Commit Graph

288 Commits

Author SHA1 Message Date
Bryan Drewery
753e292217 Add a test for r324671 along with some other masked tests.
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-10-17 19:01:01 +00:00
Bryan Drewery
fc1e29dc35 This child is expected to exit on SIGTRAP, don't leave a core behind.
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-10-16 20:06:24 +00:00
Kristof Provost
f038a398da pf tests: Use pft_set_rules everywhere
We now have a utility function to set pf rules in the jail. Use it
whenever we need to set the pf rules in the test jail.
2017-10-16 15:05:32 +00:00
Kristof Provost
ba22aeacf1 pf tests: Basic IPv6 forwarding tests
Pass/block packets in the forwarding path with pf.

Introduce the pft_set_rules() helper function, because we need to
remember to flush states between individual tests. If not we can get
packets passing despite rules blocking them because they match states
created in a previous test.

Extend pft_ping.py to be able to send IPv6 echo requests.
2017-10-16 15:03:45 +00:00
Kristof Provost
67f4baf8b0 pf: test set-tos
Introduce tests for the set-tos feature of pf. Teach pft_ping.py to send
and verify ToS flags.
2017-10-16 15:01:49 +00:00
Bryan Drewery
9643739121 Fix shadowed variable hidden by WARNS changing to 3 in r313006.
Sponsored by:	Dell EMC Isilon
MFC after:	1 week
2017-10-12 19:58:21 +00:00
Enji Cooper
5b347b28cd Check the exit code from fsck_ffs instead of relying on MODIFIED being in the output
^/head@r323923 changed when MODIFIED is printed at exit. It's better to follow the
documented way of determining whether or not a filesystem is clean per fsck_ffs, i.e.,
ensure that the exit code is either 0 or 7.

The pass/fail determination is brittle prior to this commit, and ^/head@r323923 made
the issue apparent -- thus this needs to be fixed independent of ^/head@r323923.

PR:		222780
MFC after:	1 week
MFC with:	r323923
Reported by:	Jenkins
2017-10-10 05:58:33 +00:00
Kristof Provost
c0b63519b0 pf: Very basic forwarding test
This test illustrates the use of scapy to test pf.

Differential Revision:	https://reviews.freebsd.org/D12581
2017-10-06 20:51:32 +00:00
Kristof Provost
1d6f5f214a pf: Basic automated test using VIMAGE
If VIMAGE is present we can start jails with their own pf instance. This
makes it fairly easy to run tests.
For example, this basic test verifies that drop/pass and icmp
classification works. It's a basic sanity test for pf, and hopefully an
example on how to write more pf tests.

The tests are skipped if VIMAGE is not enabled.

This work is inspired by the GSoC work of Panagiotes Mousikides.

Differential Revision:	https://reviews.freebsd.org/D12580
2017-10-06 20:43:14 +00:00
Conrad Meyer
fe182ba1d0 aesni(4): Add support for x86 SHA intrinsics
Some x86 class CPUs have accelerated intrinsics for SHA1 and SHA256.
Provide this functionality on CPUs that support it.

This implements CRYPTO_SHA1, CRYPTO_SHA1_HMAC, and CRYPTO_SHA2_256_HMAC.

Correctness: The cryptotest.py suite in tests/sys/opencrypto has been
enhanced to verify SHA1 and SHA256 HMAC using standard NIST test vectors.
The test passes on this driver.  Additionally, jhb's cryptocheck tool has
been used to compare various random inputs against OpenSSL.  This test also
passes.

Rough performance averages on AMD Ryzen 1950X (4kB buffer):
aesni:      SHA1: ~8300 Mb/s    SHA256: ~8000 Mb/s
cryptosoft:       ~1800 Mb/s    SHA256: ~1800 Mb/s

So ~4.4-4.6x speedup depending on algorithm choice.  This is consistent with
the results the Linux folks saw for 4kB buffers.

The driver borrows SHA update code from sys/crypto sha1 and sha256.  The
intrinsic step function comes from Intel under a 3-clause BSDL.[0]  The
intel_sha_extensions_sha<foo>_intrinsic.c files were renamed and lightly
modified (added const, resolved a warning or two; included the sha_sse
header to declare the functions).

[0]: https://software.intel.com/en-us/articles/intel-sha-extensions-implementations

Reviewed by:	jhb
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12452
2017-09-26 23:12:32 +00:00
Conrad Meyer
a317fb03c2 crypto(9): Use a more specific error code when a capable driver is not found
When crypto_newsession() is given a request for an unsupported capability,
raise a more specific error than EINVAL.

This allows cryptotest.py to skip some HMAC tests that a driver does not
support.

