Commit Graph

638 Commits

Author SHA1 Message Date
asomers
543698f955 audit(4): add tests for ioctl(2)
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15872
2018-06-19 01:32:33 +00:00
asomers
aff9d827f8 audit(4): Add tests for {get/set}auid, {get/set}audit, {get/set}audit_addr
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15871
2018-06-18 15:37:43 +00:00
asomers
2d3768367c audit(4): add tests for send, recv, sendto, and recvfrom
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15869
2018-06-18 15:27:31 +00:00
asomers
2ac4b4bc88 audit(4): add tests for extattr_set_file and friends
Includes extattr_{set_file, _set_fd, _set_link, _delete_file, _delete_fd,
_delete_link}

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15867
2018-06-18 15:07:10 +00:00
asomers
a55f161dfe Fix 32-bit build after 335307
This was correct in the final version on Phabricator, but somehow I screwed
up applying the patch locally.

Reported by:	linimon
Pointy-hat-to:	asomers
MFC after:	2 weeks
X-MFC-With:	335307
2018-06-18 04:12:58 +00:00
asomers
805312ea35 audit(4): add tests for Sys V shared memory syscalls
includes shmget, shmat, shmdt, and shmctl

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15860
2018-06-17 21:29:35 +00:00
asomers
764bfb4968 audit(4): add tests for connect, connectat, and accept
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15853
2018-06-17 17:43:55 +00:00
asomers
fceb879fc9 audit(4): Add tests for a few syscalls in the ad class
The ad audit class is for administrative commands.  This commit adds test
for settimeofday, adjtime, and getfh.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15861
2018-06-17 16:24:46 +00:00
asomers
b92ae4485f audit(4): add tests for extattr_get_file(2) and friends
This commit includes extattr_{get_file, get_fd, get_link, list_file,
list_fd, list_link}.  It does not include any syscalls that modify, set, or
delete extended attributes, as those are in a different audit class.

Submitted by:	aniketpt
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15859
2018-06-17 15:22:27 +00:00
asomers
9ce642a5e2 audit(4): add tests for chflags and friends
chflags, fchflags, and lchflags (but not chflagsat) are included.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15854
2018-06-17 03:10:25 +00:00
asomers
c011ed08c9 audit(4): add tests for pathconf(2) and friends
pathconf, lpathconf, and fpathconf are included

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15842
2018-06-16 18:29:24 +00:00
asomers
ae064bedd4 audit(4): add tests for POSIX message queues
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15848
2018-06-16 18:22:35 +00:00
asomers
874c879405 audit(4): add tests for chown(2) and friends
Includes chown, fchown, lchown, and fchownat

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15825
2018-06-16 15:38:59 +00:00
asomers
3f1afae2ac audit(4): add tests for bind(2), bindat(2), and listen(2)
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15843
2018-06-16 15:25:08 +00:00
asomers
250b654c2a audit(4): Add a few tests for network-related syscalls
Add tests for socket(2), socketpair(2), and setsockopt(2)

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15803
2018-06-15 16:41:28 +00:00
asomers
f69a441196 audit(4): improve formatting in tests/sys/audit/open.c
[skip ci]

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15797
2018-06-15 15:36:10 +00:00
asomers
6bd14ddc28 audit(4): add tests for access(2), chmod(2), and friends
access(2), eaccess(2), faccessat(2), chmod(2), fchmod(2), lchmod(2), and
fchmodat(2).

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15805
Differential Revision:	https://reviews.freebsd.org/D15808
2018-06-15 15:32:02 +00:00
asomers
82a0bde6bd audit(4): add tests for fhopen, fhstat, and fhstatfs
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15798
2018-06-14 15:04:49 +00:00
asomers
ce4e493df6 audit(4): fix typo from r335136
Typo in Makefile accidentally disabled some older tests

MFC after:	2 weeks
X-MFC-With:	335136
2018-06-14 14:53:01 +00:00
asomers
8f6414df26 audit(4): add tests for flock, fcntl, and fsync
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15795
2018-06-14 13:42:58 +00:00
asomers
4ad236897f audit(4): add tests for statfs(2), fstatfs(2), and getfsstat(2)
Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15750
2018-06-14 02:30:43 +00:00
asomers
a18fc3520b audit(4): Fix file descriptor leaks in ATF tests
Submitted by:	aniketp
Reported by:	Coverity
CID:		1393343 1393346 1392695 1392781 1391709 1392078 1392413
CID:		1392014 1392521 1393344 1393345 1393347 1393348 1393349
CID:		1393354 1393355 1393356 1393357 1393358 1393360 1393362
CID:		1393368 1393369 1393370 1393371 1393372 1393373 1393376
CID:		1393380 1393384 1393387 1393388 1393389
MFC after:	2 weeks
Sponsored by:	Google, Inc (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15782
2018-06-13 17:01:57 +00:00
asomers
68bb56ea94 audit(4): add tests for stat(2) and friends
This revision adds auditability tests for stat, lstat, fstat, and fstatat,
all from the fa audit class.  More tests from that audit class will follow.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15709
2018-06-10 21:36:29 +00:00
kp
74fff64306 pf tests: Basic route-to tests
Very basic route-to tests. These tests attempt to provoke PR 228782 for IPv4
and IPv6. A test failure will panic the machine.
2018-06-09 14:21:07 +00:00
asomers
8e40219f08 audit(4): add tests for open(2) and openat(2)
These syscalls are atypical, because each one corresponds to several
different audit events, and they each pass several different audit class
filters.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15657
2018-06-05 20:13:24 +00:00
asomers
ea3776a952 audit(4): add tests for the cl audit class
The only syscalls in this class are close, closefrom, munmap, and revoke.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15650
2018-06-03 23:36:29 +00:00
asomers
f7cc577f1a audit(4): add tests for the fd audit class
The only syscalls in this class are rmdir, unlink, unlinkat, rename, and
renameat.  Also, set is_exclusive for all audit(4) tests, because they can
start and stop auditd.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15647
2018-06-01 21:24:10 +00:00
asomers
056a819389 audit(4): Add tests for the fw class of syscalls.
truncate and ftruncate are the only syscalls in this class, apart from
certain variations of open and openat, which will be handled in a different
file.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15640
2018-06-01 16:23:47 +00:00
asomers
cd2f1cc833 audit(4): Add tests for the fr class of syscalls
readlink and readlinkat are the only syscalls in this class.  open and
openat are as well, but they'll be handled in a different file.  Also, tidy
up the copyright headers of recently added files in this area.

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc. (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15636
2018-06-01 01:37:07 +00:00
asomers
e81043a32a Revert r334362
Reconnect tests/sys/audit now that the GCC issue is fixed by 334388

MFC after:	2 weeks
X-MFC-With:	334362, 334360, 334388
2018-05-30 19:58:36 +00:00
emaste
dc243357c9 Temporarily disconnect audit tests
Audit tests added in r334360 broke the build on a number of archs.
Remove the subdir from the top level tests/sys/Makefile until they're
fixed.
2018-05-30 00:36:58 +00:00
asomers
c6edf8b386 Add initial set of tests for audit(4)
This change includes the framework for testing the auditability of various
syscalls, and includes changes for the first 12.  The tests will start
auditd(8) if needed, though they'll be much faster if it's already running.
The syscalls tested in this commit include mkdir(2), mkdirat(2), mknod(2),
mknodat(2), mkfifo(2), mkfifoat(2), link(2), linkat(2), symlink(2),
symlinkat(2), rename(2), and renameat(2).

Submitted by:	aniketp
MFC after:	2 weeks
Sponsored by:	Google, Inc (GSoC 2018)
Differential Revision:	https://reviews.freebsd.org/D15286
2018-05-29 23:08:33 +00:00
jhb
1f3be0d244 Export a breakpoint() function to userland for riscv.
As a result, enable tests using breakpoint() on riscv.

Reviewed by:	br
Differential Revision:	https://reviews.freebsd.org/D15191
2018-05-16 16:56:35 +00:00
emaste
f3b0d7717c Strip trailing / from TESTSDIR
Otherwise makefs gets upset:
makefs: ./usr/tests/sys/cddl/zfs/tests/exec/: empty leaf element

Sponsored by:	The FreeBSD Foundation
2018-05-11 16:11:24 +00:00
emaste
e8c6b9b238 Disable connectat/bindat with AT_FDCWD in capmode
Previously it was possible to connect a socket (which had the
CAP_CONNECT right) by calling "connectat(AT_FDCWD, ...)" even in
capabilties mode.  This combination should be treated the same as a call
to connect (i.e. forbidden in capabilities mode).  Similarly for bindat.

Disable connectat/bindat with AT_FDCWD in capabilities mode, fix up the
documentation and add tests.

PR:		222632
Submitted by:	Jan Kokemüller <jan.kokemueller@gmail.com>
Reviewed by:	Domagoj Stolfa
MFC after:	1 week
Relnotes:	Yes
Differential Revision:	https://reviews.freebsd.org/D15221
2018-04-30 17:31:06 +00:00
kib
afb18d6a7b Remove redundant pipe from pdeathsig.c test.
A pipe was was left over from a development version of pdeathsig.c and
is not needed.

