Commit Graph

941 Commits

Author SHA1 Message Date
Olivier Cochard
86686423d5 Skip routing regression tests depending on if_epair if this module isn't installed.
Approved by:	melifaro
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D24468
2020-04-17 16:31:07 +00:00
Kristof Provost
3f359bfd47 bridge tests: Test deleting a bridge with members
Reviewed by:	philip, emaste
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24337
2020-04-17 14:57:15 +00:00
Kyle Evans
c17dd0e88b tests: kqueue: use a more precise timer for the NOTE_ABSTIME test
Originally noticed while attempting to run the kqueue tests under
qemu-user-static, this apparently just happens sometimes when running in a
jail in general -- the timer will fire off "too early," but it's really just
the result of imprecise measurements (noted by cem).

Kicking this over to NOTE_USECONDS still tests the correct thing while
allowing it to work more consistently; a basic sanity test reveals that we
often end up coming in just less than 200 microseconds after the timer
fired off.

MFC after:	3 days
2020-04-17 02:22:15 +00:00
Jonathan T. Looney
631d525dc1 Add a regression test for the changes in r359922 and r359923.
Note that the Python code has been tested on both Python 2.7 and 3.7.

Reviewed by:	olivier
MFC after:	2 weeks
Sponsored by:	Netflix, Inc.
2020-04-16 20:07:34 +00:00
Kyle Evans
30b4df2e4a tests: audit: mark closefrom test an expected fail for now
closefrom has been converted to close_range internally; remediation is
underway for this, marking it as an expected fail for now while proper
course is determined.

PR:		245625
2020-04-14 23:36:03 +00:00
Kyle Evans
51a16c8412 posixshm: fix counting of writable mappings
Similar to mmap'ing vnodes, posixshm should count any mapping where maxprot
contains VM_PROT_WRITE (i.e. fd opened r/w with no write-seal applied) as
writable and thus blocking of any write-seal.

The memfd tests have been amended to reflect the fixes here, which notably
includes:

1. Fix for error return bug; EPERM is not a documented failure mode for mmap
2. Fix rejection of write-seal with active mappings that can be upgraded via
    mprotect(2).

Reported by:	markj
Discussed with:	markj, kib
2020-04-14 13:32:03 +00:00
Kyle Evans
605c4cda2f close_range/closefrom: fix regression from close_range introduction
close_range will clamp the range between [0, fdp->fd_lastfile], but failed
to take into account that fdp->fd_lastfile can become -1 if all fds are
closed. =-( In this scenario, just return because there's nothing further we
can do at the moment.

Add a test case for this, fork() and simply closefrom(0) twice in the child;
on the second invocation, fdp->fd_lastfile == -1 and will trigger a panic
before this change.

X-MFC-With:	r359836
2020-04-13 17:55:31 +00:00
Kyle Evans
472ced39ef Implement a close_range(2) syscall
close_range(min, max, flags) allows for a range of descriptors to be
closed. The Python folk have indicated that they would much prefer this
interface to closefrom(2), as the case may be that they/someone have special
fds dup'd to higher in the range and they can't necessarily closefrom(min)
because they don't want to hit the upper range, but relocating them to lower
isn't necessarily feasible.

sys_closefrom has been rewritten to use kern_close_range() using ~0U to
indicate closing to the end of the range. This was chosen rather than
requiring callers of kern_close_range() to hold FILEDESC_SLOCK across the
call to kern_close_range for simplicity.

The flags argument of close_range(2) is currently unused, so any flags set
is currently EINVAL. It was added to the interface in Linux so that future
flags could be added for, e.g., "halt on first error" and things of this
nature.

This patch is based on a syscall of the same design that is expected to be
merged into Linux.

Reviewed by:	kib, markj, vangyzen (all slightly earlier revisions)
Differential Revision:	https://reviews.freebsd.org/D21627
2020-04-12 21:23:19 +00:00
Kristof Provost
47308803e7 carp tests: Basic functionality test
Set up three vnet jails, bridged together. Run carp between two of them.
Attempt to provoke locking / epoch issues.

Reviewed by:	mav (previous version), melifaro, asomers
Differential Revision:	https://reviews.freebsd.org/D24303
2020-04-12 16:13:05 +00:00
Kyle Evans
ce6a89e27c kqueue tests: fix -fno-common build
vnode_fd and kqfd are both shared among multiple CU; define them exactly
once.

In the case of vnode_fd, it was simply the declaration that needed
correction.

