Commit Graph

1316 Commits

Author SHA1 Message Date
Alexander V. Chernikov
37c0f4a207 Fix typo in rtsock_common.h
MFC after:	3 days
2021-04-19 20:24:46 +00:00
Kristof Provost
e14d56f370 pf tests: Test set keepcounters
MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29781
2021-04-19 14:31:47 +02:00
Kristof Provost
4ae3a97e12 bridge tests: Test STP config BPDU validation
PR:		254924
Reviewed by:	donner
Differential Revision:	https://reviews.freebsd.org/D29783
2021-04-19 12:09:35 +02:00
Mark Johnston
3a248c8441 Add some regression tests for O_PATH and AT_EMPTY_PATH
Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29719
2021-04-15 09:40:57 -04:00
Kristof Provost
112f007e12 pf tests: Test clearing rules counters
This was briefly broken, so ensure that we can read and clear rules
counters.

MFC after:	4 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29728
2021-04-14 13:33:02 +02:00
Kurosawa Takahiro
2aa21096c7 pf: Implement the NAT source port selection of MAP-E Customer Edge
MAP-E (RFC 7597) requires special care for selecting source ports
in NAT operation on the Customer Edge because a part of bits of the port
numbers are used by the Border Relay to distinguish another side of the
IPv4-over-IPv6 tunnel.

PR:		254577
Reviewed by:	kp
Differential Revision:	https://reviews.freebsd.org/D29468
2021-04-13 10:53:18 +02:00
Cy Schubert
efec822389 wpa: Import wpa_supplicant/hostapd commit f91680c15
This is the April update to vendor/wpa committed upstream
2021/04/07.
2021-04-12 16:46:23 -07:00
Ryan Libby
13d4f96130 shared shadow vm object invalidation regression test
Add a regression test for a scenario where a shadow vm object is shared
by multiple mappings.  If a page COW occurs through one of the mappings,
then the virtual-to-physical mapping may become invalidated.

This tests the scenario from CVE-2021-29626 which was fixed by
982693bb72.

Reviewed by:	markj
Sponsored by:	Dell EMC Isilon
2021-04-07 12:39:05 -07:00
Kristof Provost
f37667e235 pf tests: Test multi-wan rdr
This replicates an issue observed on pfSense: https://redmine.pfsense.org/issues/11436

In essence, reply-to is needed to ensure that connections always leave
the WAN interface they came in on, but this confused the state tracking.

MFC after:	2 week
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-04-07 17:03:20 +02:00
Kurosawa Takahiro
5a5623397c pf tests: make synproxy and nat work correctly even if inetd is running
tests/sys/netfil/pf/synproxy fails if inetd has been running
outside of the jail because pidfile_open() fails with EEXIST.
tests/sys/netfil/pf/nat has the same problem but the test succeeds
because whether inetd is running is not so important.

Fix the problem by changing the pidfile path from the default
location.

Reviewed by:	kp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D29622
2021-04-07 13:05:23 +02:00
Alex Richardson
83532eb68c tests/sys/net/routing: XFAIL the two failing tests
They have been failing for 1.5 months and the patch to fix them is stuck
in review so mark them as XFAIL for now to get Jenkins back to green.

To be reverted when https://reviews.freebsd.org/D28886 (or similar) is
commited.

Reviewed By:	kp
MFC after:	3 days
Differential Revision: https://reviews.freebsd.org/D29528
2021-04-07 10:34:22 +01:00
Vincenzo Maffione
36d6e65722 netmap: update unit tests with libnetmap tests 2021-04-02 14:39:30 +00:00
Vincenzo Maffione
45c67e8f6b netmap: several typo fixes
No functional changes intended.
2021-04-02 07:01:20 +00:00
Alex Richardson
6f30d1c851 ng_macfilter_test: Skip rather than fail if there is no network
This should bring the number of Jenkins failures from 4 down to 3.
Locally kyua now prints `skipped: could not find a valid interface  [0.115s]`
when I run it in QEMU without a network device.

Reviewed By:	lwhsu
MFC after:	3 days
Differential Revision: https://reviews.freebsd.org/D29414
2021-03-25 11:16:12 +00:00
Alex Richardson
aa05775ef0 tests/sys/net/if_lagg_test: Fix syntax error
Fixes:	ee231b27ff ("Also skip sys/net/if_lagg_test:witness on non-i386")
2021-03-22 11:55:06 +00:00
Alex Richardson
ee231b27ff Also skip sys/net/if_lagg_test:witness on non-i386
The LOR also happens on amd64 and other architectures. Ideally we would
fix this. However, in order to get Jenkins green again to catch real
regressions, we should skip this test for now.

PR:		251726
Reviewed By:	lwhsu
Differential Revision: https://reviews.freebsd.org/D29341
2021-03-19 18:35:06 +00:00
Alex Richardson
7dd1f932c1 tests/sys/netgraph: Further CI fixes
I was trying to debug why this test is working locally but failing in CI.
While doing so I made some small changes to allow running it with set -e.

It turns out the problem is that find_iface does not return anything in
Jenkins, so all following tests fail with obscure error messages.
To handle this case exit early if $eth is empty.

Reviewed By:	lwhsu
Differential Revision: https://reviews.freebsd.org/D29340
2021-03-19 18:34:30 +00:00
Philip Paeps
f8262d7d8a Import wpa_supplicant/hostapd commit 9d9b42306541
Start tracking upstream development of hostapd and wpa_supplicant more
closely.  The last upstream release is from August 2019.  Keeping up
with upstream development will make importing releases less exciting.

Discussed with: cy
Sponsored by:	Rubicon Communications, LLC ("Netgate")
2021-03-19 11:13:37 +08:00
Alan Somers
929acdb19a fusefs: fix two bugs regarding fcntl file locks
1) F_SETLKW (blocking) operations would be sent to the FUSE server as
   F_SETLK (non-blocking).

2) Release operations, F_SETLK with lk_type = F_UNLCK, would simply
   return EINVAL.

PR:		253500
Reported by:	John Millikin <jmillikin@gmail.com>
MFC after:	2 weeks
2021-03-18 17:09:10 -06:00
Alex Richardson
6ceacebdf5 Unbreak MSG_CMSG_CLOEXEC
MSG_CMSG_CLOEXEC has not been working since 2015 (SVN r284380) because
_finstall expects O_CLOEXEC and not UF_EXCLOSE as the flags argument.
This was probably not noticed because we don't have a test for this flag
so this commit adds one. I found this problem because one of the
libwayland tests was failing.

Fixes:		ea31808c3b ("fd: move out actual fp installation to _finstall")
MFC after:	3 days
Reviewed By:	mjg, kib
Differential Revision: https://reviews.freebsd.org/D29328
2021-03-18 20:52:20 +00:00
Kristof Provost
8ad7d25dfc pf tests: pfsync bulk update test
Test that pfsync works as expected with bulk updates. That is, create
some state before setting up the second firewall. Let that firewall
request a bulk update so it can catch up, and check that it got the
state which was created before it enable pfsync.

PR:		254236
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D29272
2021-03-17 19:18:14 +01:00
Kyle Evans
f187d6dfbf base: remove if_wg(4) and associated utilities, manpage
After length decisions, we've decided that the if_wg(4) driver and
related work is not yet ready to live in the tree.  This driver has
larger security implications than many, and thus will be held to
more scrutiny than other drivers.

Please also see the related message sent to the freebsd-hackers@
and freebsd-arch@ lists by Kyle Evans <kevans@FreeBSD.org> on
2021/03/16, with the subject line "Removing WireGuard Support From Base"
for additional context.
2021-03-17 09:14:48 -05:00
Kyle Evans
e277a507d8 tests: netinet: add missing up from local change 2021-03-15 00:24:54 -05:00
Kyle Evans
74ae3f3e33 if_wg: import latest fixup work from the wireguard-freebsd project
This is the culmination of about a week of work from three developers to
fix a number of functional and security issues.  This patch consists of
work done by the following folks:

- Jason A. Donenfeld <Jason@zx2c4.com>
- Matt Dunwoodie <ncon@noconroy.net>
- Kyle Evans <kevans@FreeBSD.org>

Notable changes include:
- Packets are now correctly staged for processing once the handshake has
  completed, resulting in less packet loss in the interim.
- Various race conditions have been resolved, particularly w.r.t. socket
  and packet lifetime (panics)
- Various tests have been added to assure correct functionality and
  tooling conformance
- Many security issues have been addressed
- if_wg now maintains jail-friendly semantics: sockets are created in
  the interface's home vnet so that it can act as the sole network
  connection for a jail
- if_wg no longer fails to remove peer allowed-ips of 0.0.0.0/0
- if_wg now exports via ioctl a format that is future proof and
  complete.  It is additionally supported by the upstream
  wireguard-tools (which we plan to merge in to base soon)
- if_wg now conforms to the WireGuard protocol and is more closely
  aligned with security auditing guidelines

Note that the driver has been rebased away from using iflib.  iflib
poses a number of challenges for a cloned device trying to operate in a
vnet that are non-trivial to solve and adds complexity to the
implementation for little gain.

The crypto implementation that was previously added to the tree was a
super complex integration of what previously appeared in an old out of
tree Linux module, which has been reduced to crypto.c containing simple
boring reference implementations.  This is part of a near-to-mid term
goal to work with FreeBSD kernel crypto folks and take advantage of or
improve accelerated crypto already offered elsewhere.

There's additional test suite effort underway out-of-tree taking
advantage of the aforementioned jail-friendly semantics to test a number
of real-world topologies, based on netns.sh.

Also note that this is still a work in progress; work going further will
be much smaller in nature.

MFC after:	1 month (maybe)
2021-03-14 23:52:04 -05:00
Alex Richardson
65f4ff4e68 tests/sys/netgraph/ng_macfilter_test: Fix invalid TAP output
This should allow the test to pass in Jenkins. Testing it locally now
reports "passed" instead of "invalid TAP data".

While touching this file also fix some shellcheck warnings that were
pointed out by my IDE.

Reviewed By:	lwhsu, afedorov
Differential Revision: https://reviews.freebsd.org/D29054
2021-03-12 17:35:26 +00:00
Alex Richardson
0b86424c31 tests/sys/cddl: correctly quote atf_set "require.progs"
The argument has to be a single whitespace-separate value. While touching
all these lines also add ksh93, since `atf_set "require.progs"` overrides
the default value specified in the Kyuafile. This then results in tests
being executed despite ksh93 not being installed.

Reviewed By:	asomers
Differential Revision: https://reviews.freebsd.org/D29066
2021-03-08 09:38:27 +00:00
Kristof Provost
9d3b2bcf76 pf tests: Test tos/dscp matching
MFC after:	2 weeks
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D29078
2021-03-06 10:08:44 +01:00
Alex Richardson
1fcbddec14 Fix GCC build of ptrace_test after 96a9e50e63
It seems like GCC's -Wsign-compare is stricter and also warns for
constants. Appease GCC by adding the required casts.

Fixes:		96a9e50e63 ("ptrace_test: Add more debug output on test failures")
Reported by:	Jenkins CI
2021-03-03 11:22:43 +00:00
Alex Richardson
c97304110a tests/sys/audit: add missing comma delimiter between fields
This makes the `kyua report --verbose` output a lot easier to parse when
looking at failed tests. It also fixes the closefrom() test since I
tested my changes with this commit but forgot to push it together with
fa32350347.

Fixes:		fa32350347 ("close_range: add audit support")
2021-03-02 18:37:12 +00:00
Alex Richardson
53a535c1d8 Simplify the capsicum-test wrapper script
Instead of running tests one-by-one with the shell wrapper we now run
the full gtest testsuite twice (once as root, once as non root). This
significantly speeds up running tests despite running them twice.
This change also passes the missing -u flag to capsicum-test that caused
test failures (https://bugs.freebsd.org/250178)

Previously, running the testsuite with the wrapper script took ~3s per
test on aarch64 QEMU, i.e. a total of almost 5 minutes.
Now it takes 6 seconds to run all tests twice.

Before:
root@freebsd-aarch64:/usr/tests/sys/capsicum # /usr/bin/time kyua test functional
94/96 passed (2 failed)
      309.97 real        58.46 user       244.31 sys

After:
root@freebsd-aarch64:/usr/tests/sys/capsicum # /usr/bin/time kyua test functional
functional:test_root  ->  passed  [2.659s]
functional:test_unprivileged  ->  passed  [2.391s]
2/2 passed (0 failed)
        5.48 real         1.06 user         2.52 sys

This overhead is caused by kyua + atf-sh spawning lots of additional
processes and can be avoided by just running the googletest test binary.
syscall                     seconds   calls  errors
fork                   39.810229456    1275       0
sigprocmask            13.546928736     572       0

i.e. 1275 processes spawned to run a single test.

