Commit Graph

589 Commits

Author SHA1 Message Date
pjd
d234541bc6 Implement tests for online expansion:
- init, init -R
- onetime, onetime -R
- 512 and 4k sectors
- encryption only
- encryption and authentication
- configure -r/-R for detached providers
- configure -r/-R for attached providers
- all keys allocated (10, 20 and 30MB provider sizes)
- keys allocated on demand (10, 20 and 30PB provider sizes)
- reading and writing to provider after expansion (10-30MB only)
- checking if metadata in old location is cleared.

Obtained from:	Fudo Security
2019-04-04 00:05:36 +00:00
pjd
aeaac96387 Update configure tests after addition of the online expansion.
Obtained from:	Fudo Security
2019-04-03 23:58:58 +00:00
ngie
631df11d04 Integrate capsicum-test into the FreeBSD test suite
This change takes capsicum-test from upstream and applies some local changes to make the
tests work on FreeBSD when executed via Kyua.

The local modifications are as follows:
1. Make `OpenatTest.WithFlag` pass with the new dot-dot lookup behavior in FreeBSD 12.x+.
2. capsicum-test references a set of helper binaries: `mini-me`, `mini-me.noexec`, and
   `mini-me.setuid`, as part of the execve/fexecve tests, via execve, fexecve, and open.
   It achieves this upstream by assuming `mini-me*` is in the current directory, however,
   in order for Kyua to execute `capsicum-test`, it needs to provide a full path to
   `mini-me*`. In order to achieve this, I made `capsicum-test` cache the executable's
   path from argv[0] in main(..) and use the cached value to compute the path to
   `mini-me*` as part of the execve/fexecve testcases.
3. The capsicum-test test suite assumes that it's always being run on CAPABILITIES enabled
   kernels. However, there's a chance that the test will be run on a host without a
   CAPABILITIES enabled kernel, so we must check for the support before running the tests.
   The way to achieve this is to add the relevant `feature_present("security_capabilities")`
   check to SetupEnvironment::SetUp() and skip the tests when the support is not available.
   While here, add a check for `kern.trap_enotcap` being enabled. As noted by markj@ in
   https://github.com/google/capsicum-test/issues/23, this sysctl being enabled can trigger
   non-deterministic failures. Therefore, the tests should be skipped if this sysctl is
   enabled.

All local changes have been submitted to the capsicum-test project
(https://github.com/google/capsicum-test) and are in various stages of review.
Please see the following pull requests for more details:
1. https://github.com/google/capsicum-test/pull/35
2. https://github.com/google/capsicum-test/pull/41
3. https://github.com/google/capsicum-test/pull/42

Reviewed by:	asomers
Discussed with:	emaste, markj
Approved by:	emaste (mentor)
MFC after:	2 months
Differential Revision: https://reviews.freebsd.org/D19758
2019-04-01 21:24:50 +00:00
olivier
9c3e2dda27 Fix and simplify code by using ATF_REQUIRE_FEATURE macro
PR:		236857
Reviewed by:	asomers, ngie
Approved by:	emaste
MFC after:	 1 month
Sponsored by:	Netflix
2019-04-01 14:21:32 +00:00
olivier
8b55800190 Skip test if feature security_capabilities is not available
PR:		236863
Approved by:	asomers
MFC after:	1 month
Sponsored by:	Netflix
2019-03-29 08:43:21 +00:00
olivier
bd3bd9d6be Skip this test if if_tap module is not available
PR:		236842
Approved by:	asomers
MFC after:	1 month
Sponsored by:	Netflix
2019-03-28 16:17:33 +00:00
kp
0d79d351f8 pf tests: Fix accidental duplication of content
Also use the correct name for the scapy test script.
2019-03-23 01:07:51 +00:00
kp
d77cb4a022 pf tests: Test CVE-2019-5598
Verify that pf correctly drops inconsistent ICMP packets (i.e. where the
IP src/dst do not match the IP src/dst in the ICMP packet.
2019-03-22 07:39:28 +00:00
kp
360df528a0 pf tests: Move Sniffer to its own file
Make it easier to re-use the sniffer class in other test support
scripts.
2019-03-21 08:15:46 +00:00
vmaffione
3d80c6291b netmap: update unit tests
Revision r345269 introduced changes that triggered a regression on netmap
unit tests (tests/sys/netmap/ctrl-api-test.c).
This change updates the unit tests to remove the regression.

