On Fri, 2024-02-09 at 15:00 -0800, Randy Dunlap wrote:
> Hi--
>
> On 2/9/24 06:09, Roberto Sassu wrote:
> > diff --git a/security/digest_cache/Kconfig b/security/digest_cache/Kconfig
> > new file mode 100644
> > index ..0c47d5151f07
> > --- /dev/null
> > +++ b/security/digest_cache/Kco
On 10/02/2024 12:35, Mark Brown wrote:
> On Sat, Feb 10, 2024 at 07:40:16AM +, Ryan Roberts wrote:
>> On 09/02/2024 20:21, Mark Brown wrote:
>
>>> When opening yama/ptrace_scope we unconditionally use sudo to ensure we
>>> are running as root, resulting in failures if running in a minimal root
On Fri, 2024-02-09 at 11:15 -0800, Jakub Kicinski wrote:
> On Wed, 7 Feb 2024 19:36:46 +0100 Paolo Abeni wrote:
> > +if [[ ${test} == "large" && -n "${KSFT_MACHINE_SLOW}" ]]; then
> > +echo "Ignoring errors due to slow environment" 1>&2
> > +exit_code=0
> > +fi
>
> Would i
The gro self-tests sends the packets to be aggregated with
multiple write operations.
When running is slow environment, it's hard to guarantee that
the GRO engine will wait for the last packet in an intended
train.
The above causes almost deterministic failures in our CI for
the 'large' test-case
The mentioned test is failing in slow environments:
# SO_TXTIME ipv4 clock monotonic
# ./so_txtime: recv: timeout: Resource temporarily unavailable
not ok 1 selftests: net: so_txtime.sh # exit=1
Tuning the tolerance in the test binary is error-prone and doomed
to failures is slow-enough env
The mentioned test is still flaky, unusally enough in 'fast'
environments.
Patch 2/2 [try to] address the existing issues, while patch 1/2
introduces more strict tests for the existing net helpers, to hopefully
prevent future pain.
Paolo Abeni (2):
selftests: net: more strict check in net_helpe
The helper waiting for a listener port can match any socket whose
hexadecimal representation of source or destination addresses
matches that of the given port.
Additionally, any socket state is accepted.
All the above can let the helper return successfully before the
relevant listener is actually
The netdev CI is reporting failures for the pmtu test:
[ 115.929264] br0: port 2(vxlan_a) entered forwarding state
# 2024/02/08 17:33:22 socat[7871] E bind(7, {AF=10
[:::::::]:5}, 28): Address already in use
# 2024/02/08 17:33:22 socat[7877] E write(7, 0
On Wed, Jan 24, 2024 at 10:21:26PM -0800, de...@rivosinc.com wrote:
> From: Deepak Gupta
>
> This patch abstracts envcfg CSR in kernel (as is done for other homonyn
> CSRs). CSR_ENVCFG is used as alias for CSR_SENVCFG or CSR_MENVCFG depending
> on how kernel is compiled.
>
> Additionally it chan
On Fri, Feb 09, 2024 at 09:45:38PM +0100, Eric Farman wrote:
> The routine ar_translation() is called by get_vcpu_asce(), which is
> called by both the instruction intercept path (where the access
> registers had been loaded with the guest's values), and the MEM_OP
> ioctl (which hadn't). This mean
Hello:
This patch was applied to netdev/net-next.git (main)
by David S. Miller :
On Thu, 8 Feb 2024 18:57:49 +0100 you wrote:
> This test is time sensitive. It may fail on virtual machines and for
> debug builds.
>
> Similar to commit c41dfb0dfbec ("selftests/net: ignore timing errors in
> so_t
On Mon, Feb 12, 2024 at 11:21:30AM +0100, Heiko Carstens wrote:
> Or maybe a TIF flag with different semantics: "guest save area does not
> reflect current state - which is within registers".