Test Plan:	All tests pass with D28907.
PR:		250178
Reviewed By:	lwhsu
Differential Revision: https://reviews.freebsd.org/D29014
2021-03-02 18:27:36 +00:00
Alex Richardson
955a3f9ad5 Update capsicum-test to git commit f4d97414d48b8f8356b971ab9f45dc5c70d53c40
This includes various fixes that I submitted recently such as updating the
pdkill() tests for the actual implemented behaviour
(https://github.com/google/capsicum-test/pull/53) and lots of changes to
avoid calling sleep() and replacing it with reliable synchronization
(pull requests 49,51,52,53,54). This should make the testsuite more reliable
when running on Jenkins. Additionally, process status is now retrieved using
libprocstat instead of running `ps` and parsing the output
(https://github.com/google/capsicum-test/pull/50). This fixes one previously
failing test and speeds up execution.

Overall, this update reduces the total runtime from ~60s to about 4-5 seconds.
2021-03-02 16:38:05 +00:00
Alex Richardson
17cc20092c Fix ptrace_test:ptrace__syscall_args after ATF upgrade
ATF now opens the results file (without CLOEXEC), so the child actually
has a valid file descriptor 3. To fix this simply use a large number that
will definitely not be a valid file descriptor.

Reviewed by:	jhb, cem, lwhsu
Differential Revision: https://reviews.freebsd.org/D28889
2021-03-01 19:56:05 +00:00
Alex Richardson
1032131464 Remove atf_tc_skip calls from ptrace_test
I've run these tests many times in a loop on multiple architectures and
it works reliably for me, maybe it's time to retire these skips?
This also adds an additional waitpid to one of the tests to avoid
a potential race condition (suggested by markj@).

PR:		239397, 244056, 239425, 240510, 220841, 243605
Reviewed By:	markj
Differential Revision: https://reviews.freebsd.org/D28888
2021-03-01 19:56:05 +00:00
Alex Richardson
96a9e50e63 ptrace_test: Add more debug output on test failures
Mostly automatic, using
`CHILD_REQUIRE\(([^|&\n]*) ==` -> `CHILD_REQUIRE_EQ_INT($1,`
`ATF_REQUIRE\(([^|&\n]*) ==` -> `REQUIRE_EQ_INT($1,` followed by
git-clang-format -f and then manually checking ones that contain ||/&&.

Test Plan:
Still getting the same failure but now it prints
`psr.sr_error (0) == EBADF (9) not met` instead of just failing
without printing the values.

PR:		243605
Reviewed By:	jhb
Differential Revision: https://reviews.freebsd.org/D28887
2021-03-01 19:55:43 +00:00
Alex Richardson
98202829d1 tests/sys/netpfil/pf: Add missing python3 requirements
This also fixes a typo in the dup test that caused the head function to
not be called. On my test system without python3 the tests are now
skipped instead of failing.

Reviewed By:	kp
Differential Revision: https://reviews.freebsd.org/D28903
2021-03-01 12:53:45 +00:00
Kristof Provost
7a4dbffa42 bridge tests: Test that we also forward on some interfaces
Ensure that we not only block on some interfaces, but also forward on
some. Without the previous commit we wound up discarding on all ports,
rather than only on the ports needed to break the loop.

MFC after:	1 week
Sponsored by:	Orange Business Services
Differential Revision:	https://reviews.freebsd.org/D28917
2021-02-25 10:17:03 +01:00
Konstantin Belousov
3ae8d83d04 Remove __NO_TLS.
All supported platforms support thread-local vars and __thread.

Reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D28796
2021-02-23 20:08:10 +02:00
Alex Richardson
fa32350347 close_range: add audit support
This fixes the closefrom test in sys/audit.

Includes cherry-picks of the following commits from openbsm:

4dfc628aaf
99ff6fe32a
da48a0399e

Reviewed By:	kevans
Differential Revision: https://reviews.freebsd.org/D28388
2021-02-23 17:47:07 +00:00
Alex Richardson
3775ddcf5a tests/sys/netgraph: Tell kyua that perl is required
Otherwise these tests fail with incomprehensible error messages.

Reviewed By:	kp
Differential Revision: https://reviews.freebsd.org/D28894
2021-02-23 17:43:31 +00:00
Kristof Provost
26492ba271 bridge tests: Test STP on top of VLAN devices
This is basically the same test as the existing STP test, but now on top
of VLAN interfaces instead of directly using the epair devices.

MFC after:	1 week
Sponsored by:	Orange Business Services
Differential Revision:	https://reviews.freebsd.org/D28861
2021-02-23 13:54:07 +01:00
Alexander V. Chernikov
f17f94cd1b Add arp/ndp tests in addition to rtsock ll tests. 2021-02-20 18:26:36 +00:00
Ed Maste
4621c4f2fd tests/sys/audit: force PIE off
df093aa946 linked against libprivateauditd.a, but that is currently
(and incorrectly) built as position-dependent.  For now just force PIE
off for this test to fix the WITH_PIE build.

Sponsored by:	The FreeBSD Foundation
2021-02-18 20:45:36 -05:00
Alex Richardson
df093aa946 tests/sys/audit: Avoid race caused by starting auditd(8) for testing
In the CheriBSD CI we reproducibly see the first test in sys/audit
(administrative:acct_failure) fail due to a missing startup message.
It appears this is caused by a race condition when starting auditd:
`service auditd onestart` returns as soon as the initial auditd() parent
exits (after the daemon(3) call).
We can avoid this problem by setting up the auditd infrastructure
in-process: libauditd contains audit_quick_{start,stop}() functions that
look like they are ideally suited to this task.
This patch also avoids forking lots of shell processes for each of the 418
tests by using `auditon(A_SENDTRIGGER, &trigger, sizeof(trigger))` to check
for a running auditd(8) instead of using `service auditd onestatus`.

With these two changes (and D28388 to fix the XFAIL'd test) I can now
boot and run `cd /usr/tests/sys/audit && kyua test` without any failures
in a single-core QEMU instance. Before there would always be at least one
failed test.

Besides making the tests more reliable in CI, a nice side-effect of this
change is that it also significantly speeds up running them by avoiding
lots of fork()/execve() caused by shell scripts:
Running kyua test on an AArch64 QEMU took 315s before and now takes 68s,
so it's roughly 3.5 times faster. This effect is even larger when running
on a CHERI-RISC-V QEMU since emulating CHERI instructions on an x86 host
is noticeably slower than emulating AArch64.

Test Plan: aarch64+amd64 QEMU no longer fail.

Reviewed By:	asomers
Differential Revision: https://reviews.freebsd.org/D28451
2021-02-18 14:02:48 +00:00
Kristof Provost
4a7d84058d pf tests: Explicitly ask for python3
If we install the scapy package (which we do list as a dependency) we
don't automatically install python (but we do have python3).

MFC after:      1 week
Sponsored by:   Rubicon Communications, LLC (“Netgate”’)
2021-02-17 14:04:33 +01:00
Alexander V. Chernikov
2fe5a79425 Fix dst/netmask handling in routing socket code.
Traditionally routing socket code did almost zero checks on
 the input message except for the most basic size checks.

This resulted in the unclear KPI boundary for the routing system code
 (`rtrequest*` and now `rib_action()`) w.r.t message validness.

Multiple potential problems and nuances exists:
* Host bits in RTAX_DST sockaddr. Existing applications do send prefixes
 with hostbits uncleared. Even `route(8)` does this, as they hope the kernel
 would do the job of fixing it. Code inside `rib_action()` needs to handle
 it on its own (see `rt_maskedcopy()` ugly hack).
* There are multiple way of adding the host route: it can be DST without
 netmask or DST with /32(/128) netmask. Also, RTF_HOST has to be set correspondingly.
 Currently, these 2 options create 2 DIFFERENT routes in the kernel.
* no sockaddr length/content checking for the "secondary" fields exists: nothing
 stops rtsock application to send sockaddr_in with length of 25 (instead of 16).
 Kernel will accept it, install to RIB as is and propagate to all rtsock consumers,
 potentially triggering bugs in their code. Same goes for sin_port, sin_zero, etc.

The goal of this change is to make rtsock verify all sockaddr and prefix consistency.
Said differently, `rib_action()` or internals should NOT require to change any of the
 sockaddrs supplied by `rt_addrinfo` structure due to incorrectness.

To be more specific, this change implements the following:
* sockaddr cleanup/validation check is added immediately after getting sockaddrs from rtm.
* Per-family dst/netmask checks clears host bits in dst and zeros all dst/netmask "secondary" fields.
* The same netmask checking code converts /32(/128) netmasks to "host" route case
 (NULL netmask, RTF_HOST), removing the dualism.
* Instead of allowing ANY "known" sockaddr families (0<..<AF_MAX), allow only actually
 supported ones (inet, inet6, link).
* Automatically convert `sockaddr_sdl` (AF_LINK) gateways to
  `sockaddr_sdl_short`.

Reported by:	Guy Yur <guyyur at gmail.com>
Reviewed By:	donner
Differential Revision: https://reviews.freebsd.org/D28668
MFC after:	3 days
2021-02-16 20:30:04 +00:00
Kristof Provost
6b52139eb8 pf tests: Test unicast reverse path forwarding check
Ensure that pf's urpf-failed keyword works as expected.

PR:		253479
MFC after:	1 week
Reviewed by:	melifaro@
Differential Revision:	https://reviews.freebsd.org/D28694
2021-02-16 10:48:58 +01:00
Alan Somers
71befc3506 fusefs: set d_off during VOP_READDIR
This allows d_off to be used with lseek to position the file so that
getdirentries(2) will return the next entry.  It is not used by
readdir(3).

PR:		253411
Reported by:	John Millikin <jmillikin@gmail.com>
Reviewed by:	cem
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D28605
2021-02-12 21:50:52 -07:00
Alex Richardson
1eec5861d5 tests/sys/vfs/lookup_cap_dotdot: No longer aborts after ATF update
It appears this test no longer fails after c203bd70b5.

PR:		215690
2021-02-04 17:57:27 +00:00
Alex Richardson
8b820df156 Fix build with read-only source dir after 83c20b8a2d
I changed the Makefile to use SRCS instead of LDADD, but since there is
still and absolute path to the source the .o file was created inside the
source directory instead of the build directory.
It would be nice if this was an error/warning by default, but for now just
fix this issue by using .PATH and the base name of the file.

Reported by:	cy, peterj
2021-02-03 09:30:53 +00:00
Neel Chauhan
a08cdb6cfb Allow setting alias port ranges in libalias and ipfw. This will allow a system
to be a true RFC 6598 NAT444 setup, where each network segment (e.g. user,
subnet) can have their own dedicated port aliasing ranges.

Reviewed by:		donner, kp
Approved by:		0mp (mentor), donner, kp
Differential Revision:	https://reviews.freebsd.org/D23450
2021-02-02 13:24:17 -08:00
Alex Richardson
40407d3998 tests/sys/audit: Skip extattr tests if extattrs are not supported
In the CheriBSD CI, we run the testsuite with /tmp as tmpfs. This causes
the extattr audit tests to fail since tmpfs does not (yet) support
extattrs. Skip those tests if the target path is on a file system that
does not support extended file attributes.

While touching these two files also convert the ATF_REQUIRE_EQ(-1, ...)
checks to use ATF_REQURIE_ERRNO().

Reviewed By:	asomers
Differential Revision: https://reviews.freebsd.org/D28392
2021-02-02 09:55:19 +00:00
Alex Richardson
83c20b8a2d tests/sys/kern/crc32: Check for SSE4.2 before using it
This avoids a SIGILL when running these tests on QEMU (which
defaults to a basic amd64 CPU without SSE4.2).

This commit also tests the table-based implementations in addition to
testing the hw-accelerated crc32 versions.

Reviewed By:	cem, kib, markj
Differential Revision: https://reviews.freebsd.org/D28395
2021-02-02 09:53:39 +00:00
Alex Richardson
869cc06480 tests/sys/audit: fix timeout calculation
This changes the behaviour to a 30s total timeout (needed when running
on slow emulated uniprocessor systems) and timing out after 10s without
any input. This also uses timespecsub() instead of ignoring the
nanoseconds field.

After this change the tests runs more reliably on QEMU and time out less
frequently.

Reviewed By:	asomers
Differential Revision: https://reviews.freebsd.org/D28391
2021-01-28 17:24:24 +00:00
Kristof Provost
cd579b6fba pf tests: Test that dup-to doesn't produce extra duplicate packets 2021-01-28 16:46:44 +01:00
Kristof Provost
16b3833344 altq tests: Basic ALTQ test
Activate ALTQ_HFSC, crudely check if it really limits bandwidth as we'd expect.