-fno-common will become the default in GCC10/LLVM11.

MFC after:	3 days
2020-04-06 23:08:07 +00:00
Alexander V. Chernikov
272bd6985f Add routing tests verifying basic RTM_CHANGE functionality.
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24239
2020-04-02 20:02:33 +00:00
Alexander V. Chernikov
ddc7507637 Switch rtsock tests to per-test jails and epair interfaces.
Many rtsock tests verify the ordering of the kernel messages for the
 particular event. In order to avoid flaky tests due to the other tests
 running, switch all tests to use personal vnet-enabled jails.
This removes all clashes on the IP addresses and brings back the ability
 to run these tests simultaneously.

Reported by:	olivier
Reviewed by:	olivier
Differential Revision:	https://reviews.freebsd.org/D24182
2020-03-29 06:25:57 +00:00
John Baldwin
c034143269 Refactor driver and consumer interfaces for OCF (in-kernel crypto).
- The linked list of cryptoini structures used in session
  initialization is replaced with a new flat structure: struct
  crypto_session_params.  This session includes a new mode to define
  how the other fields should be interpreted.  Available modes
  include:

  - COMPRESS (for compression/decompression)
  - CIPHER (for simply encryption/decryption)
  - DIGEST (computing and verifying digests)
  - AEAD (combined auth and encryption such as AES-GCM and AES-CCM)
  - ETA (combined auth and encryption using encrypt-then-authenticate)

  Additional modes could be added in the future (e.g. if we wanted to
  support TLS MtE for AES-CBC in the kernel we could add a new mode
  for that.  TLS modes might also affect how AAD is interpreted, etc.)

  The flat structure also includes the key lengths and algorithms as
  before.  However, code doesn't have to walk the linked list and
  switch on the algorithm to determine which key is the auth key vs
  encryption key.  The 'csp_auth_*' fields are always used for auth
  keys and settings and 'csp_cipher_*' for cipher.  (Compression
  algorithms are stored in csp_cipher_alg.)

- Drivers no longer register a list of supported algorithms.  This
  doesn't quite work when you factor in modes (e.g. a driver might
  support both AES-CBC and SHA2-256-HMAC separately but not combined
  for ETA).  Instead, a new 'crypto_probesession' method has been
  added to the kobj interface for symmteric crypto drivers.  This
  method returns a negative value on success (similar to how
  device_probe works) and the crypto framework uses this value to pick
  the "best" driver.  There are three constants for hardware
  (e.g. ccr), accelerated software (e.g. aesni), and plain software
  (cryptosoft) that give preference in that order.  One effect of this
  is that if you request only hardware when creating a new session,
  you will no longer get a session using accelerated software.
  Another effect is that the default setting to disallow software
  crypto via /dev/crypto now disables accelerated software.

  Once a driver is chosen, 'crypto_newsession' is invoked as before.

- Crypto operations are now solely described by the flat 'cryptop'
  structure.  The linked list of descriptors has been removed.

  A separate enum has been added to describe the type of data buffer
  in use instead of using CRYPTO_F_* flags to make it easier to add
  more types in the future if needed (e.g. wired userspace buffers for
  zero-copy).  It will also make it easier to re-introduce separate
  input and output buffers (in-kernel TLS would benefit from this).

  Try to make the flags related to IV handling less insane:

  - CRYPTO_F_IV_SEPARATE means that the IV is stored in the 'crp_iv'
    member of the operation structure.  If this flag is not set, the
    IV is stored in the data buffer at the 'crp_iv_start' offset.

  - CRYPTO_F_IV_GENERATE means that a random IV should be generated
    and stored into the data buffer.  This cannot be used with
    CRYPTO_F_IV_SEPARATE.

  If a consumer wants to deal with explicit vs implicit IVs, etc. it
  can always generate the IV however it needs and store partial IVs in
  the buffer and the full IV/nonce in crp_iv and set
  CRYPTO_F_IV_SEPARATE.

  The layout of the buffer is now described via fields in cryptop.
  crp_aad_start and crp_aad_length define the boundaries of any AAD.
  Previously with GCM and CCM you defined an auth crd with this range,
  but for ETA your auth crd had to span both the AAD and plaintext
  (and they had to be adjacent).

  crp_payload_start and crp_payload_length define the boundaries of
  the plaintext/ciphertext.  Modes that only do a single operation
  (COMPRESS, CIPHER, DIGEST) should only use this region and leave the
  AAD region empty.