Reviewed by:	jhb, rlibby
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12451
2017-09-26 01:31:49 +00:00
Enji Cooper
d86680b073 Convert some idioms over to py3k-compatible idioms
- Import print_function from __future__ and use print(..) instead of `print ..`.
- Use repr instead of backticks when the object needs to be dumped, unless
  print(..) can do it lazily. Use str instead of backticks as appropriate
  for simplification reasons.

This doesn't fully convert these modules over py3k. It just gets over some of
the trivial compatibility hurdles.
2017-09-24 00:14:48 +00:00
Conrad Meyer
67e4d800ec cryptotest.py: Like r323869, skip SHA HMAC tests on non-SHA drivers
Sponsored by:	Dell EMC Isilon
2017-09-22 04:41:48 +00:00
Conrad Meyer
e720124622 cryptotest.py: Fix whitespace style errors
I accidentally introduced different whitespace style in r323878.  I'm not
used to using tabs for indentation in Python scripts.

Whitespace only; no functional change.

Sponsored by:	Dell EMC Isilon
2017-09-22 04:25:44 +00:00
Conrad Meyer
005fdbbc69 cryptotest.py: Actually use NIST-KAT HMAC test vectors and test the right hashes
Previously, this test was entirely a no-op as no vector in the NIST-KAT file
has a precisely 20-byte key.

Additionally, not every vector in the file is SHA1.  The length field
determines the hash under test, and is now decoded correctly.

Finally, due to a limitation I didn't feel like fixing in cryptodev.py, MACs
are truncated to 16 bytes in this test.

With this change and the uncommitted D12437 (to allow key sizes other than
those used in IPSec), the SHA tests in cryptotest.py actually test something
and e.g. at least cryptosoft passes the test.

Sponsored by:	Dell EMC Isilon
2017-09-21 21:07:21 +00:00
Conrad Meyer
b3eaa68045 cryptotest.py: Do not run AES-CBC or AES-GCM tests on non-AES crypto(4) drivers
For some reason, we only skipped AES-XTS tests if a driver was not in the
aesmodules list.  Skip other AES modes as well to prevent spurious failures
in non-AES drivers.

Sponsored by:	Dell EMC Isilon
2017-09-21 18:06:21 +00:00
Conrad Meyer
7abea82d17 cryptotest.py: Add a seatbelt that we're actually testing anything
Without nist-kat installed, cryptotest.py is a no-op.  Showing 'success' in
that case is unhelpful.

Sponsored by:	Dell EMC Isilon
2017-09-21 05:46:28 +00:00
Enji Cooper
188e46ab03 Add supporting changes for Add limited sandbox capability to "make check"
Non-tests/... changes:
- Add HAS_TESTS= to Makefiles with libraries and programs to enable iteration
  and propagate the appropriate environment down to *.test.mk.

tests/... changes:
- Add appropriate support Makefile.inc's to set HAS_TESTS in a minimal manner,
  since tests/... is a special subdirectory tree compared to the others.

MFC after:	2 months
MFC with:	r322511
Reviewed by:	arch (silence), testing (silence)
Differential Revision:	D12014
2017-08-14 19:21:37 +00:00
Alan Somers
4312aa67e3 tests/sys/netinet/fibs_test: skip selected tests when firewalls are enabled
Some tests send packets over epair(4) interfaces. Firewalls can cause
spurious failures.

Reviewed by:	ngie
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D11917
2017-08-08 15:37:21 +00:00
Enji Cooper
d2ba5111c1 Make test scripts under tests/... non-executable
Executable bits should be set at install time instead of in the repo.
Setting executable bits on files triggers false positives with Phabricator.

MFC after:	2 months
2017-08-08 04:59:16 +00:00
Enji Cooper
a9be721ce5 MFhead@r321967 2017-08-03 03:45:48 +00:00
Enji Cooper
acc33f3de9 Chase r321920 and r321930 (dev_t being widened)
The layout of st_rdev has changed after this commit, and assumptions made
in the NetBSD tests are no longer valid. Change the hardcoded assumed
values to account for the fact that major/minor are now represented by
64 bits as opposed to the less precise legacy precision of 16 bits.

PR:	221048
Relnotes: st_rdev layout changed; warning about impact of r321920 to
	  downstream consumers
2017-08-03 03:43:41 +00:00
Enji Cooper
86cc58dc96 MFhead@r321960 2017-08-02 22:28:12 +00:00
Enji Cooper
47606b869e Use MK_CHECK_USE_SANDBOX in tests/..., to deal with the fact that
tests/... is a special snowflake directory and using HAS_TESTS would
result in a nasty layering violation between bsd.tests.mk and
bsd.prog.mk.

Add reachover Makefile.inc's which get the default value from
Makefile.inc0 (inspired by gnu/usr.bin/binutils/Makefile.inc0).
2017-08-02 22:24:08 +00:00
Enji Cooper
3cf56bb43a Annotate tests that require root privileges appropriately
This unbreaks running the tests with unprivileged users.

