Commit Graph

935 Commits

Author SHA1 Message Date
bz
2e7436367e icmpv6: Fix mbuf change in mld
After r354748 mld_input() can change the mbuf.  The new pointer
is never returned to icmp6_input() and when passed to
icmp6_rip6_input() the mbuf may no longer valid leading to
a panic.
Pass a pointer to the mbuf to mld_input() so we can return an
updated version in the non-error case.

Add a test sending an MLD packet case which will trigger this bug.

Pointyhat to:	bz
Reported by:	gallatin, thj
MFC After:	2 weeks
X-MFC with:	r354748
Sponsored by:	Netflix
2019-11-18 21:59:47 +00:00
bz
92d8f750d0 ipv6 tests
Add a simple ping6 test as well.

MFC after:	2 weeks
Sponsored by:	Netflix
2019-11-18 21:54:29 +00:00
dab
4faee8fc9d Jail and capability mode for shm_rename; add audit support for shm_rename
Co-mingling two things here:

  * Addressing some feedback from Konstantin and Kyle re: jail,
    capability mode, and a few other things
  * Adding audit support as promised.

The audit support change includes a partial refresh of OpenBSM from
upstream, where the change to add shm_rename has already been
accepted. Matthew doesn't plan to work on refreshing anything else to
support audit for those new event types.

Submitted by:	Matthew Bryan <matthew.bryan@isilon.com>
Reviewed by:	kib
Relnotes:	Yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D22083
2019-11-18 13:31:16 +00:00
lwhsu
0899690df9 Reenable netinet6 and netpfil tests on i386, net/scapy 2.4.3_2 contains the fix
PR:		239380
Sponsored by:	The FreeBSD Foundation
2019-11-08 18:56:02 +00:00
bz
13480d3e0b frag6: properly handle atomic fragments according to RFCs.
RFC 8200 says:
	"If the fragment is a whole datagram (that is, both the Fragment
         Offset field and the M flag are zero), then it does not need
         any further reassembly and should be processed as a fully
         reassembled packet (i.e., updating Next Header, adjust Payload
         Length, removing the Fragment header, etc.).  .."

That means we should remove the fragment header and make all the adjustments
rather than just skipping over the fragment header.  The difference should
be noticeable in that a properly handled atomic fragment triggering an ICMPv6
message at an upper layer (e.g. dest unreach, unreachable port) will not
include the fragment header.

Update the test cases to also test for an unfragmentable part.  That is
needed so that the next header is properly updated (not just lengths).

MFC after:	3 weeks
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D22155
2019-11-08 14:36:44 +00:00
bz
8a93fa4b2c IPv6 tests: test case for scapy bpf parsing bug
PR:		239380
Reported by:	lwhsu, CI system
MFC after:	3 weeks
Sponsored by:	Netflix
2019-11-06 14:43:35 +00:00
bz
caab61ff4e ipv6 tests: cleanup
Remove mentions of fragmentation tests from extension header test.
Remove setting an MTU > IF_MAXMTU from the test cases to avoid warnings;
this was only possible in a local research tree.

MFC after:		2 weeks
Sponsored by:		Netflix
2019-11-06 14:30:56 +00:00
lwhsu
763dbec421 Temporarily disable sys.netinet6.exthdr on i386
PR:		241493
Sponsored by:	The FreeBSD Foundation
2019-11-05 17:49:15 +00:00
bz
ee8d0a4ed1 ip6 tests: Add very simplistic extension header tests
Add a simple test case which can exercise some of the IPv6 extension
header code paths.  At the moment only a small set of extension headers
is implemented and no options to the ones which take them.
Also implements a "bad" case to make sure that error handling works.

The tests were used to test m_pullup() changes to the code paths while
removing the KAME PULLDOWN_TEST cases and related macros.

