The Bionic version of pthread_create used on Android calls the prctl
function to give the stack and thread local storage a useful name. This
will cause the KILL_THREAD test to fail as it will kill the thread as
soon as it is created.
change the test to use getpid instead of prctl.
Signed-off-by:
unshare(CLONE_NEWPID) can return EINVAL if the kernel does not have the
CONFIG_PID_NS option enabled.
Add a check on these calls to skip the test if we receive EINVAL.
Signed-off-by: Terry Tritton
---
tools/testing/selftests/seccomp/seccomp_bpf.c | 9 -
1 file changed, 8 insertions(+),
Hi,
Here are a few fixes for seccomp_bpf tests found when testing on
Android:
user_notification_sibling_pid_ns:
unshare(CLONE_NEWPID) can return EINVAL so have added a check for this.
KILL_THREAD:
This one is a bit more Android specific.
In Bionic pthread_create is calling prctl, this is
The seccomp benchmark test makes a number of checks on the performance it
measures and logs them to the output but does so in a custom format which
none of the automated test runners understand meaning that the chances that
anyone is paying attention are slim. Let's additionally log each result in
In preparation for trying to output the test results themselves in TAP
format rework all the prints in the benchmark to use the kselftest output
functions. The uses of system() all produce single line output so we can
avoid having to deal with fully managing the child process and continue to
use
Currently the seccomp benchmark selftest produces non-standard output,
meaning that while it makes a number of checks of the performance it
observes this has to be parsed by humans. This means that automated
systems running this suite of tests are almost certainly ignoring the
results which isn't
On Sun, Jan 21, 2024 at 02:31:53PM -0800, Andrew Morton wrote:
> On Fri, 19 Jan 2024 15:58:01 -0500 Audra Mitchell wrote:
>
> > In order for the page table level 5 to be in use, the CPU must have the
> > setting enabled in addition to the CONFIG option. Check for the flag to be
> > set to avoid
Currently the user_notification_addfd test checks what the next expected
file descriptor will be by incrementing a variable nextfd. This does not
account for file descriptors that may already be open before the test is
started and will cause the test to fail if any exist.
Replace nextfd++ with a
Thanks, it's merged with some fixes:
https://git.kernel.org/mic/c/82852a3cc2152eb7c7b7007b6430faa979b08fad
On Wed, Jan 24, 2024 at 10:29:08AM +0800, Hu Yadi wrote:
> From: "Hu.Yadi"
You might want to fix the extra dot in your name.
>
> Fixes: 04f9070e99a4 ("selftests/landlock: Add tests for
On 24/01/2024 07:31, Davide Caratti wrote:
hello Pedro, thanks for your answer!
On Tue, Jan 23, 2024 at 5:47 PM Pedro Tammela wrote:
On 23/01/2024 10:17, Davide Caratti wrote:
hi Pedro,
On Tue, Jan 23, 2024 at 1:28 PM Pedro Tammela wrote:
If 'jq' is not available the taprio tests that
On Wed, Jan 24, 2024 at 11:49:43AM +0800, David Gow wrote:
On Wed, 24 Jan 2024 at 00:31, Lucas De Marchi wrote:
On Tue, Jan 23, 2024 at 04:01:49PM +0800, David Gow wrote:
>On Tue, 23 Jan 2024 at 01:14, Lucas De Marchi wrote:
>>
>> By allowing the filter_glob parameter to be written to, it's
From: Petr Machata
commit 25ae948b4478 ("selftests/net: add lib.sh") added net/lib.sh to
contain code shared by tests under net/ and net/forwarding/. However, this
caused issues with selftests from directories other than net/forwarding/,
in particular those under drivers/net/. Those issues were
In order to avoid duplicated files when both the bonding and forwarding
tests are exported together, add net/forwarding/lib.sh to TEST_INCLUDES and
include it via its relative path.