Process C waits for a signal that'll be generated when process B
exists. Process B waits for process D to send it a byte via pipe_db
before it exits. Process D sends the byte after it has started
ptrace()ing process C. The point of the test is to show that process C
receives the signal because process B exited, even though C has been
reparented to process D. The pipe pipe_cd isn't doing anything useful
(though in an earlier version of the patch it did). Clean that up by
removing the useless pipe.

Submitted by:	Thomas Munro
MFC after:	6 days
Differential revision:	https://reviews.freebsd.org/D15214
2018-04-27 16:34:28 +00:00
jhb
111eb02587 Shorten some recently-added lines that are an extra indent over 80 columns. 2018-04-24 23:22:45 +00:00
jhb
e2b0d83db1 Add two tests for TRAP_* signal codes for SIGTRAP.
- ptrace__breakpoint_siginfo tests that a SIGTRAP for a software breakpoint
  in userland triggers a SIGTRAP with a signal code of TRAP_BRKPT.
- ptrace__step_siginfo tests that a SIGTRAP reported for a step after
  stepping via PT_STEP or PT_SETSTEP has a signal code of TRAP_TRACE.
2018-04-24 05:30:05 +00:00
jhb
bcd7a2f67d Expose breakpoint() to userland from <machine/cpufunc.h> on MIPS.
Enable ptrace() tests using breakpoint on MIPS as well.

Tested on:	mips64
MFC after:	1 month
2018-04-24 05:26:28 +00:00
jhb
cd0a5de420 Extend support for ptrace() tests using breakpoints.
- Use a single list of platforms to define HAVE_BREAKPOINT for platforms
  that expose a functional breakpoint() inline to userland.  Replace
  existing lists of platform tests with HAVE_BREAKPOINT instead.
- Add support for advancing PC past a breakpoint inserted via breakpoint()
  to support the existing ptrace__PT_CONTINUE_different_thread test on
  non-x86 platforms (x86 advances the PC past the breakpoint instruction,
  but other platforms do not).  This is implemented by defining a new
  SKIP_BREAK macro which accepts a pointer to a 'struct reg' as its sole
  argument and modifies the contents to advance the PC.  The intention is
  to use it in between PT_GETREGS and PT_SETREGS.

Tested on:	amd64, i386, mips (after adding a breakpoint() to mips)
MFC after:	1 month
2018-04-24 05:20:16 +00:00
kib
f051bf839c Rename PROC_PDEATHSIG_SET -> PROC_PDEATHSIG_CTL and PROC_PDEATHSIG_GET
-> PROC_PDEATHSIG_STATUS for consistency with other procctl(2)
operations names.

Requested by:	emaste
Sponsored by:	The FreeBSD Foundation
MFC after:	13 days
2018-04-20 15:19:27 +00:00
kib
a8cb340144 Add PROC_PDEATHSIG_SET to procctl interface.
Allow processes to request the delivery of a signal upon death of
their parent process.  Supposed consumer of the feature is PostgreSQL.

Submitted by:	Thomas Munro
Reviewed by:	jilles, mjg
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D15106
2018-04-18 21:31:13 +00:00
jhb
6d687d5919 Properly do a deep copy of the ioctls capability array for fget_cap().
fget_cap() tries to do a cheaper snapshot of a file descriptor without
holding the file descriptor lock.  This snapshot does not do a deep
copy of the ioctls capability array, but instead uses a different
return value to inform the caller to retry the copy with the lock
held.  However, filecaps_copy() was returning 1 to indicate that a
retry was required, and fget_cap() was checking for 0 (actually
'!filecaps_copy()').  As a result, fget_cap() did not do a deep copy
of the ioctls array and just reused the original pointer.  This cause
multiple file descriptor entries to think they owned the same pointer
and eventually resulted in duplicate frees.

The only code path that I'm aware of that triggers this is to create a
listen socket that has a restricted list of ioctls and then call
accept() which calls fget_cap() with a valid filecaps structure from
getsock_cap().

To fix, change the return value of filecaps_copy() to return true if
it succeeds in copying the caps and false if it fails because the lock
is required.  I find this more intuitive than fixing the caller in
this case.  While here, change the return type from 'int' to 'bool'.

Finally, make filecaps_copy() more robust in the failure case by not
copying any of the source filecaps structure over.  This avoids the
possibility of leaking a pointer into a structure if a similar future
caller doesn't properly handle the return value from filecaps_copy()
at the expense of one more branch.

I also added a test case that panics before this change and now passes.

Reviewed by:	kib
Discussed with:	mjg (not a fan of the extra branch)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D15047
2018-04-17 18:07:40 +00:00
asomers
11de77c3db lio_listio: return EAGAIN instead of EIO when out of resources
This behavior is already documented by the man page, and suggested by POSIX.

Reviewed by:	jhb
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D15099
2018-04-16 18:12:15 +00:00
eadler
b738dbf7e0 [tests] change tests/sys/acl/run to run on perl 5.26
Previously unescaped regex just resulted in a warning. Now it results in
a failed test.
2018-04-11 07:15:30 +00:00
kp
b2c15d2005 pf tests: Do not build or install if pf is not enabled
Do not build or install pf tests if WITHOUT_PF is set. This fixes the build
failure with WITHOUT_PF=yes.

Reported by:	Vladimir Zakharov <zakharov.vv@gmail.com>
2018-04-10 12:45:34 +00:00
kp
031fa4e3b9 pf tests: Basic ioctl validation
Basic validation tests for DIOCRADDADDRS, DIOCRDELADDRS, DIOCRSETADDRS,
DIOCRGETADDRS, DIOCRGETASTATS, DIOCRCLRASTATS, DIOCRTSTADDRS,
DIOCRINADEFINE, DIOCXBEGIN and DIOCXROLLBACK.

MFC after:	1 week
2018-04-06 19:37:15 +00:00
kp
f5bb7e1380 pf tests: Try to provoke a memory leak
There was a memory leak in the DIOCRADDTABLES ioctl() code which could
be triggered by trying to add tables with the same name.
Try to provoke this memory leak. It was fixed in r331225.

MFC after:	1 week
2018-04-06 19:22:22 +00:00
kp
00ad8fadf0 pf tests: Basic ioctl validation for DIOCIGETIFACES and DIOCXCOMMIT
Validate the DIOCIGETIFACES and DIOCXCOMMIT ioctls with invalid values.

MFC after:	1 week
2018-04-06 19:21:29 +00:00
kp
01a46893f7 pf tests: Basic ioctl validation for DIOCRGETTABLES, DIOCRGETTSTATS, DIOCRCLRTSTATS and DIOCRSETTFLAGS
Validate the DIOCRGETTABLES, DIOCRGETTSTATS, DIOCRCLRTSTATS and
DIOCRSETTFLAGS ioctls with invalid values. These may succeed (because
the kernel uses the minimally required size, not the specified size),
but should not trigger kernel panics.

MFC after:	1 week
2018-04-06 15:57:20 +00:00
kp
7cad8d5216 pf tests: Basic ioctl validation tests
Validate the DIOCRADDTABLES and DIOCRDELTABLES ioctls with invalid size
values. All of these requests should fail.

MFC after:	1 week
2018-04-06 15:03:48 +00:00
avg
b1e43a7293 ZFS test suite: fix uses of illumos /dev/[r]dsk/ and /dev/zvol/[r]dsk/ 2018-03-27 11:49:15 +00:00
cem
f5c5ebb133 Import Blake2 algorithms (blake2b, blake2s) from libb2
The upstream repository is on github BLAKE2/libb2.  Files landed in
sys/contrib/libb2 are the unmodified upstream files, except for one
difference:  secure_zero_memory's contents have been replaced with
explicit_bzero() only because the previous implementation broke powerpc
link.  Preferential use of explicit_bzero() is in progress upstream, so
it is anticipated we will be able to drop this diff in the future.

sys/crypto/blake2 contains the source files needed to port libb2 to our
build system, a wrapped (limited) variant of the algorithm to match the API
of our auth_transform softcrypto abstraction, incorporation into the Open
Crypto Framework (OCF) cryptosoft(4) driver, as well as an x86 SSE/AVX
accelerated OCF driver, blake2(4).

Optimized variants of blake2 are compiled for a number of x86 machines
(anything from SSE2 to AVX + XOP).  On those machines, FPU context will need
to be explicitly saved before using blake2(4)-provided algorithms directly.
Use via cryptodev / OCF saves FPU state automatically, and use via the
auth_transform softcrypto abstraction does not use FPU.

The intent of the OCF driver is mostly to enable testing in userspace via
/dev/crypto.  ATF tests are added with published KAT test vectors to
validate correctness.

Reviewed by:	jhb, markj
Obtained from:	github BLAKE2/libb2
Differential Revision:	https://reviews.freebsd.org/D14662
2018-03-21 16:18:14 +00:00
cem
a70ff33ae9 Appease GCC 4.2
It mistakenly believes the 'static' keyword must come first.  Fix PPC,
Sparc64, and maybe MIPS world.  Fallout from r331279.

