Commit Graph

1056 Commits

Author SHA1 Message Date
Li-Wen Hsu
b804b5bca1 Temporarily skip failing sys.kern.memfd_test.* tests in CI
PR:		249236
Sponsored by:	The FreeBSD Foundation
2020-09-10 17:15:44 +00:00
Li-Wen Hsu
8e6b8fc655 Initialize len to avoid ENOMEM from sysctl(3).
PR:		248933
Sponsored by:	The FreeBSD Foundation
2020-09-04 19:24:27 +00:00
Konstantin Belousov
6eeccaa91b Fix kern_copyin test.
Main part is that kern_copyin on amd64 after LA57 should query the top
of UVA for correct operations. In fact it should started doing that
after the workaround for AMD bug with IRET in the last user page was
fixed by reducing UVA by a page.

Also since we started calculating top of UVA, fix MIPS according to
the comment.

Reported by:	lwhsu
PR:	248933
Reviewed by:	alc, markj
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D26312
2020-09-04 12:52:16 +00:00
Ryan Moeller
d29f13b904 Skip zpool_clear_005_pos test until bug fixed
Messing with gnop devices under a zpool fails in this test, causing
the pool to be suspended and eventually the system to deadlock.

Skip the test for now until the issue is resolved.

PR:		tests/248910
Discussed with:	lwhsu
Sponsored by:	iXsystems, Inc.
2020-08-25 20:04:35 +00:00
Matt Macy
9e5787d228 Merge OpenZFS support in to HEAD.
The primary benefit is maintaining a completely shared
code base with the community allowing FreeBSD to receive
new features sooner and with less effort.

I would advise against doing 'zpool upgrade'
or creating indispensable pools using new
features until this change has had a month+
to soak.

Work on merging FreeBSD support in to what was
at the time "ZFS on Linux" began in August 2018.
I first publicly proposed transitioning FreeBSD
to (new) OpenZFS on December 18th, 2018. FreeBSD
support in OpenZFS was finally completed in December
2019. A CFT for downstreaming OpenZFS support in
to FreeBSD was first issued on July 8th. All issues
that were reported have been addressed or, for
a couple of less critical matters there are
pull requests in progress with OpenZFS. iXsystems
has tested and dogfooded extensively internally.
The TrueNAS 12 release is based on OpenZFS with
some additional features that have not yet made
it upstream.

Improvements include:
  project quotas, encrypted datasets,
  allocation classes, vectorized raidz,
  vectorized checksums, various command line
  improvements, zstd compression.

Thanks to those who have helped along the way:
Ryan Moeller, Allan Jude, Zack Welch, and many
others.

Sponsored by:	iXsystems, Inc.
Differential Revision:	https://reviews.freebsd.org/D25872
2020-08-25 02:21:27 +00:00
Alexander V. Chernikov
5676d488c2 Add test for checking RTF_HOST and RTAX_NETMASK inconsistency.
RTF_HOST indicates whether route is a host route
 (netmask is empty or /{32,128}).
Check that if netmask is empty and host route is not specified, kernel
 returns an error.

Differential Revision:	https://reviews.freebsd.org/D26155
2020-08-22 18:14:05 +00:00
Alan Somers
8d2105da16 fusefs: fix the FUSE_FORGET unit test after r364064
Thanks to r364064, the name cache now returns a hit where previously it
would miss.  Adjust the expectations accordingly.

PR:		248583
Reported by:	lwhsu
MFC with:	r364064
2020-08-11 01:09:06 +00:00
Dimitry Andric
967348a966 Use static inline for iface_{setup,delete}_addr in tests/sys/net/routing.
This fixes possible link errors, similar to:

ld: error: undefined symbol: iface_setup_addr
>>> referenced by test_rtsock_l3.c:111 (tests/sys/net/routing/test_rtsock_l3.c:111)
>>>               test_rtsock_l3.o:(presetup_ipv4)
>>> referenced by test_rtsock_l3.c:79 (tests/sys/net/routing/test_rtsock_l3.c:79)
>>>               test_rtsock_l3.o:(presetup_ipv6)
>>> referenced by test_rtsock_l3.c:512 (tests/sys/net/routing/test_rtsock_l3.c:512)
>>>               test_rtsock_l3.o:(atfu_rtm_change_v4_gw_success_body)
>>> referenced 10 more times

In C (not C++), 'naked' inline is almost always a mistake. Either use
static inline (this is appropriate for most cases), or extern inline.

MFC after:	3 days
2020-08-08 11:06:27 +00:00
Bryan Drewery
3cee7cb269 Limit gmirror failpoint tests to the test worker
This avoids injecting errors into the test system's mirrors.

gnop seems like a good solution here but it injects errors at the wrong
place vs where these tests expect and does not support a 'max global count'
like the failpoints do with 'n*' syntax.

