Commit Graph

1037 Commits

Author SHA1 Message Date
markj
8189e49a0a Add a basic table entry counter regression test.
Reviewed by:	kp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24809
2020-05-11 19:08:03 +00:00
markj
fd94e9975a Remove the svn:executable property from some pf test files.
The test makefiles will handle setting mode bits during install.  Also,
Phabricator gets upset when uploading an executable plain-text file
without a shebang.

MFC after:	1 week
2020-05-11 19:07:33 +00:00
asomers
f79b04f890 fusefs: fix two small bugs in the tests' expectations
These two errors have been present since the tests' introduction.
Coincidentally every test (I think there's only one) that cares about that
field also works when the field's value is 0.

MFC after:	2 weeks
2020-05-08 23:00:02 +00:00
asomers
ed4820f0a8 Fix the sys.geom.class.multipath.misc.fail_on_error test on stable/12
This test uses a gnop feature (delay probability) that isn't available on
stable/12.  But it's unnecessary; the test works fine without it.  Removing
it simplifies the test and, once MFCed, will allow it to pass on stable/12.

PR:		244158
Reported by:	lwhsu
MFC after:	2 weeks
2020-05-08 02:42:15 +00:00
melifaro
68a4c41e98 Add basic routing LPM tests.
Differential Revision:	https://reviews.freebsd.org/D24684
2020-05-06 07:48:37 +00:00
lwhsu
4a59f8c218 Revert r360204, sys.netipsec.tunnel.empty.v{4,6} are fixed by r360560
PR:		245832
Sponsored by:	The FreeBSD Foundation
2020-05-04 11:23:55 +00:00
asomers
c10a26d837 Fix intermittent cleanup failures in the ggated test
MFC after:	2 weeks
2020-05-03 18:10:54 +00:00
asomers
8d0b137513 Resolve conflict between the fusefs(5) and mac_bsdextended(4) tests
mac_bsdextended(4), when enabled, causes ordinary operations to send many
more VOP_GETATTRs to file system. The fusefs tests expectations aren't
written with those in mind. Optionally expecting them would greatly
obfuscate the fusefs tests. Worse, certain fusefs functionality (like
attribute caching) would be impossible to test if the tests couldn't expect
an exact number of GETATTR operations.

This commit resolves that conflict by making two changes:

1. The fusefs tests will now check for mac_bsdextended, and skip if it's
   enabled.
2. The mac_bsdextended tests will now check whether the module is enabled, not
   merely loaded. If it's loaded but disabled, the tests will automatically
   enable it for the duration of the tests.

With these changes, a CI system can achieve best coverage by loading both
fusefs and mac_bsdextended at boot, and setting
security.mac.bsdextended.enabled=0

PR:		244229
Reported by:	lwhsu
Reviewed by:	cem
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24577
2020-05-02 20:14:59 +00:00
jhb
b345efd4ae Remove support for the algorithms deprecated in r348876.
This removes support for the following algorithms:
- ARC4
- Blowfish
- CAST128
- DES
- 3DES
- MD5-HMAC
- Skipjack

Since /dev/crypto no longer supports 3DES, stop testing the 3DES KAT
vectors in cryptotest.py.

Reviewed by:	cem (previous version)
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24346
2020-05-02 14:20:32 +00:00
emaste
312327e698 geli tests require OpenSSL - exclude them under WITHOUT_OPENSSL
PR:		245931
Submitted by:	The FreeBSD Foundation
2020-04-30 21:09:01 +00:00
markj
605ee0cbe8 Add some regression tests for read and write kevents on pipes.
Submitted by:	Jan Kokemüller <jan.kokemueller@gmail.com>
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24528
2020-04-27 15:59:34 +00:00
kp
aa14143cf0 bridge tests: Test for #216510
We used to have an issue with recursive locking with
net.link.bridge.inherit_mac. This causes us to send an ARP request while
we hold the BRIDGE_LOCK, which used to cause us to acquire the
BRIDGE_LOCK again. We can't re-acquire it, so this caused a panic.