Something like the below; untested of course. But I guess there must be
some arch specific vcpu flags, whi
On Mon, Jan 22, 2024 at 3:15 PM Haibo Xu wrote:
>
> The RISC-V arch_timer selftests is used to validate Sstc timer
> functionality in a guest, which sets up periodic timer interrupts
> and check the basic interrupt status upon its receipt.
>
> This KVM selftests was ported from aarch64 arch_timer
On Tue, Jan 02, 2024 at 03:15:28PM +0100, Laura Nao wrote:
> Move bash helpers for outputting in KTAP format to the common selftests
> folder. This allows kselftests other than the dt one to source the file
> and make use of the helper functions.
> Define pass, fail and skip codes in the same file
On Fri, Feb 09, 2024 at 08:18:11PM +, Edgecombe, Rick P wrote:
> On Sat, 2024-02-03 at 00:05 +, Mark Brown wrote:
> > + if (write_user_shstk_64((u64 __user *)addr, 0))
> > + return false;
> > +
> > + return true;
> > +}
> So, don't we want to consume the token on
On Mon, Feb 5, 2024 at 7:04 AM Meng Li wrote:
>
> Title under line too short
>
> Signed-off-by: Meng Li
> ---
> Documentation/admin-guide/pm/amd-pstate.rst | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/Documentation/admin-guide/pm/amd-pstate.rst
> b/Documentation/admi
Hi Maciej,
On 2/11/2024 11:38 PM, Maciej Wieczor-Retman wrote:
> Sure, I guess I could make the check 'if (bit_center < 3)' to also check if
> the
> full_cache_mask isn't too short for some reason (since later 2 is substracted
> from bit_center for the 'hole' bit shift).
Thank you.
> Or would
On Fri, Feb 9, 2024 at 6:05 PM Toke Høiland-Jørgensen wrote:
>
> Benjamin Tissoires writes:
>
> > On Fri, Feb 9, 2024 at 4:42 PM Toke Høiland-Jørgensen
> > wrote:
> >>
> >> Benjamin Tissoires writes:
> >>
> >> > [Putting this as a RFC because I'm pretty sure I'm not doing the things
> >> > cor
On 1/15/24 13:17, Roberto Sassu wrote:
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the file_release hook.
IMA calculates at file close the new digest of the file content and writes
it to security.ima, so that appraisal at next file access s
On 1/15/24 13:17, Roberto Sassu wrote:
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the inode_post_create_tmpfile hook.
As temp files can be made persistent, treat new temp files like other new
files, so that the file hash is calculated and
On 1/15/24 13:17, Roberto Sassu wrote:
From: Roberto Sassu
In preparation for moving IMA and EVM to the LSM infrastructure, introduce
the path_post_mknod hook.
IMA-appraisal requires all existing files in policy to have a file
hash/signature stored in security.ima. An exception is made for
On 1/15/24 13:18, Roberto Sassu wrote:
From: Roberto Sassu
Move hardcoded IMA function calls (not appraisal-specific functions) from
various places in the kernel to the LSM infrastructure, by introducing a
new LSM named 'ima' (at the end of the LSM list and always enabled like
'integrity').
Benjamin Tissoires writes:
[...]
>> IIUC, the bpf_timer callback is just a function (subprog) from the
>> verifier PoV, so it is verified as whatever program type is creating the
>> timer. So in other words, as long as you setup the timer from inside a
>> tracing prog type, you should have access
On 1/15/24 13:18, Roberto Sassu wrote:
From: Roberto Sassu
In preparation for removing the 'integrity' LSM, move
integrity_kernel_module_request() to IMA, and rename it to
ima_kernel_module_request().
Compile it conditionally if CONFIG_INTEGRITY_ASYMMETRIC_KEYS is enabled,
and call it from
On Mon, Feb 12, 2024 at 12:48 PM Stefan Berger wrote:
> On 1/15/24 13:18, Roberto Sassu wrote:
...
> > +/**
> > + * ima_kernel_module_request - Prevent crypto-pkcs1pad(rsa,*) requests
> > + * @kmod_name: kernel module name
> > + *
> > + * We have situation, when public_key_verify_signature() in
On Mon, Feb 12, 2024 at 6:46 PM Toke Høiland-Jørgensen wrote:
>
> Benjamin Tissoires writes:
>
> [...]