Reviewed by:	cem, vangyzen
Sponsored by:	Dell EMC Isilon
2020-07-23 23:29:50 +00:00
Li-Wen Hsu
5f2d3b42de Fix sys.geom.class.eli.onetime_test.onetime after r363402
PR:		247954
X-MFC with:	r363402
Sponsored by:	The FreeBSD Foundation
2020-07-22 17:37:11 +00:00
Alan Somers
aafaa8b794 Fix geli's null cipher, and add a test case
PR:		247954
Submitted by:	jhb (sys), asomers (tests)
Reviewed by:	jhb (tests), asomers (sys)
MFC after:	2 weeks
Sponsored by:	Axcient
2020-07-21 19:18:29 +00:00
Chuck Silvers
3b41d99d76 add a few tests for sendfile.
Reviewed by:	markj
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D25431
2020-07-20 20:36:32 +00:00
Alan Somers
2a7a4b196d tests/sys/opencrypto: use python3
python2 will be EOL soon

Reviewed by:	lwhsu, jmg
MFC after:	2 weeks
Sponsored by:	Axcient
Differential Revision:	https://reviews.freebsd.org/D25682
2020-07-20 12:47:15 +00:00
Mark Johnston
9a1184de2a Add safexcel(4) to cryptotest.
MFC after:	1 week
Sponsored by:	Rubicon Communications, LLC (Netgate)
2020-07-14 14:11:54 +00:00
Enji Cooper
cdb9318eed Don't leave path behind when executing :chflags_success
Prior to this change a `SF_IMMUTABLE` chflagsat(2)'ed file (`path`) was left
behind, which sabotaged kyua(1) from being able to clean up the work directory,
This resulted in unnecessary work for folks having to clean up the work
directory on non-disposable systems, which defaults to `/tmp`. Use `UF_OFFLINE`
instead of `SF_IMMUTABLE`, in part because setting `SF_IMMUTABLE` isn't relevant
to the test and `SF_IMMUTABLE` cannot be cleared at all securelevels, as pointed
out by @asomers.

Additional work is required to catch cases like this upfront in the future to
avoid tester headache. See PR # 247765 for more details/followup.

Suggested by:	asomers
Reviewed By:	asomers, #tests
MFC after:	1 week
PR:		247761
Sponsored by:	DellEMC
Differential Revision: https://reviews.freebsd.org/D25561
2020-07-12 17:16:57 +00:00
Kyle Evans
423a033ba7 memfd_create: turn on SHM_GROW_ON_WRITE
memfd_create fds will no longer require an ftruncate(2) to set the size;
they'll grow (to the extent that it's possible) upon write(2)-like syscalls.

Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D25502
2020-07-10 00:45:16 +00:00
Alan Somers
6f818c1fb0 geli: enable direct dispatch
geli does all of its crypto operations in a separate thread pool, so
g_eli_start, g_eli_read_done, and g_eli_write_done don't actually do very
much work. Enabling direct dispatch eliminates the g_up/g_down bottlenecks,
doubling IOPs on my system. This change does not affect the thread pool.

Reviewed by:	markj
MFC after:	2 weeks
Sponsored by:	Axcient
Differential Revision:	https://reviews.freebsd.org/D25587
2020-07-08 17:12:12 +00:00
Alexander V. Chernikov
eddfb2e86f Fix IPv6 regression introduced by r362900.
PR:		kern/247729
2020-07-03 08:06:26 +00:00
Li-Wen Hsu
2749666d01 Temporarily skip sys.netinet6.redirect.valid_redirect in CI
PR:		247729
Sponsored by:	The FreeBSD Foundation
2020-07-03 02:02:34 +00:00
Edward Tomasz Napierala
7a9a01db9f Make sys.auditpipe depend on /dev/auditpipe. This fixes a few failures
on armv7.

MFC after:	2 weeks
Sponsored by:	DARPA
2020-06-24 12:17:40 +00:00
Li-Wen Hsu
f29bf91a23 Temporarily skip unstable sys.geom.class.gate.ggate_test.ggated on i386 in CI
PR:		244737
Sponsored by:	The FreeBSD Foundation
2020-06-24 07:25:54 +00:00
Edward Tomasz Napierala
a8ca275b7d Make audit tests depend on /dev/auditpipe. This should fix
some 416 failing tests on armv7:

https://ci.freebsd.org/job/FreeBSD-head-armv7-test/lastCompletedBuild/testReport/

Reviewed by:	asomers
MFC after:	2 weeks
Sponsored by:	DARPA
Differential Revision:	https://reviews.freebsd.org/D25144
2020-06-18 15:41:16 +00:00
Li-Wen Hsu
435166f877 Skip sys.net.if_lagg_test.lacp_linkstate_destroy_stress in CI because of panic
PR:		244168
Sponsored by:	The FreeBSD Foundation
2020-06-11 18:59:57 +00:00
Kristof Provost
048c96e3e6 bridge tests: Re-enable STP test
This test should no longer provoke large amounts of traffic, which can
overwhelm single-core systems, preventing them from making progress in the
tests.

The test can now be re-enabled.

PR:		246448
2020-06-07 13:53:02 +00:00
Kristof Provost
e07e002e95 bridge tests: Avoid building a switching loop
Enable STP before bringing the bridges up. This avoids a switching loop,
which has a tendency to drown out progress in userspace processes,
especially on single-core systems.