MFC after:	3 weeks
Sponsored by:	Netflix
2019-11-05 10:59:33 +00:00
bz
3506f219f5 frag6 tests: set end to catch timeout as error
There are times when we have to wait for reply packets.  There are
either an ICMPv6 (error) reply or the expiration timeout.
In these cases synchonous ICMPv6 replies should arrive, always,
unless the packet is lost.  Due to errors experienced with the
test software sending an invlaid request on at least i386 (*) these
packets are not generated.  That means we are waiting for a long time
for the replies or even timeout the test case.

Manually set the "End" flag on these test cases as well, so they do
fail rather than timeout as the sniffer timeout happens.  This improves
debugging options, reflects the error properly, and saves time on each
test suit run.

(*) The real cause for that is still to be found (see the referenced PRs)

PR:			241493, 239380
MFC after:		2 weeks
Sponsored by:		Netflix
2019-11-05 10:53:55 +00:00
kp
0e869b7d7e netpfil tests: Add missing copyright & license statements 2019-10-29 09:47:12 +00:00
lwhsu
4c3dd4e319 Follow r354121 to fix some python3 errors in sys.netpfil.*
stderr:

Traceback (most recent call last):
  File "/usr/tests/sys/netpfil/common/pft_ping.py", line 135, in <module>
    main()
  File "/usr/tests/sys/netpfil/common/pft_ping.py", line 124, in main
    ping(args.sendif[0], args.to[0], args)
  File "/usr/tests/sys/netpfil/common/pft_ping.py", line 74, in ping
    raw = sp.raw(str(PAYLOAD_MAGIC))
  File "/usr/local/lib/python3.6/site-packages/scapy/compat.py", line 52, in raw
    return bytes(x)
TypeError: string argument without an encoding

MFC with:	r354121
Sponsored by:	The FreeBSD Foundation
2019-10-27 21:07:50 +00:00
bz
eff1af0eab Upgrade (scapy) py2 tests to work on py3.
In order to move python2 out of the test framework to avoid py2 vs. py3
confusions upgrade the remaining test cases using scapy to work with py3.
That means only one version of scapy needs to be installed in the CI system.
It also gives a path forward for testing i386 issues observed in the CI
system with some of these tests.

Fixes are:
- Use default python from environment (which is 3.x these days).
- properly ident some lines as common for the rest of the file to avoid
  errors.
- cast the calculated offset to an int as the division result is considered
  a float which is not accepted input.
- when comparing payload to a magic number make sure we always add the
  payload properly to the packet and do not try to compare string in
  the result but convert the data payload back into an integer.
- fix print formating.

Discussed with:	lwhsu, kp (taking it off his todo :)
MFC after:	2 weeks
2019-10-26 21:19:55 +00:00
bz
edcfae7f14 frag6-test: update for r354046, conform to 8200 for overlapping fragments
The change to conform to RFC 8200 for overlapping fragments now frees
the entire reassembly queue if the overlapping fragments are not an
exact match.
As a result we do see one less packet in the timeout statistics from
expiry.  No other statistics change as the event is not counted.
It can be argued that we should improve the statistics counters in
that case.
This test case update should have been committed alongside the original
commit.

Pointyhat to:	bz
MFC after:	3 weeks
X-MFC with:	r354046
Sponsored by:	Netflix
2019-10-25 17:41:08 +00:00
bz
9589e8e651 frag6: prevent overwriting initial fragoff=0 packet meta-data.
When we receive the packet with the first fragmented part (fragoff=0)
we remember the length of the unfragmentable part and the next header
(and should probably also remember ECN) as meta-data on the reassembly
queue.
Someone replying this packet so far could change these 2 (3) values.
While changing the next header seems more severe, for a full size
fragmented UDP packet, for example, adding an extension header to the
unfragmentable part would go unnoticed (as the framented part would be
considered an exact duplicate) but make reassembly fail.
So do not allow updating the meta-data after we have seen the first
fragmented part anymore.

The frag6_20 test case is added which failed before triggering an
ICMPv6 "param prob" due to the check for each queued fragment for
a max-size violation if a fragoff=0 packet was received.

MFC after:	3 weeks
Sponsored by:	Netflix
2019-10-24 22:07:45 +00:00
bz
6cdb76abdc frag6 test cases: check more counters, wait for expiry
When done with tests check that both the per-VNET and the global-fragmented-
packets-in-system counters are zero to make sure we do not leak counters or
queue entries.

