On Wed, 2024-02-07 at 22:18 -0500, Paul Moore wrote:
> On Jan 15, 2024 Roberto Sassu wrote:
> >
> > IMA and EVM are not effectively LSMs, especially due to the fact that in
> > the past they could not provide a security blob while there is another LSM
> > active.
> >
> > That changed in the rece
This series adds the missing cache flush and dirty track set for nested
parent domain (it's s2_domain but used as parent) which has no insight
into devices/DID's under the nested domain (a.k.a s1_domain). This
results in missing cache flush per parent domain change and incomplete
dirty tracking set
Today the parent domain (s2_domain) is unaware of which DID's are
used by and which devices are attached to nested domains (s1_domain)
nested on it. This leads to a problem that some operations (flush
iotlb/devtlb and enable dirty tracking) on parent domain only apply to
DID's and devices directly
Add __iommu_flush_iotlb_psi() to do the psi iotlb flush with a DID input
rather than calculating it within the helper.
This is useful when flushing cache for parent domain which reuses DIDs of
its nested domains.
Signed-off-by: Yi Liu
---
drivers/iommu/intel/iommu.c | 79 +--
If a domain is used as the parent in nested translation its mappings might
be cached using DID of the nested domain. But the existing code ignores
this fact to only invalidate the iotlb entries tagged by the domain's own
DID.
Loop the s1_domains list, if any, to invalidate all iotlb entries relate
Should call domain_update_iotlb() to update the has_iotlb_device flag
of the domain after attaching device to nested domain. Without it, this
flag is not set properly and would result in missing device TLB flush.
Fixes: 9838f2bb6b6b ("iommu/vt-d: Set the nested domain to a device")
Signed-off-by:
ATS-capable devices cache the result of nested translation. This result
relies on the mappings in s2 domain (a.k.a. parent). When there are
modifications in the s2 domain, the related nested translation caches on
the device should be flushed. This includes the devices that are attached
to the s1 do
The only usage of input @domain is to get the domain id (DID) to flush
cache after setting dirty tracking. However, DID can be obtained from
the pasid entry. So no need to pass in domain. This can make this helper
cleaner when adding the missing dirty tracking for the parent domain,
which needs to
Add device_set_dirty_tracking() to loop all the devices and set the dirty
tracking per the @enable parameter.
Signed-off-by: Yi Liu
---
drivers/iommu/intel/iommu.c | 32 +---
1 file changed, 21 insertions(+), 11 deletions(-)
diff --git a/drivers/iommu/intel/iommu.c b
Setting dirty tracking for a s2 domain requires to loop all the related
devices and set the dirty tracking enable bit in the PASID table entry.
This includes the devices that are attached to the nested domains of a
s2 domain if this s2 domain is used as parent. However, the existing dirty
tracking
> From: Liu, Yi L
> Sent: Thursday, February 8, 2024 4:23 PM
>
> static void intel_nested_domain_free(struct iommu_domain *domain)
> {
> + struct dmar_domain *dmar_domain = to_dmar_domain(domain);
> + struct dmar_domain *s2_domain = dmar_domain->s2_domain;
> +
> + spin_lock(&s2_doma
> From: Liu, Yi L
> Sent: Thursday, February 8, 2024 4:23 PM
>
> Add __iommu_flush_iotlb_psi() to do the psi iotlb flush with a DID input
> rather than calculating it within the helper.
>
> This is useful when flushing cache for parent domain which reuses DIDs of
> its nested domains.
>
> Signe
> From: Liu, Yi L
> Sent: Thursday, February 8, 2024 4:23 PM
>
> +/*
> + * Flush the relevant caches in nested translation if the domain
> + * also serves as a parent
> + */
> +static void parent_domain_flush(struct dmar_domain *domain,
> + unsigned long pfn,
> +
> From: Liu, Yi L
> Sent: Thursday, February 8, 2024 4:23 PM
>
> Should call domain_update_iotlb() to update the has_iotlb_device flag
> of the domain after attaching device to nested domain. Without it, this
> flag is not set properly and would result in missing device TLB flush.
>
> Fixes: 983
> From: Liu, Yi L
> Sent: Thursday, February 8, 2024 4:23 PM
>
> ATS-capable devices cache the result of nested translation. This result
> relies on the mappings in s2 domain (a.k.a. parent). When there are
> modifications in the s2 domain, the related nested translation caches on
> the device sh
> From: Liu, Yi L
> Sent: Thursday, February 8, 2024 4:23 PM
>
> The only usage of input @domain is to get the domain id (DID) to flush
> cache after setting dirty tracking. However, DID can be obtained from
> the pasid entry. So no need to pass in domain. This can make this helper
> cleaner when
> From: Liu, Yi L
> Sent: Thursday, February 8, 2024 4:23 PM
>
> Add device_set_dirty_tracking() to loop all the devices and set the dirty
> tracking per the @enable parameter.