Only check that we have indeed shut down one of the looped interfaces

PR:		246448
Reviewed by:	melifaro
Differential Revision:	https://reviews.freebsd.org/D25084
2020-06-01 19:26:16 +00:00
Li-Wen Hsu
4d3aef0780 Revert r361497, these cases are fixed by r361617.
PR:		246737
Sponsored by:	The FreeBSD Foundation
2020-05-29 10:09:47 +00:00
Shteryana Shopova
a7a64b722b Proper check if divert(4) module is present by the relevant tests
Fix the netinet/netinet6 divert tests falsely reporting 'ipdivert module is
not loaded' when the divert module is built into the kernel

Sponsored by:	Axiado
Differential Revision:	https://reviews.freebsd.org/D25026
2020-05-27 16:33:00 +00:00
Li-Wen Hsu
c4e61d8568 Disable failing test cases in CI:
sys.netipsec.tunnel.aes_cbc_128_hmac_sha1.v4
sys.netipsec.tunnel.aes_cbc_256_hmac_sha2_256.v4
sys.netipsec.tunnel.aesni_aes_cbc_128_hmac_sha1.v4
sys.netipsec.tunnel.aesni_aes_cbc_256_hmac_sha2_256.v4

PR:		246737
Sponsored by:	The FreeBSD Foundation
2020-05-26 06:55:03 +00:00
Alan Somers
bfcb817bcd Fix issues with FUSE_ACCESS when default_permissions is disabled
This patch fixes two issues relating to FUSE_ACCESS when the
default_permissions mount option is disabled:

* VOP_ACCESS() calls with VADMIN set should never be sent to a fuse server
  in the form of FUSE_ACCESS operations. The FUSE protocol has no equivalent
  of VADMIN, so we must evaluate such things kernel-side, regardless of the
  default_permissions setting.

* The FUSE protocol only requires FUSE_ACCESS to be sent for two purposes:
  for the access(2) syscall and to check directory permissions for
  searchability during lookup. FreeBSD sends it much more frequently, due to
  differences between our VFS and Linux's, for which FUSE was designed. But
  this patch does eliminate several cases not required by the FUSE protocol:

  * for any FUSE_*XATTR operation
  * when creating a new file
  * when deleting a file
  * when setting timestamps, such as by utimensat(2).

* Additionally, when default_permissions is disabled, this patch removes one
  FUSE_GETATTR operation when deleting a file.

PR:		245689
Reported by:	MooseFS FreeBSD Team <freebsd@moosefs.pro>
Reviewed by:	cem
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24777
2020-05-22 18:11:17 +00:00
Mark Johnston
9bf12bb91d Avoid hard-coding pipe buffer sizes in the pipe and fifo kqueue tests.
Fix some style issues in the modified tests while here.

Reported by:	Jenkins via lwhsu
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2020-05-20 17:48:18 +00:00
Edward Tomasz Napierala
f464bd04ce Make sys.net.if_bridge_test depend on python; sys.net.if_bridge_test.span
requires it.

MFC after:	2 weeks
Sponsored by:	DARPA
2020-05-19 21:55:29 +00:00
Edward Tomasz Napierala
b43bd1070c Make sys.netinet.output and sys.netinet6.output6 tests depend on python;
they need to be able to run net_receiver.py.

MFC after:	2 weeks
Sponsored by:	DARPA
2020-05-19 21:48:45 +00:00
Li-Wen Hsu
6c9dbd8b13 Revert r361237, it's fixed by r361231
PR:		246560
Sponsored by:	The FreeBSD Foundation
2020-05-19 07:16:09 +00:00
Li-Wen Hsu
3f5fe78b9a Temporarily disable test case causes kernel panic in CI:
- sys.netinet.so_reuseport_lb_test.basic_ipv6

PR:		246560
Sponsored by:	The FreeBSD Foundation
2020-05-19 02:07:08 +00:00
Li-Wen Hsu
f9777376b9 Revert 357780, dtrace -c has been fixed in head`
PR:		244053
Sponsored by:	The FreeBSD Foundation
2020-05-18 23:43:48 +00:00
Alan Somers
275379902e fusefs: fix intermittency in some ENOENT tests
When a FUSE operation other than LOOKUP returns ENOENT, the kernel will
reclaim that vnode, resuling in a FUSE_FORGET being sent a short while
later.  Many of the ENOENT tests weren't expecting those FUSE_FORGET
operations.  They usually passed by luck since FUSE_FORGET is often delayed.
This commit adds appropriate expectations.

MFC after:	2 weeks
2020-05-18 18:36:32 +00:00
Alan Somers
8bebfe076d Reenable sys.geom.class.gate.ggate_test.ggated in CI
Should be fixed by r360613

PR:		244737
Reported by:	lwhsu
2020-05-17 02:41:50 +00:00
Kyle Evans
1d2e31af14 pf tests: fix up a couple WARNS= 6 nits
common_init_tbl is only used within this single CU, so it should be marked
static.

WARNS=6 also complained about the var defined by
`ATF_TC_WITH_CLEANUP(getastats);` being unused, which turns out to be
because it's not been hooked up in ATF_TP_ADD_TCS. kp@ did not immediately
recall any reason for this, and the case passes on my local system, so hook
it up.

Note that I've not yet set WARNS= 6 here. Investigation is underway to see
if we can feasibly default WARNS to 6 for src builds to catch directories
too deep to inherit a WARNS from the top-level subdirectories' Makefile.inc.
Those particular WARNS settings will be subsequently removed as they become
redundant with a more-global default.