  If a digest is present (or should be generated), it's starting
  location is marked by crp_digest_start.

  Instead of using the CRD_F_ENCRYPT flag to determine the direction
  of the operation, cryptop now includes an 'op' field defining the
  operation to perform.  For digests I've added a new VERIFY digest
  mode which assumes a digest is present in the input and fails the
  request with EBADMSG if it doesn't match the internally-computed
  digest.  GCM and CCM already assumed this, and the new AEAD mode
  requires this for decryption.  The new ETA mode now also requires
  this for decryption, so IPsec and GELI no longer do their own
  authentication verification.  Simple DIGEST operations can also do
  this, though there are no in-tree consumers.

  To eventually support some refcounting to close races, the session
  cookie is now passed to crypto_getop() and clients should no longer
  set crp_sesssion directly.

- Assymteric crypto operation structures should be allocated via
  crypto_getkreq() and freed via crypto_freekreq().  This permits the
  crypto layer to track open asym requests and close races with a
  driver trying to unregister while asym requests are in flight.

- crypto_copyback, crypto_copydata, crypto_apply, and
  crypto_contiguous_subsegment now accept the 'crp' object as the
  first parameter instead of individual members.  This makes it easier
  to deal with different buffer types in the future as well as
  separate input and output buffers.  It's also simpler for driver
  writers to use.

- bus_dmamap_load_crp() loads a DMA mapping for a crypto buffer.
  This understands the various types of buffers so that drivers that
  use DMA do not have to be aware of different buffer types.

- Helper routines now exist to build an auth context for HMAC IPAD
  and OPAD.  This reduces some duplicated work among drivers.

- Key buffers are now treated as const throughout the framework and in
  device drivers.  However, session key buffers provided when a session
  is created are expected to remain alive for the duration of the
  session.

- GCM and CCM sessions now only specify a cipher algorithm and a cipher
  key.  The redundant auth information is not needed or used.

- For cryptosoft, split up the code a bit such that the 'process'
  callback now invokes a function pointer in the session.  This
  function pointer is set based on the mode (in effect) though it
  simplifies a few edge cases that would otherwise be in the switch in
  'process'.

  It does split up GCM vs CCM which I think is more readable even if there
  is some duplication.

- I changed /dev/crypto to support GMAC requests using CRYPTO_AES_NIST_GMAC
  as an auth algorithm and updated cryptocheck to work with it.

- Combined cipher and auth sessions via /dev/crypto now always use ETA
  mode.  The COP_F_CIPHER_FIRST flag is now a no-op that is ignored.
  This was actually documented as being true in crypto(4) before, but
  the code had not implemented this before I added the CIPHER_FIRST
  flag.

- I have not yet updated /dev/crypto to be aware of explicit modes for
  sessions.  I will probably do that at some point in the future as well
  as teach it about IV/nonce and tag lengths for AEAD so we can support
  all of the NIST KAT tests for GCM and CCM.

- I've split up the exising crypto.9 manpage into several pages
  of which many are written from scratch.

- I have converted all drivers and consumers in the tree and verified
  that they compile, but I have not tested all of them.  I have tested
  the following drivers:

  - cryptosoft
  - aesni (AES only)
  - blake2
  - ccr

  and the following consumers:

  - cryptodev
  - IPsec
  - ktls_ocf
  - GELI (lightly)

  I have not tested the following:

  - ccp
  - aesni with sha
  - hifn
  - kgssapi_krb5
  - ubsec
  - padlock
  - safe
  - armv8_crypto (aarch64)
  - glxsb (i386)
  - sec (ppc)
  - cesa (armv7)
  - cryptocteon (mips64)
  - nlmsec (mips64)

Discussed with:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D23677
2020-03-27 18:25:23 +00:00
Alfredo Dal'Ava Junior
9b2877353b so_reuseport_lb_test: correct setsockopt parameter size
Change type of variable used in setsocketopt so correct size of
option is passed.