Now that we no longer need to acquire the BRIDGE_LOCK for
bridge_transmit() this should no longer panic. Test this.

PR:	216510
Reviewed by:	emaste, philip
MFC after:	2 months
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24251
2020-04-26 16:27:03 +00:00
asomers
ab62894faf mac_bsdextended: ATFify the tests
The new tests have more complete setup and cleanup, are more granular, and
correctly annotate expected failures and skipped tests. A follow-up commit
will resolve a conflict with the fusefs tests (bug 244229).

MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24257
2020-04-26 15:51:46 +00:00
lwhsu
d4cd49e4e1 Temporarily skip sys.netipsec.tunnel.empty.v{4,6} in CI
PR:		245832
Sponsored by:	The FreeBSD Foundation
2020-04-22 20:50:24 +00:00
jhb
cda3f0d49c Update blake2 accelerated software tests to work after OCF refactoring.
- Lookup device drivers to test by name instead of assuming that the
  software / hardware flags will select specific drivers.
- Set the sysctl to permit software /dev/crypto requests when testing
  the accelerated software blake2 driver.

PR:		245825
Reported by:	lwhsu
Reviewed by:	cem, lwhsu
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24540
2020-04-22 20:43:18 +00:00
lwhsu
5e8f32e389 Temporarily skip sys.opencrypto.blake2_test.blake2{b,s}_vectors_x86 in CI
PR:		245825
Sponsored by:	The FreeBSD Foundation
2020-04-22 14:45:00 +00:00
lwhsu
c7c025ad99 Enable timer tests in sys.kqueue.libkqueue.kqueue_test.main on i386
They were fixed in r360140

PR:		245768
Sponsored by:	The FreeBSD Foundation
2020-04-22 09:53:41 +00:00
arichardson
09ce4f8140 Remove extern from function declarations in common.h
Suggested by: cem
2020-04-21 15:55:08 +00:00
lwhsu
ee2ca7c581 Temporarily skip timer tests in sys.kqueue.libkqueue.kqueue_test.main on i386
PR:		245768
Sponsored by:	The FreeBSD Foundation
2020-04-20 17:48:10 +00:00
lwhsu
3fd1ed6f36 Only skip sys.netinet.socket_afinet.socket_afinet_bind_zero in CI env
Sponsored by:	The FreeBSD Foundation
2020-04-20 14:24:13 +00:00
lwhsu
28da4d8197 Temporarily disable sys.netinet.divert.* on i386
PR:		244703
Sponsored by:	The FreeBSD Foundation
2020-04-20 14:18:56 +00:00
kevans
31237f9605 tests: kqueue: fix some issues with now() on ILP32 platforms
There were ultimately two separate problems here:
- a 32-bit long cannot represent microseconds since 1970 (noted by ian)
- time_t is 32-bit on i386, so now() was wrong anyways even with the correct
  return type.

For the first, just explicitly use a uint64_t for now() and all of the
callers. For the second, we need to explicitly cast tv_sec to uint64_t
before it gets multiplied in the SEC_TO_US macro. Casting this instance
rather than generally in the macro was arbitrarily chosen simply because all
other uses are converting small relative time values.

The tests now pass on i386, at least; presumably other ILP32 will be fine
now as well.
2020-04-20 00:47:28 +00:00
kp
d05176ab06 bridge tests: Ensure that bridges in different jails get different MAC addresses
We used to have a problem where bridges created in different vnet jails
would end up having the same mac address. This is now fixed by
including the jail name as a seed for the mac address generation, but we
should verify that it doesn't regress.
2020-04-19 16:30:49 +00:00
arichardson
1600471305 Fix various warnings in tests/sys/kqueue and bump WARNS
Reviewed By:	kevans
Differential Revision: https://reviews.freebsd.org/D24296
2020-04-18 12:54:47 +00:00
olivier
40782cfcd4 Skip routing regression tests depending on if_epair if this module isn't installed.
Approved by:	melifaro
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D24468
2020-04-17 16:31:07 +00:00
kp
bbfb0cfb35 bridge tests: Test deleting a bridge with members
Reviewed by:	philip, emaste
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24337
2020-04-17 14:57:15 +00:00
kevans
fa4675f29b tests: kqueue: use a more precise timer for the NOTE_ABSTIME test
Originally noticed while attempting to run the kqueue tests under
qemu-user-static, this apparently just happens sometimes when running in a
jail in general -- the timer will fire off "too early," but it's really just
the result of imprecise measurements (noted by cem).