Reviewed-by: Petr Machata
Tested-by: Petr Machata
Signed-off-by: Benjamin Poirier
---
After commit 25ae948b4478 ("selftests/net: add lib.sh") but before commit
2114e83381d3 ("selftests: forwarding: Avoid failures to source
net/lib.sh"), some net selftests encountered errors when they were being
exported and run. This was because the new net/lib.sh was not exported
along with the
In order to avoid duplicated files when both the team and bonding tests are
exported together, add lag_lib.sh to TEST_INCLUDES.
Do likewise for net/forwarding/lib.sh regarding team and forwarding tests.
Reviewed-by: Petr Machata
Tested-by: Petr Machata
Signed-off-by: Benjamin Poirier
---
Hi Jakub,
On 1/24/24 15:12, Jakub Kicinski wrote:
> On Fri, 19 Jan 2024 18:39:14 + Dmitry Safonov wrote:
>>> You probably want something smaller to be honest.
>>> tools/testing/selftests/net/config has a lot of stuff in it
>>> and it's actually missing a lot more. I'm working thru adding
>>>
Adjust the fq verify regex to the latest iproute2
Signed-off-by: Pedro Tammela
---
tools/testing/selftests/tc-testing/tc-tests/qdiscs/fq.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/tc-testing/tc-tests/qdiscs/fq.json
For the longest time tdc ran only actions and qdiscs tests.
It's time to enable all the remaining tests so every user visible
piece of TC is tested by the downstream CIs.
Signed-off-by: Pedro Tammela
---
tools/testing/selftests/tc-testing/tdc.sh | 3 +--
1 file changed, 1 insertion(+), 2
If 'jq' is not available the taprio tests might enter an infinite loop,
use the "dependsOn" feature from tdc to check if jq is present. If it's
not the test is skipped.
Suggested-by: Davide Caratti
Signed-off-by: Pedro Tammela
---
tools/testing/selftests/tc-testing/tc-tests/qdiscs/taprio.json
Patches 1 and 3 are fixes for tdc that were discovered when running it
using defconfig + tc-testing config and against the latest iproute2.
Patch 2 improves the taprio tests.
Patch 4 enables all tdc tests.
Patch 5 fixes the return code of tdc for when a test fails
setup/teardown.
v1->v2:
On a default config + tc-testing config build, tdc will miss
all the netfilter related tests because it's missing:
CONFIG_NETFILTER=y
Signed-off-by: Pedro Tammela
---
tools/testing/selftests/tc-testing/config | 1 +
1 file changed, 1 insertion(+)
diff --git
As of today tests throwing exceptions in setup/teardown phase are
treated as skipped but they should really be failures.
Signed-off-by: Pedro Tammela
---
tools/testing/selftests/tc-testing/tdc.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
Benjamin Poirier wrote:
>In order to avoid duplicated files when both the bonding and forwarding
>tests are exported together, add net/forwarding/lib.sh to TEST_INCLUDES and
>include it via its relative path.
>
>Reviewed-by: Petr Machata
>Tested-by: Petr Machata
>Signed-off-by: Benjamin
On Fri, 19 Jan 2024 18:39:14 + Dmitry Safonov wrote:
> > You probably want something smaller to be honest.
> > tools/testing/selftests/net/config has a lot of stuff in it
> > and it's actually missing a lot more. I'm working thru adding
> > the missing options to
The dsa tests which are symlinks of tests from net/forwarding/ (like
tc_actions.sh) become regular files after export (because `rsync
--copy-unsafe-links` is used) and expect to source lib.sh
(net/forwarding/lib.sh) from the same directory.
In the last patch of this series, net/forwarding/lib.sh
Some tests written in bash source other files in a parent directory. For
example, drivers/net/bonding/dev_addr_lists.sh sources
net/forwarding/lib.sh. If a subset of tests is exported and run outside the
source tree (for example by using `make -C tools/testing/selftests gen_tar
The following code which is part of lib.sh:
relative_path="${BASH_SOURCE%/*}"
if [[ "$relative_path" == "${BASH_SOURCE}" ]]; then
relative_path="."
fi
reimplements functionality that is part of `dirname`:
$ dirname ""
.