This implies that for all test cases we either have to check for the ICMPv6
packet sent in case of TLL=0 expiry (if it is sent) or sleep at least long
enough for the TTL to expire for all packets (e.g., fragments where we do not
have the off=0 packet).

This also means that statistics are now updated to include all the expired
packets.

There are cases when we do not check for counters to be zero and this is
when testing VNET teardown to behave properly and not panic, when we are
intentionally leaving fragments in the system.

MFC after:	3 weeks
Sponsored by:	Netflix
2019-10-24 20:08:33 +00:00
bz
7aa807c3cb frag6: import a set of test cases
In order to ensure that changing the frag6 code does not change behaviour
or break code a set of test cases were implemented.

Like some other test cases these use Scapy to generate packets and possibly
wait for expected answers.  In most cases we do check the global and
per interface (netstat) statistics output using the libxo output and grep
to validate fields and numbers.  This is a bit hackish but we currently have
no better way to match a selected number of stats only (we have to ignore
some of the ND6 variables; otherwise we could use the entire list).

Test cases include atomic fragments, single fragments, multi-fragments,
and try to cover most error cases in the code currently.
In addition vnet teardown is tested to not panic.

A separate set (not in-tree currently) of probes were used in order to
make sure that the test cases actually test what they should.

The "sniffer" code was copied and adjusted from the netpfil version
as we sometimes will not get packets or have longer timeouts to deal with.

Sponsored by:	Netflix
2019-10-21 09:33:45 +00:00
kp
8244f846b0 tests: basic VLAN test
Set up two jails connected by an epair. Create VLAN interfaces in both
jails and check connectivity.

This is a very basic test, but exposed panics during the network stack
epoch work, so this is worth testing.
2019-10-15 04:50:08 +00:00
vangyzen
816098c66c coredump_phnum_test: handle full file system gracefully
Skip the test if the file system is full.  That's out of scope
of this test.

MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2019-10-11 21:23:46 +00:00
asomers
f032cf252e zfs: multiple improvements to the zpool_add tests
* Don't partition a disk if too few are available.  Just rely on Kyua to
  ensure that the tests aren't run with insufficient disks.

* Remove redundant cleanup steps

* In zpool_add_003_pos, store the temporary file in $PWD so Kyua will
  automatically clean it up.

* Update zpool_add_005_pos to use dumpon instead of dumpadm.  This test had
  never been ported to FreeBSD.

* In zpool_add_005_pos, don't format the dump disk with UFS.  That was
  pointless.

MFC after:	2 weeks
Sponsored by:	Axcient
2019-10-10 02:17:45 +00:00
asomers
04a2eafe00 ZFS: fix the zpool_add_010_pos test
The test is necessarily racy, because it depends on being able to complete a
"zpool add" before a previous resilver finishes.  But it was racier than it
needed to be.  Move the first "zpool add" to before the resilver starts.

MFC after:	2 weeks
Sponsored by:	Axcient
2019-10-09 20:16:40 +00:00
asomers
4410ba3716 ZFS: in the tests, don't override PWD
The ZFS test suite was overriding the common $PWD variable with the path to
the pwd command, even though no test wanted to use it that way.  Most tests
didn't notice, because ksh93 eventually restored it to its proper meaning.

MFC after:	2 weeks
Sponsored by:	Axcient
2019-10-09 17:36:57 +00:00
asomers
d94c4da73f ZFS: multiple fixes to the zpool_import tests
* Don't create a UFS mountpoint just to store some temporary files.  The
  tests should always be executed with a sufficiently large TMPDIR.
  Creating the UFS mountpoint is not only unneccessary, but it slowed
  zpool_import_missing_002_pos greatly, because that test moves large files
  between TMPDIR and the UFS mountpoint.  This change also allows many of
  the tests to be executed with just a single test disk, instead of two.