Reviewed by:		donner@
Differential Revision:	https://reviews.freebsd.org/D28303
2021-01-25 19:58:22 +01:00
Alexander V. Chernikov
81728a538d Split rtinit() into multiple functions.
rtinit[1]() is a function used to add or remove interface address prefix routes,
  similar to ifa_maintain_loopback_route().
It was intended to be family-agnostic. There is a problem with this approach
 in reality.

1) IPv6 code does not use it for the ifa routes. There is a separate layer,
  nd6_prelist_(), providing interface for maintaining interface routes. Its part,
  responsible for the actual route table interaction, mimics rtenty() code.

2) rtinit tries to combine multiple actions in the same function: constructing
  proper route attributes and handling iterations over multiple fibs, for the
  non-zero net.add_addr_allfibs use case. It notably increases the code complexity.

3) dstaddr handling. flags parameter re-uses RTF_ flags. As there is no special flag
 for p2p connections, host routes and p2p routes are handled in the same way.
 Additionally, mapping IFA flags to RTF flags makes the interface pretty messy.
 It make rtinit() to clash with ifa_mainain_loopback_route() for IPV4 interface
 aliases.

4) rtinit() is the last customer passing non-masked prefixes to rib_action(),
 complicating rib_action() implementation.

5) rtinit() coupled ifa announce/withdrawal notifications, producing "false positive"
 ifa messages in certain corner cases.

To address all these points, the following has been done:

* rtinit() has been split into multiple functions:
- Route attribute construction were moved to the per-address-family functions,
 dealing with (2), (3) and (4).
- funnction providing net.add_addr_allfibs handling and route rtsock notificaions
 is the new routing table inteface.
- rtsock ifa notificaion has been moved out as well. resulting set of funcion are only
 responsible for the actual route notifications.

Side effects:
* /32 alias does not result in interface routes (/32 route and "host" route)
* RTF_PINNED is now set for IPv6 prefixes corresponding to the interface addresses

Differential revision:	https://reviews.freebsd.org/D28186
2021-01-16 22:42:41 +00:00
Kristof Provost
44117554b1 pf tests: pass NULL buffer to DIOCRCLRTSTATS
As discovered by syzcaller this used to provoke panics.

MFC after:	1 week
2021-01-13 19:49:45 +01:00
Alan Somers
ff1a307801 lio_listio: validate aio_lio_opcode
Previously, we would accept any kind of LIO_* opcode, including ones
that were intended for in-kernel use only like LIO_SYNC (which is not
defined in userland).  The situation became more serious with
022ca2fc7f.  After that revision, setting
aio_lio_opcode to LIO_WRITEV or LIO_READV would trigger an assertion.

Note that POSIX does not specify what should happen if aio_lio_opcode is
invalid.

MFC-with:	022ca2fc7f
Reviewed by:	jhb, tmunro, 0mp
Differential Revision:	<https://reviews.freebsd.org/D28078
2021-01-11 19:53:01 -07:00
Alan Somers
19cca0b961 aio: fix the tests when ZFS is not available
Don't try to cleanup the zpool if we couldn't create a zpool in the
first place.

Submitted by:	tmunro
MFC-with:	022ca2fc7f
2021-01-09 17:16:38 -07:00
Thomas Munro
801ac943ea aio_fsync(2): Support O_DSYNC.
aio_fsync(O_DSYNC, ...) is the asynchronous version of fdatasync(2).

Reviewed by: kib, asomers, jhb
Differential Review: https://reviews.freebsd.org/D25071
2021-01-08 13:15:56 +13:00
Alan Somers
022ca2fc7f Add aio_writev and aio_readv
POSIX AIO is great, but it lacks vectored I/O functions. This commit
fixes that shortcoming by adding aio_writev and aio_readv. They aren't
part of the standard, but they're an obvious extension. They work just
like their synchronous equivalents pwritev and preadv.

It isn't yet possible to use vectored aiocbs with lio_listio, but that
could be added in the future.

Reviewed by:    jhb, kib, bcr
Relnotes:       yes
Differential Revision: https://reviews.freebsd.org/D27743
2021-01-02 19:57:58 -07:00
Alan Somers
92bbfe1f0d fusefs: implement FUSE_COPY_FILE_RANGE.
This updates the FUSE protocol to 7.28, though most of the new features
are optional and are not yet implemented.

MFC after:	2 weeks
Relnotes:	yes
Reviewed by:	cem
Differential Revision:	https://reviews.freebsd.org/D27818
2021-01-01 10:18:23 -07:00
Alan Somers
ae39db7406 fusefs: fix an expectation in one of the tests
An order-of-operations problem caused an expectation intended for
FUSE_READ to instead match FUSE_ACCESS.  Surprisingly, only one test
case was affected.

MFC after:	2 weeks
Reviewed by:	cem
Differential Revision:	https://reviews.freebsd.org/D27818
2021-01-01 10:18:22 -07:00
Cy Schubert
1d010cd31c Fix i386 build following 37df9d3bba.
MFC after:	2 weeks
X-MFC with:	37df9d3bba
2021-01-01 08:48:14 -08:00
Alan Somers
37df9d3bba fusefs: update FUSE protocol to 7.24 and implement FUSE_LSEEK
FUSE_LSEEK reports holes on fuse file systems, and is used for example
by bsdtar.

MFC after:	2 weeks
Relnotes:	yes
Reviewed by:	cem
Differential Revision: https://reviews.freebsd.org/D27804
2020-12-31 08:51:47 -07:00
Alan Somers
f928dbcb16 fusefs: fix the tests for a wider range of maxphys
maxphys is now a tunable, ever since r368124.  The default value is also
larger than it used to be.  That broke several fusefs tests that made
assumptions about maxphys.

* WriteCluster.clustering used the MAXPHYS compile-time constant.

* WriteBackAsync.direct_io_partially_overlaps_cached_block implicitly
  depended on the default value of maxphys.  Fix it by making the
  dependency explicit.

* Write.write_large implicitly assumed that maxphys would be no more
  than twice maxbcachebuf.  Fix it by explicitly setting m_max_write.

* WriteCluster.clustering and several others failed because the MockFS
  module did not work for max_write > 128KB (which most tests would set
  when maxphys > 256KB).  Limit max_write accordingly.  This is the same
  as fusefs-libs's behavior.

* Bmap's tests were originally written for MAXPHYS=128KB.  With larger
  values, the simulated file size was too small.

PR:		252096
Reviewed by:	emaste
Differential Revision:	https://reviews.freebsd.org/D27769
2020-12-28 18:56:17 +00:00
Kristof Provost
2d3fda5fa1 pf tests: Verify (tcp) checksum modification on unaligned options
It turns out pf incorrectly updates the TCP checksum if the TCP option
we're modifying is not 2-byte algined with respect to the start of the
packet.

Create a TCP packet with such an option and throw it through a scrub
rule, which will update timestamps and modify the packet.

PR:		240416
MFC after:	1 week
Differential revision:	https://reviews.freebsd.org/D27688
2020-12-23 12:03:20 +01:00
Kristof Provost
e1f6571a12 pf tests: Sort Makefile entries
MFC after:	1 week
2020-12-23 12:03:20 +01:00
Kristof Provost
03ffa25695 net tests: Re-enable most if_clone tests
All but one of these (tap_ipv6_up_stress) currently pass, so we should enable
them so we don't regress.
2020-12-17 21:54:25 +00:00
Ryan Libby
c821ba35b6 posixshm_test.c: remove tautological checks
Reviewed by:	kib, markj
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D27564
2020-12-11 22:52:20 +00:00
Ryan Libby
6d759051d3 fdgrowtable_test.c: appease gcc
Work around bogus gcc -Wreturn-type.

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=44511

Reviewed by:	kevans, rew
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D27563
2020-12-11 22:52:16 +00:00
Nick Hibma
e8db04c389 New Netgraph module ng_macfilter:
Macfilter to route packets through different hooks based on sender MAC address.

Based on ng_macfilter written by Pekka Nikander

Sponsered by Retina b.v.

Reviewed by:	afedorov
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D27268
2020-12-08 15:09:42 +00:00
Mitchell Horne
22bd0c9731 ossl: port to arm64
Enable in-kernel acceleration of SHA1 and SHA2 operations on arm64 by adding
support for the ossl(4) crypto driver. This uses OpenSSL's assembly routines
under the hood, which will detect and use SHA intrinsics if they are
supported by the CPU.

Reviewed by:	jhb
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D27390
2020-12-04 21:12:17 +00:00
Kristof Provost
e997614fd2 pf tests: Test case for bug #251414
Changing a table from not having counters to having counters (or vice versa)
may trigger panics.

PR:		251414
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D27441
2020-12-02 16:33:23 +00:00
Alan Somers
23693bd8f3 AIO tests: update expected failure messages after r368265
PR:		220398, 251515
MFC after:	1 week
MFC-With:	r368265
2020-12-02 00:53:03 +00:00
Kristof Provost
c49747eaf2 pf tests: Re-enable panicing tests
We've fixed the vnet/epair cleanup race, so it is now safe to re-enable these
tests.

MFC after:	2 weeks
Sponsored by:	Modirum MDPay
2020-12-01 16:44:36 +00:00
Alan Somers
01f3f35447 ping: fix some man pages and tests after r368045
MFC-with:	r368045
2020-11-26 04:55:02 +00:00
John Baldwin
a4a23d2137 Remove uses of CRIOGET in OCF tests after r368005.
Pointy hat to:	jhb
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D27367
2020-11-25 01:31:00 +00:00
Kristof Provost
d5325f2f3c pf tests: provoke tag hashing panic
Attempt to provoke the panic fixed in r367987.

MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D27350
2020-11-24 17:32:49 +00:00
Robert Wing
3c85ca21d1 fd: free old file descriptor tables when not shared
During the life of a process, new file descriptor tables may be allocated. When
a new table is allocated, the old table is placed in a free list and held onto
until all processes referencing them exit.

When a new file descriptor table is allocated, the old file descriptor table
can be freed when the current process has a single-thread and the file
descriptor table is not being shared with any other processes.

Reviewed by:    kevans
Approved by:    kevans (mentor)
Differential Revision:  https://reviews.freebsd.org/D18617
2020-11-22 05:00:28 +00:00
Kristof Provost
d8f541d9a3 pf tests: Basic source tracking test
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D27255
2020-11-20 10:11:03 +00:00
Jonathan T. Looney
36c52a52ee Add a regression test for the port-selection behavior fixed in r367680.
Reviewed by:	markj, olivier, tuexen
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D27173
2020-11-14 15:44:28 +00:00
Adrian Chadd
07a605f427 [tests] Fix unused variable warning in gcc
Reviewed by:	markj, imp, cem,
Approved by:	markj
Differential Revision:	https://reviews.freebsd.org/D26792
2020-11-13 18:50:24 +00:00
Mark Johnston
870d4ba3ff cryptotest: Add qat(4) coverage
MFC after:	3 days
Sponsored by:	Rubicon Communications, LLC (Netgate)
2020-11-05 16:00:57 +00:00
Jung-uk Kim
8f02e2ac27 Make the tests work without COMPAT_FREEBSD12 in kernel.
sysctl 'kern.cryptodevallowsoft' was renamed to 'kern.crypto.allow_soft' in
r359374 and the prevous one is only available in kernel built with
"options COMPAT_FREEBSD12".
2020-11-04 22:41:54 +00:00
Jung-uk Kim
ac61934942 Add ossl(4) to cryptotest. 2020-10-30 19:53:16 +00:00
Edward Tomasz Napierala
bce7ee9d41 Drop "All rights reserved" from all my stuff. This includes
Foundation copyrights, approved by emaste@.  It does not include
files which carry other people's copyrights; if you're one
of those people, feel free to make similar change.

Reviewed by:	emaste, imp, gbe (manpages)
Differential Revision:	https://reviews.freebsd.org/D26980
2020-10-28 13:46:11 +00:00
Mateusz Piotrowski
7b39bef2cf Do not recommend to install kyua with pkg in the tests README
Kyua is now available in the base system.

While here, reword the usage section a bit.
2020-10-27 09:53:49 +00:00
Alexander V. Chernikov
c7cffd65c5 Add support for stacked VLANs (IEEE 802.1ad, AKA Q-in-Q).
802.1ad interfaces are created with ifconfig using the "vlanproto" parameter.
Eg., the following creates a 802.1Q VLAN (id #42) over a 802.1ad S-VLAN
(id #5) over a physical Ethernet interface (em0).

ifconfig vlan5 create vlandev em0 vlan 5 vlanproto 802.1ad up
ifconfig vlan42 create vlandev vlan5 vlan 42 inet 10.5.42.1/24

VLAN_MTU, VLAN_HWCSUM and VLAN_TSO capabilities should be properly
supported. VLAN_HWTAGGING is only partially supported, as there is
currently no IFCAP_VLAN_* denoting the possibility to set the VLAN
EtherType to anything else than 0x8100 (802.1ad uses 0x88A8).