>
> Signed-off-by: Yi Liu
Reviewed-by: Kevin Tian
On 07/02/2024 04:10, Sean Christopherson wrote:
On Mon, Jan 15, 2024, Paul Durrant wrote:
@@ -638,20 +637,32 @@ int kvm_xen_hvm_set_attr(struct kvm *kvm, struct
kvm_xen_hvm_attr *data)
}
break;
- case KVM_XEN_ATTR_TYPE_SHARED_INFO: {
+ case KVM_XEN_ATTR
> From: Liu, Yi L
> Sent: Thursday, February 8, 2024 4:23 PM
>
> @@ -4760,6 +4790,12 @@ static int intel_iommu_set_dirty_tracking(struct
> iommu_domain *domain,
> if (ret)
> goto err_unwind;
>
> + if (dmar_domain->nested_parent) {
> + ret = parent_domain_set_d
On 26.01.24 06:24, Bernd Edlinger wrote:
> Prevent them from polluting git status after building selftests.
>
> Signed-off-by: Bernd Edlinger
> ---
> tools/testing/selftests/damon/.gitignore | 1 +
> tools/testing/selftests/thermal/intel/power_floor/.gitignore | 2 ++
> t
Should set the SSADE (Second Stage Access/Dirty bit Enable) bit of the
pasid entry when attaching a device to a nested domain if its parent
has already enabled dirty tracking.
Fixes: 111bf85c68f6 ("iommu/vt-d: Add helper to setup pasid nested translation")
Signed-off-by: Yi Liu
---
base commit: 5
On 2024/2/8 16:28, Tian, Kevin wrote:
From: Liu, Yi L
Sent: Thursday, February 8, 2024 4:23 PM
static void intel_nested_domain_free(struct iommu_domain *domain)
{
+ struct dmar_domain *dmar_domain = to_dmar_domain(domain);
+ struct dmar_domain *s2_domain = dmar_domain->s2_dom
On 2024/2/8 16:53, Tian, Kevin wrote:
From: Liu, Yi L
Sent: Thursday, February 8, 2024 4:23 PM
@@ -4760,6 +4790,12 @@ static int intel_iommu_set_dirty_tracking(struct
iommu_domain *domain,
if (ret)
goto err_unwind;
+ if (dmar_domain->nested_parent) {
+
On 08/02/2024 08:23, Yi Liu wrote:
> The only usage of input @domain is to get the domain id (DID) to flush
> cache after setting dirty tracking. However, DID can be obtained from
> the pasid entry. So no need to pass in domain. This can make this helper
> cleaner when adding the missing dirty trac
On 08/02/2024 08:23, Yi Liu wrote:
> Add device_set_dirty_tracking() to loop all the devices and set the dirty
> tracking per the @enable parameter.
>
> Signed-off-by: Yi Liu
Nice cleanup,
Reviewed-by: Joao Martins
> ---
> drivers/iommu/intel/iommu.c | 32 +---
>
On 08/02/2024 09:14, Yi Liu wrote:
> Should set the SSADE (Second Stage Access/Dirty bit Enable) bit of the
> pasid entry when attaching a device to a nested domain if its parent
> has already enabled dirty tracking.
>
> Fixes: 111bf85c68f6 ("iommu/vt-d: Add helper to setup pasid nested
> transla
On Thu, Feb 08, 2024 at 08:37AM +0100, Marco Elver wrote:
> On Thu, 8 Feb 2024 at 00:58, Yonghong Song wrote:
> > On 2/7/24 4:26 AM, Marco Elver wrote:
> > > In various performance profiles of kernels with BPF programs attached,
> > > bpf_local_storage_lookup() appears as a significant portion of
On Fri, Nov 24, 2023 at 12:04:09PM +0100, Jonas Oberhauser wrote:
> Unfortunately, at least last time I checked RISC-V still hadn't gotten such
> instructions.
> What they have is the *semantics* of the instructions, but no actual opcodes
> to encode them.
> I argued for them in the RISC-V memory g
On Wed, Feb 07, 2024 at 08:24:15AM -0500, Aaron Conole wrote:
> The ovs module allows for some actions to recursively contain an action
> list for complex scenarios, such as sampling, checking lengths, etc.