To avoid this duplication, replace "relative_path" by
On Wed, 24 Jan 2024 14:13:54 +, Terry Tritton wrote:
> Here are a few fixes for seccomp_bpf tests found when testing on
> Android:
>
> user_notification_sibling_pid_ns:
> unshare(CLONE_NEWPID) can return EINVAL so have added a check for this.
>
> KILL_THREAD:
> This one is a bit more
On Tue, Jan 23, 2024 at 10:15 AM Liam R. Howlett
wrote:
>
> * jef...@chromium.org [240122 10:29]:
> > From: Jeff Xu
> >
> > The new mseal() is an syscall on 64 bit CPU, and with
> > following signature:
> >
> > int mseal(void addr, size_t len, unsigned long flags)
> > addr/len: memory range.
>
hello Pedro, thanks for your answer!
On Tue, Jan 23, 2024 at 5:47 PM Pedro Tammela wrote:
>
> On 23/01/2024 10:17, Davide Caratti wrote:
> > hi Pedro,
> >
> > On Tue, Jan 23, 2024 at 1:28 PM Pedro Tammela
> > wrote:
> >>
> >> If 'jq' is not available the taprio tests that use this script will
On Mon, Jan 22, 2024 at 10:05:29PM -0800, Jakub Kicinski wrote:
> This test is missing a whole bunch of checks for interface
> renaming and one ifup. Presumably it was only used on a system
> with renaming disabled and NetworkManager running.
>
> Fixes: 91f430b2c49d ("selftests: net: add a test
On 2024-01-24 10:24 -0800, Jay Vosburgh wrote:
[...]
> >diff --git a/tools/testing/selftests/drivers/net/bonding/bond_topo_2d1c.sh
> >b/tools/testing/selftests/drivers/net/bonding/bond_topo_2d1c.sh
> >index a509ef949dcf..0eb7edfb584c 100644
> >---
On 1/24/24 19:25, Jakub Kicinski wrote:
> Still a bit unclear whether each directory should have its own
> config file, but assuming they should lets add one for tcp_ao.
>
> The following tests still fail with this config in place:
> - rst_ipv4,
> - rst_ipv6,
> - bench-lookups_ipv6.
> other 21
Theo de Raadt wrote:
> This discussion about the malloc heap is ridiculous. Obviously it is
> programmer error to lock the permissions on memory you will free for
> reuse. But you can't fix this problem with malloc(), without breaking
> other extremely common circumstances where the allocation
The blamed commit below introduce a dependency in some net self-tests
towards a newly introduce helper script.
Such script is currently not included into the TEST_PROGS_EXTENDED list
and thus is not installed, causing failure for the relevant tests when
executed from the install dir.
Fix the
The UDP GRO forwarding test still hard-code an arbitrary pause
to wait for the UDP listener becoming ready in background.
That causes sporadic failures depending on the host load.
Replace the sleep with the existing helper waiting for the desired
port being exposed.
Fixes: a062260a9d5f
This series address self-tests failures for udp gro-related tests.
The first patch addresses the main problem I observe locally - the XDP
program required by such tests, xdp_dummy, is currently build in the
ebpf self-tests directory, not available if/when the user targets net
only. Arguably is
Several net tests requires an XDP program build under the ebpf
directory, and error out if such program is not available.
That makes running successful net test hard, let's duplicate into the
net dir the [very small] program, re-using the existing rules to build
it, and finally dropping the bogus
Still a bit unclear whether each directory should have its own
config file, but assuming they should lets add one for tcp_ao.
The following tests still fail with this config in place:
- rst_ipv4,
- rst_ipv6,
- bench-lookups_ipv6.
other 21 pass.