MFC after:	1 week
2020-05-14 23:20:58 +00:00
Li-Wen Hsu
b18e0a534f Only skip sys.net.if_clone_test.epair_stress in CI env
PR:		246443
Sponsored by:	The FreeBSD Foundation
2020-05-13 20:37:46 +00:00
Li-Wen Hsu
bf3dd13d41 Temporarily skip sys.net.if_bridge_test.stp in CI as it always times out
PR:		244229
Sponsored by:	The FreeBSD Foundation
2020-05-13 20:36:38 +00:00
Li-Wen Hsu
40988c2456 Temporarily skip sys.net.if_clone_test.epair_stress
This case timed out so often

PR:		246443
Sponsored by:	The FreeBSD Foundation
2020-05-13 19:29:14 +00:00
Mark Johnston
17dd52dfab Add a basic table entry counter regression test.
Reviewed by:	kp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24809
2020-05-11 19:08:03 +00:00
Mark Johnston
96bc58ea81 Remove the svn:executable property from some pf test files.
The test makefiles will handle setting mode bits during install.  Also,
Phabricator gets upset when uploading an executable plain-text file
without a shebang.

MFC after:	1 week
2020-05-11 19:07:33 +00:00
Alan Somers
a22a780752 fusefs: fix two small bugs in the tests' expectations
These two errors have been present since the tests' introduction.
Coincidentally every test (I think there's only one) that cares about that
field also works when the field's value is 0.

MFC after:	2 weeks
2020-05-08 23:00:02 +00:00
Alan Somers
deed14f451 Fix the sys.geom.class.multipath.misc.fail_on_error test on stable/12
This test uses a gnop feature (delay probability) that isn't available on
stable/12.  But it's unnecessary; the test works fine without it.  Removing
it simplifies the test and, once MFCed, will allow it to pass on stable/12.

PR:		244158
Reported by:	lwhsu
MFC after:	2 weeks
2020-05-08 02:42:15 +00:00
Alexander V. Chernikov
768c98a737 Add basic routing LPM tests.
Differential Revision:	https://reviews.freebsd.org/D24684
2020-05-06 07:48:37 +00:00
Li-Wen Hsu
bbea96df46 Revert r360204, sys.netipsec.tunnel.empty.v{4,6} are fixed by r360560
PR:		245832
Sponsored by:	The FreeBSD Foundation
2020-05-04 11:23:55 +00:00
Alan Somers
4abfd5bd93 Fix intermittent cleanup failures in the ggated test
MFC after:	2 weeks
2020-05-03 18:10:54 +00:00
Alan Somers
b43a935cae Resolve conflict between the fusefs(5) and mac_bsdextended(4) tests
mac_bsdextended(4), when enabled, causes ordinary operations to send many
more VOP_GETATTRs to file system. The fusefs tests expectations aren't
written with those in mind. Optionally expecting them would greatly
obfuscate the fusefs tests. Worse, certain fusefs functionality (like
attribute caching) would be impossible to test if the tests couldn't expect
an exact number of GETATTR operations.

This commit resolves that conflict by making two changes:

1. The fusefs tests will now check for mac_bsdextended, and skip if it's
   enabled.
2. The mac_bsdextended tests will now check whether the module is enabled, not
   merely loaded. If it's loaded but disabled, the tests will automatically
   enable it for the duration of the tests.

With these changes, a CI system can achieve best coverage by loading both
fusefs and mac_bsdextended at boot, and setting
security.mac.bsdextended.enabled=0

PR:		244229
Reported by:	lwhsu
Reviewed by:	cem
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24577
2020-05-02 20:14:59 +00:00
John Baldwin
6c80c319ef Remove support for the algorithms deprecated in r348876.
This removes support for the following algorithms:
- ARC4
- Blowfish
- CAST128
- DES
- 3DES
- MD5-HMAC
- Skipjack

Since /dev/crypto no longer supports 3DES, stop testing the 3DES KAT
vectors in cryptotest.py.

Reviewed by:	cem (previous version)
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24346
2020-05-02 14:20:32 +00:00
Ed Maste
de1ca57386 geli tests require OpenSSL - exclude them under WITHOUT_OPENSSL
PR:		245931
Submitted by:	The FreeBSD Foundation
2020-04-30 21:09:01 +00:00
Mark Johnston
344d411c67 Add some regression tests for read and write kevents on pipes.
Submitted by:	Jan Kokemüller <jan.kokemueller@gmail.com>
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24528
2020-04-27 15:59:34 +00:00
Kristof Provost
5377560783 bridge tests: Test for #216510
We used to have an issue with recursive locking with
net.link.bridge.inherit_mac. This causes us to send an ARP request while
we hold the BRIDGE_LOCK, which used to cause us to acquire the
BRIDGE_LOCK again. We can't re-acquire it, so this caused a panic.

Now that we no longer need to acquire the BRIDGE_LOCK for
bridge_transmit() this should no longer panic. Test this.

PR:	216510
Reviewed by:	emaste, philip
MFC after:	2 months
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24251
2020-04-26 16:27:03 +00:00
Alan Somers
db20acc029 mac_bsdextended: ATFify the tests
The new tests have more complete setup and cleanup, are more granular, and
correctly annotate expected failures and skipped tests. A follow-up commit
will resolve a conflict with the fusefs tests (bug 244229).

MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24257
2020-04-26 15:51:46 +00:00
Li-Wen Hsu
87e9ade239 Temporarily skip sys.netipsec.tunnel.empty.v{4,6} in CI
PR:		245832
Sponsored by:	The FreeBSD Foundation
2020-04-22 20:50:24 +00:00
John Baldwin
871eec00e2 Update blake2 accelerated software tests to work after OCF refactoring.
- Lookup device drivers to test by name instead of assuming that the
  software / hardware flags will select specific drivers.
- Set the sysctl to permit software /dev/crypto requests when testing
  the accelerated software blake2 driver.