Kicking this over to NOTE_USECONDS still tests the correct thing while
allowing it to work more consistently; a basic sanity test reveals that we
often end up coming in just less than 200 microseconds after the timer
fired off.

MFC after:	3 days
2020-04-17 02:22:15 +00:00
jtl
dbbb9f24b0 Add a regression test for the changes in r359922 and r359923.
Note that the Python code has been tested on both Python 2.7 and 3.7.

Reviewed by:	olivier
MFC after:	2 weeks
Sponsored by:	Netflix, Inc.
2020-04-16 20:07:34 +00:00
kevans
5ec8a1ae9b tests: audit: mark closefrom test an expected fail for now
closefrom has been converted to close_range internally; remediation is
underway for this, marking it as an expected fail for now while proper
course is determined.

PR:		245625
2020-04-14 23:36:03 +00:00
kevans
8c5ad1b4c0 posixshm: fix counting of writable mappings
Similar to mmap'ing vnodes, posixshm should count any mapping where maxprot
contains VM_PROT_WRITE (i.e. fd opened r/w with no write-seal applied) as
writable and thus blocking of any write-seal.

The memfd tests have been amended to reflect the fixes here, which notably
includes:

1. Fix for error return bug; EPERM is not a documented failure mode for mmap
2. Fix rejection of write-seal with active mappings that can be upgraded via
    mprotect(2).

Reported by:	markj
Discussed with:	markj, kib
2020-04-14 13:32:03 +00:00
kevans
4045a67bf3 close_range/closefrom: fix regression from close_range introduction
close_range will clamp the range between [0, fdp->fd_lastfile], but failed
to take into account that fdp->fd_lastfile can become -1 if all fds are
closed. =-( In this scenario, just return because there's nothing further we
can do at the moment.

Add a test case for this, fork() and simply closefrom(0) twice in the child;
on the second invocation, fdp->fd_lastfile == -1 and will trigger a panic
before this change.

X-MFC-With:	r359836
2020-04-13 17:55:31 +00:00
kevans
6371039d47 Implement a close_range(2) syscall
close_range(min, max, flags) allows for a range of descriptors to be
closed. The Python folk have indicated that they would much prefer this
interface to closefrom(2), as the case may be that they/someone have special
fds dup'd to higher in the range and they can't necessarily closefrom(min)
because they don't want to hit the upper range, but relocating them to lower
isn't necessarily feasible.

sys_closefrom has been rewritten to use kern_close_range() using ~0U to
indicate closing to the end of the range. This was chosen rather than
requiring callers of kern_close_range() to hold FILEDESC_SLOCK across the
call to kern_close_range for simplicity.

The flags argument of close_range(2) is currently unused, so any flags set
is currently EINVAL. It was added to the interface in Linux so that future
flags could be added for, e.g., "halt on first error" and things of this
nature.

This patch is based on a syscall of the same design that is expected to be
merged into Linux.

Reviewed by:	kib, markj, vangyzen (all slightly earlier revisions)
Differential Revision:	https://reviews.freebsd.org/D21627
2020-04-12 21:23:19 +00:00
kp
905f203f7c carp tests: Basic functionality test
Set up three vnet jails, bridged together. Run carp between two of them.
Attempt to provoke locking / epoch issues.

Reviewed by:	mav (previous version), melifaro, asomers
Differential Revision:	https://reviews.freebsd.org/D24303
2020-04-12 16:13:05 +00:00
kevans
1ccc9b569b kqueue tests: fix -fno-common build
vnode_fd and kqfd are both shared among multiple CU; define them exactly
once.