Reported by:	tinderbox (results come slowly)
2018-03-21 04:44:19 +00:00
cem
82710b55b6 Implement getrandom(2) and getentropy(3)
The general idea here is to provide userspace programs with well-defined
sources of entropy, in a fashion that doesn't require opening a new file
descriptor (ulimits) or accessing paths (/dev/urandom may be restricted
by chroot or capsicum).

getrandom(2) is the more general API, and comes from the Linux world.
Since our urandom and random devices are identical, the GRND_RANDOM flag
is ignored.

getentropy(3) is added as a compatibility shim for the OpenBSD API.

truss(1) support is included.

Tests for both system calls are provided.  Coverage is believed to be at
least as comprehensive as LTP getrandom(2) test coverage.  Additionally,
instructions for running the LTP tests directly against FreeBSD are provided
in the "Test Plan" section of the Differential revision linked below.  (They
pass, of course.)

PR:		194204
Reported by:	David CARLIER <david.carlier AT hardenedbsd.org>
Discussed with:	cperciva, delphij, jhb, markj
Relnotes:	maybe
Differential Revision:	https://reviews.freebsd.org/D14500
2018-03-21 01:15:45 +00:00
jhb
1a65f86393 Revert r318180 and re-enable AIO tests on md(4) by default.
The 'physio' fast-path used by AIO requests on md(4) devices, is not
gated on the unsafe_aio knob.  Prior to r327755, some AIO requests could
fail the fast-path and fall back to the slow-path (requests for devices
not supporting unmapped I/O and requests which failed with EFAULT during
the fast-path).  However, those cases now return a suitable error rather
than using the slow-path.

PR:		217261
Reviewed by:	asomers
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D14742
2018-03-19 19:09:15 +00:00
asomers
9453291754 aio_kqueue_test: fix the build when DEBUG=1
Also, make the debug output more verbose
2018-03-17 17:52:47 +00:00
asomers
54b923f116 aio: add an ATF test case for aio_fsync error conditions 2018-03-17 17:48:21 +00:00
avg
70d3015489 zfs test suite: move definition of DISK to the cfg file in zpool_get
The variable is used not only by the setup script but also by the
atf test bodies.

Another one that should have been in r331001.
2018-03-15 14:47:53 +00:00
avg
d18c11d977 zfs test suite: add new pool properties / features to the zpool_get list 2018-03-15 14:41:09 +00:00
avg
48b97d5d87 zfs test suite: move definition of DISK to the cfg file in zpool_get
The variable is used not only by the setup script but also by the
atf test bodies.

This should have been in r331001.
2018-03-15 14:35:46 +00:00
avg
879c091c18 zfs test suite: move definition of DISK to the cfg file in zpool_export
The variable is used not only by the setup script but also by the
atf test bodies.
2018-03-15 14:23:31 +00:00
avg
e4101f8332 zfs test suite: support device paths with intermediate directories
The code assumed that disks (devices) used for testing are always named
like /dev/foo, but there is no reason for that restriction and we can
easily support paths like /dev/stripe/bar.
2018-03-15 12:47:34 +00:00
avg
8175405d05 zfs test suite: fix a typo, TESTPOOL vs TESTPOOL2 2018-03-15 12:44:13 +00:00
avg
7edb325f17 zfs test suite: destroy old gnops before creating new ones 2018-03-15 12:42:19 +00:00
avg
bdc3dfd471 zfs test suite: align zfs_destroy_005_neg: with upstream
The change is to account for a different order in which the recursive
destroy may be attempted.  If we first try a dataset that can be destroyed
then it will be destroyed, but if we first try a dataset that cannot be
destroyed then we will not attempt to destroy the other dataset.
2018-03-15 12:40:43 +00:00
avg
6fc7a54f8f zfs test suite: fix a typo, da0 vs $disk 2018-03-15 12:35:22 +00:00
avg
943ee1290a re-enable zfs_copies_006_pos test after a fix in r330977
The test was disabled in r329408.

PR:		225960
2018-03-15 09:28:10 +00:00
avg
bcb04b04f3 re-enable zpool_upgrade_007_pos test after the fix in r330974
The test was disabled in r329248.

PR:		225877
2018-03-15 08:52:49 +00:00
asomers
79ce79e216 Add tests for lagg(4) and other cloned network interfaces
Unfortunately, most of the tests are disabled because they fairly frequently
trigger panics.

MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2018-02-23 18:18:42 +00:00
asomers
3b1068d587 Add the ZFS test suite
It was originally written by Sun as part of the STF (Solaris test framework).
They open sourced it in OpenSolaris, then HighCloud partially ported it to
FreeBSD, and Spectra Logic finished the port.  We also added many testcases,
fixed many broken ones, and converted them all to the ATF framework.  We've had
help along the way from avg, araujo, smh, and brd.

By default most of the tests are disabled.  Set the disks Kyua variable to
enable them.

Submitted by:	asomers, will, justing, ken, brd, avg, araujo, smh
Sponsored by:	Spectra Logic Corp, HighCloud
2018-02-23 16:31:00 +00:00
asomers
605b141a34 gpart: append partition name to the underlying provider's physical path
If the underlying provider's physical path is null, then the gpart device's
physical path will be, too. Otherwise, it will append the partition name,
such as "/p1" or "/s1/a". This will make gpart work better with zfsd(8).

PR:		224965
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D14010
2018-02-14 20:26:09 +00:00
asomers
d2bcc1e2c3 geli: append "/eli" to the underlying provider's physical path
If the underlying provider's physical path is null, then the geli device's
physical path will be, too. Otherwise, it will append "/eli".  This will make
geli work better with zfsd(8).

PR:		224962
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D13979
2018-02-14 20:15:32 +00:00
brooks
c5f0264e6d Fix and enable SysV IPC tests.
Don't declare some types that FreeBSD incorrectly declares.

Fix an incorrect call to open() (missing mode).

ANSIfy prototypes.

Enable SysV message queue, semaphore, and shared memory tests.

With exception of the workaround for union semun, these fixes have been
committed to NetBSD.

Reviewed by:	asomers
Approved by:	CheriBSD
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D13471
2018-02-05 18:48:00 +00:00
jhb
7bdede206f Mark the unused argument to continue_thread() as such.
clang in HEAD and 11 does not warn about this, but clang in 10 does.
2018-01-24 17:46:20 +00:00
cem
d67e92fd24 Add ccp(4): experimental driver for AMD Crypto Co-Processor
* Registers TRNG source for random(4)
* Finds available queues, LSBs; allocates static objects
* Allocates a shared MSI-X for all queues.  The hardware does not have
  separate interrupts per queue.  Working interrupt mode driver.
* Computes SHA hashes, HMAC.  Passes cryptotest.py, cryptocheck tests.
* Does AES-CBC, CTR mode, and XTS.  cryptotest.py and cryptocheck pass.
* Support for "authenc" (AES + HMAC).  (SHA1 seems to result in
  "unaligned" cleartext inputs from cryptocheck -- which the engine
  cannot handle.  SHA2 seems to work fine.)
* GCM passes for block-multiple AAD, input lengths

Largely based on ccr(4), part of cxgbe(4).

Rough performance averages on AMD Ryzen 1950X (4kB buffer):
aesni:      SHA1: ~8300 Mb/s    SHA256: ~8000 Mb/s
ccp:               ~630 Mb/s    SHA256:  ~660 Mb/s  SHA512:  ~700 Mb/s
cryptosoft:       ~1800 Mb/s    SHA256: ~1800 Mb/s  SHA512: ~2700 Mb/s

As you can see, performance is poor in comparison to aesni(4) and even
cryptosoft (due to high setup cost).  At a larger buffer size (128kB),
throughput is a little better (but still worse than aesni(4)):

aesni:      SHA1:~10400 Mb/s    SHA256: ~9950 Mb/s
ccp:              ~2200 Mb/s    SHA256: ~2600 Mb/s  SHA512: ~3800 Mb/s
cryptosoft:       ~1750 Mb/s    SHA256: ~1800 Mb/s  SHA512: ~2700 Mb/s

AES performance has a similar story:

aesni:      4kB: ~11250 Mb/s    128kB: ~11250 Mb/s
ccp:               ~350 Mb/s    128kB:  ~4600 Mb/s
cryptosoft:       ~1750 Mb/s    128kB:  ~1700 Mb/s

This driver is EXPERIMENTAL.  You should verify cryptographic results on
typical and corner case inputs from your application against a known- good
implementation.

Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12723
2018-01-18 22:01:30 +00:00
asomers
2efe3d3999 gnop(8): add the ability to set a nop provider's physical path
While I'm here, expand the existing tests a bit.

MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D13579
2018-01-18 05:57:10 +00:00
markj
b5f33a8488 Add regression tests for r327779.
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2018-01-10 19:41:05 +00:00
markj
3489c1d279 Remove the executable bit from some recently added test scripts. 2018-01-10 15:55:07 +00:00
kp
0299fa77d4 pf tests: Fix pft_ping.py to work with scapy 2.3.3
Scapy requires the Raw payload to be a string, which was not the case. This
caused the pft_ping.py script to fail, which in turn caused the test to fail.
2018-01-09 19:02:42 +00:00
asomers
fa15b01717 geli: optimize tests
Reduce the geli tests' runtime by about a third:

* In integrity_test:copy, use a file-backed md(4) device instead of a
  malloc'd one.  That way we can corrupt the underlying storage without
  needing to detach and reattach the geli device.

* In integrity_test:{copy, hmac, data} and onetime_test:{onetime,
  onetime_a}, move reads of /dev/random out of the loop.

MFC after:	2 weeks
2018-01-08 00:10:45 +00:00
asomers
339093aef3 geli: convert remaining TAP tests to ATF
MFC after:	2 weeks
2018-01-07 22:21:07 +00:00
asomers
08ca9706de Fix typo from r327666
MFC after:	13 days
X-MFC-With:	327666
2018-01-07 21:57:52 +00:00
asomers
7edc58b100 geli: fix parallel execution of tests
The trick is not to destroy an md(4) device during a test.  That can create
a "double-free" situation, because we also destroy md devices during test
cleanup.

MFC after:	2 weeks
2018-01-07 02:30:08 +00:00
asomers
e763de9c0f geli: convert most tests from TAP to ATF
I'm leaving readonly_test and nokey_test alone for now. In a future commit
they should be broken up into several smaller test cases and distributed
between multiple files.

Reviewed by:	ngie
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D13717
2018-01-07 00:44:22 +00:00
asomers
4b3ff77d9e geli: fix the resize test on arm64
The resize test used bsdlabel(8), which is not available on all
architectures.  Change it to use gpart(8) instead, which should be available
everywhere.

PR:		221763
Reported by:	andrew
MFC after:	2 weeks
2017-12-29 18:42:55 +00:00
asomers
0c277cb154 Fix a harmless typo from r310786
I copy/pasted a reference to an undefined shell variable.

MFC after:	2 weeks
2017-12-29 18:09:06 +00:00
asomers
18c7f73d7f geli: factor out some common code in the geli tests
No functional change.

MFC after:	2 weeks
Sponsored by:	Spectra Logic Corp
2017-12-29 16:13:06 +00:00
asomers
2976345217 Fix potential TOCTTOU bug in the geli tests
This change mostly reverts r293436, which introduced the bug due to a belief
that geli(8) would allocate md(4) devices by itself. However, that belief is
incorrect. Instead of using linear probing to find available md(4) numbers,
it's best to use the existing attach_md function.

Reviewed by:	ngie
MFC after:	2 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D13666
2017-12-29 16:06:10 +00:00
eadler
a2cad14ef1 other: Fix several typos and minor errors
- duplicate words
- typos
- references to old versions of FreeBSD

Reviewed by:	imp, benno
2017-12-27 03:23:58 +00:00
jhb
b1e08aa1e7 Catch up to r325719 which makes the kern.proc.pid sysctl "work" for zombies.
Some of the ptrace tests need to wait for a child process to become a
zombie before preceding.  The parent process polls the child process
via the kern.proc.pid sysctl to wait for it to become a zombie.
Previously the code polled until the sysctl failed with ESRCH.  Now it
will poll until either the sysctl fails with ESRCH (for compatiblity
with older kernels) or returns a kinfo_proc structure with the ki_stat
field set to SZOMB.

Reported by:	Jenkins
Tested by:	markj
Discussed with:	mjg
MFC after:	1 week
2017-12-18 23:35:14 +00:00
markj
e72694acd0 Skip gnop tests if the corresponding kernel module isn't available.
Reviewed by:	asomers
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D13500
2017-12-15 17:10:51 +00:00
markj
ba186645e4 Belatedly add syncwait.
X-MFC with:	r326861
2017-12-14 22:15:46 +00:00
markj
5ade349271 Make indentation consistent with other tests, and use syncwait.
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-12-14 22:14:07 +00:00
markj
fc527b5be2 Add some basic tests for gmirror read and write error handling.
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-12-14 22:11:35 +00:00
kp
b5095f7a50 tests: ipsec: Don't load/unload aesni.ko in the test header
We can't kldunload in the test head as Kyua interprets any output from
them. This would lead to syntax errors and skipping the entire file.

Move the kld commands into the test case bodies.

Pointed out by: asomers@
2017-12-03 18:35:07 +00:00
kp
9f755fc976 Add IPSec tests in tunnel mode
Some IPSec in tunnel mode allowing to test multiple IPSec
configurations.  These tests are reusing the jail/vnet scripts from pf
tests for generating complex network.

Submitted by:	olivier@
Differential Revision:	https://reviews.freebsd.org/D13017
2017-12-03 13:52:35 +00:00
cem
30b90e55c4 vfs_lookup: Allow PATH_MAX-1 symlinks
Previously, symlinks in FreeBSD were artificially limited to PATH_MAX-2.

Add a short test case to verify the change.

Submitted by:	Gaurav Gangalwar <ggangalwar AT isilon.com>
Reviewed by:	kib
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12589
2017-11-17 19:25:39 +00:00
asomers
c9aceb8701 Fix build on arm after r325817
Reported by:	rpokala
MFC after:	3 weeks
X-MFC-With:	325817
Sponsored by:	Spectra Logic Corp
2017-11-14 21:11:55 +00:00
asomers
3fe73f3b6b AIO tests: increase limits
tests/sys/aio/aio_kqueue_test.c
	Instead of using a hard-coded queue depth, use
	vfs.aio.max_aio_queue_per_proc

tests/sys/aio/lio_kqueue_test.c
	The old, small limit on lio_listio's operation count was lifted by
	change 324941.  Raise the operation count as high as possible without
	exceeding the process's operation limit.

MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-11-14 17:46:37 +00:00
bdrewery
a598c4b809 DIRDEPS_BUILD: Update dependencies.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:07:04 +00:00
bdrewery
a4164f0dcd DIRDEPS_BUILD: Connect new directories.
Sponsored by:	Dell EMC Isilon
2017-10-31 00:04:07 +00:00
jhb
0472a49b7f Discard the correct thread event reported for a ptrace stop.
When multiple threads wish to report a tracing event to a debugger,
both threads call ptracestop() and one thread will win the race to be
the reporting thread (p->p_xthread).  The debugger uses PT_LWPINFO
with the process ID to determine which thread / LWP is reporting an
event and the details of that event.  This event is cleared as a side
effect of the subsequent ptrace event that resumed the process
(PT_CONTINUE, PT_STEP, etc.).  However, ptrace() was clearing the
event identified by the LWP ID passed to the resume request even if
that wasn't the 'p_xthread'.  This could result in clearing an event
that had not yet been observed by the debugger and leaving the
existing event for 'p_thread' pending so that it was reported a second
time.

Specifically, if the debugger stopped due to a software breakpoint in
one thread, but then switched to another thread that was used to
resume (e.g. if the user switched to a different thread and issued a
step), the resume request (PT_STEP) cleared a pending event (if any)
for the thread being stepped.  However, the process immediately
stopped and the first thread reported it's breakpoint event a second
time.  The debugger decremented the PC for "both" breakpoint events
which resulted in the PC now pointing into the middle of an
instruction (on x86) and a SIGILL fault when the process was resumed a
second time.

To fix, always clear the pending event for 'p_xthread' when resuming a
process.  ptrace() still honors the requested LWP ID when enabling
single-stepping (PT_STEP) or setting a different PC (PT_CONTINUE).

Reported by:	GDB testsuite (gdb.threads/continue-pending-status.exp)
Reviewed by:	kib
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D12794
2017-10-27 03:16:19 +00:00
kp
520bd817dc pf tests: Remove temporary files
Remove the created_jails.lst and created_interfaces.lst files in the
cleanup code.
2017-10-26 20:55:33 +00:00
kp
cc68fe5536 pf tests: Fragmentation (v6) test
Test fragmentation handling (i.e. scrub fragment reassemble) code for
IPv6.

Two simple tests: Ping a host (jail) and test forwarding of fragmented
packets.
2017-10-26 20:54:52 +00:00
kp
ead19d9f9c pf tests: destroy jails before destroying interfaces
When cleaning up we must destroy the jails before we destroy the interfaces.
Otherwise we might try to destroy interfaces that belong to a jail, which won't
work and fail to completely clean up.
2017-10-26 20:53:56 +00:00
jhb
8766a11b64 Add a test for sending a signal while stepping a thread via PT_STEP.
MFC after:	1 week
2017-10-25 17:23:33 +00:00
bdrewery
5e6f8d9e40 Add a test for r324671 along with some other masked tests.
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-10-17 19:01:01 +00:00
bdrewery
a735b12086 This child is expected to exit on SIGTRAP, don't leave a core behind.
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
2017-10-16 20:06:24 +00:00
kp
df7329fbf7 pf tests: Use pft_set_rules everywhere
We now have a utility function to set pf rules in the jail. Use it
whenever we need to set the pf rules in the test jail.
2017-10-16 15:05:32 +00:00
kp
eb4416b626 pf tests: Basic IPv6 forwarding tests
Pass/block packets in the forwarding path with pf.