Test failure was identified when running the test on PowerPC64,
and the following error message was seen:

	"bind () failed: Address already in use"

Submitted by:	Fernando Valle <fernando.valle@eldorado.org.br>
Reviewed by:	melifaro, adalava
Approved by:	jhibbits (mentor)
Sponsored by:	Eldorado Research Institute (eldorado.org.br)
Differential Revision:	https://reviews.freebsd.org/D24164
2020-03-25 20:20:08 +00:00
Alexander V. Chernikov
b4a4a3b82f Add tests verifying IPv4/IPv6 output for TCP/UDP/raw paths.
Reviewed by:	kp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24138
2020-03-23 12:21:32 +00:00
Kristof Provost
bb490fcf19 bridge tests: Basic span test
Reviewed by:	philip, emaste (previous version)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23961
2020-03-16 08:44:46 +00:00
Li-Wen Hsu
c0507192fa Skip sys.netpfil.pf.nat.exhaust on all platforms as it not only fails on amd64
PR:		244703
Sponsored by:	The FreeBSD Foundation
2020-03-13 16:44:48 +00:00
Li-Wen Hsu
f95988cc0e Temporarily skip sys.geom.class.gate.ggate_test.ggated in CI
PR:		244737
Sponsored by:	The FreeBSD Foundation
2020-03-11 10:42:05 +00:00
Alan Somers
b0ecfb42d1 fusefs: avoid cache corruption with buggy fuse servers
The FUSE protocol allows the client (kernel) to cache a file's size, if the
server (userspace daemon) allows it. A well-behaved daemon obviously should
not change a file's size while a client has it cached. But a buggy daemon
might. If the kernel ever detects that that has happened, then it should
invalidate the entire cache for that file. Previously, we would not only
cache stale data, but in the case of a file extension while we had the size
cached, we accidentally extended the cache with zeros.

PR:		244178
Reported by:	Ben RUBSON <ben.rubson@gmx.com>
Reviewed by:	cem
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24012
2020-03-11 04:29:45 +00:00
Alexander V. Chernikov
d7cdd89777 Add basic IPv4/IPv6 forwarding tests.
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24002
2020-03-10 19:52:19 +00:00
Li-Wen Hsu
7d292b4814 Skip sys.netpfil.pf.nat.exhaust on amd64 in CI as it sometimes panics kernel
PR:		244703
Sponsored by:	The FreeBSD Foundation
2020-03-10 19:18:24 +00:00
Kristof Provost
d99bb677c1 bridge test: adding and removing static addresses
Reviewed by:	philip
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23960
2020-03-10 06:29:59 +00:00
Kristof Provost
6f0a65b080 bridge test: spanning tree
Basic test case where we create a bridge loop, verify that we really are
looping and then enable spanning tree to resolve the loop.

Reviewed by:	philip
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23959
2020-03-10 06:28:45 +00:00
Alan Somers
d970778e6f fusefs: fix fsync for files with multiple open handles
We were reusing a structure for multiple operations, but failing to
reinitialize one member.  The result is that a server that cares about FUSE
file handle IDs would see one correct FUSE_FSYNC operation, and one with the
FHID unset.

PR:		244431
Reported by:	Agata <chogata@gmail.com>
MFC after:	2 weeks
2020-03-09 01:57:21 +00:00
Alan Somers
cc6e71e16c [skip ci] fix typo in comment in the fusefs tests
MFC after:	2 weeks
2020-03-09 00:14:09 +00:00
Olivier Cochard
8ccf503240 Skip if_epair regression test if module doesn't exist
Approved by:	kp
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D23876
2020-03-03 17:35:15 +00:00
Alexander V. Chernikov
ea2773323c Fix dynamic redrects by adding forgotten RTF_HOST flag.
Improve tests to verify the generated route flags.

Reported by:	jtl
MFC after:	2 weeks
2020-03-03 15:33:43 +00:00
Li-Wen Hsu
06bd9afc5f Skip the right test case
PR:		244172
Sponsored by:	The FreeBSD Foundation
2020-02-26 15:15:55 +00:00
Li-Wen Hsu
547a1e03c3 Revert r358309 after r358311.
PR:		244393
Sponsored by:	The FreeBSD Foundation
2020-02-26 04:54:50 +00:00
Li-Wen Hsu
bebf52f1ec Temporarily skip failing test case sys.netpfil.pf.fragmentation.v6
PR:		244393
Sponsored by:	The FreeBSD Foundation
2020-02-25 11:56:54 +00:00
Kristof Provost
e3c73f3d74 bridge tests: Remove unneeded 'All rights reserved.'
The FreeBSD foundation no longer requires this, as per
https://lists.freebsd.org/pipermail/svn-src-all/2019-February/177215.html and
private communications.