Reported by:	lwhsu
MFC after:	2 weeks
Differential Revision:	https://reviews.freebsd.org/D19639
2019-03-20 10:36:58 +00:00
ngie
1e528cab57 Remove duplicate ${PACKAGE}FILES+= cleanup.ksh line
This mutes the duplicate target warning emitted via bsd.files.mk each build.

MFC after:	1 week
Reviewed by:	asomers
Approved by:	emaste (mentor)
Differential Revision: https://reviews.freebsd.org/D19603
2019-03-16 03:37:47 +00:00
asomers
80fa2e20e7 Drop "All rights reserved" from the files I own
Also, add SPDX tags where needed.

MFC after:	2 weeks
2019-03-11 22:23:56 +00:00
kp
c225ffd5c2 pf tests: Accelerate tests
Make the tests run slightly faster by having pft_ping.py end the capture
of packets as soon as it sees the expected packet, rather than
continuing to sniff.

MFC after:	2 weeks
2019-03-07 11:09:29 +00:00
jhb
ae6222b0c3 Drop "All rights reserved" from my copyright statements.
Reviewed by:	rgrimes
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D19485
2019-03-06 22:11:45 +00:00
kp
feb08f9e39 tun tests: Test renaming and destroying a tun interface in a vnet jail
There was a problem destroying renamed tun interfaces in vnet jails. This was
fixed in r344794. Test the previously failing scenario.

PR:		235704
MFC after:	2 weeks
2019-03-05 15:49:30 +00:00
kp
52782f6841 tests: Move common (vnet) test functions into a common file
The netipsec and pf tests have a number of common test functions. These
used to be duplicated, but it makes more sense for them to re-use the
common functions.

PR:		236223
2019-03-04 18:15:06 +00:00
kp
0f18144f2d pf tests: Test for nested inline anchor issue
PR:		196314
MFC after:	1 week
2019-03-02 12:30:59 +00:00
kp
bd8ba96fed pf tests: Test CVE-2019-5597
Generate a fragmented packet with different header chains, to provoke
the incorrect behaviour of pf.
Without the fix this will trigger a panic.

Obtained from:	Corentin Bayet, Nicolas Collignon, Luca Moro at Synacktiv
2019-03-01 07:39:55 +00:00
andrew
27723fd7ce Allow the kcov buffer to be mmaped multiple times.
After r344391 this restriction is no longer needed.

Sponsored by:	DARPA, AFRL
2019-02-21 10:11:15 +00:00
andrew
ccea7c15ea Use KCOV_ENTRY_SIZE for the entry size.
Previously it was sizeof(uint64_t). While this is currently true, it may
not be on all future architectures.

Sponsored by:	DARPA, AFRL
2019-02-21 09:43:14 +00:00
kp
bb8bc10cc7 pf tests: Check size validation in DIOCGETSRCNODES
Ensure that invalid sizes for DIOCGETSRCNODES do not cause panics.

MFC after:	 1 week
2019-01-22 02:56:36 +00:00
kp
81f4cf95db pf tests: Test PR 229241
pfctl has an issue with 'set skip on <group>', which causes inconsistent
behaviour: the set skip directive works initially, but does not take
effect when the same rules are re-applied.

PR:		229241
MFC after:	1 week
2019-01-13 05:31:53 +00:00
andrew
5b54ed3f37 Temporarily disable the kcov tests. Not all architectures have
atomic_store_64 and atomic_store_64.

Sponsored by:	DARPA, AFRL
2019-01-12 11:50:39 +00:00
andrew
5e0e456d9f Add support for the Clang Coverage Sanitizer in the kernel (KCOV).
When building with KCOV enabled the compiler will insert function calls
to probes allowing us to trace the execution of the kernel from userspace.
These probes are on function entry (trace-pc) and on comparison operations
(trace-cmp).

Userspace can enable the use of these probes on a single kernel thread with
an ioctl interface. It can allocate space for the probe with KIOSETBUFSIZE,
then mmap the allocated buffer and enable tracing with KIOENABLE, with the
trace mode being passed in as the int argument. When complete KIODISABLE
is used to disable tracing.

The first item in the buffer is the number of trace event that have
happened. Userspace can write 0 to this to reset the tracing, and is
expected to do so on first use.