Introduce the pft_set_rules() helper function, because we need to
remember to flush states between individual tests. If not we can get
packets passing despite rules blocking them because they match states
created in a previous test.

Extend pft_ping.py to be able to send IPv6 echo requests.
2017-10-16 15:03:45 +00:00
kp
0612da0910 pf: test set-tos
Introduce tests for the set-tos feature of pf. Teach pft_ping.py to send
and verify ToS flags.
2017-10-16 15:01:49 +00:00
bdrewery
070acc3550 Fix shadowed variable hidden by WARNS changing to 3 in r313006.
Sponsored by:	Dell EMC Isilon
MFC after:	1 week
2017-10-12 19:58:21 +00:00
ngie
42a5537248 Check the exit code from fsck_ffs instead of relying on MODIFIED being in the output
^/head@r323923 changed when MODIFIED is printed at exit. It's better to follow the
documented way of determining whether or not a filesystem is clean per fsck_ffs, i.e.,
ensure that the exit code is either 0 or 7.

The pass/fail determination is brittle prior to this commit, and ^/head@r323923 made
the issue apparent -- thus this needs to be fixed independent of ^/head@r323923.

PR:		222780
MFC after:	1 week
MFC with:	r323923
Reported by:	Jenkins
2017-10-10 05:58:33 +00:00
kp
266888db2b pf: Very basic forwarding test
This test illustrates the use of scapy to test pf.

Differential Revision:	https://reviews.freebsd.org/D12581
2017-10-06 20:51:32 +00:00
kp
2646db1c87 pf: Basic automated test using VIMAGE
If VIMAGE is present we can start jails with their own pf instance. This
makes it fairly easy to run tests.
For example, this basic test verifies that drop/pass and icmp
classification works. It's a basic sanity test for pf, and hopefully an
example on how to write more pf tests.

The tests are skipped if VIMAGE is not enabled.

This work is inspired by the GSoC work of Panagiotes Mousikides.

Differential Revision:	https://reviews.freebsd.org/D12580
2017-10-06 20:43:14 +00:00
cem
de7a7877e1 aesni(4): Add support for x86 SHA intrinsics
Some x86 class CPUs have accelerated intrinsics for SHA1 and SHA256.
Provide this functionality on CPUs that support it.

This implements CRYPTO_SHA1, CRYPTO_SHA1_HMAC, and CRYPTO_SHA2_256_HMAC.

Correctness: The cryptotest.py suite in tests/sys/opencrypto has been
enhanced to verify SHA1 and SHA256 HMAC using standard NIST test vectors.
The test passes on this driver.  Additionally, jhb's cryptocheck tool has
been used to compare various random inputs against OpenSSL.  This test also
passes.

Rough performance averages on AMD Ryzen 1950X (4kB buffer):
aesni:      SHA1: ~8300 Mb/s    SHA256: ~8000 Mb/s
cryptosoft:       ~1800 Mb/s    SHA256: ~1800 Mb/s

So ~4.4-4.6x speedup depending on algorithm choice.  This is consistent with
the results the Linux folks saw for 4kB buffers.

The driver borrows SHA update code from sys/crypto sha1 and sha256.  The
intrinsic step function comes from Intel under a 3-clause BSDL.[0]  The
intel_sha_extensions_sha<foo>_intrinsic.c files were renamed and lightly
modified (added const, resolved a warning or two; included the sha_sse
header to declare the functions).

[0]: https://software.intel.com/en-us/articles/intel-sha-extensions-implementations

Reviewed by:	jhb
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12452
2017-09-26 23:12:32 +00:00
cem
9ea19b9427 crypto(9): Use a more specific error code when a capable driver is not found
When crypto_newsession() is given a request for an unsupported capability,
raise a more specific error than EINVAL.

This allows cryptotest.py to skip some HMAC tests that a driver does not
support.

Reviewed by:	jhb, rlibby
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D12451
2017-09-26 01:31:49 +00:00
ngie
eda725d65a Convert some idioms over to py3k-compatible idioms
- Import print_function from __future__ and use print(..) instead of `print ..`.
- Use repr instead of backticks when the object needs to be dumped, unless
  print(..) can do it lazily. Use str instead of backticks as appropriate
  for simplification reasons.

This doesn't fully convert these modules over py3k. It just gets over some of
the trivial compatibility hurdles.
2017-09-24 00:14:48 +00:00
cem
7cc3781303 cryptotest.py: Like r323869, skip SHA HMAC tests on non-SHA drivers
Sponsored by:	Dell EMC Isilon
2017-09-22 04:41:48 +00:00
cem
8863661513 cryptotest.py: Fix whitespace style errors
I accidentally introduced different whitespace style in r323878.  I'm not
used to using tabs for indentation in Python scripts.

Whitespace only; no functional change.

Sponsored by:	Dell EMC Isilon
2017-09-22 04:25:44 +00:00
cem
23508ac59c cryptotest.py: Actually use NIST-KAT HMAC test vectors and test the right hashes
Previously, this test was entirely a no-op as no vector in the NIST-KAT file
has a precisely 20-byte key.

Additionally, not every vector in the file is SHA1.  The length field
determines the hash under test, and is now decoded correctly.

Finally, due to a limitation I didn't feel like fixing in cryptodev.py, MACs
are truncated to 16 bytes in this test.

With this change and the uncommitted D12437 (to allow key sizes other than
those used in IPSec), the SHA tests in cryptotest.py actually test something
and e.g. at least cryptosoft passes the test.

Sponsored by:	Dell EMC Isilon
2017-09-21 21:07:21 +00:00
cem
ce5730adaa cryptotest.py: Do not run AES-CBC or AES-GCM tests on non-AES crypto(4) drivers
For some reason, we only skipped AES-XTS tests if a driver was not in the
aesmodules list.  Skip other AES modes as well to prevent spurious failures
in non-AES drivers.

Sponsored by:	Dell EMC Isilon
2017-09-21 18:06:21 +00:00
cem
6a2e937b3f cryptotest.py: Add a seatbelt that we're actually testing anything
Without nist-kat installed, cryptotest.py is a no-op.  Showing 'success' in
that case is unhelpful.

Sponsored by:	Dell EMC Isilon
2017-09-21 05:46:28 +00:00
ngie
18951eee49 Add supporting changes for Add limited sandbox capability to "make check"
Non-tests/... changes:
- Add HAS_TESTS= to Makefiles with libraries and programs to enable iteration
  and propagate the appropriate environment down to *.test.mk.

tests/... changes:
- Add appropriate support Makefile.inc's to set HAS_TESTS in a minimal manner,
  since tests/... is a special subdirectory tree compared to the others.

MFC after:	2 months
MFC with:	r322511
Reviewed by:	arch (silence), testing (silence)
Differential Revision:	D12014
2017-08-14 19:21:37 +00:00
asomers
6d922d0b47 tests/sys/netinet/fibs_test: skip selected tests when firewalls are enabled
Some tests send packets over epair(4) interfaces. Firewalls can cause
spurious failures.

Reviewed by:	ngie
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D11917
2017-08-08 15:37:21 +00:00
ngie
9e96179b9c Make test scripts under tests/... non-executable
Executable bits should be set at install time instead of in the repo.
Setting executable bits on files triggers false positives with Phabricator.

MFC after:	2 months
2017-08-08 04:59:16 +00:00
ngie
d739d878b2 MFhead@r321967 2017-08-03 03:45:48 +00:00
ngie
9487faf877 Chase r321920 and r321930 (dev_t being widened)
The layout of st_rdev has changed after this commit, and assumptions made
in the NetBSD tests are no longer valid. Change the hardcoded assumed
values to account for the fact that major/minor are now represented by
64 bits as opposed to the less precise legacy precision of 16 bits.

PR:	221048
Relnotes: st_rdev layout changed; warning about impact of r321920 to
	  downstream consumers
2017-08-03 03:43:41 +00:00
ngie
6a035474e5 Use bsd.opts.mk, not src.opts.mk 2017-08-03 00:35:35 +00:00
ngie
7ec8e284a3 MFhead@r321960 2017-08-02 22:28:12 +00:00
ngie
e01efdbd81 Use MK_CHECK_USE_SANDBOX in tests/..., to deal with the fact that
tests/... is a special snowflake directory and using HAS_TESTS would
result in a nasty layering violation between bsd.tests.mk and
bsd.prog.mk.

Add reachover Makefile.inc's which get the default value from
Makefile.inc0 (inspired by gnu/usr.bin/binutils/Makefile.inc0).
2017-08-02 22:24:08 +00:00
ngie
baa75b89b8 Annotate tests that require root privileges appropriately
This unbreaks running the tests with unprivileged users.

MFC after:	1 week
2017-08-02 22:19:45 +00:00
ngie
d4aa74266a Fix cosmetic issue with error message
Add missing space in error message related to PR noted.