PR:		245825
Reported by:	lwhsu
Reviewed by:	cem, lwhsu
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D24540
2020-04-22 20:43:18 +00:00
Li-Wen Hsu
841d3cc068 Temporarily skip sys.opencrypto.blake2_test.blake2{b,s}_vectors_x86 in CI
PR:		245825
Sponsored by:	The FreeBSD Foundation
2020-04-22 14:45:00 +00:00
Li-Wen Hsu
79959b8475 Enable timer tests in sys.kqueue.libkqueue.kqueue_test.main on i386
They were fixed in r360140

PR:		245768
Sponsored by:	The FreeBSD Foundation
2020-04-22 09:53:41 +00:00
Alex Richardson
f527d7de58 Remove extern from function declarations in common.h
Suggested by: cem
2020-04-21 15:55:08 +00:00
Li-Wen Hsu
129ba2d368 Temporarily skip timer tests in sys.kqueue.libkqueue.kqueue_test.main on i386
PR:		245768
Sponsored by:	The FreeBSD Foundation
2020-04-20 17:48:10 +00:00
Li-Wen Hsu
69b7dbeb38 Only skip sys.netinet.socket_afinet.socket_afinet_bind_zero in CI env
Sponsored by:	The FreeBSD Foundation
2020-04-20 14:24:13 +00:00
Li-Wen Hsu
a1841da4fa Temporarily disable sys.netinet.divert.* on i386
PR:		244703
Sponsored by:	The FreeBSD Foundation
2020-04-20 14:18:56 +00:00
Kyle Evans
0fbdc3726a tests: kqueue: fix some issues with now() on ILP32 platforms
There were ultimately two separate problems here:
- a 32-bit long cannot represent microseconds since 1970 (noted by ian)
- time_t is 32-bit on i386, so now() was wrong anyways even with the correct
  return type.

For the first, just explicitly use a uint64_t for now() and all of the
callers. For the second, we need to explicitly cast tv_sec to uint64_t
before it gets multiplied in the SEC_TO_US macro. Casting this instance
rather than generally in the macro was arbitrarily chosen simply because all
other uses are converting small relative time values.

The tests now pass on i386, at least; presumably other ILP32 will be fine
now as well.
2020-04-20 00:47:28 +00:00
Kristof Provost
2885ae0c3c bridge tests: Ensure that bridges in different jails get different MAC addresses
We used to have a problem where bridges created in different vnet jails
would end up having the same mac address. This is now fixed by
including the jail name as a seed for the mac address generation, but we
should verify that it doesn't regress.
2020-04-19 16:30:49 +00:00
Alex Richardson
c9c283bd30 Fix various warnings in tests/sys/kqueue and bump WARNS
Reviewed By:	kevans
Differential Revision: https://reviews.freebsd.org/D24296
2020-04-18 12:54:47 +00:00
Olivier Cochard
86686423d5 Skip routing regression tests depending on if_epair if this module isn't installed.
Approved by:	melifaro
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D24468
2020-04-17 16:31:07 +00:00
Kristof Provost
3f359bfd47 bridge tests: Test deleting a bridge with members
Reviewed by:	philip, emaste
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24337
2020-04-17 14:57:15 +00:00
Kyle Evans
c17dd0e88b tests: kqueue: use a more precise timer for the NOTE_ABSTIME test
Originally noticed while attempting to run the kqueue tests under
qemu-user-static, this apparently just happens sometimes when running in a
jail in general -- the timer will fire off "too early," but it's really just
the result of imprecise measurements (noted by cem).

Kicking this over to NOTE_USECONDS still tests the correct thing while
allowing it to work more consistently; a basic sanity test reveals that we
often end up coming in just less than 200 microseconds after the timer
fired off.

MFC after:	3 days
2020-04-17 02:22:15 +00:00
Jonathan T. Looney
631d525dc1 Add a regression test for the changes in r359922 and r359923.
Note that the Python code has been tested on both Python 2.7 and 3.7.

Reviewed by:	olivier
MFC after:	2 weeks
Sponsored by:	Netflix, Inc.
2020-04-16 20:07:34 +00:00
Kyle Evans
30b4df2e4a tests: audit: mark closefrom test an expected fail for now
closefrom has been converted to close_range internally; remediation is
underway for this, marking it as an expected fail for now while proper
course is determined.

PR:		245625
2020-04-14 23:36:03 +00:00
Kyle Evans
51a16c8412 posixshm: fix counting of writable mappings
Similar to mmap'ing vnodes, posixshm should count any mapping where maxprot
contains VM_PROT_WRITE (i.e. fd opened r/w with no write-seal applied) as
writable and thus blocking of any write-seal.

The memfd tests have been amended to reflect the fixes here, which notably
includes:

1. Fix for error return bug; EPERM is not a documented failure mode for mmap
2. Fix rejection of write-seal with active mappings that can be upgraded via
    mprotect(2).

Reported by:	markj
Discussed with:	markj, kib
2020-04-14 13:32:03 +00:00
Kyle Evans
605c4cda2f close_range/closefrom: fix regression from close_range introduction
close_range will clamp the range between [0, fdp->fd_lastfile], but failed
to take into account that fdp->fd_lastfile can become -1 if all fds are
closed. =-( In this scenario, just return because there's nothing further we
can do at the moment.