The format of the buffer depends on the trace mode. When in PC tracing just
the return address of the probe is stored. Under comparison tracing the
comparison type, the two arguments, and the return address are traced. The
former method uses on entry per trace event, while the later uses 4. As
such they are incompatible so only a single mode may be enabled.

KCOV is expected to help fuzzing the kernel, and while in development has
already found a number of issues. It is required for the syzkaller system
call fuzzer [1]. Other kernel fuzzers could also make use of it, either
with the current interface, or by extending it with new modes.

A man page is currently being worked on and is expected to be committed
soon, however having the code in the kernel now is useful for other
developers to use.

[1] https://github.com/google/syzkaller

Submitted by:	Mitchell Horne <mhorne063@gmail.com> (Earlier version)
Reviewed by:	kib
Testing by:	tuexen
Sponsored by:	DARPA, AFRL
Sponsored by:	The FreeBSD Foundation (Mitchell Horne)
Differential Revision:	https://reviews.freebsd.org/D14599
2019-01-12 11:21:28 +00:00
vmaffione
ea16920435 netmap: unit tests: fix issues found by coverity scan
Reported by:	asomers
MFC after:	1 week
Sponsored by:	Sunny Valley Networks
2019-01-03 16:47:05 +00:00
vmaffione
4ce881ef0f netmap: fix warnings on unit tests
Fix some printf() format string warnings raised for ctrl-api-test.c
on some architectures.

MFC after:	1 week
Sponsored by:	Sunny Valley Networks
2018-12-31 12:07:17 +00:00
vmaffione
43378dbe9e netmap: add suite of unit tests
Import the unit tests from upstream (https://github.com/luigirizzo/netmap
ba02539859d46d33), and make them ready for use with Kyua.
There are currently 38 regression tests, which test the kernel control ABI
exposed by netmap to userspace applications:

  1: test for port info get
  2-5: tests for basic port registration
  6-9: tests for VALE
  10-11: tests for getting netmap allocator info
  12-15: tests for netmap pipes
  16: test on polling mode
  17-18: tests on options
  19-27: tests for sync-kloop subsystem
  28-39: tests for null ports
  31-38: tests for the legacy NIOCREGIF registers

Reviewed by:	ngie
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D18490
2018-12-31 11:17:58 +00:00
asomers
4eb45cfa55 Conditionalize installtion audit(4) tests on MK_AUDIT
MK_AUDIT already controls auditd(8), praudit(1), etc.  It should also control
the audit test suite.

Submitted by:	ngie
MFC after:	2 weeks
Pull Request:	https://github.com/freebsd/freebsd/pull/240
2018-12-17 18:35:32 +00:00
asomers
bfafcf0198 audit(4) tests: require /etc/rc.d/auditd
These tests should be skipped if /etc/rc.d/auditd is missing, which could be
the case if world was built with WITHOUT_AUDIT set.  Also, one test case
requires /etc/rc.d/accounting.

Submitted by:	ngie
MFC after:	2 weeks
Pull Request:	https://github.com/freebsd/freebsd/pull/240
2018-12-17 18:11:06 +00:00
kp
e7029bf4d7 pf tests: Basic rdr test
MFC after:	2 weeks
2018-12-12 20:19:56 +00:00
kp
c3c90bab84 pf tests: NAT exhaustion test
It's been reported that pf doesn't handle running out of available ports
for NAT correctly. It freezes until a state expires and it can find a
free port.
Test for this, by setting up a situation where only two ports are
available for NAT and then attempting to create three connections.

If successful the third connection will fail immediately. In an
incorrect case the connection attempt will freeze, also freezing all
interaction with pf through pfctl and trigger timeout.

PR:		233867
MFC after:	2 weeks
2018-12-12 20:19:18 +00:00
kp
8908e9bc5d pf tests: Use the ATF cleanup infrastructure in the ioctl tests
Use ATF_TC_CLEANUP(), because that means the cleanup code will get
called even if a test fails. Before it would only be executed if every
test within the body succeeded.

Reported by:	Marie Helene Kvello-Aune <marieheleneka@gmail.com>
MFC after:	2 weeks
2018-12-11 21:49:13 +00:00
kp
3a9dd6df3a pf tests: ioctl tests require root rights
Explicitly mark these tests as requiring root rights. We need to be able
to open /dev/pf.