> When these actions are copied into the internal flow table, they are
> evaluated to valida
On Wed, Feb 07, 2024 at 08:24:16AM -0500, Aaron Conole wrote:
> Add a test case into the netlink checks that will show the number of
> nested action recursions won't exceed 16. Going to 17 on a small
> clone call isn't enough to exhaust the stack on (most) systems, so
> it should be safe to run ev
The test toggles the carrier of a bridge port in order to test the
bridge backup port feature.
Due to the linkwatch delayed work the carrier change is not always
reflected fast enough to the bridge driver and packets are not forwarded
as the test expects, resulting in failures [1].
Fix by busy wa
On Thu, Feb 8, 2024 at 3:06 AM Roberto Sassu
wrote:
> On Wed, 2024-02-07 at 22:18 -0500, Paul Moore wrote:
...
> > I had some pretty minor comments but I think the only thing I saw that
> > I think needs a change/addition is a comment in the Makefile regarding
> > the IMA/EVM ordering; take a lo
The mentioned test is failing in slow environments:
# SO_TXTIME ipv4 clock monotonic
# ./so_txtime: recv: timeout: Resource temporarily unavailable
not ok 1 selftests: net: so_txtime.sh # exit=1
The receiver is started in background and the sender could end-up
transmitting the packet before
Fix various problems in the forwarding selftests so that they will pass
in the netdev CI instead of being ignored. See commit messages for
details.
Ido Schimmel (4):
selftests: forwarding: Fix layer 2 miss test flakiness
selftests: forwarding: Fix bridge MDB test flakiness
selftests: forward
After enabling a multicast querier on the bridge (like the test is
doing), the bridge will wait for the Max Response Delay before starting
to forward according to its MDB in order to let Membership Reports
enough time to be received and processed.
Currently, the test is waiting for exactly the def
After enabling a multicast querier on the bridge (like the test is
doing), the bridge will wait for the Max Response Delay before starting
to forward according to its MDB in order to let Membership Reports
enough time to be received and processed.
Currently, the test is waiting for exactly the def
Suppress the following grep warnings:
[...]
INFO: # Port group entries configuration tests - (*, G)
TEST: Common port group entries configuration tests (IPv4 (*, G)) [ OK ]
TEST: Common port group entries configuration tests (IPv6 (*, G)) [ OK ]
grep: warning: stray \ before /
grep: warning: s
The redirection test case fails in the netdev CI on debug kernels
because an FDB entry is learned despite the presence of a tc filter that
redirects incoming traffic [1].
I am unable to reproduce the failure locally, but I can see how it can
happen given that learning is first enabled and only the
On Thu, Feb 08, 2024, Paul Durrant wrote:
> On 07/02/2024 04:10, Sean Christopherson wrote:
> > On Mon, Jan 15, 2024, Paul Durrant wrote:
> > > @@ -638,20 +637,32 @@ int kvm_xen_hvm_set_attr(struct kvm *kvm, struct
> > > kvm_xen_hvm_attr *data)
> > > }
> > > bre
On 08/02/2024 16:48, Sean Christopherson wrote:
On Thu, Feb 08, 2024, Paul Durrant wrote:
On 07/02/2024 04:10, Sean Christopherson wrote:
On Mon, Jan 15, 2024, Paul Durrant wrote:
@@ -638,20 +637,32 @@ int kvm_xen_hvm_set_attr(struct kvm *kvm, struct
kvm_xen_hvm_attr *data)
}
On Thu, 2024-02-08 at 14:31 +0200, Ido Schimmel wrote:
> The test toggles the carrier of a bridge port in order to test the
> bridge backup port feature.
>
> Due to the linkwatch delayed work the carrier change is not always
> reflected fast enough to the bridge driver and packets are not forwarde
The two tests that make use of multicast routig (router.sh and
router_multicast.sh) are currently failing in the netdev CI because the
kernel is missing multicast routing support.
Fix by adding the required config entries.
Fixes: 6d4efada3b82 ("selftests: forwarding: Add multicast routing test")
On Thu, 2024-02-08 at 16:51 +, Paul Durrant wrote:
> On 08/02/2024 16:48, Sean Christopherson wrote:
> > On Thu, Feb 08, 2024, Paul Durrant wrote:
> > > With the benefit of some sleep, I'm wondering why 0 is a 'ridiculous'
> > > invalid value for a *virtual* address? Surely it's essentially a n
This test is time sensitive. It may fail on virtual machines and for
debug builds.