* Move zpool_import_missing_002_pos's backup device dir from / to $PWD to
  prevent cross-device moves.  On my system, these two changes improved that
  test's speed by 39x.  It should also prevent ENOSPC errors seen in CI.

* If insufficient disks are available, don't try to partition one of them.
  Just rely on Kyua to skip the test.  Users who care will configure Kyua
  with sufficient disks.

MFC after:	2 weeks
Sponsored by:	Axcient
2019-10-09 17:24:09 +00:00
markj
c0d01c7f47 Fix a bug in r353332 that snuck in with a last-minute adjustment.
Reported by:	Jenkins
MFC with:	r353332
Sponsored by:	The FreeBSD Foundation
2019-10-08 23:52:04 +00:00
markj
0f39988409 Add a regression test for r353331.
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2019-10-08 23:35:23 +00:00
asomers
92f05be957 zfs: fix the zfsd_hotspare_007_pos test
It was trying to destroy the pool while zfsd was detaching the spare, and
"zpool destroy" failed.  Fix by waiting until the spare has fully detached.

MFC after:	2 weeks
Sponsored by:	Axcient
2019-10-08 15:48:28 +00:00
asomers
732f6684ed zfs: fix the zfsd_autoreplace_003_pos test
The test declared that it only needed 5 disks, but actually tried to use 6.
Fix it to use just 5, which is all it really needs.

MFC after:	2 weeks
Sponsored by:	Axcient
2019-10-08 15:33:11 +00:00
vangyzen
4b1b830732 Fix problems in the kern_maxfiles__increase test
ATF functions such as ATF_REQUIRE do not work correctly in child processes.
Use plain C functions to report errors instead.

In the parent, check for the untimely demise of children.  Without this,
the test hung until the framework's timeout.

Raise the resource limit on the number of open files.  If this was too low,
the test hit the two problems above.

Restore the kern.maxfiles sysctl OID in the cleanup function.
The body prematurely removed the symlink in which the old value was saved.

Make the test more robust by opening more files.  In fact, due to the
integer division by 4, this was necessary to make the test valid with
some initial values of maxfiles.  Thanks, asomers@.

wait() for children instead of sleeping.

Clean up a temporary file created by the test ("afile").

Reviewed by:	asomers
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D21900
2019-10-08 13:43:05 +00:00
asomers
1b78566aec ZFS: fix the redundancy tests
* Fix force_sync_path, which ensures that a file is fully flushed to disk.
  Apparently "zpool history"'s performance has improved, but exporting and
  importing the pool still works.
* Fix file_dva by using undocumented zdb syntax to clarify that we're
  interested in the pool's root file system, not the pool itself. This
  should also fix the zpool_clear_001_pos test.
* Remove a redundant cleanup step

MFC after:	2 weeks
Sponsored by:	Axcient
Differential Revision:	https://reviews.freebsd.org/D21901
2019-10-07 20:21:23 +00:00
asomers
f9c598b6d5 ZFS: mark hotspare_scrub_002_pos as an expected failure
"zpool scrub" doesn't detect all errors on active spares in raidz arrays

PR:		241069
MFC after:	2 weeks
Sponsored by:	Axcient
2019-10-07 20:19:05 +00:00
asomers
d058952c45 ZFS: fix the delegate tests
These tests have never worked correctly

* Replace runwattr with sudo
* Fix a scoping bug with the "dtst" variable
* Cleanup user properties created during tests
* Eliminate the checks for refreservation and send support. They will always
  be supported.
* Fix verify_fs_snapshot. It seemed to assume that permissions would not yet
  be delegated, but that's not how it's actually used.
* Combine verify_fs_promote with verify_vol_promote
* Remove some useless sleeps
* Fix backwards condition in verify_vol_volsize
* Remove some redundant cleanup steps in the tests. cleanup.ksh will handle
  everything.
* Disable some parts of the tests that FreeBSD doesn't support:
    * Creating snapshots with mkdir
    * devices
    * shareisci
    * sharenfs
    * xattr
    * zoned

The sharenfs parts could probably be reenabled with more work to remove the
Solarisms.