Fixes: d11301f65977 ("selftests/net: Add TCP-AO
* Jeff Xu [240124 12:50]:
> On Tue, Jan 23, 2024 at 10:15 AM Liam R. Howlett
> wrote:
> >
> > * jef...@chromium.org [240122 10:29]:
> > > From: Jeff Xu
> > >
> > > The new mseal() is an syscall on 64 bit CPU, and with
> > > following signature:
> > >
> > > int mseal(void addr, size_t len,
On Mon, Jan 22, 2024 at 2:34 PM Theo de Raadt wrote:
>
> Jeff Xu wrote:
>
> > On Mon, Jan 22, 2024 at 7:49 AM Theo de Raadt wrote:
> > >
> > > Regarding these pieces
> > >
> > > > The PROT_SEAL bit in prot field of mmap(). When present, it marks
> > > > the map sealed since creation.
> > >
> >
On Wed, 24 Jan 2024 17:46:10 + Dmitry Safonov wrote:
> >> Thanks!
> >>
> >> I'll send a patch for it in version 2 (as I anyway need to address
> >> Simon's feedback).
> >
> > Hi Dmitry!
> >
> > I put TCP_AO and VETH in the config and the tests seem to fail with
>
> Thanks for wiring it
On 1/24/24 19:04, Jakub Kicinski wrote:
> On Wed, 24 Jan 2024 17:46:10 + Dmitry Safonov wrote:
Thanks!
I'll send a patch for it in version 2 (as I anyway need to address
Simon's feedback).
>>>
>>> Hi Dmitry!
>>>
>>> I put TCP_AO and VETH in the config and the tests seem
Liam R. Howlett wrote:
> > Adding mseal() into picture, however, the heap is then sealed
> > partially, user can still free it, but the memory remains to be RO,
> > and the result of brk-shrink is nondeterministic, depending on if
> > munmap() will try to free the sealed memory.(brk uses munmap
Hello:
This patch was applied to netdev/net.git (main)
by Jakub Kicinski :
On Mon, 22 Jan 2024 11:58:15 -0800 you wrote:
> If there is more than 32 cpus the bitmask will start to contain
> commas, leading to:
>
> ./rps_default_mask.sh: line 36: [: ,: integer expression
>
On Tue, Jan 23, 2024 at 10:58 AM Theo de Raadt wrote:
>
> It's the same with MAP_MSEALABLE. I don't get it. So now there are 3
> memory types:
>- cannot be sealed, ever
>- not yet sealed
>- sealed
>
> What purpose does the first type serve? Please explain the use case.
>
Jeff Xu wrote:
> > I don't have a feeling about it.
> >
> > I spent a year engineering a complete system which exercises the maximum
> > amount of memory you can lock.
> >
> > I saw nothing like what you are describing. I had PROT_IMMUTABLE in my
> > drafts, and saw it turning into a dangerous
On Wed, Jan 24, 2024 at 02:13:44PM +0800, Hangbin Liu wrote:
> The busywait timeout value is a millisecond, not a second. So the
> current setting 2 is too small. On slow/busy host (or VMs) the
> current timeout can expire even on "correct" execution, causing random
> failures. Let's copy the
On Mon, Jan 22, 2024 at 11:58:15AM -0800, Jakub Kicinski wrote:
> If there is more than 32 cpus the bitmask will start to contain
> commas, leading to:
>
> ./rps_default_mask.sh: line 36: [: ,: integer expression
> expected
>
> Remove the commas, bash doesn't interpret leading
On Wed, Jan 24, 2024 at 12:06 PM Liam R. Howlett
wrote:
>
> * Jeff Xu [240124 12:50]:
> > On Tue, Jan 23, 2024 at 10:15 AM Liam R. Howlett
> > wrote:
> > >
> > > * jef...@chromium.org [240122 10:29]:
> > > > From: Jeff Xu
> > > >
> > > > The new mseal() is an syscall on 64 bit CPU, and with
>
Benjamin Poirier wrote:
>On 2024-01-24 10:24 -0800, Jay Vosburgh wrote:
>[...]