Submitted by:	Olivier Piras
Sponsored by:	RG Nets
Differential Revision:	https://reviews.freebsd.org/D26436
2020-10-21 21:28:20 +00:00
Alexander V. Chernikov
a3525bd166 Try to enable multipath routing in flowid tests. 2020-10-16 21:51:17 +00:00
Andrew Turner
f56a08c810 Fix write only mappings on arm64
When trapping on a wrote access to a buffer the kernel has mapped as write
only we should only pass the VM_PROT_WRITE flag. Previously the call to
vm_fault_trap as the VM_PROT_READ flag was unexpected.

Reported by:	manu
Sponsored by:	Innovate UK
2020-10-13 10:26:15 +00:00
Kristof Provost
e6f9af16bc pf tests: Test that 'set skip on <group>' works on new group members
There's a know issue where new group members don't get the 'set skip on'
applied until the rules are re-loaded.

Do this by setting rules that block all traffic, but skip members of the
'epair' group. If we can communicate over the epair interface we know the set
skip rule took effect, even if the rule was set before the interface was
created.

MFC after:	2 weeks
2020-10-12 12:41:10 +00:00
Li-Wen Hsu
2c39128feb Temporarily skip failing test cases in CI:
sys.capsicum.functional.Capability__NoBypassDAC
sys.capsicum.functional.Pdfork__OtherUserForked

PR:		250178, 250179
Sponsored by:	The FreeBSD Foundation
2020-10-07 09:53:24 +00:00
Li-Wen Hsu
3d077160cb Skip test written in Googltest in the wrapper script
This leaves the main test body untouched and only skip running in the CI env,
makes doing local test easier while developing.

PR:		244165
Sponsored by:	The FreeBSD Foundation
2020-10-07 07:23:29 +00:00
Li-Wen Hsu
c300407979 Temporarily skip failing test cases in CI:
sys.capsicum.functional.ForkedOpenatTest_WithFlagInCapabilityMode___
sys.capsicum.functional.OpenatTest__WithFlag

PR:		249960
Sponsored by:	The FreeBSD Foundation
2020-10-06 12:57:54 +00:00
Li-Wen Hsu
194d562872 Make capsicum test cases fine-grained
Add a wrapping script to use ATF to run tests written with Googletest
one by one. This helps locating and tracking the failing case in CI easier.

This is a temporarily solution while Googletest support in Kyua is developing.
We will revert this once Kyua+Googletest integration is ready.

Reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D25896
2020-10-06 06:45:52 +00:00
Li-Wen Hsu
7862a433e9 Clear the dmesg buffer to prevent rotating causes issues
This is a workaround for the current continuously failing test case

sys.kern.sonewconn_overflow.sonewconn_overflow_01

The side effect is the dmesg buffer got cleared and may effect other tests
depends on dmesg output running in parallel.  The better solution would be
tailing the log file like /var/log/debug.log

Sponsored by:	The FreeBSD Foundation
2020-10-06 04:18:42 +00:00
Alexander V. Chernikov
1b95005e95 Fix route flags update during RTM_CHANGE.
Nexthop lookup was not consireding rt_flags when doing
 structure comparison, which lead to an original nexthop
 selection when changing flags. Fix the case by adding
 rt_flags field into comparison and rearranging nhop_priv
 fields to allow for efficient matching.
Fix `route change X/Y flags` case - recent changes
 disallowed specifying RTF_GATEWAY flag without actual gateway.
 It turns out, route(8) fills in RTF_GATEWAY by default, unless
 -interface flag is specified. Fix regression by clearing
 RTF_GATEWAY flag instead of failing.
Fix route flag reporting in RTM_CHANGE messages by explicitly
 updating rtm_flags after operation competion.
Add IPv4/IPv6 tests for flag-only route changes.
2020-10-04 13:24:58 +00:00
Alan Somers
d262168916 fusefs tests: quell Coverity "Argument cannot be negative" warnings
Must abort tests early if open(2) fails.

Reported by:	Coverity
Coverity CID:	1432810 and many others
Reviewed by:	kevans
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D26635
2020-10-02 17:06:05 +00:00
Kyle Evans
7cc42f6d25 Do a sweep and remove most WARNS=6 settings
Repeating the default WARNS here makes it slightly more difficult to
experiment with default WARNS changes, e.g. if we did something absolutely
bananas and introduced a WARNS=7 and wanted to try lifting the default to
that.

Drop most of them; there is one in the blake2 kernel module, but I suspect
it should be dropped -- the default WARNS in the rest of the build doesn't
currently apply to kernel modules, and I haven't put too much thought into
whether it makes sense to make it so.
2020-10-01 01:10:51 +00:00
Olivier Cochard
0d46edd0bb Enable SO_LINGER to the so_reuseport_lb_test regression tests, preventing
many sockets in TIME_WAIT state at the end of the test.

PR:		249885
Reviewed by:	markj
Approved by:	markj
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D26549
2020-09-25 16:02:13 +00:00
Alan Somers
a62772a78e fusefs: fix mmap'd writes in direct_io mode
If a FUSE server returns FOPEN_DIRECT_IO in response to FUSE_OPEN, that
instructs the kernel to bypass the page cache for that file. This feature
is also known by libfuse's name: "direct_io".

However, when accessing a file via mmap, there is no possible way to bypass
the cache completely. This change fixes a deadlock that would happen when
an mmap'd write tried to invalidate a portion of the cache, wrongly assuming
that a write couldn't possibly come from cache if direct_io were set.

Arguably, we could instead disable mmap for files with FOPEN_DIRECT_IO set.
But allowing it is less likely to cause user complaints, and is more in
keeping with the spirit of open(2), where O_DIRECT instructs the kernel to
"reduce", not "eliminate" cache effects.

PR:		247276
Reported by:	trapexit@spawn.link
Reviewed by:	cem
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D26485
2020-09-24 16:27:53 +00:00
Kyle Evans
93900fe76d tests: move the memfd tests over to sys/posixshm
memfd_create is implemented on top of posixshm, so this is a logically
correct place for them to be. Moreover, this reduces the number of places to
look to run tests when working in this part of the tree.

Discussed with:	kib (to some extent, a while ago)
2020-09-23 19:54:59 +00:00
Kyle Evans
fe815331bb build: provide a default WARNS for all in-tree builds
The current default is provided in various Makefile.inc in some top-level
directories and covers a good portion of the tree, but doesn't cover parts
of the build a little deeper (e.g. libcasper).

Provide a default in src.sys.mk and set WARNS to it in bsd.sys.mk if that
variable is defined. This lets us relatively cleanly provide a default WARNS
no matter where you're building in the src tree without breaking things
outside of the tree.

Crunchgen has been updated as a bootstrap tool to work on this change
because it needs r365605 at a minimum to succeed. The cleanup necessary to
successfully walk over this change on WITHOUT_CLEAN builds has been added.

There is a supplemental project to this to list all of the warnings that are
encountered when the environment has WARNS=6 NO_WERROR=yes:
https://warns.kevans.dev -- this project will hopefully eventually go away
in favor of CI doing a much better job than it.

Reviewed by:	emaste, brooks, ngie (all earlier version)
Reviewed by:	emaste, arichardson (depend-cleanup.sh change)
Differential Revision:	https://reviews.freebsd.org/D26455
2020-09-18 17:17:46 +00:00
Alexander V. Chernikov
4a8c6300e9 Use atf_fail instead of exit 1 to indicate mpath tests failure. 2020-09-18 07:27:01 +00:00
Mark Johnston
77ceadee6d Add some basic regression tests for SHM_LARGEPAGE.
Discussed with:	kib
Sponsored by:	Juniper Networks, Inc.
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D25900
2020-09-17 16:44:12 +00:00
Andrew Turner
2a6803de1c Use MACHINE_CPUARCH when checking for arm64
Use MACHINE_CPUARCH with arm64 (aarch64) when we build code that could run
on any 64-bit Arm instruction set. This will simplify checks in downstream
consumers targeting prototype instruction sets.

The only place we check for MACHINE_ARCH == aarch64 is when building the
device tree blobs. As these are targeting current generation ISAs.

Sponsored by:	Innovate UK
Differential Revision:	https://reviews.freebsd.org/D26370
2020-09-14 16:12:28 +00:00
Li-Wen Hsu
e55e20a0e9 Revert r365592 and r365603 as the tests are fixed by r365593
PR:		249236
Sponsored by:	The FreeBSD Foundation
2020-09-11 05:45:27 +00:00
Alexander V. Chernikov
99efb80d00 Add basic test for net.fibs dynamic growth.
Reviewed by:	kp
Differential Revision:	https://reviews.freebsd.org/D26382
2020-09-10 19:25:51 +00:00
Kyle Evans
4d6265e3e4 Fix the build after r365592
r365592 accidentally mixed atf-c and atf-sh; convert atf_skip -> atf_tc_skip
2020-09-10 17:58:24 +00:00
Li-Wen Hsu
b804b5bca1 Temporarily skip failing sys.kern.memfd_test.* tests in CI
PR:		249236
Sponsored by:	The FreeBSD Foundation
2020-09-10 17:15:44 +00:00
Li-Wen Hsu
8e6b8fc655 Initialize len to avoid ENOMEM from sysctl(3).
PR:		248933
Sponsored by:	The FreeBSD Foundation
2020-09-04 19:24:27 +00:00
Konstantin Belousov
6eeccaa91b Fix kern_copyin test.
Main part is that kern_copyin on amd64 after LA57 should query the top
of UVA for correct operations. In fact it should started doing that
after the workaround for AMD bug with IRET in the last user page was
fixed by reducing UVA by a page.

Also since we started calculating top of UVA, fix MIPS according to
the comment.

Reported by:	lwhsu
PR:	248933
Reviewed by:	alc, markj
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D26312
2020-09-04 12:52:16 +00:00
Ryan Moeller
d29f13b904 Skip zpool_clear_005_pos test until bug fixed
Messing with gnop devices under a zpool fails in this test, causing
the pool to be suspended and eventually the system to deadlock.

Skip the test for now until the issue is resolved.

PR:		tests/248910
Discussed with:	lwhsu
Sponsored by:	iXsystems, Inc.
2020-08-25 20:04:35 +00:00
Matt Macy
9e5787d228 Merge OpenZFS support in to HEAD.
The primary benefit is maintaining a completely shared
code base with the community allowing FreeBSD to receive
new features sooner and with less effort.

I would advise against doing 'zpool upgrade'
or creating indispensable pools using new
features until this change has had a month+
to soak.

Work on merging FreeBSD support in to what was
at the time "ZFS on Linux" began in August 2018.
I first publicly proposed transitioning FreeBSD
to (new) OpenZFS on December 18th, 2018. FreeBSD
support in OpenZFS was finally completed in December
2019. A CFT for downstreaming OpenZFS support in
to FreeBSD was first issued on July 8th. All issues
that were reported have been addressed or, for
a couple of less critical matters there are
pull requests in progress with OpenZFS. iXsystems
has tested and dogfooded extensively internally.
The TrueNAS 12 release is based on OpenZFS with
some additional features that have not yet made
it upstream.

Improvements include:
  project quotas, encrypted datasets,
  allocation classes, vectorized raidz,
  vectorized checksums, various command line
  improvements, zstd compression.

Thanks to those who have helped along the way:
Ryan Moeller, Allan Jude, Zack Welch, and many
others.

Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D25872
2020-08-25 02:21:27 +00:00
Alexander V. Chernikov
5676d488c2 Add test for checking RTF_HOST and RTAX_NETMASK inconsistency.
RTF_HOST indicates whether route is a host route
 (netmask is empty or /{32,128}).
Check that if netmask is empty and host route is not specified, kernel
 returns an error.

Differential Revision:	https://reviews.freebsd.org/D26155
2020-08-22 18:14:05 +00:00
Alan Somers
8d2105da16 fusefs: fix the FUSE_FORGET unit test after r364064
Thanks to r364064, the name cache now returns a hit where previously it
would miss.  Adjust the expectations accordingly.

PR:		248583
Reported by:	lwhsu
MFC with:	r364064
2020-08-11 01:09:06 +00:00
Dimitry Andric
967348a966 Use static inline for iface_{setup,delete}_addr in tests/sys/net/routing.
This fixes possible link errors, similar to:

ld: error: undefined symbol: iface_setup_addr
>>> referenced by test_rtsock_l3.c:111 (tests/sys/net/routing/test_rtsock_l3.c:111)
>>>               test_rtsock_l3.o:(presetup_ipv4)
>>> referenced by test_rtsock_l3.c:79 (tests/sys/net/routing/test_rtsock_l3.c:79)
>>>               test_rtsock_l3.o:(presetup_ipv6)
>>> referenced by test_rtsock_l3.c:512 (tests/sys/net/routing/test_rtsock_l3.c:512)
>>>               test_rtsock_l3.o:(atfu_rtm_change_v4_gw_success_body)
>>> referenced 10 more times

In C (not C++), 'naked' inline is almost always a mistake. Either use
static inline (this is appropriate for most cases), or extern inline.

