feature now makes it
possible to stack together multiple LSMs, and al
When running tests on a CI system (e.g. LAVA) it is useful to output
test results in TAP format so that the CI can parse the fine-grained
results to show regressions. Many of the mm selftest binaries already
output using the TAP format. And the kselftests runner
(run_kselftest.sh) also uses the for
On Thu, 14 Dec 2023 at 17:08, Kumar Kartikeya Dwivedi wrote:
>
> On Thu, 14 Dec 2023 at 00:49, Eyal Birger wrote:
> >
> > On Wed, Dec 13, 2023 at 3:15 PM Daniel Xu wrote:
> > > > > [...]
> > > > >
> > > > > diff --git a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
> > > > > b/tools/test
On Thu, Dec 14, 2023 at 04:49:17PM +0800, david...@google.com wrote:
> Using struct root_device to create fake devices for tests is something
> of a hack. The new struct kunit_device is meant for this purpose, so use
> it instead.
>
> Reviewed-by: Matti Vaittinen
> Signed-off-by: David Gow
Acke
On Thu, 14 Dec 2023 at 00:49, Eyal Birger wrote:
>
> On Wed, Dec 13, 2023 at 3:15 PM Daniel Xu wrote:
> > > > [...]
> > > >
> > > > diff --git a/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
> > > > b/tools/testing/selftests/bpf/progs/test_tunnel_kern.c
> > > > index c0dd38616562..f00dba8
Jeff Xu wrote:
> In short, BSD's immutable is designed specific for libc case, and Chrome
> case is just different (e.g. the lifetime of those mappings and requirement of
> free/discard unused memory).
That is not true. During the mimmutable design I took the entire
software ecosystem into cons
On Thu, 2023-12-14 at 14:00 +, David Woodhouse wrote:
>
> > + if (IS_ENABLED(CONFIG_64BIT) && kvm->arch.xen.long_mode) {
> > + struct vcpu_info *vcpu_info = gpc->khva;
> > + u32 port_word_bit = port / 32;
>
> Shouldn't that one be /64, and the compat one be /
On Mon, 2023-12-04 at 14:43 +, Paul Durrant wrote:
> From: Paul Durrant
>
> Taking a write lock on a pfncache will be disruptive if the cache is
> heavily used (which only requires a read lock). Hence, in the MMU notifier
> callback, take read locks on caches to check for a match; only taking
On Mon, 2023-12-04 at 14:43 +, Paul Durrant wrote:
> From: Paul Durrant
>
> As described in [1] compiling with CONFIG_PROVE_RAW_LOCK_NESTING shows that
> kvm_xen_set_evtchn_fast() is blocking on pfncache locks in IRQ context.
> Instead, use read_trylock() and treat failure to lock the same as
On 14/12/2023 13:41, David Woodhouse wrote:
On Mon, 2023-12-04 at 14:43 +, Paul Durrant wrote:
From: Paul Durrant
A subsequent patch will allow shared_info to be initialized using either a
GPA or a user-space (i.e. VMM) HVA. To make that patch cleaner, separate
the initialization of the sh
On Mon, 2023-12-04 at 14:43 +, Paul Durrant wrote:
> From: Paul Durrant
>
> The implementation of kvm_xen_set_evtchn_fast() is a rather lengthy piece
> of code that performs two operations: updating of the shared_info
> evtchn_pending mask, and updating of the vcpu_info evtchn_pending_sel
> m
Hi Shaoqin,
On 11/29/23 08:27, Shaoqin Huang wrote:
> Introduce pmu_event_filter_test for arm64 platforms. The test configures
> PMUv3 for a vCPU, and sets different pmu event filters for the vCPU, and
> check if the guest can use those events which user allow and can't use
> those events which us
Hi Shaoqin
On 11/29/23 08:27, Shaoqin Huang wrote:
> Add the invalid filter test to double check if the KVM_ARM_VCPU_PMU_V3_FILTER
> will return the expected error.
... in which situations? filter beyond the 16b event space or incorrect
action.
>
> Signed-off-by: Shaoqin Huang
> ---
> .../kvm/a
On Mon, Dec 11, 2023 at 06:49:37PM +, Catalin Marinas wrote:
> On Fri, Nov 24, 2023 at 04:34:59PM +, Joey Gouly wrote:
> > @@ -211,11 +212,24 @@ init_new_context(struct task_struct *tsk, struct
> > mm_struct *mm)
> > {
> > atomic64_set(&mm->context.id, 0);
> > refcount_set(&mm->co
Hi Shaoqin,
On 11/29/23 08:27, Shaoqin Huang wrote:
> Introduce pmu_event_filter_test for arm64 platforms. The test configures
> PMUv3 for a vCPU, and sets different pmu event filters for the vCPU, and
> check if the guest can use those events which user allow and can't use
> those events which us
On Mon, 2023-12-04 at 14:43 +, Paul Durrant wrote:
> From: Paul Durrant
>
> If the shared_info PFN cache has already been initialized then the content
> of the shared_info page needs to be (re-)initialized whenever the guest
> mode is (re)set.
> Setting the guest mode is either done explicitl
On Mon, 2023-12-04 at 14:43 +, Paul Durrant wrote:
> From: Paul Durrant
>
> A subsequent patch will allow shared_info to be initialized using either a
> GPA or a user-space (i.e. VMM) HVA. To make that patch cleaner, separate
> the initialization of the shared_info content from the activation
On 2023/12/14 10:55, Yang, Weijiang wrote:
On 11/27/2023 2:34 PM, Yi Liu wrote:
From: Lu Baolu
This allows the upper layers to set a nested type domain to a PASID of a
device if the PASID feature is supported by the IOMMU hardware.
The set_dev_pasid callback for non-nest domain has already be
On Thu, 14 Dec 2023 at 16:49, wrote:
>
> From: Maxime Ripard
>
> Kunit recently gained helpers to create test managed devices. This means
> that we no longer have to roll our own helpers in KMS and we can reuse
> them.
>
> Signed-off-by: Maxime Ripard
> ---
I've tested this over a few different
On 2023/11/17 21:18, Yi Liu wrote:> This adds the data structure for
flushing iotlb for the nested domain
> allocated with IOMMU_HWPT_DATA_VTD_S1 type.
>
> This only supports invalidating IOTLB, but no for device-TLB as device-TLB
> invalidation will be covered automatically in the IOTLB invalida
On Wed, 13 Dec 2023, Reinette Chatre wrote:
> On 12/11/2023 4:18 AM, Ilpo Järvinen wrote:
> > CAT test does not reset the CPU affinity after the benchmark.
> > This is relatively harmless as is because CAT test is the last
> > benchmark to run, however, more tests may be added later.
> >
> > Store
The "locked-in-memory size" limit per process can be non-multiple of
page_size. The mmap() fails if we try to allocate locked-in-memory
with same size as the allowed limit if it isn't multiple of the
page_size because mmap() rounds off the memory size to be allocated
to next multiple of page_size.
On Wed, 13 Dec 2023, Reinette Chatre wrote:
> Hi Ilpo,
>
> On 12/11/2023 4:18 AM, Ilpo Järvinen wrote:
> > +/*
> > + * cache_portion_size - Calculate the size of a cache portion
> > + * @cache_size:Total cache size in bytes
> > + * @portion_mask: Cache portion mask
> > + * @full_cach
1 - 100 of 111 matches
Mail list logo