MFC after:	2 weeks
PR:		220398
2017-08-02 09:49:41 +00:00
bdrewery
088f68e737 Allow changing the test PORT at compile-time.
Sponsored by:	Dell EMC Isilon
2017-07-31 22:00:27 +00:00
ngie
8989e76d12 Remove superfluous exit 0 added in r321702
atf_skip triggers equivalent functionality, which means the `exit 0`
is unreachable code.

PR:		220164
MFC after:	1 month
MFC with:	r321702
2017-07-29 22:03:21 +00:00
ngie
e2012dbcee Load geom_gate(4) if necessary before running tests; skip if it can't be loaded
The test code prior to r311893 loaded geom_gate at test start if necessary and
skipped the tests if it couldn't be loaded.

The ATF-ifcation of this test done in r311893 unfortunately dropped this
functionality.

This change restores the geom_gate module load and skips the test(s) if unavailable
in an ATF-like way.

MFC after:	1 month
PR:		220164
Reported by:	gjb
2017-07-29 22:01:17 +00:00
asomers
8d64b20efc Implement SIGEV_THREAD notifications for lio_listio(2)
Our man pages have always indicated that this was supported, but in fact the
feature was never implemented for lio_listio(2).

Reviewed by:	jhb, kib (earlier version)
MFC after:	20 days
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D11680
2017-07-21 15:09:24 +00:00
ngie
e41883e6e0 Clean up :coredump_phnum
- Use "atf_check -x 'cmd1 | cmd2'" instead of "cmd1 | atf_check cmd2". The
  two forms are idiomatically similar, but subtly different in the sense of
  what program invokes the other, and there could be unwanted side effects
  of the latter idiom dealing with forking, pipes, etc.
- Remove chmod and instead source coredump_phnum_restore_state.sh directly.
  This avoids the need to check the result of the chmod call.
- Fix indentation in an if-block (4 column space indentation -> hard tab).
2017-07-19 16:23:02 +00:00
ngie
0b782649a7 Remove expected failure for :coredump_phnum
The testcase no longer fails on ^/head because readelf has established parity
with binutils' copy of readelf.

This issue is not seen on Jenkins because
`test_suites.FreeBSD.allow_sysctl_side_effects` isn't set in kyua.conf on
the CI host, i.e., the test is skipped.

PR:	215019
Tested with:	binutils (amd64-binutils-2.28,1); elftoolchain (r3561M)
2017-07-19 16:08:08 +00:00
asomers
9d0182f904 Remove dead code that was killed by r320975
Reported by:	Coverity
CID:		1377977
MFC after:	15 days
X-MFC-With:	320975
Sponsored by:	Spectra Logic Corp
2017-07-19 15:22:10 +00:00
asomers
ffa3f53018 Add regression tests for bugs 220459 and 220398
Bug 220398 - lio_listio(2) never sends asynchronous notification if nent==0
Bug 220459 - lio_listio(2) doesn't support SIGEV_THREAD

PR:		220459
PR:		220398
Reviewed by:	cem, jhb
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D11470
2017-07-17 18:33:30 +00:00
asomers
f7f43aa72d Fix the build with GCC after r320975
Reported by:	pfg
MFC after:	20 days
X-MFC-With:	320975
Sponsored by:	Spectra Logic Corp
2017-07-14 21:50:04 +00:00
asomers
0f2819fcf8 Add tests for aio(4) completion notification via signals and threads
Reviewed by:	jhb
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D11468
2017-07-13 22:53:13 +00:00
asomers
222e8588d4 Use ATF cleanup routines in aio_test.c
Remove aio_test's legacy timeout handling and cleanup routines.  Instead,
use ATF's builtin capabilities.  ATF automatically cleans up newly created
files, too, so we don't have to explicitly unlink them.  The only tests than
need a cleanup routine are the md(4) tests, which must destroy their md
device.

Reviewed by:	jhb
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D11468
2017-07-13 22:49:55 +00:00
ngie
7d16d4740d Pull down pjdfstest 0.1
The summary of changes is as follows..

Generic changes::
- Added configure support [2].
- Check for lchmod filesystem support with create_file(..); for
  testcases that require lchmod, skip the testcase -- otherwise
  use chmod directly [1].
- Added Travis CI integration [2].
- Added utimensat testcases [1].

Linux support::
- Fixed Linux support to pass on later supported versions of
  Fedora/Ubuntu [2].
- Conditionally enable posix_fallocate(2) support [2].

OSX support::
- Fixed compilation on OSX [2].
- Added partial OSX support (the test run isn't fully green yet)
  [2].

MFC after:	2 months
Obtained from:	https://github.com/pjd/pjdfstest/tree/0.1
Relnotes:	yes
Submitted by:	asomers [1], ngie [2]
Tested with:	UFS, ZFS
2017-06-28 09:22:45 +00:00
ngie
e3a688bd91 Pull down pjdfstest 0.1
The summary of changes is as follows..

Generic changes::
- Added configure support [2].
- Check for lchmod filesystem support with create_file(..); for
  testcases that require lchmod, skip the testcase -- otherwise
  use chmod directly [1].
- Added Travis CI integration [2].
- Added utimensat testcases [1].

Linux support::
- Fixed Linux support to pass on later supported versions of
  Fedora/Ubuntu [2].
- Conditionally enable posix_fallocate(2) support [2].

OSX support::
- Fixed compilation on OSX [2].
- Added partial OSX support (the test run isn't fully green yet)
  [2].

Obtained from:	https://github.com/pjd/pjdfstest/tree/0.1
Submitted by:	asomers [1], ngie [2]
2017-06-28 08:48:09 +00:00
ngie
b5d7260895 trailing_slash is a TAP-compliant testcase; mark it as such, instead
of calling is a plain testcase.

MFC after:	1 month
2017-06-28 08:29:20 +00:00
ngie
3ecabcede9 Don't hardcode path to file in /tmp; this violates the kyua sandbox
MFC after:	1 month
2017-06-28 08:28:07 +00:00
kib
d7f022a3ab Add abstime kqueue(2) timers and expand struct kevent members.
This change implements NOTE_ABSTIME flag for EVFILT_TIMER, which
specifies that the data field contains absolute time to fire the
event.

To make this useful, data member of the struct kevent must be extended
to 64bit.  Using the opportunity, I also added ext members.  This
changes struct kevent almost to Apple struct kevent64, except I did
not changed type of ident and udata, the later would cause serious API
incompatibilities.

The type of ident was kept uintptr_t since EVFILT_AIO returns a
pointer in this field, and e.g. CHERI is sensitive to the type
(discussed with brooks, jhb).

Unlike Apple kevent64, symbol versioning allows us to claim ABI
compatibility and still name the new syscall kevent(2).  Compat shims
are provided for both host native and compat32.

Requested by:	bapt
Reviewed by:	bapt, brooks, ngie (previous version)
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D11025
2017-06-17 00:57:26 +00:00
jhb
4623d5ec30 Add the ccr0 device to the opencrypto tests against the NIST KAT tests.
The ccr0 device supports both AES and SHA tests.

Sponsored by:	Chelsio Communications
2017-06-08 21:34:54 +00:00
jilles
b11d0b4b3c tests/sys/aio: Add missing mode to open() calls with O_CREAT. 2017-06-04 21:39:37 +00:00
ngie
cdc66979da tests/sys/opencrypto/runtests: apply minor polish to test script
- Refactor kld loading/unloading logic:
-- Use a loop instead of an unrolled one.
-- Check for the module being loaded before trying to load it, to reduce
   noise when loading modules that are already loaded.
-- Don't mute stderr from kldload -- it could be potentially useful to
   the tester.
-- In the event that the test script was terminated early, it would leave
   the modules still attached to the system (which is undesirable).
   Always unload the modules at test end with EXIT/SIGINT/SIGTERM so the
   system is returned to its former operating state as best possible.
   Unload the modules in reverse order, in part for consistency and/or
   dependency reasons.

MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-06-01 19:58:40 +00:00
ngie
5239532a82 Fix up TEST_METADATA
- `TEST_METADATA.foo` should be `TEST_METADATA.run_tests`: this will unbreak
  trying to run the tests on a system without python installed in $PATH.
- The tests require root because they load aesni(4) and/or cryptodev(4) if
  not already loaded.

MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-06-01 19:46:48 +00:00
jhb
417809d404 Honor the requested crid when running a test.
Otherwise, the kernel is free to choose an aribtrary crypto device
rather than the requested device subverting tests that force the use
of a specific device.

MFC after:	1 week
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D10762
2017-06-01 19:27:38 +00:00
ngie
aed6c7c421 Tweak r319058 slightly
- Specify an explicit mode when using O_CREAT per open(2).
- Fix the error message (add missing enclosing parentheses).

Submitted by:	jilles
MFC after:	3 days
MFC with:	r319058
Sponsored by:	Dell EMC Isilon
2017-05-28 17:50:29 +00:00
ngie
33310916fc Send all of data, not just a portion of it
It was sending only a long's worth (4 or 8 bytes) of data previously
(instead of the entire buffer) via send(2).