MFC after:	2 weeks
Sponsored by:	Axcient
Differential Revision:	https://reviews.freebsd.org/D21898
2019-10-07 20:13:49 +00:00
asomers
a766951a5b zfs: skip the zfsd tests if zfsd is not running
MFC after:	2 weeks
Sponsored by:	Axcient
Differential Revision:	https://reviews.freebsd.org/D21878
2019-10-07 19:50:22 +00:00
asomers
d05e35e06e zfs: fix the zdb_001_neg test
The test needed to be updated for r331701 (MFV illumos 8671400), which added
a "-k" option.

MFC after:	2 weeks
Sponsored by:	Axcient
2019-10-07 19:48:18 +00:00
asomers
0bebce7ab1 ZFS: fix the zpool_get_002_pos test
ZFS has grown some additional properties that hadn't been added to the
config file yet.  While I'm here, improve the error message, and remove a
superfluous command.

MFC after:	2 weeks
Sponsored by:	Axcient
2019-10-07 19:24:50 +00:00
asomers
47f33ac035 zfs: fix the slog_012_neg test
This test attempts to corrupt a file-backed vdev by deleting it and then
recreating it with truncate.  But that doesn't work, because the pool
already has the vdev open, and it happily hangs on to the open-but-deleted
file.  Fix by truncating the file without deleting it.

MFC after:	2 weeks
Sponsored by:	Axcient
2019-10-07 18:55:40 +00:00
asomers
b52e030d04 ZFS: fix several zvol_misc tests
* Adapt zvol_misc_001_neg to use dumpon instead of Solaris's dumpadm
* Disable zvol_misc_003_neg, zvol_misc_005_neg, and zvol_misc_006_pos,
  because they involve using a zvol as a dump device, which FreeBSD does not
  yet support.

MFC after:	2 weeks
Sponsored by:	Axcient
2019-10-07 18:21:33 +00:00
asomers
ddf6ddca2c ZFS: fix several of the "zpool create" tests
* Remove zpool_create_013_neg.  FreeBSD doesn't have an equivalent of
  Solaris's metadevices.  GEOM would be the equivalent, but since all geoms
  are the same from ZFS's perspective, this test would be redundant with
  zpool_create_012_neg

* Remove zpool_create_014_neg.  FreeBSD does not support swapping to regular
  files.

* Remove zpool_create_016_pos.  This test is redundant with literally every
  other test that creates a disk-backed pool.

* s:/etc/vfstab:/etc/fstab in zpool_create_011_neg

* Delete the VTOC-related portion of zpool_create_008_pos.  FreeBSD doesn't
  use VTOC.

* Replace dumpadm with dumpon and swap with swapon in multiple tests.

* In zpool_create_015_neg, don't require "zpool create -n" to fail.  It's
  reasonable for that variant to succeed, because it doesn't actually open
  the zvol.

* Greatly simplify zpool_create_012_neg.  Make it safer, too, but not
  interfering with the system's regular swap devices.

* Expect zpool_create_011_neg to fail (PR 241070)

* Delete some redundant cleanup steps in various tests

* Remove some unneeeded ATF timeout specifications.  The default is fine.

PR:		241070
MFC after:	2 weeks
Sponsored by:	Axcient
2019-10-05 03:19:53 +00:00
asomers
dd4596e582 ZFS: the hotspare_add_004_neg test needs at least two disks
MFC after:	2 weeks
Sponsored by:	Axcient
2019-10-05 01:34:35 +00:00
kevans
e3f43eab06 shm_open2(2): completely unbreak
kern_shm_open2(), since conception, completely fails to pass the mode along
to kern_shm_open(). This breaks most uses of it.

Add tests alongside this that actually check the mode of the returned
files.

PR:		240934 [pulseaudio breakage]
Reported by:	ler, Andrew Gierth [postgres breakage]
Diagnosed by:	Andrew Gierth (great catch)
Tested by:	ler, tmunro
Pointy hat to:	kevans
2019-10-02 02:37:34 +00:00
vangyzen
273dea809d Fix coredump_phnum_test when kern.compress_user_cores != 0
If `kern.compress_user_cores` is non-zero, decompress the core file.