MFC after:	3 days
2020-08-08 11:06:27 +00:00
Bryan Drewery
3cee7cb269 Limit gmirror failpoint tests to the test worker
This avoids injecting errors into the test system's mirrors.

gnop seems like a good solution here but it injects errors at the wrong
place vs where these tests expect and does not support a 'max global count'
like the failpoints do with 'n*' syntax.

Reviewed by:	cem, vangyzen
Sponsored by:	Dell EMC Isilon
2020-07-23 23:29:50 +00:00
Li-Wen Hsu
5f2d3b42de Fix sys.geom.class.eli.onetime_test.onetime after r363402
PR:		247954
X-MFC with:	r363402
Sponsored by:	The FreeBSD Foundation
2020-07-22 17:37:11 +00:00
Alan Somers
aafaa8b794 Fix geli's null cipher, and add a test case
PR:		247954
Submitted by:	jhb (sys), asomers (tests)
Reviewed by:	jhb (tests), asomers (sys)
MFC after:	2 weeks
Sponsored by:	Axcient
2020-07-21 19:18:29 +00:00
Chuck Silvers
3b41d99d76 add a few tests for sendfile.
Reviewed by:	markj
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25431
2020-07-20 20:36:32 +00:00
Alan Somers
2a7a4b196d tests/sys/opencrypto: use python3
python2 will be EOL soon

Reviewed by:	lwhsu, jmg
MFC after:	2 weeks
Sponsored by:	Axcient
Differential Revision:	https://reviews.freebsd.org/D25682
2020-07-20 12:47:15 +00:00
Mark Johnston
9a1184de2a Add safexcel(4) to cryptotest.
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC (Netgate)
2020-07-14 14:11:54 +00:00
Enji Cooper
cdb9318eed Don't leave path behind when executing :chflags_success
Prior to this change a `SF_IMMUTABLE` chflagsat(2)'ed file (`path`) was left
behind, which sabotaged kyua(1) from being able to clean up the work directory,
This resulted in unnecessary work for folks having to clean up the work
directory on non-disposable systems, which defaults to `/tmp`. Use `UF_OFFLINE`
instead of `SF_IMMUTABLE`, in part because setting `SF_IMMUTABLE` isn't relevant
to the test and `SF_IMMUTABLE` cannot be cleared at all securelevels, as pointed
out by @asomers.

Additional work is required to catch cases like this upfront in the future to
avoid tester headache. See PR # 247765 for more details/followup.

Suggested by:	asomers
Reviewed By:	asomers, #tests
MFC after:	1 week
PR:		247761
Sponsored by:	DellEMC
Differential Revision: https://reviews.freebsd.org/D25561
2020-07-12 17:16:57 +00:00
Kyle Evans
423a033ba7 memfd_create: turn on SHM_GROW_ON_WRITE
memfd_create fds will no longer require an ftruncate(2) to set the size;
they'll grow (to the extent that it's possible) upon write(2)-like syscalls.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D25502
2020-07-10 00:45:16 +00:00
Alan Somers
6f818c1fb0 geli: enable direct dispatch
geli does all of its crypto operations in a separate thread pool, so
g_eli_start, g_eli_read_done, and g_eli_write_done don't actually do very
much work. Enabling direct dispatch eliminates the g_up/g_down bottlenecks,
doubling IOPs on my system. This change does not affect the thread pool.

Reviewed by:	markj
MFC after:	2 weeks
Sponsored by:	Axcient
Differential Revision:	https://reviews.freebsd.org/D25587
2020-07-08 17:12:12 +00:00
Alexander V. Chernikov
eddfb2e86f Fix IPv6 regression introduced by r362900.
PR:		kern/247729
2020-07-03 08:06:26 +00:00
Li-Wen Hsu
2749666d01 Temporarily skip sys.netinet6.redirect.valid_redirect in CI
PR:		247729
Sponsored by:	The FreeBSD Foundation
2020-07-03 02:02:34 +00:00
Edward Tomasz Napierala
7a9a01db9f Make sys.auditpipe depend on /dev/auditpipe. This fixes a few failures
on armv7.

MFC after:	2 weeks
Sponsored by:	DARPA
2020-06-24 12:17:40 +00:00
Li-Wen Hsu
f29bf91a23 Temporarily skip unstable sys.geom.class.gate.ggate_test.ggated on i386 in CI
PR:		244737
Sponsored by:	The FreeBSD Foundation
2020-06-24 07:25:54 +00:00
Edward Tomasz Napierala
a8ca275b7d Make audit tests depend on /dev/auditpipe. This should fix
some 416 failing tests on armv7:

https://ci.freebsd.org/job/FreeBSD-head-armv7-test/lastCompletedBuild/testReport/

Reviewed by:	asomers
MFC after:	2 weeks
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D25144
2020-06-18 15:41:16 +00:00
Li-Wen Hsu
435166f877 Skip sys.net.if_lagg_test.lacp_linkstate_destroy_stress in CI because of panic
PR:		244168
Sponsored by:	The FreeBSD Foundation
2020-06-11 18:59:57 +00:00
Kristof Provost
048c96e3e6 bridge tests: Re-enable STP test
This test should no longer provoke large amounts of traffic, which can
overwhelm single-core systems, preventing them from making progress in the
tests.

The test can now be re-enabled.

PR:		246448
2020-06-07 13:53:02 +00:00
Kristof Provost
e07e002e95 bridge tests: Avoid building a switching loop
Enable STP before bringing the bridges up. This avoids a switching loop,
which has a tendency to drown out progress in userspace processes,
especially on single-core systems.

Only check that we have indeed shut down one of the looped interfaces

PR:		246448
Reviewed by:	melifaro
Differential Revision:	https://reviews.freebsd.org/D25084
2020-06-01 19:26:16 +00:00
Li-Wen Hsu
4d3aef0780 Revert r361497, these cases are fixed by r361617.
PR:		246737
Sponsored by:	The FreeBSD Foundation
2020-05-29 10:09:47 +00:00
Shteryana Shopova
a7a64b722b Proper check if divert(4) module is present by the relevant tests
Fix the netinet/netinet6 divert tests falsely reporting 'ipdivert module is
not loaded' when the divert module is built into the kernel

Sponsored by:	Axiado
Differential Revision:	https://reviews.freebsd.org/D25026
2020-05-27 16:33:00 +00:00
Li-Wen Hsu
c4e61d8568 Disable failing test cases in CI:
sys.netipsec.tunnel.aes_cbc_128_hmac_sha1.v4
sys.netipsec.tunnel.aes_cbc_256_hmac_sha2_256.v4
sys.netipsec.tunnel.aesni_aes_cbc_128_hmac_sha1.v4
sys.netipsec.tunnel.aesni_aes_cbc_256_hmac_sha2_256.v4

PR:		246737
Sponsored by:	The FreeBSD Foundation
2020-05-26 06:55:03 +00:00
Alan Somers
bfcb817bcd Fix issues with FUSE_ACCESS when default_permissions is disabled
This patch fixes two issues relating to FUSE_ACCESS when the
default_permissions mount option is disabled:

* VOP_ACCESS() calls with VADMIN set should never be sent to a fuse server
  in the form of FUSE_ACCESS operations. The FUSE protocol has no equivalent
  of VADMIN, so we must evaluate such things kernel-side, regardless of the
  default_permissions setting.

* The FUSE protocol only requires FUSE_ACCESS to be sent for two purposes:
  for the access(2) syscall and to check directory permissions for
  searchability during lookup. FreeBSD sends it much more frequently, due to
  differences between our VFS and Linux's, for which FUSE was designed. But
  this patch does eliminate several cases not required by the FUSE protocol:

  * for any FUSE_*XATTR operation
  * when creating a new file
  * when deleting a file
  * when setting timestamps, such as by utimensat(2).

* Additionally, when default_permissions is disabled, this patch removes one
  FUSE_GETATTR operation when deleting a file.

PR:		245689
Reported by:	MooseFS FreeBSD Team <freebsd@moosefs.pro>
Reviewed by:	cem
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24777
2020-05-22 18:11:17 +00:00
Mark Johnston
9bf12bb91d Avoid hard-coding pipe buffer sizes in the pipe and fifo kqueue tests.
Fix some style issues in the modified tests while here.

Reported by:	Jenkins via lwhsu
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2020-05-20 17:48:18 +00:00
Edward Tomasz Napierala
f464bd04ce Make sys.net.if_bridge_test depend on python; sys.net.if_bridge_test.span
requires it.

MFC after:	2 weeks
Sponsored by:	DARPA
2020-05-19 21:55:29 +00:00
Edward Tomasz Napierala
b43bd1070c Make sys.netinet.output and sys.netinet6.output6 tests depend on python;
they need to be able to run net_receiver.py.

MFC after:	2 weeks
Sponsored by:	DARPA
2020-05-19 21:48:45 +00:00
Li-Wen Hsu
6c9dbd8b13 Revert r361237, it's fixed by r361231
PR:		246560
Sponsored by:	The FreeBSD Foundation
2020-05-19 07:16:09 +00:00
Li-Wen Hsu
3f5fe78b9a Temporarily disable test case causes kernel panic in CI:
- sys.netinet.so_reuseport_lb_test.basic_ipv6

PR:		246560
Sponsored by:	The FreeBSD Foundation
2020-05-19 02:07:08 +00:00
Li-Wen Hsu
f9777376b9 Revert 357780, dtrace -c has been fixed in head`
PR:		244053
Sponsored by:	The FreeBSD Foundation
2020-05-18 23:43:48 +00:00
Alan Somers
275379902e fusefs: fix intermittency in some ENOENT tests
When a FUSE operation other than LOOKUP returns ENOENT, the kernel will
reclaim that vnode, resuling in a FUSE_FORGET being sent a short while
later.  Many of the ENOENT tests weren't expecting those FUSE_FORGET
operations.  They usually passed by luck since FUSE_FORGET is often delayed.
This commit adds appropriate expectations.

MFC after:	2 weeks
2020-05-18 18:36:32 +00:00
Alan Somers
8bebfe076d Reenable sys.geom.class.gate.ggate_test.ggated in CI
Should be fixed by r360613

PR:		244737
Reported by:	lwhsu
2020-05-17 02:41:50 +00:00
Kyle Evans
1d2e31af14 pf tests: fix up a couple WARNS= 6 nits
common_init_tbl is only used within this single CU, so it should be marked
static.

WARNS=6 also complained about the var defined by
`ATF_TC_WITH_CLEANUP(getastats);` being unused, which turns out to be
because it's not been hooked up in ATF_TP_ADD_TCS. kp@ did not immediately
recall any reason for this, and the case passes on my local system, so hook
it up.

Note that I've not yet set WARNS= 6 here. Investigation is underway to see
if we can feasibly default WARNS to 6 for src builds to catch directories
too deep to inherit a WARNS from the top-level subdirectories' Makefile.inc.
Those particular WARNS settings will be subsequently removed as they become
redundant with a more-global default.

MFC after:	1 week
2020-05-14 23:20:58 +00:00
Li-Wen Hsu
b18e0a534f Only skip sys.net.if_clone_test.epair_stress in CI env
PR:		246443
Sponsored by:	The FreeBSD Foundation
2020-05-13 20:37:46 +00:00
Li-Wen Hsu
bf3dd13d41 Temporarily skip sys.net.if_bridge_test.stp in CI as it always times out
PR:		244229
Sponsored by:	The FreeBSD Foundation
2020-05-13 20:36:38 +00:00
Li-Wen Hsu
40988c2456 Temporarily skip sys.net.if_clone_test.epair_stress
This case timed out so often

PR:		246443
Sponsored by:	The FreeBSD Foundation
2020-05-13 19:29:14 +00:00
Mark Johnston
17dd52dfab Add a basic table entry counter regression test.
Reviewed by:	kp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24809
2020-05-11 19:08:03 +00:00
Mark Johnston
96bc58ea81 Remove the svn:executable property from some pf test files.
The test makefiles will handle setting mode bits during install.  Also,
Phabricator gets upset when uploading an executable plain-text file
without a shebang.

MFC after:	1 week
2020-05-11 19:07:33 +00:00
Alan Somers
a22a780752 fusefs: fix two small bugs in the tests' expectations
These two errors have been present since the tests' introduction.
Coincidentally every test (I think there's only one) that cares about that
field also works when the field's value is 0.