MFC after:	1 week
2017-08-02 22:19:45 +00:00
Enji Cooper
67b82daf3e Fix cosmetic issue with error message
Add missing space in error message related to PR noted.

MFC after:	2 weeks
PR:		220398
2017-08-02 09:49:41 +00:00
Bryan Drewery
63ab7bb3c8 Allow changing the test PORT at compile-time.
Sponsored by:	Dell EMC Isilon
2017-07-31 22:00:27 +00:00
Enji Cooper
2941d2d603 Remove superfluous exit 0 added in r321702
atf_skip triggers equivalent functionality, which means the `exit 0`
is unreachable code.

PR:		220164
MFC after:	1 month
MFC with:	r321702
2017-07-29 22:03:21 +00:00
Enji Cooper
b8891d7c10 Load geom_gate(4) if necessary before running tests; skip if it can't be loaded
The test code prior to r311893 loaded geom_gate at test start if necessary and
skipped the tests if it couldn't be loaded.

The ATF-ifcation of this test done in r311893 unfortunately dropped this
functionality.

This change restores the geom_gate module load and skips the test(s) if unavailable
in an ATF-like way.

MFC after:	1 month
PR:		220164
Reported by:	gjb
2017-07-29 22:01:17 +00:00
Alan Somers
18ddf67c64 Implement SIGEV_THREAD notifications for lio_listio(2)
Our man pages have always indicated that this was supported, but in fact the
feature was never implemented for lio_listio(2).

Reviewed by:	jhb, kib (earlier version)
MFC after:	20 days
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D11680
2017-07-21 15:09:24 +00:00
Enji Cooper
83f5e032b4 Clean up :coredump_phnum
- Use "atf_check -x 'cmd1 | cmd2'" instead of "cmd1 | atf_check cmd2". The
  two forms are idiomatically similar, but subtly different in the sense of
  what program invokes the other, and there could be unwanted side effects
  of the latter idiom dealing with forking, pipes, etc.
- Remove chmod and instead source coredump_phnum_restore_state.sh directly.
  This avoids the need to check the result of the chmod call.
- Fix indentation in an if-block (4 column space indentation -> hard tab).
2017-07-19 16:23:02 +00:00
Enji Cooper
fa562aca7a Remove expected failure for :coredump_phnum
The testcase no longer fails on ^/head because readelf has established parity
with binutils' copy of readelf.

This issue is not seen on Jenkins because
`test_suites.FreeBSD.allow_sysctl_side_effects` isn't set in kyua.conf on
the CI host, i.e., the test is skipped.

PR:	215019
Tested with:	binutils (amd64-binutils-2.28,1); elftoolchain (r3561M)
2017-07-19 16:08:08 +00:00
Alan Somers
0eafa7078f Remove dead code that was killed by r320975
Reported by:	Coverity
CID:		1377977
MFC after:	15 days
X-MFC-With:	320975
Sponsored by:	Spectra Logic Corp
2017-07-19 15:22:10 +00:00
Alan Somers
7e3db62753 Add regression tests for bugs 220459 and 220398
Bug 220398 - lio_listio(2) never sends asynchronous notification if nent==0
Bug 220459 - lio_listio(2) doesn't support SIGEV_THREAD

PR:		220459
PR:		220398
Reviewed by:	cem, jhb
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D11470
2017-07-17 18:33:30 +00:00
Alan Somers
a4ea52aab6 Fix the build with GCC after r320975
Reported by:	pfg
MFC after:	20 days
X-MFC-With:	320975
Sponsored by:	Spectra Logic Corp
2017-07-14 21:50:04 +00:00
Alan Somers
314b447f66 Add tests for aio(4) completion notification via signals and threads
Reviewed by:	jhb
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D11468
2017-07-13 22:53:13 +00:00
Alan Somers
d600f474c6 Use ATF cleanup routines in aio_test.c
Remove aio_test's legacy timeout handling and cleanup routines.  Instead,
use ATF's builtin capabilities.  ATF automatically cleans up newly created
files, too, so we don't have to explicitly unlink them.  The only tests than
need a cleanup routine are the md(4) tests, which must destroy their md
device.

Reviewed by:	jhb
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D11468
2017-07-13 22:49:55 +00:00
Enji Cooper
3416500aef Pull down pjdfstest 0.1
The summary of changes is as follows..

Generic changes::
- Added configure support [2].
- Check for lchmod filesystem support with create_file(..); for
  testcases that require lchmod, skip the testcase -- otherwise
  use chmod directly [1].
- Added Travis CI integration [2].
- Added utimensat testcases [1].

Linux support::
- Fixed Linux support to pass on later supported versions of
  Fedora/Ubuntu [2].
- Conditionally enable posix_fallocate(2) support [2].