Reported by:	Marie Helene Kvello-Aune <marieheleneka@gmail.com>
MFC after:	2 weeks
2018-12-11 21:45:56 +00:00
jhb
7b28e77e79 Don't report stale signal information for non-signal events in ptrace_lwpinfo.
Once a signal's siginfo was copied to 'td_si' as part of the signal
exchange in issignal(), it was never cleared.  This caused future
thread events that are reported as SIGTRAP events without signal
information to report the stale siginfo in 'td_si'.  For example, if a
debugger created a new process and used SIGSTOP to stop it after
PT_ATTACH, future system call entry / exit events would set PL_FLAG_SI
with the SIGSTOP siginfo in pl_siginfo.  This broke 'catch syscall' in
current versions of gdb as it assumed PL_FLAG_SI with SIGTRAP
indicates a breakpoint or single step trap.

Reviewed by:	kib
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D18487
2018-12-10 19:39:24 +00:00
cem
42d84ef531 gmirror: Evaluate mirror components against newest metadata copy
Re-apply r341665 with format strings fixed.

If we happen to taste a stale mirror component first, don't reject valid,
newer components that have differing metadata from the stale component
(during STARTING).  Instead, update our view of the most recent metadata as
we taste components.

Like mediasize beforehand, remove some checks from g_mirror_check_metadata
which would evict valid components due to metadata that can change over a
mirror's lifetime.  g_mirror_check_metadata is invoked long before we check
genid/syncid and decide which component(s) are newest and whether or not we
have quorum.

Before checking if we can enter RUNNING (i.e., we have quorum) after a NEW
component is added, first remove any known stale or inconsistent disks from
the mirrorset, rather than removing them *after* deciding we have quorum.
Check if we have quorum after removing these components.

Additionally, add a knob, kern.geom.mirror.launch_mirror_before_timeout, to
force gmirrors to wait out the full timeout (kern.geom.mirror.timeout)
before transitioning from STARTING to RUNNING.  This is a kludge to help
ensure all eligible, boot-time available mirror components are tasted before
RUNNING a gmirror.

Add a basic test case for STARTING -> RUNNING startup behavior around stale
genids.

PR:		232671, 232835
Submitted by:	Cindy Yang <cyang AT isilon.com> (previous version)
Reviewed by:	markj (kernel portions)
Discussed with:	asomers, Cindy Yang
Tested by:	pho
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D18062
2018-12-07 02:44:04 +00:00
cem
a6f65b4008 Revert r341665 due to tinderbox breakage
I didn't notice that some format strings were non-portable.  Will fix and
re-commit later.
2018-12-07 00:47:05 +00:00
asomers
aa7e1df44f geom tests: Fix cleanup of ATF tests since r341392
r341392 changed common test cleanup routines in a way that allowed them to
be used by TAP tests as well as ATF tests.  However, a late change made
during code review resulted in cleanup being broken for ATF tests, which
source geom_subr.sh separately during the body and cleanup phases of the
test.  The result was that md(4) devices wouldn't get cleaned up.

MFC after:	2 weeks
X-MFC-With:	341392
2018-12-07 00:27:38 +00:00
cem
0b3fcef470 gmirror: Evaluate mirror components against newest metadata copy
If we happen to taste a stale mirror component first, don't reject valid,
newer components that have differing metadata from the stale component
(during STARTING).  Instead, update our view of the most recent metadata as
we taste components.

Like mediasize beforehand, remove some checks from g_mirror_check_metadata
which would evict valid components due to metadata that can change over a
mirror's lifetime.  g_mirror_check_metadata is invoked long before we check
genid/syncid and decide which component(s) are newest and whether or not we
have quorum.

Before checking if we can enter RUNNING (i.e., we have quorum) after a NEW
component is added, first remove any known stale or inconsistent disks from
the mirrorset, rather than removing them *after* deciding we have quorum.
Check if we have quorum after removing these components.

Additionally, add a knob, kern.geom.mirror.launch_mirror_before_timeout, to
force gmirrors to wait out the full timeout (kern.geom.mirror.timeout)
before transitioning from STARTING to RUNNING.  This is a kludge to help
ensure all eligible, boot-time available mirror components are tasted before
RUNNING a gmirror.