>> >diff --git a/tools/testing/selftests/drivers/net/bonding/bond_topo_2d1c.sh
>> >b/tools/testing/selftests/drivers/net/bonding/bond_topo_2d1c.sh
>> >index a509ef949dcf..0eb7edfb584c 100644
>> >---
From: Tianrui Zhao
Add ucall test support for LoongArch, ucall method on LoongArch uses
undefined mmio area. It will cause causes vcpu exits to hypervisor so
that hypervisor can communicate with vcpu.
Signed-off-by: Tianrui Zhao
Signed-off-by: Bibo Mao
---
From: Tianrui Zhao
Add core KVM selftests support for LoongArch, it includes exception
handler, mmu page table setup and vcpu startup entry supporting etc.
Signed-off-by: Tianrui Zhao
Signed-off-by: Bibo Mao
---
.../selftests/kvm/lib/loongarch/exception.S | 59
This patchset adds KVM selftests for LoongArch system, currently only
some common test cases are supported and pass to run. These testcase
are listed as following:
demand_paging_test
dirty_log_perf_test
dirty_log_test
guest_print_test
hardware_disable_test
Add KVM selftests header files for LoongArch, including processor.h
and kvm_util_base.h. It mainly contains LoongArch CSR register
definition and page table entry definition.
Signed-off-by: Tianrui Zhao
Signed-off-by: Bibo Mao
---
.../selftests/kvm/include/kvm_util_base.h | 5 +
From: Tianrui Zhao
Some common KVM testcases are supported on LoongArch now as following:
demand_paging_test
dirty_log_perf_test
dirty_log_test
guest_print_test
hardware_disable_test
kvm_binary_stats_test
kvm_create_max_vcpus
On Wed, Jan 24, 2024 at 1:19 PM Pedro Tammela wrote:
>
> Patches 1 and 3 are fixes for tdc that were discovered when running it
> using defconfig + tc-testing config and against the latest iproute2.
>
> Patch 2 improves the taprio tests.
>
> Patch 4 enables all tdc tests.
>
> Patch 5 fixes the
On 1/24/24 23:36, Jakub Kicinski wrote:
> The default timeout for tests is 45sec, bench-lookups_ipv6
> seems to take around 50sec when running in a VM without
> HW acceleration. Give it a 2x margin and set the timeout
> to 120sec.
>
> Fixes: d1066c9c58d4 ("selftests/net: Add test/benchmark for
Paolo Abeni wrote:
> The UDP GRO forwarding test still hard-code an arbitrary pause
> to wait for the UDP listener becoming ready in background.
>
> That causes sporadic failures depending on the host load.
>
> Replace the sleep with the existing helper waiting for the desired
> port being
Paolo Abeni wrote:
> The blamed commit below introduce a dependency in some net self-tests
> towards a newly introduce helper script.
>
> Such script is currently not included into the TEST_PROGS_EXTENDED list
> and thus is not installed, causing failure for the relevant tests when
> executed
On Wed, 24 Jan 2024 22:33:19 +0100 Paolo Abeni wrote:
> This series address self-tests failures for udp gro-related tests.
>
> The first patch addresses the main problem I observe locally - the XDP
> program required by such tests, xdp_dummy, is currently build in the
> ebpf self-tests directory,
On Wed, Jan 24, 2024 at 2:49 PM Jeff Xu wrote:
>
> On Wed, Jan 24, 2024 at 12:06 PM Liam R. Howlett
> wrote:
> >
> > > Considering this is the MAP_FIXED case, and maybe that is not used
> > > that often in practice, I think this is acceptable performance-wise,
> > > unless you know another
This patch abstracts envcfg CSR in kernel (as is done for other homonyn
CSRs). CSR_ENVCFG is used as alias for CSR_SENVCFG or CSR_MENVCFG depending
on how kernel is compiled.