In the case of vnode_fd, it was simply the declaration that needed
correction.

-fno-common will become the default in GCC10/LLVM11.

MFC after:	3 days
2020-04-06 23:08:07 +00:00
melifaro
5a596a5c60 Add routing tests verifying basic RTM_CHANGE functionality.
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24239
2020-04-02 20:02:33 +00:00
melifaro
b832076031 Switch rtsock tests to per-test jails and epair interfaces.
Many rtsock tests verify the ordering of the kernel messages for the
 particular event. In order to avoid flaky tests due to the other tests
 running, switch all tests to use personal vnet-enabled jails.
This removes all clashes on the IP addresses and brings back the ability
 to run these tests simultaneously.

Reported by:	olivier
Reviewed by:	olivier
Differential Revision:	https://reviews.freebsd.org/D24182
2020-03-29 06:25:57 +00:00
jhb
ddcef18974 Refactor driver and consumer interfaces for OCF (in-kernel crypto).
- The linked list of cryptoini structures used in session
  initialization is replaced with a new flat structure: struct
  crypto_session_params.  This session includes a new mode to define
  how the other fields should be interpreted.  Available modes
  include:

  - COMPRESS (for compression/decompression)
  - CIPHER (for simply encryption/decryption)
  - DIGEST (computing and verifying digests)
  - AEAD (combined auth and encryption such as AES-GCM and AES-CCM)
  - ETA (combined auth and encryption using encrypt-then-authenticate)

  Additional modes could be added in the future (e.g. if we wanted to
  support TLS MtE for AES-CBC in the kernel we could add a new mode
  for that.  TLS modes might also affect how AAD is interpreted, etc.)

  The flat structure also includes the key lengths and algorithms as
  before.  However, code doesn't have to walk the linked list and
  switch on the algorithm to determine which key is the auth key vs
  encryption key.  The 'csp_auth_*' fields are always used for auth
  keys and settings and 'csp_cipher_*' for cipher.  (Compression
  algorithms are stored in csp_cipher_alg.)

- Drivers no longer register a list of supported algorithms.  This
  doesn't quite work when you factor in modes (e.g. a driver might
  support both AES-CBC and SHA2-256-HMAC separately but not combined
  for ETA).  Instead, a new 'crypto_probesession' method has been
  added to the kobj interface for symmteric crypto drivers.  This
  method returns a negative value on success (similar to how
  device_probe works) and the crypto framework uses this value to pick
  the "best" driver.  There are three constants for hardware
  (e.g. ccr), accelerated software (e.g. aesni), and plain software
  (cryptosoft) that give preference in that order.  One effect of this
  is that if you request only hardware when creating a new session,
  you will no longer get a session using accelerated software.
  Another effect is that the default setting to disallow software
  crypto via /dev/crypto now disables accelerated software.

  Once a driver is chosen, 'crypto_newsession' is invoked as before.

- Crypto operations are now solely described by the flat 'cryptop'
  structure.  The linked list of descriptors has been removed.

  A separate enum has been added to describe the type of data buffer
  in use instead of using CRYPTO_F_* flags to make it easier to add
  more types in the future if needed (e.g. wired userspace buffers for
  zero-copy).  It will also make it easier to re-introduce separate
  input and output buffers (in-kernel TLS would benefit from this).

  Try to make the flags related to IV handling less insane:

  - CRYPTO_F_IV_SEPARATE means that the IV is stored in the 'crp_iv'
    member of the operation structure.  If this flag is not set, the
    IV is stored in the data buffer at the 'crp_iv_start' offset.

  - CRYPTO_F_IV_GENERATE means that a random IV should be generated
    and stored into the data buffer.  This cannot be used with
    CRYPTO_F_IV_SEPARATE.

  If a consumer wants to deal with explicit vs implicit IVs, etc. it
  can always generate the IV however it needs and store partial IVs in
  the buffer and the full IV/nonce in crp_iv and set
  CRYPTO_F_IV_SEPARATE.