Sponsored by:	The FreeBSD Foundation
2020-02-19 16:44:16 +00:00
Alan Somers
691c0a5f3d [skip ci] delete obsolete comment in fusefs tests
It should've been deleted by r349436

MFC after:	2 weeks
2020-02-19 01:51:01 +00:00
Li-Wen Hsu
db41308a28 Temporarily skip flakey test case sys.netinet.fibs_test.udp_dontroute6 in CI
PR:		244172
Sponsored by:	The FreeBSD Foundation
2020-02-16 17:55:32 +00:00
Li-Wen Hsu
314ef80dc4 Temporarily skip flakey test case sys.netinet6.frag6.frag6_07.frag6_07 in CI
PR:		244170
Sponsored by:	The FreeBSD Foundation
2020-02-16 17:36:16 +00:00
Li-Wen Hsu
f1cabcd328 Temporarily skip sys.net.if_lagg_test.lacp_linkstate_destroy_stress on i386 CI
It panics kernel

PR:		244168
Sponsored by:	The FreeBSD Foundation
2020-02-16 16:49:29 +00:00
Kristof Provost
095aabf7dc bridge: Basic test case
Very basic bridge test: Set up two jails and test that they can pass IPv4
traffic over the bridge.

Reviewed by:	melifaro, philip
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23697
2020-02-16 13:16:40 +00:00
Li-Wen Hsu
07a721ac73 Temporarily skip failing sys.net.if_lagg_test.witness on i386 CI
PR:		244163
Sponsored by:	The FreeBSD Foundation
2020-02-16 11:16:05 +00:00
Li-Wen Hsu
5b697c5be0 Remove trailing whitespace
Sponsored by:	The FreeBSD Foundation
2020-02-16 10:59:32 +00:00
Li-Wen Hsu
11dcf43de8 Remove trailing whitespace
Sponsored by:	The FreeBSD Foundation
2020-02-16 10:57:42 +00:00
Alexander V. Chernikov
2207447bf4 Add basic IPDIVERT tests.
Reviewed by:	lwhsu,kp
Differential Revision:	https://reviews.freebsd.org/D23316
2020-02-14 09:36:35 +00:00
Li-Wen Hsu
c27ac74f9c Properly fix GCC build in r357867
Submitted by:	kib
Sponsored by:	The FreeBSD Foundation
2020-02-14 09:25:29 +00:00
Li-Wen Hsu
338450436d Fix GCC build.
Sponsored by:	The FreeBSD Foundation
2020-02-13 19:05:19 +00:00
Kristof Provost
475b483aee tests: Enable net tests
We have a number of tests in the net subdirectory that were not executed. List
the net directory so we run those tests.
2020-02-13 14:09:09 +00:00
Alexander V. Chernikov
99a7fa9268 * Fix flaking lle tests by filtering out non-relevant rtsock messages.
* Consistently use RTM_DECLARE_ROOT_TEST() macro.
* Temporarily remove iftype validation from IPv6 lle notifications.

Reported by:	kp
2020-02-12 21:16:30 +00:00
Alan Somers
7ee7e40976 fusefs: fix some memory leaks in the tests.
Oddly, most of these were not detected by Coverity.

Reported by:	Coverity (one of them, anyway)
Coverity CID:	1404490
MFC after:	2 weeks
2020-02-12 18:11:07 +00:00
Ed Maste
9c68ef1455 Tag pjdfstest symlink with pkgbase package
As with the rest of pjdfstest, tag the symlink with package=tests.
The tests -> . symlink seems a little strange but that's independent
of pkgbase.

Sponsored by:	The FreeBSD Foundation
2020-02-12 17:37:32 +00:00
Li-Wen Hsu
519aaa1500 Temporarily skip flakey test case sys.kern.ptrace_test.ptrace__parent_exits_before_child
PR:		244056
Sponsored by:	The FreeBSD Foundation
2020-02-11 23:17:58 +00:00
Li-Wen Hsu
f192f64848 Temporarily skip failing test case sys.kern/ptrace_test/ptrace__parent_wait_after_attach
PR:		244055
Sponsored by:	The FreeBSD Foundation
2020-02-11 22:48:12 +00:00
Li-Wen Hsu
0c556b7f98 Temporarily skip sys.geom.class.multipath.failloop.failloop in CI
This case uses `dtrace -c` but it has some issues at the moment

PR:		244053
Sponsored by:	The FreeBSD Foundation
2020-02-11 22:21:22 +00:00
Li-Wen Hsu
ec5fd09524 Reduce nc timeout in sys.mac.portacl.*
It is not necessary to wait that long for localhost.

Sponsored by:	The FreeBSD Foundation
2020-02-11 20:41:51 +00:00