Hosts the 0x221E linux distro kernel. https://universe.0xinfinity.dev/distro/kernel/atom?h=linux-6.2.y 2022-12-14T17:35:41Z 2022-12-14T17:35:41Z Song Liu song@kernel.org 2022-12-13T22:05:00Z urn:sha1:a8dfde09c90109e3a98af54847e91bde7dc2d5c2 BPF selftests require CONFIG_FUNCTION_ERROR_INJECTION to work. However, CONFIG_FUNCTION_ERROR_INJECTION is no longer 'y' by default after recent changes. As a result, we are seeing errors like the following from BPF CI: bpf_testmod_test_read() is not modifiable __x64_sys_setdomainname is not sleepable __x64_sys_getpgid is not sleepable Fix this by explicitly selecting CONFIG_FUNCTION_ERROR_INJECTION in the selftest config. Fixes: a4412fdd49dc ("error-injection: Add prompt for function error injection") Reported-by: Daniel Müller <deso@posteo.net> Signed-off-by: Song Liu <song@kernel.org> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Daniel Müller <deso@posteo.net> Link: https://lore.kernel.org/bpf/20221213220500.3427947-1-song@kernel.org 2022-12-07T00:33:16Z Daan De Meyer daan.j.demeyer@gmail.com 2022-12-05T13:16:18Z urn:sha1:d0c0b48c87274b7735f8c930a7c0d783fb46cfe9 CONFIG_TEST_BPF can only be a module, so let's indicate it as such in the selftests config. Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20221205131618.1524337-4-daan.j.demeyer@gmail.com 2022-12-07T00:33:16Z Daan De Meyer daan.j.demeyer@gmail.com 2022-12-05T13:16:17Z urn:sha1:efe7fadbd59ec4513272c722403226e47321311b "=n" is not valid kconfig syntax. Use "is not set" instead to indicate the option should be disabled. Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20221205131618.1524337-3-daan.j.demeyer@gmail.com 2022-12-06T06:54:23Z Eyal Birger eyal.birger@gmail.com 2022-12-03T08:46:59Z urn:sha1:90a3a05eb33ff7a263f1e93e444d40e427cddf1a Test the xfrm_info kfunc helpers. The test setup creates three name spaces - NS0, NS1, NS2. XFRM tunnels are setup between NS0 and the two other NSs. The kfunc helpers are used to steer traffic from NS0 to the other NSs based on a userspace populated bpf global variable and validate that the return traffic had arrived from the desired NS. Signed-off-by: Eyal Birger <eyal.birger@gmail.com> Link: https://lore.kernel.org/r/20221203084659.1837829-5-eyal.birger@gmail.com Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org> 2022-11-16T05:38:04Z Eduard Zingerman eddyz87@gmail.com 2022-11-16T01:54:56Z urn:sha1:5b1d640800de7fe02d68bf592d9d101de24c87f2 Enable unprivileged bpf for selftests kernel by default. This forces CI to run test_verifier tests in both privileged and unprivileged modes. The test_verifier.c:do_test uses sysctl kernel.unprivileged_bpf_disabled to decide whether to run or to skip test cases in unprivileged mode. The CONFIG_BPF_UNPRIV_DEFAULT_OFF controls the default value of the kernel.unprivileged_bpf_disabled. Signed-off-by: Eduard Zingerman <eddyz87@gmail.com> Link: https://lore.kernel.org/r/20221116015456.2461135-1-eddyz87@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org> 2022-10-26T06:42:03Z Daniel Müller deso@posteo.net 2022-10-25T23:15:46Z urn:sha1:5ed88f81511ce695692f0510ab3ca17eee68eff6 When running tests, we should probably accept any help we can get when it comes to detecting issues early or making them more debuggable. We have seen a few cases where a test_progs_noalu32 run, for example, encountered a soft lockup and stopped making progress. It was only interrupted once we hit the overall test timeout [0]. We can not and do not want to necessarily rely on test timeouts, because those rely on infrastructure provided by the environment we run in (and which is not present in tools/testing/selftests/bpf/vmtest.sh, for example). To that end, let's enable panics on soft as well as hard lockups to fail fast should we encounter one. That's happening in the configuration indented to be used for selftests (including when using vmtest.sh or when running in BPF CI). [0] https://github.com/kernel-patches/bpf/runs/7844499997 Signed-off-by: Daniel Müller <deso@posteo.net> Link: https://lore.kernel.org/r/20221025231546.811766-1-deso@posteo.net Signed-off-by: Alexei Starovoitov <ast@kernel.org> 2022-09-22T02:25:26Z Lorenzo Bianconi lorenzo@kernel.org 2022-09-21T16:48:27Z urn:sha1:b06b45e82b59b69f5ac6b3916ac5dbd0294efc95 Introduce self-tests for bpf_ct_set_nat_info kfunc used to set the source or destination nat addresses/ports. Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Link: https://lore.kernel.org/r/803e33294e247744d466943105879414344d3235.1663778601.git.lorenzo@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org> 2022-09-22T00:33:42Z Roberto Sassu roberto.sassu@huawei.com 2022-09-20T07:59:50Z urn:sha1:fc97590668ae60b94ad8bc4d9e85958f10cb3567 Perform several tests to ensure the correct implementation of the bpf_verify_pkcs7_signature() kfunc. Do the tests with data signed with a generated testing key (by using sign-file from scripts/) and with the tcp_bic.ko kernel module if it is found in the system. The test does not fail if tcp_bic.ko is not found. First, perform an unsuccessful signature verification without data. Second, perform a successful signature verification with the session keyring and a new one created for testing. Then, ensure that permission and validation checks are done properly on the keyring provided to bpf_verify_pkcs7_signature(), despite those checks were deferred at the time the keyring was retrieved with bpf_lookup_user_key(). The tests expect to encounter an error if the Search permission is removed from the keyring, or the keyring is expired. Finally, perform a successful and unsuccessful signature verification with the keyrings with pre-determined IDs (the last test fails because the key is not in the platform keyring). The test is currently in the deny list for s390x (JIT does not support calling kernel function). Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Link: https://lore.kernel.org/r/20220920075951.929132-13-roberto.sassu@huaweicloud.com Signed-off-by: Alexei Starovoitov <ast@kernel.org> 2022-09-22T00:32:49Z Roberto Sassu roberto.sassu@huawei.com 2022-09-20T07:59:48Z urn:sha1:7c036ed9e0065e852fb1886d9ea97ceb35680e3f Add verifier tests for bpf_lookup_*_key() and bpf_key_put(), to ensure that acquired key references stored in the bpf_key structure are released, that a non-NULL bpf_key pointer is passed to bpf_key_put(), and that key references are not leaked. Also, slightly modify test_verifier.c, to find the BTF ID of the attach point for the LSM program type (currently, it is done only for TRACING). Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220920075951.929132-11-roberto.sassu@huaweicloud.com Signed-off-by: Alexei Starovoitov <ast@kernel.org> 2022-09-22T00:32:49Z Roberto Sassu roberto.sassu@huawei.com 2022-09-20T07:59:47Z urn:sha1:94fd7420faa0bc85341c0a9cbe5e5240ef4f123d Since the eBPF CI does not support kernel modules, change the kernel config to compile everything as built-in. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Acked-by: Daniel Müller <deso@posteo.net> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220920075951.929132-10-roberto.sassu@huaweicloud.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>