> >> IIUC, the bpf_timer callback is just a function (subprog) from the
> >> verifier PoV, so it is verified as whatever program type is creating the
> >> timer. So in other words, as long as yo
On 1/15/24 13:18, Roberto Sassu wrote:
From: Roberto Sassu
As for IMA, move hardcoded EVM function calls from various places in the
kernel to the LSM infrastructure, by introducing a new LSM named 'evm'
(last and always enabled like 'ima'). The order in the Makefile ensures
that 'evm' hooks
On Fri, 9 Feb 2024 at 19:27, Matthieu Baerts wrote:
>
> Hi Maxim, Naresh,
>
> On 09/02/2024 14:25, Maxim Galaganov wrote:
> > Older glibc's netinet/in.h may leave IPPROTO_MPTCP undefined when
> > building ip_local_port_range.c, that leads to "error: use of undeclared
> > identifier 'IPPROTO_MPTCP'
On Mon, Feb 12, 2024 at 08:32:58AM +, Ryan Roberts wrote:
> On 10/02/2024 12:35, Mark Brown wrote:
> > Ah, I was assuming that some of the suite ran usefully as non-root given
> > that the only point of that sudo was to acquire root. If the whole
> > thing needs to be root then we should inst
On 1/15/24 13:18, Roberto Sassu wrote:
From: Roberto Sassu
Define a new structure for EVM-specific metadata, called evm_iint_cache,
and embed it in the inode security blob. Introduce evm_iint_inode() to
retrieve metadata, and register evm_inode_alloc_security() for the
inode_alloc_security L
This series aims to keep the git status clean after building the
selftests by adding some missing .gitignore files and object inclusion
in existing .gitignore files. This is one of the requirements listed in
the selftests documentation for new tests, but it is not always followed
as desired.
After
The 'uevent_filtering' test generates an object with the same name,
but there is no .gitignore file in the directory to add the object
as stated in the selftest documentation.
Add the missing .gitignore file and include 'uevent_filtering'.
Signed-off-by: Javier Carrasco
---
tools/testing/selfte
The 'power_floor' test generates an object with the same name,
but there is no .gitignore file in the directory to add the object as
stated in the selftest documentation.
Add the missing .gitignore file and include 'power_floor'.
Signed-off-by: Javier Carrasco
---
tools/testing/selftests/therma
The 'workload_hint_test' test generates an object with the same name,
but there is no .gitignore file in the directory to add the object as
stated in the selftest documentation.
Add the missing .gitignore file and include 'workload_hint_test'.
Signed-off-by: Javier Carrasco
---
tools/testing/se
This binary is missing in the .gitignore and stays as an untracked file.
Reported-by: Bernd Edlinger
Signed-off-by: Javier Carrasco
---
tools/testing/selftests/damon/.gitignore | 1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/damon/.gitignore
b/tools/testing/selftest
On 1/15/24 13:18, Roberto Sassu wrote:
From: Roberto Sassu
Make the 'ima' LSM independent from the 'integrity' LSM by introducing IMA
own integrity metadata (ima_iint_cache structure, with IMA-specific fields
from the integrity_iint_cache structure), and by managing it directly from
the 'ima
On 1/15/24 13:18, Roberto Sassu wrote:
From: Roberto Sassu
Since now IMA and EVM use their own integrity metadata, it is safe to
remove the 'integrity' LSM, with its management of integrity metadata.
Keep the iint.c file only for loading IMA and EVM keys at boot, and for
creating the integr
Hello,
On Mon, 12 Feb 2024 20:43:39 +0100 Javier Carrasco
wrote:
> This binary is missing in the .gitignore and stays as an untracked file.