Add a test case for this, fork() and simply closefrom(0) twice in the child;
on the second invocation, fdp->fd_lastfile == -1 and will trigger a panic
before this change.

X-MFC-With:	r359836
2020-04-13 17:55:31 +00:00
Kyle Evans
472ced39ef Implement a close_range(2) syscall
close_range(min, max, flags) allows for a range of descriptors to be
closed. The Python folk have indicated that they would much prefer this
interface to closefrom(2), as the case may be that they/someone have special
fds dup'd to higher in the range and they can't necessarily closefrom(min)
because they don't want to hit the upper range, but relocating them to lower
isn't necessarily feasible.

sys_closefrom has been rewritten to use kern_close_range() using ~0U to
indicate closing to the end of the range. This was chosen rather than
requiring callers of kern_close_range() to hold FILEDESC_SLOCK across the
call to kern_close_range for simplicity.

The flags argument of close_range(2) is currently unused, so any flags set
is currently EINVAL. It was added to the interface in Linux so that future
flags could be added for, e.g., "halt on first error" and things of this
nature.

This patch is based on a syscall of the same design that is expected to be
merged into Linux.

Reviewed by:	kib, markj, vangyzen (all slightly earlier revisions)
Differential Revision:	https://reviews.freebsd.org/D21627
2020-04-12 21:23:19 +00:00
Kristof Provost
47308803e7 carp tests: Basic functionality test
Set up three vnet jails, bridged together. Run carp between two of them.
Attempt to provoke locking / epoch issues.

Reviewed by:	mav (previous version), melifaro, asomers
Differential Revision:	https://reviews.freebsd.org/D24303
2020-04-12 16:13:05 +00:00
Kyle Evans
ce6a89e27c kqueue tests: fix -fno-common build
vnode_fd and kqfd are both shared among multiple CU; define them exactly
once.

In the case of vnode_fd, it was simply the declaration that needed
correction.

-fno-common will become the default in GCC10/LLVM11.

MFC after:	3 days
2020-04-06 23:08:07 +00:00
Alexander V. Chernikov
272bd6985f Add routing tests verifying basic RTM_CHANGE functionality.
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24239
2020-04-02 20:02:33 +00:00
Alexander V. Chernikov
ddc7507637 Switch rtsock tests to per-test jails and epair interfaces.
Many rtsock tests verify the ordering of the kernel messages for the
 particular event. In order to avoid flaky tests due to the other tests
 running, switch all tests to use personal vnet-enabled jails.
This removes all clashes on the IP addresses and brings back the ability
 to run these tests simultaneously.

Reported by:	olivier
Reviewed by:	olivier
Differential Revision:	https://reviews.freebsd.org/D24182
2020-03-29 06:25:57 +00:00
John Baldwin
c034143269 Refactor driver and consumer interfaces for OCF (in-kernel crypto).
- The linked list of cryptoini structures used in session
  initialization is replaced with a new flat structure: struct
  crypto_session_params.  This session includes a new mode to define
  how the other fields should be interpreted.  Available modes
  include:

  - COMPRESS (for compression/decompression)
  - CIPHER (for simply encryption/decryption)
  - DIGEST (computing and verifying digests)
  - AEAD (combined auth and encryption such as AES-GCM and AES-CCM)
  - ETA (combined auth and encryption using encrypt-then-authenticate)

  Additional modes could be added in the future (e.g. if we wanted to
  support TLS MtE for AES-CBC in the kernel we could add a new mode
  for that.  TLS modes might also affect how AAD is interpreted, etc.)

  The flat structure also includes the key lengths and algorithms as
  before.  However, code doesn't have to walk the linked list and
  switch on the algorithm to determine which key is the auth key vs
  encryption key.  The 'csp_auth_*' fields are always used for auth
  keys and settings and 'csp_cipher_*' for cipher.  (Compression
  algorithms are stored in csp_cipher_alg.)

- Drivers no longer register a list of supported algorithms.  This
  doesn't quite work when you factor in modes (e.g. a driver might
  support both AES-CBC and SHA2-256-HMAC separately but not combined
  for ETA).  Instead, a new 'crypto_probesession' method has been
  added to the kobj interface for symmteric crypto drivers.  This
  method returns a negative value on success (similar to how
  device_probe works) and the crypto framework uses this value to pick
  the "best" driver.  There are three constants for hardware
  (e.g. ccr), accelerated software (e.g. aesni), and plain software
  (cryptosoft) that give preference in that order.  One effect of this
  is that if you request only hardware when creating a new session,
  you will no longer get a session using accelerated software.
  Another effect is that the default setting to disallow software
  crypto via /dev/crypto now disables accelerated software.

  Once a driver is chosen, 'crypto_newsession' is invoked as before.

- Crypto operations are now solely described by the flat 'cryptop'
  structure.  The linked list of descriptors has been removed.

  A separate enum has been added to describe the type of data buffer
  in use instead of using CRYPTO_F_* flags to make it easier to add
  more types in the future if needed (e.g. wired userspace buffers for
  zero-copy).  It will also make it easier to re-introduce separate
  input and output buffers (in-kernel TLS would benefit from this).

  Try to make the flags related to IV handling less insane:

  - CRYPTO_F_IV_SEPARATE means that the IV is stored in the 'crp_iv'
    member of the operation structure.  If this flag is not set, the
    IV is stored in the data buffer at the 'crp_iv_start' offset.