When we are instructed to forget mirror components, bump the generation id
to avoid confusion with such stale components later.

Add a basic test case for STARTING -> RUNNING startup behavior around stale
genids.

PR:		232671, 232835
Submitted by:	Cindy Yang <cyang AT isilon.com> (previous version)
Reviewed by:	markj (kernel portions)
Discussed with:	asomers, Cindy Yang
Tested by:	pho
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D18062
2018-12-06 23:55:39 +00:00
lwhsu
09d6200305 Temporarily skip flakey test cases
PR:		233586, 233587, 233588
Approved by:	markj (mentor)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D18362
2018-12-06 09:22:35 +00:00
kp
6ef4e21620 pf tests: Add a defer mode test for pfsync
Repeat the pfsync test, this time with the 'defer' option enabled. This
exercises slightly different code paths.
2018-12-05 19:53:09 +00:00
asomers
65c58625fe Unbreak geli/gmirror testcases if their geom classes cannot be loaded
The problem with the logic prior to this commit was twofold:

1. The wrong set of idioms (TAP-compatible) were being applied to the ATF
   testcases when run, resulting in confusing ATF failure results on setup.
2. The cleanup subroutines were broken when the geom classes could not be
   loaded as they exited with 0 unexpectedly.

This commit changes the test code to source the class-specific configuration
(conf.sh) once globally, instead of sourcing it per testcase and per cleanup
subroutine, and to call the ATF-specific setup subroutine(s) inline in
the testcases.

The refactoring done is effectively a no-op for the TAP testcases, modulo
any refactoring done to create common code between the ATF and TAP
testcases.

This unbreaks the geli testcases converted to ATF in r327662 and r327683,
and the gmirror testcases added in r327780, respectively, when the geom
class could not be loaded.

tests/sys/geom/class/mirror/...
    While here, ignore errors when turning debug failpoint sysctl off, which
    could occur if the gmirror class was not loaded.

Submitted by:	ngie
MFC after:	2 weeks
Pull Request:	https://github.com/freebsd/freebsd/pull/241
2018-12-02 05:06:37 +00:00
asomers
55507fde79 Remove some dead code from the geli tests
This is detritus in the Makefile, leftover from 327662.

MFC after:	2 weeks
2018-12-02 00:41:43 +00:00
kp
f425577a00 pf tests: Test name handling
Provoke a situation where two interfaces have the same name, and verify
pf's reaction to this.
2018-12-01 09:59:32 +00:00
kp
80691af7cb pf tests: Make pass_block:noalias more robust
Send several ICMPv6 echo requests. We've seen occasional failures with a
single request.
2018-12-01 09:57:29 +00:00
vangyzen
1aac8e96bf Maybe make gcc happy
According to Jenkins, the GCC architectures were unhappy because:

    sigaltstack.c:82: warning: missing initializer
    sigaltstack.c:82: warning: (near initialization for 'oss.ss_size')

MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
2018-11-30 23:47:57 +00:00
vangyzen
0e4f4afae7 Fix reporting of SS_ONSTACK
Fix reporting of SS_ONSTACK in nested signal delivery when sigaltstack()
is used on some architectures.

Add a unit test for this.  I tested the test by introducing the bug
on amd64.  I did not test it on other architectures.

Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D18347
2018-11-30 22:44:33 +00:00
dab
70b242654b Make whitespace more consistent in libkqueue tests.
After r337820, which "corrected" some spaces-instead-of-tab whitespace
issues in the libkqueue tests, jmg@ pointed out that these files were
originally space-based, not tab-spaced, and so the correction should
have been to get rid of the tabs that had been introduced in previous
changes, not the spaces. This change does that. This is a whitespace
only change; no functional change is intended.

Reported by:	jmg@
MFC after:	3 days
Sponsored by:	Dell EMC Isilon
2018-11-27 15:12:34 +00:00
markj
81f4a1fb2e Plug a trivial memory leak.
CID:		1396911
MFC with:	r340485
2018-11-20 18:13:18 +00:00
markj
34c30ad92b Add regression tests for r340313 and r340483.
Reviewed by:	emaste
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D17926
2018-11-16 19:04:12 +00:00
markj
aefb48b872 Rename the SO_REUSEPORT_LB test file to be consistent with other tests.
MFC after:	1 week
2018-11-16 18:59:58 +00:00