Similar to commit c41dfb0dfbec ("selftests/net: ignore timing errors in
so_txtime if KSFT_MACHINE_SLOW"), optionally suppress failure for timing
errors (only).
Signed-off-by: Paolo Abeni
---
tools/testing/selftes
On 26/01/2024 20.32, Sean Christopherson wrote:
On Thu, Oct 05, 2023, Thomas Huth wrote:
Use the kselftest_harness.h interface in this test to get TAP
output, so that it is easier for the user to see what the test
is doing.
Note: We're not using the KVM_ONE_VCPU_TEST() macro here (but the
gener
Hi Shuah,
On 1/22/2024 10:06 AM, Reinette Chatre wrote:
> Could you please consider Ilpo's resctrl selftest enhancements [1]
> for inclusion into kselftest's "next" branch in preparation for the
> next merge window?
I just confirmed that, even though [1] is almost two months old, it does
apply cl
Paolo Abeni wrote:
> The mentioned test is failing in slow environments:
>
> # SO_TXTIME ipv4 clock monotonic
> # ./so_txtime: recv: timeout: Resource temporarily unavailable
> not ok 1 selftests: net: so_txtime.sh # exit=1
>
> The receiver is started in background and the sender could end-
Basic idea of this series is now to use the kselftest_harness.h
framework to get TAP output in the tests, so that it is easier
for the user to see what is going on, and e.g. to be able to
detect whether a certain test is part of the test binary or not
(which is useful when tests get extended in the
In the spots where we are expecting a successful run, we should
use vcpu_run() instead of _vcpu_run() to make sure that the run
did not fail.
Suggested-by: Sean Christopherson
Signed-off-by: Thomas Huth
---
tools/testing/selftests/kvm/x86_64/sync_regs_test.c | 10 +-
1 file changed, 5 i
From: Sean Christopherson
Extract the code to set a vCPU's entry point out of vm_arch_vcpu_add() and
into a new API, vcpu_arch_set_entry_point(). Providing a separate API
will allow creating a KVM selftests hardness that can handle tests that
use different entry points for sub-tests, whereas *re
Most tests are currently not giving any proper output for the user
to see how much sub-tests have already been run, or whether new
sub-tests are part of a binary or not. So it would be good to
support TAP output in the KVM selftests. There is already a nice
framework for this in the kselftest_harne
Use the kvm_test_harness.h interface in this test to get TAP
output, so that it is easier for the user to see what the test
is doing.
Signed-off-by: Thomas Huth
---
.../selftests/kvm/x86_64/fix_hypercall_test.c | 27 ---
1 file changed, 18 insertions(+), 9 deletions(-)
diff --gi
The sync_regs test currently does not have any output (unless one
of the TEST_ASSERT statement fails), so it's hard to say for a user
whether a certain new sub-test has been included in the binary or
not. Let's make this a little bit more user-friendly and include
some TAP output via the kselftest_
The regs structure just accidentally contains the right values
from the previous test in the spot where we want to change rbx.
It's cleaner if we properly initialize the structure here before
using it.
Suggested-by: Sean Christopherson
Signed-off-by: Thomas Huth
---
tools/testing/selftests/kvm/
Use the kvm_test_harness.h interface in this test to get TAP
output, so that it is easier for the user to see what the test
is doing.
Signed-off-by: Thomas Huth
---
.../selftests/kvm/x86_64/vmx_pmu_caps_test.c | 50 ---
1 file changed, 11 insertions(+), 39 deletions(-)
diff --g
Use the kselftest_harness.h interface in this test to get TAP
output, so that it is easier for the user to see what the test
is doing.
Signed-off-by: Thomas Huth
---
.../kvm/x86_64/userspace_msr_exit_test.c | 52 +--
1 file changed, 13 insertions(+), 39 deletions(-)
diff --
Paolo Abeni wrote:
> This test is time sensitive. It may fail on virtual machines and for
> debug builds.
>
> Similar to commit c41dfb0dfbec ("selftests/net: ignore timing errors in
> so_txtime if KSFT_MACHINE_SLOW"), optionally suppress failure for timing
> errors (only).
>
> Signed-off-by: Paol
While mq_perf_tests runs with the default kselftest timeout limit, which
is 45 seconds, the test takes about 60 seconds to complete on i3.metal
AWS instances. Hence, the test always times out. Increase the timeout
to 100 seconds.
Fixes: 852c8cbf34d3 ("selftests/kselftest/runner.sh: Add 45 second
On Thu, 08 Feb 2024 15:51:31 -0500 Willem de Bruijn wrote:
> Paolo Abeni wrote:
> > This test is time sensitive. It may fail on virtual machines and for
> > debug builds.