  - CRYPTO_F_IV_GENERATE means that a random IV should be generated
    and stored into the data buffer.  This cannot be used with
    CRYPTO_F_IV_SEPARATE.

  If a consumer wants to deal with explicit vs implicit IVs, etc. it
  can always generate the IV however it needs and store partial IVs in
  the buffer and the full IV/nonce in crp_iv and set
  CRYPTO_F_IV_SEPARATE.

  The layout of the buffer is now described via fields in cryptop.
  crp_aad_start and crp_aad_length define the boundaries of any AAD.
  Previously with GCM and CCM you defined an auth crd with this range,
  but for ETA your auth crd had to span both the AAD and plaintext
  (and they had to be adjacent).

  crp_payload_start and crp_payload_length define the boundaries of
  the plaintext/ciphertext.  Modes that only do a single operation
  (COMPRESS, CIPHER, DIGEST) should only use this region and leave the
  AAD region empty.

  If a digest is present (or should be generated), it's starting
  location is marked by crp_digest_start.

  Instead of using the CRD_F_ENCRYPT flag to determine the direction
  of the operation, cryptop now includes an 'op' field defining the
  operation to perform.  For digests I've added a new VERIFY digest
  mode which assumes a digest is present in the input and fails the
  request with EBADMSG if it doesn't match the internally-computed
  digest.  GCM and CCM already assumed this, and the new AEAD mode
  requires this for decryption.  The new ETA mode now also requires
  this for decryption, so IPsec and GELI no longer do their own
  authentication verification.  Simple DIGEST operations can also do
  this, though there are no in-tree consumers.

  To eventually support some refcounting to close races, the session
  cookie is now passed to crypto_getop() and clients should no longer
  set crp_sesssion directly.

- Assymteric crypto operation structures should be allocated via
  crypto_getkreq() and freed via crypto_freekreq().  This permits the
  crypto layer to track open asym requests and close races with a
  driver trying to unregister while asym requests are in flight.

- crypto_copyback, crypto_copydata, crypto_apply, and
  crypto_contiguous_subsegment now accept the 'crp' object as the
  first parameter instead of individual members.  This makes it easier
  to deal with different buffer types in the future as well as
  separate input and output buffers.  It's also simpler for driver
  writers to use.

- bus_dmamap_load_crp() loads a DMA mapping for a crypto buffer.
  This understands the various types of buffers so that drivers that
  use DMA do not have to be aware of different buffer types.

- Helper routines now exist to build an auth context for HMAC IPAD
  and OPAD.  This reduces some duplicated work among drivers.

- Key buffers are now treated as const throughout the framework and in
  device drivers.  However, session key buffers provided when a session
  is created are expected to remain alive for the duration of the
  session.

- GCM and CCM sessions now only specify a cipher algorithm and a cipher
  key.  The redundant auth information is not needed or used.

- For cryptosoft, split up the code a bit such that the 'process'
  callback now invokes a function pointer in the session.  This
  function pointer is set based on the mode (in effect) though it
  simplifies a few edge cases that would otherwise be in the switch in
  'process'.

  It does split up GCM vs CCM which I think is more readable even if there
  is some duplication.

- I changed /dev/crypto to support GMAC requests using CRYPTO_AES_NIST_GMAC
  as an auth algorithm and updated cryptocheck to work with it.

- Combined cipher and auth sessions via /dev/crypto now always use ETA
  mode.  The COP_F_CIPHER_FIRST flag is now a no-op that is ignored.
  This was actually documented as being true in crypto(4) before, but
  the code had not implemented this before I added the CIPHER_FIRST
  flag.

- I have not yet updated /dev/crypto to be aware of explicit modes for
  sessions.  I will probably do that at some point in the future as well
  as teach it about IV/nonce and tag lengths for AEAD so we can support
  all of the NIST KAT tests for GCM and CCM.

- I've split up the exising crypto.9 manpage into several pages
  of which many are written from scratch.

- I have converted all drivers and consumers in the tree and verified
  that they compile, but I have not tested all of them.  I have tested
  the following drivers:

  - cryptosoft
  - aesni (AES only)
  - blake2
  - ccr

  and the following consumers:

  - cryptodev
  - IPsec
  - ktls_ocf
  - GELI (lightly)

  I have not tested the following:

  - ccp
  - aesni with sha
  - hifn
  - kgssapi_krb5
  - ubsec
  - padlock
  - safe
  - armv8_crypto (aarch64)
  - glxsb (i386)
  - sec (ppc)
  - cesa (armv7)
  - cryptocteon (mips64)
  - nlmsec (mips64)

Discussed with:	cem
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D23677
2020-03-27 18:25:23 +00:00
Alfredo Dal'Ava Junior
9b2877353b so_reuseport_lb_test: correct setsockopt parameter size
Change type of variable used in setsocketopt so correct size of
option is passed.