MFC after:	1 week
Reported by:	Coverity
CID:		1229966, 1229967, 1230004, 1230005
Sponsored by:	Dell EMC Isilon
2017-05-28 09:21:28 +00:00
ngie
009d88d5a7 Initial srv before using it in bind(2)
MFC after:	3 days
Reported by:	Coverity
CID:		1357526
Sponsored by:	Dell EMC Isilon
2017-05-28 09:08:30 +00:00
ngie
b3f130849c Don't leak accept_fd on thread completion
MFC after:	3 days
Reported by:	Coverity
CID:		1296068
Sponsored by:	Dell EMC Isilon
2017-05-28 09:01:58 +00:00
ngie
430dd479b1 Use main(void) instead of main(argc __unused, argv __unused)
MFC after:	3 days
Sponsored by:	Dell EMC Isilon
2017-05-28 08:57:08 +00:00
ngie
ea252998ad Use an exit code of 1 instead of -1 for reasons noted in r319056
MFC after:	3 days
Sponsored by:	Dell EMC Isilon
2017-05-28 08:55:32 +00:00
ngie
ba6949f2bf Create a deterministic file in the kyua sandbox, instead of a
temporary file outside the kyua sandbox

This helps ensure that the file is removed at test exit, and as
a side effect, cures a warning about umasks with Coverity.

MFC after:	3 days
Sponsored by:	Dell EMC Isilon
2017-05-28 08:52:12 +00:00
ngie
8125770ec2 tests/sys/file/ftruncate_test: use an exit code of 1 instead
of -1 with err*(3).

An exit code of -1 is implementation defined -- it's best to stick
with something well-defined (1).

MFC after:	3 days
Sponsored by:	Dell EMC Isilon
2017-05-28 08:46:41 +00:00
asomers
583b66b532 Fix build of AIO tests with -DDEBUG
Also, redefine some constants for clarity.  No functional change.

MFC after:	1 week
2017-05-21 15:37:08 +00:00
ngie
2208486050 sys/fs/tmpfs/vnd_test: make md(4) allocation dynamic
The previous logic was flawed in the sense that it assumed that /dev/md3
was always available. This was a caveat I noted in r306038, that I hadn't
gotten around to solving before now.

Cache the device for the mountpoint after executing mdmfs, then use the
cached value in basic_cleanup(..) when unmounting/disconnecting the md(4)
device.

Apply sed expressions to use reuse logic in the NetBSD code that could
also be applied to FreeBSD, just with different tools.

Differential Revision:	D10766
MFC after:	1 week
Reviewed by:	bdrewery
Sponsored by:	Dell EMC Isilon
2017-05-19 17:14:29 +00:00
markj
c0f92af240 Add a regression test for r318191.
Reviewed by:	badger
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D10684
2017-05-12 18:02:57 +00:00
ngie
6da4d3fdc2 Mark all md tests as requiring unsafe AIO in order to function
These tests have been flapping (failing<->passing) on Jenkins for months.
It passes reliably for me if unsafe AIO is permitted, but it doesn't
pass on Jenkins reliably if unsafe AIO is disabled (the current default).

Mark the tests as requiring unsafe AIO to mitigate the intermittent
failures when unsafe AIO isn't permitted. If the kernel code is changed
to reliably function with md(4) devices using unsafe AIO, this commit can
be reverted.

MFC after:	2 months
PR:		217261
Reported by:	Jenkins
Sponsored by:	Dell EMC Isilon
2017-05-11 08:06:46 +00:00
ngie
86e96123f0 Remove unused constant (PATH_TEMPLATE)
It was made unnecessary in r312913.

MFC after:	3 weeks
MFC with:	r312913
Sponsored by:	Dell EMC Isilon
2017-05-09 20:26:43 +00:00
ngie
3b0e01631c style(9): move function definition curly braces to column 0
MFC after:	3 weeks
Sponsored by:	Dell EMC Isilon
2017-05-09 19:23:14 +00:00
ngie
90ff7650f8 Print out when unsafe AIO is enabled to debugging purposes
MFC after:	3 weeks
Sponsored by:	Dell EMC Isilon
2017-05-09 19:20:02 +00:00
ngie
21bb015fbe Refactor ATF_REQUIRE_UNSAFE_AIO and PLAIN_REQUIRE_UNSAFE_AIO
This is being done to reduce duplication between the two macros.

MFC after:	3 weeks
Sponsored by:	Dell EMC Isilon
2017-05-09 19:16:18 +00:00
ngie
0aeb7ec63b style(9): clean up trailing whitespace
MFC after:	3 weeks
Sponsored by:	Dell EMC Isilon
2017-05-09 18:54:35 +00:00
markj
ee14be16ad Add regression tests for r317712 and r306743.
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2017-05-02 23:31:39 +00:00
brooks
49410d83f1 Don't pass size_t arguments to setsockopt(SO_SNDBUF/SO_RCVBUF).
These command take an int. The tests work by accident on little-endian,
64-bit systems.

PR:		218919
Tested with:	qemu-cheri and CheriBSD built for mips64
Reviewed by:	asomers, ngie
Obtained from:	CheriBSD
MFC after:	1 week
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D10518
2017-04-28 17:58:15 +00:00
tuexen
ab274c9d96 armv8 has support for optional CRC32C instructions. This patch checks if they are
available and if that is true make use of them.
Thank you very much to Andrew Turner for providing help and review the patch!
Reviewed by:		andrew
MFC after:		1 week
Differential Revision:	https://reviews.freebsd.org/D10499
2017-04-27 17:53:05 +00:00
bde
5011ba5780 Remove the unportable -msse4 here too after fixing crc32_sse42.c to not
depend on it.  This should have been part of r315983.
2017-04-02 09:24:58 +00:00
asomers
580f71232e Fix back-to-back runs of sys/netinet/fibs_test;slaac_on_nondefault_fib6
This test was failing if run twice because rtadvd takes too long to die.
The rtadvd process from the first run was still running when the
second run created its interfaces.  The solution is to use SIGKILL during
the cleanup instead of SIGTERM so rtadvd will die faster.

While I'm here, randomize the addresses used for the test, which makes bugs
like this easier to spot, and fix the cleanup order to be the opposite of
the setup order

PR:		217871
MFC after:	18 days
X-MFC-With:	315458
Sponsored by:	Spectra Logic Corp
2017-03-20 23:07:34 +00:00
badger
cd377aa0d4 ptrace_test: eliminate assumption about thread scheduling
A couple of the ptrace tests make assumptions about which thread in a
multithreaded process will run after a halt. This makes the tests less
portable across branches, and susceptible to future breakage. Instead,
twiddle thread scheduling and priorities to match the tests'
expectation.

X-MFC with:	r313992
Sponsored by:	Dell EMC
2017-03-18 15:25:51 +00:00
asomers
d1b74add9a Constrain IPv6 routes to single FIBs when net.add_addr_allfibs=0
sys/netinet6/icmp6.c
	Use the interface's FIB for source address selection in ICMPv6 error
	responses.

sys/netinet6/in6.c
	In in6_newaddrmsg, announce arrival of local addresses on the
	interface's FIB only.  In in6_lltable_rtcheck, use a per-fib ND6
	cache instead of a single cache.

sys/netinet6/in6_src.c
	In in6_selectsrc, use the caller's fib instead of the default fib.
	In in6_selectsrc_socket, remove a superfluous check.

sys/netinet6/nd6.c
	In nd6_lle_event, use the interface's fib for routing socket
	messages.  In nd6_is_new_addr_neighbor, check all FIBs when trying
	to determine whether an address is a neighbor.  Also, simplify the
	code for point to point interfaces.

sys/netinet6/nd6.h
sys/netinet6/nd6.c
sys/netinet6/nd6_rtr.c
	Make defrouter_select fib-aware, and make all of its callers pass in
	the interface fib.

sys/netinet6/nd6_nbr.c
	When inputting a Neighbor Solicitation packet, consider the
	interface fib instead of the default fib for DAD.  Output NS and
	Neighbor Advertisement packets on the correct fib.

sys/netinet6/nd6_rtr.c
	Allow installing the same host route on different interfaces in
	different FIBs.  If rt_add_addr_allfibs=0, only install or delete
	the prefix route on the interface fib.

tests/sys/netinet/fibs_test.sh
	Clear some expected failures, but add a skip for the newly revealed
	BUG217871.

PR:		196361
Submitted by:	Erick Turnquist <jhujhiti@adjectivism.org>
Reported by:	Jason Healy <jhealy@logn.net>
Reviewed by:	asomers
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D9451
2017-03-17 16:50:37 +00:00
badger
643b691b05 Don't clear p_ptevents on normal SIGKILL delivery
The ptrace() user has the option of discarding the signal. In such a
case, p_ptevents should not be modified. If the ptrace() user decides to
send a SIGKILL, ptevents will be cleared in ptracestop(). procfs events
do not have the capability to discard the signal, so continue to clear
the mask in that case.