Use `sysctl -f` to restore previous values.

Don't bother restoring `ulimit -c`, since that's a per-process value.

Check more commands with `atf_check`.

Reviewed by:	olivier ngie
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D21820
2019-09-30 14:05:44 +00:00
jilles
2748dea7b2 Adjust tests after page fault changes in r352807
Commit r352807 fixed various signal numbers and codes from page faults;
adjust the tests so they expect the fixes to be present.

PR:		211924
2019-09-29 15:17:58 +00:00
kevans
37b32728eb Further normalize copyright notices
- s/C/c/ where I've been inconsistent about it
- +SPDX tags
- Remove "All rights reserved" where possible

Requested by:	rgrimes (all rights reserved)
2019-09-26 16:19:22 +00:00
dab
edad331b44 Add an shm_rename syscall
Add an atomic shm rename operation, similar in spirit to a file
rename. Atomically unlink an shm from a source path and link it to a
destination path. If an existing shm is linked at the destination
path, unlink it as part of the same atomic operation. The caller needs
the same permissions as shm_unlink to the shm being renamed, and the
same permissions for the shm at the destination which is being
unlinked, if it exists. If those fail, EACCES is returned, as with the
other shm_* syscalls.

truss support is included; audit support will come later.

This commit includes only the implementation; the sysent-generated
bits will come in a follow-on commit.

Submitted by:	Matthew Bryan <matthew.bryan@isilon.com>
Reviewed by:	jilles (earlier revision)
Reviewed by:	brueffer (manpages, earlier revision)
Relnotes:	yes
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D21423
2019-09-26 15:32:28 +00:00
kevans
0b09e6adb7 Add SPDX tags to recently added files
Reported by:	Pawel Biernacki
2019-09-25 22:53:30 +00:00
kevans
575e351fdd Add linux-compatible memfd_create
memfd_create is effectively a SHM_ANON shm_open(2) mapping with optional
CLOEXEC and file sealing support. This is used by some mesa parts, some
linux libs, and qemu can also take advantage of it and uses the sealing to
prevent resizing the region.

This reimplements shm_open in terms of shm_open2(2) at the same time.

shm_open(2) will be moved to COMPAT12 shortly.

Reviewed by:	markj, kib
Differential Revision:	https://reviews.freebsd.org/D21393
2019-09-25 18:03:18 +00:00
olivier
b3eac51879 Fix coredump_phnum_test in case of kern.compress_user_cores=1
PR:		240783
Approved by:	ngie, lwhsu
MFC after:	1 month
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D21776
2019-09-24 16:45:34 +00:00
jilles
8bd533066d Add some tests for page fault signals and codes
It is useful to have some tests for page fault signals.

More tests would be useful but creating the conditions (such as various
kinds of running out of memory and I/O errors) is more complicated.

The tests page_fault_signal__bus_objerr_1 and
page_fault_signal__bus_objerr_2 depend on https://reviews.freebsd.org/D21566
before they can pass.

PR:		211924
Reviewed by:	kib
Differential Revision:	https://reviews.freebsd.org/D21624
2019-09-18 21:00:32 +00:00
lwhsu
8bc0e48690 Temporarily skip sys.netpfil.common.tos.pf_tos on i386 CI as it always fails
PR:		240086
Sponsored by:	The FreeBSD Foundation
2019-09-17 22:09:14 +00:00
lwhsu
f94e2be711 Temporarily skip sys.netpfil.common.forward.pf_v4 on i386 CI as it always fails
PR:		240085
Sponsored by:	The FreeBSD Foundation
2019-09-17 22:08:16 +00:00
asomers
0917480bfd fusefs: initialize C++ classes the Coverity way
Coverity complained that I wasn't initializing some class members until the
SetUp method.  Do it in the constructor instead.

Reported by:	Coverity
Coverity CIDs:	1404352, 1404378
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2019-09-16 15:56:21 +00:00