OSX support::
- Fixed compilation on OSX [2].
- Added partial OSX support (the test run isn't fully green yet)
  [2].

MFC after:	2 months
Obtained from:	https://github.com/pjd/pjdfstest/tree/0.1
Relnotes:	yes
Submitted by:	asomers [1], ngie [2]
Tested with:	UFS, ZFS
2017-06-28 09:22:45 +00:00
Enji Cooper
f35f0a756f trailing_slash is a TAP-compliant testcase; mark it as such, instead
of calling is a plain testcase.

MFC after:	1 month
2017-06-28 08:29:20 +00:00
Enji Cooper
2b808adfb3 Don't hardcode path to file in /tmp; this violates the kyua sandbox
MFC after:	1 month
2017-06-28 08:28:07 +00:00
Konstantin Belousov
2b34e84335 Add abstime kqueue(2) timers and expand struct kevent members.
This change implements NOTE_ABSTIME flag for EVFILT_TIMER, which
specifies that the data field contains absolute time to fire the
event.

To make this useful, data member of the struct kevent must be extended
to 64bit.  Using the opportunity, I also added ext members.  This
changes struct kevent almost to Apple struct kevent64, except I did
not changed type of ident and udata, the later would cause serious API
incompatibilities.

The type of ident was kept uintptr_t since EVFILT_AIO returns a
pointer in this field, and e.g. CHERI is sensitive to the type
(discussed with brooks, jhb).

Unlike Apple kevent64, symbol versioning allows us to claim ABI
compatibility and still name the new syscall kevent(2).  Compat shims
are provided for both host native and compat32.

Requested by:	bapt
Reviewed by:	bapt, brooks, ngie (previous version)
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D11025
2017-06-17 00:57:26 +00:00
John Baldwin
6720b89045 Add the ccr0 device to the opencrypto tests against the NIST KAT tests.
The ccr0 device supports both AES and SHA tests.

Sponsored by:	Chelsio Communications
2017-06-08 21:34:54 +00:00
Jilles Tjoelker
9086b30bc4 tests/sys/aio: Add missing mode to open() calls with O_CREAT. 2017-06-04 21:39:37 +00:00
Enji Cooper
a0fc6fa93f tests/sys/opencrypto/runtests: apply minor polish to test script
- Refactor kld loading/unloading logic:
-- Use a loop instead of an unrolled one.
-- Check for the module being loaded before trying to load it, to reduce
   noise when loading modules that are already loaded.
-- Don't mute stderr from kldload -- it could be potentially useful to
   the tester.
-- In the event that the test script was terminated early, it would leave
   the modules still attached to the system (which is undesirable).
   Always unload the modules at test end with EXIT/SIGINT/SIGTERM so the
   system is returned to its former operating state as best possible.
   Unload the modules in reverse order, in part for consistency and/or
   dependency reasons.

MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-06-01 19:58:40 +00:00
Enji Cooper
1de3fb0425 Fix up TEST_METADATA
- `TEST_METADATA.foo` should be `TEST_METADATA.run_tests`: this will unbreak
  trying to run the tests on a system without python installed in $PATH.
- The tests require root because they load aesni(4) and/or cryptodev(4) if
  not already loaded.

MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-06-01 19:46:48 +00:00
John Baldwin
78dd739ff3 Honor the requested crid when running a test.
Otherwise, the kernel is free to choose an aribtrary crypto device
rather than the requested device subverting tests that force the use
of a specific device.

MFC after:	1 week
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D10762
2017-06-01 19:27:38 +00:00
Enji Cooper
71784da9b1 Tweak r319058 slightly
- Specify an explicit mode when using O_CREAT per open(2).
- Fix the error message (add missing enclosing parentheses).

Submitted by:	jilles
MFC after:	3 days
MFC with:	r319058
Sponsored by:	Dell EMC Isilon
2017-05-28 17:50:29 +00:00
Enji Cooper
fa5e5f53c2 Send all of data, not just a portion of it
It was sending only a long's worth (4 or 8 bytes) of data previously
(instead of the entire buffer) via send(2).

MFC after:	1 week
Reported by:	Coverity
CID:		1229966, 1229967, 1230004, 1230005
Sponsored by:	Dell EMC Isilon
2017-05-28 09:21:28 +00:00
Enji Cooper
e5853fc53c Initial srv before using it in bind(2)
MFC after:	3 days
Reported by:	Coverity
CID:		1357526
Sponsored by:	Dell EMC Isilon
2017-05-28 09:08:30 +00:00
Enji Cooper
15f9aa4370 Don't leak accept_fd on thread completion
MFC after:	3 days
Reported by:	Coverity
CID:		1296068
Sponsored by:	Dell EMC Isilon
2017-05-28 09:01:58 +00:00