  The layout of the buffer is now described via fields in cryptop.
  crp_aad_start and crp_aad_length define the boundaries of any AAD.
  Previously with GCM and CCM you defined an auth crd with this range,
  but for ETA your auth crd had to span both the AAD and plaintext
  (and they had to be adjacent).

  crp_payload_start and crp_payload_length define the boundaries of
  the plaintext/ciphertext.  Modes that only do a single operation
  (COMPRESS, CIPHER, DIGEST) should only use this region and leave the
  AAD region empty.

  If a digest is present (or should be generated), it's starting
  location is marked by crp_digest_start.

  Instead of using the CRD_F_ENCRYPT flag to determine the direction
  of the operation, cryptop now includes an 'op' field defining the
  operation to perform.  For digests I've added a new VERIFY digest
  mode which assumes a digest is present in the input and fails the
  request with EBADMSG if it doesn't match the internally-computed
  digest.  GCM and CCM already assumed this, and the new AEAD mode
  requires this for decryption.  The new ETA mode now also requires
  this for decryption, so IPsec and GELI no longer do their own
  authentication verification.  Simple DIGEST operations can also do
  this, though there are no in-tree consumers.

  To eventually support some refcounting to close races, the session
  cookie is now passed to crypto_getop() and clients should no longer
  set crp_sesssion directly.

- Assymteric crypto operation structures should be allocated via
  crypto_getkreq() and freed via crypto_freekreq().  This permits the
  crypto layer to track open asym requests and close races with a
  driver trying to unregister while asym requests are in flight.

- crypto_copyback, crypto_copydata, crypto_apply, and
  crypto_contiguous_subsegment now accept the 'crp' object as the
  first parameter instead of individual members.  This makes it easier
  to deal with different buffer types in the future as well as
  separate input and output buffers.  It's also simpler for driver
  writers to use.

- bus_dmamap_load_crp() loads a DMA mapping for a crypto buffer.
  This understands the various types of buffers so that drivers that
  use DMA do not have to be aware of different buffer types.

- Helper routines now exist to build an auth context for HMAC IPAD
  and OPAD.  This reduces some duplicated work among drivers.

- Key buffers are now treated as const throughout the framework and in
  device drivers.  However, session key buffers provided when a session
  is created are expected to remain alive for the duration of the
  session.

- GCM and CCM sessions now only specify a cipher algorithm and a cipher
  key.  The redundant auth information is not needed or used.

- For cryptosoft, split up the code a bit such that the 'process'
  callback now invokes a function pointer in the session.  This
  function pointer is set based on the mode (in effect) though it
  simplifies a few edge cases that would otherwise be in the switch in
  'process'.

  It does split up GCM vs CCM which I think is more readable even if there
  is some duplication.

- I changed /dev/crypto to support GMAC requests using CRYPTO_AES_NIST_GMAC
  as an auth algorithm and updated cryptocheck to work with it.

- Combined cipher and auth sessions via /dev/crypto now always use ETA
  mode.  The COP_F_CIPHER_FIRST flag is now a no-op that is ignored.
  This was actually documented as being true in crypto(4) before, but
  the code had not implemented this before I added the CIPHER_FIRST
  flag.

- I have not yet updated /dev/crypto to be aware of explicit modes for
  sessions.  I will probably do that at some point in the future as well
  as teach it about IV/nonce and tag lengths for AEAD so we can support
  all of the NIST KAT tests for GCM and CCM.

- I've split up the exising crypto.9 manpage into several pages
  of which many are written from scratch.