MFC after:	2 weeks
2020-05-08 23:00:02 +00:00
Alan Somers
deed14f451 Fix the sys.geom.class.multipath.misc.fail_on_error test on stable/12
This test uses a gnop feature (delay probability) that isn't available on
stable/12.  But it's unnecessary; the test works fine without it.  Removing
it simplifies the test and, once MFCed, will allow it to pass on stable/12.

PR:		244158
Reported by:	lwhsu
MFC after:	2 weeks
2020-05-08 02:42:15 +00:00
Alexander V. Chernikov
768c98a737 Add basic routing LPM tests.
Differential Revision:	https://reviews.freebsd.org/D24684
2020-05-06 07:48:37 +00:00
Li-Wen Hsu
bbea96df46 Revert r360204, sys.netipsec.tunnel.empty.v{4,6} are fixed by r360560
PR:		245832
Sponsored by:	The FreeBSD Foundation
2020-05-04 11:23:55 +00:00
Alan Somers
4abfd5bd93 Fix intermittent cleanup failures in the ggated test
MFC after:	2 weeks
2020-05-03 18:10:54 +00:00
Alan Somers
b43a935cae Resolve conflict between the fusefs(5) and mac_bsdextended(4) tests
mac_bsdextended(4), when enabled, causes ordinary operations to send many
more VOP_GETATTRs to file system. The fusefs tests expectations aren't
written with those in mind. Optionally expecting them would greatly
obfuscate the fusefs tests. Worse, certain fusefs functionality (like
attribute caching) would be impossible to test if the tests couldn't expect
an exact number of GETATTR operations.

This commit resolves that conflict by making two changes:

1. The fusefs tests will now check for mac_bsdextended, and skip if it's
   enabled.
2. The mac_bsdextended tests will now check whether the module is enabled, not
   merely loaded. If it's loaded but disabled, the tests will automatically
   enable it for the duration of the tests.

With these changes, a CI system can achieve best coverage by loading both
fusefs and mac_bsdextended at boot, and setting
security.mac.bsdextended.enabled=0

PR:		244229
Reported by:	lwhsu
Reviewed by:	cem
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24577
2020-05-02 20:14:59 +00:00
John Baldwin
6c80c319ef Remove support for the algorithms deprecated in r348876.
This removes support for the following algorithms:
- ARC4
- Blowfish
- CAST128
- DES
- 3DES
- MD5-HMAC
- Skipjack

Since /dev/crypto no longer supports 3DES, stop testing the 3DES KAT
vectors in cryptotest.py.

Reviewed by:	cem (previous version)
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24346
2020-05-02 14:20:32 +00:00
Ed Maste
de1ca57386 geli tests require OpenSSL - exclude them under WITHOUT_OPENSSL
PR:		245931
Submitted by:	The FreeBSD Foundation
2020-04-30 21:09:01 +00:00
Mark Johnston
344d411c67 Add some regression tests for read and write kevents on pipes.
Submitted by:	Jan Kokemüller <jan.kokemueller@gmail.com>
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24528
2020-04-27 15:59:34 +00:00
Kristof Provost
5377560783 bridge tests: Test for #216510
We used to have an issue with recursive locking with
net.link.bridge.inherit_mac. This causes us to send an ARP request while
we hold the BRIDGE_LOCK, which used to cause us to acquire the
BRIDGE_LOCK again. We can't re-acquire it, so this caused a panic.

Now that we no longer need to acquire the BRIDGE_LOCK for
bridge_transmit() this should no longer panic. Test this.

PR:	216510
Reviewed by:	emaste, philip
MFC after:	2 months
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24251
2020-04-26 16:27:03 +00:00
Alan Somers
db20acc029 mac_bsdextended: ATFify the tests
The new tests have more complete setup and cleanup, are more granular, and
correctly annotate expected failures and skipped tests. A follow-up commit
will resolve a conflict with the fusefs tests (bug 244229).

MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24257
2020-04-26 15:51:46 +00:00
Li-Wen Hsu
87e9ade239 Temporarily skip sys.netipsec.tunnel.empty.v{4,6} in CI
PR:		245832
Sponsored by:	The FreeBSD Foundation
2020-04-22 20:50:24 +00:00
John Baldwin
871eec00e2 Update blake2 accelerated software tests to work after OCF refactoring.
- Lookup device drivers to test by name instead of assuming that the
  software / hardware flags will select specific drivers.
- Set the sysctl to permit software /dev/crypto requests when testing
  the accelerated software blake2 driver.

PR:		245825
Reported by:	lwhsu
Reviewed by:	cem, lwhsu
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24540
2020-04-22 20:43:18 +00:00
Li-Wen Hsu
841d3cc068 Temporarily skip sys.opencrypto.blake2_test.blake2{b,s}_vectors_x86 in CI
PR:		245825
Sponsored by:	The FreeBSD Foundation
2020-04-22 14:45:00 +00:00
Li-Wen Hsu
79959b8475 Enable timer tests in sys.kqueue.libkqueue.kqueue_test.main on i386
They were fixed in r360140

PR:		245768
Sponsored by:	The FreeBSD Foundation
2020-04-22 09:53:41 +00:00
Alex Richardson
f527d7de58 Remove extern from function declarations in common.h
Suggested by: cem
2020-04-21 15:55:08 +00:00
Li-Wen Hsu
129ba2d368 Temporarily skip timer tests in sys.kqueue.libkqueue.kqueue_test.main on i386
PR:		245768
Sponsored by:	The FreeBSD Foundation
2020-04-20 17:48:10 +00:00
Li-Wen Hsu
69b7dbeb38 Only skip sys.netinet.socket_afinet.socket_afinet_bind_zero in CI env
Sponsored by:	The FreeBSD Foundation
2020-04-20 14:24:13 +00:00
Li-Wen Hsu
a1841da4fa Temporarily disable sys.netinet.divert.* on i386
PR:		244703
Sponsored by:	The FreeBSD Foundation
2020-04-20 14:18:56 +00:00
Kyle Evans
0fbdc3726a tests: kqueue: fix some issues with now() on ILP32 platforms
There were ultimately two separate problems here:
- a 32-bit long cannot represent microseconds since 1970 (noted by ian)
- time_t is 32-bit on i386, so now() was wrong anyways even with the correct
  return type.

For the first, just explicitly use a uint64_t for now() and all of the
callers. For the second, we need to explicitly cast tv_sec to uint64_t
before it gets multiplied in the SEC_TO_US macro. Casting this instance
rather than generally in the macro was arbitrarily chosen simply because all
other uses are converting small relative time values.

The tests now pass on i386, at least; presumably other ILP32 will be fine
now as well.
2020-04-20 00:47:28 +00:00
Kristof Provost
2885ae0c3c bridge tests: Ensure that bridges in different jails get different MAC addresses
We used to have a problem where bridges created in different vnet jails
would end up having the same mac address. This is now fixed by
including the jail name as a seed for the mac address generation, but we
should verify that it doesn't regress.
2020-04-19 16:30:49 +00:00
Alex Richardson
c9c283bd30 Fix various warnings in tests/sys/kqueue and bump WARNS
Reviewed By:	kevans
Differential Revision: https://reviews.freebsd.org/D24296
2020-04-18 12:54:47 +00:00
Olivier Cochard
86686423d5 Skip routing regression tests depending on if_epair if this module isn't installed.
Approved by:	melifaro
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D24468
2020-04-17 16:31:07 +00:00
Kristof Provost
3f359bfd47 bridge tests: Test deleting a bridge with members
Reviewed by:	philip, emaste
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24337
2020-04-17 14:57:15 +00:00
Kyle Evans
c17dd0e88b tests: kqueue: use a more precise timer for the NOTE_ABSTIME test
Originally noticed while attempting to run the kqueue tests under
qemu-user-static, this apparently just happens sometimes when running in a
jail in general -- the timer will fire off "too early," but it's really just
the result of imprecise measurements (noted by cem).

Kicking this over to NOTE_USECONDS still tests the correct thing while
allowing it to work more consistently; a basic sanity test reveals that we
often end up coming in just less than 200 microseconds after the timer
fired off.

MFC after:	3 days
2020-04-17 02:22:15 +00:00
Jonathan T. Looney
631d525dc1 Add a regression test for the changes in r359922 and r359923.
Note that the Python code has been tested on both Python 2.7 and 3.7.

Reviewed by:	olivier
MFC after:	2 weeks
Sponsored by:	Netflix, Inc.
2020-04-16 20:07:34 +00:00
Kyle Evans
30b4df2e4a tests: audit: mark closefrom test an expected fail for now
closefrom has been converted to close_range internally; remediation is
underway for this, marking it as an expected fail for now while proper
course is determined.

PR:		245625
2020-04-14 23:36:03 +00:00
Kyle Evans
51a16c8412 posixshm: fix counting of writable mappings
Similar to mmap'ing vnodes, posixshm should count any mapping where maxprot
contains VM_PROT_WRITE (i.e. fd opened r/w with no write-seal applied) as
writable and thus blocking of any write-seal.

The memfd tests have been amended to reflect the fixes here, which notably
includes:

1. Fix for error return bug; EPERM is not a documented failure mode for mmap
2. Fix rejection of write-seal with active mappings that can be upgraded via
    mprotect(2).

Reported by:	markj
Discussed with:	markj, kib
2020-04-14 13:32:03 +00:00
Kyle Evans
605c4cda2f close_range/closefrom: fix regression from close_range introduction
close_range will clamp the range between [0, fdp->fd_lastfile], but failed
to take into account that fdp->fd_lastfile can become -1 if all fds are
closed. =-( In this scenario, just return because there's nothing further we
can do at the moment.

Add a test case for this, fork() and simply closefrom(0) twice in the child;
on the second invocation, fdp->fd_lastfile == -1 and will trigger a panic
before this change.

X-MFC-With:	r359836
2020-04-13 17:55:31 +00:00
Kyle Evans
472ced39ef Implement a close_range(2) syscall
close_range(min, max, flags) allows for a range of descriptors to be
closed. The Python folk have indicated that they would much prefer this
interface to closefrom(2), as the case may be that they/someone have special
fds dup'd to higher in the range and they can't necessarily closefrom(min)
because they don't want to hit the upper range, but relocating them to lower
isn't necessarily feasible.

sys_closefrom has been rewritten to use kern_close_range() using ~0U to
indicate closing to the end of the range. This was chosen rather than
requiring callers of kern_close_range() to hold FILEDESC_SLOCK across the
call to kern_close_range for simplicity.

The flags argument of close_range(2) is currently unused, so any flags set
is currently EINVAL. It was added to the interface in Linux so that future
flags could be added for, e.g., "halt on first error" and things of this
nature.

This patch is based on a syscall of the same design that is expected to be
merged into Linux.

Reviewed by:	kib, markj, vangyzen (all slightly earlier revisions)
Differential Revision:	https://reviews.freebsd.org/D21627
2020-04-12 21:23:19 +00:00
Kristof Provost
47308803e7 carp tests: Basic functionality test
Set up three vnet jails, bridged together. Run carp between two of them.
Attempt to provoke locking / epoch issues.

Reviewed by:	mav (previous version), melifaro, asomers
Differential Revision:	https://reviews.freebsd.org/D24303
2020-04-12 16:13:05 +00:00
Kyle Evans
ce6a89e27c kqueue tests: fix -fno-common build
vnode_fd and kqfd are both shared among multiple CU; define them exactly
once.

In the case of vnode_fd, it was simply the declaration that needed
correction.

-fno-common will become the default in GCC10/LLVM11.

MFC after:	3 days
2020-04-06 23:08:07 +00:00
Alexander V. Chernikov
272bd6985f Add routing tests verifying basic RTM_CHANGE functionality.
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24239
2020-04-02 20:02:33 +00:00
Alexander V. Chernikov
ddc7507637 Switch rtsock tests to per-test jails and epair interfaces.
Many rtsock tests verify the ordering of the kernel messages for the
 particular event. In order to avoid flaky tests due to the other tests
 running, switch all tests to use personal vnet-enabled jails.
This removes all clashes on the IP addresses and brings back the ability
 to run these tests simultaneously.

Reported by:	olivier
Reviewed by:	olivier
Differential Revision:	https://reviews.freebsd.org/D24182
2020-03-29 06:25:57 +00:00
John Baldwin
c034143269 Refactor driver and consumer interfaces for OCF (in-kernel crypto).
- The linked list of cryptoini structures used in session
  initialization is replaced with a new flat structure: struct
  crypto_session_params.  This session includes a new mode to define
  how the other fields should be interpreted.  Available modes
  include:

  - COMPRESS (for compression/decompression)
  - CIPHER (for simply encryption/decryption)
  - DIGEST (computing and verifying digests)
  - AEAD (combined auth and encryption such as AES-GCM and AES-CCM)
  - ETA (combined auth and encryption using encrypt-then-authenticate)

  Additional modes could be added in the future (e.g. if we wanted to
  support TLS MtE for AES-CBC in the kernel we could add a new mode
  for that.  TLS modes might also affect how AAD is interpreted, etc.)