Additionally it changes CBZE enabling to start using CSR_ENVCFG instead of
CSR_SENVCFG.
Signed-off-by: Deepak Gupta
---
Hello:
This patch was applied to netdev/net.git (main)
by Jakub Kicinski :
On Mon, 22 Jan 2024 22:05:29 -0800 you wrote:
> This test is missing a whole bunch of checks for interface
> renaming and one ifup. Presumably it was only used on a system
> with renaming disabled and NetworkManager
The default timeout for tests is 45sec, bench-lookups_ipv6
seems to take around 50sec when running in a VM without
HW acceleration. Give it a 2x margin and set the timeout
to 120sec.
Fixes: d1066c9c58d4 ("selftests/net: Add test/benchmark for removing MKTs")
Signed-off-by: Jakub Kicinski
---
Current implementation of UFFDIO_MOVE fails to move zeropages and returns
EBUSY when it encounters one. We can handle them by mapping a zeropage
at the destination and clearing the mapping at the source. This is done
both for ordinary and for huge zeropages.
Signed-off-by: Suren Baghdasaryan
---
Paolo Abeni wrote:
> Several net tests requires an XDP program build under the ebpf
> directory, and error out if such program is not available.
>
> That makes running successful net test hard, let's duplicate into the
> net dir the [very small] program, re-using the existing rules to build
> it,
On Wed, 24 Jan 2024 12:02:17 -0500 Benjamin Poirier wrote:
> --- a/Documentation/dev-tools/kselftest.rst
> +++ b/Documentation/dev-tools/kselftest.rst
> @@ -255,9 +255,19 @@ Contributing new tests (details)
>
> TEST_PROGS_EXTENDED, TEST_GEN_PROGS_EXTENDED mean it is the
> executable
From: Deepak Gupta
It's been almost an year since I posted my last patch series [1] to
enable CPU assisted control-flow integrity for usermode on riscv. A lot
has changed since then and so has the patches. It's been a while and since
this is a reboot of series, starting with RFC and v1.
From: Deepak Gupta
Defines a base default value for envcfg per task. By default all tasks
should have cache zeroing capability. Any future capabilities can be
turned on.
Signed-off-by: Deepak Gupta
---
arch/riscv/include/asm/csr.h | 2 ++
arch/riscv/kernel/process.c | 1 +
2 files changed, 3
From: Deepak Gupta
envcfg CSR defines enabling bits for cache management instructions and soon
will control enabling for control flow integrity and pointer masking features.
Control flow integrity enabling for forward cfi and backward cfi is controlled
via envcfg and thus need to be enabled on
From: Deepak Gupta
This patch abstracts envcfg CSR in kernel (as is done for other homonyn
CSRs). CSR_ENVCFG is used as alias for CSR_SENVCFG or CSR_MENVCFG depending
on how kernel is compiled.
Additionally it changes CBZE enabling to start using CSR_ENVCFG instead of
CSR_SENVCFG.
From: Deepak Gupta
riscv will need an implementation for exit_thread to clean up shadow stack
when thread exits. If current thread had shadow stack enabled, shadow
stack is allocated by default for any new thread.
Signed-off-by: Deepak Gupta
---
arch/riscv/Kconfig | 1 +
On Wed, Jan 24, 2024 at 12:02:16PM -0500, Benjamin Poirier wrote:
> After commit 25ae948b4478 ("selftests/net: add lib.sh") but before commit
> 2114e83381d3 ("selftests: forwarding: Avoid failures to source
> net/lib.sh"), some net selftests encountered errors when they were being
> exported and
From: Deepak Gupta
Carves out space in arch specific thread struct for cfi status and shadow stack
in usermode on riscv.