- I have converted all drivers and consumers in the tree and verified
  that they compile, but I have not tested all of them.  I have tested
  the following drivers:

  - cryptosoft
  - aesni (AES only)
  - blake2
  - ccr

  and the following consumers:

  - cryptodev
  - IPsec
  - ktls_ocf
  - GELI (lightly)

  I have not tested the following:

  - ccp
  - aesni with sha
  - hifn
  - kgssapi_krb5
  - ubsec
  - padlock
  - safe
  - armv8_crypto (aarch64)
  - glxsb (i386)
  - sec (ppc)
  - cesa (armv7)
  - cryptocteon (mips64)
  - nlmsec (mips64)

Discussed with:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D23677
2020-03-27 18:25:23 +00:00
alfredo
b4c85238f0 so_reuseport_lb_test: correct setsockopt parameter size
Change type of variable used in setsocketopt so correct size of
option is passed.

Test failure was identified when running the test on PowerPC64,
and the following error message was seen:

	"bind () failed: Address already in use"

Submitted by:	Fernando Valle <fernando.valle@eldorado.org.br>
Reviewed by:	melifaro, adalava
Approved by:	jhibbits (mentor)
Sponsored by:	Eldorado Research Institute (eldorado.org.br)
Differential Revision:	https://reviews.freebsd.org/D24164
2020-03-25 20:20:08 +00:00
melifaro
ed0311bce4 Add tests verifying IPv4/IPv6 output for TCP/UDP/raw paths.
Reviewed by:	kp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24138
2020-03-23 12:21:32 +00:00
kp
d71baa0f7f bridge tests: Basic span test
Reviewed by:	philip, emaste (previous version)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23961
2020-03-16 08:44:46 +00:00
lwhsu
410fae9c53 Skip sys.netpfil.pf.nat.exhaust on all platforms as it not only fails on amd64
PR:		244703
Sponsored by:	The FreeBSD Foundation
2020-03-13 16:44:48 +00:00
lwhsu
303b9ff398 Temporarily skip sys.geom.class.gate.ggate_test.ggated in CI
PR:		244737
Sponsored by:	The FreeBSD Foundation
2020-03-11 10:42:05 +00:00
asomers
cf19591d10 fusefs: avoid cache corruption with buggy fuse servers
The FUSE protocol allows the client (kernel) to cache a file's size, if the
server (userspace daemon) allows it. A well-behaved daemon obviously should
not change a file's size while a client has it cached. But a buggy daemon
might. If the kernel ever detects that that has happened, then it should
invalidate the entire cache for that file. Previously, we would not only
cache stale data, but in the case of a file extension while we had the size
cached, we accidentally extended the cache with zeros.

PR:		244178
Reported by:	Ben RUBSON <ben.rubson@gmx.com>
Reviewed by:	cem
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24012
2020-03-11 04:29:45 +00:00
melifaro
00a6d10429 Add basic IPv4/IPv6 forwarding tests.
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24002
2020-03-10 19:52:19 +00:00
lwhsu
8a54ab92db Skip sys.netpfil.pf.nat.exhaust on amd64 in CI as it sometimes panics kernel
PR:		244703
Sponsored by:	The FreeBSD Foundation
2020-03-10 19:18:24 +00:00
kp
82a7f7f3a4 bridge test: adding and removing static addresses
Reviewed by:	philip
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23960
2020-03-10 06:29:59 +00:00
kp
b1af9442d2 bridge test: spanning tree
Basic test case where we create a bridge loop, verify that we really are
looping and then enable spanning tree to resolve the loop.

Reviewed by:	philip
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23959
2020-03-10 06:28:45 +00:00
asomers
ed91ce8253 fusefs: fix fsync for files with multiple open handles
We were reusing a structure for multiple operations, but failing to
reinitialize one member.  The result is that a server that cares about FUSE
file handle IDs would see one correct FUSE_FSYNC operation, and one with the
FHID unset.

PR:		244431
Reported by:	Agata <chogata@gmail.com>
MFC after:	2 weeks
2020-03-09 01:57:21 +00:00
asomers
7db9d220ca [skip ci] fix typo in comment in the fusefs tests
MFC after:	2 weeks
2020-03-09 00:14:09 +00:00
olivier
5f63eed22b Skip if_epair regression test if module doesn't exist
Approved by:	kp
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D23876
2020-03-03 17:35:15 +00:00