> >
> > Similar to commit c41dfb0dfbec ("selftests/net: ignore timing errors in
> > so_txtime if KSFT_MACHINE_SLOW"), optionall
Jakub Kicinski wrote:
> On Thu, 08 Feb 2024 15:51:31 -0500 Willem de Bruijn wrote:
> > Paolo Abeni wrote:
> > > This test is time sensitive. It may fail on virtual machines and for
> > > debug builds.
> > >
> > > Similar to commit c41dfb0dfbec ("selftests/net: ignore timing errors in
> > > so_txti
On 2/8/24 2:54 AM, Marco Elver wrote:
On Thu, Feb 08, 2024 at 08:37AM +0100, Marco Elver wrote:
On Thu, 8 Feb 2024 at 00:58, Yonghong Song wrote:
On 2/7/24 4:26 AM, Marco Elver wrote:
In various performance profiles of kernels with BPF programs attached,
bpf_local_storage_lookup() appears a
On 2024/2/8 16:38, Tian, Kevin wrote:
From: Liu, Yi L
Sent: Thursday, February 8, 2024 4:23 PM
+/*
+ * Flush the relevant caches in nested translation if the domain
+ * also serves as a parent
+ */
+static void parent_domain_flush(struct dmar_domain *domain,
+ unsig
On 2024/2/8 17:14, Yi Liu wrote:
Should set the SSADE (Second Stage Access/Dirty bit Enable) bit of the
pasid entry when attaching a device to a nested domain if its parent
has already enabled dirty tracking.
Fixes: 111bf85c68f6 ("iommu/vt-d: Add helper to setup pasid nested translation")
Signed
On 2024/2/8 16:23, Yi Liu wrote:
--- a/drivers/iommu/intel/iommu.c
+++ b/drivers/iommu/intel/iommu.c
@@ -4730,23 +4730,35 @@ static void *intel_iommu_hw_info(struct device *dev,
u32 *length, u32 *type)
return vtd;
}
+static int
+device_set_dirty_tracking(struct list_head *devices,
Hello:
This patch was applied to netdev/net.git (main)
by Jakub Kicinski :
On Wed, 7 Feb 2024 18:31:10 +0100 you wrote:
> The reuseport_addr_any.sh is currently skipping DCCP tests and
> pmtu.sh is skipping all the FOU/GUE related cases: add the missing
> options.
>
> Signed-off-by: Paolo Abeni
The upcoming RISC-V Ssdtso specification introduces a bit in the senvcfg
CSR to switch the memory consistency model of user mode at run-time from
RVWMO to TSO. The active consistency model can therefore be switched on a
per-hart base and managed by the kernel on a per-process base.
This patchset i
This patch defines a prctl uAPI for switching the active memory
consistency model of user-space processes.
The implementation follows the way other prctl calls are implemented by
disabling them unless arch-specific code provides the relevant macros.
Signed-off-by: Christoph Müllner
---
.../mm/d
Some architectures have support to change the memory consistency model
at run time. This patch adds a new field 'active_memory_consistency_model'
to task_struct that allows architecture code to store the active model
as a per-process property.
To avoid useless overhead, the mechanism needs to be e
This patch implements dynamic memory consistency switching on RISC-V
using the Ssdtso ISA extension.
Ssdtso is a RISC-V ISA extension, which allows to switch the memory
consistency model of less privileged modes from RVWMO to TSO at runtime.
The active model is controlled by a DTSO bit in the {m,h
We can use the PR_{S,G}ET_MEMORY_CONSISTENCY_MODEL prctl calls to change
the memory consistency model at run-time if we have Ssdtso.
This patch registers RISCV_WMO and RISCV_TSO as valid arguments
for these prctl calls and implements the glue code to switch
between these.
Signed-off-by: Christoph
This patch adds Ssdtso to the list of extensions which
are announced to user-space using te hwprobe API.
Signed-off-by: Christoph Müllner
---
Documentation/arch/riscv/hwprobe.rst | 3 +++
arch/riscv/include/uapi/asm/hwprobe.h | 1 +
arch/riscv/kernel/sys_hwprobe.c | 2 ++
3 files changed,
This patch tests the dynamic memory consistency model prctl() behaviour
on RISC-V. It does not depend on CONFIG_RISCV_ISA_SSDTSO or the availability
of Ssdtso, but will test other aspects if these are not given.
Signed-off-by: Christoph Müllner
---
tools/testing/selftests/riscv/Makefile|
72 matches
Mail list logo