This patch does following
- defines a new structure cfi_status with status bit for cfi feature
- defines shadow stack pointer, base and size in cfi_status structure
- defines
From: Deepak Gupta
zicfiss and zicfilp extension gets enabled via b3 and b2 in xenvcfg CSR.
menvcfg controls enabling for S/HS mode. henvcfg control enabling for VS while
senvcfg controls enabling for U/VU mode.
zicfilp extension extends xstatus CSR to hold `expected landing pad` bit.
A trap or
From: Deepak Gupta
This patch adds support for detecting zicfiss and zicfilp. zicfiss and zicfilp
stands for unprivleged integer spec extension for shadow stack and branch
tracking on indirect branches, respectively.
This patch looks for zicfiss and zicfilp in device tree and accordinlgy lights
From: Deepak Gupta
x86 has used VM_SHADOW_STACK (alias to VM_HIGH_ARCH_5) to encode shadow
stack VMA. VM_SHADOW_STACK is thus not possible on 32bit. Some arches may
need a way to encode shadow stack on 32bit and 64bit both and they may
encode this information differently in VMAs.
This patch
From: Deepak Gupta
x86 and arm64 are using VM_SHADOW_STACK (which actually is VM_HIGH_ARCH_5)
vma flag and thus restrict it to 64bit implementation only. RISC-V is choosing
to encode presence of only VM_WRITE in vma flags as shadow stack vma. This
allows
32bit RISC-V ecosystem leverage shadow
From: Deepak Gupta
This patch implements creating shadow stack pte (on riscv). Creating
shadow stack PTE on riscv means that clearing RWX and then setting W=1.
Signed-off-by: Deepak Gupta
---
arch/riscv/include/asm/pgtable.h | 12
1 file changed, 12 insertions(+)
diff --git
From: Deepak Gupta
As discussed extensively in the changelog for the addition of this
syscall on x86 ("x86/shstk: Introduce map_shadow_stack syscall") the
existing mmap() and madvise() syscalls do not map entirely well onto the
security requirements for guarded control stacks since they lead to
From: Deepak Gupta
VM_SHADOW_STACK is defined by x86 as vm flag to mark a shadow stack vma.
x86 uses VM_HIGH_ARCH_5 bit but that limits shadow stack vma to 64bit only.
arm64 follows same path
https://lore.kernel.org/lkml/20231009-arm64-gcs-v6-12-78e55deaa...@kernel.org/#r
On RISC-V, write-only
From: Deepak Gupta
This patch implements new risc-v specific protection flag
`PROT_SHADOWSTACK` (only for kernel) on riscv.
`PROT_SHADOWSTACK` protection flag is only limited to kernel and not exposed
to userspace. Shadow stack is a security construct to prevent against ROP
attacks.
From: Deepak Gupta
`fork` implements copy on write (COW) by making pages readonly in child
and parent both.
ptep_set_wrprotect and pte_wrprotect clears _PAGE_WRITE in PTE.
Assumption is that page is readable and on fault copy on write happens.
To implement COW on such pages, clearing up W bit
From: Deepak Gupta
pte_mkwrite creates PTEs with WRITE encodings for underlying arch. Underlying
arch can have two types of writeable mappings. One that can be written using
regular store instructions. Another one that can only be written using
specialized
store instructions (like shadow stack
From: Deepak Gupta
Implement architecture agnostic prctls() interface for setting and getting
shadow stack status.
prctls implemented are PR_GET_SHADOW_STACK_STATUS, PR_SET_SHADOW_STACK_STATUS
and PR_LOCK_SHADOW_STACK_STATUS.
As part of PR_SET_SHADOW_STACK_STATUS/PR_GET_SHADOW_STACK_STATUS,
From: Deepak Gupta
prctls implemented are PR_SET_INDIR_BR_LP_STATUS / PR_GET_INDIR_BR_LP_STATUS
and PR_LOCK_INDIR_BR_LP_STATUS.