Reviewed by:	jhb (initial revision)
MFC after:	1 week
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D9939
2017-03-16 13:03:31 +00:00
glebius
f5795dcff8 Fix buildworld broken in r315230 when /sys doesn't point into a right
source tree.  Usage of SYSDIR is apparently wrong here.

Discussed with:	allanjude
2017-03-15 05:31:02 +00:00
ngie
6d8054dce0 Move .../sys/geom/eli/pbkdf2... to .../sys/geom/class/eli/...
This change moves the tests added in r313962 to an existing directory
structure used by the geli TAP tests. It also, renames the test from
pbkdf2 to pbkdf2_test .

The changes to ObsoleteFiles.inc are being committed separately as they
aren't needed for the MFC to ^/stable/11, etc, if the MFC for the tests
is done all in one commit.

MFC after:	2 weeks
X-MFC with:	r313962, r313972-r313973
Reviewed by:	allanjude
Sponsored by:	Dell EMC Isilon
Differential Revision:	D9985
2017-03-14 07:00:22 +00:00
badger
320c52139d don't stop in issignal() if P_SINGLE_EXIT is set
Suppose a traced process is stopped in ptracestop() due to receipt of a
SIGSTOP signal, and is awaiting orders from the tracing process on how
to handle the signal. Before sending any such orders, the tracing
process exits. This should kill the traced process. But suppose a second
thread handles the SIGKILL and proceeds to exit1(), calling
thread_single(). The first thread will now awaken and will have a chance
to check once more if it should go to sleep due to the SIGSTOP.  It must
not sleep after P_SINGLE_EXIT has been set; this would prevent the
SIGKILL from taking effect, leaving a stopped orphan behind after the
tracing process dies.

Also add new tests for this condition.

Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D9890
2017-03-07 13:41:01 +00:00
asomers
45e7fcc9fc Add an ATF test for IPv6 SLAAC with multiple fibs
Tests that an interface can get a SLAAC address and that it inserts its
routes into the correct fib. Does not test anything to do with NDP.

PR:		196361
Reviewed by:	Erick Turnquist <jhujhiti@adjectivism.org>
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D9776
2017-03-01 00:28:04 +00:00
badger
33d41cecb4 Actually fix buildworlds other than i386/amd64/sparc64 after r313992
Disable offending test for platforms without a userspace visible
breakpoint().

Reported by:	rpokala
Approved by:	vangyzen (mentor)
2017-02-23 04:26:17 +00:00
asomers
bca2692be0 Remove tests/sys/netinet/fibs_tests's dependency on net/socat
Instead of bridging two tap interfaces with socat, just use an epair pair.

MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-02-22 23:57:22 +00:00
badger
369cadaf7d Fix world build for archs where __builtin_debugtrap() does not work.
The offending code was introduced in r313992.

Reported by:	rpokala
Approved by:	kib (mentor)
2017-02-22 04:35:07 +00:00
asomers
f8b3fe6dac Improve pjdfstest run instructions
In the Kyua era, it's no longer necessary to set PJDFSTEST_TEST_PATH.  Just
use TMPDIR instead.

Reviewed by:	ngie
MFC after:	3 weeks
Relnotes:	yes
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D9340
2017-02-21 21:01:01 +00:00
badger
dac7240a4b Defer ptracestop() signals that cannot be delivered immediately
When a thread is stopped in ptracestop(), the ptrace(2) user may request
a signal be delivered upon resumption of the thread. Heretofore, those signals
were discarded unless ptracestop()'s caller was issignal(). Fix this by
modifying ptracestop() to queue up signals requested by the ptrace user that
will be delivered when possible. Take special care when the signal is SIGKILL
(usually generated from a PT_KILL request); no new stop events should be
triggered after a PT_KILL.

Add a number of tests for the new functionality. Several tests were authored
by jhb.

PR:		212607
Reviewed by:	kib
Approved by:	kib (mentor)
MFC after:	2 weeks
Sponsored by:	Dell EMC
In collaboration with:	jhb
Differential Revision:	https://reviews.freebsd.org/D9260
2017-02-20 15:53:16 +00:00
ngie
fdb26eba34 A forced commit to note other portion of the Makefile change accidentally
committed in r313972

The code committed in r313962 implicitly relies on python 2.x to generate
testvect.h . There are a handful of issues with this approach:

- python is not an explicit build dependency for FreeBSD
- python 2.x is deprecated and will be removed sometime in the future
  (potentially before 11.x's EOL), and the script does not function with
  python 3.5 (it uses deprecated idioms and incompatible function calls).
- python(1) (by default) lives in /usr/local/bin (${LOCALBASE}/bin) and
  gentestvect.py is a dependency of testvect.h (prior to r313972) which
  means that if the mtime of the generator script was newer than the
  mtime of the test vector, it could cause a spurious build failure in
  build time or at install time.

A better solution using C/C++ should be devised.

Discussed with:	allanjude
MFC after:	2 weeks
X-MFC with:	r313962, r313972
Sponsored by:	Dell EMC Isilon
2017-02-19 22:00:11 +00:00
ngie
5e41217761 Unbreak the build when "make obj" is executed beforehand
Using relative paths imply working directory (in this case .OBJDIR), whereas the
sources live in the .CURDIR-relative path.

MFC after:	2 weeks
X-MFC with:	r313962
Pointyhat to:	allanjude
Sponsored by:	Dell EMC Isilon
2017-02-19 21:19:44 +00:00
allanjude
8557f8f2df improve PBKDF2 performance
The PBKDF2 in sys/geom/eli/pkcs5v2.c is around half the speed it could be

GELI's PBKDF2 uses a simple benchmark to determine a number of iterations
that will takes approximately 2 seconds. The security provided is actually
half what is expected, because an attacker could use the optimized
algorithm to brute force the key in half the expected time.

With this change, all newly generated GELI keys will be approximately 2x
as strong. Previously generated keys will talk half as long to calculate,
resulting in faster mounting of encrypted volumes. Users may choose to
rekey, to generate a new key with the larger default number of iterations
using the geli(8) setkey command.

Security of existing data is not compromised, as ~1 second per brute force
attempt is still a very high threshold.

PR:		202365
Original Research:	https://jbp.io/2015/08/11/pbkdf2-performance-matters/
Submitted by:	Joe Pixton <jpixton@gmail.com> (Original Version), jmg (Later Version)
Reviewed by:	ed, pjd, delphij
Approved by:	secteam, pjd (maintainer)
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D8236
2017-02-19 19:30:31 +00:00
ngie
c53ec42fb1 Revert r313565 -- :mmap__bad_arguments passes again after r313655
PR:		216976
Sponsored by:	Dell EMC Isilon
2017-02-11 20:31:57 +00:00
ngie
05ba5b51dd Expect :mmap__bad_arguments to fail
Some recent changes to vm related to mmap(2) have broken the prot checks that
would result with an EINVAL with this case

I suspect r313352 is the root-cause the issue

PR:		216976
Sponsored by:	Dell EMC Isilon
2017-02-10 19:31:09 +00:00
ngie
951d93bc4b MFhead@r313398 2017-02-07 18:47:16 +00:00
asomers
e9a823d18f Add fibs_test:udp_dontroute6, another IPv6 multi-FIB test
PR:		196361
MFC after:	3 weeks
Sponsored by:	Spectra Logic Corp
2017-02-07 17:40:59 +00:00
ngie
c37f8bf073 MFhead@r313243 2017-02-04 18:06:09 +00:00
ngie
95fca9ca4d Replace for/retry loops with "wait_for_ggate_device" calls and check
results of commands

As noted in r313008, the underlying issue was that geom_gate device
creation wasn't created at ggatel command completion, but some short
time after. ggatec(8) employs similar logic when creating geom_gate(4)
devices.

Switch from retry loops (after the ggatec/dd write calls) to
wait_for_ggate_device function calls after calling ggatec(8) instead
to detect the presence of the /dev/ggate* device, as this function is
sufficient for determining whether or not the character device is ready
for testing

While here, use atf_check consistently with all dd calls to ensure that
data output is as expected.

MFC after:	1 week
Reviewed by:	asomers
Differential Revision:	D9409
Sponsored by:	Dell EMC Isilon
2017-02-02 03:54:43 +00:00
asomers
3380ea42e2 Add tests for multi-fib IPv6 routing
PR:		196361
Submitted by:	jhujhiti@adjectivism.org
Reported by:	Jason Healy <jhealy@logn.net>
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
2017-01-31 20:13:50 +00:00
ngie
775bfca1a6 Wait for /dev/ggate* to appear after calling ggatel create in :ggatel_{file,md}
The test assumed that `ggatel create` created a device on completion, but that's
incorrect. This squashes the race by waiting for the device to appear, as
`ggatel create` daemonizes before issuing an ioctl to geom_gate(4) if not called
with `-v`.

Discussed with:	asomers
MFC after:	1 week
PR:		204616
Sponsored by:	Dell EMC Isilon
2017-01-31 06:12:51 +00:00