Test failure was identified when running the test on PowerPC64,
and the following error message was seen:

	"bind () failed: Address already in use"

Submitted by:	Fernando Valle <fernando.valle@eldorado.org.br>
Reviewed by:	melifaro, adalava
Approved by:	jhibbits (mentor)
Sponsored by:	Eldorado Research Institute (eldorado.org.br)
Differential Revision:	https://reviews.freebsd.org/D24164
2020-03-25 20:20:08 +00:00
Alexander V. Chernikov
b4a4a3b82f Add tests verifying IPv4/IPv6 output for TCP/UDP/raw paths.
Reviewed by:	kp
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24138
2020-03-23 12:21:32 +00:00
Kristof Provost
bb490fcf19 bridge tests: Basic span test
Reviewed by:	philip, emaste (previous version)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23961
2020-03-16 08:44:46 +00:00
Li-Wen Hsu
c0507192fa Skip sys.netpfil.pf.nat.exhaust on all platforms as it not only fails on amd64
PR:		244703
Sponsored by:	The FreeBSD Foundation
2020-03-13 16:44:48 +00:00
Li-Wen Hsu
f95988cc0e Temporarily skip sys.geom.class.gate.ggate_test.ggated in CI
PR:		244737
Sponsored by:	The FreeBSD Foundation
2020-03-11 10:42:05 +00:00
Alan Somers
b0ecfb42d1 fusefs: avoid cache corruption with buggy fuse servers
The FUSE protocol allows the client (kernel) to cache a file's size, if the
server (userspace daemon) allows it. A well-behaved daemon obviously should
not change a file's size while a client has it cached. But a buggy daemon
might. If the kernel ever detects that that has happened, then it should
invalidate the entire cache for that file. Previously, we would not only
cache stale data, but in the case of a file extension while we had the size
cached, we accidentally extended the cache with zeros.

PR:		244178
Reported by:	Ben RUBSON <ben.rubson@gmx.com>
Reviewed by:	cem
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24012
2020-03-11 04:29:45 +00:00
Alexander V. Chernikov
d7cdd89777 Add basic IPv4/IPv6 forwarding tests.
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D24002
2020-03-10 19:52:19 +00:00
Li-Wen Hsu
7d292b4814 Skip sys.netpfil.pf.nat.exhaust on amd64 in CI as it sometimes panics kernel
PR:		244703
Sponsored by:	The FreeBSD Foundation
2020-03-10 19:18:24 +00:00
Kristof Provost
d99bb677c1 bridge test: adding and removing static addresses
Reviewed by:	philip
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23960
2020-03-10 06:29:59 +00:00
Kristof Provost
6f0a65b080 bridge test: spanning tree
Basic test case where we create a bridge loop, verify that we really are
looping and then enable spanning tree to resolve the loop.

Reviewed by:	philip
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23959
2020-03-10 06:28:45 +00:00
Alan Somers
d970778e6f fusefs: fix fsync for files with multiple open handles
We were reusing a structure for multiple operations, but failing to
reinitialize one member.  The result is that a server that cares about FUSE
file handle IDs would see one correct FUSE_FSYNC operation, and one with the
FHID unset.

PR:		244431
Reported by:	Agata <chogata@gmail.com>
MFC after:	2 weeks
2020-03-09 01:57:21 +00:00
Alan Somers
cc6e71e16c [skip ci] fix typo in comment in the fusefs tests
MFC after:	2 weeks
2020-03-09 00:14:09 +00:00
Olivier Cochard
8ccf503240 Skip if_epair regression test if module doesn't exist
Approved by:	kp
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D23876
2020-03-03 17:35:15 +00:00
Alexander V. Chernikov
ea2773323c Fix dynamic redrects by adding forgotten RTF_HOST flag.
Improve tests to verify the generated route flags.

Reported by:	jtl
MFC after:	2 weeks
2020-03-03 15:33:43 +00:00
Li-Wen Hsu
06bd9afc5f Skip the right test case
PR:		244172
Sponsored by:	The FreeBSD Foundation
2020-02-26 15:15:55 +00:00
Li-Wen Hsu
547a1e03c3 Revert r358309 after r358311.
PR:		244393
Sponsored by:	The FreeBSD Foundation
2020-02-26 04:54:50 +00:00
Li-Wen Hsu
bebf52f1ec Temporarily skip failing test case sys.netpfil.pf.fragmentation.v6
PR:		244393
Sponsored by:	The FreeBSD Foundation
2020-02-25 11:56:54 +00:00
Kristof Provost
e3c73f3d74 bridge tests: Remove unneeded 'All rights reserved.'
The FreeBSD foundation no longer requires this, as per
https://lists.freebsd.org/pipermail/svn-src-all/2019-February/177215.html and
private communications.

Sponsored by:	The FreeBSD Foundation
2020-02-19 16:44:16 +00:00
Alan Somers
691c0a5f3d [skip ci] delete obsolete comment in fusefs tests
It should've been deleted by r349436

MFC after:	2 weeks
2020-02-19 01:51:01 +00:00
Li-Wen Hsu
db41308a28 Temporarily skip flakey test case sys.netinet.fibs_test.udp_dontroute6 in CI
PR:		244172
Sponsored by:	The FreeBSD Foundation
2020-02-16 17:55:32 +00:00
Li-Wen Hsu
314ef80dc4 Temporarily skip flakey test case sys.netinet6.frag6.frag6_07.frag6_07 in CI
PR:		244170
Sponsored by:	The FreeBSD Foundation
2020-02-16 17:36:16 +00:00
Li-Wen Hsu
f1cabcd328 Temporarily skip sys.net.if_lagg_test.lacp_linkstate_destroy_stress on i386 CI
It panics kernel

PR:		244168
Sponsored by:	The FreeBSD Foundation
2020-02-16 16:49:29 +00:00