  The flat structure also includes the key lengths and algorithms as
  before.  However, code doesn't have to walk the linked list and
  switch on the algorithm to determine which key is the auth key vs
  encryption key.  The 'csp_auth_*' fields are always used for auth
  keys and settings and 'csp_cipher_*' for cipher.  (Compression
  algorithms are stored in csp_cipher_alg.)

- Drivers no longer register a list of supported algorithms.  This
  doesn't quite work when you factor in modes (e.g. a driver might
  support both AES-CBC and SHA2-256-HMAC separately but not combined
  for ETA).  Instead, a new 'crypto_probesession' method has been
  added to the kobj interface for symmteric crypto drivers.  This
  method returns a negative value on success (similar to how
  device_probe works) and the crypto framework uses this value to pick
  the "best" driver.  There are three constants for hardware
  (e.g. ccr), accelerated software (e.g. aesni), and plain software
  (cryptosoft) that give preference in that order.  One effect of this
  is that if you request only hardware when creating a new session,
  you will no longer get a session using accelerated software.
  Another effect is that the default setting to disallow software
  crypto via /dev/crypto now disables accelerated software.

  Once a driver is chosen, 'crypto_newsession' is invoked as before.

- Crypto operations are now solely described by the flat 'cryptop'
  structure.  The linked list of descriptors has been removed.

  A separate enum has been added to describe the type of data buffer
  in use instead of using CRYPTO_F_* flags to make it easier to add
  more types in the future if needed (e.g. wired userspace buffers for
  zero-copy).  It will also make it easier to re-introduce separate
  input and output buffers (in-kernel TLS would benefit from this).

  Try to make the flags related to IV handling less insane:

  - CRYPTO_F_IV_SEPARATE means that the IV is stored in the 'crp_iv'
    member of the operation structure.  If this flag is not set, the
    IV is stored in the data buffer at the 'crp_iv_start' offset.

  - CRYPTO_F_IV_GENERATE means that a random IV should be generated
    and stored into the data buffer.  This cannot be used with
    CRYPTO_F_IV_SEPARATE.

  If a consumer wants to deal with explicit vs implicit IVs, etc. it
  can always generate the IV however it needs and store partial IVs in
  the buffer and the full IV/nonce in crp_iv and set
  CRYPTO_F_IV_SEPARATE.

  The layout of the buffer is now described via fields in cryptop.
  crp_aad_start and crp_aad_length define the boundaries of any AAD.
  Previously with GCM and CCM you defined an auth crd with this range,
  but for ETA your auth crd had to span both the AAD and plaintext
  (and they had to be adjacent).

  crp_payload_start and crp_payload_length define the boundaries of
  the plaintext/ciphertext.  Modes that only do a single operation
  (COMPRESS, CIPHER, DIGEST) should only use this region and leave the
  AAD region empty.

  If a digest is present (or should be generated), it's starting
  location is marked by crp_digest_start.

  Instead of using the CRD_F_ENCRYPT flag to determine the direction
  of the operation, cryptop now includes an 'op' field defining the
  operation to perform.  For digests I've added a new VERIFY digest
  mode which assumes a digest is present in the input and fails the
  request with EBADMSG if it doesn't match the internally-computed
  digest.  GCM and CCM already assumed this, and the new AEAD mode
  requires this for decryption.  The new ETA mode now also requires
  this for decryption, so IPsec and GELI no longer do their own
  authentication verification.  Simple DIGEST operations can also do
  this, though there are no in-tree consumers.

  To eventually support some refcounting to close races, the session
  cookie is now passed to crypto_getop() and clients should no longer
  set crp_sesssion directly.

- Assymteric crypto operation structures should be allocated via
  crypto_getkreq() and freed via crypto_freekreq().  This permits the
  crypto layer to track open asym requests and close races with a
  driver trying to unregister while asym requests are in flight.

- crypto_copyback, crypto_copydata, crypto_apply, and
  crypto_contiguous_subsegment now accept the 'crp' object as the
  first parameter instead of individual members.  This makes it easier
  to deal with different buffer types in the future as well as
  separate input and output buffers.  It's also simpler for driver
  writers to use.

- bus_dmamap_load_crp() loads a DMA mapping for a crypto buffer.
  This understands the various types of buffers so that drivers that
  use DMA do not have to be aware of different buffer types.

- Helper routines now exist to build an auth context for HMAC IPAD
  and OPAD.  This reduces some duplicated work among drivers.

- Key buffers are now treated as const throughout the framework and in
  device drivers.  However, session key buffers provided when a session
  is created are expected to remain alive for the duration of the
  session.

- GCM and CCM sessions now only specify a cipher algorithm and a cipher
  key.  The redundant auth information is not needed or used.

- For cryptosoft, split up the code a bit such that the 'process'
  callback now invokes a function pointer in the session.  This
  function pointer is set based on the mode (in effect) though it
  simplifies a few edge cases that would otherwise be in the switch in
  'process'.

  It does split up GCM vs CCM which I think is more readable even if there
  is some duplication.

- I changed /dev/crypto to support GMAC requests using CRYPTO_AES_NIST_GMAC
  as an auth algorithm and updated cryptocheck to work with it.

- Combined cipher and auth sessions via /dev/crypto now always use ETA
  mode.  The COP_F_CIPHER_FIRST flag is now a no-op that is ignored.
  This was actually documented as being true in crypto(4) before, but
  the code had not implemented this before I added the CIPHER_FIRST
  flag.

- I have not yet updated /dev/crypto to be aware of explicit modes for
  sessions.  I will probably do that at some point in the future as well
  as teach it about IV/nonce and tag lengths for AEAD so we can support
  all of the NIST KAT tests for GCM and CCM.

- I've split up the exising crypto.9 manpage into several pages
  of which many are written from scratch.

- I have converted all drivers and consumers in the tree and verified
  that they compile, but I have not tested all of them.  I have tested
  the following drivers:

  - cryptosoft
  - aesni (AES only)
  - blake2
  - ccr

  and the following consumers:

  - cryptodev
  - IPsec
  - ktls_ocf
  - GELI (lightly)

  I have not tested the following:

  - ccp
  - aesni with sha
  - hifn
  - kgssapi_krb5
  - ubsec
  - padlock
  - safe
  - armv8_crypto (aarch64)
  - glxsb (i386)
  - sec (ppc)
  - cesa (armv7)
  - cryptocteon (mips64)
  - nlmsec (mips64)

Discussed with:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D23677
2020-03-27 18:25:23 +00:00
Alfredo Dal'Ava Junior
9b2877353b so_reuseport_lb_test: correct setsockopt parameter size
Change type of variable used in setsocketopt so correct size of
option is passed.

Test failure was identified when running the test on PowerPC64,
and the following error message was seen:

	"bind () failed: Address already in use"

Submitted by:	Fernando Valle <fernando.valle@eldorado.org.br>
Reviewed by:	melifaro, adalava
Approved by:	jhibbits (mentor)
Sponsored by:	Eldorado Research Institute (eldorado.org.br)
Differential Revision:	https://reviews.freebsd.org/D24164
2020-03-25 20:20:08 +00:00
Alexander V. Chernikov
b4a4a3b82f Add tests verifying IPv4/IPv6 output for TCP/UDP/raw paths.
Reviewed by:	kp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24138
2020-03-23 12:21:32 +00:00
Kristof Provost
bb490fcf19 bridge tests: Basic span test
Reviewed by:	philip, emaste (previous version)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23961
2020-03-16 08:44:46 +00:00
Li-Wen Hsu
c0507192fa Skip sys.netpfil.pf.nat.exhaust on all platforms as it not only fails on amd64
PR:		244703
Sponsored by:	The FreeBSD Foundation
2020-03-13 16:44:48 +00:00
Li-Wen Hsu
f95988cc0e Temporarily skip sys.geom.class.gate.ggate_test.ggated in CI
PR:		244737
Sponsored by:	The FreeBSD Foundation
2020-03-11 10:42:05 +00:00
Alan Somers
b0ecfb42d1 fusefs: avoid cache corruption with buggy fuse servers
The FUSE protocol allows the client (kernel) to cache a file's size, if the
server (userspace daemon) allows it. A well-behaved daemon obviously should
not change a file's size while a client has it cached. But a buggy daemon
might. If the kernel ever detects that that has happened, then it should
invalidate the entire cache for that file. Previously, we would not only
cache stale data, but in the case of a file extension while we had the size
cached, we accidentally extended the cache with zeros.

PR:		244178
Reported by:	Ben RUBSON <ben.rubson@gmx.com>
Reviewed by:	cem
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24012
2020-03-11 04:29:45 +00:00
Alexander V. Chernikov
d7cdd89777 Add basic IPv4/IPv6 forwarding tests.
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24002
2020-03-10 19:52:19 +00:00
Li-Wen Hsu
7d292b4814 Skip sys.netpfil.pf.nat.exhaust on amd64 in CI as it sometimes panics kernel
PR:		244703
Sponsored by:	The FreeBSD Foundation
2020-03-10 19:18:24 +00:00
Kristof Provost
d99bb677c1 bridge test: adding and removing static addresses
Reviewed by:	philip
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23960
2020-03-10 06:29:59 +00:00
Kristof Provost
6f0a65b080 bridge test: spanning tree
Basic test case where we create a bridge loop, verify that we really are
looping and then enable spanning tree to resolve the loop.

Reviewed by:	philip
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23959
2020-03-10 06:28:45 +00:00
Alan Somers
d970778e6f fusefs: fix fsync for files with multiple open handles
We were reusing a structure for multiple operations, but failing to
reinitialize one member.  The result is that a server that cares about FUSE
file handle IDs would see one correct FUSE_FSYNC operation, and one with the
FHID unset.

PR:		244431
Reported by:	Agata <chogata@gmail.com>
MFC after:	2 weeks
2020-03-09 01:57:21 +00:00
Alan Somers
cc6e71e16c [skip ci] fix typo in comment in the fusefs tests
MFC after:	2 weeks
2020-03-09 00:14:09 +00:00
Olivier Cochard
8ccf503240 Skip if_epair regression test if module doesn't exist
Approved by:	kp
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D23876
2020-03-03 17:35:15 +00:00
Alexander V. Chernikov
ea2773323c Fix dynamic redrects by adding forgotten RTF_HOST flag.
Improve tests to verify the generated route flags.

Reported by:	jtl
MFC after:	2 weeks
2020-03-03 15:33:43 +00:00
Li-Wen Hsu
06bd9afc5f Skip the right test case
PR:		244172
Sponsored by:	The FreeBSD Foundation
2020-02-26 15:15:55 +00:00
Li-Wen Hsu
547a1e03c3 Revert r358309 after r358311.
PR:		244393
Sponsored by:	The FreeBSD Foundation
2020-02-26 04:54:50 +00:00
Li-Wen Hsu
bebf52f1ec Temporarily skip failing test case sys.netpfil.pf.fragmentation.v6
PR:		244393
Sponsored by:	The FreeBSD Foundation
2020-02-25 11:56:54 +00:00
Kristof Provost
e3c73f3d74 bridge tests: Remove unneeded 'All rights reserved.'
The FreeBSD foundation no longer requires this, as per
https://lists.freebsd.org/pipermail/svn-src-all/2019-February/177215.html and
private communications.

Sponsored by:	The FreeBSD Foundation
2020-02-19 16:44:16 +00:00
Alan Somers
691c0a5f3d [skip ci] delete obsolete comment in fusefs tests
It should've been deleted by r349436

MFC after:	2 weeks
2020-02-19 01:51:01 +00:00
Li-Wen Hsu
db41308a28 Temporarily skip flakey test case sys.netinet.fibs_test.udp_dontroute6 in CI
PR:		244172
Sponsored by:	The FreeBSD Foundation
2020-02-16 17:55:32 +00:00
Li-Wen Hsu
314ef80dc4 Temporarily skip flakey test case sys.netinet6.frag6.frag6_07.frag6_07 in CI
PR:		244170
Sponsored by:	The FreeBSD Foundation
2020-02-16 17:36:16 +00:00
Li-Wen Hsu
f1cabcd328 Temporarily skip sys.net.if_lagg_test.lacp_linkstate_destroy_stress on i386 CI
It panics kernel

PR:		244168
Sponsored by:	The FreeBSD Foundation
2020-02-16 16:49:29 +00:00
Kristof Provost
095aabf7dc bridge: Basic test case
Very basic bridge test: Set up two jails and test that they can pass IPv4
traffic over the bridge.