Signed-off-by: Deepak Gupta
---
arch/riscv/include/asm/usercfi.h | 17 +++-
arch/riscv/kernel/usercfi.c | 74
2 files
From: Deepak Gupta
zicfiss / zicfilp introduces a new exception to priv isa `software check
exception` with cause code = 18. This patch implements software check exception.
Additionally it implements a cfi violation handler which checks for code in
xtval
If xtval=2, it means that sw check
On Thu, Jan 25, 2024, at 1:21 AM, de...@rivosinc.com wrote:
> From: Deepak Gupta
>
> envcfg CSR defines enabling bits for cache management instructions and soon
> will control enabling for control flow integrity and pointer masking features.
>
> Control flow integrity enabling for forward cfi and
From: Deepak Gupta
Userspace specifies VM_CLONE to share address space and spawn new thread.
`clone` allow userspace to specify a new stack for new thread. However
there is no way to specify new shadow stack base address without changing
API. This patch allocates a new shadow stack whenever
From: Mark Brown
Three architectures (x86, aarch64, riscv) have announced support for
shadow stacks with fairly similar functionality. While x86 is using
arch_prctl() to control the functionality neither arm64 nor riscv uses
that interface so this patch adds arch-agnostic prctl() support to
get
From: Deepak Gupta
Three architectures (x86, aarch64, riscv) have support for indirect branch
tracking feature in a very similar fashion. On a very high level, indirect
branch tracking is a CPU feature where CPU tracks branches which uses memory
operand to perform control transfer in program. As
From: Deepak Gupta
Save shadow stack pointer in sigcontext structure while delivering signal.
Restore shadow stack pointer from sigcontext on sigreturn.
Signed-off-by: Deepak Gupta
---
arch/riscv/include/asm/usercfi.h | 18
arch/riscv/kernel/signal.c | 45
From: Deepak Gupta
This patch selects config shadow stack support and landing pad instr
support. Shadow stack support and landing instr support is hidden behind
`CONFIG_RISCV_USER_CFI`. Selecting `CONFIG_RISCV_USER_CFI` wires up path
to enumerate CPU support and if cpu support exists, kernel
From: Deepak Gupta
Expose a new register type NT_RISCV_USER_CFI for risc-v cfi status and
state. Intentionally both landing pad and shadow stack status and state
are rolled into cfi state. Creating two different NT_RISCV_USER_XXX would
not be useful and wastage of a note type. Enabling or
From: Deepak Gupta
Shadow stack needs to be saved and restored on signal delivery and signal
return.
sigcontext embedded in ucontext is extendible. Adding cfi state in there
which can be used to save cfi state before signal delivery and restore
cfi state on sigreturn
Signed-off-by: Deepak
From: Deepak Gupta
Adds kselftest for RISC-V control flow integrity implementation for user
mode. There is not a lot going on in kernel for enabling landing pad for
user mode. Thus kselftest simply enables landing pad for the binary and
a signal handler is registered for SIGSEGV. Any control
From: Deepak Gupta
Adding documentation on shadow stack for user mode on riscv and kernel
interfaces exposed so that user tasks can enable it.
Signed-off-by: Deepak Gupta
---
Documentation/arch/riscv/zicfiss.rst | 169 +++
1 file changed, 169 insertions(+)
create mode
From: Deepak Gupta
Adding documentation on landing pad aka indirect branch tracking on riscv
and kernel interfaces exposed so that user tasks can enable it.
Signed-off-by: Deepak Gupta
---
Documentation/arch/riscv/zicfilp.rst | 104 +++
1 file changed, 104
On Wed, 24 Jan 2024 at 02:22, Johannes Berg wrote:
>
> On Tue, 2024-01-23 at 19:19 +0100, Johannes Berg wrote:
> >
> > We're also adding unit tests to iwlwifi (slowly), any idea if we should
> > enable that here also? It _is_ now possible to build PCI stuff on kunit,
> > but it requires some
1 - 100 of 103 matches
Mail list logo