>
> Reported-by: Bernd Edlinger
> Signed-off-by: Javier Carrasco
'checkpatch.pl' complains as below:
WARNING: Reported-by: should be immediately f
On 12.02.24 20:53, SeongJae Park wrote:
> Hello,
>
> On Mon, 12 Feb 2024 20:43:39 +0100 Javier Carrasco
> wrote:
>
>> This binary is missing in the .gitignore and stays as an untracked file.
>>
>> Reported-by: Bernd Edlinger
>> Signed-off-by: Javier Carrasco
>
> 'checkpatch.pl' complains
On Mon, 12 Feb 2024 21:07:34 +0100 Javier Carrasco
wrote:
>
>
> On 12.02.24 20:53, SeongJae Park wrote:
> > Hello,
> >
> > On Mon, 12 Feb 2024 20:43:39 +0100 Javier Carrasco
> > wrote:
> >
> >> This binary is missing in the .gitignore and stays as an untracked file.
> >>
> >> Reported-by:
On 2/12/24 12:56, Paul Moore wrote:
On Mon, Feb 12, 2024 at 12:48 PM Stefan Berger wrote:
On 1/15/24 13:18, Roberto Sassu wrote:
...
+/**
+ * ima_kernel_module_request - Prevent crypto-pkcs1pad(rsa,*) requests
+ * @kmod_name: kernel module name
+ *
+ * We have situation, when public_key_
Hi Roberto,
> diff --git a/security/security.c b/security/security.c
> index d9d2636104db..f3d92bffd02f 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -2972,6 +2972,23 @@ int security_file_open(struct file *file)
> return fsnotify_perm(file, MAY_OPEN); <=== Conflict
On Mon, Feb 12, 2024 at 4:06 PM Mimi Zohar wrote:
>
> Hi Roberto,
>
>
> > diff --git a/security/security.c b/security/security.c
> > index d9d2636104db..f3d92bffd02f 100644
> > --- a/security/security.c
> > +++ b/security/security.c
> > @@ -2972,6 +2972,23 @@ int security_file_open(struct file *fi
On Mon, Feb 12, 2024 at 10:21 AM Benjamin Tissoires
wrote:
>
> On Mon, Feb 12, 2024 at 6:46 PM Toke Høiland-Jørgensen
> wrote:
> >
> > Benjamin Tissoires writes:
> >
> > [...]
> > >> IIUC, the bpf_timer callback is just a function (subprog) from the
> > >> verifier PoV, so it is verified as wha
On Mon, 12 Feb 2024 12:23:56 -0800 SeongJae Park wrote:
> >
> > > Also, note that this conflicts on mm-unstable.
> >
> > Should I use mm-unstable as basis to make sure no conflicts are introduced?
>
> DAMON selftest patches could be merged in mm-unstable or linux-kselftest
> depending on cases
Hello:
This patch was applied to netdev/net.git (main)
by Jakub Kicinski :
On Fri, 9 Feb 2024 16:25:11 +0300 you wrote:
> Older glibc's netinet/in.h may leave IPPROTO_MPTCP undefined when
> building ip_local_port_range.c, that leads to "error: use of undeclared
> identifier 'IPPROTO_MPTCP'".
>
On Wed, Jan 03, 2024, Yan Zhao wrote:
> This is a v2 for previous series [1] to allow mapping for compound tail
> pages for IO or PFNMAP mapping.
>
> Compared to v1, this version provides selftest to check functionality in
> KVM to map memslots for MMIO BARs (VMAs with flag VM_IO | VM_PFNMAP), as
On Wed, Jan 03, 2024, Yan Zhao wrote:
> Allow mapping of tail pages of compound pages for IO or PFNMAP mapping
> by trying and getting ref count of its head page.
>
> For IO or PFNMAP mapping, sometimes it's backed by compound pages.
> KVM will just return error on mapping of tail pages of the com
tree/branch:
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
branch HEAD: ae00c445390b349e070a64dc62f08aa878db7248 Add linux-next specific
files for 20240212
Error/Warning reports:
https://lore.kernel.org/oe-kbuild-all/202402122047.ydhrzmm4-...@intel.com
https
49 matches
Mail list logo