Reviewed by:	melifaro, philip
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23697
2020-02-16 13:16:40 +00:00
Li-Wen Hsu
07a721ac73 Temporarily skip failing sys.net.if_lagg_test.witness on i386 CI
PR:		244163
Sponsored by:	The FreeBSD Foundation
2020-02-16 11:16:05 +00:00
Li-Wen Hsu
5b697c5be0 Remove trailing whitespace
Sponsored by:	The FreeBSD Foundation
2020-02-16 10:59:32 +00:00
Li-Wen Hsu
11dcf43de8 Remove trailing whitespace
Sponsored by:	The FreeBSD Foundation
2020-02-16 10:57:42 +00:00
Alexander V. Chernikov
2207447bf4 Add basic IPDIVERT tests.
Reviewed by:	lwhsu,kp
Differential Revision:	https://reviews.freebsd.org/D23316
2020-02-14 09:36:35 +00:00
Li-Wen Hsu
c27ac74f9c Properly fix GCC build in r357867
Submitted by:	kib
Sponsored by:	The FreeBSD Foundation
2020-02-14 09:25:29 +00:00
Li-Wen Hsu
338450436d Fix GCC build.
Sponsored by:	The FreeBSD Foundation
2020-02-13 19:05:19 +00:00
Kristof Provost
475b483aee tests: Enable net tests
We have a number of tests in the net subdirectory that were not executed. List
the net directory so we run those tests.
2020-02-13 14:09:09 +00:00
Alexander V. Chernikov
99a7fa9268 * Fix flaking lle tests by filtering out non-relevant rtsock messages.
* Consistently use RTM_DECLARE_ROOT_TEST() macro.
* Temporarily remove iftype validation from IPv6 lle notifications.

Reported by:	kp
2020-02-12 21:16:30 +00:00
Alan Somers
7ee7e40976 fusefs: fix some memory leaks in the tests.
Oddly, most of these were not detected by Coverity.

Reported by:	Coverity (one of them, anyway)
Coverity CID:	1404490
MFC after:	2 weeks
2020-02-12 18:11:07 +00:00
Ed Maste
9c68ef1455 Tag pjdfstest symlink with pkgbase package
As with the rest of pjdfstest, tag the symlink with package=tests.
The tests -> . symlink seems a little strange but that's independent
of pkgbase.

Sponsored by:	The FreeBSD Foundation
2020-02-12 17:37:32 +00:00
Li-Wen Hsu
519aaa1500 Temporarily skip flakey test case sys.kern.ptrace_test.ptrace__parent_exits_before_child
PR:		244056
Sponsored by:	The FreeBSD Foundation
2020-02-11 23:17:58 +00:00
Li-Wen Hsu
f192f64848 Temporarily skip failing test case sys.kern/ptrace_test/ptrace__parent_wait_after_attach
PR:		244055
Sponsored by:	The FreeBSD Foundation
2020-02-11 22:48:12 +00:00
Li-Wen Hsu
0c556b7f98 Temporarily skip sys.geom.class.multipath.failloop.failloop in CI
This case uses `dtrace -c` but it has some issues at the moment

PR:		244053
Sponsored by:	The FreeBSD Foundation
2020-02-11 22:21:22 +00:00
Li-Wen Hsu
ec5fd09524 Reduce nc timeout in sys.mac.portacl.*
It is not necessary to wait that long for localhost.

Sponsored by:	The FreeBSD Foundation
2020-02-11 20:41:51 +00:00
Kristof Provost
50214f86c5 tests: epair: Don't fail if we load if_epair
kldload() returns a positive integer when it loads a ko, so check that the
return value is -1 to detect error cases, not that it's different from zero.

MFC after:	3 days
X-MFC-With:	r357234
2020-02-01 19:40:11 +00:00
Kristof Provost
7bde621ba3 tests: epair: Don't fail if the if_epair module is already loaded
kldload() returns an error (EEXIST) if the module is already loaded.
That's not a problem for us, so ignore that error.

While here also clean up include statements.

MFC after:	3 days
X-MFC-With:	r357234
2020-02-01 11:31:45 +00:00
Conrad Meyer
037d75302e Revert r357246
I have no idea what this code is trying to do, leave it be.

Reported by:	lwhsu
2020-01-29 22:37:01 +00:00
Conrad Meyer
d71e0db25b qmath(3) test: Replace overcomplicated abomination with arc4random(3)
The horrific GENRAND construction bent over backwards to construct 64-bit
signed integers from the 31-bit output of random(3) for about 20 numbers per
test.  Reproducibility wasn't a goal: random(3) was seeded with
srandomdev(3).  Speed is not a factor for generating 20 integers with
arc4random(3).  Range is not a factor: all uses did not bound the range
beyond that of the full [INT64_MIN, INT64_MAX].  Just use arc4random(3).

Reported by:	Coverity
CIDs:		1404809, 1404817, 1404838, 1404840 and about 6x other
		identical reports of dubious code relating to the
		construction
2020-01-29 05:25:20 +00:00
Kristof Provost
5458a63bca tests: Test for an epair panic
if_epair abused the ifr_data field to insert its second interface in
IFC_IFLIST. If userspace provides a value for ifr_data it would get
dereferenced by the kernel leading to a panic.

Reported by:	Ilja Van Sprundel <ivansprundel@ioactive.com>
MFC after:	3 days
2020-01-28 22:46:51 +00:00
Alan Somers
95e6640be2 geli: add a test case for attaching multiple providers with 1 command
Reviewed by:	cem
MFC after:	2 weeks
Sponsored by:	Axcient
Differential Revision:	https://reviews.freebsd.org/D23400
2020-01-28 18:32:19 +00:00
Li-Wen Hsu
fba0af0bf8 Temporarily skip flakey test case sys.kern.ptrace_test.ptrace__procdesc_reparent_wait_child
PR:		243605
Sponsored by:	The FreeBSD Foundation
2020-01-26 07:24:49 +00:00
Li-Wen Hsu
a0ba604b80 Specify PACKAGE to install tests files
MFC after:	3 weeks
MFC with:	r356984
Sponsored by:	The FreeBSD Foundation
2020-01-25 23:22:08 +00:00
Kristof Provost
b6a0d88cbe tests: Routing tests overwrote net tests
The routing subdirectory installed into the same directory as the test tests,
which caused them to overwrite the net Kyuafile. As a result these tests were
not executed.

X-MFC-With:	r356146
2020-01-25 10:51:51 +00:00
Ed Maste
af6fbe519c Tag /usr/tests/local symlink with package=tests
As with the rest of /usr/tests, so that it is handled correctly on
pkgbase-installed/updated systems.

Sponsored by:	The FreeBSD Foundation
2020-01-23 15:59:30 +00:00
Alexander V. Chernikov
34a5582c47 Bring back redirect route expiration.
Redirect (and temporal) route expiration was broken a while ago.
This change brings route expiration back, with unified IPv4/IPv6 handling code.

It introduces net.inet.icmp.redirtimeout sysctl, allowing to set
 an expiration time for redirected routes. It defaults to 10 minutes,
 analogues with net.inet6.icmp6.redirtimeout.

Implementation uses separate file, route_temporal.c, as route.c is already
 bloated with tons of different functions.
Internally, expiration is implemented as an per-rnh callout scheduled when
 route with non-zero rt_expire time is added or rt_expire is changed.
 It does not add any overhead when no temporal routes are present.

Callout traverses entire routing tree under wlock, scheduling expired routes
 for deletion and calculating the next time it needs to be run. The rationale
 for such implemention is the following: typically workloads requiring large
 amount of routes have redirects turned off already, while the systems with
 small amount of routes will not inhibit large overhead during tree traversal.

This changes also fixes netstat -rn display of route expiration time, which
 has been broken since the conversion from kread() to sysctl.

Reviewed by:	bz
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D23075
2020-01-22 13:53:18 +00:00
Kyle Evans
53f8212826 tests: fusefs: silence remaining unsigned/signed comparison warnings
External GCC turns these into errors; cast to long to silence them.

Reviewed by:	asomers
Differential Revision:	https://reviews.freebsd.org/D23127
2020-01-10 21:51:27 +00:00
Alexander V. Chernikov
ac0bea768b Include human-readable list of rtm flags along with bitmask in error messages
for rtsock tests.

MFC after:	2 weeks
2020-01-10 08:54:46 +00:00
Kyle Evans
f10405323a posixshm: implement posix_fallocate(2)
Linux expects to be able to use posix_fallocate(2) on a memfd. Other places
would use this with shm_open(2) to act as a smarter ftruncate(2).

Test has been added to go along with this.

Reviewed by:	kib (earlier version)
Differential Revision:	https://reviews.freebsd.org/D23042
2020-01-08 19:08:44 +00:00
Alexander V. Chernikov
e02d3fe70c Fix rtsock route message generation for interface addresses.
Reviewed by:	olivier
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D22974
2020-01-07 21:16:30 +00:00
Li-Wen Hsu
061838233a Revert r355861 because the issue has been fixed in r356443
PR:		242689
Notified by:	markj
Sponsored by:	The FreeBSD Foundation
2020-01-07 17:49:49 +00:00
Kyle Evans
d679c71970 Refine fusefs test workaround for mips+llvm
This re-enables building the googletest suite by default on mips and instead
specifically doesn't build fusefs tests for mips+clang builds.  clang will
easily spent >= 1.5 hours compiling a single file due to a bug in
optimization (see LLVM PR 43263), so turn these off for now while that's
hashed out.

GCC builds are unaffected and build the fusefs tests as-is. Clang builds
only happen by early adopters attempting to hash out the remaining issues.

The comment has been updated to reflect its new position and use less strong
wording about imposing on people.

Discussed with:	ngie, asomers
Reviewed by:	ngie
2020-01-06 18:25:58 +00:00
Bryan Drewery
0cb4586a0b lio_listio_empty_nowait_thread sometimes does *not* hang.
The other tests consistently do hang though.

Sponsored by:	DellEMC
2020-01-04 18:59:46 +00:00
Alexander V. Chernikov
775dc8613d Add userland tests for route table/lltable rtsock operations.
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D22860
2019-12-28 12:16:40 +00:00
Li-Wen Hsu
00488f54de Temporarily skip failing sys.geom.class.multipath.failloop.failloop on i386 CI
PR:		242689
Sponsored by:	The FreeBSD Foundation
2019-12-17 19:01:09 +00:00
Alan Somers
67f72211dd gmultipath: add ATF tests
Add ATF tests for most gmultipath operations. Add some dtrace probes too,
primarily for configuration changes that happen in response to provider
errors.

PR:		178473
MFC after:	2 weeks
Sponsored by:	Axcient
Differential Revision:	https://reviews.freebsd.org/D22235
2019-12-06 00:12:14 +00:00
Mariusz Zaborski
8e49361164 procdesc: allow to collect status through wait(1) if process is traced
The debugger like truss(1) depends on the wait(2) syscall. This syscall
waits for ALL children. When it is waiting for ALL child's the children
created by process descriptors are not returned. This behavior was
introduced because we want to implement libraries which may pdfork(1).

The behavior of process descriptor brakes truss(1) because it will
not be able to collect the status of processes with process descriptors.

To address this problem the status is returned to parent when the
child is traced. While the process is traced the debugger is the new parent.
In case the original parent and debugger are the same process it means the
debugger explicitly used pdfork() to create the child. In that case the debugger
should be using kqueue()/pdwait() instead of wait().

Add test case to verify that. The test case was implemented by markj@.

Reviewed by:	kib, markj
Discussed with:	jhb
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D20362
2019-11-25 18:33:21 +00:00
Li-Wen Hsu
b9e5cb0580 Fix gcc build
We have -Werror=strict-overflow so gcc complains:

In file included from /tmp/obj/workspace/src/amd64.amd64/tmp/usr/include/bitstring.h:36:0,
                 from /workspace/src/tests/sys/sys/bitstring_test.c:34:
/workspace/src/tests/sys/sys/bitstring_test.c: In function 'bit_ffc_at_test':
/workspace/src/sys/sys/bitstring.h:239:5: error: assuming signed overflow does not occur when assuming that (X + c) >= X is always true [-Werror=strict-overflow]
  if (_start >= _nbits) {
     ^

Disable assuming overflow of signed integer will never happen by specifying
-fno-strict-overflow

Sponsored by:	The FreeBSD Foundation
2019-11-24 15:03:35 +00:00
Doug Moore
be252a414f The error messages that indicate bugs in 'area' bitstring functions
should identify accurately which function exhibited the bug.

Reviewed by: asomers
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D22519
2019-11-23 17:22:36 +00:00
Li-Wen Hsu
70314c42e7 Initialize variable bitstr
r354991 removed variable-sized object initializing on defining.  For the safe
reason, manually initialize the members to 0.

Sponsored by:	The FreeBSD Foundation
2019-11-22 10:15:15 +00:00